Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3 ... 6

Author Topic: NHS hit by ransomware!  (Read 21188 times)

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 2395
NHS hit by ransomware!
« on: May 12, 2017, 09:32:41 PM »

http://www.dailymail.co.uk/news/article-4500738/NHS-hack-huge-global-cyber-attack.html

https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack

http://www.bbc.co.uk/news/health-39899646

https://www.theregister.co.uk/2017/05/12/nhs_hospital_shut_down_due_to_cyber_attack/ UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

From what I understand about ransomware.. most of it comes via email attachements. I'm sure this is whats happened in this situation. Maybe the emails were targetted to the nhs email addresses but people clicked on the fake attachments.

I don't know why any good technician couldnt have setup the email attachments so only outgoing emails can send them. Also have checks on all external links going through some kind of scanner. But like a lot of tech people these days I don't think they are that up to date with the current hardware/software. I've heard people say some computers are still on windows 95.

UK needs to stop dragging its heals when it comes to technology.
Logged
BT Full Fibre 500 - Smart Hub 2

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: NHS hit by ransomware!
« Reply #1 on: May 12, 2017, 10:23:13 PM »

Imho the probem lies with the attitude that we'll be safe if we tick all the boxes... Latest OS, AV, update etc.  Utter nonsense.   No amount of OS updates or AV will give the slightest protection, if you are among the first to be targetted when new malware is unleashed.

The answer, to me, lies in getting the message across to big institutions like the NHS and the banks... IT is fundamentally insecure.  Period. 

Encryption is no real defence, as vulnerabilities will be found that allow it to be cracked - as has always happened, and always will.    Conduct your business on the assumption you will be successfuly attacked, just plan for dealing with it.  And don't be surprised when it happens, regardless of any assurances you may have been given by highly paid 'security specialists'.
Logged

NEXUS2345

  • Reg Member
  • ***
  • Posts: 235
Re: NHS hit by ransomware!
« Reply #2 on: May 12, 2017, 10:32:19 PM »

Imho the probem lies with the attitude that we'll be safe if we tick all the boxes... Latest OS, AV, update etc.  Utter nonsense.   No amount of OS updates or AV will give the slightest protection, if you are among the first to be targetted when new malware is unleashed.

Now, I understand what you mean, but in this instance, this situation was entirely caused by a lack of updates. The ransomware strain in question makes use of MS17-010, a vulnerability that was patched over a month ago, to spread between Windows systems. In this case, if the NHS had been using a modern and up to date OS, this would not have occurred on the scale it has.

While this is not true for all strains of malware, this specific type and strain has many proven solutions to prevent it, including solutions from many AV vendors, and even included in Windows Defender on newer OS builds such as Windows 10.

Encryption is no real defence, as vulnerabilities will be found that allow it to be cracked - as has always happened, and always will.    Conduct your business on the assumption you will be successfuly attacked, just plan for dealing with it.  And don't be surprised when it happens, regardless of any assurances you may have been given by highly paid 'security specialists'.

I do agree with you here. Encryption is not a defence, it is simply a measure to reduce the damage once an attack has occurred. In this situation, no amount of encryption would have stopped the ransomware spreading, but in the case where the data was stolen, it would have prevented access assuming the encryption keys weren't also stolen, and that a good algorithm was used, such as 256 bit AES.

Vulnerabilities will always be found in systems, and OEMs will always do their best to patch them if they are found before they are exploited, but in some cases they are exploited first. Ensuring systems are up to date is still a key step to ensuring systems are kept secure, but yes, you still have to expect that you will be attacked successfully, otherwise you risk much harsher repercussions, especially with the EU General Data Protection Rules coming into force soon, with their much harsher penalties.
« Last Edit: May 12, 2017, 10:38:43 PM by NEXUS2345 »
Logged
Security improvement and remediation consultant with infrastructure specialisation

IDNet Openreach FTTP 1000/115 + Asus RT-AX92U | Virgin Media 200 + SuperHub 3 + Synology MR2200ac mesh | Sky 80/20 with WiFi Guarantee on Huawei 288 cabinet

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: NHS hit by ransomware!
« Reply #3 on: May 12, 2017, 11:18:13 PM »

Now, I understand what you mean, but in this instance, this situation was entirely caused by a lack of updates.

I disagree.   This situation was entirely caused by a bunch of crooks out to make money. 

Chances are the crooks will make an great mountain of money, enough to attract better programming talent than the OS authors, or AV vendors, could hope to recruit.

For the likes of me and (I assume) thee, things are different.   Little ol' me is unlikely to attract the massed efforts of the world's most advanced IT experts, chasing after my holiday snaps or worthless App source code.   So AV and updates will make me reasonably safe.  But for big value targets, the crooks will always win, and probably at a moment of their choosing - regardless of precautions.

Just my opinion.
Logged

WWWombat

  • Kitizen
  • ****
  • Posts: 1674
Re: NHS hit by ransomware!
« Reply #4 on: May 12, 2017, 11:48:41 PM »

The answer, to me, lies in getting the message across to big institutions like the NHS and the banks... IT is fundamentally insecure.  Period. 

The ones who need that message are the people who make budgets for such organisations.

Once that organisation is hooked into the technology, then lifelong maintenance spending is required. It is no good for, say, a government to go on an austerity drive, and shut down budgets.

But when push comes to shove, what gives? Another ward? Or next year's Win 95 upgrade budget?
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: NHS hit by ransomware!
« Reply #5 on: May 12, 2017, 11:56:58 PM »

But when push comes to shove, what gives? Another ward? Or next year's Win 95 upgrade budget?

As long as the consultant gets to turn up at his exclusive golf course in a shiny new Aston Martin, I doubt they care either way.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: NHS hit by ransomware!
« Reply #6 on: May 13, 2017, 12:26:45 AM »

Most PC's I see in hospitals which are on the desktop tend to be running windows XP.

The gov also signed a contract with microsoft last year to get extended support for XP as well.

The NHS is so overwhelmed, I imagine keeping IT up to date is not a high priority.  Consider in such a large organisation all the software used which all has to be tested if it works properly on a new OS before a rollout.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: NHS hit by ransomware!
« Reply #7 on: May 13, 2017, 08:31:32 AM »

looked into this somewhat, its apparently using the leaked NSA exploit's, which if true were zero day meaning even up to date systems are/were vulnerable.

It is also a worm meaning it can automatically infect other machines without human intervention, the question is how did the first NHS machine get infected, but once that first machine was infected, then it could spread via the LAN automatically.

Its always good to use a layered approach to security and assume that any one layer you use can be breached.  I apologise for not yet doing work on the security wiki here as I have been given the opportunity to do, I will try to get something compiled this month to help people.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: NHS hit by ransomware!
« Reply #8 on: May 13, 2017, 09:40:09 AM »

Can't help thinking the UK media is missing the point to some extent, portraying it as an 'NHS issue', whereas it actually seems to be a global outbreak.  The Guardian had a link to a Kaspersky article that makes interesting reading.  It does mention the NHS, but is a bit more balanced.  Also it is a decent technical description....

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

Personally, I wonder if things are going to get a lot worse over coming days.   I'm guessing that the ransom is only displayed after encryption is complete, and I'd have thought it might take many hours/days to encrypt a few big multi TB disks... 
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: NHS hit by ransomware!
« Reply #9 on: May 13, 2017, 10:51:25 AM »

A recent article in PC Pro suggested that the software could lay dormant on PC's for many months, I think it may have even said that it could be encrypting files as well in that time, I suppose if they encrypted files that hadn't been accessed for a long time first then there's a far less chance of it not being noticed.

Anyway it's made me start updating my backups, I have a constant back up to the cloud but also keep a few hard drives at my brothers which I collected a couple of weeks ago to refresh the backups and hadn't got around to doing. Turns out I last backed up to these drives in Agust 2015  :no:
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: NHS hit by ransomware!
« Reply #10 on: May 13, 2017, 10:59:52 AM »

depends on the ransomware used, some will just encrypt documents and desktop, others will scan all drives, and others will also scan network mounts.  The more that is encrypted the more likely the person will be desperate, but on the flipside it takes longer to encrypt reducing the chance of completion.

Some of the ransomware is completely mitigated simply by disabling built in ntfs encryption features in the registry, no ransomware I am aware off is clever enough to enable it if its disabled, it simply just fails instead.  However it wont mitigate all ransomware as not all ransomware use that encryption function.
Logged

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 2395
Re: NHS hit by ransomware!
« Reply #11 on: May 13, 2017, 11:18:56 AM »

It's also interesting that microsoft released an update to Defender when the exploit first came to their attention (this version appeared in february). I suspect the update only applied to windows 10 and maybe windows 7, 8, and 8.1 . But if they are using xp, does xp have a built in anti virus program?

Its also interesting that some NHS hospitals arent effected. I know my lung function department I visit regularly isnt using windows xp.. I think they were using win8 or 8.1 when I last visited there at the start of the year. That hospital hasnt been effected.
Logged
BT Full Fibre 500 - Smart Hub 2

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: NHS hit by ransomware!
« Reply #12 on: May 13, 2017, 12:38:19 PM »

Seems the Nissan plant at Sunderland is another victim...

http://www.bbc.co.uk/news/uk-england-39906534
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: NHS hit by ransomware!
« Reply #13 on: May 13, 2017, 01:32:20 PM »

I think one of the issues with these systems getting attacked is that they allow too many external connections. I see no reason for much of this as we all know the fewer open ports the less chance of getting attacked, also these systems should not allow any personal use or email and web surfing. All emails should go to one isolated server to be validated prior to being passed on. I remember years ago at one government office I went to they had zero external connections directly into their network and only one PC with external access but no internal access and they had some software which did not allow any usb devices to connect to their networked PCs unless previously processed by one PC to again validate the contents. Another client I had dealings with had one system which was approved as secure by the US Dept of Defense and in order to gain that certification it had zero external connections!

In today's connected world nothing is 100% secure.

Stuart 
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 2395
Re: NHS hit by ransomware!
« Reply #14 on: May 13, 2017, 01:46:39 PM »

https://www.theguardian.com/technology/2015/may/26/uk-government-pcs-open-to-hackers-as-paid-windows-xp-support-ends UK government PCs open to hackers as paid Windows XP support ends

Looks like the gov didn't have xp support from april last year (2016). That article is from may 2015.
Logged
BT Full Fibre 500 - Smart Hub 2
Pages: [1] 2 3 ... 6
 

anything