NHS cyber attack was likely due to its ageing IT network
The cyber-attack on the National Health Service in the UK was probably due to its ageing IT network and the fact that it had not applied a patch for the so-called WannaCry malware that is thought to be responsible.
The WannaCry malware attacks the Microsoft Windows operating systems and encrypts files on the user’s computer, blocking them from view. The so-called ransomware holds the files to ransom, demanding money via an on-screen message to restore the user’s ability to access their files again.
In this case the demand for payment reportedly only amounts to $300 in the virtual currency, Bitcoin, to unlock the files. This strongly suggests that the hackers did not specifically target the NHS, but that the virus, which is usually spread by e-mail, ended up in the NHS system by chance and then started to spread within it.
Many other organisations worldwide have also been affected by the attack, including Spanish utility firms, a Swedish local authority, an Italian university and even the Russian Interior Ministry. It is not a coincidence that many of the networks affected by WannaCry are public sectors systems. These are much more likely to be vulnerable to a simple malware attack because of basic system weaknesses.
I have spoken to Adam Blake, CEO of leading edge behavioural monitoring solution, ThreatSpike, about this incident and what he told me was that:
"The WannaCry worm took many organisations by surprise, rapidly propagating through their networks whilst in the process encrypting their data and demanding payment. On the face of it, this is a disastrous situation that heavily impacts the reputation and ability of companies to do business. This was however an entirely preventable situation - Microsoft had released the patch for Windows that prevented infection and the worm spread via the network, taking advantage of the fact that 2.3 million machines still expose their server message board service to the Internet.
“It is important that companies continue to manage their security hygiene, ensuring that not only do they run the essential security technologies, but that they also implement good practice security processes and design. Companies should constantly review the entry paths into their networks and conduct threat modelling, as well as red team exercises, to ensure they are aware of where threats may come from so they can proactively safeguard against them. Malware like WannaCry is now a fact of life, but luckily the spread in this case was prematurely prevented by the discovery of a kill switch. Such mistakes may not be made next time, so companies need to take appropriate steps now to ensure their systems are adequately protected."
It is important to note that this is not a threat that simply scans internal ranges to identify where to spread, it is also capable of spreading based on vulnerabilities it finds in other externally facing hosts across the internet. Organisations should ensure that devices running Windows are fully patched and deployed in accordance with best practices. Additionally, organisations should have SMB ports blocked from all externally accessible hosts.
To effectively protect your system you need not only to apply patches rigorously, but also to take steps to identify the vulnerabilities within your system both from the outside and the inside. Penetration testing solutions, such as Cronus, will identity the vulnerabilities in your systems to external cyber attacks. Behavioural monitoring solutions, like ThreatSpike, will identify suspicious activity within your network that might indicate someone inside your organisation is acting negligently or maliciously.
Transputec can provide both of these solutions quickly and easily through our Cyber Security as a Service provision. We can also use them to complete a full cyber risk assessment audit on your networks. Don’t wait until you are held to ransom before you take steps to protect yourself.
Head of Cyber Security, Transputec