News | UK

'Straightforward' security fix would have stopped North Korea's WannaCry cyber attack on the NHS, expert says

The malware virus took control of thousands of computers, demanding a ransom of £230 ($300) per individual computer
PA
Ella Wills27 October 2017

North Korea's crippling cyber attack on the NHS could have been prevented with a "straightforward" fix of security systems, experts have said.

Minister of State for Security Ben Wallace told BBC Radio 4's Today Programme on Friday that the Government held North Korea responsible for the "worldwide" WannaCry attack.

An National Audit Office report into the attack said it could have been avoided if “basic IT security” measures had been taken.

An expert from security software company CyberArk, told the Standard that NHS computers had a vulnerability in their Windows software that meant attackers could remotely open malware software on its machines.

But Microsoft had released a patch to fix this vulnerability two months before hackers crippled systems sending hospitals and surgeries across the UK into meltdown.

David Higgins, director of development at CyberArk, said the WannaCry hack “wasn’t sophisticated” and added that the “big disappointment is that this was so simple”.

He said: “Normally, hackers would look to use some form of social engineering via email to get a user to click a link or open an attachment containing malware.

“NHS WannaCry didn’t need the user to engage by clicking a link.

“This particular vulnerability needed the machine to listen for a type of message. The attackers could make the machine remotely open the software.”

He added: “This vulnerability was patched by Microsoft two months earlier – they issued a patch for companies to use.”

The flaw in Windows was first found in March, when a leak of cyber weapons developed by the US National Security Agency took advantage of the problem. Microsoft issued a patch at the time, which would have protected users against WannaCry.

Read More

Foreign powers must be banned from owning British newspapers – ex-Tory minister

Foreign powers must be banned from owning British newspapers – ex-Tory minister

Christopher Nolan among filmmakers hailing tax relief for independent UK movies

Christopher Nolan among filmmakers hailing tax relief for independent UK movies

‘World’s oldest fossil forest’ discovered in cliffs on south coast of England

‘World’s oldest fossil forest’ discovered in cliffs on south coast of England

Sponsored
What you need to know when buying a pre-loved electric car

What you need to know when buying a pre-loved electric car

Mr Higgins said it was “surprising” that North Korea was behind the attack as usually nation states are more likely to invest time and money into sophisticated schemes.

He said: “For cyber criminals, the primary object is monetary gain.

“A nation state is more patient and willing to apply the time.

“North Korea, Russia and China are more likely to be implementing sophisticated attacks. What is surprising is that it wasn’t a sophisticated attack.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Sign up you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy notice .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in

MORE ABOUT

North Korea
National Health Service
cyber attack