Ransomware & HSE

B2021M

jmayo wrote: »

I would say if the Israeli health service was hit they would exact retribution.

The West has gotten soft.
The leaders spend more time pandering to eejits on social media than actually doing what is right for their citizens and long term good.

Worst still the US elected a numbnuts that basically apologised to Putin for US services investigating Russia's involvement in hacking an election.
Well he had benefited so I suppose he couldn't do otherwise.

How any patriotic American could vote for him is mind boggling and shows how stupid most of them really are.

The major players in Western Europe are beholden to Russia for energy when really they should be looking at alternatives.

I believe the next war is already here and it is being fought in cyberspace.

And the West is getting it's ass handed to it at the moment.



If you want to hurt China just stop investing there and ordinary people stop buying their shyte.
Nah consumers want their cheap sh** and corporations want their massive profits and call the shots.

China was nowhere before we started getting everything made there.



Would remind one of bertie complaining about the mess made by biffo. :rolleyes:

The West is about to learn a big lesson. It has become way too soft and spends far too much on 'social' issues instead of protecting their economies and security which is far more important for a citizen's wellbeing in the long run.

We are such an immature country...spend days or weeks debating issues that affect tiny proportions of people instead of governing for the majority.

seamus

Cordell wrote: »

Maybe I've seen too many spy films but imagine this: someone that is apparently happily married had treatment for gonorrhoea that they didn't get from their spouse. They are working for a MNC or western embassy. They can be approached by someone that will handle them an USB drive telling them to plug it into a coworker computer or else.
The seriousness of this kind of data theft cannot and should not be underestimated.

You've seen too many spy movies

At that level of espionage/politics you don't need a hacked public health system to get access to that kind of data.

It could be used, but it's unlikely to lead to a sudden surge in sales of trenchcoats and USB keys. If that individual was a target, then the information will be obtained one way or another.

As we saw from the recent revelation that the Dept. of Health was hold dossiers on autistic children, you could get someone's doctor to reveal very private information about them with a well-written email or convincing phone call.

flask_fan

In order to use some microsoft provided extensions to visual studio on a windows laptop the application must be run as an administrator.

Ash.J.Williams wrote: »

Attacks are a fact of life, to mitigate future attacks means ensuring the threat is contained.

Enterprise Users cannot have any special permissions on their devices

Remove the admin accounts and replace with temporary access for the IT dept to work in equipment which expires after a predefined period (hours)

Adopt the purdue model as best as possible

Machines out of support or unpatched for a specific reason need to be risk assessed and segregated to a safe zone.

Cost; lots and lots of new switches firewalls and consultants. It’s not rocket science anymore because these threats are a fact of life that we have to live with

Why ? Who cares about palliative care records. Interesting that's what they shared as the dead have no right to privacy.

VinLieger wrote: »

Jesus, now im on board with them paying if indeed they did get the data

plodder

Seth Brundle wrote: »

Centralise all of the government IT systems?

Only effect would be complete government shutdown when this happens.

flask_fan

Why's that? GDPR or something.
Into every life a little rain must fall and attitudes to medical confidentiality in Ireland are ridiculous.

We'll just have to suck it up.

Gael23 wrote: »

If there are questions over the security of confidential patient files then I dont believe they can avoid paying the ransom

Ash.J.Williams

VinLieger wrote: »

Jesus, now im on board with them paying if indeed they did get the data

Don’t be silly

Ash.J.Williams

flask_fan wrote: »

In order to use some microsoft provided extensions to visual studio on a windows laptop the application must be run as an administrator.






Why ? Who cares about palliative care records. Interesting that's what they shared as the dead have no right to privacy.

Users won’t have these rights when the hse is recovered so that’s that

Ash.J.Williams

Roger_007 wrote: »

Why is it always assumed that it’s Russians who carry out these cyber attacks. Are there no other cyber criminals anywhere else in the world?

From my own experience I’d start with Russia but yes Keep all options open

Tij da feen

archfi wrote: »

Eamon Ryan was on Morning Ireland and he flatout said the National Cyber security Centre was adequately funded (5m) and the salary for it's vacant position of Director had been increased (reports said it was 89k a year) Someone had been lined up but it fell through.
He said HSE has a 203 million budget for IT (I didn't catch whether that was just for security or totality of IT)

89k is a pitiful amount for that role. I know people working in security companies earning 120k plus working as Security Engineers (red teams and such) - never mind manager or director level roles.

CoBo55

[Deleted User] wrote: »

No mostly windows 7 though which is also end of life

No it isn't, updates are still being provided by ms but they have to be paid for. Many places like doctors surgeries, chemists etc are using W7 and it's years out of date as they just ignore that little shield, they're an accident waiting to happen too. Most ordinary homes like my own are better protected than many businesses. I dug a virus out of a local photographers desktop, every photograph he had was in that hard drive, no back up's nothing!!! I couldn't believe he was so blasé about it, it was a kick in the hole he deserved he damn nearly lost everything. People's ignorance regarding computer security is mind boggling tbh.

SimonTemplar

The HSE would have detailed patient notes for mental health issues. Obviously those would be very private and sensitive including very personal details discussed with the doctor or psychiatrist. It would be very distressing for some people of those were released.

Alun

Ash.J.Williams wrote: »

From my own experience I’d start with Russia but yes Keep all options open

Seems the most likely source based on my firewall logs. China, NK and a few other countries are also the source of many cyber attacks, but these are probably politically motivated state sponsored attacks rather than criminal ones.

hmmm

seamus wrote: »

The release of such data might be embarrassing, but largely inconsequential for most people.

No mainstream website is going to publish the data and will remove it if anyone tries to share it. The hackers aren't just going to throw it up open on bittorrent for anyone to download - they're going to try and sell it to make money.

This is it. Don't compound this by handing over 20 million to criminals who are going to pocket the money and sell on the data anyway.

It'll be up on a darkweb site. The newspapers are going to have a field day, but they wouldn't dare publish anything sensitive by going digging. Almost no-one is going to see it however. It'll be used potentially for other scams/blackmails by criminals which is the real danger.

It's incredibly unfortunate, but the data is gone. Handing over money would add insult to injury.

Cuddlesworth

archfi wrote: »

He said HSE has a 203 million budget for IT (I didn't catch whether that was just for security or totality of IT)

He also said it had increased 2 years ago from around 100million like that was a good thing. If you have to double your yearly IT budget, you have been underfunding it for a very long time. And its not like throwing money at anything would solve that problem. If you have ignore it for years, it will take years to fix.

Cuddlesworth

hmmm wrote: »

This is it. Don't compound this by handing over 20 million to criminals who are going to pocket the money and sell on the data anyway.

It'll be up on a darkweb site. The newspapers are going to have a field day, but they wouldn't dare publish anything sensitive by going digging. Almost no-one is going to see it however. It'll be used potentially for other scams/blackmails by criminals which is the real danger.

It's incredibly unfortunate, but the data is gone. Handing over money would add insult to injury.

This group and others make their money by getting paid. You don't get paid by doing the things that would stop you getting paid in future attacks.

Gael23

flask_fan wrote: »

Why's that? GDPR or something.
Into every life a little rain must fall and attitudes to medical confidentiality in Ireland are ridiculous.

We'll just have to suck it up.

Because in some situations like mental health files contains very sensitive and private information that should be kept strictly confidential

flask_fan

Gael23 wrote: »

Because in some situations like mental health files contains very sensitive and private information that should be kept strictly confidential

In theory.

eastie17

B2021M wrote: »

The West is about to learn a big lesson. It has become way too soft and spends far too much on 'social' issues instead of protecting their economies and security which is far more important for a citizen's wellbeing in the long run.

We are such an immature country...spend days or weeks debating issues that affect tiny proportions of people instead of governing for the majority.

You are presuming that there aren't ongoing relatilatory cyber attacks going on against Russia and other countries.

Off topic, we are already in a bit of a phony war, there has been a significant number of military drills going on by Nato on the borders with Russia over the past 6 months and this has ramped up even further recently.
Last Friday 1750 US 82nd Airborne soldiers parachuted into Estonia directly from their base in Fort Bragg, forming up close to the border with Russia. Thats about a 5 hour drive from Moscow.
I presume, but have no insight that the intelligence NATO is getting is that Russia may be gearing up for some sort of repeat of the Ukraine stunts in some of the other countries in that area.
https://www.stripes.com/news/europe/paratroopers-jump-into-estonia-during-complex-but-awesome-nighttime-drill-1.672721#:~:text=Paratroopers%20from%20the%2082nd%20Airborne,each%20other%20and%20their%20allies.

Roger_007

Roger_007 wrote: »

Why is it always assumed that it’s Russians who carry out these cyber attacks. Are there no other cyber criminals anywhere else in the world?

They've identified the group who did it. They are based in St Petersberg.

Its not an assumption, its fact.

runawaybishop

Cuddlesworth wrote: »

This group and others make their money by getting paid. You don't get paid by doing the things that would stop you getting paid in future attacks.

Why do people keep saying this, the vast majority of people that pay do not get their data back.

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back
https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/?sh=2bab3225e0c7

Even if they paid and got the data back they still have to rebuild their systems

Also that data is probably already sold on and shared.

Ash.J.Williams

Tij da feen wrote: »

89k is a pitiful amount for that role. I know people working in security companies earning 120k plus working as Security Engineers (red teams and such) - never mind manager or director level roles.

I’d expect that salary as a security team member. In reality the entire network should be outsourced to the experts . Putting a security team together is ridiculous at that level.

Cuddlesworth

Ash.J.Williams wrote: »

I’d expect that salary as a security team member. In reality the entire network should be outsourced to the experts . Putting a security team together is ridiculous at that level.

Cybersecurity is not networking nor is it network security. And outsourcing is never good in the long term.

Ash.J.Williams

Gael23 wrote: »

Because in some situations like mental health files contains very sensitive and private information that should be kept strictly confidential

As a famous boxer once said paraphrased “all your plans go out the window when you get a smack in the jaw”

The hse got its smack in the jaw and all silly notions of confidentiality are gone now until they are rebuilt and secured

plodder

SimonTemplar wrote: »

The HSE would have detailed patient notes for mental health issues. Obviously those would be very private and sensitive including very personal details discussed with the doctor or psychiatrist. It would be very distressing for some people of those were released.

I wonder how likely that is. Seems to me that if such records were being uploaded anywhere then they would have to be encrypted by the clinician, to prevent such misuse.

Cordell

realdanbreen wrote: »

Out of curiousity, and asking for a friend, how long does the treatment take ?

Tell your...ahem...friend that you're in a lot of trouble

Ash.J.Williams

Cuddlesworth wrote: »

Cybersecurity is not networking nor is it network security. And outsourcing is never good in the long term.

What if your cyber security fails? Then it’s down to your network to limit the damage, both failed in this case . They both need investment.

The hse can’t do this without outsourcing

Cuddlesworth

runawaybishop wrote: »

Why do people keep saying this, the vast majority of people that pay do not get their data back.

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back
https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/?sh=2bab3225e0c7

Even if they paid and got the data back they still have to rebuild their systems

Also that data is probably already sold on and shared.

Forbes is a blog site, Sophos exists to sell security products and the majority of ransomware floating around isn't this specific and linked to larger groups.

Bot1

How true would some of the claims be that WFH facilitated this attack?

Cuddlesworth

Ash.J.Williams wrote: »

What if your cyber security fails? Then it’s down to your network to limit the damage, both failed in this case . They both need investment.

The hse can’t do this without outsourcing

Networks don't exist to limit damage, networks exist to provide communication channels.

And while armchair experts can throw out words like network and firewalls, cybersecurity is inclusive of those areas and many others. Its a framework to limit risk and limit potential damage. The HSE saying the network was turned off is basically saying every other option and mitigation had been bypassed.

thomas 123

Bot1 wrote: »

How true would some of the claims be that WFH facilitated this attack?

If the HSE did not provide proper software and oversight it could have contributed for sure.

Just know WFH was not the problem, it was how they did it(if that ends up being the case).