nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Lanarkshire NHS infection named as Bitpaymer variant

Silver badge

I'm curious

,,,,what phone system?

The only one I could think that could be badly affected by this is 3CX. Unless they are using soft-phones on Windows PC's.

1
2
Silver badge

Re: I'm curious

Lync/Skype for Business perhaps?

There are also a variety of Windows SIP servers that could probably be used with generic SIP handsets.

It could also be that this was a Hyper-V or other Windows based virtualisation host that was hit, and the phone system that was hit was in a VM which opens up a whole host of other possibilities as well.

5
0
Silver badge

Re: I'm curious

Swyx, Innovaphone Unify and many others.

Many new VOIP exchanges are software based and run on Windows or Linux servers, so you could cripple them.

Likewise softclients could also be disabled, if their configuration files, for example, were affected.

3
0
Silver badge

Re: I'm curious

Really really old versions of Cisco Unified Messaging (Like 4.0 which ran on Windows 2000 for Call Manager, Unity, etc...)

2
0
Anonymous Coward

Limited impact?

As a user of NHS Lanarkshire, it sure didn't feel like the limited impact that's being reported. Many local GP surgeries hard down from Friday until Tuesday. Lost results, cancelled appointments, confusion and delays.

5
0
Anonymous Coward

Re: Limited impact?

"Lost results, cancelled appointments, confusion and delays."

Business as usual, in other words?

3
1
Anonymous Coward

Brute force RDP access?

Bad enough that malware was injected, but have the black hats had network access too? That's scary.

5
0
Silver badge
Paris Hilton

Re: Brute force RDP access?

Speaking from a position of ignorance, isn't the whole point of RDP that you are remote?

I assume that Citrix clients have a similar distributed architecture so Citrix endpoints would also be visible.

Does this mean that RDP should only be used from within a VPN?

Oh, and by Microsoft Helpdesk scammers, of course.

1
0
Silver badge

Re: Brute force RDP access?

Yes, you should use a VPN or similar service to tunnel the connection.

Opening RDP, Citrix etc. directly is a bad idea in general. The RDP is certainly only really designed for internal access (remote administration or terminal services), it isn't very robust, when it comes to being put on the Internet - plus your security is only username and password, adding a security layer around it is always a sensible idea.

4
0
Silver badge

Re: Brute force RDP access?

Unlikely, they are behind PSN/N3 unless they have an external address for some reason.

0
0
Silver badge

RDP

Remote Desktop Disaster Protocol.

7
2

Maybe RDP maybe not

After translation of the page it doesn't say that this attack was performed via RDP more that this is a common vector (And from experience I've seen more than a few of these attacks via RDP). The article does mention other vectors - such as email attacks etc.

Saying that if RDP is open directly to the internet it is simply a matter of time.

Either VPN or at least setting up terminal services gateway services so the connection is over https and far harder to brute force.

RDP open to the internet is simply a disaster waiting to happen, you may as well stick the server out on the street with a sign saying "free" on it.

4
0
Gold badge
Unhappy

I'd always thought RDP was for internal network access use only.

Apparently not.

Also apparently not very secure when used without going through a VPN link.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing