What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post published Monday.
[...] All four companies have confirmed succumbing to security incidents in recent days, and China's ICBC has reportedly paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.
[...] After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure, LockBit escalates its access to other parts of the compromised network using tools such as Atera, which provides interactive PowerShell interfaces that don't trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.
(Score: 5, Insightful) by Thexalon on Friday November 17 2023, @09:32PM
So what these whiners are actually saying is "The security and backup strategies of extremely well-funded organizations are so atrociously badly done that they're being beaten by basically untrained script kiddies." Yes, the people trying to rob the banks are ultimately the bad guys, but if your bank keeps getting robbed by a bunch of 12-year-olds and your entire security system consists of the digital equivalent of 1 half-asleep security guard with a drinking problem, that's on you.
Sure, dealing with that properly involves actually listening to the people in your tech team with gray hair and grubby T-shirts and spending some money you'd rather not spend. Oh, wait, you fired all of them and outsourced IT to somebody in a cheaper country who offered you a nice under-the-table kickback but doesn't know their rear end from a hole in the ground, didn't you? And now you're surprised to find out that they knew something about what they were doing. Yeah, that's on you too, Mr Short-sighted CTO.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin