Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

“Once, Superpower Summits Were About Nukes. Now, It’s Cyberweapons.” That headline from The New York Times really captures the moment. As President Joe Biden and Russian President Vladimir Putin headed to their summit meeting in Geneva, The New York Times reported “For the first time cyberweapons are being elevated to the top of the agenda. … The rising tempo and sophistication of recent attacks on American infrastructure—from gasoline pipelines running up the East Coast, to plants providing a quarter of America’s beef, to the operations of hospitals and the internet itself—has revealed a set of vulnerabilities no president can ignore.” Only time will tell if the U.S. message at the summit proves sufficiently strong to reign in cyberattacks linked to Russian government operations and its criminal group proxies. Cyberattacks are likely to remain a top issue for a long time to come.

Is Your Exercise Bike Spying on You? CNN reports that cybersecurity company McAfee has discovered a vulnerability that allows hackers to access some Peloton bike screens and potentially spy on riders using the bike’s microphone and camera. CNN notes: “However, the threat most likely affects only the $2,495 bike used in public spaces, such as in hotels or gyms, because the hacker needs to physically access the screen using a USB drive containing a malicious code.” According to McAfee’s Advanced Threat Research team, a hacker could spy on users via the bike’s camera and microphone, which are normally used for video chats with other users. McAfee reports the ability to remotely control the bike’s screen would also open the door for hackers to load screens that appeared to be for Netflix, Spotify, and other entertainment apps used by exercisers to capture log-on and payment information. CNN notes “This report marks the second security concern for Peloton in two months. In May, the fitness firm released a security update patching a leak that was revealing personal account information, such as a user’s age, city and weight.” The take-home lesson is that all connected devices are vulnerable to attack, and users should proactively seek out system updates, which are used to patch vulnerabilities. Meanwhile, a brisk walk is  said to be quite healthy.

“North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute.” That headline from The Hacker News is a reminder that North Korea remains a major threat within the realm of cybersecurity. According to the article, South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) disclosed that its internal network was infiltrated by suspected attackers operating out of North Korea. The attack appears to have been carried out by exploiting an unpatched vulnerability in an unnamed commercially available virtual private network. The Hacker News reports “It is not immediately clear what VPN vulnerability was exploited to breach the network. But it’s worth noting that unpatched VPN systems from Pulse Secure, SonicWall, Fortinet FortiOS, and Citrix have been subjected to attacks by multiple threat actors in recent years.” So, again, please make sure all your software is regularly updated—especially with security patches.

“Irish Healthcare System Struggles with Tech Disruptions After May Ransomware Attack.” The Wall Street Journal has published a follow up article on last month’s attack on the Irish Healthcare System, and the findings are discouraging. The story reads, “Ireland’s healthcare service is still slowly restoring its technology systems five weeks after suffering a ransomware attack, highlighting the painful process of bringing back online thousands of damaged computers.” The pain includes doctors and lab technicians using pen and paper for most of the past month, and corporate and administration staff hand-carrying lab reports to clinicians. The paper quoted Eilish Hardman, Chief Executive of Children’s Health Ireland, as saying, “It sent us back almost into the ’70s, being paper-based.” Paul Reid, Director General of the group, said: “It’s been a 35-day hell. It will continue to be a longer haul over the next few weeks, if not likely into months.” The disruptions caused by this and other ransomware attacks underscores the mission critical need for implementing a robust security policy combined with a multi-faceted backup strategy that includes measures to prevent the backup copies from being encrypted along with all the other network data in an attack.

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chiefs Association, and advises law enforcement agencies on cyber security. Pownall serves on several boards and committees and has a strong affiliation with various arts and education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.