Re: COVID-19 vs. our Networks

[Dan White <dwhite () olp net>]

On 03/17/20 14:38 -0400, Rich Kulawiec wrote:
> On Tue, Mar 17, 2020 at 08:38:28AM -0700, Mike Bolitho wrote:
> > Anybody who works in the healthcare vertical will tell you just how
> > bad medical devices are to work with from an IT perspective.
>
> Medical devices are appallingly bad to work with from an IT perspective.
>
> They're designed and built to work in idealized environments that don't
> exist, they make unduly optimistic assumptions, they completely fail to
> account for hostile actors, and whenever possible they are gratuitously
> incompatible to ensure vendor lock-in.
>
> That's the good news.   Here's the bad news: in about 2-3 weeks, when
> our health care systems are stretched to the breaking point, there will
> be a window of opportunity for adversaries to maximize the damage.

On a slightly tangential topic, we had a dictionary attack against customer
voice accounts over night, presumably to implement toll fraud. We were in
the middle of working out work-from-home plans and were quite distracted
with other things. We managed to get on top of it quickly once someone
noticed.

Attackers taking advantage of this situation is a serious concern.

--
Dan White
Network Admin Lead