One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 537389 |
| Date de publication | 2018-03-23 19:45:03 (vue: 2018-03-23 19:45:03) |
| Titre | Ransomware Hits City of Atlanta (Recyclage) |
| Texte | A ransomware attack -- possibly a variant of SamSam -- has affected some customer-facing applications and some internal services at the City of Atlanta. The FBI and incident response teams from Microsoft and Cisco are investigating. The city's police department, water services and airport are not affected. The attack was detected early on Thursday morning. By mid-day the city had posted an outage alert to Twitter. In a press conference held Thursday afternoon, mayor Keisha Bottoms announced that the breach had been ransomware. She gave no details of the ransomware demands, but noticeably declined to say whether the ransom would be payed or refused. Bottoms could not at this stage confirm whether personal details had also been stolen in the same breach, but suggested that customers and staff should monitor their credit accounts. Questions on the viability of data backups and the state of system patches were not clearly answered; but it was stressed that the city had adopted a 'cloud first' policy going forwards specifically to improve security and mitigate against future ransomware attacks. A city employee obtained and sent a screenshot of the ransom note to local radio station 11Alive. The screenshot shows a bitcoin demand for $6,800 per system, or $51,000 to unlock all systems. It is suggested that the ransom note is similar to ones used by the SamSam strain of ransomware. Steve Ragan subsequently tweeted, "1 local, 2 remote sources are telling me City of Atlanta was hit by SamSam. The wallet where the ransom is to be sent (if they pay) has collected $590,000 since Jan 27." SamSam ransomware infected two healthcare organizations earlier this year. SamSam is not normally introduced via a phishing attack, but rather following a pre-existing breach. This could explain the concern over data theft on top of the data encryption. It also raises the question over whether the initial breach was due to a security failure, an unpatched system, or via a third-party supplier. Ransomware is not a new threat, and there are mitigations -- but it continues to cause havoc. Official advice is, wherever at all possible, refuse to pay. The theory is if the attackers cease getting a return on their attacks, they will turn to something easier with a better ROI on their time. This approach simply isn't working. Sometimes payment can be avoided by recovering data from backups |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 about address adopt any april articles async atlanta atlanta18 automated aviation bay been before bill birth ciso city columns com/js/plusone computer conference contributor createelement current cyber cybercrime despite different document dozens fcc financial forum from function getelementsbytagname gone google had half has high hits https://apis ics industry industrycalifornia infected information insertbefore issues kevin last links long looks magazines malware many microsoft million moon net neutrality news oct parentnode previous published purple ransomware register risks ruling scalef script secure security security; securityweek seeks senior since singapore specialized speed sponsored src strict tags: teaming tech text/javascript thousands times timexm townsend townsend:ransomware true; tweet type unveils usa var websites writing years |
| Tags | |
| Stories | NotPetya Wannacry |
| Move | 
|
Les reprises de l'article (1):
| Source | SecurityWeek |
|---|---|
| Identifiant | 529252 |
| Date de publication | 2018-03-19 16:02:05 (vue: 2018-03-19 16:02:05) |
| Titre | F-Secure Looks to Address Cyber Security Risks in Aviation Industry (Recyclage) |
| Texte | 
Aviation, as part of the transportation sector, falls within the critical infrastructure. While it may not have the same security issues as ICS/SCADA-based manufacturing and utilities, it has certain conceptual similarities; including, for example, a vital operational technology infrastructure with increasing internet connectivity, and the associated cyber risks.
It also has one major difference -- the close physical proximity of its own customers. Catastrophic failure in the aviation industry has a more immediate and dramatic effect on customers -- and for this reason alone, a trusted brand image is an essential and fragile part of success in the aviation industry. Without customer trust, customers will not fly with a particular airline.
Historically, aviation security has primarily focused on physical safety, and has become highly efficient in this area. But in recent years, the customization of new aircraft to provide newer and unique passenger experiences -- such as the latest in internet-connected in-flight entertainment systems -- has added a new cyber risk.
Matthieu Gualino, deputy director of the International Civil Aviation Organization Aviation Security Training Center, described the three current areas of cyber risk as flight control (the critical systems needed to fly the aircraft -- high impact, low likelihood); the operational cabin (systems used to operate and maintain aircraft -- medium impact, medium likelihood); and passengers (systems with direct passenger interaction -- low impact, high likelihood).
The problem today is that aviation security is experienced in operational technology, security and safety; but less experienced in the rapidly evolving world of cyber security. To help counter this risk, Finland's F-Secure has launched its new Aviation Cyber Security Services to help secure not just aircraft, but the entire aviation industry: aircraft, infrastructure, data, and -- most importantly to F-Secure -- reputation. Customers are unlikely to fly with companies they do not trust; and successful cyber-attacks rapidly eliminate customer trust and confidence; even, suggests F-Secure, a minor breach of something like an in-flight entertainment system.
"Off-the-shelf communication technologies are finding their way into aircraft, which makes security much more complicated than in the past," said Hugo Teso, head of aviation cybersecurity services at F-Secure and a former pilot. "Because these off-the-shelf technologies weren't necessarily created to meet the rigorous safety requirements of airlines, the aviation industry is making cyber security a top priority. But they need a partner that understands both cyber security and the details of airline operations, because it's an industry where those details make a big difference."
The new service integrates security assessments of avionics, ground systems and data links, vulnerability scanners, security monitoring, incident response services, and specialized cyber security training for staff. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 about accounts address adopt annual april articles aviation bay been before bill birth ciso columns computer conference contributor current cyber despite different discovered dozens exploitable failing fcc financial forum from gone had half has high ics industry industrycalifornia information insertbefore intelligence issues kevin last links long looks magazines many microsoft mikrotik's moon net neutrality news oct organizations painfully parentnode previous privileged published publishes register report risks routeros rulingremotely scada script secure securing security security; securityweek seeks senior since singapore sir specialized sponsored strict tags: tech thousands times townsend townsend:f tweet usa vulnerability writing years |
| Tags | |
| Stories | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.