Surely you're not saying there are scummy people reading scummy newspapers? Surely not?
NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
Surely you're not saying there are scummy people reading scummy newspapers? Surely not?
Associate
- Joined
- 31 May 2004
- Posts
- 1,856
- Location
- The 'Toon, UK, in Europe
Knowing some of the organisations infected, definitely this... There _has_ to have been some bridging between N3 <> Internal <> Internet.
Will be interesting to see what comes of this in the mop up.
Last edited:
Soldato
- Joined
- 1 May 2003
- Posts
- 11,193
Seems like there are still some misconceptions and misinformation circulating about the ransomware.
This write up put things in perspective
https://www.performanta.co.uk/wannacry-whats-real-whats-not/
This write up put things in perspective
https://www.performanta.co.uk/wannacry-whats-real-whats-not/
Doesn't really clear up much other than some details about the packaging of the original and some subsequent variants. They still have no proper answer for the initial attack vector.
Not sure if that is entirely correct (though IBM data tends to backup that very low to no variants seen in emails) as some organisations have reported finding evidence in their email logs (but they could be mistaken like so many people over exactly what has happened here).
I know for a fact that some organisations have been hit that categorically do not have any external SMB exposure and don't allow personal devices to be connected to the internal network.
Not entirely improbable and possibly why the killswitch was there (for internal testing) as it has some wormlike capabilities combined with reasonable to significant capabilities to escape a sandbox - it would only need to infect one machine not in control of the group behind it for it to start propagating via any systems exposed on 445 that one infected machine happened to be able to connect to. I still struggle to believe that the exploitation of SMB is the only way it has been deployed though the initial attack does not match previously seen worm patterns.
I never read it. It just looks fancy so I expected better. I'll note your advice from here on!
- Joined
- 30 Jul 2006
- Posts
- 12,130
There is what may be a good (I am in no position to judge the quality) review of this attack on The Register at https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/
Edited - According to The Register:
Edited - According to The Register:
Last edited:
Probably didn't intend to do so much damage or hit the targets they did. But they have the attention of pretty much every major intelligence organisation around the world (including Russia's, who are prepared to kill people who merely speak up against them). So they are ****** now. It's only a matter of time before they are found, or killed.
Last edited:
Its doing my head in how everyone is skipping over the initial attack vector like there is some disconnect in thinking and really it is much more important than the ransomware - even after it was shown it wasn't just spreading via phishing as everyone had just accepted without question or that it didn't match previous scattershot propagation which affected private and corporate entities much more alike no one seems to be seriously questioning it - even one of the better security researchers comments on the IP "scanner" capabilities that try to propagate the infection via the SMB vulnerability and how that might explain why people are unsure of the initial infection vector but then goes onto comment about how the initial pattern doesn't seem to match previous worm type infections spread using similar netBIOS vulnerabilities without apparently connecting the two aspects or looking at them any closer.
ok i'd like to start this post with i have zero idea about any of this.
so going on posts in this thread/ others that the ransomware side seems "amateurish" could this simply be someone got a hold of the more advanced worm side (sdideloading etc) from the nsa leaks/other sources and simply made a get rich quick scheme he didnt expect to spread so far, or just a "make the world burn" thing?
basically a capable but not strategic thinking person capitalizing on something beyond his level?
so going on posts in this thread/ others that the ransomware side seems "amateurish" could this simply be someone got a hold of the more advanced worm side (sdideloading etc) from the nsa leaks/other sources and simply made a get rich quick scheme he didnt expect to spread so far, or just a "make the world burn" thing?
basically a capable but not strategic thinking person capitalizing on something beyond his level?
Its not improbable that it was a "get rich quick" scheme from someone who'd paid for the dropper not anticipating how quickly it was capable of spreading though we might never find that out.
Not sure if its a limitation of IP geolocation but the animated map of it spreading almost looks like they had teams operating in the big cities - maybe it initially (atleast partially) spread via some kind of exploitation of public hotspots which the lead to infected devices getting inside companies that way - because while way too many companies are more exposed than they should be I'm fairly sure some of those hit have had SMB and netBIOS stuff locked down externally since kids crashing servers via netBIOS flaws in the 90s.
Not sure if its a limitation of IP geolocation but the animated map of it spreading almost looks like they had teams operating in the big cities - maybe it initially (atleast partially) spread via some kind of exploitation of public hotspots which the lead to infected devices getting inside companies that way - because while way too many companies are more exposed than they should be I'm fairly sure some of those hit have had SMB and netBIOS stuff locked down externally since kids crashing servers via netBIOS flaws in the 90s.
Last edited:
Soldato
- Joined
- 18 May 2010
- Posts
- 22,989
- Location
- London
Not sure if new to the thread but read today that the government are considering going Linux.
NHSbuntu has launched on Github.
https://www.nhsbuntu.org
NHSbuntu has launched on Github.
https://www.nhsbuntu.org
Why does it look like Windows 10 in so many ways?
Hmm... https://www.openhealthhub.org/t/welcome-to-nhsbuntu/908/3
Can see the NHS staff going, eh terminal... sudo...
Hmm... https://www.openhealthhub.org/t/welcome-to-nhsbuntu/908/3
Can see the NHS staff going, eh terminal... sudo...
you dont need sudo for things gps/doctors do.
the biggest problem will be The hardware. So many specialized devices requiring Drivers on LINUX. A loto f the devices can not be bought from the shops
Plus Their using GNOME!, a very heavy memory resourcing GUI.Hardware upgrades most likely required.
it just wont work or be migrated that simply, then you got communication between the sugery /Win/Linux
not like Open Office can do everything MS Office can.
only way to fix that would be have everything web-based. yet another security flaw
Soldato
- Joined
- 18 May 2010
- Posts
- 22,989
- Location
- London
you dont need sudo for things gps/doctors do.
the biggest problem will be The hardware. So many specialized devices requiring Drivers on LINUX. A loto f the devices can not be bought from the shops
Hardware upgrades most likely required.
it just wont work or be migrated that simply, then you got communication between the sugery /Win/Linux
not like Open Office can do everything MS Office can.
only way to fix that would be have everything web-based. yet another security flaw
Unity has been dropped by Ubuntu the future is now Gnome. As for drivers etc.... I'm sure the Government could hire a team of 20+ Linux developers to work on and maintain the release.
This is a good start tho. And over the coming years if there isn't a mass role out I'm sure we will see a gradual uptake of this OS into the NHS ecosystem. As more and more people get on board then there will be more work done to it as interest picks up.
---
Oh and one of our developers mentioned that they could just use wine for interoperability with their existing windows code.
the future maybe gnome, but right now GNOME is horrid unreliable and bloated piece of turd. imstall a fresh install of gnome 3.0 2GB of GUI ram usage.
drivers totally agree, however the government should not be creating the drivers. for example MRI's are made by Siemens and Phillips. so they should be doing the drivers, getting to do that is another issue all together,
you don't want a third party guy creating a driver for a MRI system as an example it will be horribly unreliable and not accurate, no matter how good a programmer you are. you need inside knowledge from manufacturer to get it accurate.
you got remember some of these systems are difference between life/death
regarding Wine, stability stability stability = down the drain.
don't get me wrong it would be a good idea, but Gnome is a bad idea right now and jumping ship to fast is also a bad idea,