Weather report, jail time and a killer of a USB stick
Welcome to Cyber Security Today. It’s Monday April 22nd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com
‘Be prepared for the weather‘ might be your motto when you step out the door every day. The Weather Channel certainly seems to be prepared for cyber attacks. One hit the cable network last week and knocked it off the air for about an hour and a half. The company put out a statement saying it had been hit by a malicious software attack, but was able to get back on the air through backup mechanisms. The FBI told the Wall Street Journal it was investigating a ransomware attack at the channel. Whatever the cause, apparently the company was prepared. Can you say the same for your firm?
This incident is a good example of risk management. Every organization has to decide what their tolerance is for being knocked offline by a cyber attack. Can you be without the Internet for five minutes? One hour? One day? Whatever the answer, prepare a disaster recovery plan with backup capabilities around that. And remember to practice the recovery plan at least once a year so staff know what to do and where resources are.
The city of Augusta, Maine is hoping to open city hall today after a cyber attack last week crippled the municipality’s systems. The city’s director of information technology insisted no personal data about residents was taken. But police, fire and ambulance dispatchers had to work by hand instead of with computers.
A New York judge has sentenced a Macedonian man to 90 months in jail after pleading guilty to access device fraud and aggravated identity theft. He also has to forfeit $250,000 and pay a yet-to-be-set amount of restitution. All this because he ran a website for selling data from 1.3 million stolen credit and debit cards, bank login credentials and personal information.
When I was a reporter with the Calgary Herald years ago we discussed making vistors wear identity tags so staff would know who in the building wasn’t an employee. At the time we urged management to reject the idea. Today, with easily accessible computers on every desk, companies have to think carefully about physical security. What brought this to mind was a news story last week about a man who pleaded guilty to destroying 59 computers and seven monitors at a U.S. college in New York state. A former MBA graduate from the college, he walked into at least one building and plugged in a USB stick called a USB Killer, which charges itself from the port — much like you’d charge your cellphone — and the fires an electrical current back into a device. A company makes these apparently to test a USB port’s resistance to attacks.
It may be hard for a college with many buildings and thousands of students to prevent outsiders from walking in. But IT administrators can do things like turn off USB ports or install physical USB port blockers. Computer manufacturers should make their devices resistant to this type of attack. By the way, this killer also works on the Lightning connectors on Apple devices. So keep your computers, iPhones and iPads close at hand.
The man will be sentenced in August.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon