Ransomware & HSE

Turtwig

TomOnBoard wrote: »

Oh Cod, You eely need to do some sole searching and learn to know your plaice...

That's overkrill.

HalfAndHalf

Wombatman wrote: »

BREAKING NEWS: Lone Telecommunications Guru Migrates entire HSE IT Infrastructure to the Cloud in Six Months.

Made my night! Nice one!

dingding

Wombatman wrote: »

BREAKING NEWS: Lone Telecommunications Guru Migrates entire HSE IT Infrastructure to the Cloud in Six Months.

Ahead of time and under budget.

Topgear on Dave

dingding wrote: »

Ahead of time and under budget.

Las lads lads its the hse we are discussing here. These fantasies are going too far.:pac:

Hurrache

mcsean2163 wrote: »

Keep the source code change the OS. Engineering will bitch and complain but escalate and get it done.

You're really bull****ting now.

mcsean2163 wrote: »

I've worked on multiple medical device projects at the highest level. Upgrade. No excuses. Upgrade.

Odd you're only making this outlandish claim now.

Infini

harmless wrote: »

What they seem to do is pay private companies to supply security support for operating systems that are no longer supported by Microsoft.
https://www.irishexaminer.com/news/arid-30974569.html

It should be said that some hardware is not capable of running windows 10 and can only run windows 7/XP due to drivers/software that was only ever created for that hardware. That being said those devices should be cut off from direct network access anyways as obsolete hardware/software is always a soft target in any network.

I know my job is still using windows 7 on some PC's and I'm wondering if this weeks attack might push them to move to upgrade these machines quicker.

magicbastarder

mcsean2163 wrote: »

as an it professional you should simply say that they are not allowed and have to be upgraded. Keep the source code change the OS. Engineering will bitch and complain but escalate and get it done.

please tell me how many vendors you have bought software from, who also provided the source code.

irishgeo

magicbastarder wrote: »

please tell me how many vendors you have bought software from, who also provided the source code.

or the magic source code that just works from Windows XP to 10.

Darkglasses

Hibernicis wrote: »

On the off chance that any HSE ICT people are reading this thread I'd just like to say that there are a lot of ICT people around the country who fully understand the nightmare you are working through, the joy you feel every time another server comes up clean, the fear you feel that the next one might just be the one that brings it all tumbling back down again, the strain of 12/14/16/18 hour days. Pay no attention to the many experts here and on twitter etc giving us the benefit of their scant knowledge and very dubious expertise.

There are a lot of us rooting for you and truly hoping for your sake and for ours that it all works out.

I sincerely hope they see the funny side of this

ixoy

irishgeo wrote: »

or the magic source code that just works from Windows XP to 10.

Just run it on a virtual XP emulator hosted on a Windows 10 VM inside a segregated SDN VLAN running on an Azure stack. Could be done in a couple of hours. Can't see the problem :pac:

magicbastarder

magicbastarder wrote: »

please tell me how many vendors you have bought software from, who also provided the source code.

For myself, that would be a grand total of 1. Red Hat.



I'm going to list all the other companies I know who provide that:


1. Er.....

dingding

Worked on a bit of hardware that ran OS2 Warp back in the late 90's.

Not actually possible to upgrade it, and they were eventually replaced.

Sometimes with hardware designed for a certain operating system it is not possible to upgrade.

Sometimes even upgrading the attached PC and installing a later OS on it, wont work as the speed of processing does not match (too fast for) the attached equipment.

https://community.spiceworks.com/topic/1282903-windows-2000-on-new-hardware

The link above shows some of the challanges of working with older equipment, sometimes the hardware interfaces etc... are obsolete and not compatible with modern equipment

Hibernicis

Hibernicis wrote: »

On the off chance that any HSE ICT people are reading this thread I'd just like to say that there are a lot of ICT people around the country who fully understand the nightmare you are working through, the joy you feel every time another server comes up clean, the fear you feel that the next one might just be the one that brings it all tumbling back down again, the strain of 12/14/16/18 hour days. Pay no attention to the many experts here and on twitter etc giving us the benefit of their scant knowledge and very dubious expertise.

There are a lot of us rooting for you and truly hoping for your sake and for ours that it all works out.

Great post. Great job OP.



To be honest any HSE ICT people are working and sleeping. Doubt they have time for boards. But in weeks to come, should they have a look on this thread I'd like to echo these sentiments.

dingding

dingding wrote: »

Worked on a bit of hardware that ran OS2 Warp back in the late 90's.

Not actually possible to upgrade it, and they were eventually replaced.

Sometimes with hardware designed for a certain operating system it is not possible to upgrade.

Sometimes even upgrading the attached PC and installing a later OS on it, wont work as the speed of processing does not match (too fast for) the attached equipment.

Yeah I did a pen test for a SCADA client a few years ago(4-5 not 20 years ago). They had this massive bit of machinery ran by a windows NT system. I suggsted we run NT inside a VM, so backup/resets/ would be much easier. I set it up for them aaaand, it didn't work. I spent three days trying to get it to work and had to give up. In the end I recommended they get never-used old hardware, install NT on it and firewall the bejaysus out of it. As far as I know, its still running.

Flinty997

Used to be microcode that was processor specific. We moved most of ours to VMs eventually. But I've worked in many places with legacy gear that was in use for 20yrs or more. Often the delay was working groups that took years to make decisions. By the time they did make a decision the proposed solution would be obsolete and they'd start over. Or funding window had expired. So they'd reapply.

Anyway this talk of legacy systems could be entirely irrelevant to the current issue. It's just swapping stories from the BOFH.

TomOnBoard

Turtwig wrote: »

That's overkrill.

Gillty as charged!

10000maniacs

Can scarcely believe they had xp and Win7 machines hooked up to their network.
Bin them and get Win 10 everywhere.
They need to get a corporate license for Solarwinds SEM.

zom

10000maniacs wrote: »

They need to get a corporate license for Solarwinds SEM.

If not Israel, then t will be Russia
https://www.crn.com/news/security/fireeye-us-federal-agencies-hacked-through-solarwinds-report

10000maniacs

10000maniacs wrote: »

Can scarcely believe they had xp and Win7 machines hooked up to their network.
Bin them and get Win 10 everywhere.

A network I worked on recently had two Windows 2003 systems. Though they were on their own VLAN, so you'd have to compromise a load of networking gear to get onto them. The Cost/Benefit ratio was too low for them to be worth hacking.

10000maniacs wrote: »

They need to get a corporate license for Solarwinds SEM.

You must have missed the Solarwinds hack from a few weeks ago. I spent a weekend talking about Solarwinds when it happened. Its still a bit of a dirty word around here.

Ubbquittious

10000maniacs wrote: »

Can scarcely believe they had xp and Win7 machines hooked up to their network.
Bin them and get Win 10 everywhere.
They need to get a corporate license for Solarwinds SEM.

Nah they should just use Linux

magicbastarder

Deleted User wrote: »

They had this massive bit of machinery ran by a windows NT system.

i know of pre-NT systems still in use. not networked, thanks be to the hand of god.
thankfully nothing i've any responsibility for. i can't comprehend how they might deal with a hardware failure.

reminds me of the decades old laptops mclaren (used to?) maintain to manage the mclaren F1 road cars.

Grab All Association

Microsoft is still supporting Windows 7 for a price. Probably would have still have happened if the HSE had migrated to Windows 10. It isn’t cost effective yet for the HSE to migrate to Windows 10.

I expect the amount of patient information stolen to be very limited. Mostly likely administrative, payroll, accounts etc. Majority of patient information is usually held locally in whatever region you live in.

Living in Thurles (HSE MW) I know this very well. You usually in emergency get taken to Clonmel A&E (HSE SE) by ambulance as I have, they don’t have any access at all to your medical history stored in Nenagh/UHL. They provide you with whatever care needed and if any further follow up care is needed, this is faxed to Nenagh/UHL. This was as recent as 2020.

magicbastarder

the article is five years old:
https://www.theverge.com/2016/5/3/11576032/mclaren-f1-compaq-laptop-maintenance

worth noting - this is to maintain a car which actually makes money for mclaren. for example, it costs $50k for a replacement of tyres under warranty on the car. the systems maintained by the HSE are not revenue generating, unlike these laptops.

Green Peter

I'm going to Curry's tomorrow to meet some of the cyber experts on here in person. I expect to be sold Norton's.

Triangle

Quote: 10000maniacs
Can scarcely believe they had xp and Win7 machines hooked up to their network.
Bin them and get Win 10 everywhere.


Shows a very basic knowledge of large corporations. They often have hundreds of applications, all of which work off different platforms.
The future might be different with windows 10 being the final version. But those legacy systems....... Some don't have upgrades..

Wanderer78

Triangle wrote:

Shows a very basic knowledge of large corporations. They often have hundreds of applications, all of which work off different platforms. The future might be different with windows 10 being the final version. But those legacy systems....... Some don't have upgrades..

Yea, large organisations can be a bit of a disaster, with loads of customisation, updating must be a nightmare

RogerThis

Really interesting pdf about "CONTI Modus Operndi and Bitcoin Tracking" with the conversation between Conti and the victim. It took them over 2 weeks to pay and had negotiated the ransom payment down from $8.5 million to $450k.

https://www.clearskysec.com/wp-content/uploads/2021/02/Conti-Ransomware.pdf

seamus

Triangle wrote: »

Shows a very basic knowledge of large corporations. They often have hundreds of applications, all of which work off different platforms.
The future might be different with windows 10 being the final version. But those legacy systems....... Some don't have upgrades..

And in a corporate context I tend to go for the "upgrade it ta ****" approach, which is to say that none of your corporate apps are so important that you need to stay on a really old OS version. There's always an alternate or a workaround.

You can't say the same for hospital systems though. The story of Therac-25 is told in virtually every software engineering course. Hospitals aren't slow to upgrade just because they don't want to spend money (that is part of it though). It's because proven software is better than new software when it comes to patient safety.
I have no doubt some of these WinXP machines are doing little more than running an old MS Access application. But some are also operating sensitive and dangerous equipment.

OMM 0000

Companies need to start taking cybersecurity seriously.

They can continue making whatever excuses they want ("we need to use Windows XP") but at some stage they're going to have to join the real world.

johnmcdnl

The Waikato District Health Board in New Zealand has been targeted today with a ransom ware attack. Signs are that it's the same type of attack but no confirmation about who is responsible or is it linked to the HSE attack just yet. It won't be surprising to see more of these attacks elsewhere I guess in the short term.

https://www.rnz.co.nz/national/programmes/checkpoint/audio/2018795973/waikato-dhb-not-certain-how-long-before-cyber-attack-fixed