In the news

There are many it security tools, but they are not free, barsome open source tools (not sure how much these cover, though commercial tools also gave gaps, vulnerability scanning yes, openvas)

But the likes of qradar, splunk etc cost quite a bit how are they going to do this while having funds cut?

Useful info for the curious here

https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/

Amber Rudd was on R4 earlier crowing about the investment in the NSC (which is obviously a good thing), but unfortunately was not challenged on the under-investment in the NHS that will have contributed to the fact that lots of them still run XP.

The majority of problems with this incident weren't due to lack of security tools, it was down to legacy systems needing to be run on Windows XP boxes that can't be patched against these vulnerabilities (mostly ancient Samba vulns).

No matter what you do to prevent the initial infection (virus scanning emails, firewall protection, etc) someone is going to double click the attachment from their personal email, visit the dodgy website or just be a victim of malvertising. But once it has the initial in it's going to spread like wildfire if the machines on your internal network are just not up to date.

There's plenty of legacy software in use in companies (and behemoths like the NHS) that can't run on anything newer.

The question is whether the cost of an incident like this is more expensive than getting everything updated and/or paying vendors to write stuff that will work on the latest OSes.

NHS IT is so flaky; our month end financial reporting was nearly scuppered this month as NHS Digital released some new software only compatible with Windows Server 2008 or later. We are running 2003.

True, although the question of costs might need to be judged differently when lives are involved (like the stories of the potential impact on stroke victims resulting from the lack of x-ray facilities).

On reflection, it's difficult to come to any other conclusion that the answer to this issue lies in Brexit. In the short-term, the weekly pot of £350m will help pay for the much-needed upgrades to the systems that the previous Labour government evidently failed to address; and in the longer term our new trade deals will mean we can get American health-care companies to modernise everything up to the same standards enjoyed by the world's leading economic power.

If you ignore the human impact then blocking access to webmail accounts, whilst bringing in a proper behavioural analysis and blocking layer at the perimeter would stop the number one threat vector of email.

NSC mean well but don't actually have a great understanding of how things actually work- too much faith in the RFC and their own untested and unverified abilities.

I was on-call yesterday in A+E. It was carnage.
We weren't hit, but had pulled all our services off-line; were taking emergency diverts from local hospitals that had been hit; and desparately finding ways of sending people to specialist centres for acute conditions we cannot deal with locally (without any image transfers).
It was kind of spectacular, as pretty much everything still happened without too many problems- probably suggesting our hospital hasn't moved on much (technology wise)since 1973.

It's certainly a good sign, right? If hospitals can't function without non-essential tech, that's probably a big problem. Hopefully everyone comes out of this okay and this will give some people something to think about.

Fuck. Good on you mate.

Good job :)

On an extremely general note; would the sheer size of this attack make it easier to find the culprits? The hackers becoming victims of their own success etc.
Not the best analogy perhaps, but if two bank robberies were executed in exactly the same way, it should still be easier to catch the guy who got away with 50 million as opposed to the guy who got away with 50 K.

It's not just the NHS that's at risk from these sorts of attacks:

http://www.popularmechanics.com/military/weapons/a19061/britains-doomsday-subs-run-windows-xp/

I like that write access to thumbdrives is disabled on my desktop but Google Drive not a problem.

The scale of the problems caused makes it easier for the law & the state to get the funding and backing to find those responsible.

They might aim to make an example of them.

They might also seek to use it as a way of clamping down on cyrpto currencies.

Given the size and scale of the attack, is it not most likely that it's come from a state sponsored group? Even if it was individuals or a small group, the likelihood of them ever being prosecuted for this is slim to non-existent.

Hmmm. Dunno. I'd imagine State sponsored stuff being pretty stealthy. Time bomb, invisible type stuff.

This seems ammeterish in its distribution, visibility and its demands.

I reckon it's script kiddies making a big mistake. Or mid level crims. I'd imagine that they are shitting themselves now.

Will be interesting to see.

Even if it was individuals or a small group, the likelihood of them ever being prosecuted for this is slim to non-existent.

Why?

The tinfoil hat in me wouldn't put it past the tories to pull something like this in an attempt to destabilise the NHS to help persue their aims of privatisation :/

Just checked my work email and they shutdown all external email in/out yesterday evening as a precaution

It does seem a bit too indiscriminate to be a state attack? And why would they be collecting ransom rather than using the backdoor to gather data quietly?

Apparently there is a new variant on the loose which doesn't have the kill switch.

And meanwhile:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

https://www.theguardian.com/environment/2017/may/12/uk-farmers-call-for-cross-country-pipelines-after-driest-winter-in-20-years-water-shortage-south-east

http://www.bbc.co.uk/news/business-39897774

https://en.wikipedia.org/wiki/Grand_Contour_Canal
@ffm, @hamrack

This concept came up in a beer-fuelled discussion recently at Wests.

Arguably the 300ft canal is of more National importance than HS2.

Or they could fix the pipes and stop the 3 billion litres lost every day...

Communist!