Ransomware & HSE

TomOnBoard

irishgeo wrote: »

Taking their bitcoin must have hurt.

In more ways than one.

When Darkside lads can't pass on the share of the ransom due to other partners in crime, I suspect they'll be in truly deep do-do!

AndrewJRenko

Deleted User wrote: »

Random should be paid and then build up security. Paying it doesn't increase the amount of attacks like a normal blackmail demand where they still have you hostage.

The people who do these attacks always "do right" when paid so they get paid by others in the future.

'Always do right'?

https://twitter.com/BrianHonan/status/1393906027754557440

tom1ie

Wombatman wrote: »

Next Social Welfare, then Revenue?

Once they stay away from the electricity grid ie eirgrid and ESB.
If the eleccy goes water goes.
Rightly fooked then.

tom1ie

Also are other country's security services working on this to find out who the perpetrators are?
If they can get our health service they can our grid they can get the NHS they can get French health systems etc I presume?

ressem

jams100 wrote: »

Does anyone know what IT company the hse works with? It's not SAP anyway afaik

Read they use DXC for financial management/ procurement.

Is it a case of they cheaped out of the bigger companies here? (Not saying this ransomware attack wouldn't have happened if they were working with a particular IT company). Just interested to know who they actually work with? I'm going to hazard a guess and say multiple companies for different functional areas.

Multiple companies,
HSE email goes through a company called topsec.com & Office 365.
It looks like the HSE have worked to make security improvements over the last year.

tom1ie wrote:

Once they stay away from the electricity grid ie eirgrid and ESB.
If the eleccy goes water goes.

I think you can be fairly certain that Eirgrid are constantly being cased out.

AndrewJRenko

tom1ie wrote: »

Once they stay away from the electricity grid ie eirgrid and ESB.
If the eleccy goes water goes.
Rightly fooked then.

I recall seeing the ESB plan for rolling out of smart meters some years back, and the risk of cyber attacks was clearly called out, so hopefully they are well on top of this.

But just imagine, if some gang of Russian lads could turn off the power to half of Dublin if they chose to?

tom1ie wrote: »

Also are other country's security services working on this to find out who the perpetrators are?
If they can get our health service they can our grid they can get the NHS they can get French health systems etc I presume?

France has been done; https://www.france24.com/en/europe/20210216-cyber-attacks-hit-two-french-hospitals-in-one-week

NHS was done badly in 2017 with the Wannacry virus.

Danonino.

riclad wrote: »

They have acess to the hse system for 2 weeks, they have had a chance to copy all user medical data on any hse customer ,familys, employees etc
if the ransom is not paid this data could be released on the web,just
like happened with 500k facebook users personal data in the last year.
i,d be suprised if the hse is not using some pcs running windows 7.of course they will say its a zero day exploit /hack otherwise they have to admit their it system was maybe running old software or software that was not updated or running the latest security updates, patch,s
it makes no difference if we could track down the hackers, they seem to be a soviet union hacker group.
the chances of them being punished is close to zero,
what might happen is maybe the websites they use might be shut down by hosting companys.
of course hackers will be interested in hacking irish companys or banks,they will attack anyone that has a network of pcs and has the finance to pay million dollar ransoms.
Very few people rob banks in person anymore ,its alot easier to run malware and attack companys and hack the network and demand a ransom.
the chances of being caught or arrested is very low,
theres a reason why most hackers are located in russia , eastern europe.
in the 70s robbing banks in person was common before extra security measures were put in place .

Speaking of the Facebook breach. Never had a leak of my data I was aware of, until this one.
Absolutely headwrecking getting missed calls off every country you could imagine for a few weeks, sometimes four or five in a day. Then that lulled and now I’ll get of batch of 5+ calls in quick succession from Shanghai every few days.

Did a search and yep. My full name, phone number, date of birth and address. Valuable information I guess. Very valuable if the person isn’t tech savvy or aware of phishing/scams ect The fact I’ve never publicly had any of these bar my name on my Facebook/WhatsApp gets to me a bit. Almost all of that info was for authentication and should be encrypted etc.

There is a group looking to bring a civil case against Facebook over their dealing of it. Especially when emails leaked point to them not giving two fooks:

https://www.google.ie/amp/s/www.bbc.com/news/technology-56815478.amp

Itssoeasy

irishgeo wrote: »

The cyber attack on the pipeline is over. They paid the ransom and got the systems back up slowly.

Then the authorities traced back the bitcoin. Emptied the account. The got hosting companies to close their blog and website.

The hackers disbanded. Now they probably just gone away for a while or deeper under ground but thats how that attack ended.

Yes I know it’s over but it’s a similar situation to what has happened to two different government depts. but thanks for pointing out that it’s over. I knew that thanks.

TomOnBoard

tom1ie wrote: »

Once they stay away from the electricity grid ie eirgrid and ESB.
If the eleccy goes water goes.
Rightly fooked then.

Whatever about the National power and water grids... What if they attack the feckin Guinness brewery just as pubs are about to re-open with fresh porter???

Jesus, I'll be first to vote for lads to invade Russia from here (so long as I don't have to go meself!) in punishment!!

OR, (thinks again) even worse, what if they take over my fridge from St Petetsburg??? :eek:

All them choc ices from Aldi won't eat themselves, ya know...

TomOnBoard

Danonino. wrote: »

Speaking of the Facebook breach. Never had a leak of my data I was aware of, until this one.
Absolutely headwrecking getting missed calls off every country you could imagine for a few weeks, sometimes four or five in a day. Then that lulled and now I’ll get of batch of 5+ calls in quick succession from Shanghai every few days.

Did a search and yep. My full name, phone number, date of birth and address. Valuable information I guess. Very valuable if the person isn’t tech savvy or aware of phishing/scams ect The fact I’ve never publicly had any of these bar my name on my Facebook/WhatsApp gets to me a bit. Almost all of that info was for authentication and should be encrypted etc.

There is a group looking to bring a civil case against Facebook over their dealing of it. Especially when emails leaked point to them not giving two fooks:

https://www.google.ie/amp/s/www.bbc.com/news/technology-56815478.amp

People's full name, phone number and address are all publicly available where they have landline numbers and dont opt out of being in telephone directories. The DOB piece may be a clincher, but the rest has been freely available for decades all around the world, and require no hacks to obtain them.

tom1ie

ressem wrote: »

Multiple companies,
HSE email goes through a company called topsec.com & Office 365.
It looks like the HSE have worked to make security improvements over the last year.


I think you can be fairly certain that Eirgrid are constantly being cased out.

When you say cases out do you mean by the cyber attackers or that eirgrid are constantly evaluating and upgrading security?

ressem

ressem wrote: »

Multiple companies,
HSE email goes through a company called topsec.com & Office 365.
It looks like the HSE have worked to make security improvements over the last year.


I think you can be fairly certain that Eirgrid are constantly being cased out.

Tried to hack the esb in 2017, and that's just the one that made the news.

tom1ie

TomOnBoard wrote: »

Whatever about the National power and water grids... What if they attack the feckin Guinness brewery just as pubs are about to re-open with fresh porter???

Jesus, I'll be first to vote for lads to invade Russia from here (so long as I don't have to go meself!) in punishment!!

OR, (thinks again) even worse, what if they take over my fridge from St Petetsburg??? :eek:

All them choc ices from Aldi won't eat themselves, ya know...

Lmao!! You win boards. Congratulations. 🀣

Flinty997

TomOnBoard wrote: »

People's full name, phone number and address are all publicly available where they have landline numbers and dont opt out of being in telephone directories. The DOB piece may be a clincher, but the rest has been freely available for decades all around the world, and require no hacks to obtain them.

They generally have not been available in a reverse lookup database though.

For many this information was not in Facebook. It's been harvested by Facebook in the background. Often people only signed up with an email and a password. Facebook has matched this up with phone number and dob and real name in the case of dummy names. Then kept it all together. Often this information wasn't public. But frequent changes on Facebook changed the default setting and made some of this public. Which was then able to be scraped.

All Facebook cares it can leverage your data to make money. It's entire reason to exist is to collect and share your data. Use it at your own risk.

tom1ie

Flinty997 wrote: »

They generally have not been available in a reverse lookup database though.

For many this information was not in Facebook. It's been harvested by Facebook in the background. Often people only signed up with an email and a password. Facebook has matched this up with phone number and dob and real name in the case of dummy names. Then kept it all together. Often this information wasn't public. But frequent changes on Facebook changed the default setting and made some of this public. Which was then able to be scraped.

All Facebook cares it can leverage your data to make money. It's entire reason to exist is to collect and share your data. Use it at your own risk.

How the hell do you get off it though. I'm sure I deleted my account but a quick Google brings me back to my Facebook page?

irishgeo

tom1ie wrote: »

How the hell do you get off it though. I'm sure I deleted my account but a quick Google brings me back to my Facebook page?

https://www.facebook.com/help/224562897555674

political analyst

Flinty997 wrote: »

This article suggests some group deliberately target hospitals as they are the mostly likely to pay.

https://www.theregister.com/2021/05/14/ireland_hse_ransomware_hospital_conti_wizardspider/

I'm puzzled as to how Ireland would even register on Russian hackers' radar, to be honest.

bren2002

Member of the UN Security Council?

skimpydoo

markgb wrote: »

If Windows is perfectly fine then why are all ransomware attacks on Windows machines? Attacks on Linux machines are almost unheard of.

The same reason why attacks on Macs are almost unheard of. You go for the most popular OS, as thats where you will hit paydirt.

hmmm

political analyst wrote: »

I'm puzzled as to how Ireland would even register on Russian hackers' radar, to be honest.

Why wouldn't we?

Small, rich, weak cyber-security capabilities, little military capability. Not likely to upset Putin if you bring down their hospitals or electricity network. Sounds perfect.

CIARAN_BOYLE

political analyst wrote: »

I'm puzzled as to how Ireland would even register on Russian hackers' radar, to be honest.

I'd say it's opportunistic.

Not sure how they inserted the initial malware but it's probably they found a breach.

I once had a training course in work about ransomware.

It was suggested that a ransome wear attack would occur by harvesting a large number of email addresses from public websites. Bombarding them with phishing emails to download portions of malware.

If a sufficient number of phishing links were downloaded by members of the organisation a ransomware attack would occur.

A typical attacker might bombard 50 organisations with phishing links but only actual graduate to an attack on 1 organisation.

I'm jot saiying that this is how this happened but its one way of developing a breach. Other methods may be similar where many organisations are probed for weakness but a smaller number are actually attacked.

AndrewJRenko

skimpydoo wrote: »

The same reason why attacks on Macs are almost unheard of. You go for the most popular OS, as thats where you will hit paydirt.

Mac users shouldn't get too complacent.
https://www.vox.com/recode/2020/2/12/21134681/mac-pc-virus-malware-malwarebytes

James..

Out of curiosity what could happen if someone hacked coinbase

Could they transfer billions in crypto ,?

Flinty997

political analyst wrote: »

I'm puzzled as to how Ireland would even register on Russian hackers' radar, to be honest.

I'm sure Ireland is only one of many countries they target.

Fantomas9mm

Does anybody know what vulnerability was exploited?

I hope people aren’t closing the door on the possibility that the hackers motivation in this isn’t actually financial.

Itssoeasy

Eamonn Ryan is quoted on the rte front page that there’s “no sense” of any other agencies affected by the attack but you’d hope the government would be working to make sure.

CIARAN_BOYLE

Fantomas9mm wrote: »

Does anybody know what vulnerability was exploited?

I hope people aren’t closing the door on the possibility that the hackers motivation in this isn’t actually financial.

What would it be. You don't demand a ransom if the motivation is financial.

Fantomas9mm

CIARAN_BOYLE wrote: »

What would it be. You don't demand a ransom if the motivation is financial.

I’m not a tinfoil hat nut, its not uncommon for state’s or state sponsored hackers to attack other countries under the guise of ransomware ..

BattleCorp

James.. wrote: »

Out of curiosity what could happen if someone hacked coinbase

Could they transfer billions in crypto ,?

I don't see why not.

BattleCorp

Fantomas9mm wrote: »

I’m not a tinfoil hat nut, its not uncommon for state’s or state sponsored hackers to attack other countries under the guise of ransomware ..

You don't think a State wouldn't like a slush fund to carry out covert operations?