The NHS is bracing for a weekend of chaos after a cyberattack forced hospitals to close wards, turn away patients and delay treatment across the country.
At least 30 health service organisations in England and Scotland have been affected by thehack attack, while others have shut down servers as a precautionary measure to avoid contagion.
Across the world, at least 74 countries have been targeted by the attack that locked up computer and held users' files for ransom, with Russia appearing to be hardest hit.
:: Hacking for cash: Ransomware threats on the rise
An alleged hacker unconnected to the incident told Sky News the attack could spread to nearly every country in the world.
"I'm sad to say that this is probably only just beginning; administrators are in for a very difficult weekend," Lauri Love said.
"We should expect to see this in almost every country in the world.
"If you've been infected, not only have your files been encrypted and you're being held to ransom, but your machine is being used as a zombie to attempt to affect other machines on the internet.
"This means it will tend to grow at an exponential rate until it runs out of vulnerable hosts to infect."
Saturday, May 13, 2017
Ransomware strike gives glimpse of 'cyber-apocalypse'
Up to 99 countries may have been affected by the ransomware cyberattack that has struck the NHS, according to some experts.
It is believed to be the biggest attack of its kind ever recorded.
Russia appeared to be the hardest hit nation, with its interior and emergencies ministries and biggest bank, Sberbank, saying they were targeted.
:: NHS braces for weekend of chaos after cyberattack
The interior ministry said on its website around 1,000 computers had been infected but it had localised the virus.
Spain, Ukraine and India were also severely affected, according to researchers from the Kaspersky Lab.
By the group's count, the malware struck at least 74 countries. However, researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, also citing Taiwan among the top targets.
:: Hackers' hitlist: Cyber criminals and their targets
Cyber security expert Varun Badwhar said the attack gave a glimpse of what a "cyber-apocalypse" would look like.
He said: "This is an unprecedented scale. We've never seen something spread this quickly in a 24-hour period across these many countries and continents.
"So it's definitely one of those things we've always heard about that could happen and now we're seeing it play out. It's really a cyber-apocalypse that we're seeing."
Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".
Chris Wysopal of the software security firm Veracode said criminal organisations were probably behind the attack, given how quickly the malware spread.
"For so many organisations in the same day to be hit, this is unprecedented," he said.
Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.
Portugal Telecom and Telefonica Argentina both said they were also targeted.
International shipper FedEx Corp said some of its Windows computers were also infected.
"We are implementing remediation steps as quickly as possible," it said in a statement.
Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.
:: Ransomware explained - hacking for cash is on the rise
The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.
It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.
The Cyber extortionists tricked victims into opening malicious attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.
Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Spain took steps to protect critical infrastructure in response to the attack.
Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.
Telefonica said the attack was limited to some computers on an internal network and had not affected clients or services.
In the US, the effect of the hack did not appear to be widespread, at least initially.
Hacking group Shadow Brokers reportedly released the malware last month, after claiming to have discovered the flaw from the US National Security Agency.
It is believed to be the biggest attack of its kind ever recorded.
Russia appeared to be the hardest hit nation, with its interior and emergencies ministries and biggest bank, Sberbank, saying they were targeted.
:: NHS braces for weekend of chaos after cyberattack
The interior ministry said on its website around 1,000 computers had been infected but it had localised the virus.
Spain, Ukraine and India were also severely affected, according to researchers from the Kaspersky Lab.
By the group's count, the malware struck at least 74 countries. However, researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, also citing Taiwan among the top targets.
:: Hackers' hitlist: Cyber criminals and their targets
Cyber security expert Varun Badwhar said the attack gave a glimpse of what a "cyber-apocalypse" would look like.
He said: "This is an unprecedented scale. We've never seen something spread this quickly in a 24-hour period across these many countries and continents.
"So it's definitely one of those things we've always heard about that could happen and now we're seeing it play out. It's really a cyber-apocalypse that we're seeing."
Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".
Chris Wysopal of the software security firm Veracode said criminal organisations were probably behind the attack, given how quickly the malware spread.
"For so many organisations in the same day to be hit, this is unprecedented," he said.
Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.
Portugal Telecom and Telefonica Argentina both said they were also targeted.
International shipper FedEx Corp said some of its Windows computers were also infected.
"We are implementing remediation steps as quickly as possible," it said in a statement.
Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.
:: Ransomware explained - hacking for cash is on the rise
The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.
It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.
The Cyber extortionists tricked victims into opening malicious attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.
Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Spain took steps to protect critical infrastructure in response to the attack.
Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.
Telefonica said the attack was limited to some computers on an internal network and had not affected clients or services.
In the US, the effect of the hack did not appear to be widespread, at least initially.
Hacking group Shadow Brokers reportedly released the malware last month, after claiming to have discovered the flaw from the US National Security Agency.
Ransomware hack attack exposes serious NHS vulnerabilities
The NHS has been rolled over by a cyberattack - and it wasn't even the target.
The ransomware attack that has taken hospital systems in England and Scotland offline has spread globally.
According to cybersecurity firm Kaspersky, it's reached at least 74 countries, attacking all sorts of institutions.
The NHS was merely collateral damage. That doesn't absolve the NHS trusts affected, though.
NHS security will come into focus, expert says
According to security sources, this attack probably wasn't a nation state leveraging vast resources and spending months to break into a target, as we saw with the Sony hack, the infiltration of the Democratic National Committee in the US elections, or the attack that took a French TV station offline.
It was criminals looking for a Bitcoin buck.
But they supercharged the attack, using a technique originally discovered by the NSA, called Eternal Blue.
That exploit was leaked, by a group called Shadow Brokers, meaning hackers could take advantage of it.
Microsoft was quick to patch the vulnerability, offering it from 12 March. The company says those with up to date software are "protected" from the ransomware attack.
So why weren't the affected NHS trusts up to date?
An NHS IT source told me: "They patched nothing generally."
Staff working to keep systems up to date were "crushed" - by a lack of organisational understanding and money.
Last year we investigated cybersecurity in the NHS. We found that some trusts spent no money whatsoever on cybersecurity.
The white hat hackers we worked with found serious vulnerabilities just at first glances.
Those failings have now been exposed. And it's patients who are paying the price.
The ransomware attack that has taken hospital systems in England and Scotland offline has spread globally.
According to cybersecurity firm Kaspersky, it's reached at least 74 countries, attacking all sorts of institutions.
The NHS was merely collateral damage. That doesn't absolve the NHS trusts affected, though.
NHS security will come into focus, expert says
According to security sources, this attack probably wasn't a nation state leveraging vast resources and spending months to break into a target, as we saw with the Sony hack, the infiltration of the Democratic National Committee in the US elections, or the attack that took a French TV station offline.
It was criminals looking for a Bitcoin buck.
But they supercharged the attack, using a technique originally discovered by the NSA, called Eternal Blue.
That exploit was leaked, by a group called Shadow Brokers, meaning hackers could take advantage of it.
Microsoft was quick to patch the vulnerability, offering it from 12 March. The company says those with up to date software are "protected" from the ransomware attack.
So why weren't the affected NHS trusts up to date?
An NHS IT source told me: "They patched nothing generally."
Staff working to keep systems up to date were "crushed" - by a lack of organisational understanding and money.
Last year we investigated cybersecurity in the NHS. We found that some trusts spent no money whatsoever on cybersecurity.
The white hat hackers we worked with found serious vulnerabilities just at first glances.
Those failings have now been exposed. And it's patients who are paying the price.
Friday, May 12, 2017
Cyberattack: Up to 74 countries affected by ransomware, say experts
Up to 74 countries have been affected by the ransomware cyberattack that has struck the NHS, according to experts.
Among the other nations hit were Spain, Ukraine and India, said researchers from the Kaspersky Lab.
There have been more than 45,000 attacks worldwide, mostly in Russia, the Securelist cyber security website reported.
It said: "It's important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."
Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".
Spain's industry ministry said the attack affected the Microsoft Windows operating system of employees' computers.
Telecommunications giant Telefonica was among the many targets.
The company claimed the attack was limited to some computers on an internal network and had not affected clients or services.
Image:Russia has been most affected by the attack. Pic: Securelist
In the US, delivery company FedEx said it was experiencing issues with some of its Windows systems.
Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.
:: Ransomware explained - hacking for cash is on the rise
The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.
It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.
Hacking group Shadow Brokers reportedly released the malmare last month, after claiming to have discovered the flaw from the US National Security Agency.
Among the other nations hit were Spain, Ukraine and India, said researchers from the Kaspersky Lab.
There have been more than 45,000 attacks worldwide, mostly in Russia, the Securelist cyber security website reported.
It said: "It's important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."
Mikko Hypponen, from tech firm F-Secure, called it "the biggest ransomware outbreak in history".
Spain's industry ministry said the attack affected the Microsoft Windows operating system of employees' computers.
Telecommunications giant Telefonica was among the many targets.
The company claimed the attack was limited to some computers on an internal network and had not affected clients or services.
Image:Russia has been most affected by the attack. Pic: SecurelistIn the US, delivery company FedEx said it was experiencing issues with some of its Windows systems.
Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in.
:: Ransomware explained - hacking for cash is on the rise
The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system.
It allows the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.
Hacking group Shadow Brokers reportedly released the malmare last month, after claiming to have discovered the flaw from the US National Security Agency.
Cyberattack: New setback for under-strain NHS
The scale and impact of the "ransomware" attack on at least 40 NHS organisations is not yet clear.
But senior NHS staff and administrators say an ongoing interruption to computer and IT systems could paralyse patient care and make routine treatment impossible.
The Department of Health and NHS England are currently taking some comfort from the fact that as yet there is no evidence that patient records have been breached, but it may prove little consolation.
Like most businesses and public services, the NHS is reliant on IT to function.
Unlike many, however, it is running at close to capacity. Even minor interruptions to normal routine can have a major impact on the flow of patients through hospital.
:: LIVE - Ransoms demanded as cyberattacks hits NHS hospitals
A protracted shutdown of systems across the weekend and into next week could bring parts of the system to a halt.
For a service already under acute strain because of rising demand and staff shortfalls, it is another blow.
Assessing the impact of the attack is complicated by the fact the NHS does not have an overarching IT structure.
Hospital trusts have developed their own systems and security measures and have varying ability to communicate with other organisations.
:: NHS cyberattack: Full list of organisations affected so far
A disastrous attempt to develop a unitary NHS IT system was abandoned at a cost of more than £10bn, leaving a patchwork of systems.
That may explain why so far only around 20% of Trusts have been affected, though this number may rise.
What is clear is that systems have been fundamentally compromised.
Doctors and nurses at affected hospital trusts have been unable to access patient records, appointment systems, drug charts, blood tests, x-rays and other forms of clinical information.
Affected A&E departments meanwhile have been unable to use the electronic systems that are fundamental to communicating with ambulance crews, keeping track of patient admissions and discharges, and managing the all-important "flow" that prevents hospitals grinding to a halt.
Staff at affected city A&E departments will be braced for an even more challenging weekend rush than usual.
Some paper records do exist, but securely matching these to patients will be a challenge.
Because of concern over patient confidentiality, some trusts have stopped using full names on records in an attempt to improve "information governance".
Instead, patients are referred to at some trusts by a forename and an initial, accompanied by a patient number.
:: Sky News investigation discovers NHS trusts were putting patients at risk
One consultant told Sky News that they routinely worked with three computer systems open on their computer simultaneously: the Electronic Patient Record (EPR); a separate X-ray system; and another that holds records of certain specialist drug treatments.
Even sending out letters to patients is automated. At some trusts, doctors dictate letters to an audio device, upload the audio file to a system accessed by a transcription service in India, where staff type out the letter before sending it back using an encrypted system.
:: Hacking for cash: Ransomware threats on the rise
The more of these discrete systems that are affected the longer it will take to restore normal working.
Even establishing the scale of the damage is likely to tie up trusts for the weekend and possibly beyond.
NHS managers will hope that patient records remain secure. Were hackers able to tamper with ongoing drug prescriptions for example, this crisis could become one of patient safety as well as cybersecurity.
But senior NHS staff and administrators say an ongoing interruption to computer and IT systems could paralyse patient care and make routine treatment impossible.
The Department of Health and NHS England are currently taking some comfort from the fact that as yet there is no evidence that patient records have been breached, but it may prove little consolation.
Like most businesses and public services, the NHS is reliant on IT to function.
Unlike many, however, it is running at close to capacity. Even minor interruptions to normal routine can have a major impact on the flow of patients through hospital.
:: LIVE - Ransoms demanded as cyberattacks hits NHS hospitals
A protracted shutdown of systems across the weekend and into next week could bring parts of the system to a halt.
For a service already under acute strain because of rising demand and staff shortfalls, it is another blow.
Assessing the impact of the attack is complicated by the fact the NHS does not have an overarching IT structure.
Hospital trusts have developed their own systems and security measures and have varying ability to communicate with other organisations.
:: NHS cyberattack: Full list of organisations affected so far
A disastrous attempt to develop a unitary NHS IT system was abandoned at a cost of more than £10bn, leaving a patchwork of systems.
That may explain why so far only around 20% of Trusts have been affected, though this number may rise.
What is clear is that systems have been fundamentally compromised.
Doctors and nurses at affected hospital trusts have been unable to access patient records, appointment systems, drug charts, blood tests, x-rays and other forms of clinical information.
Affected A&E departments meanwhile have been unable to use the electronic systems that are fundamental to communicating with ambulance crews, keeping track of patient admissions and discharges, and managing the all-important "flow" that prevents hospitals grinding to a halt.
Staff at affected city A&E departments will be braced for an even more challenging weekend rush than usual.
Some paper records do exist, but securely matching these to patients will be a challenge.
Because of concern over patient confidentiality, some trusts have stopped using full names on records in an attempt to improve "information governance".
Instead, patients are referred to at some trusts by a forename and an initial, accompanied by a patient number.
:: Sky News investigation discovers NHS trusts were putting patients at risk
One consultant told Sky News that they routinely worked with three computer systems open on their computer simultaneously: the Electronic Patient Record (EPR); a separate X-ray system; and another that holds records of certain specialist drug treatments.
Even sending out letters to patients is automated. At some trusts, doctors dictate letters to an audio device, upload the audio file to a system accessed by a transcription service in India, where staff type out the letter before sending it back using an encrypted system.
:: Hacking for cash: Ransomware threats on the rise
The more of these discrete systems that are affected the longer it will take to restore normal working.
Even establishing the scale of the damage is likely to tie up trusts for the weekend and possibly beyond.
NHS managers will hope that patient records remain secure. Were hackers able to tamper with ongoing drug prescriptions for example, this crisis could become one of patient safety as well as cybersecurity.
Cyber attack spreads across 74 countries; some UK hospitals crippled
Cyber attacks that hit 74 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
TRUMP CAN WIN THE CYBER WAR (BY FOLLOWING CHURCHILL'S APPROACH)
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The malware was sent via email with a file attached to it. From there, it subsequently spread.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still "ongoing" and that that the organization was "made aware of it this afternoon," according to an interview in The New York Times.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
"It's one of the widest sperad attacks we've ever seen," said Michael Balboni, President of Redland Strategies, a consulting firm that specializes in cybersecurity. Balboni, who is also a former homeland security advisor for the state of New York, said that the possiblity of another attack this size is possible.
"We're entering an age known as cyber-insecurity," Balboni added. "There's going to be a huge response from the public now that doctors and hospitals are being affected, there is going to be a huge shift in how people think about this."
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors." In total, 16 NHS organizations said they were affected.
British Prime Minister Theresa May addressed the hacks, saying it's not just targeted at the NHS.
"This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected," May said in a statement. "The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety."
May added that though she was not aware of any leaked data, vigilance must be taken.
"Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected," May said.
In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.
UK HOSPITALS TURN AWAY PATIENTS AFTER RANSOMWARE ATTACK
Hospital operator NHS Merseyside tweeted "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."
Bart's Health, which also operates a number of London-based hospitals, activated its major incident plan, which included canceling routine appointments and diverting ambulances to different hospitals.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
TRUMP CAN WIN THE CYBER WAR (BY FOLLOWING CHURCHILL'S APPROACH)
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The malware was sent via email with a file attached to it. From there, it subsequently spread.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still "ongoing" and that that the organization was "made aware of it this afternoon," according to an interview in The New York Times.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
"It's one of the widest sperad attacks we've ever seen," said Michael Balboni, President of Redland Strategies, a consulting firm that specializes in cybersecurity. Balboni, who is also a former homeland security advisor for the state of New York, said that the possiblity of another attack this size is possible.
"We're entering an age known as cyber-insecurity," Balboni added. "There's going to be a huge response from the public now that doctors and hospitals are being affected, there is going to be a huge shift in how people think about this."
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors." In total, 16 NHS organizations said they were affected.
British Prime Minister Theresa May addressed the hacks, saying it's not just targeted at the NHS.
"This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected," May said in a statement. "The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety."
May added that though she was not aware of any leaked data, vigilance must be taken.
"Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected," May said.
In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.
UK HOSPITALS TURN AWAY PATIENTS AFTER RANSOMWARE ATTACK
Hospital operator NHS Merseyside tweeted "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."
Bart's Health, which also operates a number of London-based hospitals, activated its major incident plan, which included canceling routine appointments and diverting ambulances to different hospitals.
General Election: Jeremy Corbyn rejects claims he is a pacifist
Jeremy Corbyn has rejected claims he is a pacifist, saying he accepts that military action "under international law and as a genuine last resort" is sometimes necessary.
In a major speech outlining his approach to defence and foreign policy, the Labour leader said it was an "extraordinary question" to be asked whether he would countenance pressing the nuclear button.
While he said the party was committed to pursuing disarmament and had a policy of "no first use" of nuclear weapons, he would "do everything necessary to protect the safety and security of our people and our country".
Speaking at the Chatham House think-tank in London, Mr Corbyn cautioned against a "bomb first, talk later" approach to foreign policy.
He said the world was "more unstable than even at the height of the Cold War" because of a failed approach to international security, with botched foreign interventions making the world a "more dangerous place".
In a major speech outlining his approach to defence and foreign policy, the Labour leader said it was an "extraordinary question" to be asked whether he would countenance pressing the nuclear button.
While he said the party was committed to pursuing disarmament and had a policy of "no first use" of nuclear weapons, he would "do everything necessary to protect the safety and security of our people and our country".
Speaking at the Chatham House think-tank in London, Mr Corbyn cautioned against a "bomb first, talk later" approach to foreign policy.
He said the world was "more unstable than even at the height of the Cold War" because of a failed approach to international security, with botched foreign interventions making the world a "more dangerous place".
Subscribe to:
Posts (Atom)