Advertisment

Like England’s National Health Service, Ireland’s Health Service Executive “could be a ‘sitting duck’ for a cyberattack,” a cybersecurity researcher said. Thanks to the widely spreading ransomware called WanaCrypt (or WannaCry, WanaCrypt0r 2.0, and a couple more) the HSE voluntarily isolated HSE networks until something happened.

The WanaCrypt0r ransomware infected more than 120,000 machines in at least 100 countries around the world. WanaCrypt0r massively impacted critical infrastructures and industries, age healthcare quite obviously fit the bill. Other industries too: FedEx, Deutsche Bahn, and LATAM Airlines reported significant incidents. As did Telefónica in Spain. But out of every company or person attacked, Britain’s National Health Service took the greatest beating.

The ransomware attacks computers with Windows XP still installed. For some organizations, especially large, government-sponsored ones, IT departments last upgraded their systems in the early 2000s—Microsoft released Windows XP for retail sales in 2001. Many large, poorly budgeted organizations have remained on XP for several reasons: it works, upgrading thousands, even hundreds of thousands, of machines is expensive, and the process takes time and effort as companies cannot simply ask their employees to buy and install their own copies of Windows 10.

HSE update on ransomware virus attack:

“By midday today there had been three suspected cases in the HSE of the most recent malware, known as WannaCry. Following suspicions being raised about these sites, newly developed processes were put in place that isolated the occurrence and allowed further investigation to take place. In each of these cases, the virus discovered was proven not to be the WannaCry virus, but an older virus for which protection was available. In all three cases, the hospital was returned to the health network and continued to deliver patient care with no impact.”

And WanaCrypt0r (WC) used EternalBlue (ETERNALBLUE), a Server Message Block vulnerability, as the attack vector. The Shadow Brokers released EternalBlue several months after Microsoft issued a free critical security patch to the company’s newer operating systems. The left out Windows XP and Windows Server 2003. (They promptly issued a free patch to the older systems as well—the same day WC reports came in.

According to the Independent, “the HSE said there were approximately 1,500 devices believed to be vulnerable to threat.” The HSE reported that “Anti-virus updates were being installed where necessary, but it was expected that this process and relevant testing would take a number of days.” Stephen Burke, CEO of a cybersecurity firm, told the publication that hackers now targeted people, not companies.

That phrase carries a dual meaning of sorts: that people are the weakest link, and that personal data like health care records are the most valuable form of data on the darknet. “Medical data is the most sought after by cyber criminals – it has the highest value in the Dark Web which is where this data is sold,” Burke said. “Data is the new cash.”

Even though most state agencies implemented some form of firewall, all it takes is for one person to click on an email attachment for them [cyber criminals] to get in.” See some of the more recent email threats for example: macOS “OSX.DOK,” and recent outbreak of bank credential phishing schemes. The latter of which should, one would assume, no longer be an issue.

Burke, at the end of the day, explained that no amount of technological enhancement could stop cyber threats permanently. “[I]t was not a question of if the HSE was targeted but a question of when.”

Get the latest Bitcoin News on The Bitcoin News
Our Social Networks:
Facebook Instagram Pinterest Reddit Telegram Twitter Youtube


RELATED ARTICLESMORE FROM AUTHOR