Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Friday November 17 2023, @06:41PM   Printer-friendly
from the complaints-department-5000-miles-> dept.

https://arstechnica.com/security/2023/11/teens-with-digital-bazookas-are-winning-the-ransomware-war-researcher-laments/

What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post published Monday.

[...] All four companies have confirmed succumbing to security incidents in recent days, and China's ICBC has reportedly paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.

[...] After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure, LockBit escalates its access to other parts of the compromised network using tools such as Atera, which provides interactive PowerShell interfaces that don't trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by ElizabethGreene on Saturday November 18 2023, @02:54PM (4 children)

    by ElizabethGreene (6748) Subscriber Badge on Saturday November 18 2023, @02:54PM (#1333392) Journal

    It's dangerous to trivialize these groups as "teenagers". The people developing those "digital bazookas" have office space, desks, and regular paychecks. They work for companies whose business happens to be crime. To put it in perspective, Cybercrime is a ~$300b/year industry, which puts it in the same neighborhood as illegal drugs in terms of annual revenue.

    You'd get laughed out of journalism if you described Pablo Escobar as a drug dealer, and that's roughly on par with calling these people "Teens with digital bazookas".

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Interesting=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by istartedi on Saturday November 18 2023, @11:10PM (3 children)

    by istartedi (123) on Saturday November 18 2023, @11:10PM (#1333463) Journal

    Yeah, they might be young but they're not the kind of "teens" people are thinking of. I saw an article that says the groups have a buy-in of one BTC. Most teens with that kind of scratch aren't going to spend it on that. I think most of them probably aren't teens, and if they are then their daddy is mafia and bankrolls them. The press loves the image of teen hackers, good or bad, fixed in our minds by things like War Games. Not that I don't love that movie, but it's just that. A movie.

    So if you're in your Mom's basement, have no morals, and are thinking of wading in to those waters for fun and profit; think again. If you can scare up 1 BTC you'll probably just keep doing the OF you did to make it.

    --
    Appended to the end of comments you post. Max: 120 chars.
    • (Score: 2) by canopic jug on Sunday November 19 2023, @10:37AM (2 children)

      by canopic jug (3949) Subscriber Badge on Sunday November 19 2023, @10:37AM (#1333488) Journal

      These aren't bazookas. Read any of the very many ransomware articles and follow up articles out there. The commonality is the misplaced reliance on M$ products in place of acceptable production systems. Basically the "hardened" systems have rice paper armor and are getting taken down with slingshots. However, they are not kids, they are organized criminals which operate with a number of side agendas at the same time.

      The article is just disingenuous spin covering for Bill and M$ while distracting from the inconvenient truth of the necessity of eliminating m$ products from production environments. That however is not a technical problem but a staffing problem and can only be solved with a longer process which starts with a stack of pink slips.

      Through Bill's rice paper armor and swiss cheese spaghetti code, the M$ systems have been and will always remain incurably vulnerable to compromise. The only group to benefit from that, aside from the politicians from Redmond, are the ransomware crews and their investors. Bill's sloppy code has launched ransomware from a fringe, cottage industry into a major boom which has grown explosively year on year:

      In 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, a 380 per cent increase over the previous six years combined ($144 million from 2013-2019).
      -- https://telanganatoday.com/ransomware-as-a-service-creates-cottage-industry-of-cybercrime [telanganatoday.com]

      The technical part of that is already a solved problem: ditch m$. It's never going to be solved with patches and aftermarket add-ons [strongdm.com] but only by upgrading to FOSS systems. Although dealing with the politics which allowed m$ to infiltrate work place, and for that matter discussion forums, is a hard problem it is solvable with some will and effort.

      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 0) by Anonymous Coward on Monday November 20 2023, @01:30AM (1 child)

        by Anonymous Coward on Monday November 20 2023, @01:30AM (#1333564)

        Sorry. No silver bullets. Security isn't a product, and that means just dumping MS ins't the answer. Sure, they've gone for low-hanging fruit but if you move up the tree, so will they [zdnet.com]. If security isn't a product, what is it? A process. A mindset. A significant portion of these attacks are the result of infiltration, or even mere carelessness. All the F/OSS "security" in the world won't help you if you treat your employees badly to the point where leaving a few back doors open in exchange for a nice meal seems OK.

        Is a patched-up MS product behind a properly maintained and configured firewall better or worse than simply sprinkling F/OSS all over your organization and calling it secure? I think you know the answer.

        • (Score: 2) by canopic jug on Monday November 20 2023, @08:03AM

          by canopic jug (3949) Subscriber Badge on Monday November 20 2023, @08:03AM (#1333584) Journal

          A "patched" and "maintained" m$ box is always going to remain a dumpster fire in regards to security. We have decades of data on that already. You can almost say that the holes are there by design or intent based on having been deprioritized for literal decades. A firewall won't help and never could help since the services it has to allow through are the very same ones that are vulnerable in a Windoze environment.

          Yes, security is an ongoing process. It is a process which starts with the early stages of design and continues through the life cycle of the tool, system, or service. m$ is closed source, which is a deal breaker itself [acm.org], and m$ even missed the boat in regards to even basic design. Their way of thinking infects minds far and wide, and we end up with people lying that it is somehow acceptable to deploy m$ products in production. That leads to a cascade of problems and a terrible ongoing mess and, often, a state of perpetual crises. In general, problems cannot be solved with the same thinking (read: the same people) as who caused the resulting mess in the first place. Therefore, as mentioned earlier, the clean up starts with a lot of firings, most importantly of the managers who failed their institutions by bringing in the m$ products in the first place.

          Upgrading to FOSS systems won't in and of itself "cause" security. I'll say again that security is an ongoing process. However, moving to FOSS systems and away from m$ to FOSS systems and software is an essential prerequisite, without which the process cannot even be started.

          --
          Money is not free speech. Elections should not be auctions.