Be Excellent To Each Other

And, you know, party on. Dude.

All times are UTC [ DST ]




Reply to topic  [ 36 posts ] 
Author Message
 Post subject: Cyber Attack
PostPosted: Mon May 15, 2017 8:49 
Awesome
User avatar
Yes

Joined: 6th Apr, 2008
Posts: 12240
So with the NHS in the UK, and others round the world affected by ransomware (http://www.bbc.co.uk/news/technology-39915440), how has this affected everyone else?

We've had all our external email turned off, and a warning not to click on attachments from people we don't know, and apparently Tesco have turned off all their ATMs.

_________________
Always proof read carefully in case you any words out


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 8:56 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55715
Location: California
Nothing. We have to undertake cyber attack training once a year where we promise not to click on any dodgy emails. :D

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 9:11 
User avatar
Can you dig it?

Joined: 5th Apr, 2008
Posts: 4662
Our IT team had to work (on mother's Day) and turned off the entire wifi network while they worked, and it was still off this morning which was a pain for a lot of the technicians at the smaller satellite facility. Problem is, the big facility has a lot of computers scattered around, connected to instruments and the like, with no easy way of centrally /administrating/updating - honestly I was amazed at how few restrictions they had on hardware when I joined 7 years ago.

A few of our platforms (JIRA and confluence) seem to have stopped communicating with each other properly, although that may not be related, and might have been like it for a week or more, as that was the last time I used them together. A network printer that I use once every few months seems to be offline, but again it could've been like that for awhile but unnoticed

_________________
rumours about the high quality of the butter reached Yerevan


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 9:11 
User avatar
Can you dig it?

Joined: 5th Apr, 2008
Posts: 4662
So from my perspective, realtively trivial

_________________
rumours about the high quality of the butter reached Yerevan


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 9:25 
User avatar
Excellent Member

Joined: 25th Jul, 2010
Posts: 11128
Nothing at all going on at Evil Inc. We do get the odd test where a phising email comes in that's actually from our company to see whether we're stupid enough to click on the links but nothing seems to happen after each round of these.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 9:31 
Awesome
User avatar
Yes

Joined: 6th Apr, 2008
Posts: 12240
Heh, I was just asked to send a report blocked by the email servers to someone's Hotmail address.

From my IT training* I remember the answer was "no", so the recipient remains reportless.


*The question on how to share files if the recipient cannot receive it was something like:
-You send it to a personal email?
-You put it on a flash drive and give it to them?
-You put it on a fileshare site?
-You put it on an FTP server?

And the 'correct' answer was none of the above, so I sailed through the rest of the security questions by saying I would act as obstructively as possible, and apparently that's the most secure thing you can do!

_________________
Always proof read carefully in case you any words out


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 9:57 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14483
Mr Russell wrote:
And the 'correct' answer was none of the above, so I sailed through the rest of the security questions by saying I would act as obstructively as possible, and apparently that's the most secure thing you can do!


Well done :-)


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 9:58 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14483
Mr Russell wrote:
and apparently Tesco have turned off all their ATMs.


I've not seen that reported , however they probably dont have patches in place and are probably running old / out of date OS's (a lot of ATM's are running XP or 2000)


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 10:14 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
Technically, we're unaffected as all the staff machines are forced to Windows update EVERY DAY (evil laugh), and the student machines were updated a at Easter and are protected by Deep Freeze.

BUT! Our clueless leaders have decided to insist that all student machines are manually updated TODAY. RIGHT THE FUCK NOW.

I love being an IT spod


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 10:21 
SupaMod
User avatar
"Praisebot"

Joined: 30th Mar, 2008
Posts: 17013
Location: Parts unknown
We've had an email reminding us not to click on any links from the following:

• UPS (or parcel delivery)
• Bank Emails
• Government emails (unrecognised ones)
• Ebay & Amazon (unless you ordered something)

I'm now desperately searching for some of these emails that I can click on to mess up my PC. Hopefully they'll send me home if I do.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 15:37 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49232
No impact here, but then our patching regime is pretty hardcore.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 15:53 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14483
If you patched then the only way it can run is by someone clicking on the link in the spam / opening the file that was originally sent out - and then its only their machine / what they have access to that is affected

If you had not patched then as soon as the first person clicked the worm looked for any vulnerable machines , copied itself to them and ran.

So the more unpatched machines / vulnerable machines in your network the more you were affected

Also the 'kill' switch (that was accidentally activated) will have helped to stop this spreading much over the weekend

https://www.theguardian.com/technology/ ... ber-attack


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 16:12 
User avatar
Hello Hello Hello

Joined: 11th May, 2008
Posts: 13381
Cras wrote:
No impact here, but then our patching regime is pretty hardcore.


:this:

As soon as I read what the 'attack' consisted of I was basically like, 'Yeah, good luck with that on our systems'.

Admittedly we still do have a handful of XP clients and 2003 servers around the estate, but these are aggressively segregated and/or virtualised (onto their own VLAN in one instance) and locked down to absolutely the minimum roles/permissions/etc required for them to perform their specific functions.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 16:34 
User avatar
EvilTrousers

Joined: 30th Mar, 2008
Posts: 3073
Nothing has affected us but then we did get hit by cryptolocker back in 2013 at a time when I had been here about a month and also found out we had tape backups that people changed when they could "be arsed". The Grandfather-Father-Oh Fuckit backup system for those that know it.

So I am quite nippy about ensuring everything is up to date these days after that shitshow.
..

_________________
Everyone but Zardoz is better than me at videogames.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 17:57 
User avatar
Decapodian

Joined: 15th Oct, 2010
Posts: 5134
Mr Russell wrote:
Heh, I was just asked to send a report blocked by the email servers to someone's Hotmail address.

From my IT training* I remember the answer was "no", so the recipient remains reportless.


Good stuff.
I'd had enough by 4:15 so went home. I've spent the last 12 months pointing out all of the security problems and potential consequences, so there's a healthy dose of "I told you so" in my attitude today.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 20:39 
Excellent Member

Joined: 5th Dec, 2010
Posts: 3353
Not had any issues this weekend, all Windows 7 and 10 with some XP in labs

We have been getting this sort of attack for the last 12 months, mostly users clicking on email attachments then encrypting their home drives or group folders\shares

Not an issue really as we have volume snapshots on all our shares so just restore files back to the previous hour's copy. Where it has been a pain is where there has been a project folder that not been looked at for 6 months that's then found to be affected, we have to call tapes back for these cases.

We are moving to OneDrive everywhere and not sure how quickly you can restore files in that, had heard you can do it but its one at a time.

We have some expensive and from what I can see pointless security outsourced services from IBM, we had to send them the BBC link to wake them up.

Then the guy who is paid to look after it internally, who does very little for most of the year started to send emails around IT telling us how many server virus DATS his super team had updated over the weekend. (AV software doesn't catch this!)

The best email update was one where he used the phrase "Alertcon 3" to describe the threat level according to our super IBM security outsourced chums :DD


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Mon May 15, 2017 23:27 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49232
He's not wrong about the AV. It wouldn't stop a user being infected by the ransomware payload, but this came with a secondary payload that was a remote code execution exploit that then spread it throughout the network - and most of the major AV vendors had dats out that would catch that and mitigate the issue a lot.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 0:13 
Excellent Member

Joined: 20th Mar, 2010
Posts: 261
It amazes me that people still use Windows for anything vaguely important...


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 3:50 
User avatar
Can you dig it?

Joined: 5th Apr, 2008
Posts: 4662
Yeah, you never have this problem with good old pen and paper, blackboard and chalk , parchment and quill, stone and chisel

_________________
rumours about the high quality of the butter reached Yerevan


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 8:09 
User avatar
Master of dodgy spelling....

Joined: 25th Sep, 2008
Posts: 22533
Location: shropshire, uk
Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...


Go on what are the corporate options?

_________________
MetalAngel wrote:
Kovacs: From 'unresponsive' to 'kebab' in 3.5 seconds


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 8:48 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...

With the amount of trouble we have getting people to use Windows properly, even with over twenty years of consistent design philosophy in their brains, I couldn't imagine the chaos if we tried to make people use Linux.

"My start button's moved! How do I change the background? WHERE ARE MY WIDGETS??"

Brrrrr...

And if you mean MacOS, try keeping a room full of Macs consistently logging in to a domain sometime. God bless that fucking local keychain


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 8:49 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
Or were you just trolling?


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 9:26 
User avatar
Bad Girl

Joined: 20th Apr, 2008
Posts: 14353
Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...


I use mine for watching the neighbours.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 10:25 
Excellent Member

Joined: 5th Dec, 2010
Posts: 3353
DavPaz wrote:
Firefox wrote:
It amazes me that people still use Windows for anything vaguely important...

With the amount of trouble we have getting people to use Windows properly, even with over twenty years of consistent design philosophy in their brains, I couldn't imagine the chaos if we tried to make people use Linux.

"My start button's moved! How do I change the background? WHERE ARE MY WIDGETS??"

Brrrrr...

And if you mean MacOS, try keeping a room full of Macs consistently logging in to a domain sometime. God bless that fucking local keychain


:this:

Too much investment in Windows at our place to ever change, not saying there aren't better OS's out there, but its the applications and systems that are the issue, too much time and money to change.

Have a lot of Linux at work but all specialist implementations.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 11:28 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49232
Windows is very much a victim of its own success. Some of the *nix vulnerabilities that have been announced over the last year have been utterly terrifying - but they don't really provide much of an inbound vector. If admin types were reading their emails on unix boxes you'd see a hell of a lot more privilege escalation exploits for them in the wild - but they aren't, so what's the point?

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 12:02 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 17:42 
User avatar

Joined: 30th Mar, 2008
Posts: 16552
Fun few days at work dealing with it, we're pretty much on top of it now. Still not sure why so many machines weren't patched, we had very few XP machines on the network, just a couple dotted around that were running some ancient software on them. Most the PCs on the main site were ok and those that weren't we just imaged over the network so not too much swapping them about. Out at the GPs it's been a bit patchier (or rather less patchy I guess). All our staff clinicians, admins and IT have been absolutely brilliant, though. As have the patients by all accounts (apart from the one who threw his crutch through a window).


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 18:00 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49232
Must have been a nightmare in an environment with irate patients all over the place!

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 18:15 
User avatar
Decapodian

Joined: 15th Oct, 2010
Posts: 5134
DavPaz wrote:
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


It really doesn't help though when you have a support team that insist on keep asking users what their passwords are, and when they set up a new PC for them, go out of their way to get rid of as much security as possible.

Give users admin rights whether they need it or not, disable UAC, install VNC and set the password to the company name, and turn off the firewalls!
What could possibly go wrong?


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 19:36 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
Dr Zoidberg wrote:
DavPaz wrote:
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


It really doesn't help though when you have a support team that insist on keep asking users what their passwords are, and when they set up a new PC for them, go out of their way to get rid of as much security as possible.

Give users admin rights whether they need it or not, disable UAC, install VNC and set the password to the company name, and turn off the firewalls!
What could possibly go wrong?

*twitches*


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 20:11 
User avatar
Decapodian

Joined: 15th Oct, 2010
Posts: 5134
DavPaz wrote:
Dr Zoidberg wrote:
DavPaz wrote:
It's true, Windows is a sieve of security holes. The best thing that MacOS does is make you authenticate before you can do anything. For some reason, Mac users don't mind that. When Vista implemented the same system, the howls of protest were audible from space. WHY DO I HAVE TO KEEP TYPING MY PASSWORD!? Feckless idiots.


It really doesn't help though when you have a support team that insist on keep asking users what their passwords are, and when they set up a new PC for them, go out of their way to get rid of as much security as possible.

Give users admin rights whether they need it or not, disable UAC, install VNC and set the password to the company name, and turn off the firewalls!
What could possibly go wrong?

*twitches*


Yep. I'm *so* annoyed I've not written down everything that just stopped me in my tracks when I found it. Nobody would believe it could all be true.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 20:13 
User avatar
Hello Hello Hello

Joined: 11th May, 2008
Posts: 13381
Shouldn't all that stuff be locked down with group policy?


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 20:21 
User avatar
Decapodian

Joined: 15th Oct, 2010
Posts: 5134
Hearthly wrote:
Shouldn't all that stuff be locked down with group policy?


Yep, and it's been on the list of things to do since about the second week there. Unfortunately the list gets longer every time I look at a different system and find more problems and I can't fix them fast enough :(


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 20:25 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
Dr Zoidberg wrote:
Hearthly wrote:
Shouldn't all that stuff be locked down with group policy?


Yep, and it's been on the list of things to do since about the second week there. Unfortunately the list gets longer every time I look at a different system and find more problems and I can't fix them fast enough :(

The biggest problem will be changing the expectations of the users. "Why can't I install this program? I could before"


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 20:32 
Excellent Member

Joined: 20th Mar, 2010
Posts: 261
DavPaz wrote:
Or were you just trolling?

I'm not a troll thankyou very much.


Top
 Profile  
 
 Post subject: Re: Cyber Attack
PostPosted: Tue May 16, 2017 20:52 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38439
That's sorted then.


Top
 Profile  
 
Display posts from previous:  Sort by  
Reply to topic  [ 36 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: Columbo, markg, Squirt, The Greys and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search within this thread:
You are using the 'Ted' forum. Bill doesn't really exist any more. Bogus!
Want to help out with the hosting / advertising costs? That's very nice of you.
Are you on a mobile phone? Try http://beex.co.uk/m/
RIP, Owen. RIP, MrC.

Powered by a very Grim... version of phpBB © 2000, 2002, 2005, 2007 phpBB Group.