Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.
posted by hubie on Friday November 17, @06:41PM   Printer-friendly
from the complaints-department-5000-miles-> dept.

https://arstechnica.com/security/2023/11/teens-with-digital-bazookas-are-winning-the-ransomware-war-researcher-laments/

What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post published Monday.

[...] All four companies have confirmed succumbing to security incidents in recent days, and China's ICBC has reportedly paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.

[...] After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure, LockBit escalates its access to other parts of the compromised network using tools such as Atera, which provides interactive PowerShell interfaces that don't trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Thexalon on Friday November 17, @09:32PM

    by Thexalon (636) on Friday November 17, @09:32PM (#1333327)

    So what these whiners are actually saying is "The security and backup strategies of extremely well-funded organizations are so atrociously badly done that they're being beaten by basically untrained script kiddies." Yes, the people trying to rob the banks are ultimately the bad guys, but if your bank keeps getting robbed by a bunch of 12-year-olds and your entire security system consists of the digital equivalent of 1 half-asleep security guard with a drinking problem, that's on you.

    Sure, dealing with that properly involves actually listening to the people in your tech team with gray hair and grubby T-shirts and spending some money you'd rather not spend. Oh, wait, you fired all of them and outsourced IT to somebody in a cheaper country who offered you a nice under-the-table kickback but doesn't know their rear end from a hole in the ground, didn't you? And now you're surprised to find out that they knew something about what they were doing. Yeah, that's on you too, Mr Short-sighted CTO.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5