Last week saw the single largest Cyber attack ever with the WannaCry ransomware virus.
Thousands of people were affected from all over the world. The cost of the damage caused by the attack is probably incalculable, but aside from the financial cost, hundreds of people had operations canceled and suffered travel disruption as computer systems became unusable.
The virus was able to cause so much havoc simply because of complacency in regard to cyber security. Many common viruses can infect computers because of ’phishing’ emails that appear to come from a trusted source and have an innocent looking attachment. The unaware user opens the attachment triggering whatever nastiness is embedded inside. Having up-to-date anti-virus and anti-malware software will protect your computer.
The WannaCry outbreak wasn’t spread by phishing emails, but rather a vulnerability in Microsoft’s operating system. The MS17-010 vulnerability was known about and fixed in a patch released in March, however, the patch wasn’t issued for ‘retired’ systems.
So why was the NHS’s system so vulnerable? Many of the computers within the NHS were still using Windows XP - a system that stopped receiving any security updates in 2012.
Cyber Essentials certification
I’ve recently been involved in securing the Cyber Essentials accreditation here at Access, which you can read about in this post. A major part of obtaining the certification is having policies in place to ensure that software and, in particular, Operating Systems are kept up-to-date.
It’s very embarrassing for the NHS, and indeed the government, that so much disruption was caused, and could easily have been prevented. Microsoft did have an arrangement with the government to provide patches for out of date systems at a cost of around £5.5 million but they cancelled it in 2015. The logic behind cancelling the extended support agreement was to ‘push’ organisations like NHS Trusts to upgrade.
Of course, the trusts themselves could have paid for extended support but, faced with massive cuts, they decided to buy bandages rather than upgrade thousands of computers or pay Microsoft for extended support.
Evidently, these bandages were covering an open wound that was all too easy to infect.
How to keep you own system safe
No doubt the NHS, our government, and thousands of other affected companies in over 150 countries around the world have learned a very costly, yet valuable lesson.
I think these lessons boil down to these key components:
1.Keep your systems up to date. Don’t ignore software updates and most importantly of all - sort your Firewall out!
2.Invest in a good hardware Firewall. This helps to protect all of your systems from most of the most common attacks, as long as it is configured correctly.
3.Close ports* that don’t need to be open. Check all existing rules and assess if they are relevant or not, things change and you may not think to change settings on your Firewall. Make sure you get into a routine of checking it regularly.
4.Make sure your Firmware is up-to-date. Firmware on a device is like the Operating System on a computer. Most complex electronic devices will have Firmware, TV's, DVD players, phones etc.
Ports - Ports are entry and exit points from one system to another - just like countries have ports where ships leave one country and dock at the port of another. Without ports it would be an uncontrolled and unaccountable mess. Particular applications will have specific ports or 'port ranges' allocated to them. Official ports are designated by the Internet Assigned Numbers Authority (IANA). Common official ports are used by services such as Simple Mail Transfer Protocol (SMTP) which is number 25. It can be a security risk having ports open that are officially assigned to applications or services that you don’t use.
To help keep your own systems safe and secure, we’d recommend these other brilliant posts:
How to accidentally stop a global cyber attack by MalwareTech - he’s the guy that stopped the spread of the WannaCry infection.