What is the difference between a Penetration Test and a vulnerability scan?

Ransomware for Medical devices – what happens then?

One of the biggest problems with our bright new shiny digital world is everything we do or use today has some level of digital components.
We know that everyday computers, smart devices, mobile devices and gaming platforms, are digital in nature.
We forget that Fitbits, Internet of Things devices and medical devices also have some level of digital incorporated into them.
So what happens to these devices if they become infected with malware, even worse if that malware is a ransomware.
If I had a pacemaker installed in my body and the medical staff lost control of it (that is what malware and Ransomware does, removes their control and gives it to someone else) I think that I would get a little panicky.

Definitely a WTF moment.

Most medical devices are either WiFi or blue tooth enabled.   That makes them relatively easy to break into.
Researchers have been looking at compromising medical devices and in 2015 there were 25 known vulnerabilities in some of the most popular devices.   What about the unknown ones, how many of them were there?
We all saw what happened with IOT devices when Mirai was released on the internet late 2016.   It compromised a certain level of device that had a hard coded username and password in the system.
We also saw what happens when the wannacry ransomware hit and the fall out from that in May 2017.

Now imagine a wannacry variant that targets your pacemaker.   “Give us $1000 or we stuff around with your heart!”  That would certainly make your life pretty interesting.
What’s to stop it happening?   Whats to stop it happening right now?
I keep coming back to people taking responsibility for the code they write.   I think we need to have a serious look at our new and shiny world and do something about it.  Before it is too late and people start dying!

We need to think things through.

Think like the bad guys.
Oh, and before you say “why would they target my pacemaker?” In most cases it is because they can.
Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI
He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

Posted in Uncategorized and tagged , , , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *