Your browser is obsolete!

The page may not load correctly.

Look out for your things!

Следите за вещами!

Other issues in this category (10)
  • add to favourites
    Add to Bookmarks

Coffee, fish and carelessness

Read: 728 Comments: 3 Rating: 8

By coincidence, two similar news items appeared almost simultaneously.

A casino in North America came under a cyberattack because of a smart fish tank. An Internet-connected device was automatically dispensing food for the fish and controlling the tank’s internal environment.

“Hackers used the fish tank to get into the casino’s network. As soon as they got inside the tank, they did a system scan, found other vulnerabilities, and moved laterally to other network locations", explained Justin Fier, Darktrace’s Director for Cyber Intelligence and Analysis, to a CNN reporter.

https://hightech.fm/2017/07/20/fish_tank_hack

http://money.cnn.com/2017/07/19/technology/fish-tank-hack-darktrace/index.html

A European petrochemical factory’s computers were infected with encryption ransomware because a coffee machine was connected to one of the factory’s local control points.

https://lenta.ru/news/2017/07/25/cofeewannacry

Virtually everyone knows how to use a coffee machine, and there’s nothing unusual about fish tanks either. Why don’t similar incidents occur in Russia?

Outsourcing. Many companies don’t want to solve certain problems on their own so they give them to third parties to handle. In this case, the companies servicing the coffee machine and the fish tank weren't exactly security-conscious. And no wonder—no one would expect fish to rob a casino.

These incidents have a lot in common, but let's take a closer look at the second one.

All of a sudden, a report came in that all the computers were infected and displaying an error message. According to the operator, it looked like a ransomware attack. So I tell the operator to unplug the computers powering the monitoring system and then power them back on, and then to press the key combination to initiate a reinstallation from a network image.

I’m about to close this case when one by one, they start getting infected again. So at this point, the operator mentions that he could really use some coffee. And I tell him it's OK for him to get some coffee while I try to figure out why these computers keep getting re-infected. Only then he tells me he wasn't able to get coffee because all the coffee machines were showing the same ransomware attack message.

To make a long story short, the coffee machines are supposed to be connected to their own isolated Wi-Fi network; however, the person installing the coffee machine connected the machine to the internal control room network, and then, when he didn't get Internet access, he also connected it to the isolated Wi-Fi network.

The external company responsible for managing our coffee machine got an angrily worded letter for getting all those machines infected, and all of their customers were without working coffee machines for a couple of days.

https://www.reddit.com/r/talesfromtechsupport/comments/6ovy0h/how_the_coffeemachine_took_down_a_factories/?st=j5j49pe5&sh=3e6dcaad

#IoT #hacking

Dr.Web recommends

There is no obvious similarity to the NotPetya/Medoc outbreak. However, these occurrences have much in common. An application (or a device running an application) is operating within a corporate network and an outsider (or another company) has access to it. One day an infection occurs, and malware (a worm or a Trojan) easily spreads over the affected network.

The conclusion is simple: If a third party can access your network (which happens often), separate services or isolate them from each other.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments