Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Cyber attack 'collateral damage'

two_of_seven

Old-Salt
An old telly show last night, hackers accessed printers in people's homes. They then caused the printers to catch fire. Online arsonists. Maybe not fiction anymore?

That technology ( scanner specifically ) has been well known since 2014
Mark Goodman's book.


Sent from my iPad using Tapatalk
 
Which really is just abstracting the responsibility and the risk for devops somewhere else rather than getting rid of problems

Cloud computing still has to involve real servers somewhere, but at least it gives people a warm and fuzzy feeling that everything is safe because it's in the cloud
If the "cloud" feature becomes an integral part of the production process rather than just a "nice to have" for producing management reports, then it will be possible to shut down a plant by attacking its outside network connections without having to break through the plant's internal security.

There's also the risk posed by governments using their authority to get access to your data if the cloud servers are on their territory. The following quote is worth reading. The company is one of the smaller SCADA/HMI system providers.
One final note on security for companies in the United States: The U.S. government has legal author-ity to get copies of anything you place on the cloud, without notifying you. This law came into effect through the Department of Homeland Security after the Sept. 11, 2001 terrorist attacks.

The exact letter of the law is a little ambiguous, but the essence of it means that if the government wants to gain access to data that is stored in a cloud server located in the U.S., it can pretty much get it without a search warrant and without notifying you. If the data is located on your premises, such as your local intranet, the government is required to notify you of their interest in accessing it and can only force the matter by legally obtaining a search warrant.

If your information is stored on the cloud, the government can access it through your cloud service provider, or your ISP (Internet service provider). This means that your information could be exposed at any time and you might never even know it, unless your cloud service notified you. In fact, because of Homeland Security, the government may even force your service provider not to tell you. The only way to ensure that no one sees your sensitive information is to keep it off of the cloud.
 
For surfing Arrse, obviously :)

View attachment 507962

In fairness, we bought this fridge on Black Friday, and the smart panel was essentially free. We wouldn’t have chosen it, if we had to pay for it. it does have its uses though, like a timer app, and it shows the time and weather forecast on its screen saver. it does indeed have a camera inside, and you can look at the inside from the supermarket if you really wanted to. I‘ve never done it, not sure if the wife has. I like it.
Given that refrigerators should a couple of decades, and that tablet or phone devices are stretching it to not be obsolete after 5 years, the display will probably end up being non-functional through most of of the life of the appliance.
 
Given that refrigerators should a couple of decades, and that tablet or phone devices are stretching it to not be obsolete after 5 years, the display will probably end up being non-functional through most of of the life of the appliance.

Indeed, it will be relegated to a beer fridge by then. Then again, it's a Samsung, and while their TVs are good, their appliances are utterly shit. We've been in our house not quite 18 months. In that time, the oven's gone tits up three times and we have a dishwasher that's just started leaking. Never again. I'm not that bothered if I have to replace the fridge, other than financially. All the kitchen appliances are Samsung, and it was a poor choice, based on experience now.
 

Yokel

LE
I read that other day that Microsoft think most Cyber attacks against their systems originate in Russia.... State sponsored or crime gangs?

Anyway, my local NHS Trust is after a Cyber Security Officer:

Good communication skills are essential, as the successful candidate will be working with colleagues of all levels within NDHT, external NHS/Government organisations and third party suppliers.

The key functions of the role is to provide excellence in Cyber Security with responsibility for the reporting, awareness, documentation, and audit related to the safeguarding of information and technology assets, while identifying the latest technology security advancements.

Experience of operating in a similar roll with a working knowledge of security and IT industry standards and processes such as ITIL, IG, and GDPR is essential. Existing certification such as Security+, SSCP or CISSP is highly desirable.

Working knowledge of Microsoft & Linux OS, patch management, encryption, antivirus, and reporting products would be advantageous, with experiencing with operating within an IT infrastructure environment desirable.

Are the threats mainly denial of service attacks or people looking to find clinical information about individual patients?
 
I read that other day that Microsoft think most Cyber attacks against their systems originate in Russia.... State sponsored or crime gangs?

That is sometimes one and the same thing, after all they do like outsourcing their dirty work, like Wagner for plausible deniability when they need a private army and want to go nothing to do with us oh look a squirrel
 
Are the threats mainly denial of service attacks or people looking to find clinical information about individual patients?

I'd imagine the most common is accidental or deliberately targeted crypto currency ransom viruses for money, and network outages to do with viruses due to slack drills from people opening emails on the network etc rather than usually being state sponsored attacks targeting the NHS for more nefarious means
 

SecurityGeek

Old-Salt
I read that other day that Microsoft think most Cyber attacks against their systems originate in Russia.... State sponsored or crime gangs?

Anyway, my local NHS Trust is after a Cyber Security Officer:

Good communication skills are essential, as the successful candidate will be working with colleagues of all levels within NDHT, external NHS/Government organisations and third party suppliers.

The key functions of the role is to provide excellence in Cyber Security with responsibility for the reporting, awareness, documentation, and audit related to the safeguarding of information and technology assets, while identifying the latest technology security advancements.

Experience of operating in a similar roll with a working knowledge of security and IT industry standards and processes such as ITIL, IG, and GDPR is essential. Existing certification such as Security+, SSCP or CISSP is highly desirable.

Working knowledge of Microsoft & Linux OS, patch management, encryption, antivirus, and reporting products would be advantageous, with experiencing with operating within an IT infrastructure environment desirable.


Are the threats mainly denial of service attacks or people looking to find clinical information about individual patients?
The Trust near me was recruiting for similar shortly before lockdown. I thought about applying when my career path changed due to a Covid related Chapter 11 event of interest.
Thought about applying right until I saw what they were offering. I heard they filled the post. I suspect it will be with a partially shaved monkey that can be scapegoated at the first sign of trouble.
 
The Trust near me was recruiting for similar shortly before lockdown. I thought about applying when my career path changed due to a Covid related Chapter 11 event of interest.
Thought about applying right until I saw what they were offering. I heard they filled the post. I suspect it will be with a partially shaved monkey that can be scapegoated at the first sign of trouble.

Could be worse, they could bring in cheap labour on ICTs on a revolving door basis
 
I read that other day that Microsoft think most Cyber attacks against their systems originate in Russia.... State sponsored or crime gangs? (...)
A lot of computer crime is run by people in Russia, Ukraine, Romania, and Bulgaria, just like a lot of 419 scams are run by West Africans.

In the case of East European computer crime the fall of communism coincided with the increasing spread of commercially available Internet service and the collapse of many post-communist economies. The region had a high level of technical skill who found themselves in need of some way to make money, and were in societies who had weak and corrupt policing systems.

Once a nucleus of people involved in computer based criminal enterprise developed, more people became exposed to it by acting as temporary staff or subcontractors. Regional concentration allowed them to operate through personal contact networks. There is now a widespread network of people who can adapt to new criminal trends quickly and find the skill sets needed to innovate while doing so.

It's not hugely different from how certain types of organised crime have operated through people originating in southern Italy or Albania.
 

Latest Threads

Top