Our latest cyber security round up examines news that vulnerabilities in patient monitoring devices could be used to manipulate patients’ vitals signs, and concerns of a looming cyber-attack on ATMs around the world.

Hackers could falsify flatlines, research shows

McAfee has identified a means by which hackers could falsify patients’ vitals signs by manipulating data on hospital networks.

Research from the security software firm demonstrates how hackers could exploit unencrypted communications protocols between patient monitoring systems and hospitals’ central monitoring station.

Using equipment purchased on eBay, McAfee researchers were able to modify the vitals sign data in real time and provide false information to make it look like a patient was flatlining.

Commenting on the research, Garrett Sipple, managing consultant at Synopsys, said: “This is another example of recognising the importance of security as it plays a role in maintaining the safety and effectiveness of medical devices.

“Medical devices often move through long product development cycles that can make them slow to react to new cyber security threats, especially if cyber security wasn’t even a key consideration in the development process.”

Currys PC World says 10m records hacked

An investigation into a major cyber-attack on electronics retailer Currys PC World has found that some 10 million customers records may have been breached.

In June, parent company Dixons Carphone identified an attempt to breach approximately 5.9 million credit card numbers.

The company subsequently launched an investigation.

In an email to customers on 13 August, Currys PC World said: “On June 13, we began to contact a number of our customers as a precaution after we found that some of our security systems had been accessed in the past using sophisticated malware.

“Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. This unauthorised access to data may include personal information such as name, address, phone number, date of birth and email address.”

While the retailer found evidence that data may have left its systems, it claimed this did not contain payment card or bank account details.

Currys PC World acknowledged it had “fallen short” in its duty to keep customer information secure.

“We continue to make improvements and investments to our security systems and we’ve been working round the clock to put this right. We’re extremely sorry about what has happened,” the company said.

Blame CEOs for cyber-attacks, report says

Thirty-seven percent of IT organisations see their chief executive as the weak link in their cyber security efforts, a survey by cloud security company Mimecast has suggested.

The survey of 800 global IT leaders and C-suite executives revealed that 31% of C-level employees are likely to have sent sensitive data to the wrong person in the last, year compared to just 22% of general employees.

Meanwhile, 20% of organisations reported that sensitive data was sent via email by a member of the C-suite in response to a phishing scam in the past 12 months. Worryingly, half of organisations felt their management and finance teams would not be able identify when an imposter might be trying to obtain sensitive information.

Peter Bauer, chief executive officer of Mimecast, said: “Email-based attacks are constantly evolving and this research demonstrates the need for organizations to adopt a cyber resilience strategy that goes beyond a defence-only approach. This is more than just an IT problem.

“It requires an organisation-wide effort that brings together many stakeholders, puts the right security solutions in place and empowers employees – from the C-suite to the reception desk — to be the last line of defence.”

Cyber-criminals set to splurge this weekend in “cash out” attack

The FBI is anticipating a worldwide cyber-attack on cash machines that could see millions of dollars nicked – potentially this weekend.

According to the Independent, the FBI has obtained intel suggesting cyber-crooks plan to pull off an ATM “cash-out” attack in the coming days.

Such attacks involve hacking bank systems and using cloned cards to withdraw money.

During such attacks, criminals often remove withdrawal caps programmed into ATMs that stops them from being emptied, allowing them to take out large amounts of cash in a matter of minutes.

Brian Krebs, an American investigative reporter and cyber security expert who claims to have obtained the FBI alert, wrote in a blog post: “Virtually all ATM cash out operations are launched on weekends, often just after financial institutions begin closing for business on Saturday.

“The FBI is urging banks to review how they’re handling security, such as implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.”