from the how-many-times-must-we-say-"don't-open-suspicious-emails"? dept.
US Coast Guard discloses Ryuk ransomware infection at maritime facility:
An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas.
The agency did not reveal the name or the location of the port authority; however, it described the incident as recent.
"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware," the US Coast Guard (USCG) said in a security bulletin meant to put other port authorities on alert about future attacks.
USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees.
"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility's access to critical files," the agency said.
The USCG security bulletin describes a nightmare scenario after this point, with the virus spreading through the facility's IT network, and even impacting "industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations."
Coast Guard officials said the Ryuk infection caused "a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems."
The maritime facility -- believed to be a port authority -- was forced to shut down its entire operations for more than 30 hours, the Coast Guard said.
(Score: 1) by Ethanol-fueled on Wednesday January 01 2020, @05:41PM (2 children)
Dumb.
Double-dumb.
(Score: 2, Touché) by Anonymous Coward on Wednesday January 01 2020, @06:34PM
Dumb of them to run Windoze.
(Score: 3, Interesting) by RandomFactor on Wednesday January 01 2020, @07:04PM
URL Sandboxing, Attachment Sandboxing, Outbound Browser sandboxing, automated post delivery threat removal, periodic link re-sandboxing, End-User polices etc. can be implemented to reduce dumb clicks. I suspect USCG has at least the obvious ones in place. (Their SPF and DMARC are in strict/reject mode, so at first blush they appear to be serious about things.)
Strong Cyber Security awareness programs reduce the amount of clicking that goes on, they don't eliminate it. For large organizations if you can get the click rate on a decent phishing campaign down into the teens you are doing fantastic.
Humans are a bell curve in most respects. If you have a hundred thousand employees that get something they shouldn't click on, a bunch of idjits are going to click on it -every time-
In this case, I'll guess that they don't have remote browser isolation [wikipedia.org] in place. One click pwnage is exactly what it can prevent.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 4, Interesting) by canopic jug on Wednesday January 01 2020, @05:50PM (4 children)
It is the vendor's fault. The vendor has claimed that the software is fit for purpose and it isn't. The user has used the software as it was intended and it was the software which failed not the user. So blaming the individual who happened to get the payload is not appropriate. Despite that, as a distraction, M$ has been bleating about attachments for ages, so long that many will repeat it even if they might know better than to do so.
However, there is another large problem blaming the victim distracts from, aside from the lack of fitness for purpose. There is also the lack of federated file sharing like we used to have in the 1990s. Back then there were several platforms, two were AFS and Novell Netware. The former faded away from active neglect. The latter was eliminated through one of M$ many, targeted whisper campaigns. There haven't been any realistic replacements for either. Dropbox, Box, and similar are not realistic options, despite the marketeering. So clownish managers end up forcing their staff to use a kludge like e-mail attachments instead. Keeping the documents in a distributed filesharing network will make it once again be far easier to manage access control, confidentiality, and malware analysis.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Wednesday January 01 2020, @06:45PM
Well, AFS is still with us. IBM released it to the community about 20 years ago and it is being developed on as OpenAFS. I think one of the principals there has even been putting out a commercial release under a different name, but I don't know about its compatibility.
Primary use is in academia though, because in 2020 federated filesystems are not that appropriate nor useful for most users. Yes, we need an object storage (and management!) system for corporate use, but managers are still on the "outsource everything" bandwagon.
(Score: 1) by RandomFactor on Wednesday January 01 2020, @07:37PM (2 children)
There's also GDrive of course, and now you are seeing a lot of onedrive/sharepointonline links becoming the new defacto file sharing methodology for O365 customers. These are also, consequently, currently all the rage for phishing links. Compromise or set up a small tenant, drop some badness on it. And send the links to everyone hoping the IT security folks have trusted MS links because the business has been screaming when their files don't get through. Good times.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 0) by Anonymous Coward on Wednesday January 01 2020, @09:19PM (1 child)
If I see a Onedrive or Gdrive link, I know it is probably phishing. That's almost a sure sign.
(Score: 3, Touché) by Gaaark on Wednesday January 01 2020, @11:55PM
If I see Windows, I know it is garbage. Windows is a sure sign.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 2) by Gaaark on Wednesday January 01 2020, @11:54PM (2 children)
Why-are-we-STILL-using-Windows? dept
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 0) by Anonymous Coward on Thursday January 02 2020, @12:52AM (1 child)
Because cat food isn't advertised to the cats.
(Score: 0) by Anonymous Coward on Thursday January 02 2020, @04:26PM
Because for your cat food your choices are store-generic-brand that may occasionally kill the cat, Fancy Feast which costs at least twice as much, and there are a whole bunch of field mice which are perfectly free to eat but that requires knowledge of how to hunt (in various degrees). There are also offshoots like manufacturers who freshly hunt and set the cat up with a fresh meal but at much higher cost.
Most cats are lazy and indolent and have no idea how to hunt. Without canned food they would indeed starve.
The ones that aren't often have masters who aren't going to pay any more than is absolutely necessary and are scared at the prospect of just letting the cats get the free food that's available out there; they'd rather pay for cheap store-generic cat food and call it done.
The rest of the cats just don't care and will eat the store-generic-brand because they think that's the most available option.
Then there are those who can hunt and are given the choice to hunt.
(Score: 0) by Anonymous Coward on Thursday January 02 2020, @02:35AM (1 child)
Quit Mixing Code And Data!!!
(Score: 2) by FatPhil on Thursday January 02 2020, @10:55AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves