Attacks/Breaches

3/29/2018
11:30 AM
100%
0%

WannaCry Re-emerges at Boeing

Computers at the aerospace giant were hit by the WannaCry malware but systems are back to normal

WannaCry is still around and aerospace giant Boeing is the latest victim. In a flurry of activity on Wednesday, Boeing found itself infected, analyzed the infection, contained and cleaned the affected systems, and returned to normal operations.

According to an internal notice sent from Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, an infection at the company's North Charleston facility warranted an "all hands on deck" response to the problem. While there were initial concerns that the malware might have reached production process control computers, forensics showed that not to be the case.

In the final analysis, the company said that the infection was limited to a small number of systems and that production and delivery of airplanes and components was not affected. A Boeing representative issued a statement saying that the attack was limited to computers in the commercial airplanes division and that the military and services units were not affected.

In a statement to the press, Mounir Hahad, head of Juniper Threat Labs at Juniper Networks noted that WannaCry's infection mechanism can easily lie dormant and undetected on computers that have not been protected and patched. "Many systems may have been infected by WannaCry last year, but did not display any symptoms due to the presence of the 'kill switch' domain. But, as soon as an infected computer is rebooted in an environment where it does not have access to the Internet, it will resume the infection process."

In Boeing's case, their representative states that the WannaCry infection incident has ended with no significant damage to the company.

For more, read here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10869
PUBLISHED: 2018-07-19
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10870
PUBLISHED: 2018-07-19
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...