1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cyber Attack

Discussion in 'The Lounge' started by John King, May 15, 2017.

  1. John King

    John King In the Stop Bath

    I am sure we have all heard about and some will be affected by the cyber attack that took place over the past weekend. All or most of it appears to have be directed at large organisations, but have there been any reports of home users or small businesses being affected? The attacks apparently are not limited to XP. Windows versions such as Vista, 7, 8, and 8.1 also seem to be vunerable.

    I'm at present using a laptop with XP installed and so far I am OK. My main PC has Windows 10 which is claimed to be secure.
    Last edited: May 15, 2017
  2. dangie

    dangie Senior Knobhead

    One thing which is annoying me with regard to the ongoing worldwide cyber-attack, is that that everything I'm reading in the newspapers or hearing on TV or radio is criticism of affected companies and Microsoft for not preventing this from happening.

    Whereas this may have some validity, I have heard no criticism aimed at the perpetrators of this crime. It's almost as though they are seen as a modern day Dick Turpin. If I go out of my house and don't lock the doors, I may be seen as foolish, but do I 'deserve' to have the house burgled..??
  3. nimbus

    nimbus Well-Known Member

    Older Windows versions, particularly XP are now quite a soft target, given that Microsoft no longer produce updates, but are still commonly used by organisations such as the NHS. Updating is time-consuming and it is fair to say that XP was as a system in itself one of the better incarnations of Windows. Those using it should be aware of the risks, but many appear to be blasé about them.

    Leaving your house unlocked, no you don't deserve to be burgled, nobody does, but by doing so you do raise the risk of it happening and there could be considered to have been contributory negligence.
    TheFatControlleR likes this.
  4. RogerMac

    RogerMac Well-Known Member

    I have been affected by the attack - the results of a blood test that would normally have been phoned though on Friday afternoon have not yet arrived - that a small inconvenience as I can just carry on my previous dosage and hope for the best but I also am waiting for an urgent appointment but I am wondering whether in the chaos that will be delayed.
  5. Andrew Flannigan

    Andrew Flannigan Well-Known Member

    Yep, blame the victims - always a good move. That's one strategy used by insurance companies I'd like to see stopped. Whatever we do, don't stomp on the poor hard done by criminals.
  6. Fishboy

    Fishboy Well-Known Member

    I believe that Jeremy Hunt has resolved to track down the hackers if it's the last thing he does.

    I believe he wants to ask them how they managed to do to the NHS in twenty minutes what he's been working on for five years.

    Cheers, Jeff
    saxacat, proseak, Scphoto and 6 others like this.
  7. PeteRob

    PeteRob Well-Known Member

    A significant risk is opening an email and following a link. I've had emails recently that appear to be from people I know but are not. Anyone in the habit of exchanging one-liners with their friends with a link to something they have seen on the web is vulnerable to this one. Keep your data backed up onto off-line storage - like an external hard disk. Do run a virus checker. Virus check everything you download (never ever "run"). Virus check USB sticks etc. etc. etc.
  8. nimbus

    nimbus Well-Known Member

    That was not what I meant, and you know it.
  9. Andrew Flannigan

    Andrew Flannigan Well-Known Member

    Sorry. My psychic translation system was corrupted by a virus.
  10. Malcolm_Stewart

    Malcolm_Stewart Well-Known Member

    The publicity about the cyber-attack prompted me to review my desktop's situation with regard to data security, and to my horror I discovered yesterday morning that whilst I've been using an automated (whilst I sleep) backup system, some changes to my system a year ago had the backup data files being copied to a second partition on the main drive - and not on the physically separate hard drive purchased specifically for this task*. Fortunately, I've got away with it this time, and my data is now safe and sitting on a hard drive not connected to my system. Meanwhile, a very slow but ever so pretty(!) and portable drive is receiving its copy of my data.
    My plan is to continue with my automated software backing up my data as I sleep, and periodically to swap the recipient drive. At the worst if I am deemed to be worth attacking, all I should lose is the most recent data.

    *Thanks to automated drive letter assignment - which I should have checked when properly awake.
    Andrew Flannigan likes this.
  11. Lost_In_France

    Lost_In_France Well-Known Member

    Pop-up message from Norton this morning assuring me my laptop is totally protected against the malware. We'll see!
  12. Zou

    Zou Well-Known Member

    Spare a thought for the hard-working folk at the NSA who spent long hours looking for vulnerabilities, designing tools to exploit them, and lobbying for major software corps to leave backdoors open for them.
  13. Andrew Flannigan

    Andrew Flannigan Well-Known Member

    That's quite unfair to the guys at Microsoft who code the security holes in the first place. They deserve recognition for their work too.
  14. AndyTake2

    AndyTake2 Well-Known Member

    I think many don't appreciate that this is likely to piggyback on the zero day effect of the latest holes found, relying on antivirus instead of updates to the system to protect them.
    The fact that the latest holes occur when an antivirus scans an infected file is scary.
    TheFatControlleR likes this.
  15. Andrew Flannigan

    Andrew Flannigan Well-Known Member

    Where did you get that from? Or are you just saying that reading the encrypted file invokes the exploit?
  16. AndyTake2

    AndyTake2 Well-Known Member

    The last time I read it was on the BBC.

    It is important to separate the ransom ware from the exploit hole.

    The hole in the Microsoft OS is one which can be exploited not by some malware getting through a huge hole, but by a hole in the system which means that if an infected email is read by an AV program, that reading itself causes the problem.

    I haven't read the tech details, but suspect that it is to do with sandboxing, and the way it protects the system.
    Look around for the actual Microsoft flaw, it is not the same as the ransomware, which is just a variant in itself.

    Look at it logically. Would so many ransom demands be sent at once if such a hole didn't exist? It was predicted earlier in the week, when the exploit was found, that huge ransomware exploits might follow.
    TheFatControlleR likes this.
  17. PeteRob

    PeteRob Well-Known Member

    I thought that emails with embedded active content would always be caught/stopped on the server these days.
  18. EightBitTony

    EightBitTony Well-Known Member

    Password encrypted word documents are one example that virus scanners can't check until the recipient actually opens them.

    Anyway, the point about the current infection is that it's not just an e-mail payload, it's a worm - it can infect machines remotely using an exploit in the Windows file sharing protocol. If you stick a Windows XP machine directly on the Internet, you've got about 3 minutes before you get infected.
  19. AndyTake2

    AndyTake2 Well-Known Member

    The use of this exploit is one of those which is scary and clever - it doesn't matter who reads the email (the first on the network - see above for how it spreads), if the underlying operating system isn't secure, then it executes.
    Consider a server, which, PeteRob points out, should catch or stop anything with active content. AV is up to date, but the system itself hasn't been updated.
    Now, how does the server know whether to stop an email? it reads it. It does it nice and safe, by using the AV to read the email. Normally, the AV reads it in a sandbox, which can be killed if anything goes wrong - an executable trying to work etc. Virus etc is dead.
    But with this exploit, the fact that the SERVER OS hasn't been updated means that the server now has it's own system compromised.

    This particular exploit does not care who opens it. It doesn't matter if it is an end user or the user's AV, or the Server's AV - something, somewhere opens it, and then it is all over bar the screaming.

    Then you get a ransomware file come along. Again, it could be in an email or anything else, but it knows about the exploit hole, and uses it.
    The fact that the two work together makes for a really nasty package.
    I'm not going to pretend to be a security expert - it is a good 10 years since I was in IT security, (or IT at all for that matter), but this is a type of exploit that we really need to watch out for - if that is at all possible
    TheFatControlleR likes this.
  20. Andrew Flannigan

    Andrew Flannigan Well-Known Member

Share This Page