A computer virus infection affecting the New Zealand Ambulance service last week forced dispatchers to resort to manual backup systems, according to local media reports. Unnamed malware left the communications network supporting the St John Ambulance service hobbled. Mobile data and paging services were worst affected by the …
Nice to be watched over so carefully
"Back-up systems immediately took over when it was detected and the workload was managed manually."
Huh? Did he mean "back-up procedures"? Or the 'system' was knackered but they had a whole 'nother independent unaffected system to pick up the work?
Reporters... managers... spokespeople... One always wonders whether the fantasy is made up on the spot or has been imagined all along, and who is supposed to believe it outside the organization.
The mobile network - a telephone system - was used as a back-up.
Therefore, it was a back-up system
And the infection source is....
Well would anyone like to guess?
PC with open data port?
Direct connection to the internet?
Email attachment with execution enabled on documents with administrator privileges?
...let's just say your first guess is along the right lines.... *coughcoughcough*
(how else do people charge up their ipods? seriously?)
... thought that using Windows with all its vulnerabilities in a medical scenario when lives could be at risk was a good idea?
I mean seriously, how completely and utterly thick are the people who make these decisions?
I'm not going to comment about the St John communications and technology policies...
Anonymous for good reason.
I keep thinking that someone will use some really tricky vector
Cunningly opening a window into a nearly impregnable systems with some ingenious Mission Impossible style subversion induction tap on the network cabling or something equally exotic.
But I guess the infected MP3 player/phone/camera was always the odds on bet.
Where's the creativity gone?
What a mess.
The simple fact is that even an up to date AV just doesn't catch this stuff quick enough now. White-listing is the only defense if Windows must be used.
Running as admin, outdated Java, PDF, Flash the usual I expect. Patching often difficult or dare I say ignored in a work environment add to the that poorly developed apps and hard-coded older versions (especially Java)
In fact the more I see of this malware, even running as user doesn't help much it still silently installs and runs the malware (via Java/PDF/Flash etc exploits) and is written to take advantage of the ability of Windows security to write to a user's profile and more importantly the user's half of the registry.
It does limit the ability for it to get too deeply entrenched though and a profile deletion often cleans things up while running as administrator requires a wipe and reinstall to be on the safe side.
"Anti-virus software protected the systems but..."
No. It didn't. Otherwise there would be no "but".
Replace with: "We tried to protect our systems, but we have no clue about all this security stuff."