Weekly podcast: Ransomware, Android vulnerability, nuclear submarines and mobile toasters

In this week’s podcast, we examine more hospital ransomware attacks, a new Android vulnerability, Trident’s cyber security, and a new strain of malware that’s making household appliances move.

Listen to the podcast below, or watch the video version here.

Hello and welcome to the IT Governance podcast for Friday, 1st April. Here are this week’s stories…

We start once again with ransomware attacks, which are still on the up and up, especially in the US healthcare sector. This week, another hospital network in America has fallen victim to a ransomware attack and two new strains of ransomware have been discovered, one of which targets healthcare networks in particular.

On Monday, MedStar Health – the operator of ten hospitals and 250 outpatient clinics in Maryland and Washington, DC – announced on Facebook that its “IT system was affected by a virus that prevents certain users from logging-in” and that it was forced to move “to back-up systems [and] paper transactions where necessary.” According to the Washington Post, MedStar received a ransom demand for 45 bitcoins – about US$19,000.

Coincidentally, Cisco Talos announced last week that it is “currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant”, which spreads via compromised servers – particularly in the healthcare industry. Reuters reports that the FBI has appealed for help investigating the new ransomware.

Trend Micro, meanwhile, reports that another new strain of ransomware, Petya, is encrypting hard drives rather than files. Petya is spread via phishing emails that purport to link to job applicants’ CVs stored on Dropbox. Dropbox has removed the offending file, but that’s not to say it won’t reappear elsewhere in some form. Petya’s current ransom price is 0.99 Bitcoins – about US$400.

According to Cheetah Mobile Security research Lab, a vulnerability affecting Android users of the call management app Truecaller could have allowed anyone to gain access to their personal information and change their security settings. Truecaller used Android devices’ International Mobile Station Equipment Identity or IMEI – a code unique to each device – to identify its users. This meant that anyone who had a device’s IMEI could access users’ personal information without their consent. A fix has now been issued. Users will be prompted to update to the latest version of Truecaller automatically, or can upgrade via the Google Play Store.

The US Navy has announced that the software behind the US and UK Trident nuclear deterrent will be upgraded to better protect it from cyber attacks. BAE Systems will be awarded the contract. US Navy spokesman John Daniels told Bloomberg: “Now that cyber has become even more important in our national security, there will be even more requirements. In our modern era, cybersecurity threats are a legitimate concern.” According to the Daily Telegraph, a Ministry of Defence spokesman commented: “The deterrent remains safe and secure. We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the security of the whole deterrent programme and its operational effectiveness, including against threats from cyber.”

The UK has budgeted £1.9 billion for military cyber security spending over the next five years.


And finally… as the Internet of Things continues to increase in popularity, a new strain of malware has been found to affect certain household appliances, in some cases rendering them capable of independent movement. Said a startled Mrs Betty Pench: “I was just heating a crumpet on Tuesday teatime when my two-slice smart toaster suddenly leapt into the air and started hovering in front of me. Before I could catch it, it zoomed over my head, dropped to the floor and scuttled out of the cat flap. My son Gordon, who works in IT, told me that my router had probably contracted a virus and spread it to all of my devices…”

No, that’s obvious nonsense. April Fool.

That’s it for this week. Until next time, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.

And remember: toasters can’t fly. Yet.