Be Excellent To Each Other
https://www.beexcellenttoeachother.com/forum/

Cyber Attack
https://www.beexcellenttoeachother.com/forum/viewtopic.php?f=3&t=10995
Page 1 of 1

Author:  Mr Russell [ Mon May 15, 2017 8:49 ]
Post subject:  Cyber Attack

So with the NHS in the UK, and others round the world affected by ransomware (http://www.bbc.co.uk/news/technology-39915440), how has this affected everyone else?

We've had all our external email turned off, and a warning not to click on attachments from people we don't know, and apparently Tesco have turned off all their ATMs.

Author:  myp [ Mon May 15, 2017 8:56 ]
Post subject:  Re: Cyber Attack

Nothing. We have to undertake cyber attack training once a year where we promise not to click on any dodgy emails. :D

Author:  Sir Taxalot [ Mon May 15, 2017 9:11 ]
Post subject:  Re: Cyber Attack

Our IT team had to work (on mother's Day) and turned off the entire wifi network while they worked, and it was still off this morning which was a pain for a lot of the technicians at the smaller satellite facility. Problem is, the big facility has a lot of computers scattered around, connected to instruments and the like, with no easy way of centrally /administrating/updating - honestly I was amazed at how few restrictions they had on hardware when I joined 7 years ago.

A few of our platforms (JIRA and confluence) seem to have stopped communicating with each other properly, although that may not be related, and might have been like it for a week or more, as that was the last time I used them together. A network printer that I use once every few months seems to be offline, but again it could've been like that for awhile but unnoticed

Author:  Sir Taxalot [ Mon May 15, 2017 9:11 ]
Post subject:  Re: Cyber Attack

So from my perspective, realtively trivial

Author:  Bamba [ Mon May 15, 2017 9:25 ]
Post subject:  Re: Cyber Attack

Nothing at all going on at Evil Inc. We do get the odd test where a phising email comes in that's actually from our company to see whether we're stupid enough to click on the links but nothing seems to happen after each round of these.

Author:  Mr Russell [ Mon May 15, 2017 9:31 ]
Post subject:  Re: Cyber Attack

Heh, I was just asked to send a report blocked by the email servers to someone's Hotmail address.

From my IT training* I remember the answer was "no", so the recipient remains reportless.


*The question on how to share files if the recipient cannot receive it was something like:
-You send it to a personal email?
-You put it on a flash drive and give it to them?
-You put it on a fileshare site?
-You put it on an FTP server?

And the 'correct' answer was none of the above, so I sailed through the rest of the security questions by saying I would act as obstructively as possible, and apparently that's the most secure thing you can do!

Author:  zaphod79 [ Mon May 15, 2017 9:57 ]
Post subject:  Re: Cyber Attack

Mr Russell wrote:
And the 'correct' answer was none of the above, so I sailed through the rest of the security questions by saying I would act as obstructively as possible, and apparently that's the most secure thing you can do!


Well done :-)

Author:  zaphod79 [ Mon May 15, 2017 9:58 ]
Post subject:  Re: Cyber Attack

Mr Russell wrote:
and apparently Tesco have turned off all their ATMs.


I've not seen that reported , however they probably dont have patches in place and are probably running old / out of date OS's (a lot of ATM's are running XP or 2000)

Author:  DavPaz [ Mon May 15, 2017 10:14 ]
Post subject:  Re: Cyber Attack

Technically, we're unaffected as all the staff machines are forced to Windows update EVERY DAY (evil laugh), and the student machines were updated a at Easter and are protected by Deep Freeze.

BUT! Our clueless leaders have decided to insist that all student machines are manually updated TODAY. RIGHT THE FUCK NOW.

I love being an IT spod

Author:  TheVision [ Mon May 15, 2017 10:21 ]
Post subject:  Re: Cyber Attack

We've had an email reminding us not to click on any links from the following:

• UPS (or parcel delivery)
• Bank Emails
• Government emails (unrecognised ones)
• Ebay & Amazon (unless you ordered something)

I'm now desperately searching for some of these emails that I can click on to mess up my PC. Hopefully they'll send me home if I do.

Author:  Cras [ Mon May 15, 2017 15:37 ]
Post subject:  Re: Cyber Attack

No impact here, but then our patching regime is pretty hardcore.

Author:  zaphod79 [ Mon May 15, 2017 15:53 ]
Post subject:  Re: Cyber Attack

If you patched then the only way it can run is by someone clicking on the link in the spam / opening the file that was originally sent out - and then its only their machine / what they have access to that is affected

If you had not patched then as soon as the first person clicked the worm looked for any vulnerable machines , copied itself to them and ran.

So the more unpatched machines / vulnerable machines in your network the more you were affected

Also the 'kill' switch (that was accidentally activated) will have helped to stop this spreading much over the weekend

https://www.theguardian.com/technology/ ... ber-attack

Author:  Hearthly [ Mon May 15, 2017 16:12 ]
Post subject:  Re: Cyber Attack

Cras wrote:
No impact here, but then our patching regime is pretty hardcore.


:this:

As soon as I read what the 'attack' consisted of I was basically like, 'Yeah, good luck with that on our systems'.

Admittedly we still do have a handful of XP clients and 2003 servers around the estate, but these are aggressively segregated and/or virtualised (onto their own VLAN in one instance) and locked down to absolutely the minimum roles/permissions/etc required for them to perform their specific functions.

Author:  Trousers [ Mon May 15, 2017 16:34 ]
Post subject:  Re: Cyber Attack

Nothing has affected us but then we did get hit by cryptolocker back in 2013 at a time when I had been here about a month and also found out we had tape backups that people changed when they could "be arsed". The Grandfather-Father-Oh Fuckit backup system for those that know it.

So I am quite nippy about ensuring everything is up to date these days after that shitshow.
..

Author:  Dr Zoidberg [ Mon May 15, 2017 17:57 ]
Post subject:  Re: Cyber Attack

Mr Russell wrote:
Heh, I was just asked to send a report blocked by the email servers to someone's Hotmail address.

From my IT training* I remember the answer was "no", so the recipient remains reportless.


Good stuff.
I'd had enough by 4:15 so went home. I've spent the last 12 months pointing out all of the security problems and potential consequences, so there's a healthy dose of "I told you so" in my attitude today.

Author:  asfish [ Mon May 15, 2017 20:39 ]
Post subject:  Re: Cyber Attack

Not had any issues this weekend, all Windows 7 and 10 with some XP in labs

We have been getting this sort of attack for the last 12 months, mostly users clicking on email attachments then encrypting their home drives or group folders\shares

Not an issue really as we have volume snapshots on all our shares so just restore files back to the previous hour's copy. Where it has been a pain is where there has been a project folder that not been looked at for 6 months that's then found to be affected, we have to call tapes back for these cases.

We are moving to OneDrive everywhere and not sure how quickly you can restore files in that, had heard you can do it but its one at a time.

We have some expensive and from what I can see pointless security outsourced services from IBM, we had to send them the BBC link to wake them up.

Then the guy who is paid to look after it internally, who does very little for most of the year started to send emails around IT telling us how many server virus DATS his super team had updated over the weekend. (AV software doesn't catch this!)

The best email update was one where he used the phrase "Alertcon 3" to describe the threat level according to our super IBM security outsourced chums :DD

Author:  Cras [ Mon May 15, 2017 23:27 ]
Post subject:  Re: Cyber Attack

He's not wrong about the AV. It wouldn't stop a user being infected by the ransomware payload, but this came with a secondary payload that was a remote code execution exploit that then spread it throughout the network - and most of the major AV vendors had dats out that would catch that and mitigate the issue a lot.

Author:  Firefox [ Tue May 16, 2017 0:13 ]
Post subject:  Re: Cyber Attack

It amazes me that people still use Windows for anything vaguely important...

Author:  Sir Taxalot [ Tue May 16, 2017 3:50 ]
Post subject:  Re: Cyber Attack

Yeah, you never have this problem with good old pen and paper, blackboard and chalk , parchment and quill, stone and chisel

Author:  KovacsC [ Tue May 16, 2017 8:09 ]
Post subject:  Re: Cyber Attack

Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...


Go on what are the corporate options?

Author:  DavPaz [ Tue May 16, 2017 8:48 ]
Post subject:  Re: Cyber Attack

Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...

With the amount of trouble we have getting people to use Windows properly, even with over twenty years of consistent design philosophy in their brains, I couldn't imagine the chaos if we tried to make people use Linux.

"My start button's moved! How do I change the background? WHERE ARE MY WIDGETS??"

Brrrrr...

And if you mean MacOS, try keeping a room full of Macs consistently logging in to a domain sometime. God bless that fucking local keychain

Author:  DavPaz [ Tue May 16, 2017 8:49 ]
Post subject:  Re: Cyber Attack

Or were you just trolling?

Author:  Satsuma [ Tue May 16, 2017 9:26 ]
Post subject:  Re: Cyber Attack

Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...


I use mine for watching the neighbours.

Author:  asfish [ Tue May 16, 2017 10:25 ]
Post subject:  Re: Cyber Attack

DavPaz wrote:
Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...

With the amount of trouble we have getting people to use Windows properly, even with over twenty years of consistent design philosophy in their brains, I couldn't imagine the chaos if we tried to make people use Linux.

"My start button's moved! How do I change the background? WHERE ARE MY WIDGETS??"

Brrrrr...

And if you mean MacOS, try keeping a room full of Macs consistently logging in to a domain sometime. God bless that fucking local keychain


:this:

Too much investment in Windows at our place to ever change, not saying there aren't better OS's out there, but its the applications and systems that are the issue, too much time and money to change.

Have a lot of Linux at work but all specialist implementations.

Author:  Cras [ Tue May 16, 2017 11:28 ]
Post subject:  Re: Cyber Attack

Windows is very much a victim of its own success. Some of the *nix vulnerabilities that have been announced over the last year have been utterly terrifying - but they don't really provide much of an inbound vector. If admin types were reading their emails on unix boxes you'd see a hell of a lot more privilege escalation exploits for them in the wild - but they aren't, so what's the point?

Author:  DavPaz [ Tue May 16, 2017 12:02 ]
Post subject:  Re: Cyber Attack

It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.

Author:  markg [ Tue May 16, 2017 17:42 ]
Post subject:  Re: Cyber Attack

Fun few days at work dealing with it, we're pretty much on top of it now. Still not sure why so many machines weren't patched, we had very few XP machines on the network, just a couple dotted around that were running some ancient software on them. Most the PCs on the main site were ok and those that weren't we just imaged over the network so not too much swapping them about. Out at the GPs it's been a bit patchier (or rather less patchy I guess). All our staff clinicians, admins and IT have been absolutely brilliant, though. As have the patients by all accounts (apart from the one who threw his crutch through a window).

Author:  Cras [ Tue May 16, 2017 18:00 ]
Post subject:  Re: Cyber Attack

Must have been a nightmare in an environment with irate patients all over the place!

Author:  Dr Zoidberg [ Tue May 16, 2017 18:15 ]
Post subject:  Re: Cyber Attack

DavPaz wrote:
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


It really doesn't help though when you have a support team that insist on keep asking users what their passwords are, and when they set up a new PC for them, go out of their way to get rid of as much security as possible.

Give users admin rights whether they need it or not, disable UAC, install VNC and set the password to the company name, and turn off the firewalls!
What could possibly go wrong?

Author:  DavPaz [ Tue May 16, 2017 19:36 ]
Post subject:  Re: Cyber Attack

Dr Zoidberg wrote:
DavPaz wrote:
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


It really doesn't help though when you have a support team that insist on keep asking users what their passwords are, and when they set up a new PC for them, go out of their way to get rid of as much security as possible.

Give users admin rights whether they need it or not, disable UAC, install VNC and set the password to the company name, and turn off the firewalls!
What could possibly go wrong?

*twitches*

Author:  Dr Zoidberg [ Tue May 16, 2017 20:11 ]
Post subject:  Re: Cyber Attack

DavPaz wrote:
Dr Zoidberg wrote:
DavPaz wrote:
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


It really doesn't help though when you have a support team that insist on keep asking users what their passwords are, and when they set up a new PC for them, go out of their way to get rid of as much security as possible.

Give users admin rights whether they need it or not, disable UAC, install VNC and set the password to the company name, and turn off the firewalls!
What could possibly go wrong?

*twitches*


Yep. I'm *so* annoyed I've not written down everything that just stopped me in my tracks when I found it. Nobody would believe it could all be true.

Author:  Hearthly [ Tue May 16, 2017 20:13 ]
Post subject:  Re: Cyber Attack

Shouldn't all that stuff be locked down with group policy?

Author:  Dr Zoidberg [ Tue May 16, 2017 20:21 ]
Post subject:  Re: Cyber Attack

Hearthly wrote:
Shouldn't all that stuff be locked down with group policy?


Yep, and it's been on the list of things to do since about the second week there. Unfortunately the list gets longer every time I look at a different system and find more problems and I can't fix them fast enough :(

Author:  DavPaz [ Tue May 16, 2017 20:25 ]
Post subject:  Re: Cyber Attack

Dr Zoidberg wrote:
Hearthly wrote:
Shouldn't all that stuff be locked down with group policy?


Yep, and it's been on the list of things to do since about the second week there. Unfortunately the list gets longer every time I look at a different system and find more problems and I can't fix them fast enough :(

The biggest problem will be changing the expectations of the users. "Why can't I install this program? I could before"

Author:  Firefox [ Tue May 16, 2017 20:32 ]
Post subject:  Re: Cyber Attack

DavPaz wrote:
Or were you just trolling?

I'm not a troll thankyou very much.

Author:  DavPaz [ Tue May 16, 2017 20:52 ]
Post subject:  Re: Cyber Attack

That's sorted then.

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/