On This Episode…

We got another security thing to talk about today as Craig discusses the zero day attack at Health Sciences North and the shortage of cybersecurity workers.

Share This Episode

For Questions, Call or Text:



Below is a rush transcript of this segment, it might contain errors.

Airing date: 02/01/2019

SecurityThing – Zero Day Attacks – How To Protect

Craig Peterson 0:00

Hey guys. Good morning, Craig Peterson here, we got another security thing to talk about right now, as usual, right? They get bigger and bigger. And this Thursday and Friday podcast, kind of a series, if you will. I’m going to delve a little bit more into real world problems that people and businesses a face that we’re all facing things to do, how to detect it, how to clean it up, and that that’s really what it’s all about. And of course, we’re also starting our new series where we’re going to be going through using a little bit of webinar technology and kind of explaining things even more getting deeper into it.

Now, we talked yesterday a little bit about some ransomware attack that happened just a couple of weeks ago down in Salisbury, Maryland. And you know, that’s a pretty bad thing that happened to a police department and I see this sort of stuff all the time, my local police department has an IT guy that is you know, he’s seems to be a pretty reasonable guy. But the problem is you just doesn’t have enough experience. And I’ve seen again and again, just not handling the basic so I want to get into that right now on the opposite end of the spectrum.

Let’s talk about zero day attack. So we heard of these before you will see it sometimes in the news. Oftentimes it will mention a zero day attack because it’s a little bit techie. And that’s what we do here on Thursdays and Fridays, this is all about a major health care hospital and their downtime. This is a hospital up in Canada. This happened on January 18. So a couple of weeks ago now, we were talking about the Salisbury, Maryland. This is Sudbury Ontario. The company is called Health Sciences North and it was infected by a zero-day virus. They had to shut down its EHR to contain the infection. And this is all based on stuff we’re seeing from CBC Radio Canada.

So the staff discovered the hack on Thursday morning, prompting that system downtime to prevent the virus from spreading. See, this doesn’t say what his title is, Dominic Giroux, that he said that the virus came from another hospital in the region and there’s been no request for ransom. Now that does happen where there will be a kind of a ransomware attack but no ransom note. Oftentimes you get the ransom note come up on your screen and it’ll have a Bitcoin number it’ll have a code that used in order to generate the random encryption and it might even have a phone number of these places have some pretty good tech support that you can use in this case they’re saying that other this was a zero day attack, which means that hasn’t been seen in the wild before.

Now, I always kind of cringe when I hear that because so many times people use zero day attack as an excuse for having really failed and they failed because they didn’t have all the stuff in place that prevent zero day attacks. If you don’t allow malicious looking stuff into your network, you’re much less likely to have one of these hit you. So it hasn’t been seen in the wild. So none of the anti virus companies have seen it. But here’s the thing that’s anti virus and how many times have I said that antivirus just doesn’t work anymore. I’ve quoted John McAfee. I’ve quoted the the president of Symantec. It just does not work anymore. You have to have so much more than it has to be reactive. It has to be adaptive. You have to monitored thousands of endpoints simultaneously. And what I do is i’m using Cisco and some of their top people, and they’re monitoring a billion. And point four things that are happening to look a little bit weird. Now, in this case, all 24 hospitals in the region rely on HSM. And that’s a very, very big deal. They are an information technology platform for these hospitals one way or the other.

Now, in order to protect the hospitals, they did stuff they should have done in the first place. Officials have implemented this is from health, health IT, security officials have implemented other preventative measures, including shutting down some systems. He explained that out of its 24 hospitals, 21 are currently operating with the main Electronic Health Record system on down time. Now for a hospital. That’s a very big deal because EHR these electronic health records of course are the lifeblood of a hospital, the lifeblood of any doctor’s office and to have those things down is huge. It says further 12 hospitals have the cancer system on downtime while 10 have turned off medical imaging systems.

Now all of these hospitals are relying on this one system. It the virus entered from one of the other hospitals into the system, which means they obviously had some sort of a wider area network involved here. Maybe they were using VPN for but it was too flat. And we see this every time we go into a business. I don’t care what how big it is, we’ve had Fortune 100 companies we’ve gone into and their network was too flat. It wasn’t segmented enough to stop an event occurring at one of their clients to not be able to get it through. In other words, it happened at one of their clients, in this case, one of these hospitals, two dozen hospitals and that then spread to the provider of all of these medical record. That’s a very big deal.

So today, little lesson is make sure if you are connected to your customers or your vendors that you have the proper controls in place at your network edge because that would have stopped the the spread of this two years ago when we had that world destroying piece of malware that was crawling its way through the systems. One of our multinational client caught hit and every one of their locations had to get shut down every one of them except for the locations we were protecting. Because we did it properly again, HSM up in Sudbury, Ontario did not do it properly.

And it just goes to show this shortage of 3 million security workers isn’t I don’t think it’s how do I put this it’s important to know and it’s important to have more security workers but we are in a bit of a panic now. Because we can’t find the right security work. It’s not we, as in my company, not Mainstream, that’s in a panic because we have a very close control on who we will help because frankly, we can’t help everybody. If you’re not swimming towards us, we are not going to rescue from the times because it’s just not worth our time. I’ve been doing this for too many years, I’m not going to do that anymore.

So for the people that come to us, we try and make sure that we can have the right resources for them. And here’s your problem. Have you ever watched Gold Rush? Gold Rush is kind of a cool show and it’s on I think it’s Discovery Channel and it’s about these guys up in northern Canada for the most part who are mining for gold. And if you notice from season to season, the value of the  gold changes so they get an ounce one season is worth $1,000 and other seasons were 1200, 1300, then it’s worth $1,050 and it just keeps moving around. Why does it move around? Well, it’s supply and demand.

So here’s what’s happening right now with our IT security worker force in the US and around the world. Everybody’s hanging a shingle up, yeah, yeah, I’m a security guy, cuz I got this certificate from whatever it was. And yet security is so much more than completing the course, or getting a certificate from even from Cisco or anybody else. There are many, many aspects to security that people just don’t understand. And, and over the course of the next few weeks and months, I will be telling you some horror stories about some of our customers. But keep in mind that if you have just a worker who’s VPN in you have the same potential problem that EHR has in Sudbury, Ontario, and that my multinational unnamed client had as well they have a network connection to you.

Yes, you probably have a firewall but know that firewall just like these major corporations had firewalls, then firewalls not going to stop the malicious code unless everything’s done properly. And the next gen firewalls now that’s that’s another thing, right everybody? Oh, we got a next gen firewall Oh yeah. All that’s all well and good for you. But what does it mean what does it do? How does it integrate? How does it tie to get together with other firewalls even outside of the organization so that you know that your data is pretty darn safe it’s this is all kind of technical I got to admit it but hey it’s a security thing and if you’re listening you appreciate the security so keep your eye open make sure you get my email every week I’m putting together all kinds of great training this year and you can subscribe by going to http://CraigPeterson.com/Subscribe.

Hey Have a great weekend and I will be back of course tomorrow with my radio show as well and that’ll make it into a podcast. Take care. Bye bye.