Boeing Hit by WannaCry Virus but it Caused Little Damage

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,553
Yesterday Boeing was hit with the WannaCry virus (site detects ad blockers) and early reports said it could seriously hamper their ability to produce aircraft. However, the company has stated that little damage was done and they don't expect any production impact at this time. While it's good news that Boeing isn't severely damaged by this attack it's concerning to me that they were even hit by it in the first place. Boeing is a company with significant national security implications and they need to tighten their cybersecurity up.

“We’ve done a final assessment,” said Linda Mills, the head of communications for Boeing Commercial Airplanes. “The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”
 
I am guessing the reason it did "very little damage" is that one small part of the company got it. Giant companies like that have silos all over the place, so a group that probably "doesn't want IT to touch anything" probably got hit. Meanwhile the IT guys are smiling smugly somewhere.
 
Shmee said:
I am guessing the reason it did "very little damage" is that one small part of the company got it. Giant companies like that have silos all over the place, so a group that probably "doesn't want IT to touch anything" probably got hit. Meanwhile the IT guys are smiling smugly somewhere.
Click to expand...

Or they still have some systems running Windows XP or 2000/2003 due to legacy app issues.

I still have a couple old 2003 servers I support, and management is probably sick of me telling them that these 2 servers are a major security risk.
Until they finally retire an old custom app, I'm stuck supporting them.
I just hope I don't have to tell them "I told you so" some day.
 
Shmee said:
I am guessing the reason it did "very little damage" is that one small part of the company got it. Giant companies like that have silos all over the place, so a group that probably "doesn't want IT to touch anything" probably got hit. Meanwhile the IT guys are smiling smugly somewhere.
Click to expand...


Or a foreign site.

I went to their job search page and checked; For an example, currently Boeing has 25 open positions in China and many don't sound anything like Aircraft Flight Crew.
 
nutzo said:
Or they still have some systems running Windows XP or 2000/2003 due to legacy app issues.

I still have a couple old 2003 servers I support, and management is probably sick of me telling them that these 2 servers are a major security risk.
Until they finally retire an old custom app, I'm stuck supporting them.
I just hope I don't have to tell them "I told you so" some day.
Click to expand...


If you have a storage system like NetApp, then do yourself and your company a favor.

Put any data on the storage system, make sure you are running good snapshots that give you time, even over a weekend, to identify a problem and revert the snapshot, and then make sure your backups of the systems are good.

If you are running a virtualized environment, make VMs of your risky machines, essentially encapsulate them within more current systems and controls, and if possible, put them into their own isolated networks etc.

You probably already know and have done all of these things available to you. I know what it's like to work for a customer or company who just doesn't want to do what's good for them.

Lastly, do everything you can to make sure that management is willing to accept the risks and not make you a scapegoat. If you aren't comfortable with that part of it, it's time to be looking for a new home.
 
lcpiper said:
If you are running a virtualized environment, make VMs of your risky machines, essentially encapsulate them within more current systems and controls, and if possible, put them into their own isolated networks etc.
Click to expand...

I virtualized them a few years ago, and take multiple snapshots of them per day, so they are protected as much as possible.

Biggest problem is the old app. Btrieve and xbase databases with no support. I've had to fix corrupt files and recover data multiple times over the years.
Hopefully, after the next upgrade of our main system (that most department already use), the old apps functions will be rolled into it.
The people using it will have to use the new system, even if they don't like the new interface and they have to click the mouse button twice as many times. :confused:
 
nutzo said:
I virtualized them a few years ago, and take multiple snapshots of them per day, so they are protected as much as possible.

Biggest problem is the old app. Btrieve and xbase databases with no support. I've had to fix corrupt files and recover data multiple times over the years.
Hopefully, after the next upgrade of our main system (that most department already use), the old apps functions will be rolled into it.
The people using it will have to use the new system, even if they don't like the new interface and they have to click the mouse button twice as many times. :confused:
Click to expand...


Drag them kicking and screaming into this century ....... teach them about MACROs :ROFLMAO:
 
nutzo said:
Btrieve
Click to expand...
That's going back some indeed. I stopped using it in 2001. Last thing I did was write a program to convert an old DOS based program's data into a format a new windows program could use since it was pretty clear after talking to the vendor he never had any intention of using anything but btrieve (which was good in its time, but its time was ending). I guess Pervasive kept on going for awhile but true relational DBs were more interesting by then anyway.

I spent a fair amount of my time talking people out of buying specialized turnkey systems if there was more main stream stuff available and this is exactly why, they become orphaned far to easily and you end up with a maintenance monster or become a wannacry victim etc.
 
This was on local news this morning. Crash took on an old meaning again.
 
LazN said:
The patch for WannaCry is only is only a year old, I mean you can't expect people to patch their computers every year can you?
Click to expand...

Yeah, and to think, my staff think it a inconvenience, when I interrupt 20 minutes of their day to manually make sure Windows hasn't dropped the ball when I read a major security event here or elsewhere long before the general public ever knows. Thankfully, my boss gets it.
 
WhoMe said:
That's going back some indeed. I stopped using it in 2001. Last thing I did was write a program to convert an old DOS based program's data into a format a new windows program could use since it was pretty clear after talking to the vendor he never had any intention of using anything but btrieve (which was good in its time, but its time was ending). I guess Pervasive kept on going for awhile but true relational DBs were more interesting by then anyway.

I spent a fair amount of my time talking people out of buying specialized turnkey systems if there was more main stream stuff available and this is exactly why, they become orphaned far to easily and you end up with a maintenance monster or become a wannacry victim etc.
Click to expand...

All the newer stuff is SQL based. Makes it much easier to get to the data to cross integrate the apps.
Also much more secure, more reliable, and easier to backup (with the right software)
 
You must log in or register to reply here.
Back
Top