The opening of a malicious Microsoft Excel file attached to a phishing email led to the cyber attack that crippled the national health service earlier this year, according to a report on the incident published on Friday. The file was opened at a HSE workstation on March 18th, with the email having been sent to the “patient zero workstation” two days’ earlier. Over the coming eight weeks a number of “alerts” were raised within the health service that the IT system might be compromised, but the significance of the alerts was not identified at the time.
<p>One click can be all it takes to bring down an organisation. We\’ve seen this kind of thing occur with increasing frequency where an email bypassed mail filters and gateway controls and made it into a user\’s inbox, from where it was clicked and executed. Even where alerts were raised by detection tools, these were often ignored or buried in a haystack of alerts. </p>
<p>It reinforces the need to include users as part of the security process by investing in robust security awareness and training to build a culture of security. In doing so, not only can employees be more effective in spotting suspicious emails, but they can report any issues that may have occurred or is suspected to have occurred.</p>
<p>This attack illustrates perfectly how vulnerable large, distributed organisations and supply chains are to phishing attacks. We’re seeing cybercriminals increasingly target these kinds of organisations (particularly healthcare) due to the large number of ‘weak links’ within their cyber defences or supply chain. </p>
<p>Organisations like the HSE often use thousands of devices, including personal laptops and smartphones and it only takes one to be compromised for a system-wide breach. To counter this, organisations need to take steps to protect every employee device that touches their data, no matter how infrequently or casually.</p>