Stories
Slash Boxes
Comments

SoylentNews is people

Breaking News
posted by janrinok on Saturday July 03 2021, @10:55AM   Printer-friendly
https://www.bbc.com/news/world-us-canada-57703836

About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.

Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.

Kaseya said in a statement on its own website that it was investigating a "potential attack".

Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.

The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.

The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.

The two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.

Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim's computer system.

See also:

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by HiThere on Saturday July 03 2021, @02:04PM (4 children)

    by HiThere (866) Subscriber Badge on Saturday July 03 2021, @02:04PM (#1152562) Journal

    I'm really convinced that handling this is, in principle, possible. But not if you require the ability to execute programs to be transmissible. So doing it securely would make many things either a lot more difficult or impossible. HTML version 1 (before javascript and similar) was probably secure. So was the original email. Of course, if you allow an interpreter to automatically execute a tagged file than all bets are off.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Saturday July 03 2021, @02:45PM (2 children)

    by Anonymous Coward on Saturday July 03 2021, @02:45PM (#1152571)

    The networking protocols are very insecure at the lower layers... They were not designed with hostile environments in mind. We can bandaid on top of this, but the fundamental weaknesses of our network architectures will still be there.

    • (Score: 2) by Rich26189 on Saturday July 03 2021, @03:20PM (1 child)

      by Rich26189 (1377) on Saturday July 03 2021, @03:20PM (#1152576)

      I don’t know how these most recent attacked were perpetrated, TFS doesn’t say, but I disagree that the networking layers are the likely attack point. Enterprise level equipment has very robust networking layers, especially the lower ones. I can’t speak about the upper layers, e.g. 7 (yeah, I’m that old) but I have to think they’re not untested.

      At this point we’re talking about the 6th Domain of Warfare.

      • (Score: 0) by Anonymous Coward on Saturday July 03 2021, @05:24PM

        by Anonymous Coward on Saturday July 03 2021, @05:24PM (#1152610)

        All that "enterprise level equipment" is only needed due to the horrible design of the basic networking protocols... We segment the networks to stop our machines from blabbing everything they do and know where anyone can hear.

  • (Score: 4, Insightful) by Mojibake Tengu on Saturday July 03 2021, @03:00PM

    by Mojibake Tengu (8598) on Saturday July 03 2021, @03:00PM (#1152574) Journal

    Axiom 0: data is code and code is data.
    => Every code is someone's data.

    You are right about original Web was accidentally[1] safe, because html1 markup before scripting happened to be a declarative language, not executable language.

    But the fundamental design error was made with Web not designed by intention as pure declarative in client context, like, say, forming pages pure declaratively[2] in Prolog or a dialect, and letting clients to decide completely what they turn to rendering execution about it, enabling logical deductions about pieces of information. Instead, we got executive hell by foreign code enforced on clients.
    The same with emails.

    This will never be fixed. Not by adding more jails and fortifications to clients. Not in this decadent political digitalism epoch.

    [1] 'accidental' as in ancient Aristoteles' meaning
    [2] Note HTTP/HTML predecessor, the gopher, was very primitive but made declarative, evolved from classic BBS's menu systems.

    --
    Respect Authorities. Know your social status. Woke responsibly.