Information Technology

The government of Lazio, Italy took to Facebook this weekend to notify residents of a cyberattack that hit the region’s portal for COVID-19 vaccinations and other IT systems. In a translation of the message posted to the official Lazio government Facebook page, officials said a “powerful” attack had hit the region’s databases on Sunday and that all systems are disabled, including the Salute Lazio portal and the system that managed the COVID-19 vaccine bookings.They added that vaccination operations may experience delays because of the attack. Government officials did not say if it was a ransomware attack. Nicola Zingaretti, president of the Lazio Region, also took to Facebook to let residents know that they still have not identified the people behind the attack but he noted that the attack was “of criminal origin.”Zingaretti explained that the initial attack took place on Saturday night into Sunday morning and that it “blocked almost all of the files in the data center.” “At the moment the system is shut down to allow internal verification and to prevent the spread of the virus introduced with the attack. LazioCrea informs us that health data is safe, as well as financial and budget data,” Zingaretti said. “We are migrating essential services to external clouds to make them operational as soon as possible. 112, 118, Emergency Department, Transfusion Center and Civil Protection are safe and are providing services regularly. The situation is serious and we immediately alerted the Postal Police and the highest levels of the State, which we thank.”

He later told a press conference that the region was facing an attack “of a terrorist nature” and called it a criminal offensive that is “the most serious that has ever occurred” on Italian territory.”The attacks are still taking place. The situation is very serious,” he said, according to ANSA. A source told the news outlet that the cyberattackers gained access to the system using the profile of an administrator. Through the stolen profile, they were able to activate a “crypto-locker” malware that “encrypted the data on the system,” the sources said. CNN reported that local officials have received a ransom demand. Lazio Region president Nicola Zingaretti visits a local hospital after the cyberattack. 
Screenshot of Nicola Zingaretti’s Facebook page
In subsequent messages, Zingaretti touted officials in Lazio that continued the COVID-19 vaccination drive in spite of the attack. He announced that the region reached a milestone of having 70% of the adult population vaccinated. Lazio region’s health manager Alessio D’Amato told Reuters that the attack was “very serious” and that “everything is out.” A state news agency said prosecutors in Rome and other law enforcement bodies are looking into the attack.  The local government used Facebook to update residents about the COVID-19 situation in the region and said that due to the IT systems being down, they were only able to share data about new COVID-19 positive cases, deaths and hospitalizations. Even though most IT systems were offline, some had been restored, including emergency networks, time-dependent networks, and hospital systems. The local government reiterated that the vaccination drives would continue in spite of the attack. “The vaccination campaign won’t stop! Yesterday, 50,000 vaccines were administered, despite the biggest cyberattack suffered. Until August 13th, there are over 500,000 citizens who have their reservation and can go to the administration centers on the date and time indicated above,” government officials wrote on Facebook. “Technicians are working to safely reactivate new bookings as well and no data has been stolen. We’re in constant contact with the commissioner’s structure to ensure vaccination users have a green pass as usual.”In another message, Lazio officials reiterated that the hacker failed to stop the Lazio vaccination campaign.”We will not stop in the face of this attack,” the officials wrote. Throughout the COVID-19 pandemic, cybercriminals routinely attacked hospitals and healthcare facilities with ransomware knowing they would be more likely to pay ransoms due to the need for lifesaving medical technology.Multiple countries, like Ireland and New Zealand, are still in the process of recovering from devastating ransomware attacks that crippled their hospital IT systems for weeks.  More

Technology giant CDW announced the acquisition of cybersecurity company Focal Point Data Risk for an undisclosed amount. Christine Leahy, CEO of CDW, said adding Focal Point’s “array of security consulting, customer workforce skills development and professional services capabilities” would help expand the company’s portfolio and enhance their ability to “address risks posed by malicious cyber threats and cyber workforce shortages, while helping customers successfully navigate shifting data protection laws.””Helping our customers leverage technology to protect their most critical data is core to our mission,” Leahy said.In a statement, Focal Point said it has a variety of customers across “highly regulated and complex” industries such as government, financial services and healthcare. They prioritize identity and access management as well as cloud security and DevSecOps.Focal Point CEO Brian Marlier said the two companies are “well-aligned with shared values and a reputation for exceeding customer expectations.””For our customers and coworkers, joining CDW creates a meaningful opportunity to build a world that is secure by design and protected by default,” Marlier said. “More than ever, our customers need us to mitigate risk as they progress their digital journey.”Another CDW executive, senior vice president Andy Eccles, added that the company was increasingly focused on a cloud-first approach with customers, making it essential that they offer  identity management and data protection services which support the full technology lifecycle.

“With the Focal Point team joining forces with CDW, our intent is clear – to deliver the industry’s best customer experience as we use our unparalleled expertise to protect our customers today and in the future,” Eccles said. 

Tech Earnings More

We all know that one person who means well and has good intentions but doesn’t have the best communication skills. Perhaps, it’s a politician or a world leader that you know. They’ll tell you to do something because it’s for your own good and that if you don’t do it voluntarily, there’s an imminent danger that bad things will happen. 

ZDNet Recommends

For example, if you do not get your COVID-19 vaccine, and you do not wear a mask in public places, with this new Delta variant, you stand a very good chance of becoming infected, possibly very ill with long-standing effects, and maybe become hospitalized and even die.  Also: Windows 11 FAQ And at the very least, even if you don’t become ill, even if you are asymptomatic, you can become an active spreader of something that can potentially harm many other people, possibly those who are close to you. Getting your COVID-19 vaccine is called being proactive. Wearing your mask is acting responsibly. We don’t always like listening to people of authority, especially when we are asked to do something that doesn’t have immediately visible, tangible benefits. Doing things proactively, such as getting a COVID-19 vaccine and wearing a mask, requires having faith in someone being supplied with superior knowledge and expertise, such as a world leader or public health expert. However, as we know, not everyone in a position of authority and possessing subject matter expertise is so polished they can package a message like this and make it palatable to every end-user. 

With its Windows 11 rollout, Microsoft is not entirely different from that unpolished world leader or politician. Its communication skills have left room for improvement related to this significant and critical Windows upgrade. That’s something I think everyone covering this industry can agree on. We know it means well, we know it has the expertise, but people will still challenge it and get all huffy when they are being told that Windows 11 is an essential upgrade related to securing the PC platform from advanced malware threats.  But to take advantage of the new security capabilities that shield you from these threats, your PC hardware needs to be able to support it. And that is not a message people want to hear. Unfortunately, many legacy PCs, regardless of what antivirus solutions they may run and regardless of how functional and how fast they still run their application workloads, are highly vulnerable to these threats. And as they are not eligible for the Windows 11 upgrade, they are effectively immunocompromised. Just like getting a COVID-19 vaccine and wearing a mask is proactive, so are the architectural changes required to upgrade to Windows 11. And in some cases, implementing those is going to need investment in new PC hardware. It will also require investing in further training and, potentially, some new deployment tools. It’s going to cost some money. But as we know, implementing security changes in your large organization, small business, and consumer space is also not easy to sell. Anything that helps ensure business continuity and strengthen security resiliency from a threat that isn’t immediately visible will fall on deaf ears to all but the most cautious and conservative IT organizations, let alone end-users. 

How many companies or individuals have we encountered as professionals that run their environments with no or untested backups, haven’t run a complete continuity and DR test in years, and then get burned for it? I mean, how many people did we know that ran with no antivirus or firewall for years before it was built into the foundational IT infrastructure because they didn’t want to pay for it or just felt it was a nuisance? I have dozens of stories as a former IT architect and consultant over my 30-year career to tell for this. It’s tough to sell hardened security or any form of protection as the defining feature to the entire user population. So Windows 11 is also being released with an exciting new user interface to entice them to upgrade, whether by opting-in on hardware that can already accommodate the new OS or upgrading to new PCs. Is this going to cost money to most organizations? Yes. Are a lot of end-user PCs going to need upgrades, costing people money? Yes. Spending money is painful, especially if we are talking about an upgrade to something strictly preventative in nature.  But do you know what is even more painful? A compromise — one which results in reputation loss, such as a publicly visible one that gets your organization on the news, such as a ransomware attack that holds all your IT assets hostage and stops your business cold for days.  Such an attack makes you and your company look stupid for not remediating it when it could have been prevented.  Best case scenario in this situation? Your customers think you’re a bunch of incompetent idiots. Worst case? Business-ending event. The good news is that, like the Pfizer and Moderna COVID-19 vaccines, you can get the first “shot” now. If your hardware supports the new secure boot, virtualization-based security (VBS), and Hypervisor-protected Code Integrity (Memory Integrity/Core Isolation) you can turn it on in Windows 10 today. And when Windows 11 arrives in October or November, get that second shot. And if any of your systems aren’t eligible, replace them. Immediately. Because that’s the proactive and responsible thing to do. More

Have you seen the prompt on your iPhone to update to iOS 14.7.1, but you’ve been putting it off? After all, it doesn’t seem like there’s much to it.

It’s just a bug fix, right? No, this is no ordinary bug fix. Must read: Why you need to update all your iPhones, iPads, and Macs urgently – NOW! I find Apple a bit strange in that it downplays security vulnerabilities. Apple will tell you that an update is important, but in Apple-land, all updates are important. Take the release notes for iOS 14.7.1 as an example: iOS 14.7.1 fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the Unlock with iPhone feature. This update also provides important security updates and is recommended for all users. The update is “important” and “recommended.”

But some are more important and recommended than others. And this is one example. Switch over to Apple’s support page that details security fixes, which paints a more serious picture. Few click to go to this page, but it’s worth a visit. This is what it says about iOS 14.7.1 (and iPadOS 14.7.1): IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30807: an anonymous researcher Let me highlight the key bit for you: “Apple is aware of a report that this issue may have been actively exploited.” In case you don’t know, that’s serious. But it gets better. Security researcher Saar Amar, who discovered this vulnerability several months ago, has detailed this bug and how bad guys can exploit it. You can read the gory details here. The bottom line is that not all bugs are the same, and not all updates are created equally, and while iOS 14.7.1 seems on the face of it to be a small update, it’s incredibly important. So, if your iPhone or iPad is still reminding you to install this update, do it now. Right now. To install the update, go to Settings > General > Software Update and download it from there. More

A lack of business investment means cybersecurity teams are struggling to keep enterprise networks secure at a time when the rise in remote working is providing additional security challenges — and it’s having an impact on their well-being.

A global study of cybersecurity professionals by information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) warns that this lack of investment, combined with the challenge of additional workloads, is resulting in a skills shortage that’s leading to unfilled jobs and high burnout among information security staff. According to the study, which surveyed over 500 cybersecurity professionals, 57 percent say a shortage of cybersecurity skills has impacted the organisation they work for, while just over ten percent report a significant impact. The effect is an increased workload for information security staff, according to 62 percent of respondents. That’s had a knock-on effect on the mental health of information security staff, 38 percent of whom say they’ve experienced burnout as a result of extra work pressures during what was already a difficult year.  “The impact, especially this past year of the pandemic, has been significant. Teams are expected to do even more as a result of businesses moving to the remote operating model,” says Candy Alexander, board president of ISSA International.  “The risk landscape has shifted dramatically to a more exposed environment and a cyber-war is in full swing with ransomware attacks becoming devastating to many businesses. Cybersecurity professionals are now challenged with keeping up with the latest and greatest threats,” Alexander adds. One of the reasons many cybersecurity staff have struggled is because of the sudden rise of remote working as a result of the global pandemic: 50 percent of respondents say this has led to an increase in stress. 

Greater prevalence of remote working has made some aspects of enterprise network security more difficult, as cybersecurity staff have needed to help employees — many of whom may not have worked from home before — stay safe.   More remote working means greater usage of cloud applications, which has led to increased demand for cybersecurity professionals with skills in cloud computing security . A significant number of organisations are struggling to find the people to fill these gaps. Almost four in ten (39%) of cybersecurity professionals say their organisation is struggling to fill cloud computing security roles. Meanwhile, 30 percent are finding it difficult to fill vacancies in application security, and there’s a similar story when it comes to security analysis and investigation. Basic mistakes The ISSA/ESG report found that many organisations are making basic mistakes in hiring and recruiting cybersecurity professionals. More than three-quarters said it was extremely or somewhat difficult to recruit and hire security professionals, but 38% said their organisation doesn’t offer competitive compensation, while 29% said their HR department doesn’t understand the skills needed for cybersecurity and 25% said that job postings at their organisation tended to be unrealistic. Three-quarters of security professionals said that they were approached by recruiters every month. Part of the issue, the report suggests, is many boardrooms view cybersecurity as a cost — something that needs money spent on it but doesn’t help the bottom line of the business — especially when organisations think about finances in the short-term. It’s likely these boardrooms still see cybersecurity as a technology issue rather than a business issue, which is naïve when high-profile data breaches and ransomware attacks have demonstrated that if cybersecurity isn’t managed correctly, it can have huge consequences for the whole business, not just the IT and cybersecurity teams. “Cybersecurity is seen as a cost centre to the business — something you have to do, but only to a minimal degree, like paying the light bill. We need to shift the conversation to aligning our security programs with the business,” says Alexander.  “Businesses have a tendency to invest in things they see value in. We need to ensure they see the value in our cybersecurity programs — including people, training and technology,” she added.  People and training are a key issue here: technology changes fast and the methods cyber criminals use to break into networks are constantly evolving, so it’s important for organisations not only to hire the right people, but also to invest in training them so they can continue in their jobs by reacting to the latest threats and dealing with new forms of technology.  But that doesn’t start with employers: in order to ensure there are enough people to fill cybesecurity jobs going forward, education and training pathways are needed.  “At a societal level, we have to do more to educate school age children about cybersecurity and career opportunities,” says Jon Oltsik, Senior Principal Analyst and ESG Fellow.  “We need more funding for cybersecurity scholarships. We need more internship and mentoring programs. All of these things are works in progress and there are some worthwhile efforts, but supply is not keeping up with demand and it won’t anytime soon”.  In the meantime, it’s recommended that CISOs are in communication with the board in order to ensure that they’re aware of the needs of cybersecurity and that they are getting appropriate amount of attention and investment. And while issues around the available cybersecurity workforce might continue to be a problem for CISOs for now, there are tools and technologies that can help ease the staff workloads, helping to improve both their wellbeing and the organisation’s cyber defences. “CISOs must make all decisions assuming the impact of the cybersecurity skills shortage. This requires a greater commitment to working with service providers, process automation, and advanced analytics technologies,” says Oltsik.  

MORE ON CYBERSECURITY More

Microsoft’s Security Intelligence team has issued an alert to Office 365 users and admins to be on the lookout for a “crafty” phishing email with spoofed sender addresses. 

Microsoft put out an alert after observing an active campaign targeting Office 365 organizations with convincing emails and several techniques to bypass phishing detection, including an Office 365 phishing page, Google cloud web app hosting, and a compromised SharePoint site that urges victims to type in their credentials.  SEE: Network security policy (TechRepublic Premium) “An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” the Microsoft Security Intelligence team said in an update.   “The original sender addresses contain variations of the word “referral” and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting.”

The emails use a SharePoint lure in the display name as well as in the message, which poses as a “file share” request for supposed “Staff Reports”, “Bonuses”, “Pricebooks”, and other content, with a link that navigates to the phishing page. pic.twitter.com/c33awiAeH4— Microsoft Security Intelligence (@MsftSecIntel) July 30, 2021

Phishing continues to be a tricky problem for businesses to stamp out, requiring regularly updated phishing awareness training and technical solutions, such as multi-factor authentication on all accounts – which both Microsoft and CISA highly recommend.  Phishing is a key component of business email compromise (BEC) attacks, which cost Americans more than $4.2 billion last year, according to the FBI’s latest figures. It’s far more costly than high-profile ransomware attacks. BEC, which relies on compromised email accounts or email addresses that are similar to legitimate ones, are difficult to filter as they blend within normal, expected traffic.   

The phishing group is using Microsoft SharePoint in the display name to entice victims to click the link. The email poses as a “file share” request to access bogus “Staff Reports”, “Bonuses”, “Pricebooks”, and other content hosted in a supposed Excel spreadsheet. It also contains a link that navigates to the phishing page and plenty of Microsoft branding. While convincing Microsoft logos are littered across the email, the main phishing URL relies on a Google storage resource that points the victim to the Google App Engine domain AppSpot – a place to host web applications. “The emails contain two URLs that have malformed HTTP headers. The primary phishing URL is a Google storage resource that points to an AppSpot domain that requires the user to sign in before finally serving another Google User Content domain with an Office 365 phishing page,” Microsoft notes.  SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief The second URL is embedded in the notifications settings links the victim to a compromised SharePoint site. Both URLs require sign-in to get to the final page, allowing the attack to bypass sandboxes.  This campaign is “sneakier than usual”, Microsoft notes.   Microsoft has been touting its ‘Safe Links’ Defender for Office 365 phishing protection feature that ‘detonates’ phishing email at the point a user clicks on a link that matches its list of known phishing pages.  Microsoft has also published details on GitHub about the infrastructure linked to the spoofed emails imitating SharePoint and other products for credential phishing.  “The operator is also known to use legitimate URL infrastructure such as Google, Microsoft, and Digital Ocean to host their phishing pages,” Microsoft notes.  More

Countries in Central and Eastern Europe run regular drills of their cyber defenses, which have been extensively tested in recent cyberattacks.
Image: MR.Cole_Photographer/Getty
Cyberattacks are something every country has to deal with, but countries in Central and Eastern Europe are particularly wary of the occasional attack on their critical infrastructures and governments.

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

“Last year, we had over 4,300 incidents recorded,” Rytis Rainys, the director of the National Cyber Security Center of Lithuania, a country with a population of less than three million, tells ZDNet. “That comes down to over 100 each day. We are constantly dealing with this, and that makes having your national cyber defense in top-notch condition extremely important.” SEE: Network security policy (TechRepublic Premium)Most attacks in the region don’t make the headlines; others do. The attacks on Ukraine’s power grid in 2015 are still rooted in the collective memory of security professionals, while the global 2017 ransomware attack was first noticed in Ukraine. A decade earlier, some of Estonia’s key institutions of government and finance were under attack, an event that prompted the country to bolster its cyber defenses and seek international partnerships. More recently, Polish government officials had their private mailboxes hacked and messages leaked. Many had used their accounts for government communications – something that most security experts agree is not a good idea.Levelling the playing fieldThe reason IT infrastructure in Central and Eastern Europe seems to come under attack more frequently has to do with its proximity to – and relationship with – Russia, says Andrzej Kozlowski, a cybersecurity expert at Krakow-based think tank, Kosciuszko Institute. “The main difference between non-state and state actors conducting cyberattacks is that the latter does not need to balance costs with benefits,” he tells ZDNet.Not only do states have many more resources at hand, but they also don’t need short-term financial gratification. “During the pandemic, we have seen attacks on medical facilities, which are aimed to just create an extra burden,” says Kozlowski.

The Russian Federation in particular is a bit different in its methods than others. “These are not hackers employed by the state. Instead, we see a direct connection between actual cyber criminals and the secret service. When cyber criminals do something, nobody in Russia stops them and no one is ever extradited. This is unique. If you compare it to North Korea, for example, those are the security services doing the actual hacking.”The main benefit of that approach, according to Kozlowski, is that it offers plausible deniability that provides a shield from any consequences: “From the perspective of the Russian Federation, cyberspace is a great place to realize their goals. In a conventional military sense, Russia is no match for NATO. But in cyberspace, they can operate on a level playing field.”Beyond the firewallSo how do countries protect themselves? Lithuania regularly organizes cyber-defense exercises, both domestically and internationally, with the most recent being the Exercise Alarmex held in May of this year. These involve a ‘Blue Team’ and a ‘Red Team’ going head to head, with the latter attacking a mock IT infrastructure similar to the one used in real life. “We use virtual machines to create that network of the different organizations, and then we create scenarios which involve the Red Team trying to break into the network of the Blue Team, who try to defend themselves,” says Rainys.Awareness plays a key role in this approach, which is why Lithuania’s National Cyber Security Center takes around half a year to prepare. Participating organizations do not know the scenarios beforehand, says Rainys. They test out social engineering, with the Red Team receiving information on important players within the opposing organizations. “The Red Team would pose as internal IT personnel and call the executive directly to ask them for the password, or use other phishing methods,” he says. SEE: This new ransomware group claims to have breached over 30 organisations so farWhile in the past organizations were not always willing to participate, these days this isn’t such an issue. “Four years ago, when we started this, we had to really try to convince them, but companies and institutions see the need now,” says Rainys. “We have a matrix of around 100 organizations deemed nationally critical, and they are eager to participate as it’s a great security test which is basically free of charge for them.”Coordination is key, not just between different security teams, but between different organizational branches as well. “I participated in one such exercise myself,” Kozlowski says. “You also have different branches that hold their own responsibilities, such as the communication department that has to inform investors without causing panic.”Creating frameworksWhile the European Union gets criticism for being cumbersome, in the sense of cybersecurity it’s been solid, says Kozlowski. “One of the main strengths we have in Europe is that we can create laws that are subsequently implemented over the entire European Union. So you have things like the GDPR and the NIST Directive 1, while they are working on a second document.”The result is that all members of the European Union will implement minimal cybersecurity standards, says Kozolowski, meaning even the weakest points within the bloc will be comparatively resilient and overseen by ENISA, an EU agency for cybersecurity.European countries also collaborate militarily within the Permanent Structured Cooperation (PESCO) framework, within which sits the Lithuanian-led Cyber Rapid Response Teams (CRRTs), which conducts regular cyber-readiness drills. But there are also more international exercises – called Cyber Europe – organized by ENISA itself and NATO’s Cyber Coalition. Their purpose is to improve our ability to collaborate between incident management teams in different nations, Rainys says. “During attacks, loads of IP addresses are being used, so you need to coordinate to be able to block them.” While no single country, or even a bloc of collaborating countries, is ever truly ready for cyberattacks, they do need to build up and constantly tune their cybersecurity systems. And it’s not just resilience against attacks themselves. “The European Commission under Ursula von der Leyen has put a priority on digitization, and among other things have added cyber diplomacy to the toolbox to react to certain attacks,” says Kozlowski.”The main aim of exercises is to show policy makers how to react.” More

Security researchers have detailed vulnerabilities in the system controlling the pneumatic tube networks used in thousands of hospitals around the world, which could allow hackers to disrupt the services or potentially launch ransomware attacks.The series of vulnerabilities have been discovered in Nexus Control Panel, which powers current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare. The tubes allow staff to send patient test samples and medication around the hospital and are a key part of providing care to patients. 

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

Dubbed PwnedPiper, the nine security vulnerabilities have been detailed by cybersecurity researchers at Armis ahead of a presentation on the findings at Black Hat USA.  SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) They include hard-coded passwords, a privilege escalation vulnerability, memory corruption bugs that can lead to remote-code-execution and denial of service and a design flaw in which firmware upgrades on the Nexus Control Panel are unencrypted and don’t require any cryptographic signature, which could allow an attacker to gain unauthenticated remote-code execution privileges by initiating a firmware update procedure while also maintaining persistence on the device.”It was surprisingly easy to find these vulnerabilities; too easy, I would say. Although this device has a crucial function in hospitals for the critical infrastructure, the type of vulnerabilities that we found are similar to stuff that you would find on an average IoT device,” Ben Seri, VP of research at Armis, told ZDNet.  To get to a Nexus Control Panel, an attacker would need some access to the network via a phishing attack or breached remote desktop credentials. 

According to Armis, the infrastructure is used in more than 3,000 hospitals worldwide, including 2,300 in the United States. Researchers warn that by exploiting vulnerabilities in these systems, attackers could gain control over the tube network.It could also provide attackers with the ability to exploit the escalation of privileges enabled by the vulnerabilities to gain access to other sections of the network to the extent they could launch a ransomware attack against the hospital network.”It wasn’t difficult to find vulnerabilities here. It’s just the system that is hidden in plain sight. You don’t think about it and, normally, you don’t connect it being related to any critical functions – it’s a lack of knowledge of this area which leads to vulnerabilities,” said Seri. The vulnerabilities have been disclosed to Swisslog and security updates are available to close them and protect networks – healthcare organisations using Translogic’s PTS are urged to apply them.  “I think the lesson to be learned here is that this is the story of IoT in a way. Many applications have moved over the years from analogue systems to digital systems and eventually to be connected to the network and then later to the internet,” said Seri. “From the hospital’s point of view, this is just another reason to go ahead and apply network segmentation in the most effective way possible,” he added.  SEE: Ransomware: Now gangs are using virtual machines to disguise their attacksIt’s also recommended that hospitals apply access controls across the network, such as multi-factor authentication, so that users can’t gain access to networks and systems they don’t have permission to use in order to prevent intruders from exploiting this ability. “Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments,” said Seri. Swisslog confirmed that Armis had contacted them about the vulnerabilities and that software updates and mitigations are now available to fix the vulnerabilities and prevent them potentially being exploited on hospital networks.  “Swisslog Healthcare has already begun rolling out these solutions and will continue to work with its customers and affected facilities. Our commitment to security as an organizational priority has prepared us to address these types of issues with efficiency and transparency,” a spokesperson said.  MORE ON CYBERSECURITY More