Attacks/Breaches

3/29/2018
11:30 AM
100%
0%

WannaCry Re-emerges at Boeing

Computers at the aerospace giant were hit by the WannaCry malware but systems are back to normal

WannaCry is still around and aerospace giant Boeing is the latest victim. In a flurry of activity on Wednesday, Boeing found itself infected, analyzed the infection, contained and cleaned the affected systems, and returned to normal operations.

According to an internal notice sent from Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, an infection at the company's North Charleston facility warranted an "all hands on deck" response to the problem. While there were initial concerns that the malware might have reached production process control computers, forensics showed that not to be the case.

In the final analysis, the company said that the infection was limited to a small number of systems and that production and delivery of airplanes and components was not affected. A Boeing representative issued a statement saying that the attack was limited to computers in the commercial airplanes division and that the military and services units were not affected.

In a statement to the press, Mounir Hahad, head of Juniper Threat Labs at Juniper Networks noted that WannaCry's infection mechanism can easily lie dormant and undetected on computers that have not been protected and patched. "Many systems may have been infected by WannaCry last year, but did not display any symptoms due to the presence of the 'kill switch' domain. But, as soon as an infected computer is rebooted in an environment where it does not have access to the Internet, it will resume the infection process."

In Boeing's case, their representative states that the WannaCry infection incident has ended with no significant damage to the company.

For more, read here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20165
PUBLISHED: 2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVE-2019-1716
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...
CVE-2019-1763
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...
CVE-2019-1764
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the ...
CVE-2019-1765
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permis...