Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Friday November 17 2023, @06:41PM   Printer-friendly
from the complaints-department-5000-miles-> dept.

https://arstechnica.com/security/2023/11/teens-with-digital-bazookas-are-winning-the-ransomware-war-researcher-laments/

What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post published Monday.

[...] All four companies have confirmed succumbing to security incidents in recent days, and China's ICBC has reportedly paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.

[...] After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure, LockBit escalates its access to other parts of the compromised network using tools such as Atera, which provides interactive PowerShell interfaces that don't trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Rosco P. Coltrane on Friday November 17 2023, @08:24PM (7 children)

    by Rosco P. Coltrane (4757) on Friday November 17 2023, @08:24PM (#1333318)

    What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common?

    They all run closed source software.

    Not to say that open source software is immune from vulnerabilities, far from it. But I can't help but noticing most high-profile exploits target mostly closed source software, and often the vendor either doesn't know about it, doesn't care, takes its own sweet time to address it, or doesn't disclose before it's way too late. Whereas exploits in high-profile open-source software usually gets discussed openly, gets fixed fast, and of course many more people than just the engineers of one vendor can look at the problem.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 4, Interesting) by pTamok on Friday November 17 2023, @09:59PM (4 children)

    by pTamok (3042) on Friday November 17 2023, @09:59PM (#1333331)

    Whereas exploits in high-profile open-source software usually gets discussed openly, gets fixed fast, and of course many more people than just the engineers of one vendor can look at the problem.

    I'm glad you said 'usually'.

    Linux-based operating systems still have a small fraction of 'the desktop', and a lot of enterprise/business is still based on Microsoft servers. So people developing exploits will target the most common software in use, so it is no surprise that Microsoft-based systems get hit so often. It's basic statistics.

    The idea behind open source meaning all bugs ( including security bugs ) are shallow is nice, but the reality is there is FLOSS software that is under-resourced for maintenance and bug-fixing. Some of it in use in business critical systems. All s NOT sweetness and light on the FLOSS side of the mountain.

    Personally, I use Linux-based software when I can, but as it gets more popular, more exploits will come along, and indeed are. Linux is not immune to script-kiddies.

    There are some things large companies can do to help, both themselves, and everyone: employ people who know what they are doing and listen to them; and send money and/or other support resources to the FLOSS projects you use so they can be maintained. Think of it as insurance.

    • (Score: 5, Interesting) by Thexalon on Friday November 17 2023, @11:58PM (1 child)

      by Thexalon (636) on Friday November 17 2023, @11:58PM (#1333342)

      Here's how I tend to look at it, which has nothing to do with "all bugs are shallow to somebody" and everything to do with "what resources can you use to address the problem".

      Let's compare the situations of CTO A running the proprietary MacroHard W, and CTO B running the FLOSS X that does basically the same thing. And a serious 0-day bug is discovered for both of them at the same time that's being actively exploited in the wild.

      CTO A's options:
      1. Wait for MacroHard to distribute an update for W, and install it as quickly as possible.

      CTO B's options:
      1. Wait for literally anybody else (who may or may not be connected to the maintainers of X) to put a patch out somewhere on the Internet, and install the patch as quickly as possible.
      2. Direct any in-house software developers they might have to try to create a patch themselves.
      3. Direct any in-house admins they might have to try to create some kind of clever workaround for the problem, because they have access to all the components and documentation to tinker with things.
      4. Hire an outside developer, e.g. somebody who has contributed to the system at some point (which conveniently is public information, just look in the git history), to develop a patch for it.
      5. Hire an outside admin to create the clever workaround for the problem that the in-house admins didn't think of.
      6. Organize some sort of multi-organization cooperative effort with everybody else who is facing the exact same problem.
      etc etc etc.
      Oh, and if your guys fix it first, you can publicize the fix and get some nice publicity from that.

      So CTO A might have the advantage of being able to blame everything on MacroHard, but CTO B has lots of avenues for fixing the damn problem that CTO A doesn't. These also apply to situations like:
      - The upstream abandons the software, for whatever reason.
      - There's a feature that would be really useful for you to have, and isn't currently part of the software.
      - There's a non-security bug that's still really friggin' annoying.

      I'd rather be CTO B in all of these scenarios. But again, I approach technical problems like an engineer, not a politician, which means I want to actually fix them and not just send the blame somewhere else.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 2) by Freeman on Monday November 20 2023, @04:14PM

        by Freeman (732) on Monday November 20 2023, @04:14PM (#1333620) Journal

        CTO A is why we switched from a proprietary Integrated Library System (book Library). To an open source ILS (Koha). There were a few other options, but we'd already had experience with Koha. So far, we're quite happy.

        --
        Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    • (Score: 3, Touché) by mcgrew on Saturday November 18 2023, @03:53PM (1 child)

      by mcgrew (701) <publish@mcgrewbooks.com> on Saturday November 18 2023, @03:53PM (#1333405) Homepage Journal

      Personally, I use Linux-based software when I can

      Android is a Linux distro. A bad crappy one, yes, but it uses the Linux kernel. Odd that I had to patch the kernel on my Linux tower a couple of weeks ago, but not my phone or tablet.

      Lay your phone on the desk. That's Linux on the desktop but is no safer than Windows.

      --
      mcgrewbooks.com mcgrew.info nooze.org
      • (Score: 1) by pTamok on Saturday November 18 2023, @10:28PM

        by pTamok (3042) on Saturday November 18 2023, @10:28PM (#1333460)

        Good call.

        I don't use Android. Or iOS.

        The Android 'userland' is not one I'm happy to use.

  • (Score: 0) by Anonymous Coward on Friday November 17 2023, @10:51PM

    by Anonymous Coward on Friday November 17 2023, @10:51PM (#1333337)

    They all run closed source software.

    They should be running in-house software. Oh well, too big to punish... must be nice

  • (Score: 2) by mcgrew on Saturday November 18 2023, @03:49PM

    by mcgrew (701) <publish@mcgrewbooks.com> on Saturday November 18 2023, @03:49PM (#1333404) Homepage Journal

    ..."after failing to patch a critical vulnerability..."

    Looks like it's not closed source's fault this time to me. Don't you ever patch your Linux box? I did mine yesterday, a couple weeks ago I even had to boot it for a kernel patch. Yes, the way Microsoft patches makes one not want to, but that's different.

    And even lazy closed source users don't lose any data they've backed up. Anyone who doesn't back up is a brain-dead moron, or doesn't give a damn about their employer's data.

    --
    mcgrewbooks.com mcgrew.info nooze.org