This is a truly sobering report and points to the need for focused planning and preparation when considering cyber threats in critical industries. Hospitals can be viewed as microcosms of a larger threat. If critical infrastructure was significantly hampered due to an attack and the response was slow or inadequate, we could see injury and death on a truly massive scale at the local, regional or even national level.
Vulnerabilities and attack vectors were only a matter of time for these types of devices. Please read the article closely and note that only older (pre-2017) devices are vulnerable and physical access is needed. You should be very cautious when buying a used device or a device from a 3rd party reseller.
Please review your iOS devices and patch/update accordingly.
Browsers are getting marginally better in defending against compromise, especially with the progression of better sandboxing techniques, but some browsers are doing a better job than others.
This article is a great motivational tool for reevaluating your security controls and awareness training. It does not take long at all to get hacked!
Setting aside the allegations of Russian hacking attempts surrounding the election, these latest claims involving the Vermont power grid are a bit of a stretch. As this article states, Grizzly Steppe is a fairly common malware variant and could have been leveraged by any number of entities. It frankly could have landed on the laptop in question accidentally through a completely separate exploit path. Malware, once in the wild, can rarely be tied to any specific organization or nation state. Once it has proven its worth, any number of bad actors will begin to use it.
Retribution…Proportional response…these are simple phrases intended to calm the masses and justify actions. Many times these phrases are both necessary and warranted. In today’s case, my fears are fueled by the nature of diplomatic “one-upsmanship” that can take place in this scenario. Russia does not view the score as now even. Round two and three and four are coming. Be prepared!