WannaCry NHS attack – busting the myths

Des Ward, information governance director at Innopsis, reflects on the real story behind the WannaCry cyber-attack.

Just over a month ago, the headlines were screaming about a cyber-attack against the NHS, the nightmare scenario of Denial of (public) Service was upon us.  WannaCry ransomware was tearing through the world, encrypting everything in its wake and wreaking havoc.

It was a great case study in the way that cyber security confuses everyone.  Very little of what was reported at the time was accurate. 


RELATED CONTENT


Was the attack really aimed at Windows XP?

The issue was initially reported as a weakness that affected all systems from Windows XP to Windows 10 – using malware created by the NSA that was stolen and released by hackers onto the dark web.

As this weakness affected Windows XP, then the issue had to be the use of Windows XP didn’t it?

The reality however is very different – hacking tools used were unreliable on Windows XP and Windows 10 – but were effective on Windows 7 and Server 2008.  It now looks increasingly likely that:

  • The ransomware entered companies because a port only used for file sharing (SMBv1) was available on the internet
  • The first hacking tool exploited the weakness on the system accessible from the internet
  • This ransomware spread as the second hacking tool took control of the computer and continued scanning inside the network

Was the attack really aimed at the NHS?

The NHS was the name most commonly cited in early reporting of the issue, leading to many commentators describing it as an “attack on the NHS”.  In reality, the NHS wasn’t a particular target.  As of 20th May, there were an estimated 300,000 affected computers in more than 74 countries.

The spread of WannaCry had the attributes of an infectious disease, not a targeted attack.  It propagated into any system where there were vulnerable points of entry.  There were reports of infections in Spain, the UK, Portugal, Germany, China, Russia and others. 

Organisations confirming they were targets included FedEx, Nissan, Deutsche Bahn Railway, Hitachi, the Russian Central Bank, Telefonica and the NHS.  Car manufacturers Nissan and Renault confirmed that they halted car manufacturing to contain the attack. 

The business impact of WannaCry was primarily the result of the control measures that organisations implemented to stop it from spreading, not of the ransomware itself.  In many cases, email systems were suspended to prevent it from moving from one system to the other, and remote access services were also halted.  It was this preventive action that caused the majority of the business impact, not the ransomware itself.

Was this a new type of threat?

WannaCry may appear like a new and dangerous type of threat, but it’s not.  This type of attack was used against Sony in 2014 and 14 years ago in Blaster.  It has been prevalent for over a decade and can be protected against by firewalls and regular patching.  In fact, a patch against this specific vulnerability was made available almost two months prior to the attack (well within the timescales required by both Cyber Essentials and PCI DSS).  The publication of the NSA tools made the tabloid press, the weakness was easy to exploit and the fact that the patch was available for over a month should prompt us to question why this happened on such a scale?

So, it wasn’t new, it wasn’t that clever and it was straightforward to prevent; so how did WannaCry manage to cause such extensive disruption, and what can the public sector do protect against future attacks?

Technical and systems controls don’t cover it

Most cyber security controls and standards are based on a technical or systems-based view of the work.  They assume that if you define the scope of a system, application or network, then you can control and manage the security risks that are associated. 

However, modern organisations are too complex and change too much for these approaches to work.  The breadth of each security policy can be set to make devices and entire networks out of scope.  For example, Cyber Essentials doesn’t include applications or connected cloud services in the assessment – how many organisations are there today that don’t use applications or have any connected cloud services?

The challenge has always been that scoping compliance programmes is preferable for businesses, as it reduces the perceived burden on the organisation’s ability to operate.  However, the following examples show why this is approach is no longer tenable:

Acquisitions and corporate changes mean the technical environment is constantly changing.  Looking at TalkTalk in 2015, the reason why the attack was possible was a web server lay untouched since Tiscali was taken into the company in 2009.  That cost TalkTalk over £400,000 in fines and far more in costs of providing credit checks for their customers.

The impact from poor information governance is rarely assessed as part of cyber security standards.  Looking at Dr Deer vs Oxford University, the costs of not being able to respond to a Subject Access Request under the Data Protection Act 1998 rose to £116,000 from having to search electronic storage.  This was not a fine, but would’ve made the top ten easily for personal data.

Protecting against an attack can also cause disruption.  Look at WannaCry, the likely reason for outage of NHS services was switching computers off – a case of simply not knowing what was happening and taking steps to protect data.  They created an effective Denial of Service condition that has not been tallied in terms of costs yet.

We have reached a tipping point with regards to how far scoped compliance for cyber initiatives can take us on their own.  We need to ensure that the organisation knows how, where and why to use the plethora of security tools, devices and advice. 

The need for governance

The need for information governance to augment cyber initiatives is very real. Within the UK, a basic public sector organisation has over 40 separate laws to comply with for managing information (private sector organisations rise to over 50), which amount to the following activities for assessment:

  • the location of the data (how do you know where it is being stored, or if it has been deleted?) 
  • the format of the information (what is the asset?) 
  • the usage requirements (what purpose is the information acquired for?)
  • the disclosure requirements (can you share it, and what are the requirements?) 
  • the retrieval requirements (the retention period and whether you can you access the information throughout that period?) 
  • the handling requirements (does it need encryption, where can it be accessed from, what right of audit is there?)

My view of the current cyber approaches concludes that the lack of a standardised approach and concentration on information is hampering evolution. This is supported by Rob Wainwright, director of Europol, who believes that the recent failings in cyber defences were more to do with lack of leadership in large organisations than lack of IT investment.

The issue, therefore, is not addressed merely by buying more technology, but looking at how, why and where the technology is used.

Lessons to be learned

We need to learn from WannaCry in the following ways:

  • Work out how, why and where you are undertaking cyber activities – revisit those applications/systems you thought you didn’t need to patch or update because they weren’t in a compliance scope – hacking tools don’t respect scopes
  • Review your firewalls to ensure that they are only allowing the access to the applications, networks and/or systems you intend
  • Look at your information and understand how well you could answer the activities identified above – they will be crucial for the General Data Protection Regulation (GDPR), in force from last year, but not law until 2018
  • Use this understanding of information to review all your applications/systems again

The clock is ticking for action and the next wave of attacks is quite possibly on the way – using seven NSA tools this time and far more subtle. 

The fix, however, remains the same – ensure that you manage information and related applications/systems within your entire estate.

Colin Marrs

Learn More →

70 thoughts on “WannaCry NHS attack – busting the myths

  1. Beauty Fashion December 6, 2024 at 6:46 pm

    Thanks for your helpful post. In recent times, I have been able to understand that the particular symptoms of mesothelioma cancer are caused by a build up connected fluid between your lining of your lung and the torso cavity. The infection may start in the chest vicinity and propagate to other parts of the body. Other symptoms of pleural mesothelioma include fat reduction, severe breathing in trouble, a fever, difficulty eating, and swelling of the face and neck areas. It must be noted that some people existing with the disease usually do not experience almost any serious indications at all.

  2. Hair Styles December 7, 2024 at 9:41 am

    Hi there! I know this is kind of off topic but I was wondering which blog platform are you using for this site? I’m getting fed up of WordPress because I’ve had problems with hackers and I’m looking at options for another platform. I would be awesome if you could point me in the direction of a good platform.

  3. Beauty Fashion December 12, 2024 at 12:56 pm

    Wow that was odd. I just wrote an really long comment but after I clicked submit my comment didn’t appear. Grrrr… well I’m not writing all that over again. Anyways, just wanted to say wonderful blog!

  4. Hairstyles December 13, 2024 at 7:00 am

    You should participate in a contest for among the finest blogs on the web. I’ll advocate this site!

  5. Hairstyles January 7, 2025 at 12:28 am

    I have mastered some new things from your internet site about pcs. Another thing I’ve always thought is that computer systems have become an item that each home must have for a lot of reasons. They offer convenient ways in which to organize homes, pay bills, go shopping, study, pay attention to music and perhaps watch television shows. An innovative strategy to complete these tasks is a notebook computer. These computers are mobile, small, powerful and easily transportable.

  6. medartix.com January 16, 2025 at 6:41 pm

    Fantastic blog post.Really thank you! Really Cool.

  7. Jorgedak January 22, 2025 at 7:27 am

    Mexican Easy Pharm: Mexican Easy Pharm – Mexican Easy Pharm

  8. Rodneyicems January 23, 2025 at 1:34 pm

    mexican rx online https://mexicaneasypharm.com/# mexico drug stores pharmacies
    buying prescription drugs in mexico online

  9. Rodneyicems January 24, 2025 at 4:17 am

    п»їbest mexican online pharmacies https://mexicaneasypharm.shop/# Mexican Easy Pharm
    mexican border pharmacies shipping to usa

  10. Albertruith January 24, 2025 at 12:29 pm

    http://semapharm24.com/# semaglutide tablets
    5mg prednisone

  11. Albertruith January 24, 2025 at 5:22 pm

    http://predpharm.com/# prednisone 2.5 mg daily
    prednisone online pharmacy

  12. Albertruith January 24, 2025 at 10:28 pm

    http://kamapharm.com/# cheap kamagra
    10 mg prednisone

  13. Albertruith January 25, 2025 at 3:48 am

    https://predpharm.com/# Pred Pharm
    prednisone 10mg cost

  14. Albertruith January 25, 2025 at 11:51 am

    https://dappharm.com/# buy dapoxetine online
    prednisone canada prescription

  15. Albertruith January 26, 2025 at 3:58 am

    https://predpharm.com/# can i buy prednisone online without prescription
    prescription prednisone cost

  16. Albertruith January 26, 2025 at 11:21 am

    http://predpharm.com/# Pred Pharm
    prednisone acetate

  17. Albertruith January 26, 2025 at 6:43 pm

    https://cytpharm.com/# Cyt Pharm
    prednisone for sale in canada

  18. Albertruith January 27, 2025 at 2:06 am

    https://cytpharm.shop/# CytPharm
    online prednisone 5mg

  19. Albertruith January 27, 2025 at 8:58 am

    http://predpharm.com/# PredPharm
    prednisone 30

  20. Albertruith January 27, 2025 at 3:48 pm

    http://dappharm.com/# priligy
    buy prednisone no prescription

  21. Albertruith January 27, 2025 at 9:20 pm

    https://kamapharm.shop/# buy kamagra online usa
    where to buy prednisone in canada

  22. Albertruith January 28, 2025 at 2:52 am

    http://kamapharm.com/# Kama Pharm
    where to buy prednisone 20mg no prescription

  23. MichaelVon January 28, 2025 at 11:28 am

    https://farmatadalitaly.com/# farmacie online sicure
    Farmacia online piГ№ conveniente

  24. MichaelVon January 28, 2025 at 4:22 pm

    http://farmasilditaly.com/# esiste il viagra generico in farmacia
    Farmacia online miglior prezzo

  25. MichaelVon January 29, 2025 at 1:53 am

    https://farmabrufen.com/# Farma Brufen
    farmacia online piГ№ conveniente

  26. WilliamTraix January 31, 2025 at 7:15 am

    Casino visits are a popular tourist attraction. https://phmacao.life/# Live dealer games enhance the casino experience.

  27. Patrickbeisa January 31, 2025 at 7:43 am

    Manila is home to many large casinos.: taya365 login – taya365 login

  28. Josephbycle January 31, 2025 at 8:21 am

    phtaya casino phtaya casino Slot tournaments create friendly competitions among players.

  29. LannyRinly January 31, 2025 at 10:08 am

    Loyalty programs reward regular customers generously.: taya365 login – taya365.art

  30. WilliamTraix January 31, 2025 at 12:15 pm

    High rollers receive exclusive treatment and bonuses. http://taya777.icu/# Slot machines attract players with big jackpots.

  31. LannyRinly January 31, 2025 at 3:02 pm

    Players can enjoy high-stakes betting options.: taya365.art – taya365

  32. Josephbycle January 31, 2025 at 4:54 pm

    taya777 taya777 Manila is home to many large casinos.

  33. WilliamTraix January 31, 2025 at 5:10 pm

    Slot machines attract players with big jackpots. https://jugabet.xyz/# La mГєsica acompaГ±a la experiencia de juego.

  34. Patrickbeisa January 31, 2025 at 5:38 pm

    Some casinos have luxurious spa facilities.: phmacao.life – phmacao casino

  35. LannyRinly January 31, 2025 at 7:55 pm

    Loyalty programs reward regular customers generously.: taya365.art – taya365.art

  36. WilliamTraix January 31, 2025 at 9:59 pm

    Players enjoy both fun and excitement in casinos. http://phtaya.tech/# Players must be at least 21 years old.

  37. LannyRinly February 1, 2025 at 12:30 am

    La mГєsica acompaГ±a la experiencia de juego.: jugabet casino – jugabet

  38. Daviddof February 1, 2025 at 12:43 am

    https://taya777.icu/# The casino industry supports local economies significantly.
    Slot machines feature various exciting themes.

  39. Josephbycle February 1, 2025 at 1:07 am

    phtaya phtaya login The Philippines has several world-class integrated resorts.

  40. WilliamTraix February 1, 2025 at 2:37 am

    Manila is home to many large casinos. http://phtaya.tech/# Slot machines feature various exciting themes.

  41. LannyRinly February 1, 2025 at 5:06 am

    Los torneos de poker generan gran interГ©s.: jugabet chile – jugabet

  42. WilliamTraix February 1, 2025 at 7:20 am

    The gaming floors are always bustling with excitement. http://jugabet.xyz/# Los juegos de mesa son clГЎsicos eternos.

  43. Josephbycle February 1, 2025 at 9:12 am

    phmacao com login phmacao com login Players often share tips and strategies.

  44. LannyRinly February 1, 2025 at 9:44 am

    Algunos casinos tienen programas de recompensas.: jugabet chile – jugabet casino

  45. WilliamTraix February 1, 2025 at 12:06 pm

    Visitors come from around the world to play. https://winchile.pro/# Las apuestas deportivas tambiГ©n son populares.

  46. LannyRinly February 1, 2025 at 2:27 pm

    Muchos casinos ofrecen restaurantes y bares.: jugabet.xyz – jugabet.xyz

  47. WilliamTraix February 1, 2025 at 4:52 pm

    Many casinos provide shuttle services for guests. https://jugabet.xyz/# Los torneos de poker generan gran interГ©s.

  48. Josephbycle February 1, 2025 at 5:17 pm

    taya777 register login taya777 Players must be at least 21 years old.

  49. LannyRinly February 1, 2025 at 7:12 pm

    Las tragamonedas ofrecen grandes premios.: win chile – winchile.pro

  50. WilliamTraix February 1, 2025 at 9:43 pm

    The Philippines offers a rich gaming culture. https://taya777.icu/# Resorts provide both gaming and relaxation options.

  51. LannyRinly February 2, 2025 at 12:00 am

    The Philippines has several world-class integrated resorts.: taya365.art – taya365 com login

  52. Josephbycle February 2, 2025 at 1:26 am

    taya777 register login taya777 register login Cashless gaming options are becoming popular.

  53. WilliamTraix February 2, 2025 at 2:35 am

    Many casinos offer luxurious amenities and services. https://phtaya.tech/# The Philippines has a vibrant nightlife scene.

  54. LannyRinly February 2, 2025 at 5:12 am

    Los casinos organizan eventos especiales regularmente.: winchile – winchile.pro

  55. LannyRinly February 2, 2025 at 10:10 am

    Slot machines feature various exciting themes.: taya365.art – taya365.art

  56. Josephbycle February 2, 2025 at 11:38 am

    taya777 register login taya777 Players can enjoy high-stakes betting options.

  57. LannyRinly February 2, 2025 at 7:59 pm

    The casino experience is memorable and unique.: phtaya.tech – phtaya casino

  58. Josephbycle February 2, 2025 at 9:39 pm

    win chile win chile La mГєsica acompaГ±a la experiencia de juego.

  59. LannyRinly February 3, 2025 at 1:02 am

    The casino experience is memorable and unique.: phmacao com – phmacao.life

  60. WilliamTraix February 3, 2025 at 5:10 am

    Manila is home to many large casinos. https://taya777.icu/# Responsible gaming initiatives are promoted actively.

  61. LannyRinly February 3, 2025 at 6:14 am

    The casino experience is memorable and unique.: phmacao.life – phmacao.life

  62. LannyRinly February 3, 2025 at 11:30 am

    Resorts provide both gaming and relaxation options.: phmacao.life – phmacao com

  63. Daviddof February 3, 2025 at 4:09 pm

    http://taya777.icu/# Gaming regulations are overseen by PAGCOR.
    Players enjoy a variety of table games.

  64. LannyRinly February 3, 2025 at 4:36 pm

    Many casinos offer luxurious amenities and services.: phmacao club – phmacao com

  65. Josephbycle February 3, 2025 at 5:15 pm

    winchile winchile Las ganancias son una gran motivaciГіn.

  66. WilliamTraix February 3, 2025 at 6:19 pm

    The Philippines has several world-class integrated resorts. http://winchile.pro/# Los casinos organizan eventos especiales regularmente.

  67. LannyRinly February 3, 2025 at 9:36 pm

    Los juegos en vivo ofrecen emociГіn adicional.: winchile – win chile

  68. Daviddof February 4, 2025 at 12:33 am

    https://jugabet.xyz/# Los casinos son lugares de reuniГіn social.
    Promotions are advertised through social media channels.

  69. LannyRinly February 4, 2025 at 2:35 am

    La seguridad es prioridad en los casinos.: winchile casino – winchile casino

  70. Josephbycle February 4, 2025 at 3:05 am

    winchile casino winchile.pro Los juegos de mesa son clГЎsicos eternos.

Leave a Reply