May 2017 Cyber Attack

I wrote to the Elmdon Neighbourhood Watch Community yesterday about this attack as follows:-

The catastrophic cyber attack that crippled many NHS trust systems on Friday 12th May helps us to understand how important it is to be disciplined about 

Internet security. Here are some notes I have made in the form of a Q&A.

How did this cyber attack happen? Ransomware criminals managed to implant software in affected computers which encrypted system data files (making the computer unusable) until a ransom
is paid to decrypt those files. Also they implanted a so called worm which carried the ransomware to all other computers on the same network - 
exploiting a known bug in Windows file sharing programs. Large networks in systems like the NHS are particularly vulnerable. Even small networks in your homes 
would be vulnerable. The attack was not aimed at the NHS specifically - the worst problems have been seen in Russia.

How did the criminals implant the rogue software?

It is probable that the attack started with a mass broadcast of emails with attachments containing the software - masquerading as an innocent .pdf, .doc or .jpg file. 
Any inattentive user, clicking on the attachment, would unwittingly implant the software and so trigger the launch around the network of the worm. 
It might have been one unfortunate individual or many - no one knows.

Why was the NHS so vulnerable?

For two reasons - 1) a large proportion of NHS computers still use Windows XP which has been unsupported by Microsoft for many years and the known bug 
would never have been patched and 2) NHS system administrators may have been less than diligent in applying patches. 
Different regions of the NHS outsource computer services to different companies hence the problems may have been confined to specific regions. 
As far as I know, our part of NE Essex and South Cambridgeshire has not been affected (though that might change).

What can we learn from this?

1) It reinforces the old advice that one must not click on attachments unless one is absolutely certain that the sender and the attachment are legitimate. 
How can one be sure? Quite difficult but better to be safe than sorry - ring them up perhaps to check. If the link is an invitation to log onto an account 
(BT is guilty of this) then log on directly, not via the link.

2) Always ensure that software updates are automatically applied - the operating system (Windows), Office, email and antivirus.

3) Stop using any software that is no longer supported (e.g. XP and VISTA) on any computer on your home network unless you know what you are 
doing - if you follow 1) above then this becomes less important.

4) Always make a complete backup of your computer on a disk (e.g. external USB hard drive), regularly maintain it and keep it locked in a safe so that if the 
worst happens you have a clean unencrypted copy to restore your computer.

5) If you take your laptop to work be very careful if you connect it to your office network and if in doubt, check with your system support people. 
Also don't have work email and private email on the same computer - cross contamination is a very real threat (which is why the FBI investigated Hilary Clinton).

6) Finally, don't be tempted to alter the settings on your internet router. It contains a firewall which ensures that no external computer can connect to yours - 
unless you initiate that connection by clicking on a malicious email attachment. Normal Internet activity (web browsing, email, music and video streaming 
and software updates) is always initiated by your computer to a known and trusted external system.

As always I am happy to offer advice to anyone has concerns.
And if you don't yet belong to NHW then just send me an email to graham.rh.knight@gmail.com

There is also a link here to the National Cyber Security Centre for more detailed information
Comments