NHS England hit by cyber attack, phone and IT systems down

yeah Iberdrola were hit too.

This is why we should privatise the nhs

Dual wrote:This is why we should privatise the nhs

And allow the government to circumvent all our encryption so they can work out who did it.

Denster wrote:For the last 20 yrs.

Awesome. It's just surprising as you're so pro-Tory, but this isn't the politics topic so I'll say no more.

satriales wrote:

Denster wrote:For the last 20 yrs.

Awesome. It's just surprising as you're so pro-Tory, but this isn't the politics topic so I'll say no more.

Yeah I get that a lot.

lex-man wrote:They just hit ip addresses until they find a vulnerable target.

Actually they usually come as a concealed email attachment. You can mask almost any executable as a Word macro.

lex-man wrote:

Errkal wrote:

lex-man wrote:

Errkal wrote:

lex-man wrote:They just hit ip addresses until they find a vulnerable target.

The NHS sites inside its own network isolated from the Internet, they connect via a number of very restricted gateways, some trusts have internet gateways but most dont, so this is more targetted than that.

Do you work in it for the NHS because that wasn't my experience?

Yup, IT for like 11 years or so.

Where I worked two and a half years ago all of our front facing machines had internet access. It was all replaced by visualised desktops running off servers but still very much hooked up to the internet.

The guardian article mentions that it the mail sever was the first place to get hit.

In a message to a Guardian reporter, one NHS IT worker said: “At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down.

They also mention it wasn't an attack targeting the NHS specifically.

“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

https://www.theguardian.com/society/201 ... ber-attack

So I still stand by my comment.

They have internet access, because n3 goes to the web via some gateways, what I mean is a trusts networks is a secured network within n3 that is a secured network from the internet, you can get to the web getting getting in is very hard. So this would need to be more targeted to get someone to start something that lets you in.

You can direct host vpn, web servers via n3, trusts have their own internet lines for them but they aren't use for internet usually, N3 is.

nested networks!

it's networks all the way down!

Man now the worst episode of The Good Wife is actually relevent

FedEx in America has now been hit.

There are also rumours that the cause of the attack is an NSA tool.

Lagamorph wrote:FedEx in America has now been hit.

There are also rumours that the cause of the attack is an NSA tool.

A month or so back a load of NSA hacking tools were released on the internet. One of our customers at work had a server get infected with ransomware from one of those tools, luckily they had a backup so nothing was lost but It wouldn't surprise me to see a lot more of these attacks.

Errkal wrote:

lex-man wrote:

Errkal wrote:

lex-man wrote:

Errkal wrote:

lex-man wrote:They just hit ip addresses until they find a vulnerable target.

The NHS sites inside its own network isolated from the Internet, they connect via a number of very restricted gateways, some trusts have internet gateways but most dont, so this is more targetted than that.

Do you work in it for the NHS because that wasn't my experience?

Yup, IT for like 11 years or so.

Where I worked two and a half years ago all of our front facing machines had internet access. It was all replaced by visualised desktops running off servers but still very much hooked up to the internet.

The guardian article mentions that it the mail sever was the first place to get hit.

In a message to a Guardian reporter, one NHS IT worker said: “At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down.

They also mention it wasn't an attack targeting the NHS specifically.

“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

https://www.theguardian.com/society/201 ... ber-attack

So I still stand by my comment.

They have internet access, because n3 goes to the web via some gateways, what I mean is a trusts networks is a secured network within n3 that is a secured network from the internet, you can get to the web getting getting in is very hard. So this would need to be more targeted to get someone to start something that lets you in.

You can direct host vpn, web servers via n3, trusts have their own internet lines for them but they aren't use for internet usually, N3 is.

Yeah, it probably got in via an email so it may have been sent directly to an NHS mail address. Although it could have just been sent to some bodies web mail account. It's already hit a load of other companies.

Probably a bit of both, from the organisations I've heard from today they have no impact as such other than panicked and shutting gooseberry fool down.

I think most of the impact is just people's over reaction than an actual intrusion.

One of our customers for example got us to shut down all servers, another pulled their n3 connections. All from seeing it on the news.

If you've done all Windows Updates then you should be safe as it was patched a few weeks ago.

Amusing most of our customers are a combination of NetWare and OES so have even less to worry about.

satriales wrote:If you've done all Windows Updates then you should be safe as it was patched a few weeks ago.

Here's an article about the ransomwhere you need this patch, it's pretty likely you already have it though

https://arstechnica.co.uk/security/2017 ... ernalblue/

https://technet.microsoft.com/en-us/lib ... aa970312fc)(256380)(2459594)(TnL5HPStwNw-mC26Ai1RgPs8y1VWNfdDKw)()

If anyone is in the IT biz, it looks to be the shadowbroker vulnerability which is fixed by MS17-010 back in March. If you are behind on your patching then I think you want to disable smbv1 at least.

satriales wrote:

Lagamorph wrote:FedEx in America has now been hit.

There are also rumours that the cause of the attack is an NSA tool.

A month or so back a load of NSA hacking tools were released on the internet. One of our customers at work had a server get infected with ransomware from one of those tools, luckily they had a backup so nothing was lost but It wouldn't surprise me to see a lot more of these attacks.

Wasn't it Wikileaks who put those tools out there?

Real strawberry floating nice of them.

Gently-Parted Ringpiece wrote:If anyone is in the IT biz, it looks to be the shadowbroker vulnerability which is fixed by MS17-010 back in March. If you are behind on your patching then I think you want to disable smbv1 at least.

The Eternalblue exploit that I saw (and I think is what got the NHS) also targets SMBv2, but some of the other exploits from the same group do target SMBv3.

It amazes me that even in Server 2016 SMB v1 is still enabled by default.