It Isn’t Just Amazon and Google Spying on You

As if that wasn’t enough. Alexa and Google Home abused to eavesdrop and phish passwords.

By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials.

Now, there’s a new concern: malicious apps developed by third parties and hosted by Amazon or Google.

Privacy is such a 20th Century concept.

Advertisements

Ransomware vs 911 Call Center – Nobody Wins

Hard to quantify the cost of an outage when it can cost lives. Ransomware attack may be affecting 911, emergency dispatch in Jasper Co.

Earlier this week it was confirmed Jasper County had a cyber attack on their countywide systems, including email and emergency response systems.

At that time, county officials said 911 and emergency dispatch services were not having any issues as a result of the cyberware attack. Now, that may not be the case.

Color me shocked. A politician isn’t telling the truth. OR, a politician who doesn’t actually know what is going on.

A system that was formerly automatic (in terms of locating addresses) is now reverted to manual. Causing delays.

First responders say every second the county or city response teams are not responding to a call, someone’s life could be put at risk.

“To do that by hand, to take that extra time it could cost someone their life.”

At least the system wasn’t knocked out completely, as it was in other areas. Still, it might be good to have a plan B. Like know some first aid, or have the local police and fire numbers in your phone.

The First Lady of Naval Cryptology

[UPDATE: Some folks seem to think I spelled Cryptography incorrectly in the title to this post. But that isn’t how Agnes Meyer-Driscoll was known. See Remembering the First Lady of Naval Cryptology. I originally referenced the NSA’s site, because why not. Maybe I should have used the Navy’s site.]

Agnes Meyer Driscoll sounds like an extraordinary woman. She was born July 24, 1889 and passed away on September 16, 1971.

In June 1918, about one year after America entered World War I, Agnes Meyer enlisted in the United States Navy. She was recruited at the highest possible rank of chief yeoman and was assigned to the Code and Signal section of the Director of Naval Communications. Except for a two-year hiatus, when she worked for a private firm, Agnes Meyer Driscoll (she married in 1924) would remain a leading cryptanalyst for the U.S. Navy until 1949.

She worked to break the Japanese naval codes of the 1920s, 1930s and 1940s. She worked to break the cipher of the Orange Machine, which wasn’t quite the Japanese Enigma. And she did work on Enigma, though that code was broken by the British.

In 1949 she transferred to the Armed Forces Security Agency, which became the National Security Agency in 1952. She retired in 1959.

Hat tip to Coffee or Die (which is becoming one of my favorite reads). 7 Badasses in the U.S. Navy — Who Aren’t SEALs! Which is worth your time in its own right. (Beach Jumpers, the USS Seahorse, and more.)

Alabama Hospital Pays Ransom

But it’s OK, because they have insurance. Alabama Hospitals Back Online 10 Days After Malware Attack.

The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling services were going back online Friday.

So they did what the FBI has been telling people not to do, which is pay the ransom. I wonder if they will take any action to prevent a repeat attack, or if the bad guys are just keeping a list for places to revisit next year. I also wonder how long insurance will be available. You can get homeowners’ insurance because house fires are relatively rare occurrences. If half of your neighborhood burned every year, insurance would be harder to come by, or it would cost a whole lot more.

Is Ransomware Getting Worse? Yes

The FBI sees the writing on the wall. Will anyone listen? FBI warns of major ransomware attacks as criminals go “big-game hunting.

Where certain attacks have behaved like opportunistic attacks – Baltimore is mentioned – that is changing as the bad guys get better, or worse. Better at being bad guys, anyway.

Data from CrowdStrike has shown a rise in what the firm refers to as “big-game hunting” over the past 18 months. These attacks focus on high-value data or assets within organizations that are especially sensitive to downtime—so the motivation to pay a ransom is consequently very high.

And the FBI, though they didn’t give much info, thought the situation warranted a warning. Not that anyone will listen. Actually preparing for such an attack costs money, and means we have to change the way I do things, in ways that I don’t like, and besides those damn IT folks are always wanting to spend money some crazy thing. And what can it cost, anyway?

What Is the Cost of a Ransomware Attack?

In the case of Demant (a Danish company), the costs are high. Ransomware incident to cost Danish company a whopping $95 million.

While they had an insurance policy, it will not cover a quarter of that bill. And there are worries that while they were down, and unable even to support retail sales, customers switched brands, and will not be back.

And the company isn’t saying “ransomware.” Though Danish media is reporting it that way, and it “sure did look like one from the outside.”

Most of the losses have come from lost sales and the company not being able to fulfill orders. The actual cost of recovering and rebuilding its IT infrastructure were only around $7.3 million, a small sum compared to the grand total.

So what part of that $7 million has the IT department been pleading for? But as they say, there is much more.

Furthermore, “in our hearing aid retail business, many clinics across our network have not been able to service end-users in a regular fashion.”

These business upheavals have been a disaster for the company’s bottom line. In a message to its investors, Demant said it expects to lose somewhere between $80 million and $95 million.

So, for that $7 million, could the IT folks have made themselves immune to ransomware? Probably not. But they might have been able to mitigate the cost, and it’s not like the company didn’t end up spending the money anyway. The difference is between a scrambling emergency, that impacts customers, as well as both top-line growth and the bottom-line, and a planned implementation.

Other incidents from 2019 include…

defence contractor Rheinmetall, airplane parts manufacturer Asco, aluminum provider Norsk Hydro, cyber-security firm Verint, the UK Police Federation, utility vehicles manufacturer Aebi Schmidt, Arizona Beverages, engineering firm Altran, the Cleveland international airport, and chemicals producers Hexion and Momentive.

Hat tip to Security Now episode #735.

Alabama Hospitals Pay Ransom

So that will encourage the people keep executing attacks. DCH pays hackers responsible for ransomware attack.

The DCH Health System has made a payment to the hackers responsible for the crippling attack on its computer system that’s impacted operations at its three hospitals since early Tuesday morning.

Because it is easier to pay ransom to a bunch of criminals than spend the money to secure and backup your systems ahead of time. Besides, at least for now, you can buy insurance for these kinds of hacks. I can’t believe that the insurance companies can keep this up forever.