Cyber attack on hospitals

[Mr Bump]

There are no excuses to not patching and not upgrading only takes money the NHS as like quite a few organisations has very poor advice.
I have working IT now for almost 30 years and have seen it so many times it is tedious.
Computers are not one time purchases, it is all about the upkeep.

makes me laugh all the recent threads from the windows 7 people who refuesed to upgrade.

 

[Keith W]

Windows update doesn't work on my fresh win 7 64bit update. Handy eh.

Install them a few at a time, say 10, it will take some time to do but should work

This is the way I had to do it on fresh installs of win7

 

[Keith W]

makes me laugh all the recent threads from the windows 7 people who refuesed to upgrade.

Why?

Nothing wrong with win 7 computers if you keep them secure and patched.

I have win 7 computers which I have not intention of upgrading in the foreseeable future.

I also install win 7 on all my new builds unless specifically asked not to

 

[Mr Bump]

Why?

Nothing wrong with win 7 computers if you keep them secure and patched.

I have win 7 computers which I have not intention of upgrading in the foreseeable future.

I also install win 7 on all my new builds unless specifically asked not to

well thats up to you, uncalled for, deleted

 

[stevelmx5]

well thats up to you, uncalled for, deleted

And you repeated the Facebook 'fact' that 90% of the NHS is running XP.

If you've spent any of your 30 years in IT working for large corporates you'll realise that nothing is as simple as just throwing money at a problem. I work for a huge global multinational and we've still got Server 2000 in some factories because the systems being run are no longer available at all but it's not feasible to 'simply' replace an entire selection of lines that run 24/7/365. It's far from ideal but not exactly unique either.

Go to the other end of the scale with the NHS being underfunded in general and the priority being on the actual care of patients and it's no surprise that they're not running bleeding edge systems. Then again, at less than 5% of clients running XP they're not that bad.

 

[Keith W]

well thats up to you, uncalled for deleted

I asked you why yet you chose not to answer my question and instead resorted to name calling

Say's it all

 

[wave01]

This has happened so let's get things tightened up. The way it should have been. If patches are issued then install them asap not some months later. Who ever had a policy to wait before patches were installed is wrong.
The NHS needs an IT shake up but maybe so do other organisations

 

[nilagin]

I have no idea what level of Windows my laptop is running. Laptop is 2-3yrs old now and the first updates it tried to download screwed it up terribly, I deleted them and haven't downloaded a single upgrade since.

 

[d00d]

Thanks all.

I have a W7 machine and a W10 machine, I run Avira Free on both and do the occasional Malwarebytes Free scan.

I got an email from Malwarebytes yesterday informing me their free version "does not protect you against WanaCrypt0r" but their paid-for version does.

Should we be panicking? Do they really deliberately fail to protect millions/billions of mwb free users? I know they're after our $ but this seems a clumsy way of going about it, and do we really need their protection anyway?

 

[stevelmx5]

Thanks all.

I have a W7 machine and a W10 machine, I run Avira Free on both and do the occasional Malwarebytes Free scan.

I got an email from Malwarebytes yesterday informing me their free version "does not protect you against WanaCrypt0r" but their paid-for version does.

Should we be panicking? Do they really deliberately fail to protect millions/billions of mwb free users? I know they're after our $ but this seems a clumsy way of going about it, and do we really need their protection anyway?

The WanaCrypt encryption targets a Microsoft SMB vulnerability that is patched/resolved by a free Microsoft patch. An antivirus/antimalware application won't do anything against it.

 

[d00d]

Thanks for confirming my suspicions.

 

[Alastair]

There are no excuses to not patching and not upgrading only takes money the NHS as like quite a few organisations has very poor advice.
I have working IT now for almost 30 years and have seen it so many times it is tedious.
Computers are not one time purchases, it is all about the upkeep.

I'm going to hazard a guess that during your 30 years in IT you've had minimal involvement with the certification of medical devices. Or any real world non-office environment where IT is applied.

 

[neil_g]

There are no excuses to not patching and not upgrading only takes money the NHS as like quite a few organisations has very poor advice.
I have working IT now for almost 30 years and have seen it so many times it is tedious.
Computers are not one time purchases, it is all about the upkeep.

makes me laugh all the recent threads from the windows 7 people who refuesed to upgrade.

Working in IT for that long you should know better than to suggest patching in a corporate environment is straight forward.

* patches should be tested before being deployed to production systems.

* downtime needs to be scheduled, not a problem in a large multinational with clusters of servers. Becomes an issue on single point systems that need 24/7 uptime.

* fallback plan needed in case something goes wrong. Increased downtime needs factoring to potentially reimage etc.

Those are just a few things off the top of my head pre coffee.

I have no idea what level of Windows my laptop is running. Laptop is 2-3yrs old now and the first updates it tried to download screwed it up terribly, I deleted them and haven't downloaded a single upgrade since.

I'd urge you to try again. Occasionally updates can go a bit wobbly and need a second attempt but after 2-3 years your security updates will be massively out of date.

 

[d00d]

I'd urge you to try again. Occasionally updates can go a bit wobbly and need a second attempt but after 2-3 years your security updates will be massively out of date.

I took @nilagin to mean upgrading to W10. I've tried but failed to do this with my W7 machine.

 

[neil_g]

I took @nilagin to mean upgrading to W10. I've tried but failed to do this with my W7 machine.

Ah I see.

Not all machines are capable of running w10 well. Despite if they meet the basic system requirements.

For example I had a Dell laptop with an older 2xxx i7. Installed w10 fine and ran okay but performance was well down and the hard drive was always thrashing away. Turns out Intel discontinued driver support for the 2xxx chipset/storage controller after Windows 7 and it was using a generic driver causing it to run poorly.

Takes a little research to find out whether your system is 100% right for upgrade.

7sp1 extended support ends on January 14, 2020 so a few more years left for updates.

 

[Alastair]

For example I had a Dell laptop with an older 2xxx i7. Installed w10 fine and ran okay but performance was well down and the hard drive was always thrashing away. Turns out Intel discontinued driver support for the 2xxx chipset/storage controller after Windows 7 and it was using a generic driver causing it to run poorly.

Dell is a good example of another reason updates can fail. I've upgraded a handful of Dell laptops and desktops to Win10, and all but one required driver and/or BIOS updates that could only be obtained by running the system check tool on the Dell support web page. Without these updates Win10 would either fail to update or would be so unstable that a rollback was required to undo the update. Once relevant driver/BIOS updates were installed the Win10 update went smoothly and the new OS was stable.

 

[neil_g]

Dell is a good example of another reason updates can fail. I've upgraded a handful of Dell laptops and desktops to Win10, and all but one required driver and/or BIOS updates that could only be obtained by running the system check tool on the Dell support web page. Without these updates Win10 would either fail to update or would be so unstable that a rollback was required to undo the update. Once relevant driver/BIOS updates were installed the Win10 update went smoothly and the new OS was stable.

Any oem to be fair. HP don't make life easy either.

 

[Mr Bump]

I agree that some older equipment requires special attention in areas like hospitals.
But let us understand one fact, microsoft released the patch for all its OSs for this attack a few months ago.
not applying it was 100% the fault of the NHS trusts involved, it will have simply only been a security patch nothing more.

 

[LongLensPhotography]

WinXP was a terrible terrible OS. We must now thank the numpties still using it without any recent updates and clicking on everything like a bunch monkeys. Has anyone forgot the millions and billions wasted on NHS IT project? So this is what we all paid for. Shocker.

Critical infrastructure needs to be running hardened Linux or some *NIX derivative.

And then there is also the question of NSA and GCHQ building and leaking such vermin to the scum of the underworld.

 

[neil_g]

But let us understand one fact, microsoft released the patch for all its OSs for this attack a few months ago.
not applying it was 100% the fault of the NHS trusts involved, it will have simply only been a security patch nothing more.

2 months to the day yes. But again, patching can not always be a quick process.

WinXP was a terrible terrible OS.

No it really wasn't for its time.

As for the Linux part. Just no.

 

[Alastair]

But let us understand one fact, microsoft released the patch for all its OSs for this attack a few months ago.

Microsoft did not release patches for "all its OSs.. a few months ago", it patched supported OSs last month and released a hasty patch for some older systems after the attack (Win XP, Win 8, & Server 2003).

But this is not relevant for those systems that cannot be patched, Updates and patches are nice, simple solutions for nice, simple IT applications minded by the sort of nice, simple IT people that get to wear short-sleeved shirts every day. But approving a single patch/update for a critical medical device, safety critical system or production process controller can take months and may require full recertification of the device. The IOT isn't helping either, as more of these devices become "connected".

 

[neil_g]

minded by the sort of nice, simple IT people that get to wear short-sleeved shirts every day

i wear a polo so i'll let that slide

 

[cambsno]

WinXP was a terrible terrible OS. We must now thank the numpties still using it without any recent updates and clicking on everything like a bunch monkeys. Has anyone forgot the millions and billions wasted on NHS IT project? So this is what we all paid for. Shocker.

Critical infrastructure needs to be running hardened Linux or some *NIX derivative.

And then there is also the question of NSA and GCHQ building and leaking such vermin to the scum of the underworld.

If you have the right firewalls, internet security and the like, MS is fine.

 

[neil_g]

If you have the right firewalls, internet security and the like, MS is fine.

indeed.

behind a corporate firewall Windows server is still the best tool.

at the end of the day the exploit was in SMB, nobody exposes that to the internet. the infection method was most likely email, internet link or a compromised device bought in from external.

 

[arclight]

For a very long time malware has been able to do it's dirty work simply because a human clicked on a link in an email or opened an email attachment. That is a human weakness.
Is there no way that emails with attachments or weblinks can be automatically checked for malware in a sandbox environment before humans can get the opportunity to make an error that has disastrous consequences.

 

[neil_g]

Is there no way that emails with attachments or weblinks can be automatically checked for malware in a sandbox environment before humans can get the opportunity to make an error that has disastrous consequences.

this is where email and web filtering come in.

a good email filter will have built in av/malware checks for attachments and URLs. however password protected attachments will not get scanned the same as password protected files on the desktop wont.

secondly a good web filter with up to date definitions for malicious URL and download blocking for executable/malicious file types.

however again both are not foolproof. ive seen directors demand unrestricted web access for "special" people and whitelist certain email addresses/domains. and the scanning definitions on these filters are only as good as known malicious files/sites/emails.

 

[LongLensPhotography]

If you have the right firewalls, internet security and the like, MS is fine.

You have to wonder what happened to these firewalls during the mega expensive NHS IT project?! I wonder if they even have an out of date free AV?

 

[neil_g]

You have to wonder what happened to these firewalls during the mega expensive NHS IT project?! I wonder if they even have an out of date free AV?

trouble is in this case they most likely would not have helped. as i say, nobody in their right mind exposes SMB to the internet and it was probably a different infection method.

ms technet even states that blocking the crypto from the internet increases its spread.

as for the free AV bit, that would be an assumption. I can vouch for one of the trusts having enterprise level AV.

 

[nilagin]

I took @nilagin to mean upgrading to W10. I've tried but failed to do this with my W7 machine.

No I meant normal security updates. I tried to download the free Windows 10 update and that failed.

 

[stevelmx5]

You have to wonder what happened to these firewalls during the mega expensive NHS IT project?! I wonder if they even have an out of date free AV?

What is it you've got against the NHS IT contract particularly? Numerous organisations suffered the same encryption issues worldwide yet you seem to be fixated on the NHS. Also, there's no way any large enterprise will use Linux for anything other than firewalls and black box devices because Windows is much more flexible for users and support.

 

[neil_g]

The ones we know of:

Germany's rail network Deutsche Bahn
Spanish telecommunications operator Telefonica
US logistics FedEx
Russia's interior ministry
Some Renault factories were temporarily offline in France

 

[stevelmx5]

The ones we know of:

Germany's rail network Deutsche Bahn
Spanish telecommunications operator Telefonica
US logistics FedEx
Russia's interior ministry
Some Renault factories were temporarily offline in France

Yeah, damn NHS...

 

[ancient_mariner]

What is it you've got against the NHS IT contract particularly?

A political point to prove, even when it's got nothing to do with the subject.

Looks like 2016-7 is the era when cyber warfare moves out of the shadows.

 

[neil_g]

Worth noting that if you have a cloud backup that auto syncs your files, if you get hit with this sort of malware then your cloud copy will also be hit.

Offline backups, i.e. a disconnected hard drive, are invaluable in this situation.

 

[onomatopoeia]

Worth noting that if you have a cloud backup that auto syncs your files, if you get hit with this sort of malware then your cloud copy will also be hit.

Offline backups, i.e. a disconnected hard drive, are invaluable in this situation.

Version control (git / svn) also deals with this, though trainig the average user to commit may be difficult.

I backup to a portable USB device (encrypted) that comes with me when I leave work, and to a local version control server not running on a Window box, so hopefully I'm covered for most eventualities.

 

[neil_g]

Version control (git / svn) also deals with this, though trainig the average user to commit may be difficult.

yup. worth checking whether the cloud provider offers version control and whether its enabled by default. i know onedrive only does on business accounts for example.

 

[wave01]

Windows is a good target for hackers always has been. I really don't know how it's survived for so long

 

[neil_g]

Windows is a good target for hackers always has been. I really don't know how it's survived for so long

weird really as working in IT for 17 years I've never had any of the systems I've looked after been hacked.

 

[wave01]

So you do a good job and keep on top of the security issues.

 

[Phil V]

Windows is a good target for hackers always has been. I really don't know how it's survived for so long

weird really as working in IT for 17 years I've never had any of the systems I've looked after been hacked.

Me too. 20 years working on a network of 80,000+ desktops and the problems were rare, minor and always user error way beyond normal practice.

And anything up to 5000 attempted cyber attacks a day.

But no doubt LLR will tell me that it was run by amateurs who didn't have a clue because it was a govt network, and that despite my belief it was probably hacked and we were blissfully unaware.

Side note: I once had a circular discussion in a pub with a 'type' who told me he could hack the small windows network I was looking after at the time 'in 10 minutes', it took him an hour to cotton on to the fact we had no external connection, the only way he could do it was to break into the building which had 24hr security.