Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 2 of 3 < 1 2 3 >
Topic Options
#298967 - 05/14/21 02:57 PM Re: Pipeline Ransomware Attack [Re: Blast]
dougwalkabout Online   confused
Crazy Canuck
Carpal Tunnel

Registered: 02/03/07
Posts: 3219
Loc: Alberta, Canada
Well said, Chaos. I wonder if it's becoming a cost of doing business, akin to settling petty lawsuits instead of fighting them in court. I think ransomware insurance is also available now, and that becomes part of the calculation.

Top
#298968 - 05/14/21 03:21 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Offline
Addict

Registered: 11/05/07
Posts: 522
Loc: Wales, UK
Does seem to be on the rise, or it's just getting more widely reported.

The DC Metropolitan police were prepared to pay $100,000 to prevent officer's records being released publicly.

https://arstechnica.com/gadgets/2021/05/...c-police-stall/



Edited by Ren (05/14/21 07:59 PM)

Top
#298969 - 05/15/21 11:38 AM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Ransomware has gone from “it isn’t a concern” to being highly visible at the Board of Directors level.

One more useful tidbit about the Colonial Pipeline case; it’s been reported on Twitter (I am choosing to not link to that platform) that it was the billing system that was hit with ransomware.

Top
#298971 - 05/16/21 05:32 AM Re: Pipeline Ransomware Attack [Re: Blast]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
I wonder why companies don't:

(1) Take everything offline
(2) Restore from backups
(3) Bring up networks internally only
(4) Fix security flaws
(5) Carefully open minimal external networking
(6) Monitor, monitor, monitor
(7) Reevaluate if they need such a large online presence
(8) Implement an online presence that it isolated from your internal infrastructure and databases

If you have to pay ransom, that would imply you don't have a good backup strategy in place.

Top
#298973 - 05/16/21 01:59 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Your list is excellent, haertig.

Based on public sources, it appeared that the victim in this case had good backups. Restoring backups can be very time-consuming. Ransomware operators in general are also stealing data and threatening to release it if the ransom isn’t paid.

Addressing specific points from your list:

1) Networks are borderless more often than not. Most employers would struggle badly here in keeping employees in the field productive without remote access to the network. Going all VPN might not be a big difference to how things operate now, assuming that sufficient VPN capacity exists to try this. This was even more critical during the office shutdowns brought on by the pandemic.

2) Backup tech has gotten a lot better, so we won’t be digging through a mountain of tapes to get everything back. Keeping remote workstation backups recent is far easier.

4) This is INCREDIBLY hard for most organizations. They don’t have the capacity to see where known security vulnerabilities are or to patch them in a reasonable timeframe. There’s an entire industry around outsourcing this critical, fundamental task, and most of the vendors I see who do this for other companies are terrible or worse.

6) The skillset to implement monitoring tools is hard to find; hiring and keeping the people to do the monitoring effectively is very expensive. There’s an entire industry around outsourcing this critical, fundamental task, but unlike in (4) there are some services that are extremely good here. But it’s very expensive.

7) Much of the online presence that is customer-facing is cloud based or otherwise outsourced for many companies. It’s keeping their knowledge workers productive that produces most of the network requirements in many organizations.

8) For sure.

Top
#298974 - 05/16/21 07:09 PM Re: Pipeline Ransomware Attack [Re: Blast]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
I meant those as a sequence of steps to remedy the current problem. e.g., "(1) Take everything offline" is a limited duration step to allow restoring from backups and fixing of security flaws before going back online in step "(5) Carefully open minimal external networking".

"Take everything offline" (permanently!) would be a very good security precaution, but totally unworkable in today's world. Employees should remotely accesses company infrastructure via VPN at a minimum, with customers accessing only what customers need to access in a totally isolated area (cloud instances, or whatever). Customers may need to see their accounts, but you don't implement that by giving them access to your internal billing database. Even if you have roles and security defined (which you should,for employees), you still don't give customers the chance to even touch your internal infrastructure. It is certainly easier and more convenient to do so, but there goes your security if you travel down that path.

Top
#298975 - 05/16/21 10:29 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Offline
Addict

Registered: 11/05/07
Posts: 522
Loc: Wales, UK
It's quite a demonstration of a companies incompetence. Critical infrastructure should be expected to hold up against state actors. Never mind some group trying to make a buck.

Guess they got access pretty easily, much like the Florida water plant attack awhile back. The plant was running a remote desktop server (team viewer IIRC) on the machine that also had the software to control the amount of which chemicals were added to the water.

Top
#298976 - 05/17/21 11:30 AM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Offline
Addict

Registered: 11/05/07
Posts: 522
Loc: Wales, UK
Bruce Schneier

Is 85% of US Critical Infrastructure in Private Hands?

https://www.schneier.com/blog/archives/2...vate-hands.html

Top
#298977 - 05/17/21 03:17 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Big update on the reported threat actor for the Colonial Pipeline attack: https://krebsonsecurity.com/2021/05/dark...n-stash-seized/

Top
#298978 - 05/17/21 06:46 PM Re: Pipeline Ransomware Attack [Re: Blast]
dougwalkabout Online   confused
Crazy Canuck
Carpal Tunnel

Registered: 02/03/07
Posts: 3219
Loc: Alberta, Canada
Oh, what a tangled web we weave ...

Top
Page 2 of 3 < 1 2 3 >



Moderator:  MartinFocazio, Tyber 
March
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
1 registered (SRMC), 332 Guests and 70 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
GallenR, Jeebo, NicholasMarshall, Yadav, BenFoakes
5367 Registered Users
Newest Posts
What did you do today to prepare?
by dougwalkabout
Yesterday at 11:21 PM
Zippo Butane Inserts
by dougwalkabout
Yesterday at 11:11 PM
Question about a "Backyard Mutitool"
by Ren
03/17/24 01:00 AM
Problem in my WhatsApp configuration
by Chisel
03/09/24 01:55 PM
New Madrid Seismic Zone
by Jeanette_Isabelle
03/04/24 02:44 PM
EDC Reduction
by EchoingLaugh
03/02/24 04:12 PM
Using a Compass Without a Map
by KenK
02/28/24 12:22 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.