SoylentNews is people
SoylentNews
About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.
Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
Kaseya said in a statement on its own website that it was investigating a "potential attack".
Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.
The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.
The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.
The two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.
Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim's computer system.
See also:
(Score: 5, Insightful) by Anonymous Coward on Saturday July 03 2021, @11:53AM (17 children)
FTFY. A forced monoculture of an unavoidably vulnerable system is sabotage.
With the current level of system complexity and programmers' skills, we definitely won't have impenetrable security, ever. Security by obscurity too did not work in the days past, and has no reason to magically start working tomorrow. Given that, building up an army of clones where one attack can wipe any and all, is the height of stupidity.
Diversity is the only protection that works, as Mother Nature itself demonstrates. https://en.wikipedia.org/wiki/Panama_disease [wikipedia.org]
(Score: 1, Insightful) by Anonymous Coward on Saturday July 03 2021, @01:26PM (8 children)
The real source of the weakness is integrated systems all networked. Replace this with something other than Windows, and you still have the same problem.
(Score: 4, Insightful) by HiThere on Saturday July 03 2021, @02:04PM (4 children)
I'm really convinced that handling this is, in principle, possible. But not if you require the ability to execute programs to be transmissible. So doing it securely would make many things either a lot more difficult or impossible. HTML version 1 (before javascript and similar) was probably secure. So was the original email. Of course, if you allow an interpreter to automatically execute a tagged file than all bets are off.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @02:45PM (2 children)
The networking protocols are very insecure at the lower layers... They were not designed with hostile environments in mind. We can bandaid on top of this, but the fundamental weaknesses of our network architectures will still be there.
(Score: 2) by Rich26189 on Saturday July 03 2021, @03:20PM (1 child)
I don’t know how these most recent attacked were perpetrated, TFS doesn’t say, but I disagree that the networking layers are the likely attack point. Enterprise level equipment has very robust networking layers, especially the lower ones. I can’t speak about the upper layers, e.g. 7 (yeah, I’m that old) but I have to think they’re not untested.
At this point we’re talking about the 6th Domain of Warfare.
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @05:24PM
All that "enterprise level equipment" is only needed due to the horrible design of the basic networking protocols... We segment the networks to stop our machines from blabbing everything they do and know where anyone can hear.
(Score: 4, Insightful) by Mojibake Tengu on Saturday July 03 2021, @03:00PM
Axiom 0: data is code and code is data.
=> Every code is someone's data.
You are right about original Web was accidentally[1] safe, because html1 markup before scripting happened to be a declarative language, not executable language.
But the fundamental design error was made with Web not designed by intention as pure declarative in client context, like, say, forming pages pure declaratively[2] in Prolog or a dialect, and letting clients to decide completely what they turn to rendering execution about it, enabling logical deductions about pieces of information. Instead, we got executive hell by foreign code enforced on clients.
The same with emails.
This will never be fixed. Not by adding more jails and fortifications to clients. Not in this decadent political digitalism epoch.
[1] 'accidental' as in ancient Aristoteles' meaning
[2] Note HTTP/HTML predecessor, the gopher, was very primitive but made declarative, evolved from classic BBS's menu systems.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 1, Insightful) by Anonymous Coward on Saturday July 03 2021, @03:28PM
Indeed. Did Battlestar Galactica teach us nothing?
(Score: 0) by Anonymous Coward on Saturday July 03 2021, @04:01PM
In case of one single something, sure; Android is enough of demonstrable proof. A forced monoculture is the problem, it does not matter who is forcing what.
Customizable systems, and making use of that customization, is the solution. When you have a dozen Linux distros, each with several supported versions, with final users (IT dept) recompiling the kernel and some other things and uninstalling other things, to match the setup to their actual needs - a nice zero-day exploit for some version range of SHITTTP protocol handler suddenly becomes usable only on the tiny minority of systems, those that actually are using SHITTTP + have an exploitable version installed.
That setup would not much help clueless end users with no one to do their customization for them, but even then, "some version of some distro" is a much smaller target than "same install and patch of same Windows". As demonstrably proven with Android exploits.
(Score: 2) by Gaaark on Saturday July 03 2021, @08:29PM
No: if you use Windows and I use Manjaro, the problem will stop with you.
Malware makers would have to target EVERY O/S if they want their malware to spread.
Teh way it is now, they just have to target Windows systems to cause problems. Vary the O/S environments and make it harder to crack the system, just like if everyone used the same password....
....use a different password on every system, every system is harder to crack.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by HiThere on Saturday July 03 2021, @02:00PM (4 children)
It's not that simple, and your argument doesn't really work, because everything uses either DNA or RNA. And ribosomes are pretty similar from bacteria to people. Etc.
But it's still basically true. Monocultures encourage the emergence of predators, which have even been known to extinguish the species...or at least the gene-line. This has happened to several lines of banana, though people have kept cultivars alive in labs.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1, Interesting) by Anonymous Coward on Saturday July 03 2021, @03:34PM (3 children)
Aren't we presently having the second year of the COVID shitshow for precisely that very reason?
In the prokaryotes' world, the tithe they pay to phages is a more than fair price for the feature of horizontal gene transfer. Even the multicellular eukaryotes time and again use that feature for their evolutionary advantage, despite such events having far smaller chance of going beneficially for them (us). https://en.wikipedia.org/wiki/Horizontal_gene_transfer [wikipedia.org]
Some unicellular eukaryotes do have some tweaks however (too bothered by viruses in their time of need, to keep holding out for uncertain evolutionary gifts?) https://en.wikipedia.org/wiki/List_of_genetic_codes [wikipedia.org]
Either way, Windows systems at present do not produce offspring so the argument does not hold for them. :)
Dissimilar enough that entire classes of antibiotics are exploiting that difference.
(Score: 2) by c0lo on Saturday July 03 2021, @11:42PM (2 children)
Good God, spare us of the contrary.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Sunday July 04 2021, @02:32AM (1 child)
Clippy is illegitimate?
(Score: 2) by c0lo on Sunday July 04 2021, @09:56AM
Clippy is not Bob and they are dead anyhow, may both rest in pieces.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by digitalaudiorock on Saturday July 03 2021, @03:43PM (2 children)
+1000...beat me to this. I'm so sick of all the coverage of all these things being portrayed like they "penetrated the company's firewall" like a bad TV drama. Bullshit. I'd all but guarantee that most/all of this crap comes from a combination of social engineering (phishing etc) combined with Windows vulnerabilities getting someone access to everything they need to do whatever they want from the inside...period. In addition, I wouldn't be surprised if those may even be unpatched vulnerabilities known only to the uber-blackhats and the CIA.
This is what happens when the "security" of you OS has become so complex that even MS doesn't seem to understand it. Never mind all the forces out there trying to send Linux down that same path.
(Score: 2) by RS3 on Saturday July 03 2021, @06:38PM (1 child)
Absolutely agree, all true. As too often with these kinds of stories, I don't know the specific details. It would be much more useful reporting if they'd tell us so that everyone can learn.
I do know a company that lost pretty much all of their data, documents, etc., to ransomware that came through an email attachment (phishing attack). Like too many (most) people they use a browser to open webmail, or Outlook or some such that will run html and javascript, and then you're done, no inherent / OS vulnerabilities necessary.
They had no IT staff (tiny company) nor outside help, so they're just doing what most people do- using the computers the best they can. Someone had set up shared drives, so the ransomware had access to everything.
If they ran Outlook / browser in a very tightly walled container, it might have been averted, but that's quite a lot more time and effort for very busy office workers who are constantly working email, various customer / sales / inventory / shipping / etc. databases, and would be overwhelmed with the container layer, getting data in and out, saving legitimate attachments, etc. I know it can be set up to be safer, and obviously needs to be.
Every now and then I get an email that's blank in my email client. My client will display the raw html code, but not render it, and certainly not run javascript. The blank ones are entirely javascript (recent ones coming from a temp / job agency).
(Score: 2) by digitalaudiorock on Sunday July 04 2021, @01:15PM
I currently use Thunderbird under Gentoo for email, but only because I need to use it for work emails, were I need to be able to reply to everyone else's bullshit html emails. If it were just for my personal email, I'd be using something like claws mail with no html at all. Those God-awful html emails are another travesty started by MS. Hate it to this day. I'd kill to have all email go back to plain text, possibly with file attachments.