FBI Security Alerts

[rthonpm]

Unless the feds are going to take over every corporate network, there's really not a lot they can do beyond setting up a means of reporting, triage, and recovery attempts. I would like to see some degree of punishment for blatantly poor practises, or even fines for paying ransom to recover data. The real issue with any kind of legislation is that it usually ends up being too generic to have any bite, or it becomes so restrictive as to lock processes into rapidly out of date methods.

A lot of these groups are in Russia, but tied to organised crime as opposed to the government. The Putin regime is willing to look the other way due to the fact that the attacks are focused on the West. A case in point: several security researchers have found code in multiple malware samples that prevent the code from executing if the primary language on the computer is Russian or other Cyrillic languages. It's similar to malware instances that won't run if the hardware identifier of the system is a virtual machine, as it may be an attempt by a security researcher to examine the malware.

These types of attacks are relatively cheap and have been going on for years. There's certainly more coverage of them now, but sloppy security has been an issue in tech for years. Even worse, it's not often the fault of IT but rather Finance or management which fails to invest in either enough staff or up to date software/hardware.

Outside of a targeted nation state attack, like Stuxnet, most of these attacks could be prevented by:

Strong passwords
Limiting exposure to the public internet by critical systems
Not using administrator accounts for regular tasks
Not using end of life operating systems or software
Keeping all operating systems and software patched to the current levels
Network segmentation
Not clicking on unsolicited links in emails or websites
Have current and tested offline backups of critical systems and applications
Maintain an inventory of all systems and user accounts as well as their purpose
Document and have a plan for disaster recovery

All of this is easy to do, but in the corporate world it becomes a question of scale: you need the staff to ensure that hundreds to thousands and systems spread over multiple locations and/or time zones are kept up to date and properly managed.

I've been fortunate enough in dealing with small business for the most part that if disaster does strike it's easy enough to start over from backups. The one instance with a larger business, I was able to get a professional security firm involved for a full incident response.


Sent from my BlackBerry using Tapatalk

[tonerhead]

Personally I think cyber-terrorists should be tortured to death, but I really don't trust the media either. Funny how all of the attacks on the US are published isn't it?
I don't think the US is innocent either on US led attacks on other countries. Perhaps the US should fund cyber attacks(criminals) on Russia's meat industry or energy systems, then maybe Russia would try to control their own cyber criminals.

I forget which movie it was years ago that said dominating the world all comes down to ones and zeros. (I think it was a James Bond flick). They were absolutely correct. BTW the book 1984 propheties are becoming more and more true. I really believe the world is ruled by 12 people who's names we will never know.

Don't crucify me. Just my $02

[SalesServiceGuy]

Unless the feds are going to take over every corporate network, there's really not a lot they can do beyond setting up a means of reporting, triage, and recovery attempts. I would like to see some degree of punishment for blatantly poor practises, or even fines for paying ransom to recover data. The real issue with any kind of legislation is that it usually ends up being too generic to have any bite, or it becomes so restrictive as to lock processes into rapidly out of date methods.

A lot of these groups are in Russia, but tied to organised crime as opposed to the government. The Putin regime is willing to look the other way due to the fact that the attacks are focused on the West. A case in point: several security researchers have found code in multiple malware samples that prevent the code from executing if the primary language on the computer is Russian or other Cyrillic languages. It's similar to malware instances that won't run if the hardware identifier of the system is a virtual machine, as it may be an attempt by a security researcher to examine the malware.

These types of attacks are relatively cheap and have been going on for years. There's certainly more coverage of them now, but sloppy security has been an issue in tech for years. Even worse, it's not often the fault of IT but rather Finance or management which fails to invest in either enough staff or up to date software/hardware.

Outside of a targeted nation state attack, like Stuxnet, most of these attacks could be prevented by:

Strong passwords
Limiting exposure to the public internet by critical systems
Not using administrator accounts for regular tasks
Not using end of life operating systems or software
Keeping all operating systems and software patched to the current levels
Network segmentation
Not clicking on unsolicited links in emails or websites
Have current and tested offline backups of critical systems and applications
Maintain an inventory of all systems and user accounts as well as their purpose
Document and have a plan for disaster recovery

All of this is easy to do, but in the corporate world it becomes a question of scale: you need the staff to ensure that hundreds to thousands and systems spread over multiple locations and/or time zones are kept up to date and properly managed.

I've been fortunate enough in dealing with small business for the most part that if disaster does strike it's easy enough to start over from backups. The one instance with a larger business, I was able to get a professional security firm involved for a full incident response.


Sent from my BlackBerry using Tapatalk

... "Security firm Emsisoft found that almost 2,400 U.S.-based governments, healthcare facilities and schools were victims of ransomware in 2020"

... 200 month or 6.7 attacks per day on public services in the USA that were reported. Certainly, many more attacks on private corporations were not reported.

[FrohnB]

Anybody find it strange that the industries the radical left wants "abolished"/"banned"/ "removed from existence" are the industries being hit hardest by these ransomware attacks??
Not only that, but those industries also fared worse than most during the pandemic due to certain restrictions/ mandates/ lockdowns that were imposed.
Something seems really fishy with all of this.

[tonerhead]

Anybody find it strange that the industries the radical left wants "abolished"/"banned"/ "removed from existence" are the industries being hit hardest by these ransomware attacks??
Not only that, but those industries also fared worse than most during the pandemic due to certain restrictions/ mandates/ lockdowns that were imposed.
Something seems really fishy with all of this.

Agreed. It's all a plot by someone.

[rthonpm]

Anybody find it strange that the industries the radical left wants "abolished"/"banned"/ "removed from existence" are the industries being hit hardest by these ransomware attacks??
Not only that, but those industries also fared worse than most during the pandemic due to certain restrictions/ mandates/ lockdowns that were imposed.
Something seems really fishy with all of this.

Let's leave the politics and conspiracy theories in the Water Cooler area.

Sent from my BlackBerry using Tapatalk

[slimslob]

Was the JBS cyberattack a dry run? Is JBS cyberattack a dry run? | Fox Business

[Phil B.]

Was the JBS cyberattack a dry run? Is JBS cyberattack a dry run? | Fox Business

I think even before the Colonial deal there was cyber attacks on Sony years ago.

Sent from my SM-G960U using Tapatalk

[tonerhead]

The rumor mill has it that one of the last two biggy attacks was caused by an employee bringing in a raspberry pi and hooking it into the network (I'm cool, look at my pi type of thing)

The hackers were able to use this idiots toy as a screen door to get their malware on the network. Like I said the rumor mill has it said.


Comptia Security+ states again and again, the most insecure thing on networks are the employees. Workers complain about facebook, personal emails, and general internet access being taken away, but it needs to be done.

I've been in plenty of "national" businesses where the local IT guru is clueless. Often they let me do whatever it takes to get people printing and scanning and emailing without any regard to security. I have been in president's offices where the printer has a public ip because the president wants to be able to print to it from anywhere in the world. Then there is the IOT devices out there that control everything from turning on coffee pots to flushing toilets. I think only in America we need to turn on a coffee maker from work so we have coffee when we get home after work. Lazy people in the US, that's the link into our infrastructure that the hackers will use. US doesn't want good, US doesn't want cheap, what they want is good and cheap. They want stuff from China and who really knows what is in the microchips. They want the IOT to do everything for them so they have bragging rights and don't have to stop eating bon-bons in their lazy-boys.

I love my google pod, but I am scared silly of it being a stepping stone into my home network at some point, same with my netflix, and smart tv.

[slimslob]

The rumor mill has it that one of the last two biggy attacks was caused by an employee bringing in a raspberry pi and hooking it into the network (I'm cool, look at my pi type of thing)

The hackers were able to use this idiots toy as a screen door to get their malware on the network. Like I said the rumor mill has it said.


Comptia Security+ states again and again, the most insecure thing on networks are the employees. Workers complain about facebook, personal emails, and general internet access being taken away, but it needs to be done.

I've been in plenty of "national" businesses where the local IT guru is clueless. Often they let me do whatever it takes to get people printing and scanning and emailing without any regard to security. I have been in president's offices where the printer has a public ip because the president wants to be able to print to it from anywhere in the world. Then there is the IOT devices out there that control everything from turning on coffee pots to flushing toilets. I think only in America we need to turn on a coffee maker from work so we have coffee when we get home after work. Lazy people in the US, that's the link into our infrastructure that the hackers will use. US doesn't want good, US doesn't want cheap, what they want is good and cheap. They want stuff from China and who really knows what is in the microchips. They want the IOT to do everything for them so they have bragging rights and don't have to stop eating bon-bons in their lazy-boys.

I love my google pod, but I am scared silly of it being a stepping stone into my home network at some point, same with my netflix, and smart tv.

Back in 2000, I had installed a Lanier Digital Dictation System at the new Heart Hospital. On Saturday May 6, 2000 I got an early morning call to go there and help their IT person by installing an emergency update to the NT servers. The day before the ILOVEYOU worm had hit the internet. The hospital's IT had original scheduled to update all their computers starting Monday the 8th assuming their firewall had them protected. Early Saturday morning a doctor connected his laptop to the network and took down not only the hospital he was at but all 6 hospital across the country in the group. In a matter of seconds every computer that was turned on was infected. Luckily the dictation system was unaffected as it had no direct connection to the network but their corporate wanted everything updated immediately.