Cyber Attack on NHS

muneebkalathil

How to protect from this ?

Disabling SMBv1 will be fine or need to do any additional steps ?

TheFORCE

muneebkalathil wrote: »

How to protect from this ?

Disabling SMBv1 will be fine or need to do any additional steps ?

Install the MS patch.

rob42

TechGromit wrote: »

This is a little surprising, but it's nice to see Microsoft didn't say tough to users, upgrade. I guess it's good PR for no real effort, since I'm sure they developed a patch for companies that continue to pay for extended support.

I'm a little surprised also. Maybe Microsoft had a hand in the development of the ransomware, in collaboration with US Intel. It's speculated that the ransomware originated from the US Intel depts, so maybe this is some kind of 'guilt trip' by Microsoft.

renacido

xxxkaliboyxxx wrote: »

And just like that, an unsung hero registered the kill switch domain and stops WannaCry in it's track. Still good to patch, but I wish I would of known before I spent late hours into this lol.

Sinkholing that domain was only a band-aid. A new variant of WannaCry has already been released that doesn't call out to that domain.

Thorough preventative and detective measures are the only protection from this and any other ransomware attack. But I know saying that to most organizations is like telling an obese 2-packs-per-day smoker that to avoid sudden death by heart attack or stroke they need to stop smoking, eat healthy, and exercise.

TechGromit

rob42 wrote: »

I'm a little surprised also. Maybe Microsoft had a hand in the development of the ransomware, in collaboration with US Intel. It's speculated that the ransomware originated from the US Intel depts, so maybe this is some kind of 'guilt trip' by Microsoft.

Don’t be starting that rumor. The NSA is not interested in developing ransomware, the security hole was used by the NSA to infiltrate “terrorists” computers, but I’m sure the terrorists they were referring to included every other government on the planet. It has a more noble ring to it when you say you were using a security hole to spy on terrorists instead of saying you were using it to spy on everyone. It’s not clear how the secret vulnerability the NSA knew about was “stolen”, I’d be interested on the back story on that. Also I'm sure the NSA has other operating system vulnerabilities they know about, but haven’t shared with vendors for the purpose of hacking into computers for spying. Working for the NSA must be a pentesters dream job, you get to penetrate computers all day, steal data, credit cards, personal information, etc. with complete immunity from government prosecution.

mbarrett

TheFORCE wrote: »

I never understood this logic. If your main OS is EOL and you have a critical software on it, start in advance your migration plan. If your vendor is not supporting a new OS version, then drop them, see how they react when you tell them we going to use a competitors software.

I guess everybody has their own definition of "critical" and "risk". In the US (anyway) a lot of health systems are profit-driven and unless it can be easily justified at the Executive level (where they seldom see IT as a critical piece) then it won't have that much impact. I looked at a couple jobs in the health IT security sector a couple years ago, but they were paying peanuts - good opportunity for a young college grad to run learn stuff, but I didn't get the impression there was much in the way of technical leadership/guidance.

Boby

So guys I have just use windows update to update all windows 8.1 in my company + updating windows defender, so do you think it is enough to stay safe ?

rob42

TechGromit wrote: »

Don’t be starting that rumor. The NSA is not interested in developing ransomware, the security hole was used by the NSA to infiltrate “terrorists” computers, but I’m sure the terrorists they were referring to included every other government on the planet. It has a more noble ring to it when you say you were using a security hole to spy on terrorists instead of saying you were using it to spy on everyone. It’s not clear how the secret vulnerability the NSA knew about was “stolen”, I’d be interested on the back story on that. Also I'm sure the NSA has other operating system vulnerabilities they know about, but haven’t shared with vendors for the purpose of hacking into computers for spying. Working for the NSA must be a pentesters dream job, you get to penetrate computers all day, steal data, credit cards, personal information, etc. with complete immunity from government prosecution.

My understanding is that Shadow Brokers 'dumped' tools believed to belong to the NSA, one of which was an exploit of Microsoft Windows called EternalBlue, which has been used as the variant called WannaCry.

How did Shadow Brokers get hold of these tools? I can't believe that NAS computer systems are so insecure that a 'hacker' simply gained access and stole the tools.

Did Microsoft know about the EternalBlue exploit and worked with the NAS on how exploit could be used? It seems a little odd to me that Microsoft were very willing and ready to patch an unsupported OS so quickly.

As with all these shenanigans, we'll most likely never get to the bottom of it.

Like you say, a dream job to be able to hack all day, every day, with complete impunity, and get paid for it! Where do sign?

muneebkalathil

is there any link for downloading patch other than windows updates ?

rob42

muneebkalathil wrote: »

is there any link for downloading patch other than windows updates ?

Depends on the OS.

Take a look at this... https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

FastEthernet

It should be noted that the problem was only in SOME areas of the NHS, not all. From what I know, support is provided by the local CCG's, CSU's or outsourced to private sector depending on the area of the UK.

This incident shows that some of their IT teams were on the ball with WSUS updates. And some individuals need to be handed their P45's considering the patch has been available for a few weeks.

I have met too many people in IT support that have a very lax attitude to security/viruses/backups. A lot of these people shouldn't be in a tech support or management position. And there are still way too many end-users that will open up ANY email attachment or click on any link they are sent.

Mike7

NHS repeatedly warned to improve security, defence secretary says

Wow. 9 out of 10 NHS trusts running Windows XP and they end extended XP support contract with Microsoft.

OctalDump

This is... disappointing. I recently had dealings with a major public sector organisation, and the attitude to security isn't that much better than the NHS it seems. There is policy in place, but the lines of accountability and responsibility aren't clear, and consequently front line staff that would normally ensure computers are patched aren't really aware of what they should be doing. As a result there are a bunch of under patched computers, some publicly facing. Honestly, given the nature of the organisation, I wouldn't be surprised if an APT already had access on several boxes.

Meanwhile, our government organisation responsible for IT security (roughly the analog of the NSA) has bent over backwards to dumb down their advice for organisations and lists in their top four ("if you don't do anything else, at least, for the love of jove, do this") patch management.

We better hope there isn't a war with anyone with even a moderately developed cyberwarfare capability.