NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
The papers are ass hats for doing what they did.... Really is pathetic.
In terms of the malware... people need to stop downloading obviously sus email attachments... then this wouldnt happen.
We had a virus of this type at the school I used to be an IT tech at... IT ate into stuff.
We had backups though.. 48 hours later we were clean and back up and running.
If a school can do it.. why cant the NHS?
In terms of the malware... people need to stop downloading obviously sus email attachments... then this wouldnt happen.
We had a virus of this type at the school I used to be an IT tech at... IT ate into stuff.
We had backups though.. 48 hours later we were clean and back up and running.
If a school can do it.. why cant the NHS?
Soldato
- Joined
- 17 Jun 2012
- Posts
- 9,898
- Location
- South Wales
We managed to get a ransonware virus onto our shared drive a few years ago in work, lady in admin opened a dodgy attachment. Computers were backed up so only lost half a days work in the end. But there's not much you can do against people opening obviously dodgy emails.
I find the worst offenders have a resistance to learning as well - often older people who for some reason (not just scared of doing something wrong) are very anti having to learn more about computers than they are forced to even when it is their job
(and often the type that don't learn from their mistakes).Does my head in trying to deal with them.
Soldato
- Joined
- 17 Jun 2012
- Posts
- 9,898
- Location
- South Wales
I find the worst offenders have a resistance to learning as well - often older people who for some reason (not just scared of doing something wrong) are very anti having to learn more about computers than they are forced to even when it is their job
Does my head in trying to deal with them.
100% this, 'does my head in', is the exact phrase I use too. A number of older folk have the 'it's a computer so too complicated' outlook and as you said there's nothing you can do as they are set against trying to bother to learn.
wish you could sack people for this, we have quite a few of these here at work.
Where i work , i had a look at what emails the goods in clerks get sent from all over europe.
Loads of attachments for delivery details , ones that contained xl docs , word docs , zip files , links to the websites they use.
The same supplier can send any of the above depending on whos sending the info .
All of them are opened , touch wood nothing bads happened yet (Thats IT's mentality not mine).
Loads of attachments for delivery details , ones that contained xl docs , word docs , zip files , links to the websites they use.
The same supplier can send any of the above depending on whos sending the info .
All of them are opened , touch wood nothing bads happened yet (Thats IT's mentality not mine).
Funny that Microsoft had a patch for this in Feb this year for ALL systems inc Xp, 2003 server etc
but didnt release them
http://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/
but didnt release them
http://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/
Would need a bit more verification (though I suspect it is correct) MS fudges the dates on some driver and windows patches to ensure they get used correctly in a variety of scenarios i.e. the reason a lot of MS drivers are dated exactly 21st of June 2006 regardless of when they are actually built and signed.
Soldato
- Joined
- 1 May 2003
- Posts
- 11,193
This only spreads via SMB. e.g. there is no initial phishing/malvertising vector - only organisations with a port 445 gap in perimeter defences would get infected and only those with CIFS/SMB1 and without the MS patches would continue to be infected.
https://twitter.com/calebbarlow/status/864232713863213056
That is kind of damning - however I refuse to believe this is purely down to some companies having port 445 exposed.
(Also covers that stuff I was talking about before where very low numbers of infections are seen with private individuals, etc.).
To quote someone else who summarised what was said in the interview:
Soldato
- Joined
- 1 Mar 2010
- Posts
- 6,316
I could not resist...
And on that halcyon note, I'm out with my coat, smirk and diskette!
And on that halcyon note, I'm out with my coat, smirk and diskette!
If you read https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html and pay particular attention to the part where he analyses the outgoing connections, you can sort of piece together that all it would have taken is for one single PC, anywhere in the world with internet access, to start the spread of this globally, because the malware itself seems to have a pre-determined list of external IP addresses that are vulnerable on port 445. Some research definitely went into where the payload could be delivered prior to the triggering of this attack.
Yeah but that doesn't explain the scale of it alone - some of the places hit almost certainly didn't have port 445 exposed. It seems like each infection also just started randomly scanning on port 445 to try and further spread it - but again many of these organisations even with relatively vulnerable systems have port 445/SMB hard locked down at their gateway. (In some cases there might have been vulnerabilities via personal devices that had both network access and their own internet connection but that is not uniformly the case).
- Joined
- 30 Jul 2006
- Posts
- 12,130
Is there something you can do about people opening seemingly legit emails then?
I only ask because I have seen some VERY plausible looking SCAM/Phishing emails; there was a reference to one in this very thread.
I have had any number of emails, seemingly from people I know well, whose email contact lists had been hacked. I even had one that referred to a skiing holiday I had been on with one of them. People need to be INCREDIBLY cautious where emails are concerned. If there is an attachment and the emails looks less than 100% genuine, I frequently contact the "sender" to confirm that it was really they who sent it - after looking carefully at the "Reply to" address.