Rampant ransomware.

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
14,442
Reaction score
5,455
Location
Scotland

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
14,442
Reaction score
5,455
Location
Scotland
The thing that gets me is that even if the IT department is truly security conscious they still can't stop stupid users from opening infected emails or files.
One automated detection method I was involved with well over 10 years ago was to send inbound emails into a virtual environment, which simulated a user opening an email and attachments and clicking on links, and evaluating what happened, effectively in a sandbox so no actual consequences.
It was pretty good at spotting possible malicious behaviour and quarantining suspicious items for analysis.

That was back when Adobe had to be coached by external security professionals to re-write large parts of their code to reduce the high number of exploitable vulnerabilities that weaponised PDF files were taking so much advantage of.
 

handinpalm

Getting comfortable
Joined
Sep 21, 2016
Messages
556
Reaction score
1,001
Location
Tampa Bay FL
Actually, the ransomware hacks are the least of worries when the Bad State sponsored hackers go after the electrical grid. They already have the capability to permanently destroy a lot of very expensive and hard to get generators. It would/will take out much of the grid. Just imagine how long it would take for complete anarchy to break out after power is out. People would get hungry fast. This is how the next war will be fought, without firing a single shot, and without a boot on the ground. The countries with most technology in the infrastructure will be the most susceptible. You may not want to be one of the lucky ones to survive. @sebastiantombs is correct, it is very difficult to stop curious/stupid people from clicking on things, so it is easy to execute the war.
 
Joined
Dec 28, 2019
Messages
6,160
Reaction score
12,800
Location
New Jersey
The Mrs worked at the State Police. Their IT department, while not the greatest, did what they could. They constantly send out emails warning not to open unsolicited email, especially from addresses/people you don't know. In spite of that one of her co=workers opened a malware scam and took out a server or three with it. When questioned is she had read the warning emails she said ""of course". When asked why she clicked on an email from someone she didn't know she said "I wanted to see the picture". You can't cure or secure from stupid. That employee is still working there, union rules.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
5,992
Reaction score
8,362
Location
USA
The Mrs worked at the State Police. Their IT department, while not the greatest, did what they could. They constantly send out emails warning not to open unsolicited email, especially from addresses/people you don't know. In spite of that one of her co=workers opened a malware scam and took out a server or three with it. When questioned is she had read the warning emails she said ""of course". When asked why she clicked on an email from someone she didn't know she said "I wanted to see the picture". You can't cure or secure from stupid. That employee is still working there, union rules.
A case of "honesty is the best policy" and union rules creating unintended consequences...

Please tell us you know what the picture was she so wanted to see LOL.
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
7,577
Reaction score
11,364
Location
Alabama
You can't cure or secure from stupid.
My fav response from customers that have an issue after opening, for example, a phishing e-mail from ANY major or well-known bank, financial institution, cellular service provider or shipping company:
"....well it had the company's logo and it looked official. They can't use trademarked logos, can they?"​

My response: "...uh, yea they can and they will...they are C-R-I-M-I-N-A-L-S ! They don't care about trademarks!"

Or "...the popup (or phone call) said they were with Microsoft, so I gave them my credit card number and gave them remote access to my PC..."​

And I say "...Does it sound to you that Microsoft could make 143 billion dollars in 2020 by making phone calls to people just to make a lousy $100 to 200 per call?"

I usually get a blank stare in response. :idk:
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
7,577
Reaction score
11,364
Location
Alabama
Hey look, my tower pc has a slide out cup holder.

Lady being shown how to send a fax, the fax scanned, and dropped to the floor, she says " Wow, that was fast"
Or in 1990 (when 3.5" disks were the rage) when I jokingly told our receptionist she could leave the poly sleeve on the floppy "...to protect the PC from a virus."
Later I overhear our county IT-guy telling my boss "...man, I had to practically disassemble her PC to get all the @#$% plastic out of the drive." :highfive:
 

iwanttosee

Getting the hang of it
Joined
Dec 27, 2020
Messages
94
Reaction score
67
Location
US
Last edited:
Joined
Dec 28, 2019
Messages
6,160
Reaction score
12,800
Location
New Jersey
Yes, they can be filtered, but only if senior management allows it to be. When you deal Internationally filtering by Country becomes problematic as well. It all comes down to what senior management is willing to risk and they generally haven't got a clue hence "problems arise". Where I used to work when I started, way back in the mainframe days when networked PCs were just starting to be used on coax, I warned them about not using anti virus software and scans. They didn't listen until the server went down with early malware and it cost them three days of production to get anti virus installed on everything and everything scanned. All it took was one user with an infected 3.5" floppy brought from home.
 

mikeynags

Getting comfortable
Joined
Mar 14, 2017
Messages
830
Reaction score
594
Location
CT
You can absolutely block pictures, executable, & links on emails or use email filter service like SpamTitan Email Security and Anti-Spam Solution: 500 5-Star Reviews to filter out spam. You can also filter out Russia/China internet traffic from the firewall.

Now stupid users, I agree with you.
One thing to remember is that no system is 100% - that's why when talking security, it's about a strategy that encompasses many layers of protection.

In Colonial's case, we should be asking why the user network (with access to Internet, email etc.) and the pipeline controls network were allowed to talk to each other at all. There should have been a 100% air-gap between the two. Had they implemented the air gap in their strategy, it wouldn't even be a news story.
 

Old Timer

Getting comfortable
Joined
Jul 20, 2018
Messages
959
Reaction score
1,948
Location
I'm ok
You can add all the spam filters, antivirus and all of those videos that management made them watch about cyber security
you want, but there is no way to filter the dumb human that thinks it will never happen to them!

I have seen ransomware hit a financial office, and it came in an email that the top boss man had complained about because it
was stopped by the spam filter, and he had to see it. After clicking the link on his computer (with admin privileges that he had
to have), it encrypted all 5 servers.

We were called in to see if we could bring them back on line. The only saving factor was a backup linked off site that did not get corrupted.
After 2 weeks we had them back on line and email going. After 2 months we had things working the way they wanted them.

And the boss still had admin rights, and the SPAM filter was a click away for all of the employees. We walked out with the check, never to look back again!

People will always chose convince over security

Rant over, I'll get off my soap box.......
 
Top