Hacker warning: Hillsborough-like disaster looms as cyber attack could lock stadium exits | UK | News | #cybersecurity | #cyberattack

Daniel dos Santos told express.co.uk vulnerabilities found in many everyday venues including hospitals, schools, airports and stadiums could be remotely exploited to funnel people into certain areas causing “chaos”. Daniel dos Santos is the Head of Security Research at the cybersecurity firm Forescout.

The company found nearly 5,000 devices that could be vulnerable including building automation controls – some of which automatically control things like locks on exits in public spaces.

Mr Santos said: “If it’s an access control system in, for instance, a stadium or school you could lock people inside or drive everyone to some exit, things like that.”

When asked if hackers could create a crush situation similar to the Hillsborough disaster, Mr Santos said it was possible.

He said: “Yes, if a set of vulnerable building automation controllers are connected to access control systems at a stadium, they could be used to lock or unlock certain areas for entry or exit of people.

“An attacker could obtain the credentials of these devices being transmitted insecurely on the network and use these to gain control of the device, thus being able to lock or unlock areas at their will, potentially creating a situation where people are funnelled into a certain desired area and creating chaos.”

Mr Santos noted that fixing the vulnerable technology was “complicated” and some of the more outdated technology might have to be replaced.

He noted, however, the devices should not be connected to the internet – although many of them are.

He said: “I don’t see any reason why any of those devices should be directly connected to the internet, they should be in a local network.”

READ MORE:Horror as British couple thrown off Air Canada flight for NO REASON

Mr Santos added that at the moment, these complicated attacks would likely be carried out by state-sponsored hackers but hacktivist groups, which are loosely organised non-state sponsored hackers, may be trying to break into these damaging styles of cyber attacks.

He said: “Something like this would require more sophistication. So again, for groups that are more state sponsored – they are definitely looking into this.

“The next step would be cyber criminal groups or activists looking at this type [of attack], I don’t think that it’s never gonna happen…maybe it’s not even that far away. But it’s still a bit far away as long as the denial of service attacks and so on continue to pay off.”

Denial of service (DDos) attacks see large groups of devices co-opted by hackers to attack a target simultaneously with the goal of shutting it down.

Drivers told to use secret button to reduce fuel consumption [INSIGHT]
Elton John ‘booed by crowd’ at farewell tour after Newcastle quip [REPORT]
Ukraine: Zelensky hits jackpot with new fighter jet deal [LIVE]

There has been a surge in the amount of DDoS attacks from loosely organised hacktivist groups, on both sides, since the outbreak of the war in Ukraine.

Attacks on “operational technology”, like those discussed above, are typically considered to be much more devastating.

The report by Forescout details vulnerabilities in nearly 5,000 such devices. The most affected industry is manufacturing, followed by vulnerabilities in healthcare and governments.

A statement from Forescout reads: “These devices are currently in use in the industry right now – it’s not academic, it’s real. The door entry systems, plant machinery – these are all vulnerable.”

Original Source link

Leave a Reply

Your email address will not be published.

52 − forty five =