Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Cyber attack 'collateral damage'

lert

LE
Some of us have proposed a Cyber Security forum on ARRSE for some time? @Good CO? @Bad CO?

Was it really caused by someone opening a dodgy e-mail or a suspicious attachment? Should safety critical systems really be connected to the same network as an e-mail server?

Can an incoming e-mail be sheep dipped? Can individual devices on a network have additional layers of defence?
Much like in the realm of physical security, the overwhelming majority of cyber breaches have a human failure somewhere near their heart. All too often though, that's because the security processes in place don't fit human behaviour.

Something like a University and attached hospital network(and that's a huge risk right there!) will have something like hundreds if thousands of IP addresses in use and I can absolutely guarantee that they are available on the Dark Web from either a genuine breach at the ISP (unlikely IMHO) or via theft from a disgruntled (usually former) employee.

I genuinely don't know what the hackers tool of choice is these days, but in business Cyber Defence a cloud based platform like Splunk could sift, sort and provide indicators of the vulnerabilities of those IP addresses in seconds flat. From there the back door is open and a malicious actor is hampered only by their imagination.

Truly effective security is possible bit it requires professionals, who are in short supply, and constant vigilance which is expensive. It is, to use an oft-repeated cliche, an arms race. And at the risk of stretching an analogy the key to winning it is threat intelligence.
 
Some security conscious organisation have systems that are never online and it rather limits that risk

I put it to you that those two words preclude the designation of such devices as being categorised as the "online systems" of which I made earlier mention.
 
Much like in the realm of physical security, the overwhelming majority of cyber breaches have a human failure somewhere near their heart. All too often though, that's because the security processes in place don't fit human behaviour.

Something like a University and attached hospital network(and that's a huge risk right there!) will have something like hundreds if thousands of IP addresses in use and I can absolutely guarantee that they are available on the Dark Web from either a genuine breach at the ISP (unlikely IMHO) or via theft from a disgruntled (usually former) employee.

I genuinely don't know what the hackers tool of choice is these days, but in business Cyber Defence a cloud based platform like Splunk could sift, sort and provide indicators of the vulnerabilities of those IP addresses in seconds flat. From there the back door is open and a malicious actor is hampered only by their imagination.

Truly effective security is possible bit it requires professionals, who are in short supply, and constant vigilance which is expensive. It is, to use an oft-repeated cliche, an arms race. And at the risk of stretching an analogy the key to winning it is threat intelligence.


My earlier point illustrated perfectly.

First "cyber" then "cloud", a cheeky "back door", silkily segueing into the frisson-inducing "Dark Web" and "malicious actor" and ending, spent, with a final weak ribbon of "arms-race" and "threat intelligence" dribbling onto the keyboard.

A post that adds nothing but buzzwords , although - with more front than Blackpool - the OP manages to use the term "oft-repeated cliche" non-ironically.
 

lert

LE
My earlier point illustrated perfectly.

First "cyber" then "cloud", a cheeky "back door", silkily segueing into the frisson-inducing "Dark Web" and "malicious actor" and ending, spent, with a final weak ribbon of "arms-race" and "threat intelligence" dribbling onto the keyboard.

A post that adds nothing but buzzwords , although - with more front than Blackpool - the OP manages to use the term "oft-repeated cliche" non-ironically.
U ok hun?
 

philc

LE
Early Commodore Pet's, you could fry the motherboard but getting a maths operation into an endless loop

That premiss is the heart of some viruses that were or are around, a brute force attack melting components via over work.
 

Bob65

War Hero
Any forum with "Cyber" in its official title will be filled with the equivalent of journalists discussing tanks.

A cyber is a massive bit of kit.

On a more serious note if you wanted to do a serious cyberattack on a hospital you would probably quietly modify patient records and noone would even realise until it was too late. Scary stuff.
 
A cyber is a massive bit of kit.

On a more serious note if you wanted to do a serious cyberattack on a hospital you would probably quietly modify patient records and noone would even realise until it was too late. Scary stuff.

Never attribute malice to that which can be explained by stupidity.
 
If you haven’t read The Cuckoo’s Egg by Cliff Stoll I can recommend it as it is about tracing a hackers attack on a US university in the 80’s (before t’internet in its modern form). Very readable with a nice recipe for strawberry milkshake.
 
In other words, those of us that need educating!

Cyber security will be an important thing for all of us. Accidentally opening a dodgy file, keeping personal snaps safe, not being overwhelmed by a denial of service attack, to keeping sensitive things from the Russians/Chinese/Iranians.

I got taught information systems security as part of my degree, but that was before the internet of things or the state sponsored hacking on behalf of Moscow or Beijing.
Problem is this is way beyond the standard home computer attacks. You have to worry about those companies that have been harvesting your data for the last 10 years getting breached and exposing the details they have on you to every man and his dog.
 
An irritating tactic used by Animal Rights Activists in the 00s.

With regard to the wider theme of the thread: what do you expect when smaller (and, in some cases, not so small) companies still have Win 98 as an operating platform?

Regression to Win 95. It didn’t install networking at all, out of the box :)
 

Bob65

War Hero
Good point. Who needs MRI scans anyway.

Cretin.

Back in the good old days there was a thing called airgapping. But nowadays everyone takes it as their God-given right to access social media and all kinds of devices that never should be connected to the network are...
 
A cyber is a massive bit of kit.

On a more serious note if you wanted to do a serious cyberattack on a hospital you would probably quietly modify patient records and noone would even realise until it was too late. Scary stuff.
Except most hospital appointments for me (pre lockdown) involved checking in at reception and the member of staff having my ever-thickening file on to the trolley to be taken to the clinic by a contracted drone. Electronic, indeed!
 
Back in the good old days there was a thing called airgapping. But nowadays everyone takes it as their God-given right to access social media and all kinds of devices that never should be connected to the network are...
However there are also devices that are connected for very good reason that people initially go "why is that on the network?"

Power distribution for example. Why would that be on the network?

Preventative maintenance - monitor and report performance highlight components near failure before it occurs.

Fault finding - spontaneous failure reporting to allow quick repair

Back up switchover - activate the back up system when first signs of a fault are detected.

Personal devices though, that's just bad set up of the network.
 
As far as the German media reports it was a vulnerability in a Citrix-VPN-Gateway the good old #Shitrix thingy.
This was a security hole in Citrix software that was discovered last year. Patches were released in January and everybody was told it was important to patch.

The hospital are claiming they applied the security patches in January. Exactly why this didn't seem to help in this case will require a comprehensive security investigation, as there are a number of explanations ranging from the patches didn't actually get applied, to they didn't work, or the ransomware operators broke in before then and had a back door waiting for them to get around to plucking this particular chicken.

I suspect there's going to be a lot of arse covering going on at the hospital while everyone waits to find out the result of the investigation into why something that was supposedly fixed 9 months ago was still a problem until just now. Unless of course it all gets swept under the carpet.
 
For a picture of the potential for mayhem, you may be interested to follow developments in the Middle East.
A few months ago the extremist Islamist regime in Tehran attempted a cyber attack on civilian infrastructure in Israel, namely the water supply. It had the potential to cause mass poisoning by chlorine. Fortunately for the Iranians they failed and were shortly afterwards taught a lesson (allegedly) in a retaliatory exercise, which put one of their major ports out of action fo a day, causing immense chaos.

However, do not allow this news to worry you about me, fellow Arrsers. As a pre-emptive measure I try to limit my ingestion to Earl Grey and Glenfarclas.

 
Last edited:

Latest Threads

Top