Podcast Summary
Preserving Healthcare During Cyber Attacks: During cyber attacks, non-networked medical equipment can be relied upon to keep the healthcare system functional, demonstrating the need for multiple backup options and old-fashioned medical techniques.
The 2017 WannaCry ransomware attack affected the UK's National Health Service (NHS) and disrupted hospital operations. However, old-fashioned medical techniques were relied upon to compensate for the failure of information systems, and isolated machines that were not connected to the network still functioned. Thus, there is a need to have multiple backup options for medical technology. In case of emergencies resulting from a lack of technology, relying on clinical judgement and using manual methods might prove useful to keep the healthcare system functional. When some systems like CT scanners are not connected to the network, they are not affected by viruses. Hence, non-networked diagnostic systems can be useful in such situations.
The impact of the WannaCry ransomware attack on the NHS and the need for improved cybersecurity measures.: The WannaCry ransomware attack on the NHS highlighted the importance of improved cybersecurity measures globally, and the need for security researchers and IT teams to work together to stay prepared for similar attacks in the future.
The WannaCry ransomware attack in May 2017 impacted the NHS and resulted in 6,912 appointments being cancelled. However, since the machines at the hospital were not connected to the wider network, patient data was not compromised. The attack was not specifically targeted at the NHS, but it impacted them along with many other organizations across the world. The attack highlighted the need for improved cybersecurity measures globally. Threat intelligence companies like FireEye were called upon to investigate this high-profile case and warned other customers as they believed the attack would hit more organizations. Security researchers and IT teams have to work together to stay prepared for similar attacks in the future.
Investigating the WannaCry Ransomware Attack: Independent security researchers can quickly analyze and publish findings on malware attacks like WannaCry using tools like IDA Pro or Ghidra. Memory forensic experts like Matt Suiche can identify exploits used by ransomware, making analysis easier.
During the WannaCry ransomware attack, many companies and independent security researchers investigated it to find a way to detect and block it. Malware like ransomware is easy to analyze as it is very redundant and always does the same thing. The malware was using EternalBlue, which the Shadow Brokers gave the world a month before the outbreak. To analyze the malware, one needs to be skilled in the reverse-engineer tool like IDA Pro or Ghidra. Matt Suiche, the founder of Comae Technology, specializes in memory forensics and investigated the ransomware, identifying the exploit it was using. Independent researchers can publish their findings quickly compared to large companies due to their internal publishing cycle.
The WannaCry Ransomware Attack and the Shadow Brokers' EternalBlue Exploit: Keeping your computer operating system updated and installing security patches is crucial to prevent ransomware attacks like WannaCry, which utilized the EternalBlue exploit released by the Shadow Brokers.
The Shadow Brokers released the EternalBlue exploit which exploited a serious vulnerability in Windows file sharing. This exploit was then used by WannaCry ransomware that spread quickly and infected many machines as it was a self-propagating worm. It was a serious problem for those computers that haven't been updated frequently. However, Microsoft had already patched this exploit two months earlier, and anyone who had automatic updates enabled or installed the latest security patches was not affected. Matt, who was mentioned by the Shadow Brokers, was not a part of NSA or Equation Group. Also, according to him, they were friendly and seemed to like him. He had given a talk at Black Hat about the Shadow Brokers and was fascinated with their releases.
The WannaCry Ransomware Attack and its Aftermath: Paying the ransom in a ransomware attack is not a guarantee of receiving valid decryption keys. Researchers believe the WannaCry attack had other motives and victims should not pay, as it only fuels further attacks. Microsoft released a patch for unsupported operating systems after the attack and it's important to have up-to-date software and security measures.
Ransomware attack WannaCry impacted a lot of old computer systems including those of NHS in the UK. Microsoft released a patch for XP, which wasn't supported anymore, after this attack. Victims who paid the ransom to unlock their files did not receive a valid key for decryption. Researchers believed that the attack had other intentions, like destroying a target or network. It was important not to pay in this case because it would be a waste of money. John's team developed a way to detect and block this activity in their clients' networks. They were trying to determine who was behind the attack and what the motive was- a state or a destructive attack. The ransomware had a kill switch URL which would stop it from running if it existed.
How a Tech Hero Stopped a Global Ransomware Outbreak: Through quick thinking and action, Marcus Hutchins saved the world from devastating financial damage and potential catastrophe. Even when faced with new variants, experts united to prevent further harm.
Marcus Hutchins found a URL in the code of the malware used in one of the largest ransomware outbreaks in history and registered the domain himself. This instantly stopped the ransomware from infecting more machines worldwide. He became a hero for saving the world from billions of dollars in damages and hundreds of thousands of more infections. However, new variants of the ransomware continued to appear, with different kill switch domains, but security experts were able to register them before the malware could cause significant damage. One variant did not have a kill switch, but it did not spread widely either, likely due to antivirus companies detecting and patching vulnerabilities in computer networks.
The North Korean connection and missed opportunity to prevent WannaCry attack: Cybersecurity experts discovered a kill switch to stop WannaCry ransomware, which was launched by North Korea and could have been prevented if Microsoft had caught the bug earlier. Mindful preventive measures are necessary.
The WannaCry ransomware was launched by someone in North Korea, and the malware infected around 230,000 computers in 150 countries and made $140,000 worth of Bitcoin. The malware was ultimately stopped due to a kill switch discovered and registered by cybersecurity experts, but Microsoft turned it down due to legal concerns. North Korea was also responsible for previous cyber-attacks, including targeting Sony Pictures and the Bangladesh Bank hack. The indictment by the US Department of Justice showed that Park Jin Hyok, a North Korean computer programmer, was one of the members of the conspiracy behind these attacks. The origin of WannaCry came from the exploitation of a bug during development and testing, which could have been prevented if Microsoft had caught it earlier.
North Korean Hackers and the Lazarus Group: The Lazarus Group, a North Korean hacking group, operates from Bureau 121 and recruits elite military members to carry out attacks. Their main targets are South Korea, Japan, and the United States, but they have been known to initiate large-scale attacks worldwide.
North Korean hackers, also known as The Lazarus Group, are believed to operate from Bureau 121, a branch of the Reconnaissance General Bureau which is a military branch that conducts clandestine operations. Bureau 121 recruits elite members of the military who are trained to learn how different operating systems work, how to program, how to use attack tools, and everything in between. North Korean's main attack targets seem to be South Korea, Japan, and the United States, but they have no problem unleashing huge attacks in other parts of the world. When North Korean hackers wage their attacks, they often physically travel out of North Korea to do it. The Lazarus Group was behind many hacking campaigns in 2014 and they used Java, PHP, and Visual C++ to write most of the malware used in North Korea.
The Dangers of North Korean Hacking Activities: North Korean hacking activities are dangerous as they operate from other countries to avoid detection and have caused millions of dollars in damage. Companies need to take their online security seriously to prevent physical harm and potential loss.
North Korean hackers operate from other countries to avoid detection as their internet is heavily monitored. Their motives for cyber-attacks fall under hacktivism, cyber-crime, and nation-state hacking. Hacking is a perfect strategy for North Korea as it is inexpensive, less risky, and denies involvement. They have caused damage worth millions of dollars and even sparked new EU sanctions. The next attack from North Korea could result in major physical harm. Recent major attacks should serve as a wake-up call for companies to take their online security seriously.