Ransomware

[Teamsaint1]

With the Blue Yonder attack still in progress ,and being somebody who knows next to nothing about the issue, other than it happens a lot, I wonder if people on here have any knowledge or expertise to share ? Some of these attacks seem to take a very long time to fix . Why is that ? 
if companies such as Blue Yonder are vulnerable , you might reasonably think that government and other key systems really are at significant risk ? Anyway, be interested to hear informed thoughts.
 

[badgerx16]

They take a long time to fix because you need to be thorough and methodical in restoring systems, ensuring you have correctly identified the source of the problem, and that your backup systems and data are not themselves carrying the problem. As to why any specific organisation is affected, generally it is human error that enables the 'attack' to occur; opening an email or browsing a website can seem to be innocent but in fact allow a route into the network, missing or delaying software patches leave vulnerabilities open to exploit, running out of date systems, ( there are still Windows XP systems out there, some in critical services ), or simply people failing to follow procedures and instructions, such as closing off network functions that are insecure or unnecessary.

 

 I once went on holiday whilst a new site was being added to our network. A few days after I got back we had a major outbreak that shutdown most of our systems. When we finally got things sorted, ( about 3 weeks ), the post-mortem revealed that there were 3 significant factors; the route into the network was a work laptop used by somebody at the new site being taken home and used on their home wifi where an infected family PC was being used, to save time getting the new site up and running it's network connection bypassed a firewall that the procedures specified must be in place, and to save money the anti-virus software on several new servers had been left off - leaving only Windows Defender to protect them, a decsion that was taken without my knowledge or input

 As Network and IT Security Manager I was not happy.

Edited 26 November, 2024 by badgerx16

[Gloucester Saint]

At one of my former workplaces, there was an issue with this. Colleagues in Badger’s type of role in IT analysed what was going on and there were 20 or so long-serving individuals who were ignoring over a period of time system and IT security updates and upgrades. The employer actually told them to bring in their laptops and take a couple of days AL - project deadlines or not - whilst the updates were installed, ransomware and other security issues tackled and security rebuilt. I’d imagine HR had a chat as well knowing that employer. 

[Teamsaint1]

Thanks  both, very interesting responses.

I did a little reading around this, and learned a bit  about how these attacks happen. But " attack" seems to be a slightly misleading term, it seems to be more of an ongoing process of probing for vulnerabilities  ?

As a side issue, one might assume that people brought in to  deal with these issues for big outfits  will be earning rather good money ?!

I know there were issues around NHS sites using XP when it was no longer supported, so there must be very real concerns around government sites I should think.

[badgerx16]

1 hour ago, Teamsaint1 said:

I did a little reading around this, and learned a bit  about how these attacks happen. But " attack" seems to be a slightly misleading term, it seems to be more of an ongoing process of probing for vulnerabilities  ?

`Correct, Presumably your email account/s regularly receive notifications telling you of failed deliveries, invites from Russian brides, or the old style Nigerian Prince looking for a safe repository for £10million. Very rarely there will be a specifically crafted message aimed at a particular company or organisation, but this level of sophisticated industrial meddling  requires a lot more advanced planning and intelligence gathering to identify the people likely to be vulnerable to exploit.

 

As an aside, one IT Security company was tasked with testing the site security of a major business. They spent days sitting in the local pubs observing the staff on their lunch breaks, which enabled them to formulate a plan; They had a particularly attractive female employee who they had walk up to the main office of the target carrying a number of files. As she reached the main desk she dropped the files and the duty security guard helpfully picked them up for her. She apologised for causing him trouble and for not being able to get her security pass out of her beg as her hands were full, so the guard gallantly opened the security door for her.

By using information overheard in the pub, or gleaned by making 'accidental' phone calls to certain staff of the business, this female security tester ended up inside the supposedly secure computer room, from where she called the IT Manager to tell him his site was not as secure as he had imagined.

[Gloucester Saint]

1 hour ago, badgerx16 said:

`Correct, Presumably your email account/s regularly receive notifications telling you of failed deliveries, invites from Russian brides, or the old style Nigerian Prince looking for a safe repository for £10million. Very rarely there will be a specifically crafted message aimed at a particular company or organisation, but this level of sophisticated industrial meddling  requires a lot more advanced planning and intelligence gathering to identify the people likely to be vulnerable to exploit.

 

As an aside, one IT Security company was tasked with testing the site security of a major business. They spent days sitting in the local pubs observing the staff on their lunch breaks, which enabled them to formulate a plan; They had a particularly attractive female employee who they had walk up to the main office of the target carrying a number of files. As she reached the main desk she dropped the files and the duty security guard helpfully picked them up for her. She apologised for causing him trouble and for not being able to get her security pass out of her beg as her hands were full, so the guard gallantly opened the security door for her.

By using information overheard in the pub, or gleaned by making 'accidental' phone calls to certain staff of the business, this female security tester ended up inside the supposedly secure computer room, from where she called the IT Manager to tell him his site was not as secure as he had imagined.

Classic human systems at play - spend millions on technological security but a simple scam/tailgate on a staff pass or a fire exit propped open in a warm summer undoes it all.

I have seen at another employer who had a phishing problem the IT function send their own versions out with an unlikely but not totally improbable narrative to hook staff in - and when a handful clicked on the link/attachment fell for it, apparently it reminded them they’d just clicked on a spoof and next time it could be their payroll details or confidential commercial information and IP compromised with the disciplinary risks associated. I’d seen it done before so deleted mine but it did strike me as a good idea.