SoylentNews is people
SoylentNews
About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.
Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
Kaseya said in a statement on its own website that it was investigating a "potential attack".
Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.
The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.
The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.
The two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.
Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim's computer system.
See also:
(Score: 5, Insightful) by Opportunist on Saturday July 03 2021, @11:26AM (12 children)
Anyone still thinking a monopoly situation in IT is a good thing?
This is why even the least exploitable bug in any standard software from a big vendor is met with horror in security circles. Because even an edge-case-once-in-a-blue-moon-exploitable bug in a MS product means that thousands of companies are affected.
(Score: 3, Funny) by Anonymous Coward on Saturday July 03 2021, @12:37PM
Butbutbutbutbutbut I ran all da updetes and stayed up to date, just like my Microserf certification told me to!
(Score: 1, Disagree) by Anonymous Coward on Saturday July 03 2021, @01:19PM (7 children)
Think this through: how does having more software vendors decrease the number of bugs to exploit? It doesn't. Furthermore, having more software systems might increase bugs because of increased complexity of multiple systems and integration needs. Now, I am not saying everyone needs to standardize on a couple different vendors, but I am saying that I don't see how more vendors equals more security.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 03 2021, @01:22PM
One more note: security is a process, not a product, as Bruce Scheier says.
(Score: 5, Informative) by turgid on Saturday July 03 2021, @01:27PM (2 children)
Correct, but they will be different bugs, subject to different exploits. Therefore, one single exploit can't take the whole lot down.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Touché) by Dr Spin on Saturday July 03 2021, @02:01PM (1 child)
But, But ...
Think of the malware vendors!
Warning: Opening your mouth may invalidate your brain!
(Score: 3, Interesting) by Opportunist on Saturday July 03 2021, @09:36PM
Doing this constantly. I call them "my beloved job security", for as long as they continue being a threat, I'm going to be employed as well.
They are my enemies and at the same time I'm their parasite. Because without them, I couldn't exist in the job I have.
(Score: 4, Insightful) by Socrastotle on Saturday July 03 2021, @05:07PM
The interesting thing about your question is that it generalizes to something that can be applied everywhere from economic systems, world vs national government, and much more.
And it all comes down to simple game theory. When you have one vendor, and that vendor is doing an exceptional job it will never be able to be beaten by a multi-vendor system. Because a multi-vendor system all but guarantees that at least some of the vendors will be being exploited, or failing at some time or another. The reason that the multi-vendor scenario may often end up being superior is because of the other side of things. When you have a single vendor and that vendor trends towards ineptitude, corruption, greed, or whatever else - then the entire domain under its "rule" (which may be everywhere, when taken to extremes) suddenly ends in a global dystopia. By contrast in our multi-vendor world, you will always have some vendors doing well - even if purely by chance.
So it depends on what you see as more valuable. Because "more security" is somewhat meaningless. In a unipolar world, when the monopoly becomes dysfunctional - the entire world has zero security. By contrast in a multipolar world, you'll probably never have zero security. But, on the other hand, you'll never reach the 100% in those periods during a unipolar world where the solitary vendor has not been exploited.
(Score: 3, Insightful) by Opportunist on Saturday July 03 2021, @09:34PM
It doesn't. Quite the contrary, it will increase the number of bugs in software, simply by virtue of there being more software.
But at the same time any bug in any of these systems will have a much smaller impact on everyone. It's a bit like with any monoculture. Yes, if you have only one kind of tree in a forest, there will be far fewer pests to consider because all the ones that only affect the other tree types will simply not exist in your forest. But if you have an outbreak of one such pests, your forest is gone.
Bark beetles are a really huge threat in one of the areas I lived in. Mostly because they decided that monocultures of fast growing spruces is a good idea.
(Score: 2) by FatPhil on Sunday July 04 2021, @07:03PM
Because you're not obliged to run all the software by all the vendors. You can chose to run the ones that you consider least buggy.
E(min(x0,x1)) < min(E(x0),E(x1))
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Touché) by EvilSS on Saturday July 03 2021, @06:30PM
(Score: 3, Insightful) by mcgrew on Saturday July 03 2021, @06:30PM
Anyone still thinking a monopoly situation in IT is a good thing?
That hardly applies any more, you're forced into only a handful of choices. Rather, why aren't these dumbasses backing up their data? You can't erase remotely data that's in a shut off backup machine.
What kind of "professionals" are they hiring?
mcgrewbooks.com mcgrew.info nooze.org
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @07:39PM
There is no monopoly.
You and any corporation both are free, both in libre and beer senses, to install an alternative OS on any or all your machines at any time.
If you don't like getting free as in beer, you can pay the likes of Redhat/IBM or Canonical to pretend that your machines require anywhere near the support level of a Windows machine.
If you want to pay a premium, you can buy Macs and use iOS (but good luck paying the 30% Apple tax everywhere)
These ransomware attacks are not the problem. "Monopoly" is not the problem. The problem is the mindset and mentality that keeps people on a mediocre OS like Windows year after year, when there is simply no excuse anymore. If Aunt Tillie can use an alternative OS, so can your business.