IT Professionals, Guilty

EstebanSexface · May 14, 2021, 9:32am

or if they’re clever they’ll go at the one looking to hide/protect something, a deterrent will draw the big boys, they love a challenge

TheUlteriorMotive · May 14, 2021, 9:34am

What’s the most vulnerable to attack - is it phones and people clicking on links ?

EstebanSexface · May 14, 2021, 9:35am

It’s people. Clicking links, leaving passwords around, all sorts of stupid shit you wouldn’t believe. Not only that disgruntled people will go and give sensitive information for cash.

It’s practically impossible to keep them out technologically speaking because the real vulnerability is idiots

Copper_pipe · May 14, 2021, 9:51am

EstebanSexface · May 14, 2021, 9:53am

@Fulvio_From_Aughnacloy is after doing a serious job here to slow it down now they were making progress

TreatyStones · May 14, 2021, 9:56am

The initial access is nearly always gained by one of two ways:

Brute forcing/credential stuffing exposed Remote Access servers
Phishing users and gathering credentials

EstebanSexface · May 14, 2021, 10:01am

RDP has been hammered since all the working from home and brute forcing those is because numpties have passwords like P@ssword123 and LiamIsHome2018

TheUlteriorMotive · May 14, 2021, 11:41am

TreatyStones · May 14, 2021, 11:49am

Is this what the HSE have been hit with?

manbehindthewire · May 14, 2021, 11:50am

Yes.

TreatyStones · May 14, 2021, 1:17pm

I’d love to know what the HSE IT estate is like. I’d suspect that they are still running a lot of XP and Win 7 systems.

artfoley · May 14, 2021, 1:22pm

novell and win ME probably

TreatyStones · May 14, 2021, 1:24pm

They’d probably be grand if that was the case.

TreatyStones · May 14, 2021, 1:35pm

However, Mr Thomson said that the HSE’s initial assessment of the cyberattack is that it involves a ‘Zero Day’ attack. This means that there is a vulnerability in some hardware or software which would make the malware undetectable by conventional anti-virus or security software.

That would be very surprising and hard to arrive at that conclusion so quickly.

Spidey · May 14, 2021, 2:11pm

At least they had their priorities right spending €3.5 million on Teams and associated training

Copper_pipe · May 14, 2021, 2:12pm

Spidey · May 14, 2021, 2:12pm

Is that not standard for Friday afternoons?

artfoley · May 14, 2021, 2:13pm

looks like you were right and i wouldnt imagine that they did a lot of upgrading in the last 15 months either

TreatyStones · May 14, 2021, 2:16pm

In fairness the charges quoted in that are a pittance in the scheme of things:

Industry estimates put the cost at €50 per PC per year, doubling each year.

This could see the HSE stuck with a bill for €2.3m in 2020, rising again in 2021 if the outdated systems remain.

The big issue is those systems are so much more vulnerable to various exploits and tools that hackers run once they are on the network.

Copper_pipe · May 14, 2021, 2:18pm

I’m trying to do a quick count of the Win. 7 and XP systems in our place. I’m at 14 on the XP count