COVID-19 vs. our Networks

• Previous message (by thread): COVID-19 vs. our Networks
• Next message (by thread): COVID-19 vs. our Networks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/17/2020 1:54 PM, Dan White wrote:
> On 03/17/20 14:38 -0400, Rich Kulawiec wrote:
>> On Tue, Mar 17, 2020 at 08:38:28AM -0700, Mike Bolitho wrote:
>>> Anybody who works in the healthcare vertical will tell you just how
>>> bad medical devices are to work with from an IT perspective.
>>
>> Medical devices are appallingly bad to work with from an IT perspective.
>>
>> They're designed and built to work in idealized environments that don't
>> exist, they make unduly optimistic assumptions, they completely fail to
>> account for hostile actors, and whenever possible they are gratuitously
>> incompatible to ensure vendor lock-in.
>>
>> That's the good news.   Here's the bad news: in about 2-3 weeks, when
>> our health care systems are stretched to the breaking point, there will
>> be a window of opportunity for adversaries to maximize the damage.
>
> On a slightly tangential topic, we had a dictionary attack against 
> customer
> voice accounts over night, presumably to implement toll fraud. We were in
> the middle of working out work-from-home plans and were quite distracted
> with other things. We managed to get on top of it quickly once someone
> noticed.
>
> Attackers taking advantage of this situation is a serious concern.
>
Dan, we're aware of another telco that ran into a similar fraud 
situation last week. They stood up some more restrictive ACLs to combat 
the fraud, but broke VoIP RTP in the process. 'Hit em while they're 
occupied' type of attacks I guess should be expected right now. As my 
grandmother would say: an ounce of prevention is worth a pound of cure.

• Previous message (by thread): COVID-19 vs. our Networks
• Next message (by thread): COVID-19 vs. our Networks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]