Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.
posted by hubie on Friday November 17, @06:41PM   Printer-friendly
from the complaints-department-5000-miles-> dept.

https://arstechnica.com/security/2023/11/teens-with-digital-bazookas-are-winning-the-ransomware-war-researcher-laments/

What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post published Monday.

[...] All four companies have confirmed succumbing to security incidents in recent days, and China's ICBC has reportedly paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.

[...] After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure, LockBit escalates its access to other parts of the compromised network using tools such as Atera, which provides interactive PowerShell interfaces that don't trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday November 20, @01:30AM (1 child)

    by Anonymous Coward on Monday November 20, @01:30AM (#1333564)

    Sorry. No silver bullets. Security isn't a product, and that means just dumping MS ins't the answer. Sure, they've gone for low-hanging fruit but if you move up the tree, so will they [zdnet.com]. If security isn't a product, what is it? A process. A mindset. A significant portion of these attacks are the result of infiltration, or even mere carelessness. All the F/OSS "security" in the world won't help you if you treat your employees badly to the point where leaving a few back doors open in exchange for a nice meal seems OK.

    Is a patched-up MS product behind a properly maintained and configured firewall better or worse than simply sprinkling F/OSS all over your organization and calling it secure? I think you know the answer.

  • (Score: 2) by canopic jug on Monday November 20, @08:03AM

    by canopic jug (3949) Subscriber Badge on Monday November 20, @08:03AM (#1333584) Journal

    A "patched" and "maintained" m$ box is always going to remain a dumpster fire in regards to security. We have decades of data on that already. You can almost say that the holes are there by design or intent based on having been deprioritized for literal decades. A firewall won't help and never could help since the services it has to allow through are the very same ones that are vulnerable in a Windoze environment.

    Yes, security is an ongoing process. It is a process which starts with the early stages of design and continues through the life cycle of the tool, system, or service. m$ is closed source, which is a deal breaker itself [acm.org], and m$ even missed the boat in regards to even basic design. Their way of thinking infects minds far and wide, and we end up with people lying that it is somehow acceptable to deploy m$ products in production. That leads to a cascade of problems and a terrible ongoing mess and, often, a state of perpetual crises. In general, problems cannot be solved with the same thinking (read: the same people) as who caused the resulting mess in the first place. Therefore, as mentioned earlier, the clean up starts with a lot of firings, most importantly of the managers who failed their institutions by bringing in the m$ products in the first place.

    Upgrading to FOSS systems won't in and of itself "cause" security. I'll say again that security is an ongoing process. However, moving to FOSS systems and away from m$ to FOSS systems and software is an essential prerequisite, without which the process cannot even be started.

    --
    Money is not free speech. Elections should not be auctions.