Insider Ransomware and Pneumatic Tubes: Cybersecurity News for the Week of—08/02/21
Posted by: GuidePoint Security
Published 08/12/2021, 9:30am
In this week’s cybersecurity news, we take a look at recently discovered vulnerabilities affecting the pneumatic tube devices used in 80% of North American hospitals. In addition, we’ll review other significant vulnerabilities that affect millions of operational technology (OT) devices used in manufacturing. And in ransomware news, we’ll look at a recent study that found ransomware gang activity involving the recruitment of corporate insider employees to help with network breaches, with the payout being millions of dollars.
- Critical ‘PwnedPiper’ vulnerabilities create significant risk for hospitals
- Manufacturing at risk after critical flaws found in industrial control devices
- Ransomware rebels: threat actors recruiting insiders for ransomware attacks
Final Words
Two of our news stories this week (see PwnedPiper and Manufacturing at risk), focus on the threat to operational technology (OT) used in tens of thousands of businesses in the United States, from hospitals and healthcare facilities to power plants, water treatment facilities, manufacturing plants, and critical infrastructure sectors.
When it comes to cybercrime and cybersecurity, all too often businesses focus on the obvious—computer systems and networks—while sometimes forgetting that hundreds of other internal devices are exposed over the internet, including industrial control system (ICS) sensors, medical devices, mobile applications, and web interfaces. Any issue in any one of these connected devices—from system flaws, improper configurations, weak segregation between IT and OT, and weaknesses in ICS protocols and applications—will contribute to making OT and ICS highly vulnerable to attack. OT—and ICS systems, in particular—are also at extreme risk from attack because many operate under decades-old legacy operating systems that may no longer be supported.
Organizations need to recognize that operational technology is increasingly exposed to the same level of threats as IT. With so much at stake—including critical industrial secrets, supply chains, and even lives—the results of an attack on OT infrastructure could be devastating. The steps businesses can take to protect from an OT attack include:
- Creation of a continuity of operations plan (COOP) and resiliency plan
- Identification of critical processes that must continue interrupted
- Implementation of robust network segmentation between IT and OT
- Regular software updates, including any associated with OT or any sensors or devices connected to OT
- Ensuring appropriate use privileges
- Enabling multi-factor authentication
- Engaging in regular vulnerability and penetration testing
GuidePoint Security