This is shocking but not surprising. We may see more of this while defensive technology improves to the point that it’s harder for the hackers. Then again, not being a technology guy, I could be completely wrong.
Mrs CCU works with this type of stuff, indirectly. She does a ton of IT work that deals with security, and fail safes; what to do if your system crashes or whatever. The simplest approach has been back your data up, and have the ability to reinstall the software almost as fast as it dies. Her area is in the medical lab IT stuff, but her is readily applicable to Colonial and other folks like them. There are other areas in tech that may have prevented this ransom attack, but it could have been less impactful, IMO, if Colonial had take cyber security more seriously.
I did read the article and saw that Colonial was using backups to restore their system, but they (I don’t have all the info) should have jumped on that almost immediately. Isolate the corrupted drives, physically. Install replacements through the backups. There are probably some CAPAs (corrective actions-preventative actions) that Colonial will have to do. I bet the ransomware came in via something simple, someone clicked a link that they shouldn’t have. Yes, it could have been a directed attack, see the cyber attacks on Iranian nuke facilities.
This fiasco with Colonial has directly impacted us, in that we no gas in our immediate area. NC may have 75% empty tanks, our area is near 100%. Fortunately, both autos have gas, and I was able to fill our Moto with gas that was originally for the lawnmower.
I suspect, some enterprising law firm is going to see this as an opportunity to go after Colonial, for the reasons I stated above.
I work in IT Sec.
We expect to see the bad guys leaving “time bombs” as they infiltrate systems, so that restoring from backups might work… or you might restore a time bomb that re-instantiates the original encryption / ransom 2-step. We’re hearing about these kinds of cases.
The original ransomware just encrypted the data - solid backups was the remedy.
Now the attacks are getting more sophisticated.
IMO we won’t see a reduction in these kinds of attacks unless/until military action is involved.
Commercial hackers operate from a number of countries, not just the two big adversaries. If a few of them have their houses / offices destroyed… they’re smart people - do they want more of the business end of a cruise missile? (I think they’ll elect not to tempt that.)
By the way, yesterday it was revealed there are about 12 serious vulnerabilities in WiFi itself. MS released patches, linux is coming quickly, Apple & other big vendors will be releasing patches very soon (if not already).
The big risks are all the IOT devices and home WiFi networks, where updates may be slow coming, if at all.
The “time bombs” are an interesting thought. I can see what you mean by a 2 step ransom attack happening, especially if the backups are infected w/o someone knowing what to look for.
Didn’t realize that there were 12 serious wifi vulnerabilities. I suspected that there were a few, but not that many. So, was todays MS update for these vulnerabilities? I haven’t looked at them yet, I just saw that my system wants to do a restart. Guess I’d better verify my firmware updates on my router.
The IOT devices (alexa, and other voice activated stuff) has me spooked. I know I should worry about my phone more, but I can at least leave it in the other room.
Thanks for your views. They’re very solid.
It remains to be seen on the WiFi vulnerabilities how fundamental and widespread they are. The information so far indicates some of the vulnerabilities are pretty easy to exploit, others require more complex conditions.
These are a bit like the Spectre-Meltdown vulnerabilities, where it was found that CPU manufacturers never bothered to encrypt the traffic within their microprocessor architectures / ecosystems, as it would (previously thought) slow down the system a fair amount. Spectre/Meltdown remedies have been attempted on both the software & hardware (firmware) side, though it hasn’t been a clean, “this will rectify the problem right here” kind of proposition.
I suspect it may take vendors a few tries to get these closed up tight.
One other dynamic at play here - once vulnerabilities are publicly announced, it becomes a race between the bad guys and IT vendors / professionals / the public to see if the holes can be plugged before attacks are constructed and deployed.
For example, the last updates issued for Windows 7 (as support was officially ended) became a “game on!” moment. Hackers reverse engineer what the patches addressed, go poking around to see if those parts can be penetrated… and since there won’t be additional patches coming, the bad guys know whatever exploits they find won’t be closed.
My wife works in IT and has been managing several “clean ups” over the last several weeks.
The challenge…a dearth of trained people to deal with the problems created by the hacks.
As someone who works in healthcare, I can tell you, it’s extraordinary how many robocalls, robo-texts and malicious fishing attempts I get daily; either through my work or through my phone. And I have to answer dozens of pages phone calls or text messages -every day of my life - that involve someone else’s health care.
Sooner or later somebody’s got to get access to these systems right?
Yeah. This is sorta a plug for my wife’s company. They’re working on a disaster recovery project right now with a bio-tech firm in CA. LIMS and other related pieces that can potentially be compromised. I have no clue how you guys are doing, let alone what healthcare system you’re with, but if you’re interested I can pass info on. If not, I understand how you can be buried under these nefarious pieces. I’m not in anything that secure, I build bikes, but I get 7 or 8 robocalls or texts a day. If I couldn’t look at them closely, who knows what could happen.
One of the simplest ways into a system. If true, I’m hardly surprised.
At my firm we get training monthly on how to avoid phishing schemes. There are so many of them, it’s not surprising that some of them succeed because only one individual has to make a mistake. The surprise would be if they did not succeed.
Thanks! Feel free to BM me if you like.
As part of our safety team at work I have some peripheral knowledge of Infrastructure safety. I know that the principles employed include a very robust defense against hacking and complete redundancy rather than just backups. I think there are several layers of redundancy on some systems as well. We also have ongoing and regular training about phishing and other data security issues. It is important for employees at every level of an organization to be vigilant because the bad guys are relentless in trying to exploit any weak spot in the systems.
Why am I now concerned that Vlad and his homies are gonna operate a Fire Sale here.
Where is the real life version of John McClain when you need him.