Tuesday, 23 May 2017

HMRC Dodged a Cyber Bullet

My thanks to a loyal reader for posting this comment the other day, wrt the recent cyber attack that hit the NHS and other organisations:
"Ken the truth is that HMRC were very lucky to dodge the Wannacrypt bullet. When the attack took place last Friday the vast majority of their Windows kit was not patched against it including over 2/3 of the Windows 7 desktops and nearly all of the newer Windows 10 machines. Worse a lot of HMRCs Windows servers - some running national system - were also at risk. This included of support boxes running Windows Server 2003 (XP equivalent) and barely in support Windows Server 2008 machines
(Vista equivalent). 

The tech support teams have been frantically patching their machines all week and presumably will be continuing the exercise for days to come. If the attack had made it past the Departments external firewalls and email defences they would have been in serious trouble. The Malwaretech who activated the Wannacrypt kill switch by registering a domain name probably saved their bacon. That is not to say they will be safe in the future because HMRC also run a lot of software in the non Windows space which is also years out of support. The department is really a slow motion IT train wreck."
HMRC was lucky this time!

