Ransomware: Now it’s on the breakfast menu. A chemical engineer with a degree in computer science posted on Reddit an account of an attack that took factory systems down.
According to the post, a factory worker encountered a ransomware message, called the help desk and, after rebooting systems, went to grab a mug of java, where he found the same nefarious message he had called IT about. Only now it wasn’t on his PC screen but on all the coffee machine displays.
“So long story short, the coffee machines are supposed to be connected to their own isolated WiFi network. However, the person installing the coffee machine connected the machine to the internal control room network, and then when he didn't get internet access remembered to also connect it to the isolated WiFi network,” the anonymous Reddit poster wrote.
What does this amusing tidbit have to do with healthcare, anyway? Hospitals have coffee machines, for one. But also it’s among the surprising findings HIMSS Director of Privacy and Security Lee Kim discovered while compiling her July HIMSS Healthcare and Cross-Sector Cybersecurity Report.
Coffee machines are not the only susceptible devices, either.
“Basically, if you have something that is a connected computer-implemented or computer-enabled device, it can get infected,” Kim said.
“Then it turns into a quest of what else can get infected. What’s also connected to that same network?”
One startling answer to Kim’s question is the SMBLoris vulnerability that manifested in July. That’s SMB, as in the server message block protocol.
Anyone doing a little maths on Microsoft operating systems would realise that SMBLoris is a 20-year vulnerability that affects every Microsoft operating system since Windows 2000.
Microsoft has not shared plans to address this vulnerability with a security update, but the software giant recommended enterprise customers consider blocking access from the Internet to SMBv1.
July, it turns out, was packed with cybersecurity revelations. Another was the Win32/Industroyer, aka CrashOveride, which Kim described as sophisticated malware currently geared towards industrial control systems. The code is eye-opening because of its “highly configurable payloads” that hackers could tweak to target other industries as well.
And then there’s the Android OS. Some devices running Android.Triada.231, researchers found, have malware embedded into the libandroid_runtime.so system library. Yes, that means it could have an impact on just about every Android app.
Infosec pros should also know that Adobe said it will cease updating the Flash player in 2020. Once that happens, the company will no longer issue security patches and HTML5 will take over as the new web platform.
The top takeaways from Kim’s report this month: Don’t rely too heavily on vendors but definitely keep pace with installing security and, of course, that any connected devices or systems can be hacked.
“Nothing replaces good cyber hygiene and defence in depth,” Kim said.
“Unfortunately, as we have more things that are connected, there are more things that an attacker can compromise. Having things connected to super sensitive networks is never a good thing.”