IENGLISH LISTENING: WannaCry Cyber Attack (Upper Intermediate)
WannaCry Cyber Attack
DESCRIPTION: Experts discuss the Wannacry cyber attack that attacked various public institutions including the UK health service.
HSE (noun) = Irish national health service
Be on top of something (verb) = be in control of a situation
Be ahead of the game (verb) = Thinking quickly to beat the competition/prevent something bad from happening
NHS (noun) = UK National Health Service
Innoculation (noun) = a vaccination against a disease
Roll something out (phrasal verb) = release something to the public
Remediation (noun) = the act of fixing/reversing something
10 patients appointments were cancelled because of the cyber attack
What part of the HSE was affected by the attack?
The HSE are on top of the situation.
How much have the cybercriminals made?
Microsoft took a long time to produce a patch to protect against the cyber attack.
Anyone can plan a cyber attack with current software.
How much has been made from ransomware payments?
What is more valuable than cash to cybercriminals?
Prevention is more important than:
End user awareness and _____________ are crucial to preventing cybercrime.
Sean: The working week is up and running as state bodies, GP surgeries and companies remain on high alert after Friday’s global attack when the debilitating WannaCry software virus swept across the world. Communication Minister Dennis Stockton has said this morning it will be, in his words “a crucial test” for the state’s IT systems. With me in the studio, Paul C Dwyer, CEO of Cyber Risk International and also here, James Canty, a cybersecurity expert with Magnate Networks. And we’ll be speaking as well, first of all though, to Dr. Anne Hogan, president of the Irish medical organisation who’s on the line now. Dr. Hogan, good morning.
Dr. Hogan: Good morning Sean.
Sean: Now first of all, what are you hearing from your members? Are you hearing anything from your members about their cyber concerns and any problems?
Dr. Hogan: Well we’re aware that members are concerned about cyber security for quite some time and indeed at this year’s IGO AGM, we had a special session from Jim Greg of the Irish Computer Society about cyber security and cyber threats to try and keep members informed. And we’ve had similar sessions at previous meetings. So already this weekend, we’ve sent out messages to members advising them of the threats and advising them to ensure that their Windows software is up to date and that any antivirus and antimalware programs they have are up to date. And advise them of the dangers of clicking into attachments in emails from unknown sources.
Sean: Yeah, and I suppose because most notably it was the NHS in Britain that suffered most from this, more most visibly close to these shores at least. And there was concern as well, with the HSE effectively shutting down all external links to its system. That it would be the health area that would be most notably or most visibly at risk. Are you hearing anything about people having appointments cancelled or anything like that? Or are things working pretty normally?
Dr. Hogan: Well, not so far. I mean, I work for the HSE and this morning we’ve been asked not to use our email until after 11am while the systems are updated so there’s a lot of disruption here in the office. But obviously it’s important that we secure our patients data and that we take, you know we’ve a brief disruption this morning to protect a much larger disruption, to protect against much larger disruption.
Sean: And what is the effect of it just today then, what’s been going on in the offices?
Dr. Hogan: Well, we’ve not been able to use our email systems so, you know, as most modern offices, we’re not, we do most of our communication via email and telephone, so we’re out of contact I suppose.
Sean: Yeah, and in regard to protecting health, personal data online, that’s what you had discussed at your conference. I mean, are there other cyber threats other than this one that you would have concerns about?
Dr. Hogan: Well we’ve had, you know, there was a denial of service attack last year on the government network which again disrupted our systems. But obviously, we’re very concerned about keeping patients’ data secure. But the bigger risk is that we would lose all the data we have which would obviously propose a threat to looking after patients in the long term. You know, the types of medical equipment that are in use now, that are connected to IT systems, you know, the likes of the Fit Bit fitness devices that are connected to computers, and some implantable medical devices are connected to computers. We have devices like wearable monitors for blood pressure and stuff like that that will be connected to computer systems, and then devices for administering medication would also be connected to computer systems and would be under threat.
Sean: And have you got – I know you say you work for the HSE but have you got – are you confident that the HSE is on top of this and ahead of the game, so to speak?
Dr. Hogan: Well we we have a lot of IT staff and we are constantlyaware of threats and getting our systems updated so I would think the HSE is fairly on top of the chip
Sean: Okay Dr. Ann Hogan, I will let you away because you have things to attend to. The President there of the Irish medical organization. If I could turn to you Paul C. Dwyer chief executive of cyber risk international. Just take us back and just explain how this whole attack, it took off and onething that strikes me is that it seems to have been on such a scale that in many ways they the people behind it have lessened their capacity to make money from it. If they had been more targeted about the way they’d gone about it, maybe we wouldn’t know the half of it.
Paul: Yeah it’s an acute observation Sean. I mean, I would say that this has been delivered with military precision. It’s more about active warfare than it is about cyber criminality. The cyber criminals behind his have only garnished about 30,000 euros by best estimates at the moment, which is nothing for a cyber criminal campaign especially one of this scale. So it begs the question why they decided to go so so mainstream in the media to pick a target like the NHS particularly and it seems to be more about disruption of critical national infrastructure, more about a cyber warfare warning shot, if you like, over the bow of countries to say “hey listen we can do something to you that you’re just not prepared for”
Sean: And it seems that has its origins in a fault that was discovered in the Microsoft… in Microsoft’s own system discovered by the National Security Agency in the United States, which in turn was something that was stolen was information stolen from them and it became available pretty much worldwide.
Paul: Well it will actually to cover that I think I’d applaud Microsoft on the response to this day they got a patch up really quickly when the NSA told them that they that the NSA had exploited this and found this exploit and created an ammunition a weapon a cyber weapon and that weapon had gotten into the world for quite some time before the NSA actually told Microsoft. Microsoft reacted quickly and created a patch that’s available to
Sean: A patch is an update.
Paul: A patch is an update or a fix if you like that can prevent this. It’s like an inoculation, if you like, to stop you getting infected with this. But it beg questions like why, why organizations like the NSA, like effectively you can think of these almost like biological weapons, if you use the if your line it up with biological warfare, and these things are like viruses they will spread and so on like that but the NSA didn’t think that the world needed to know about this boomerang that was going to come back on itself.
Sean: Right, and it seems as well that just from from from what we read that you don’t have to be a computer expert to make use of this.
Paul: No absolutely not Crimeware, or software designed for use by cyber criminals is now something that you can avail of as a service. You certainly don’t need to be a technical guru in any way shape or form, and you can actually go on to forums on the surface web and on the deep web and hire people to do whatever you want – but this sort of software is easy to use, very easy to follow through for criminals and that’s one of the biggest fears here Sean and there’s going to be many many variants of this coming out over the next few weeks. And by variants I mean different strains of this virus so as soon as you inoculate or protect yourself against one particular way, they’ll find another way to slightly adjust it for it to come in
Sean: Yeah and just this idea of ransomware – it’s been around for what ten years or more?
Paul: Yeah it’s the last estimates I read was over five billion had been made out of ransomware payments and and that also gets back to your initial point you made about the actual MO use here if you like, of the modus operandi, because it tends to be a crime that that one that when the malfactor, the bad guy contacts the victim they, they do it quietly behind the scenes. They pay their ransom, they get their data back in many cases, in cases they don’t and they move on. To go so public in such a way and and target somebody like the NHS, let’s be honest, a government body that’s not going to have the ability to open up a Bitcoin wallet for digital cryptocurrency and pay a ransom, this just does not feel right as a cyber criminal campaign
Sean: Right and and of course the whole idea being that, you know, you get this malicious software that encrypts or scramblers data and then they’re in a position to demand payment to have it unscrambled again. But do they actually steal it, do they have access to it themselves that the people who hacking like that?
Paul: In theory they could have access but in this particular case what it seems is they are scrambling the data. But to get back to your previous caller there, the medical data is that the highest-valued data being used by criminals at the moment. That’s a big target for them to get sensitive medical data because it’s often used as part of other scams. Data is the new cash, I mean if criminals steal money from your bank account, you notice it’s gone the bank’s dollars notice it’s gone and and they could do something about it. But when people steal your data, they take a copy of it, you don’t necessarily know it’s even gone and it’s in the hands of somebody else, and we’ve solved some of the scams we talked about even a couple of years ago where they’re stealing data on sick babies and then contacting the parents saying they had experimental cures for those children, and to get large payments so that the child could be sent over for for experimental cures and so on. And so these scans are elaborate, these scans are bold and they prey on the vulnerable as well.
Sean: James Canty – and the the HSE here as I was saying to Dr. Hogan, they seem to have been ahead of the game because they got early warning from the UK, from the NHS – they took action. It’s not necessarily case of problem solved though.
James: No absolutely not, and as Paul is alluded to this is going to evolve and change over time. Microsoft released this patch number of weeks ago and yet we’re still seeing that it’s taken to this weekend for these patches to be deployed. That in itself is something that I think, you know, there should be a general awareness of that… this patch has been available for a number of weeks but yet it’s only since things have kicked off in the UK that it’s been rolled out on a more global scale.
Sean: So when Amber Rudd, the Home Secretary over there says update the NHS has been on top of the game they are taking action to deal with this, in fact she’s wrong.
James: She’s completely wrong. If they were on top the game, there’s plenty of platforms out there that would have prevented this malicious code from activating. So there’s malicious cold and malware on the go all the time, and it’s been sent around up 24/7 365. It’s about having the policies and procedures and awareness in place, but also having the correct platform and making sure that you have…
Sean: Yeah but we’re told that, you know, it’s particularly old systems like the old Microsoft XP or Windows 8 that are vulnerable to this but how then how does that sit with, for instance, like, organizations like FedEx in the United States Renault. I mean, are they operating on this kind of old technology?
James: A lot of them are and and even if you draw our solutions. When you have legacy infrastructure that is no longer supported by vendors, you need to have a different approach to… in trying to protect that legacy infrastructure. It’s about prevention not remediation, because once you’re trying to remediate, you’re trying to cover the damage that’s already done. There are solutions out there, advanced endpoint protection and stuff like Traps from Palo Alto Networks that once deployed, malware potentially can get true but won’t be able to activate and create any damage in the system. If you had solutions like that in place, you’re one step…. that’s how you get one step ahead of the game. So it’s about… especially for legacy for old legacy based infrastructure, you need to have advanced endpoint protection that will remove the need to be continually patching. Patching is great but you need to have a Plan B.
Sean: And I suppose a lot of us can take comfort from the fact that we hear “oh you know, there’s a firewall. I mean the guys and IT have put a firewall in so we’re safe.”
James: This is this is one of the big bugbears I have today. People and business owners at all levels thinks okay I’m running some antivirus software and I’ve got a firewall in place. That firewall might have been suitable five-10 years ago, it’s now almost redundant in its effectiveness from preventing malware getting through to you among the networks. We can we have seen that about 60 to 70 percent of traffic that comes across a firewall comes across using HTTPS. A traditional firewall just welcomes that into the network and into the work environment, and that’s how malware spreads. That’s what… that’s what happened in that probably, part of the reason the NHS is having the problems it is. That’s why peoplem business owners – if they think buying a firewall and applying antivirus software secures them, they need to be aware that that’s no longer the case. They need to be able to ask your IT guys to be able to show who is doing what in their network, who has access to what who has the privilege to do what. There’s two levels of awareness that are key to combating cyber crime. One is NGOs are awareness and hopefully this weekend will be a watershed moment in the fight against cybercrime, in terms of there’s been fantastic publicity around this. So it’s about end-users becoming much more aware of what you’re clicking on but also business owners, not just the IT… it’s not just IT operations. This comes down to business owners and senior execs in the organization asking different questions about the infrastructure that your IT people are deploying. They need to be deploying next generation application-aware firewall. The way people work, practices have changed with the adoption of cloud technology, means network based firewalls are really not fit for purpose in a lot of cases.