All is relatively well
here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, we occasionally
have the storm roll through the area. There may be high winds, hail, and the
power may occasionally go out. We have become so used to these harsh winters of
the north, not much really bothers us anymore.
Just in case a large storm
would come through, the council had an early warning device set up. We have
never used it for an event yet. The police chief every three months on the
first Tuesday tests the noisemakers (these are so loud) and the text service.
Margie’s cats lose their minds during these two minutes of wonderment. Jerry’s
dogs howl like it is the full moon. That’s about the only exercise they get
these days though.
The Meadow’s system is basic, nothing
like the warning network in Australia. The early warning system had a little
issue earlier this year. Like numerous areas throughout the globe, there is the
opportunity for a serious storm to affect an area. This could be manifested with
heavy rains or snow, flooding, hail, tornado, or any other significant storm.
So that the local residents are aware of the circumstances, an early warning
system generally is put in place. These measures may not give hours of notice,
however, some notice is better than none. The system may be audible based with
the exceptionally loud horns. These may also send emails or texts to the
residents to let them know of the issue. Both may be implemented also, in an
attempt to reach everyone possible.
Australia has this service in place.
This is offered by the Australian company Aeeris. In Queensland, the municipality
uses an SMS system. This sends the emergency messages to those who have signed
up for it. These messages may be oriented with extreme weather, fires,
evacuations, information, and incident responders. The local citizens depend on
this when there are significant weather issues.
Unfortunately, the warning system in Queensland,
Australia was attacked. The attack vector involved the unauthorized parties
using credentials secured through illicit means. They are not sure of the
method used to steal the affected credentials. The attackers accessed without authorization
the Queensland EWN (Early Warning Network) on 1/5/2019. The attackers on the
successfully compromised system were able to send spam alerts to the service
subscribers. These were sent with SMS, landlines, and email. The fake SMS
message was moderately short with “EWN has been hacked. Your personal data is
not safe.” The alerts also provided instructions on how to unsubscribe to the
service. With this attack, it does not appear to be malicious, as the attack apparently
did not access or exfiltrate any personal data.
The successful compromise was initially
detected by the staff. They noted the unauthorized alerts rather quickly, which
I would have hoped was the case. To immediately resolve the issue, the staff
did turn off the system. This served to cease any potential further spam
messages. This was done soon enough to limit the scope and exposure of the
attack. They are also investigating the attack with the police and the
Australian Cyber Security Centre.
This unfortunate attack further illustrates
the need for a strong perimeter defense and staff training for attacks. Clearly,
the tools and methods used to attack the system have not been identified. A
strong defensive posture would include these measures. When these areas,
and others, are ignored, certain mayhem follows.
Thanks for visiting
Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always
using the latest version.
Resources
Abrams, L. (2019, January 7). Hacker uses Australian early
warning network to send spam alerts. Retrieved from https://www.bleepingcomputer.com/news/security/hacker-uses-australian-early-warning-network-to-send-spam-alerts/
Crozier, R. (2019, January 7). Hack spam sent via Australian
hazard alert service. Retrieved from https://www.itnews.com.au/news/hack-spam-sent-via-australian-hazard-alert-service-517552
Cyware. (2019, January 7). Cybercriminals hacked WEN’s
systems and sent spam alerts to thousands of people across Australia. Retrieved
from https://cyware.com/news/cybercriminals-hacked-wens-systems-and-sent-spam-alerts-to-thougsands-of-people-acrss-australia-0aae601e
McLean, A. (2019, January 7). Emergency warning network
confirms breach. Retrieved from https://www.zdnet.com/article/emergency-warning-network-confirms-breach/
Wiggins, N., Hendry, M., McCoskor, A., et al. (2019, January
7). Emergency text and email service hacked, thousands receive warning message
about their personal data. Retrieved from https://www.abc.net.au/news/2019-01-07/emergency-text-service-hacked-warning-about-personal-data-sent/10688748
No comments:
Post a Comment