The weakest link....
in any IT solution is not the software, security, etc, etc, but the user. Would I be wrong to suggest some f***wit clicked a link on an email and chaos subsequently ensued?
Bristol Airport deliberately yanked its flight screens offline for two days over the weekend in response to a cyberattack. Techies took down computer-based flight information systems at the airport in provincial England between Friday morning and the wee hours of Sunday morning. The electronic screens were replaced by …
It is definitely possible, and in my experience there are too many people who click on links automatically and regret them immediately afterwards.
Saying that however, the real question is why their flight info system could be accessed from the internet, whether directly or indirectly (e.g. via an internal router). Yes it is really convenient to get your updates as they occur, but what you really should do is download your updates to a DVB, check them via an antivirus footbath, and then load them on to your systems manually. Means more work for the techies, but ultimately secures your systems against 99.99% of attacks, and helps to neuter the ones you cannot secure against.
This may sound paranoid, but it isn't really. Remember, they really are out to get you.
It is definitely possible, and in my experience there are too many people who click on links automatically and regret them immediately afterwards.
We had one very memorable incident like that that once the dust had settled the idiot involved was asked why he clicked the link on what was a very obvious fishing email.
he had been briefed to avoid stuff like this in an infosec for users course only a couple of weeks ago.
His answer he thought it was a fishing link but wanted to make sure before he wasted IT's time....... DOH!
We had one like that a the company I worked for last year ... someone copied to all employees a phising email they'd recevied complete with the phising attachement and a comment that they'd "carefully" opened the attachement so that the security software could confirm that it contained malware and that anyone else receiving this email should delete it immediately. The resulted in a rather amusing email to everyone from IT dept explaining the idiocy of
1) opening something assumed to be malware just to check that it was
2) sending the same malware to everyone else with comment "if you get this don't open it"
and finally
3) not following company policy of contacting IT immediately if any such email was ever received
I'd venture a guess that in this case the displays were attached to Windows XP machines, which have been the weakest link in a majority of the recent spate of ransomware attacks. That would also explain why they could only recover the displays incrementally instead of all at once. Rebuild the PCs driving your most important displays first.
We really, desperately need to stop making systems where a browser-click compromises the system.
For a start, if all this stuff does is show flight info, why the hell is there even a browser installed?
Until we relearn least-privilege principles, where people don't get any button they don't need and programs don't get any access they don't absolutely require, we might as well just hand the hackers an open pass now.
> It IS scary to watch a plane coming in and VANISH, due to the curvature of the runway over the brow of the hill.
Try St Marys Scilly (EGHE) in a light plane ('cos at 600m for the longest runway you aren't going to land a big jet). You have to reach take-off speed while hurtling downhill towards a rocky seashore. It's, umm, stimulating.
Whitescreens again ? All these major and medium size airports (16 and Counting) have portable emergency wheeled 37" screens in security they could have used. (Bristol has only One) I laughed when I saw the pictures from Gatwick last month and it's happened again. Needless to say, I still have the master image secure just in case they manage to mangle the software.
Turns out that my old local airport isn’t the incompetent greed fest I always thought it was. In fact they are a perfectly competent greed fest. Chapeau to the IT dept for just pulling the plug and rebuilding the system. One would imagine that any potential hit from resultant delays was calculated to be less than the ransom, and that it was a simple case of purifying the servers, pulling out an old clean backup, plugging the hole (probably the time consuming part) and rebooting.
Given that Brizzle Airport is basically just one big departure lounge, it probably wasn’t too hard to make sure that the information was readily available to customers. In fact, one whiteboard by Starbucks would be visible to most of the passengers in said lounge. It’s not like it’s an old BAA rabbit warren like Gatwick or Glasgow.
I was travelling through there on Thursday and tweeted a dodgy looking screen to BrizzolAirport.
https://mobile.twitter.com/marykirkcom/status/1040289902334812160
The airport isn't that bad. Its the SINGLE TRACK road you have to use to get to it (avoiding the hellish car park that is Bristol).
---* Bill