Sign in / up

back to article US hospitals hacked with ancient exploits

Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads. The attacks were foiled using deceptive honeypot-style frameworks, according to California-based TrapX. Hospitals …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Baldy50

    IoT

    One more reason not to do IT.

    2 2 Reply
  2. g00se
    WTF?

    Surprised?

    I must be missing something obvious, since i can't see why you'd use a toy sieve of an OS for mission-critical work in the first place ..?

    3 2 Reply
    1. Allan George Dyer
      Reply Icon

      Re: Surprised?

      But Windows XP was sold as, "the most secure version of Windows - ever". Or was that Windows 2000?

      2 0 Reply
      1. Fungus Bob
        Reply Icon

        Re: Surprised?

        Vista

        0 0 Reply
  3. Allan George Dyer
    Joke

    Ancient Exploits?

    Don't tell me, the hospital porters wheeled in the wooden horse they found in the ambulance bay...

    9 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Ancient Exploits?

      You mean the X-ray machines?

      Seriously, would not be surprised if infections rode in on imaging software updates. I have seen some shit. Medical software companies are complacent... ancient proprietary software that barely works on XP, but hospitals keep paying for it... pretty nice racket.

      2 0 Reply
  4. wyatt

    Look at my brand new, state of the art stable door! Unfortunately we haven't got anyone to check if it is open, closed or someone has attempted to bypass it.

    1 0 Reply
    1. Trigonoceps occipitalis
      Reply Icon

      Ah, Schrödinger's stable door.

      1 0 Reply
  5. allthecoolshortnamesweretaken

    Well, so much for 'security by obscurity'.

    1 0 Reply
  6. kbannan

    It is only going to get worse until people start being more proactive and realizing all the actual threats that are out there. From a white paper:

    "Embedded devices such as industrial computers, POS (point of sale) machines, ATM

    (automatic teller machines), physical security alarm systems, building automation

    controllers, environmental controllers for heating and air conditioning (HVAC) systems,

    and printers are often overlooked when it comes to cyber security. These devices do not

    operate on a common mature operating system like Microsoft Windows, and each

    manufacturer tends to use their own set of security features within these devices, if any

    are applied at all. Most IT and Security departments focus most of their time and

    resources in maintaining security levels for the corporate network devices and

    computers, and solutions to protect embedded devices such as printers and industrial

    HVAC controllers are a low priority, if not a nuisance."

    Food for thought!

    Karen Bannan for IDG and HP

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like