Global Ransomware Attack Used NSA Hacking Tools "At A Scale Never Seen Before"

Discussion in 'Serious Discussion' started by emk810, May 12, 2017.

  1. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,894
    10,734
    240
    hmm wannacry in my system no, still I don't need none AV :p Windows Firewall make your job perfectly (only need understand and know how to configure it correctly simple :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Oz

    Oz MDL Expert

    Sep 1, 2009
    1,132
    768
    60
    The irony, majority of computers hacked are run by governments, and this is caused by back doors created by another government.
    Like watching blind people fight.

    I would be surprised if a single person got fired at the NHS.
    Also would not be surprised if the "Hero" is the one who released it originally during his week off.
     
  3. fadingstar

    fadingstar MDL Novice

    Mar 2, 2017
    27
    5
    0
    So how can we be insure our PC is safe. Like only old Windows e.g. XP, 8 are affected or every version of Windows?
    I am running Windows 10. Should I be worried?
    What's the solution/prevention?
     
  4. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,507
    2,082
    120
    Windows has already provided a patch for XP, 8 and server '03. If you got the March '17 update you should be o.k. unless this wanacry changes or morph's into something different
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,507
    2,082
    120
    Fired? The man will probably get a promotion for playing a part in taking down part of the Russian govt
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    #26 Yen, May 15, 2017
    Last edited: May 15, 2017
    To make a statement on this one needs to know how wannacry spreads itself. There are 2 different ways.
    One is via email and one is via a vulnerability at the SMB.
    The former can be avoided by common sense when getting suspicious emails and/or have a recent virus scanner running, the latter by sitting behind a firewall/router which has the used ports unavailable. These are especially 445 and 135.

    The fact that people are behind a router AND the accidentally discovered kill-switch -a cryptic domain- which has been set live slowed down the spreading...

    As soon as wannacry could reach that domain it slowed down spreading drastically.

    The solution is to patch the OS. W10 also.

    Older OSes are also affected. M$ has extra released a patch for them as well.

    Make sure you have either the monthly update or the particular security update only installed on your OS:
    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

    Additionally you might want to scan the both ports from outside for reachability using an online portscanner.
    This additionally assures to avoid further attacks via those ports.
    Make sure to scan your ports from 'outside' Inside the intranet/network they are open.

    http://www.ipv6scanner.com/

    Mine have been filtered all the way by my router's firewall.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Oz

    Oz MDL Expert

    Sep 1, 2009
    1,132
    768
    60
    When was the last time you used a system that was completely without any Windows updates.?

    I do not update anything apart from when service packs used to come out, and the difference in speed is just unbelievable. When I'm on a Windows 7/ 8 et with all updates loaded, I find most of them unusable, everything takes so long to open, there are crashes, and MS obviously is stuffing things up deliberately to force a downgrade to their Spyware 10.

    I hope Microsoft will be sued for not fixing these issues, they have known about them for a long time and left the door open for the US government.
    It appears that anything goes for that scumbag Nadella, his family did a "great" job raising him, "Just do whatever you have to do to get ahead, lie, cheat, steal, anything, that's my boy"

    There must be grounds for refunds for the Windows versions still under "support", "Not fit for purpose" would be one reason enough.
     
  8. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,068
    4,649
    150
    It was a RS-6000 running AIX I think...So it didn't need any windows updates. :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    #29 Yen, May 16, 2017
    Last edited: May 16, 2017
    Even though I completely agree with you (yes M$ is actually slowing down their OSes by updates near EOL especially to make their 'newer' ones more attractive) I wonder why you still are using windows and do complain.




    The SMB vulnerability is an really old one. It comes from the NT branch. I strongly assume it is known for years already!


    The job of secret services is to find vulnerabilities and to use them, that's common sense. Therefore they acquire hackers just like the Equation Group.

    As soon as it becomes public M$ has to patch it.
    That means it neither can be of any interest of the NSA to make them public nor an interest of the M$-NSA cooperation.
    Both took benefit and that's the reason why it lasted long time.

    But things have changed when the Shadow Brokers have made public some of the tools of the Equation Group on AUGUST last year already.
    What's a shame is that M$ is presenting themselves like a savior saying the vulnerability has been patched on March 'already'.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    #30 Yen, May 16, 2017
    Last edited: May 16, 2017
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Oz

    Oz MDL Expert

    Sep 1, 2009
    1,132
    768
    60
    Life is too short for Linux on a desktop/ laptop

    Plus XP & Se7en runs OK as long as one skips the patch hackjobs.
     
  12. ancestor(v)

    ancestor(v) Admin
    Staff Member

    Jun 26, 2007
    3,017
    6,170
    120
    Linux (especially easy distributions like Mint) is just perfect for everyday work. I'm running dual boot, and I'm 99% on Linux. But no Linux/Windows discussion now here, wrong thread.

    Interesting read, if you haven't seen it already:
    https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

    Let's see how this WannaCry story plays out in the end. With these events, maybe the responsible people will take more care about actually creating safe systems instead of spreading snake oil. This might be an unpopular and disputable view, but if you try to find a positive end for all this... to me it sometimes feels like an "immune defence" or evolution on the internet. Make your system and code safe and you will survive. Same with the bots bricking unsafe IoT devices:
    http://www.networkworld.com/article...someone-is-bricking-insecure-iot-devices.html
    And of course, this has alarming (but honestly, also ridiculous) consequences:
    https://consumerist.com/2016/08/19/...-lightbulb-servers-leaves-buyers-in-the-dark/
    https://consumerist.com/2016/04/06/...s-who-will-own-300-paperweights-as-of-may-15/
    http://www.overclock.net/t/1319323/...internet-connection-or-their-servers-are-down
    It's the hard way to learn, but humans seem to learn only from errors and damage and not by doing the right thing in the first place. Yeah, let's connect everything, put all stuff in a cloud and don't waste one single thought on protection, customers are only hindered from the obstacles created by safety anyways!

    This policy of consumers and manufacturers just not caring about safety is one of the main problems IMHO.

    But before going totally off-topic... some links on the topic which I found interesting; mostly comprehensive stuff:
    https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
    https://www.cs.bu.edu/~goldbe/teaching/HW55815/presos/eqngroup.pdf
    http://ftsnnews.x10host.com/blog/20...-stuxnet-cyber-weapon-used-on-iran/?print=pdf
    http://cert.europa.eu/static/SecurityAdvisories/2017/CERT-EU-SA2017-012.pdf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,507
    2,082
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,068
    4,649
    150
    Or China and made to look that way.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,507
    2,082
    120
    Quite possible because the real perpetrators could make it look like it was from N.K. But I think N.K. govt has much more to gain from this than China would, because N.K. is hurting from the strict U.N. sanctions more now than when Obama was in office

    or... it could be some 14yr old punk geek in Queens too, But Kaspersky thinks it is from N.K.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,068
    4,649
    150
    @Joe C: That makes good sense. And Kaspersky is reputable.

    :rofl: I wouldn't put it past some of these kids. They are really clever.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    13,101
    14,047
    340
    Two things I'd like to point out.

    1. Installing the patch from M$ does not prevent wannaCry to run. Once it is there it can run and still encrypts files.
    The M$ patch just closes the vulnerability of windows wannaCry can use to INFECT windows. This is one way of infection.

    To prevent it running or an infection via email it has to be detected from a scanner/guard!!!


    2. Sooner or later you will be forced to make this decision:
    Use windows >7 or an alternative.

    I found it reasonable to get rather sooner to the alternative than later. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,507
    2,082
    120
    #38 Joe C, May 17, 2017
    Last edited: May 17, 2017
    WannaCry had a kill switch which means currently, it no longer works to encrypt files. That does not mean there are no copy cats out there acting like WannaCry and possibly even encrypt files. The person/s behind WannaCry could change the server settings within the program to make it active again but by now, I'd think the rest of the world has blocked the SBM exploit.
    http://www.darkreading.com/threat-i...e-been-a-sandbox-evasion-tool/d/d-id/1328892?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,373
    832
    60
    Sometimes advice is simple, known and easy to implement, yet people somehow manage to ignore it and get infected. And when I say people, large organizations with software experts are surprisingly included.

    - Turn Windows updates to automatic

    - Don’t open email attachments from unknown sources and before scanning

    - Don’t disable antivirus or firewall for the sake of getting any app

    - Keep away from dodgy sites and downloads, you know what I mean.
     
  20. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,507
    2,082
    120
    Windows XP is still getting 7% of the market share, Which places it at #3 next to Windows 10 (#2)
    and Windows 7 (#1)

    Windows XP has officially been off the updates list for quite a while now, although it's getting a better market share than Windows 8.1
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...