Source |
Schneier on Security |
Identifiant |
4111937 |
Date de publication |
2022-02-11 12:17:53 (vue: 2022-02-11 13:05:59) |
Titre |
On the Irish Health Services Executive Hack |
Texte |
A detailed report of the 2021 ransomware attack against Ireland's Health Services Executive lists some really bad security practices:
The report notes that:
The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event.
Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack).
... |
Envoyé |
Oui |
Condensat |
2021 activity after against alerts antivirus apart attack bad based business but chief ciso cobalt controls covid cyber cybersecurity detailed detecting did direction documented either encrypted escalated evaluating event executive from hack had have health hse incident including information ireland irish later leadership level lists management managers nist not notes numerous officer owner performing plans practices: provide ransomware really recovering recovery report resourced response responsible review role runbooks scale security senior server services software some strike system systems that: these triggered under usual vaccination wide working “single |
Tags |
Ransomware
Hack
Guideline
|
Stories |
|
Notes |
|
Move |
|