Worrying?
http://www.bbc.co.uk/news/health-39899646
I think this is a serious new chapter in cyberstuff.
http://www.bbc.co.uk/news/health-39899646
I think this is a serious new chapter in cyberstuff.
General / Off-Topic NHS cyber-attack: GPs and hospitals hit by ransomware
- Thread starter Pyrotiger
- Start date
This attack is likely not from within the UK.
In making everything we do computerized, humanity is vulnerable to these sorts of events. I wonder what they'll do about it.
In making everything we do computerized, humanity is vulnerable to these sorts of events. I wonder what they'll do about it.
So, any IT bods help out on this?
There's a few things.
1) Many NHS computers still run XP.
2) XP is obviously now unsupported but Government paid Microsoft to continue to provide updates. This ended in May last year.
3) This particular explot was patched by MS a couple of months ago, but im guessing its only any use if you're running supported software for patch?
4) Seen it suggested however that exploit is on the server which has file sharing capability with affected endpoints. Infect and spread internal.
Can anyone lend some expertise to the endless guff coming out of the BBC and MSM?
TL/DR it's the Tories fault. lol
Edit: Relevant - http://www.silicon.co.uk/security/nhs-hospitals-data-risk-outdated-windows-xp-201761 and https://www.theguardian.com/technology/2014/apr/07/uk-government-microsoft-windows-xp-public-sector
There's a few things.
1) Many NHS computers still run XP.
2) XP is obviously now unsupported but Government paid Microsoft to continue to provide updates. This ended in May last year.
3) This particular explot was patched by MS a couple of months ago, but im guessing its only any use if you're running supported software for patch?
4) Seen it suggested however that exploit is on the server which has file sharing capability with affected endpoints. Infect and spread internal.
Can anyone lend some expertise to the endless guff coming out of the BBC and MSM?
TL/DR it's the Tories fault. lol
Edit: Relevant - http://www.silicon.co.uk/security/nhs-hospitals-data-risk-outdated-windows-xp-201761 and https://www.theguardian.com/technology/2014/apr/07/uk-government-microsoft-windows-xp-public-sector
Last edited:
I seriously doubt these hackers directed this attack.
The amount of times 'normal' people does something they shouldn't on their computers, is so big I simply cannot count it.
This is ransomware, and it is not a hacker attack, it is malware.
Most likely a user on the system, opened or clicked on a risky link they shouldn't have clicked on, and intelligent ransomware spreads to whatever it has access to, if there is no 'internal' protection, then it can easily, very easily spread like this.
So yeah, someone did something they shouldn't and is eventually going to get found and get hell for it. Because this isn't as such a hacker attack, and the people running the ransomware likely have absolutely no clue who's who, they likely have an enormous amount of unlock keys from the various victims hidden somewhere with a user id, so yeah, until the hospital admin actually contacts the 'hackers' said hackers are very unlikely to even know who has fallen into their trap.
If the NHS had a decent IT infrastructure this simply would not happen.
The problem is - despite the buckets of cash thrown at it - IT in the NHS is a complete and utter joke, and sadly this is the inevitable result.
The problem is - despite the buckets of cash thrown at it - IT in the NHS is a complete and utter joke, and sadly this is the inevitable result.
Its not just the NHS being hit, they are just a very high profile state run business so it gets out into the public realm.
Many private companies are being hit as well but they dont need to go public with the news, so are keeping it all in house so to speak.
It is also trans national.
NHS badly hit as has obsolete systems but many private companies wont want the general public knowing that they are running obsolete kit as it damages their reputation.
Fact is that obsolete kit is endemic in the UK, part of a mentality that wont invest in the future.
Many private companies are being hit as well but they dont need to go public with the news, so are keeping it all in house so to speak.
It is also trans national.
NHS badly hit as has obsolete systems but many private companies wont want the general public knowing that they are running obsolete kit as it damages their reputation.
Fact is that obsolete kit is endemic in the UK, part of a mentality that wont invest in the future.
It's apparently world wide with telecoms companies in Spain being hit, universities in Italy and also in the US https://www.usatoday.com/story/news...gland-hit-large-scale-cyber-attack/101592398/
I know from experience many organisations run a 'it's not broke dont fix it' approach to upgrading, often ignoring advice from both internal IT and service providers alike and hope nothing comes back to bite them.
Since it's not just the NHS I think it's more to do with an attitude than it is about pure money.
I know from experience many organisations run a 'it's not broke dont fix it' approach to upgrading, often ignoring advice from both internal IT and service providers alike and hope nothing comes back to bite them.
Since it's not just the NHS I think it's more to do with an attitude than it is about pure money.
NHS IT departents always have problems with funding as they aren't considered to be involved in patient care (by the management). That means the pay is low & the workload high, so the best staff quickly move on.
I found this out when I was trying to research the Nice (National Institute for Clinical Excellence) guidelines on breast disease (for an oncology dissertation). The hospital filters wouldn't let me use the search term "Nice breast" and it took them 3 weeks to give me access to the sites I needed
I found this out when I was trying to research the Nice (National Institute for Clinical Excellence) guidelines on breast disease (for an oncology dissertation). The hospital filters wouldn't let me use the search term "Nice breast" and it took them 3 weeks to give me access to the sites I needed
Last edited:
NHS IT departents always have problems with funding as they aren't considered to be involved in patient care (by the management). That means the pay is low & the workload high, so the best staff quickly move on.
I found this out when I was trying to research the Nice (National Institute for Clinical Excellence) guidelines on breast disease (for an oncology dissertation). The hospital filters wouldn't let me use the search term "Nice breast" and it took them 3 weeks to give me access to the sites I needed
If it was just the NHS then funding might have been the root cause, 74 countries are all affected making the cause unlikely to be down to funding alone. It's an attitude issue, software companies, IT departments and service providers can say "this is out of support, you need to get this upgraded" until they are blue in the face, if management don't believe them, or stick their head in the sand then what do they expect to happen .
Not saying I agree with the attack one bit, just that it was alsways a question of when not if
Last edited:
Pretty sure that the NHS is the one of the intended targets of this attack.
Patient files are pretty important and often need to be accessed fast. The hackers use that to try to pressure the hospitals/councils/doesn't matter who into paying instead of giving them in to fix it.
That's not how it's working. Once a computer is infected it then looks for others to infect over the net. So it's like a sneezing in a room of people the virus goes everywhere in the room and infects anyone who's not immune.
It's also now affecting over 45,000 systems worldwide, most it seems in Russia
Last edited:
That's exactly how a ransomware is working. 45000 systems is a pretty small number for a global attack.
- - - Updated - - -
Sure, but it's still possible that the hospitals were deliberately attacked for the reason I cited.
Minonian
Banned
In this scale? One simple opened mail can hardly do this.
If only it was that clear cut, anything that is signature based is always playing catch up, that covers most anti-virus solutions. If you code a new piece of malware , that malware has to be detected, analaysed, signatures generated, signatures distributed before it can be detected. It does take time.
<edit> and in that time something like this can spread across a linked network via an exploit in common protocol very fast.
Last edited:
You can never completely eliminate risk. Even if you are running the latest and greatest IDS/IPS , Deep Packet Inspection/Palo Alto firewalls , email filtering, web filtering, endpoint protection etc etc there is always some risk , in some form. And a lot of the time that can be the human factor. Spear Phishing (and Whale Phishing) are getting more and more advanced.
Last edited:
Threat Analysis of one sample for those that are interested: https://www.hybrid-analysis.com/sam...840480439c6e5babe8e080e41aa?environmentId=100