IT attacks are bound to happen- its how prepared you are that makes the difference…
Waikato District health board has been in the news because of a crippling malware and ransom attack. This has disabled their entire IT network of 680 servers which will all need to be manually restored from back up files. So how did this happen to a Health board with presumably robust IT system in place?
They knew the risks but didn’t have the best infrastructure in place...
Waikato DHB boss Kevin Snee spoke to Radio NZ about the attack and how prepared the DHB was, “We were warned about this risk probably about four years ago, three years, two years. Almost every few months we would get a new warning, a request for extra budget for more security procedures to be able to be put in place.
That was always supported, but clearly, it wasn't enough. Because there's different computer systems even within the hospital and the DHB here as well as between DHBs, they haven't got a systematic protection in place nationwide I suspect."
Snee did not know if any other DHBs had been targeted with the same attack but said he did not think Waikato was unusual in the way it set up IT infrastructure.
How does ransomware work?
Ransomware is a particularly nasty form of malware. Typically, victims are tricked into clicking on a link in an email or on a website that downloads the ransomware on to their computer.
Once on board, it spreads to other computers in the network and then encrypts all data on them, rendering it unreadable. In some cases, on top of that, it also copies it back to the attackers. The victim organisation is then told it must pay the attackers to decrypt its data and avoid having it published.
In the case of the Waikato DHB the malware attack has been identified as “Zeppelin” ransomware attack.
The infection begins with an email with a Microsoft Word document harbouring a malicious macro, like the one pictured below.
Once opened the document is designed to lure a user into enabling VBA macros that will begin the infection process.
Concerned about Ransomware threats? Read more about best practice prevention for a ransomware attack from the NZ national cyber security centre.
So, what can you do to protect your organisation?
The first step is to educate staff about basic principles of safe behaviour online, not visiting suspicious websites, not opening suspicious emails.
As much as we would wish employees will never make mistakes and click on malware links, it will happen. Therefore, an organisation’s IT infrastructure must be as robust as possible against internal users making mistakes.
Running malware on a user workstation must not be able to bring down the whole network. Organisations need to structure their networks in a way that limits the impact of an attack originating from an in-house workstation.
How can Think Concepts help?
While you can’t stop breaches from happening, you can take measures to secure your data and familiarise yourself with cyber security best practices.
Ideally to prevent any types of cyber-attack your business should have:
Network behaviour analysis software installed on your website. This will notify you of any dramatic increase in website traffic or bandwidth usage and can block any anomaly in order to let genuine traffic through.
A security breach response plan to help you respond to and recover from a security incident.
A threat intelligence feed that details any potential threats. Sources of threat intelligence data include free indicator feeds, paid feeds, bulletins, internal intelligence gathering and strategic partnerships.
If you are concerned about your cyber security risk, get in touch with the team at Think Concepts. We can offer staff training for your team onsite or through a webinar to make sure you have the best protocols and practices in place.
You can find out more about our cyber security services here:
For further information about how to protect your business from malware or hacking attempts read our guide on Data leak prevention.