Below: The UK Postal Service faces chaos, The Guardian says the cyber attack that hit UK newspapers is ransomware. beginning:
FAA outage shows risk of rushing to conclusions on cyberattacks
Every time there is a major technical outage, such as the Federal Aviation Administration’s system disruption Tuesday night that delayed thousands of flights, speculation quickly erupts blaming it for a possible cyberattack.
Cyber experts answer every time.
Sincerely, Secretary of Transportation Pete Buttigieg He said there was no evidence that hacking was the cause, but authorities could not rule out such a possibility.
Some of the aforementioned cyber pundits at least sympathize with people’s natural tendency to speculate about everything. And ultimately, whatever the FAA’s case is, technology outages like the FAA’s experience (which led to widespread flight cancellations and delays) show potential havoc in the event of a successful cyberattack. There is a possibility that
But for the most part, the opinion of cyber observers is that jumping to conclusions is not a good idea, especially in public.
“If you keep crying wolves, you’ll lose the ability to educate them and solve real problems.” Bryson BoltThe founder of cybersecurity firm Scythe told me. “We live in the most glass-enclosed house in the world, dependent on information systems.”
Overall, he said speculation was more muted this time around than other technical outages. Jeffrey TroyPresident of the Aviation Intelligence Sharing and Analysis Center, an organization dedicated to sharing threat intelligence within the aviation industry.
“You don’t see a lot of calls and panics about a massive ransomware event or the FAA going out of business,” Troy told me. “People are getting back into the aviation business.”
- It can even be a plus for people thinking about the various potential causes of outages. “If there are people out there with different mindsets, you will be as open minded as possible when you go to find the root cause,” he said.
According to the FAA, a preliminary investigation pointed to a corrupted database file as the culprit. But an investigation is ongoing, reports my colleagues Ian Duncan, Michael Rallis, Catherine Shaver and Lori Aratani.
(Canada suffered a similar outage on Wednesday, but it did not result in flight delays.)
Of course, the available evidence did not stop speculation. An increasing number of people assume that cyberattacks are the cause of certain outages, Sean HenryCrowdStrike’s chief security officer told me.
“Over time, these days, we’ve seen people do that by default,” Henry said. “But there were more attacks, so they made it the default. There is an increased awareness of the enemy’s capabilities.”
- He said it would be wise for victims not to disclose the cause of the outage until they know for sure. “There will be glitches, software updates, hardware malfunctions, crashes, problems where someone is coding something wrong,” he said.
- That said, “if the media or the public is speculating, it will do no harm other than unnecessarily upsetting people and making people’s lives uneasy,” he said. That’s what happens with people and media.”
It has been argued that in some cases, non-cyberattack incidents can be more damaging Dmitri AlperovicChair of the Silverado Policy Accelerator, Twitter:
FAA NOTAM outages can occur for a variety of reasons. However, as many speculate about cyberattacks, I would like to point out that the most devastating computer incidents in history were caused by improper updates, not malicious acts… https:/ /t.co/OXaw7plG87
— Dmitri Alperovitch (@DAlperovitch) January 11, 2023
The cyber industry tends to respond to speculation about cyber incidents with memes centered around the domain name system. Given how fundamental it is to his routing of the Internet, Bolt said, problems with it are often the actual cause of problems.it’s here Brett Callowa threat analyst at cybersecurity firm Emsisoft:
None of this undermines the debate about what safeguards the United States and other countries are taking — May contain more regulations — Policy makers need to protect critical infrastructure sectors such as transportation.
Even if a cyberattack wasn’t the cause of the FAA outage, the outage could actually impact these discussions.Former NATO Allied Commander-in-Chief James StavridisVice Chairman of The Carlyle Group, an investment firm:
and this is John Hartquistis VP of Intelligence Analytics at Mandiant Threat Intelligence, owned by Google, and sees the big picture.
I doubt there’s a sinister cyber plot underlying this FAA, but if you’re looking from a cybersecurity angle, this is it. Failure.
— John Hultquist🌻 (@JohnHultquist) January 11, 2023
The federal government has carefully examined cybersecurity threats to aviation. The Transportation Security Administration makes regulations for the aviation sector. The White House is also briefing industry representatives on the threat.
The latest high-profile cyberattack observed in this sector occurred in October, When a group in Russia took several airport websites offline and launched a distributed denial of service attack that flooded the site with bogus traffic.
However, what is needed now in response to the FAA’s technology outage may simply be improved technology.
“Americans deserve a seamless, safe, end-to-end travel experience,” he said. Jeff Freeman, President of the American Travel Association, a trade association representing the travel industry. “We are calling on federal policymakers to modernize critical air travel infrastructure and ensure the system can meet demand safely and efficiently.”
‘Cyber Incident’ Disrupts UK Postal Service
Royal Mail said it was unable to send mail internationally as a result of the incident. BBCReported by Tom Espinner of Email his service calls this a “cyber incident” rather than a “cyber attack” and we don’t know what’s behind the incident.
“Affected back office systems are used by Royal Mail to prepare mail for international shipments and to track and trace overseas items,” Epiner wrote. “It is in use at six sites, including Royal Mail’s massive Heathrow distribution center in Slough, which was affected by the incident. It is unclear how long the disruption will last, and mail already destined for export will be delayed. There is a possibility.”
The National Cyber Security Center and the National Crime Agency are trying to figure out what happened, and regulators have been notified of the incident.
Cyber attack on Guardian was ransomware, newspaper says
A British newspaper said the hack probably happened after someone clicked on a phishing email. GuardianReported by Dan Milmo of Company executives believe this is a “criminal ransomware attack and not specifically targeted to The Guardian as a media organization,” Milmo reports. Found on May 20th.
Hackers obtained personal data of UK employees.But an executive said, “So far, we have seen no evidence that the data was published online, and we continue to monitor this very closely.” — CEO of Guardian Media Group Anna Bateson and editor-in-chief of The Guardian Catherine Viner.
The company said it had no reason to believe that US or Australian subscriber data or staff data was accessed.
Twitter says there is ‘no proof’ that user data sold online came from hacks
Blockbuster New York Times article accidentally leaked phone number of Russian soldier criticizing war (Motherboard)
Ontario Liquor Control Board investigates after ‘cybersecurity incident’ destroys website and mobile app (CBC News)
- General Paul NakasoneThe head of the National Security Agency and the U.S. Cyber Command will speak at a public forum on government surveillance agencies on Thursday. April Doss When Christopher Fonzontop attorneys from the National Security Agency and the Office of the Director of National Intelligence will also speak at an event hosted by the Privacy and Civil Liberties Oversight Board.
- Cybersecurity professionals meet with cybersecurity staff on Thursday as part of Hackers on the Hill.
thank you for reading. see you tomorrow.