NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
Good video.
^^ A bit frustrating though that everyone is concentrating (and fair enough that video was made to aid IT people in terms of blocking the ransomware portion itself) on the ransomware itself and hardly anyone looking at the other aspects like actual (rather than assumed) attack vector, the more technical details of the backdoor it installs and utilisation of EternalBlue, etc.
Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,248
- Location
- The Land of Roundabouts
But if you run a 3rd party tool, defender is disabled.
Must admit im in awe of this, i dont remember seeing malware this potent since the likes of the blaster worm, makes you wonder just how much of the world the NSA had access to before this came to light and what else may well be up there sleeves!
It isn't just Defender though and some of this is running even if you have a 3rd party tool replacing Defender. It also only needs one system that is vulnerable in this way to get a foot in the door if that system can be used to compromise other systems inside the network which might in turn lead to wider access within the network.
It still doesn't entirely answer all the potential questions but it looks like it is potentially one of the puzzle pieces.
Does anyone know if the infection made it onto the NHS spine, there was a poster way back in this thread who said he worked there, i think.
Because:
http://www.globalservices.bt.com/uk/en/casestudy/nhs_spine
The above info is very much out of date so those highlighted above will be much larger now.
Good old BT
Because:
http://www.globalservices.bt.com/uk/en/casestudy/nhs_spine
The above info is very much out of date so those highlighted above will be much larger now.
Good old BT
Last edited:
I should be able to get some info later tonight or tomorrow but it worries me (not that I know exactly what is going on on the ground at the NHS) that not enough attention is being paid to aspects beyond the ransomware payload and not enough on what else might have gone on with the backdoor capabilities, etc.
Yup
Regarding those systems - there is no way for SMB or other similar protocols to directly talk to the servers hosting those services (some of them aren't even running known affected operating systems) from the machines known to be infected - administration is done either via remote administration tools or direct login and anyone with access at that level wouldn't be browsing the web or opening emails on those systems (in no uncertain terms and doing so would be logged and almost instant disciplinary).
I tried to press on the RDP looping subject but got a bit shutdown - seems to be a bit of denial as to any potential vulnerability from that angle bluntly told any file transfer capabilities are disabled (there may be other reasons for not wanting to go into detail on that subject).
Nsa and gchq under fire for hoarding knowledge of security flaws
https://www.theguardian.com/technol...o-blame-for-exposing-the-nhs-to-cyber-attacks
https://www.theguardian.com/technol...o-blame-for-exposing-the-nhs-to-cyber-attacks
I've rather mixed feelings about that - ultimately if they do discover such flaws they have to bear some responsibility for what they then do with that - but at the end of the day these are spy agencies - to a certain extent they need some leeway on things like this to do their job.
Soldato
- Joined
- 30 Sep 2005
- Posts
- 16,716
To say I'm extremely angry over all this is a huge understatement. I was in the middle east working on IT systems last week when it broke on the news.
To be honest, I nearly flew back home the next day. This was waiting to happen! It's senior execs and top level IT directors. Seriously, some people need to lose their jobs. When local services are closing and sending staff home, someone needs to go! It's that age old saying isn't it, rubbish people either get fired or promoted.
They will say it's roots are based in cost savings, I say they waste money and are not intelligent.
The NHS has thousands of client devices, not enough well trained IT engineers, poor platforms, poor services, poor processes, poor everything.
If you can't afford to look after your environment you have the wrong environment.
Sky News have just said IT Managers are struggling to understand the scale of this. If so, they need sacking as well.
I bet 90% of their clients are unpatched xp machines running office 2003. Windows XP launched in 2001. They will argue they can't afford to spend £500 per machine plus the resources required to replace them. What year is this, 2006! Do they run weekly reports showing percentage of clients unpatched, if not why not. If they do, what are they doing about it. Don't tell me "we dont have enough time", "we dont have enough people", "not my job", "nobody told me to do that". Heard it all before. If you can't do it, use NAP and stick all the nasties in another VLAN. Who cares who shouts, at least your safe.
I've just replaced 800 windows machines with igel UDC for £44k...there's no excuse and there are various solutions out there
So tomorrow I go into a board meeting at 9am to discuss the outbreak. We're fine, a few years ago we probably wouldn't be, but with an IT department of less than 12 supporting thousands of client devices.....we soon moved to zero terminals and beefed up the data center. Now the IT engineers patch the servers and the clients are bullet proof. Cheap to buy, cheap to run, cheap to support. Where companies require windows desktops like the companies I advise in the middle east, we do something different but always safe. You can't carry on running old operating systems which are unpatched.
and if you do get a nasty in, are your policies good enough to get your network back up and running as it was before within 24 hours?
There is a part of me that is kinda glad this happened, what a wake up call....will anybody listen...who knows.
To be honest, I nearly flew back home the next day. This was waiting to happen! It's senior execs and top level IT directors. Seriously, some people need to lose their jobs. When local services are closing and sending staff home, someone needs to go! It's that age old saying isn't it, rubbish people either get fired or promoted.
They will say it's roots are based in cost savings, I say they waste money and are not intelligent.
The NHS has thousands of client devices, not enough well trained IT engineers, poor platforms, poor services, poor processes, poor everything.
If you can't afford to look after your environment you have the wrong environment.
Sky News have just said IT Managers are struggling to understand the scale of this. If so, they need sacking as well.
I bet 90% of their clients are unpatched xp machines running office 2003. Windows XP launched in 2001. They will argue they can't afford to spend £500 per machine plus the resources required to replace them. What year is this, 2006! Do they run weekly reports showing percentage of clients unpatched, if not why not. If they do, what are they doing about it. Don't tell me "we dont have enough time", "we dont have enough people", "not my job", "nobody told me to do that". Heard it all before. If you can't do it, use NAP and stick all the nasties in another VLAN. Who cares who shouts, at least your safe.
I've just replaced 800 windows machines with igel UDC for £44k...there's no excuse and there are various solutions out there
So tomorrow I go into a board meeting at 9am to discuss the outbreak. We're fine, a few years ago we probably wouldn't be, but with an IT department of less than 12 supporting thousands of client devices.....we soon moved to zero terminals and beefed up the data center. Now the IT engineers patch the servers and the clients are bullet proof. Cheap to buy, cheap to run, cheap to support. Where companies require windows desktops like the companies I advise in the middle east, we do something different but always safe. You can't carry on running old operating systems which are unpatched.
and if you do get a nasty in, are your policies good enough to get your network back up and running as it was before within 24 hours?
There is a part of me that is kinda glad this happened, what a wake up call....will anybody listen...who knows.
Last edited:
I agree with what you are saying in general but this is a bit of a fallacy - it recently took us 5 years and over £1.6million (not sure total cost as I was only involved in phase 1) to get to a point we could spend the few 10s of thousand replacing a bunch of old XP and ME machines due to the extended issues connected to it such as getting people in to understand and rewrite from the ground up software that didn't work on newer operating systems and the original companies and people who had experience with it had long since retired - with the best will in the world that money simply wasn't there before that point to be able to take on the scale of the task.
Soldato
- Joined
- 30 Sep 2005
- Posts
- 16,716
I'm not saying it's easy, but windows xp is sixteen years old and Microsoft do have a paid extended support option. If staff with the only skills retired, then a solution should have been thought from that day forward.
Recently I had a meeting with an IT director who said to me, we only have one XP machine left but we are keeping it. He said it would cost £15k to replace it as it ran some bespoke finance software. I said, no problem. When you get infected, and the CEO asks why all the machines are down for a week, tell him you saved him £15k. He soon managed to find the money.
Obviously you are on a much much bigger scale than that one machine.
If you can't, and there is absolutely no way in hell you can move off xp then you should write a BCP expecting to get hit. I've done it before, and it's kinda fun but they tend not to last very long
Has to be a lessons to be learned parody somewhere. I don't think they'll learn from this because if they were, this would never have happened even with all the warnings they had.
The government wasted 5.5 million for extended support to waste for a year.
I'm not saying it's easy, but windows xp is sixteen years old and Microsoft do have a paid extended support option. If staff with the only skills retired, then a solution should have been thought from that day forward.
Recently I had a meeting with an IT director who said to me, we only have one XP machine left but we are keeping it. He said it would cost £15k to replace it as it ran some bespoke finance software. I said, no problem. When you get infected, and the CEO asks why all the machines are down for a week, tell him you saved him £15k. He soon managed to find the money.
Obviously you are on a much much bigger scale than that one machine.
If you can't, and there is absolutely no way in hell you can move off xp then you should write a BCP expecting to get hit. I've done it before, and it's kinda fun but they tend not to last very long
I think part of the problem is we are still emerging from the initial age of this scale of technology in industry and those nearer the top of companies that are calling the shots on forward strategies just have no idea or insight into the technology and the realities of how that works going forward and those below them tend to look to those people for direction going forward resulting in a disconnect there in thinking (obviously some companies do have tech people at very high levels with more clout, etc.).
You could almost say this was inevitable in the progression of technology.
Soldato
- Joined
- 30 Sep 2005
- Posts
- 16,716
I think you've hit the nail on the head there, 100% agree