Ransomware & HSE

ineedeuro

kippy wrote: »

I've not said they are wrong.
You have no clue what is involved in patching software of any description - NONE, let alone in complex organisations.
You're obsession with it is comical at this stage.

So you are saying vulnerability management is not important?

kippy

ineedeuro wrote: »

So you are saying vulnerability management is not important?

Where have I said vulnerability management is not important?
Do you need some help?

ineedeuro

kippy wrote: »

Where have I said vulnerability management is not important?
Do you need some help?

No need to try and be condescending on every post
It’s not my fault you don’t understand what risk based vulnerability management is.

kippy

ineedeuro wrote: »

No need to try and be condescending on every post
It’s not my fault you don’t understand what risk based vulnerability management is.

Yeah, I haven't a clue really.

ineedeuro

kippy wrote: »

Yeah, I haven't a clue really.

Thanks, we finally got there in the end. Plenty of articles to read, very interesting.(if you like that sort of thing)

ineedeuro

ineedeuro wrote: »

Thanks, we finally got there in the end. Plenty of articles to read, very interesting.(if you like that sort of thing)

I'd say that the closest you get to working in I.T. is making the tea.
Best of luck with the Cybrary courses you'll need it.

Wombatman

ineedeuro wrote: »

Give gartner and all the other analyst a shout and tell them they are wrong

I’m sure they will listen

Give Dunning and Kruger a shout and tell them they are wrong.

Corruptedmorals

The Sunday night dread of facing into another week of manual "systems", pen and paper and increasingly frustrated patients. The longer it goes on the worse it gets and harder to deal with.

ineedeuro

DubInMeath wrote: »

I'd say that the closest you get to working in I.T. is making the tea.
Best of luck with the Cybrary courses you'll need it.

Oh dragging post from other forums.
Don’t worry mate I will do ok

mrjoneill

HalfAndHalf wrote: »

It’s all a bit irrelevant discussing patch speed when Microsoft give themselves 90 days from exploit notification to patch release. That’s 3 months of free reign while you’re waiting on a fix.

Patch could very well be chasing a "bolted horse"

plodder

HalfAndHalf wrote: »

It’s all a bit irrelevant discussing patch speed when Microsoft give themselves 90 days from exploit notification to patch release. That’s 3 months of free reign while you’re waiting on a fix.

I'd say most vulnerabilities are either found internally or are reported by people who agree not to disclose them publicly until after the patch appears. 90 days is not that long really considering the amount of work involved, even assuming the fix is simple.

zom

Not sure if mentioned, not very advertised news from last week:
CNA Financial, one of the largest insurance firms in the United States has reportedly paid hackers a staggering $40 million ransom:
https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack

Hotblack Desiato

Outrageous. Regulator should put them out of business over that.

HalfAndHalf

plodder wrote: »

I'd say most vulnerabilities are either found internally or are reported by people who agree not to disclose them publicly until after the patch appears. 90 days is not that long really considering the amount of work involved, even assuming the fix is simple.

A quarter of a year is not long for a manufacturer to plug a gaping security hole in their product that they charge a lot of money for......sorry but yes it is, especially as most shouldn’t be there in the first place and if it isn’t disclosed then you’re a sitting duck for 3 months.

HalfAndHalf

HalfAndHalf wrote: »

A quarter of a year is not long for a manufacturer to plug a gaping security hole in their product that they charge a lot of money for......sorry but yes it is, especially as most shouldn’t be there in the first place and if it isn’t disclosed then you’re a sitting duck for 3 months.

Vulnerabilities are nearly impossible not to introduce even with the best will in the world, that's just the nature of I.T. and coding even with the move to secure sdlc.

The poodle vulnerability for example resulted in a lot of work for some vendors to introduce tls 1 - 1.2 into their products and for it to be done so correctly, while also killing off sslv3.
Several vendors who already had tls 1 - 1.2 then started to receive reports of bugs in their implementation of tls that they had to address.

While poodle wasn't exactly a major vulnerability in that there were ways to mitigate it, even if specific servers or applications only supposed ssv3, the amount of work vendors undertook to either implement tls or fix their implementations would have exceeded 90 days on a regular basis. Would the same amount of time been taken even if those work arounds didn't exist, maybe not, but then the chances of introducing other potential issues would have increased.

plodder

HalfAndHalf wrote: »

A quarter of a year is not long for a manufacturer to plug a gaping security hole in their product that they charge a lot of money for......sorry but yes it is, especially as most shouldn’t be there in the first place and if it isn’t disclosed then you’re a sitting duck for 3 months.

I don't agree with that, but the main point is if it isn't disclosed (publicly) then you aren't really a sitting duck for three months, unless someone else discovers it independently. And you can be sure there could be plenty of undiscovered security bugs in most complex software systems.

Zero-days are a different story obviously and I would expect that bad ones would be fixed quicker. But, the point is that these issues normally affect multiple versions of a product and usually the fix has to be reviewed and tested separately for each one, and that takes time.

Cluedo Monopoly

Any update in where the HSE are at in terms of getting their core systems restored?

For what it's worth now, I heard from a tertiary source in tech, who would be in the better know than I, that the entire fiasco was caused by an inadvertent click on a phishing scam by an incredibly busy healthcare worker who was likely trying to speed through admin. An "accident waiting to happen".

ineedeuro

Deleted User wrote: »

For what it's worth now, I heard from a tertiary source in tech, who would be in the better know than I, that the entire fiasco was caused by an inadvertent click on a phishing scam by an incredibly busy healthcare worker who was likely trying to speed through admin. An "accident waiting to happen".

Of course this could be the case or just another part of the PR campaign.

Fact is after whoever clicked on it why did nothing happen to stop the hackers? how did the sit around on HSE networks for weeks with nobody aware? or the fact they got access to everything also has to be questioned.

Clicking on a scam can always happen, what is done to stop the exposure needs to be answered.

whippet

ineedeuro wrote: »

Of course this could be the case or just another part of the PR campaign.

Fact is after whoever clicked on it why did nothing happen to stop the hackers? how did the sit around on HSE networks for weeks with nobody aware? or the fact they got access to everything also has to be questioned.

Clicking on a scam can always happen, what is done to stop the exposure needs to be answered.

That almost sounds like a question from an opposition political party.

These ransom ware viruses are designed by extremely highly skilled software developers to do just exactly that. Gain entry via an inadvertent click by a single user - remain undetected on the network while exploring and exploiting any network path it can find and eventually spreading across as many services and data stores as possible before being launched.

Unless every laptop / desktop in the HSE is an isolated machine (which is pointless) of course it will spread.

However - there will be an investigation as to the resilience of the backup strategy etc

ineedeuro

whippet wrote: »

That almost sounds like a question from an opposition political party.

These ransom ware viruses are designed by extremely highly skilled software developers to do just exactly that. Gain entry via an inadvertent click by a single user - remain undetected on the network while exploring and exploiting any network path it can find and eventually spreading across as many services and data stores as possible before being launched.

Unless every laptop / desktop in the HSE is an isolated machine (which is pointless) of course it will spread.

However - there will be an investigation as to the resilience of the backup strategy etc

I think they should first investigate how they had no security controls in place at all to stop the spread across not just the HSE but also out into the hospitals.

ineedeuro

ineedeuro wrote: »

I think they should first investigate how they had no security controls in place at all to stop the spread across not just the HSE but also out into the hospitals.

I haven't been following. Are you an IT admin or something, like someone who runs servers?

Chris_5339762

kippy wrote: »

Gartner are great - but as with a lot of theory - putting it into practice is not as easily done.

Lets break this out a bit.
What is the acceptal lag between Microsoft releasing a securty related patch for Windows 10 and the verified installation of that patch on ALL devices running windows 10 in an organisation?
Say Microsoft release a patch tomorrow - when should that be on all devices?

Its a very difficult question. Medical devices can't simply be upgraded. EXTENSIVE testing has to take place before (to get a baseline) and after (to check the baseline hasn't changed) for every update. Do that repeatedly in a department with multiple clinical machines that already have 10 hours of patients scheduled for an 8 hour day.


Not to mention IT doesn't have the resources to do it, nor do the departments have the resources to do the extra testing this involves. Solution? Do it out-of-hours. Can staff have overtime for that? No. No overtime budget.


All a for instance as I'm not public service directly.



Its a nightmare.

Chris_5339762

biko wrote: »

Almost no one.
Most people don't even understand what airgapped really means. Even for techy people it's losing its original meaning.

I lost some music years ago - just a few hours worth when a hard drive went down.


I have all my files on Onedrive and a backup HDD that I only connect to do a backup. Then a second backup HDD to backup that one.


The only thing I don't have is fireproofing. If the house burns down I'm screwed.

Dempo1

Cluedo Monopoly wrote: »

Any update in where the HSE are at in terms of getting their core systems restored?

Just the regular nonsensical and meaningless Tweets from Paul Reid "we're making steady progress, gaining momentum etc" what the F*** does this actually mean, report on morning Ireland today, children's hospitals curtailing services. Actually I'm quite surprised this incident has by all accounts gone off the media radar. Almost three weeks into this, just shocking.

ineedeuro

Dempo1 wrote: »

Just the regular nonsensical and meaningless Tweets from Paul Reid "we're making steady progress, gaining momentum etc" what the F*** does this actually mean, report on morning Ireland today, children's hospitals curtailing services. Actually I'm quite surprised this incident has by all accounts gone off the media radar. Almost three weeks into this, just shocking.

Are you really surprised? after the initial burst with RTE running plenty of stories to tell us how great the HSE done it was dumped within a couple of days.
Even the fact patient data was leaked was left for over a week before anyone admitted.

The chances of getting an inquiry with information on what happened are slim. You will have bits coming out like post above which means people are less likely to try and blame someone.

Standard practise in Ireland, seems most people are more than happy with just letting the HSE carry on as if nothing happened till next time

whippet

ineedeuro wrote: »

I think they should first investigate how they had no security controls in place at all to stop the spread across not just the HSE but also out into the hospitals.

how do you know they have 'no security controls'

Do you have any insight to how the virus spread that you want to share with us ?

You do realize that the HSE / Hospitals are all connected ... otherwise it would be a useless system.

Hurlers on the ditch comes to mind

Dempo1

ineedeuro wrote: »

Are you really surprised? after the initial burst with RTE running plenty of stories to tell us how great the HSE done it was dumped within a couple of days.
Even the fact patient data was leaked was left for over a week before anyone admitted.

The chances of getting an inquiry with information on what happened are slim. You will have bits coming out like post above which means people are less likely to try and blame someone.

Standard practise in Ireland, seems most people are more than happy with just letting the HSE carry on as if nothing happened till next time

Yes I agree it is standard practice by all accounts. Witnessed first hand an A&E with someone during the week, not even xrays could be done, Blood test up to 6 hours. One elderly man was checked on a Sunday, suspected broken arm, xray required, advised to go home and come back in the AM for surgery, arrives back, no one and I mean no one knew who he was, files couldn't be found, no one had information on his case, nothing, 86 years old, travelled to the Midlands from Louth because its orthedpedics. Wild west stuff, I'm not blaming frontline staff but my god it was an eye opener.

ineedeuro

whippet wrote: »

how do you know they have 'no security controls'

Do you have any insight to how the virus spread that you want to share with us ?

You do realize that the HSE / Hospitals are all connected ... otherwise it would be a useless system.

Hurlers on the ditch comes to mind

The HSE has a network which connects everything and the hospitals also have a private network each. This is common knowledge. The virus spread across both.

If a hackers sits in your environment for weeks, gets to jump across networks, gets access not just to laptop but to equipment across entire hospitals do you think they have security controls in place?

ineedeuro

ineedeuro wrote: »

The HSE has a network which connects everything and the hospitals also have a private network each. This is common knowledge. The virus spread across both.

If a hackers sits in your environment for weeks, gets to jump across networks, gets access not just to laptop but to equipment across entire hospitals do you think they have security controls in place?

Stuxnet did massive damage to Iran's nuclear program. It sat on their network for weeks. Do you think Iran had security controls in place?