Separate names with a comma.
Discussion in 'OT (OFF Topic) Forums' started by markjay, May 12, 2017.
Not surprising considering they are still using XP as an OS.:fail
Shutting down all IT systems, finding and clearing the virus, then restoring from backup... this is standard.
But it takes time............
The majority does not run XP anymore and hasn't for a while. There is still more around than there should be mind. Legacy apps preventing the upgrade are a real problem for the NHS and healthcare in general.
Certainly looks like it from the screenshot on the BBC News site.
Perhaps this attack on essential infrastructure will encourage the law enforcement authorities to put some serious effort into tracking down those responsible?
Early days, but....
It seems that the hackers exploited a known vulnerability in Microsoft Windows.
This vulnerability was first discovered by the NSA and used by them for their own purposes.
Hackers got hold of it - either it was leaked from the NSA, or the NSA 'spent' it by using it in circumstances where their indented targets could discover it (similar to how the Iranians found Stuxnet).
Microsoft became aware of the vulnerability shortly after it was leaked and released a patch on 14th March.
But there are two issues... the first is that many organizations do not have a proper patching and updating procedures in place (this is a common failure on many security audits we carry-out).
The second is that according to some reports, 90% of the NHS computers are still on Windows XP.... and updates for Windows XP are no longer available, so XP can't be patched even they wanted to.
So... is it a question of insufficient funds? Or management incompetence? Or both?
I seem to remember that HMG came to some maintenance arrangement with Microsoft to keep security patching XP?
I don't know, they may have done, but either way regular patching require having policies in place, which are executed and monitored... Windows 10 won't help if it is set to 'never install updates' and no one updates it manually or through WSUS/GPOs etc.
Thank heavens we're investing in the Trident Replacement
At least a major portion of the UK Defence budget has been well invested in defending us from modern risks, like Cyber-terrorism.
Not just hospitals, my wife does all the admin for the local district nurses and their system went down today too
To be honest... as the details emerge... this is seems like a major c0ck-up on management side.
I doubt that there would be many regional NHS Directors who would look at a professional report submitted by their head of IT and highlighting the shortfall compared to basic security standards such as this : https://www.gov.uk/government/collections/cyber-security-guidance-for-business (we are not talking of ISO27001 here), and say 'Naaahhh, we don't have the cash'.
I am certain that the enquiry that will no doubt follow will highlight a very long list of management failings.
Of course, there's the political dimension...
*some* will say the problem is that the NHS is starved for cash
*others* will say the problem is that the NHS is a cumbersome inefficient dinosaur that can't be trusted to manage anything, not even their own IT systems
But this is for another thread.
This is another issue... the Ransomware is clearly doing the rounds across the NHS internal IT systems and those connected to it.
There are such things as application firewalls and reverse prosy firewalls with active anti-virus etc that should be used to segregate and segment different parts of the organisation... if traffic in properly inspected when it crosses local firewalls then Ransomware would not be able to infect so many nodes almost simultaneously.
And I forgot to mention Telefonica and other Spain companies. So perhaps it's not so much an issue of funding... but prioritising?
This is not a directed attack on the NHS, doesn't make it less of an issue.
Its also not an XP issue, all versions of Windows are vulnerable unless patched with the update which came out in April 2017.
Relatively few enterprises will be fully patched up to this point across the board.
I know of another major UK organisation that's having major IT issues today.
If this is indeed essentially a criminal attack, as seems to be the case, then yes there would be very little point in attacking the NHS.
These type of organisations will never pay the ransom... they will restore from backups and take any data loss on the chin.
There's no money to be had for the perpetrators here.
So it does seem that this was a widely-cast net exploiting a known vulnerability, and those with poor IT governance - mainly security policies - are worst affected.
Was that for comedic effect? Or they genuinely using Xp??
Sent using a tin can on the end of a string
Chap on the radio today ('security expert') said that "90% of NHS PCs still run Windows XP".