Hello, it has been a while. The further I went down this rabbit hole, the more questions I had therefore there is no singular mystery but rather multiple different mysteries all attached in some form to the same event. For writing purposes, italics indicates 'exposition' from myself. I have done a video which visualizes the event here.
[LONG]
Introduction:
In 2017 a massive cyber attack took down the National Health Service in England. Thousands of appointments and potentially life saving operations were delayed or cancelled, as well as the relocation of many Critical Patients.
This attack wasnβt just targeted at the NHS. The attack brought thousands of organizations, and government agencies to a standstill. The groundwork for this attack was laid years in advance.
Birth of the Exploit:
In 2009, windows 7 was released and was heavily adopted by industries and government agencies. As years past, new operating systems were released and subsequent updates to windows 7 less regular a due to this a small vulnerability formed. The MS17-010 exploit was discovered or created by the National Security Agency and was dubbed the βEternal Blueβ exploit. It worked by targeting a fault in any machine which uses SMBv1 (or Server Message Block version 1) file sharing protocol.
SMB is a protocol that Microsoft uses to allow the sharing of files between computers and other devices.
The exploit, Eternal Blue, which the NSA had discovered allowed attackers to implant the backdoor codenamed Double Pulsar onto a machine. Which would allow them to execute code on the target computer, otherwise known as a remote code execution vulnerability. In effect, this exploit allows hackers to control another personβs computer. It further was able to spread malicious data packets within networks, allowing for duplications of the malware to spread to other computers automatically. The NSA had utilized this exploit for 5 years, and the exact details of what they had used the exploit for are currently unknown. The so called βEquation Groupβ, a highly sophisticated βthreat actorβ, that earned its name from the groups extensive use of encryption is believed to be a group within the NSA. This group, The Equation Group, is regarded as the most skilled and best equipped cyber-threat. It is also suspected to be involved in many large cyber-attacks such as Stuxnet, however this is unconfirmed. The Equation Group is al
... keep reading on reddit β‘My latest video delves into ransomware, a topic you may well see on the CISSP exam, and the famous WannaCry attack in particular:
It would be great to hear what you think of the video as I'm contemplating whether to make more videos like this and if so, future topics.
https://www.bloomberg.com/news/articles/2018-03-28/boeing-hit-by-wannacry-ransomware-attack-seattle-times-says
> βIt is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,β Boeing engineer Mike VanderWel wrote in a memo cited by the Seattle Times. VanderWel said he was concerned that the virus would hit equipment used to test jetliners in the factory and potentially βspread to airplane software.β
> A similar cyberattack compromised companies such as FedEx Corp. and Nissan Motor Co. last year and crippled parts of the U.K.βs state-run National Health Service.
On an unrelated note, my workplace is dealing with an IT incident. Rumors has it that it started from someone who tried accessing a South Korean banking website and was prompted to install .exes or something. The department that was running only Windows 2000/XP isn't cooperating with the IT department (no idea why). I might post a separate thread about it when IT is finished putting out the dumpster fire, but since I'm a production engineer, not an IT admin/tech, anything I say would be observations or second/third-hand stories.
(Apparently South Korea requires all banks to use ActiveX, and some banks require users to install .exe programs, such as anti-keylogger software or ActiveX replacements, so I suppose the rumors have some basis of truth.)
- " massive cyber-attack using tools believed to have been stolen from the US National Security Agency (NSA) has struck organisations around the world."
- "reports of infections in 99 countries, including Russia and China."
- "Among the worst hit was the National Health Service (NHS) in England and Scotland."
- " malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down 'one by one'."
- "Throughout the day other, mainly European countries, reported infections."
- "Some reports said Russia had seen more infections than any other single country. Domestic banks, the interior and health ministries, the state-owned Russian railway firm and the second largest mobile phone network were all reported to have been hit."
- "Russia's interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised."
- "The infections seem to be deployed via a worm"
- "Some experts say the attack may have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue."
- "The NSA tools were stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a 'protest' about US President Donald Trump."
- "...some cyber-security experts said some of the malware was real, but old."
Reuters Canada{Jeremy Wagstaff and Costas Pitas}
- "...tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files."
- "demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, "
- "Some experts said the threat had receded for now, in part because a British-based res
