Hacker opens 2,732 PickPoint package lockers across Moscow:, A mysterious hacker used a cyber-attack to force-open the doors of 2,732 package delivery lockers across Moscow. The attack, which took place on Friday afternoon, December 4, targeted the network of PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers across Moscow and Saint Petersburg.
It is very easy to stand up servers to connect things online and provide an interactive user experience, but ensuring it is secure is a different story altogether. Any organisation that manufactures, develops, or sells software is in the cybersecurity business whether they know it or not. It is therefore essential for all organisations to build a culture of cybersecurity into its fabric. Just like how quality control, or safety, or budgets are factored into the entire organisation, so should cybersecurity to ensure that all services and products are secured end to end.
The recent attack against the Russian company PickPoint’s package delivery lockers across Moscow shows that cyber threats are present in all aspects of everyday life, including in places most people do not normally consider. The details of exactly how the hack took place have not been made available by PickPoint, but it does raise the question of how other similar systems across the world (like those operated by Amazon) may be vulnerable. In this instance, the hacker managed to open more than two thousand lockers to demonstrate the vulnerability. This caused PickPoint to quickly notice the attack and take measures to mitigate it. A more targeted attack, however, could affect only a few of these lockers at a time, making it difficult for companies to pinpoint the cause. This latest hack also highlights the recurring discussion of convenience versus security. It is always a good idea to consider whether one actually needs a specific service or appliance connected to the Internet. In this case, package delivery lockers probably wouldn’t need to be directly accessible online, and any connections should ideally only be reached with some sort of VPN or only by authorized IP addresses, for example. With more and more household appliances being connected to the Internet each day, the attack surface grows at the same rate, and the chances increase that malicious actors will find ways to exploit vulnerabilities before these are patched. It is, therefore, more important than ever that the security of any devices connected to the Internet is extensively assessed. It is also important to remember that new vulnerabilities are discovered daily and so security monitoring and assessment should be ongoing. Decreasing the attack surface available is then a very important step to take.