About CSS

CSS News Round-Up: Ransomware Attack Knocks Out Airport Information Systems

October 3, 2018

News Round-Up – Get a Quick Rundown of What You Need to Know

 

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

 

Ransomware Attack at Bristol Airport Leaves Information Screens Offline

Information screens that include flight details such as arrivals, departures, gates, and check in desks, were offline after a ransomware attack targeting Bristol Airport, InfoSecurity Magazine says. To prevent the attack from spreading to other airport systems, Bristol shut down the screens completely. Multiple days passed with employees having to handwrite every detail and post it near the screens before the system was restored, reports InfoSecurity. The article also notes that Bristol Airport did not pay the requested ransom.

Medical Device Security Guidance to Be Updated By the FDA

According to an article by Health IT Security, the FDA will add risk protection tips and methods for incident response to its premarket guidance for medical device security this fall. It has also begun to consider implementing certain procedures and policies relating to disclosure of medical device vulnerabilities as they are discovered. Additionally, the FDA is planning to use the National Evaluation System for Health Technology (NEST) as a way of obtaining quality evidence that will be useful in evaluations of medical devices.

 “Axe the Fax” Campaign Takes Off at Leeds Teaching Hospitals NHS Trust

Healthcare IT News published a report stating that Leeds Teaching Hospitals NHS Trust plans to get rid of just about all of its fax machines by the year 2019 due to their lack of security. The article notes that the organization has successfully removed 20 of their 340 machines so far. The plan is to use their more secure network to send information via email due to cyberattacks needing only a fax number to execute on the machines.

CCTV Video Cameras At High Risk of ‘Peekaboo’ Hack

“A security flaw in a widely used network video recorder technology has put potentially hundreds of thousands of CCTV cameras worldwide at risk of crippling attacks including remote hijacking,” Dark Reading detailed in their latest article. This flaw could possibly affect cameras that are currently being used in banks, transportation, government, and more. The company has been notified of the flaw, but has not solved the problem as of three months later.

Google Employee Discovers Vulnerabilities and Hacks the Company’s Doors

According to Forbes, a Google employee discovered a method of opening doors at Google’s office without needing a keycard. In the process, he found that the encrypted messages moving across the network were not randomized like they should have been. He was able to prevent other doors from opening as well and explained his tactics at DEFCON this month. As a result, Forbes reports, other companies using this same Software House technology are extremely susceptible to attacks.

Addressing the Possibility of an Attack On the US Power Grid

CSO recently discussed the possibility of the US completely losing power as a result of a cyberattack on the US power grid. In addition to going in depth into a visual of this potential reality, CSO mentions that the mentality of mutually assured destruction may prevent the scenario. However, the article points out, the possibility of rogue actors pulling this off successfully through something as simple as a phishing attack still exists.

Are Security Cameras Actually Putting Our Security at Risk?

According to Security Magazine, researchers found out that they could switch security camera video feeds by means of the cloud, meaning it is possible to see through the lens of anyone’s camera. Additionally, it was discovered that these cameras can be used as an entrance point into the rest of a network. Security Magazine recommends taking advantage of the optional password protection for these devices in addition to encrypting the video feed that connects from the camera to storage to prevent such attacks.

The Connection Between Our Cyber and Physical Security

An article in CSO explores “kinetic attacks” where cyberattacks can be used as pre-attacks to physical ones. The article points out the possibilities of life-threatening medical device attacks as well as critical infrastructure attacks that result in threats to sanitation, power, transportation, and more. CSO notes that it is possible for such devastating attacks to cause real-life physical conflicts. However, the article assures, there are steps being taken to prevent such catastrophes, but that everyone should take responsibility for minimizing risks.