Business Continuity & Cyber Security Incident Log 07/07/2017

Business Continuity Incident

Suspicious Package Forces Manchester Airport Evacuation

Bomb disposal experts carried out a series of controlled explosions at Manchester airport after passengers were evacuated when a suspicious package was found.

Police said they were called to Terminal 3 to reports of a suspect bag and that a precautionary evacuation was taking place. Travellers said airport staff appeared to be taking passengers off planes at the terminal.

Manchester airport confirmed the evacuation was taking place after police and bomb disposal units were called at 8.50am on Wednesday.

A spokesperson said: “Police were called at 8.50am on Wednesday 5 July 2017 to reports of a suspicious package at Manchester airport. Officers are responding and a precautionary evacuation of Terminal 3 has taken place.

“Bomb disposal officers attended and a series of controlled explosions were carried out of the package. Inquiries are ongoing.”

The spokesperson added that people using Terminals 1 and 2 “should travel as normal”.

Police confirmed the package was not believed to be a viable device, adding “there is not believed to be any threat at this time”. The incident was not being treated as terror-related.

Passengers who were due to fly from Terminal 3 were advised to go to Terminal 1 for more information. Passengers were said to be calm following the evacuation.

Terminal 3 is the smallest terminal at Manchester airport and is used for domestic flights as well as some flights to the US and Europe.

Airlines operating out of the terminal include British Airways, American Airlines, KLM, Flybe and Air France.

Ryanair has transferred some of its flights from the terminal to Terminal 2.

Kate Feld, a writer from Ramsbottom, was checking in for her flight to Philadelphia when the evacuation took place.

She told the Manchester Evening News: “There was an announcement: everyone had to leave. It was being evacuated. The man said it was just a drill. Clearly this was not the case in retrospect. On the airfield they have taken all of the people off the planes and the buses.

“One flight just did take off. One friend is on a bus. She was waiting to fly out and is now on a bus. Nobody is telling us what is going on. There has been no announcement. A man has come out to tell us to get further back.”

Businesses Still Struggling to Recover From Petya Malware

Many businesses are still struggling to recover hopelessly scrambled computer networks, collateral damage from a massive cyberattack that targeted Ukraine three days ago.

In the UK, Reckitt Benckiser  warned customers that they could encounter delays in receiving products as the UK household goods company works “round the clock” to recover its systems. The FTSE 100 company, which produces Nurofen painkillers, Durex condoms and Cillit Bang cleaners, said on Friday that customers in some countries were experiencing delays to deliveries. Reckitt said it was “working around the clock to minimise the impact” but had isolated the virus and was getting critical business systems back up and running.“ At this stage we cannot quantify the scale and impact to our business,” a company spokesman said. The malware hit dozens of companies — including US food group Mondelez International, shipping company AP Moller-Maersk, advertising agency group WPP, US drugmaker Merck, and Russian oil producer Rosneft. The disruption hit Reckitt during the last four days of Reckitt’s second quarter. The group is due to report its first-half results on July 24.

In the US,  a Health System company reported that it couldn’t offer lab and diagnostic imaging services at 14 community and neighborhood offices in western Pennsylvania. DLA Piper, a London-based law firm with offices in 40 countries, said on its website that email systems were down; a receptionist said email hadn’t been restored by the close of business day.

Dave Kennedy, CEO of the security company TrustedSec, said one U.S. company he is helping is rebuilding its entire network of more than 5,000 computers.

“It hit everything, their backups, servers, their workstations, everything,” he said. “Everything was just nuked and wiped.”

Kennedy added, “Some of these companies are actually using pieces of paper to write down credit card numbers”

The cyberattack that began Tuesday brought even some Fortune 1000 companies to their knees, experts say. Kennedy said a lot more “isn’t being reported by companies who don’t want to say that they are hit.”

The malware, which security experts are calling NotPetya, was unleashed through Ukraine tax software, called MeDoc. Customers’ networks became infected downloading automatic updates from its maker’s website. Many customers are multinationals with offices in the eastern European nation.

Companies still hobbled from fearsome cyberattack
Containers are piled up at a terminal at the Jawaharlal Nehru Port Trust in Mumbai, India, Thursday, June 29, 2017. Operations at a terminal at India’s busiest container port have been stalled by the malicious software that suddenly burst …more

The malware spread so quickly, worming its way automatically through interconnected private networks, as to be nearly unstoppable. What saved the world from digital mayhem, experts say, was its limited business-to-business connectivity with Ukrainian enterprises, the intended target.

Had those direct connections been extensive—on the level of a major industrial nation—”you are talking about a catastrophic failure of all of our systems and environments across the globe. I mean it could have been absolutely terrifying,” Kennedy said.

Microsoft said NotPetya hit companies in at least 64 nations, including Russia, Germany and the United States. Victims include drug giant Merck & Co. and the shipping company FedEx’s TNT subsidiary. Trade in FedEx stock was temporarily halted Wednesday.

One major victim, Danish shipping giant A.P. Maersk-Moller, said Friday that its cargo terminals and port operations were “now running close to normal again.” It said operations had been restored in Spain, Morocco, India, Brazil, Argentina and Lima, Peru, but problems lingered in Rotterdam, the Netherlands; Elizabeth, New Jersey; and Los Angeles.

An employee at an international transit company at Lima’s port of Callao told The Associated Press that Maersk employees’ telephone system and email had been knocked out by the virus—so they were “stuck using their personal cellphones.” The employee spoke on condition of anonymity because he’s not authorized to speak to reporters.

Back in Ukraine, the pain continued. Officials assured the public that the outbreak was under control, and service has been restored to cash machines and at the airport.

But some bank branches remain closed as information-technology professionals scrambled to rebuild networks from scratch. One government employee told the AP she was still relying on her iPhone because her office’s computers were “collapsed.” She, too, was not authorized to talk to journalists.

Companies still hobbled from fearsome cyberattack
Trucks loaded with containers are lined up outside a terminal at the Jawaharlal Nehru Port Trust in Mumbai, India, Thursday, June 29, 2017. Operations at a terminal at India’s busiest container port have been stalled by the malicious …more

Security researchers now concur that while NotPetya was wrapped in the guise of extortionate “ransomware”—which encrypts files and demands payment—it was really designed to exact maximum destruction and disruption, with Ukraine the clear target.

Computers were disabled there at banks, government agencies, energy companies, supermarkets, railways and telecommunications providers.

Ukraine’s government said Thursday that the FBI and Britain’s National Crime Agency were assisting in its investigation of the malware.

Suspicion for the attack immediately fell on hackers affiliated with Russia, though there is no evidence tying Vladimir Putin’s government to the attack.

Relations between Russia and Ukraine have been tense since Moscow annexed the Crimean peninsula from Ukraine in 2014. Pro-Russian fighters still battle the government in eastern Ukraine.

U.S. intelligence agencies declined to comment about who might be responsible for the attack. The White House did not immediately respond to questions seeking its reaction to the attack.

Experts have blamed pro-Russian hackers for major cyberattacks on the Ukrainian power grid in 2015 and 2016, assaults that have turned the eastern European nation into the world’s leading cyberwarfare testing ground.

Companies still hobbled from fearsome cyberattack
The main entrance of the Jawaharlal Nehru Port Trust in Mumbai, India, Thursday, June 29, 2017. Operations at a terminal at India’s busiest container port have been stalled by the malicious software.

A disruptive attack on the nation’s voting system ahead of 2014 national elections is also attributed to Russia.

Robert M. Lee, CEO of Dragos Inc. and an expert on cyberattacks on infrastructure including Ukraine’s power grid, said the rules of cyberespionage appear to be changing, with sophisticated actors—state-sponsored or not—violating what had been established norms of avoiding collateral damage.


Reckitt Benckiser warns financial markets of cyber attack consequences

The Financial Times reported that Reckitt is the first company to issue a warning to the financial markets. The company added that as it had not yet recovered fully from the attack that further bad news may follow. A spokesperson for the company said  “We are still assessing the full financial impact of these events,”

Reckitt said Petya had disrupted manufacturing and distribution operations for its products to customers in many countries. This affected the company’s ability to ship and invoice  orders to customers prior to the close of the financial quarter-end. Apparently, some factories are still not operating normally

Eddy Hargreaves, analyst at investment firm Investec, said in a market note: “We would not see weakness in the share price today as a buying opportunity. Likely dilution from food disposals and ongoing attrition  in the short term complete an unappealing outlook for the full year.”


Mondelez Issues Details of Financial Impact of Petya Malware

The company released a partial financial forecast in the wake of the attack and estimated that the revenue impact will be a negative 300 basis points on second-quarter growth. Management said it is still assessing the full financial impact, but reaffirmed its full year organic revenue growth outlook of “at least 1%.”

“Given the timing of this significant global attack, despite our best efforts, we experienced disruption in our ability to ship and invoice during the last four days of our second quarter,” Mondelez said in a statement. “There are a few markets where we have permanently lost some of that revenue due to holiday feature timing, but we expect we will be able to recognize the majority of these delayed shipments in our third quarter results.”

Mondelez said that it is making good progress in restoring its systems, congratulating its teams on the work they have put in to continue to operate the business, manufacture its products and serve customer needs despite the setback.

The company said a majority of the affected systems are now operational. Though the full extent of the damage is still unknown, the company plans on releasing its second quarter results and its full-year outlook during its second quarter earnings call and webcast in August.


Global Law Firm’s Continued Struggle to Recover From Petya Malware

DLA Piper, one of the world’s biggest law firms, is still feeling the effects of the Petya cyber attack.  Employees access to emails and documents remains severely impacted

The firms’s telephone and emails systems were taken down by the malware impacting the firms  3,600 lawyers in 40 countries. Some systems have now been recovered, but nine days on from the attack, a full recovery has yet to be achieved.