Back to news

September 14, 2018 | International, C4ISR

Really old computer viruses are still infecting new machines

By:

The biggest cyber threats governments and businesses face may not be the cutting edge hack from China, but a 10-year-old virus that infects a little-used computer.

Some of the most well-known viruses from the past decade are still infecting machines despite their well-documented nature, according to cyber research firms. Some viruses, such as WannaCry and Conficker, are still spreading, Sean Sullivan, a security adviser at F-Secure told Fifth Domain.

“It costs hackers nothing to keep using them,” Sullivan said.

These known vulnerabilities are still effective because older machines do not receive patches for updates, which can then infect an entire network. Hackers often bundle known hacks together because it increases their success rate with no downside, Sullivan said.

“Nothing is going to be 100 percent patched across organizations,” Sullivan, said. He described a network administrator's role as “triage.”

The 2017 WannaCry hack infected users in more than 150 countries and had an economic impact of anywhere from $4 billion to $8 billion. Although progress has been made to patch computers, WannaCry is still a top malware threat for customers, F-Stream said in a September report.

The Conficker hack targeted Windows systems and was first launched in 2008. It is reported to have cost as much as $9 billion in damage.

But much work remains. More than two-billion devices have not been patched to defend against BlueBorne, a Bluetooth vulnerability that allows an attacker to take over devices, according to the cyber protection company Armis. The devices are still vulnerable because they have not been updated or because an update does not exist, according to the company.

“Whether they're brought in by employees and contractors, or by guests using enterprise networks for temporary connectivity, these devices can expose enterprises to significant risks,” wrote Ben Seri, the vice president of research at Armis.

A previous version of this article said that two million devices have not been patched to defend against BlueBorne. It is two billion.

https://www.fifthdomain.com/industry/2018/09/13/really-old-computer-viruses-are-still-infecting-new-machines

On the same subject

  • The $25 million contract will provide a system that supports the military’s complex weather prediction workloads.

    August 9, 2019 | International, Aerospace

    The $25 million contract will provide a system that supports the military’s complex weather prediction workloads.

    By Brandi Vincent, Through a strategic partnership unveiled Wednesday, the U.S. Air Force and Oak Ridge National Lab will acquire a high-performance supercomputing system from Cray Inc. that aims to improve weather forecasting for Air Force and Army operations across the globe. Under the $25 million contract, the new system—called HPC11—will bring supercomputing-as-a-service to the Air Force's 557th Weather Wing, which creates and supplies comprehensive terrestrial and space weather information to the two military branches. “The system's performance will be a significant increase over the existing [high-performance computing] capability and will provide Air Force weather operators with the ability to run the next generation of high-resolution, global and regional models, and satisfy existing and emerging warfighter needs for environmental impacts to operations planning,” Steven Wert, an Air Force official and member of the senior executive service said in a statement. The system is expected to help the Air Force execute its mission more effectively by offering new features that support the military's complex weather prediction workloads. Official expect the system to improve forecasts and weather threat assessments that insiders rely on. Supercomputer manufacturer Cray also recently announced it's delivering the world's fastest supercomputer to the Energy Department by 2021, which it plans to outfit with a first-of-its-kind storage system that can hold more than an exabyte of data. “This is a great example of the upcoming Exascale Era bringing a new set of technologies to bear on challenging problems and empowering the Air Force to more effectively execute on its important mission,” Cray's President and CEO Peter Ungaro said. The system is expected to be delivered at the end of the year and accepted in early 2020. The company also announced Wednesday that the Defense Department selected it for two contracts—together valued at $46 million—to provide supercomputer systems to accelerate research and development at the Army Research Lab, and the Army Engineering and Research Development Center. https://www.nextgov.com/emerging-tech/2019/08/air-force-and-oak-ridge-get-supercomputer-better-weather-forecasts/159037/

  • It's time for Congress to bring back 'Defense Valley'

    September 28, 2022 | International, Other Defence

    It's time for Congress to bring back 'Defense Valley'

    Congress must ensure that our warfighters gain the most value possible from government and private sector technology development.

  • Missile Defense Agency to inject competition into homeland missile defense contract

    April 3, 2020 | International, Aerospace

    Missile Defense Agency to inject competition into homeland missile defense contract

    By: Jen Judson WASHINGTON — The U.S. Missile Defense Agency plans to hold a competition that could split up the work among contractors to modernize and sustain America's missile defense system, which is designed to destroy intercontinental ballistic missile threats. Boeing has held the development and sustainment contract for the Ground-based Midcourse Defense systems in place at Fort Greely, Alaska, and Vandenberg Air Force Base, California. Boeing's contract is set to expire in 2023. The GMD system is made up of more than 44 Ground-Based Interceptors buried in silos in the ground along with ground control stations, detection and fire control systems, and other support infrastructure. Boeing received a sole-source $6.6 billion award in 2018 to build a new silo and 20 more GBIs, as well as to sustain the system. But Vice Adm. Jon Hill, the MDA's director, told an audience in March at an Association of the U.S. Army event that “we know that contract is not giving us everything that we need for the future, so we are going to compete that contract downstream.” The agency is working to develop a Next-Generation Interceptor that would replace the current GBIs with more capable interceptors. Its plan to upgrade the GBI's exoatmospheric kill vehicle with a redesigned version was canceled in 2019 due to technical problems. Rather than rework that program, the agency decided to design an entirely new interceptor and stop building new GBIs. A request for proposals for the NGI is due imminently. But along with a new NGI, “we are going to make sure that ground systems, sensors and fire control, all the rest of the system, we have the opportunity to inject that competition because I think that is very important,” Hill said. The MDA previously considered splitting up the contract several times, believing that would reduce cost and create efficiency in the program, but nothing materialized toward that goal. This time, the MDA has released two requests for information with the possibility of splitting up the contract. The most recent RFI was posted on Beta.Sam.Gov in March. “I will tell you that our lead system integrator does a great job today and the partnerships with industry within that construct do a great job, but we think that it's so large and complex we should be doing everybody a favor by being able to split that up without losing the integration among all those pieces,” Hill said, “so our intent is to move in that direction.” The agency “is exploring different approaches for fulfilling the GMD Program Element requirements. Acquisition approaches under consideration range from an award of multiple contracts to execute segments/missions of the program scope to a single contract to execute the entirety of the program scope,” the RFI states. “Essential to all of the acquisition approaches under consideration is the establishment of an enduring arrangement strategy for the execution of the [Weapon Systems Integration (WSI)] functions across the program lifecycle, either under a single prime contract, or as one of the multiple contracts.” The RFI lays out a possible plan to split up the contract into five pieces. One contractor would provide the NGI, which is being addressed through a separate request for proposals. Another would be responsible for legacy and future ground systems, and another for sustaining the existing GBIs. And a company would operate the weapon system along with military operators and would run fleet maintenance scheduling and deconfliction, site operations, test support, and depot and parts management, the RFI lays out. Lastly, a contractor would serve as the weapon systems integrator, making it responsible for overall GMD integration “including physical and logical integration of the GMD components, GMD system and MDA enterprise level integration, planning and execution of all necessary testing to verify and validate overall requirements compliance,” the RFI states. Responses to the RFI are due April 10. https://www.defensenews.com/pentagon/2020/04/02/missile-defense-agency-to-inject-competition-into-homeland-missile-defense-contract/

All news