The ransomware attack that took flight information screens offline at the Bristol Airport in the U.K. two weeks ago demonstrates the ongoing threat that can disrupt businesses, transportation hubs and other facilities.
Beginning Friday morning, the flight information screens stopped displaying flight information and advised travelers that engineers were working to resolve the issue as soon as possible, according to CSO, a website for enterprise security decision-makers. Whiteboards posted arrival and departure information, and loudspeakers broadcast announcements. Extra staff was on hand to inform passengers about flights.
Around 4:30 a.m. Sunday, the airport tweeted a photo of digital screens that were back online in key locations.
Officials blamed a ransomware attack in which hackers demanded payment in exchange for restoring flight information. Airport spokesman James Gore did not say what ransomware variant the attackers used, but said that the attack targeted the airport’s administrative systems, making it necessary to take the flight data offline. The airport did not pay the ransom.
Attack demonstrates ongoing vulnerability
“The attack demonstrates the vulnerability of unpatched or unmonitored but networked computers,” A.N. Ananth, CEO of EventTracker, a Netsurion company that provides security information and event management solutions, told Kiosk Marketplace following the attack.
“A very large number of such machines have been deployed worldwide for fixed-function kiosk-type use. They are unattended and rarely updated, causing them to be vulnerable. We can’t say the Bristol systems in question were unpatched — only they know — but we can more safely say they were unmonitored or not monitored enough,” he said.
An effective defense for fixed-function systems is a central whitelisting approach, Ananth said. Once an endpoint is ready to enter operation, a “baseline” is established by taking a detailed snapshot of its files, folder and registry entries.
All processes that are part of this baseline are allowed to execute. When a process that is not part of this baseline attempts to run, the endpoint sensor detects it and either reports it (if in audit mode) or terminates it (if in block mode).
“While this mode is suitable for enterprise desktops which change frequently and may have multiple functions, it’s inherently expensive to maintain in fixed-function endpoints like kiosks,” he said.
Whitelisting can take the place of antivirus and reduce the demand for constant patching, Ananth said. Whitelisting also requires fewer resources to maintain and update.
Ransomware attacks continue
Bristol Airport was not the first airport this year to suffer a ransomware attack. In March, the Hartsfield-Jackson Atlanta International Airport shut off its internal Wi-Fi network as a security precaution when the city’s computers suffered outages on various internal and customer-facing applications. These included bill payment functions and court-related information, according to a public statement the city released.
The attacker demanded $6,800 per unit, or $51,000 to unlock the entire system, to be paid in bitcoin, according to a screenshot a city employee sent to 11Alive.
Atlanta Mayor Keisha Lance Bottoms said that anyone who had done business with the city was potentially at risk, and advised businesses and consumers to check their bank accounts. Fortunately, public safety, water and airport operations departments were not affected.
Other cities subjected to similar attacks recently include Englewood, Colorado; Leeds, Alabama; Farmington City, New Mexico; Spring Hill, Tennessee; and Allentown, Pennsylvania, Ananth said.
“We’re seeing municipalities increasingly targeted by ransomware attacks,” Ananth said. “The Atlanta incident just happens to be a larger target, but not unique in nature. What these municipalities need is effective monitoring of their network and endpoints along with the ability to lock down critical systems.”
Ransomware variants arise
Meanwhile, a new ransomware variant called Petya has threatened poorly protected networked digital screens lately, Ananth said. Victims have included shipping, banking, energy, transportation and health care companies. A whitelisting approach can protect against this ransomware.
Rather than targeting a single organization, Petya takes a broad-brush approach, targeting any device it can find that its worm can exploit.
According to Kaspersky Labs, a cybersecurity consultancy, kiosks are easy to hack if users can exit “kiosk” mode and gain access to the main operating system. The process of exiting kiosk mode can be as easy as right-clicking to exit full screen or clicking on external links, the company wrote in a recent report.
Ransomware will likely become a bigger problem for businesses and organizations that fail to take necessary precautions.
Posted with permission from www.KioskMarketplace.com
Photo Credit: iStockPhoto.com
- Connected parking kiosks helping build ‘smart cities’ infrastructure - November 7, 2018
- What is driving kiosk hardware providers’ push into software? - October 30, 2018
- Carvana aims to disrupt the car-buying experience - October 24, 2018
- Kiosk report: Hardware players adding software offerings - October 11, 2018
- UK airport ransomware attack shows need for better digital security - October 3, 2018
- How the blockchain can benefit kiosks - September 18, 2018
- Chicago set to quadruple municipal self-pay kiosks - August 29, 2018
- 6 key takeaways from CONNECT: The Mobile CX Summit 2018 - August 23, 2018
- Digital signage upping transit CX, but must address security, privacy - August 23, 2018
- NEC nails it: Collaboration is key - August 16, 2018