PDA

View Full Version : Largest Cyber Attack in History?



BoogyMan
05-12-2017, 05:10 PM
A massive ransomware attack has been encrypting people's files with abandon all over the world today. Over 1000 organizations have been affected so far including the British NHS and Fedex. Researchers writing about the Wcry ransomware that is delivered in the attack claim that the delivery mechanism is part of the leaked NSA toolkit stolen by the hacking group The Shadow Brokers. The exploit leverages a vulnerability in the Microsoft Windows OS that was patched in March of this year.


A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent ShadowBrokers dump.

Researchers at Kaspersky Lab said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, the codename for an exploit made public by the mysterious group that is in possession of offensive hacking tools allegedly developed by the NSA.


EternalBlue is a remote code execution attack taking advantage of a SMBv1 vulnerability in Windows. Microsoft patched the vulnerability on March 14, one month before the exploit was publicly leaked. Spain’s Computer Emergency Response Team, Kaspersky Lab, and others are recommending organizations install MS17-010 immediately on all unpatched Windows machines....

https://threatpost.com/leaked-nsa-exploit-spreading-ransomware-worldwide/125654/

If you have not patched your Windows machines, now it the time to get it done. Also, if you are not sure of the provenance of an email or are not sure if you should click links in an email, don't.

Safe surfing all.

KarlMarx
05-12-2017, 07:17 PM
If anything should be a lesson from the WikiLeaks episode during the election it's this, never click on links in an email. The reason why the DNC's emails were made available by WikiLeaks was because Podesta had a bad habit of clicking on links in emails. He therefore infected the DNC network with malware that made it available to outside hackers.

If you should receive an email from a person you know with such a link, contact them first to be sure that they actually sent it to you. This may be stating the obvious but never open up attachments in emails either.

You should always keep your patches up-to-date on your machine. Many times they are security updates that are needed to protect your machine.

To protect yourself from ransomware, regularly back up your data to an external hard drive or to a cloud service such as iDrive. This way if you should be infected with ransomware, You will be able to rebuild your machine and tell the hackers to go impale themselves.


Sent from my iPhone using Tapatalk

KarlMarx
05-12-2017, 07:23 PM
Oh and by the way, consider downloading MalwareBytes on your Windows machine. I scan my machine every time I'm finished surfing the web. I think it's an excellent product, it was able to remove a particularly nasty virus from my machine that Norton could not.

Another thing that you may consider is do not run as an administrative user on your Windows machine. Instead set up two accounts, One standard user and one administrative user. Use the standard user for your every day tasks. Use the administrative user only when you want to install Applications on your machine. Viruses and malware usually cannot be installed unless you are running as an administrative user. This may be a pain in the butt but it may save you from a lot of heartache in the end.


Sent from my iPhone using Tapatalk

KarlMarx
05-12-2017, 07:30 PM
One more thing, and this is the last one I promise. Regularly change passwords on all your online accounts! Passwords should be made up of mixed case letters, numbers, and special characters.

Use a password vault products such as password safe, last pass, Dash Lane etc. to store your passwords. Never use the same password twice on accounts.


Sent from my iPhone using Tapatalk

BoogyMan
05-12-2017, 09:14 PM
Well said, Karl!

aboutime
05-12-2017, 09:26 PM
I suspect this attack was just a test. If the people who did this could do all that they did. What's to stop them from trying a few more times?

We all should know by now. A major attack like this, combined with a Power Grid attack can have deadly results. Look at how dependent WE AMERICANS are for Electricity.
Take away our ability to communicate with all the TOYS, and WE FLOUNDER into devastation.

KarlMarx
05-13-2017, 06:00 AM
A few things that many of these sites could do to prevent this sort of thing from happening. Many of these are already being done internally in many corporations.

1. Implement two factor authentication (you enter your password, a numeric code is sent to your cell phone or email, you enter the code to complete authentication)

2. Expire passwords after 6 months, so people will be forced to change their passwords on a regular basis

3. Delete accounts that have been inactive for a period of a year or more.

These three simple things would curtail the number of cyber attacks that we are seeing.

pete311
05-13-2017, 09:33 AM
Windows patched this problem back in March. If you are up to date, there is no reason to worry

Kathianne
05-13-2017, 09:45 AM
Windows patched this problem back in March. If you are up to date, there is no reason to worry
Unfortunately many of the computers affected were older than the patch would work for, i.e., NHS computers in great number. It seems the group taking credit has been tied to the Russian government, actually sending a message to Trump.

http://www.telegraph.co.uk/news/2017/05/12/russian-linked-cyber-gang-shadow-brokers-blamed-nhs-computer/

Tyr-Ziu Saxnot
05-13-2017, 10:00 AM
Unfortunately many of the computers affected were older than the patch would work for, i.e., NHS computers in great number. It seems the group taking credit has been tied to the Russian government, actually sending a message to Trump.

http://www.telegraph.co.uk/news/2017/05/12/russian-linked-cyber-gang-shadow-brokers-blamed-nhs-computer/

My question would be why would such a group identify their location by sending information and tying themselves to Russia.
My first guess is that they are not Russian and that was a deliberate false trail laid.
One that helps wit this Russian/Trump narrative the left/dems have been so keen on..
IF THEY ARE SMART ENOUGH TO DO THE DEED THEN THEY ARE DAMN SURE SMART ENOUGH TO NOT BY--ACCIDENT/MISTAKE--SEND A MESSAGE THAT CAN BE TRACED BACK TO WHERE THEY ARE OPERATING.
The fact that this group did such, seems to indicate they want it known they are Russian based.
Questions then becomes are they actually Russian, are they actually there --or is it a false trail.???
One that serves a political purpose and tarnishes by association Trump.....
This world(especially USA) is now being attacked by highly organized and highly dedicated propagandist rom many nations, sources, political groups, creeds and religions.
I question every fit proclamation of who did it and where they hail from..
I now question, if our government source that claims they are Russian actually lied to cover who they truly are..--Tyr

Kathianne
05-13-2017, 10:03 AM
Tyr, you may be correct, though the widespread use of conspiracy theories just leaves as much doubt as you raise.

I agree though, that the only way to actually find out what has happened regarding this attack and others is to continue the investigations by DOJ and even the House and Senate committees. We do deserve to find out and do whatever possible to avoid repeats.

Drummond
05-13-2017, 10:12 AM
As has been mentioned already, the British National Health Service was hit by this .. quite badly, by all reports. English and Scottish NHS Trusts were hit, with the result that at the worst affected hospitals, operations had to be cancelled, arriving patients turned away, and patient records became inaccessible (though there are also reports of some Trusts deciding to pay the ransom demanded). Needless to say, it's being turned into an attack on the Conservative Government, the spin being that the Conservatives did too little to invest in the NHS infrastructure over recent years, so, needed updates were ignored. [Since we're into the run-up to a General Election, this has been a propaganda gift for the Socialists here !]

It seems that many if not most of our hospitals, if you can believe it, were still relying on the old Windows XP !! For my part, I had reason to visit a Welsh hospital several months ago (just for a few hours). I was able to recognise then that they were still using Windows 7.

I've not seen reports of Welsh hospitals hit ... maybe Win 7 was protection enough against this attack ?

It proves the point, though ... of the great need to be as up to date with what you use, and as security conscious, as you possibly can be.

Kathianne
05-13-2017, 10:45 AM
As has been mentioned already, the British National Health Service was hit by this .. quite badly, by all reports. English and Scottish NHS Trusts were hit, with the result that at the worst affected hospitals, operations had to be cancelled, arriving patients turned away, and patient records became inaccessible (though there are also reports of some Trusts deciding to pay the ransom demanded). Needless to say, it's being turned into an attack on the Conservative Government, the spin being that the Conservatives did too little to invest in the NHS infrastructure over recent years, so, needed updates were ignored. [Since we're into the run-up to a General Election, this has been a propaganda gift for the Socialists here !]

It seems that many if not most of our hospitals, if you can believe it, were still relying on the old Windows XP !! For my part, I had reason to visit a Welsh hospital several months ago (just for a few hours). I was able to recognise then that they were still using Windows 7.

I've not seen reports of Welsh hospitals hit ... maybe Win 7 was protection enough against this attack ?

It proves the point, though ... of the great need to be as up to date with what you use, and as security conscious, as you possibly can be.

Yes, that appears to be the case. A point I'm sure of why the single payer may not be the best way to go, no incentives or $$ to keep up-to-date. It wasn't a matter of their not being maintained, the problem was the age.

Tyr-Ziu Saxnot
05-13-2017, 10:49 AM
Tyr, you may be correct, though the widespread use of conspiracy theories just leaves as much doubt as you raise.

I agree though, that the only way to actually find out what has happened regarding this attack and others is to continue the investigations by DOJ and even the House and Senate committees. We do deserve to find out and do whatever possible to avoid repeats.

That is the worst part--they may be telling the truth and it is Russian based --but may not be from Russian government--which they may be leaving out that info--for certain reasons..
Truth is we citizens are always the last to know, and that is if we ever truly know.
Majority of citizens do not even care as they race through life hellbent on fulfilling personal desires, attaining great wealth or (fame) and indulging in self-pleasures..
The thought that a highly educated and greatly informed citizenry is important to the ability to survive as a nation is no longer taught in schools.
And that is by design too..-Tyr

Kathianne
05-13-2017, 10:57 AM
That is the worst part--they may be telling the truth and it is Russian based --but may not be from Russian government--which they may be leaving out that info--for certain reasons..
Truth is we citizens are always the last to know, and that is if we ever truly know.
Majority of citizens do not even care as they race through life hellbent on fulfilling personal desires, attaining great wealth or (fame) and indulging in self-pleasures..
The thought that a highly educated and greatly informed citizenry is important to the ability to survive as a nation is no longer taught in schools.
And that is by design too..-Tyr

Quite correct, which is why it's very important to keep a free media, in spite of their biases. It's also imperative to keep the balance of powers healthy, which is why they must keep up investigating what really happened, even if they cannot disclose every detail.

Drummond
05-13-2017, 12:01 PM
As has been mentioned already, the British National Health Service was hit by this .. quite badly, by all reports. English and Scottish NHS Trusts were hit, with the result that at the worst affected hospitals, operations had to be cancelled, arriving patients turned away, and patient records became inaccessible (though there are also reports of some Trusts deciding to pay the ransom demanded). Needless to say, it's being turned into an attack on the Conservative Government, the spin being that the Conservatives did too little to invest in the NHS infrastructure over recent years, so, needed updates were ignored. [Since we're into the run-up to a General Election, this has been a propaganda gift for the Socialists here !]

It seems that many if not most of our hospitals, if you can believe it, were still relying on the old Windows XP !! For my part, I had reason to visit a Welsh hospital several months ago (just for a few hours). I was able to recognise then that they were still using Windows 7.

I've not seen reports of Welsh hospitals hit ... maybe Win 7 was protection enough against this attack ?

It proves the point, though ... of the great need to be as up to date with what you use, and as security conscious, as you possibly can be.

An update on our own situation, in case anyone's interested ... from what I've just seen, 48 English NHS Trusts (of 248) were hit. I don't know the number for Scotland. Most have recovered (quite what this means, I'm uncertain ... there was one report of some, hopefully a minority, choosing to pay the ransom demand !)... five are still trying to get back to normal, at time of typing (this apparently includes a major London hospital .. St Bartholomew's).

KarlMarx
05-13-2017, 06:21 PM
An update on our own situation, in case anyone's interested ... from what I've just seen, 48 English NHS Trusts (of 248) were hit. I don't know the number for Scotland. Most have recovered (quite what this means, I'm uncertain ... there was one report of some, hopefully a minority, choosing to pay the ransom demand !)... five are still trying to get back to normal, at time of typing (this apparently includes a major London hospital .. St Bartholomew's).

I hope the authorities are able to catch up with these monsters and give them a nice long noose to hang from. These bastards may have yet to manage to kill someone by this stunt but, then, only time will tell

I think the world needs to take this shit seriously. Especially the companies that run websites.

My guess is that we'll all be getting a notice or two in our email from the websites we have accounts with that "enhanced security features" will be implemented....

I know that the Social Security Administration and a few financial services have already begun to implement two factor authentication.

Drummond
05-14-2017, 01:13 AM
I hope the authorities are able to catch up with these monsters and give them a nice long noose to hang from. These bastards may have yet to manage to kill someone by this stunt but, then, only time will tell

I think the world needs to take this shit seriously. Especially the companies that run websites.

My guess is that we'll all be getting a notice or two in our email from the websites we have accounts with that "enhanced security features" will be implemented....

I know that the Social Security Administration and a few financial services have already begun to implement two factor authentication.

Thanks for this.

We had an update ... the five remaining hospitals still affected became six (perhaps one presumed 'clean-up' failed to take ? I don't know ..). The total of hospitals hit for England was 48 ... another report said that a further thirteen were hit in Scotland.

The one piece of 'good' news coming out of all of this was a report saying that there'd been no evidence of any of the encrypted records - beyond the fact of their encryption - being compromised. Though this begs the question ... what if another aspect of any further attack (a more targeted one) became one of patient record ALTERATION, maybe as a reprisal against late payment ?