Hubris
Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.
Let's file that with "No foreign bombs will fall on Germany".
An important middleman in the UK's electrical power grid has suffered a cyber attack, though the lights are still on across good old Blighty. Elexon, which reconciles electricity supply to the National Grid and issues bills for undersupply or oversupply, was struck by what appears to be a partially contained ransomware attack …
"Absolute worst-case scenario is that the generation companies have to suffer a week of estimated bills."
...than take a look at it, suck air through teeth and phone up to complain the estimate is too high. At which point they get to spend ages fighting through the phone menus to get to the right department and then an hour or two on hold listening to "Thank you for holding, you call is important to us" interspersed by some poorly rendered muzak.
...or target your backup devices themselves.
I've been called in to rectify a ransomware attack that took out a bunch of Synology NAS devices. Mercifully, it only took out the firmware it didn't attack the disks themselves...either that or the poor stability of Synology kit came to the rescue!
Either way it both sucked and wasn't that bad.
I just wish more firms would call me to protect them in the first place rather than just use me as a parachute to save them in the event of a shit storm.
"A sophisticated hacker would infect backups for months before pulling the trigger."
a sophisticated IT manager (read: BOFH) would realize this, and re-load affected operating systems from scratch - THEN restore just the data [and nothing that's executable]. In cases where boot viruses occur in motherboard EEPROM, this may be a bit more difficult, however...
(but a proper phorensic analysis of the scope of infection would tell you this, most likely).
In general, however, crooks are dumb. A simple "restore from backup" probably worked fine.
"these days more and more companies are forced to pay to speed up the process of getting back to business as usual"
No. It's just that, with the Internet, it is easier to find companies that haven't paid attention to the most basic security rule which is DO A FUCKING BACKUP.
I have zero pity for a sizeable company that still hasn't understood the value of backup. All your files are belong to them ? Pay the fucking fine, idiots, and then take your board and shoot the lot of them. It's not like this is news.
Either the board hired an incompetent IT manager, or the board did not approve the proper budget.
Either way, it's the board's fault. Shoot the bastards.
Now, if you're a small company, you've just received a golden lesson in the importance of backups. I sincerely hope you've learned your lesson because, if not, you're going to pay again. You might start a cost/revenue analysis to determine just how often you can afford to pay to not do backups.
Personally, my limit is zero.
Most of these happen by a staff member opening an email attachment or dodgy website.
It can be almost entirely eliminated by:
- Training staff to not just go ahead and open any old attachment they receive by email
- Show emails as plain text by default
- Train staff tonot open that image that has an exe file extension.
- Train staff to not need to look at adult content at work.
- Train staff to focus on their jobs, not random dogdy websites
- Train staff to treat every email attachment with caution, is this contact really likely to send an attachment? Is it really necessary, is it usual pattern?
- Call BOFH if in doubt about something, before you do something.
- Basically.. just train staff about common sense.
Do you really need fo click that random bit.ly link from a random contact who you assisted months ago? Nope
Targeted attacks may be more tricky to stop, but even this simple measures can go a long way.
Prevention is always better than the cure. Ofc, you should still have offline backups.
I personally think this should be the sum total of IT education in schools that and a minimum typing speed of 10 wpm. Kids that want to code will do what everyone else who codes does find the language specs read experiment understand, those that don't think share point is a really neat idea and dream of management positions
Flummoxed my eldests teacher by asking what the point of teaching cursive writing, wouldn't typing be a better use of their time, when my children live in a world where if they have to slum it and communicate in an analog manner it will be in block capitals...
Without an understanding of cursive writing many historical records are inaccessible. It's more important then typing for without the ability to read historical records there is no hope for the future. Now after they've learned how to write they should be taught how to type, I hate the idea they just learn to do it and it doesn' need teaching. I saw so many teenagers struggling with keyboard skill and I worked in IT for a 6th form college. It was shameful watching teachers and students peck at keyboards slowly.
Teach READING of cursive writing, but not necessarily proper penmanship of it. Personally, the only cursive I've written since high school is signing my name - which I could print and have it be just as legal.
Typing is FAR more useful. Certainly I've never looked at a 100+ year-old document and found a piece of changed-my-life information, but I type every single day.
"Ihe big problem is that too many bosses treat staff as an unnecessary avoidable expense."
Guess what IT (in its many guises over the last 50+ years has been doing? That's right, automating tasks to either replace existing employees or allow the existing employees to more.
You may be part of the problem...
I think we are putting the onus on the people and assuming that a perimeter mindset And security training alone would work.
I would like to postulate that operations should not be so porous as to allow a simple workstation hack to bring down the castle.
This is really a back to the basics badly engineered systems That have been configured And maintained poorly.
'Thank you for opening this obviously dodgy email. You have won a permanent, no expense paid, holiday for one on the good ship HMS Unemployed, which our automated systems are processing as you read.
Please wait for security to attend at your work station, as they want to frisk you for paper clips and pencils before dragging you feet first out of the building.
Thank you and goodbye'
Quote:
Most of these happen by a staff member opening an email attachment or dodgy website.
-
Good luck with your ideas in staff training to avoid ransomware etc etc
However there are some problems with your ideas.
1. A sign saying "this is what happens if you open an e.mail attatchment" hung on a crucified body that clearly been whipped and set on fire before death occurred, you will get users who will click and run a e.mail attatchment.
2. the listed rules do not apply to the manglement
3. People are dumb and most dont give a shit if they cause other employees nightmares.
4. lastly..... the chances of getting the aforementioned manglement to spend on training users are slightly less than the IT department's attempts to get its budget increased to $20 this year from $2 last year
1. Back when I still ran Windows, we got a virus infection from a dodgy ad on a legitimate, non-adult website. So dodgy or adult websites aren't always the problem.
2. Executable attachments really ought to be filtered out at the server level, or at least require several additional steps to download and run them, including a "yes, I'm quite aware that this could infect the computer, but I was expecting this file and I know what it is" confirmation.
3. ALWAYS turn OFF "Hide extensions for known file types" in Windows. What a misfeature! I once spotted a virus on our (Fortune 500) business network, as I had this turned off and could see that the "folder" was actually an executable, and the real folder was hidden.
4. Not sure what viewing emails as plain text is supposed to solve. But the email software had BETTER NOT run any scripts in the email.
Cool cool cool, how long should I keep the backups to avoid getting shot? Just, you know, so I can make sure there is no way ransomware is decrypting files on the fly to corrupt said backups?
I disagree that victim blaming is the moral high ground...
What is required, in my opinion, is actually legally enforced engineering standards, like other disciplines. Want to sell software in the UK? Fine, but you had better get accredited and prove that your sexy/disruptive design complies to the latest safety standards. Is this a perfect system, no. Is it fast, no. Is it expensive, yes. But for the most part buildings are not collapsing on people; it would be nice if we could trust software to the same degree and let companies do business instead of wrapping other people's code in layers of redundancy to cover up that nasty industry-pervasive smell of negligence.
*Then* we can start requiring businesses to use the tools safely, just as with everything else, mandated licenses and insurance etc. Would you get angry at a business for not renting two buildings, employing twice as many staff as required and running failure drills to a secondary office in case the first one burns down or collapses on its employees.... hopefully not. I just expect them to have insurance as it's so unlikely. Anyway, sorry, I rambled on there, well done if you're still reading! Yes, backups are essential business practice if you've got your head screwed on, but I can dream - and let's try not to shoot people after they've been mugged.
Wise words, but at least one bit missing...
"Yes, backups are essential business practice if you've got your head screwed on,"
Backups are useless without the occasional trial restore. Now maybe you included that as part of your definition of "backups" but it is clear from reading the comments here that lots of people here still believe that backups don't need checking till you need them. I mean, what could possibly go.
"try not to shoot people after they've been mugged".
Perhaps a better analogy might be to make sure that the approved working practices require that blade guards and emergency stop switches are checked at the start of every shift.
It's not rocket science, surely?
Yeah backups help but some ransomware sits dormant for ages, hiding in your backups, before it lights up. It can be incredibly difficult to detect...it's made harder by Microsoft and their various shortcomings.
A slightly better plan than just having a backup is to ensure your backups have backups and give yourself the ability to go back a month or two if necessary.
Solid file permissions help as well. If your permissions are tight then the impact of the ransomware can be isolated and it's easier to establish the source without having to take your entire system offline.
Ransomware, generally, can only encrypt what you have access to.
Robust cybersecurity is surely just a role to play out in and is not too dissimilar to military intelligence, blinkered and blinded and neutered by great deceit in pursuit of the unwanted and unattainable ..... a glossy bauble of a bubble to brilliantly polish into and out of existence for flash fast cash markets to crash and crush with their tales of woe and mayhem/core code exfiltration and systemic vulnerability exploitation.
You can think of it as a novel crowning virus of a type COVID-19 phorm which morphs and mutates in energetic cycles and spreads across multiple systems of hosting. It is certainly just as easy/difficult/impossible to deal with in order to render it compliant and under control with suitable available treatment.
@amanfromMars 1 hasn't been hacked, they are just suffering a similar issue to the Onion.The events of the last few years have rendered humour, sarcasm, irony and flights of fantasy to be indistinguishable from tomorrow's reality. .... Anonymous Coward
How very perceptive of you, AC .......however, it is surely you and y'all and Onions rather than the likes of an I who are suffering tomorrow's reality being made indistinguishable from event rendering humour, sarcasm, irony and flights of fantasy, for the tales to be told to be believed and to be serially 0day hosted and posted daily by mainstream media news channels, which be both privately slush funded and publicly taxed mercenary propaganda vessels and convenient vassals for Elite Exclusive Executive Systems Administrations and wannabe Top Dog Leaderships, are so pathetically and shockingly dire and dismal ....... and can be of a rotten, early crass vintage well past its prime sell by date.
Here be such an examplar? ... Bizarre EU-Funded Comic Book Predicted Pandemic, With Globalists As Saviours
The problem difficulty today and therefore the abiding future opportunity which always exists to scupper even the best and most expensive of dire and dismal plans, is exclusive command and control of the necessary narrative is no longer a freely available elite option to just a few who so clearly now do not know what to do next for the best in order to try and save their skins, for they are being relentlessly and remorselessly hunted down for a just reckoning on the worlds they thought to create and present as acceptable as their plaything. Now surely you recognise that as a concrete fact rather than a stranger's fickle fiction. More than just the few do, and that is used to both terrify and terrorise that and those unworthy of future beneficial consideration.
* ...... "Penny Dreadful is an old term used during the nineteenth century to refer to cheap popular serial literature, and it could be interchangeable with penny blood, penny awful, or penny horrible. It means a story published in weekly parts, with the cost of one (old) penny. The main plot of these stories were typically sensational, focusing on the adventures of detectives, criminals, or supernatural entities."
And some folk just don't get the reality and would do battle against themselves and daemons which care not a jot about their delusions of power with corrupt collective and perverse poisonous administrations .........
President Donald Trump has vowed to break the “radical left’s” apparent control of social media platforms. Earlier, the president thanked his “keyboard warriors” for their support, as they accused the tech firms of censorship.“The Radical Left is in total command & control of Facebook, Instagram, Twitter and Google,” Trump tweeted on Saturday. “The Administration is working to remedy this illegal situation. Stay tuned, and send names & events.” ........ https://www.rt.com/usa/488860-trump-left-censorship-social-media/
Seems like the 77th Brigade have a crazed adversary/heroic role model to compete against and/or support unreservedly if in a despicable special relationship.
Or "we spent a lot of money on a report and kit, but neglected to either hire someone able to configure the advanced stuff, or given them time to implement recommendations, or just went fuckwit tear the (fire)walls down cus we can't get end users to install a vpn client they need to wfh!!!"
RDP lockdown solution or email. Secure both extensively and get that RDP behind VPN. Plain text email, Mark all external emails as external, mail filtering solution too. All public IP resources such as pulse VPN endpoints must have absolute priority in patching.
If it’s another vector such as chain supply attack, your isolated backups, VLAN segmentation and segregated endpoint logging will help.
I suppose you do realise that office equipment, desktops/laptops that can receive ransomware via USB or e-Mail are not the devices that the CNI is run on?
Just because some dic*head's regular machine is infected, doesn't mean the lights go out.
Do you think the computer equipment that controls the navy's nuclear submarines, receive e-Mail?
Montgomery Scott.
Do you think the computer equipment that controls the navy's nuclear submarines, receive e-Mail? ..... Anonymous Coward/Montgomery Scott wannabe
Maybe not, AC, but the PEBKAC issuing instructions and/or following orders controlling equipment on a navy's nuclear submarines certainly do ....... and can be surprisingly easily nobbled and hobbled nowadays, which must be quite a worry to more than just a connected few ?
How do you stop folk thinking for themselves whenever they receive new information which energises their intelligence services releasing the realisation they are being comprehensively played for a useful fool and idiot's tool? Do you think such possible and/or desirable?
Do you have Alternate Virtualised AI Realities Processing Future Information for Universal TeleVisualised Audio Visual Presentations ‽ . ....... and of COSMIC Construction Cossack Style
Is there a Vlad in the House Putting In Input to Output for an Imperial Soviet State of Bodies with Advanced IntelAIgent Minders ...... AIMentors and Monitors?
And that question is hereby, here now presented for the only true simple answers when the question escapes you ‽ ..... Yes, No, Maybe Later for a Never Ever Before Ending to Kick Start urVirtual AIMachinery into Global Social Significance, are all Correct and Great Ideas to Also Personalise and Populate in All Manners of Matters of One's Own Choosing.
And yes, that does wander into the Spooky Kremlin Russian Orthodox Church Services Territories of the Yet to be Imagined and Directed, Produced and Enacted? One imagines them all quite busy there these days. ....... but the few words here all but universally guarantees the information herein shared and safely certainly delivered, and to as many intended addressees as would be able to benefit from a welcoming enlightened foreknowledge too ..... which is the Real Not Totally Unexpected Bonus when Top Secrets are Proving Overwhelmingly Expensive and Impossibly Difficult to Maintain and Retain and Restrain. They be an Obstructive Destructive Liability Harbouring the Seeds and Feeds and Needs of One's Own Ascension into an Attendant Ascendancy with Keys to Unlock and Free the Heavenly Stores Within for Future Programs and Protected by the Almightiest of Doors. ...... One's own Disbelief of a Fact Proving Itself to be True ....... and Able to Communicate with You Too?
How about them jewels now that diamond sparklers have lost their attractive lustre ? Future Sensitive Information Sales are one of those Virtual AIDerivative Ventures which Hedge Funds and Merchant Banks are just made for and may even tell you to stay well away from if of a highly nervous disposition.:-)
This post has been deleted by its author
four 0F four:
- a keyboard and its peripherals - some computer, monitor, etc;
- some room to put it all in;
- stock to feed the OBKAC
- revive the h/out environs.
so few to do, as one can see. so much to, at least, expect (-:
vvork in present conditions will bring no good neither to the 0utbox, nor to the 0bservers.
with my respect,
-anon
That's more the style we expect. ..... billat29
Is that you saying the post is incomprehensible and confusing you, billat29? Does it need to be further simplified with more sensitive information added to reveal more of the sterling secrets hiding in the shadowy shade of star systems collapsing/imploding/exploding?
:-) Do bots play global stud poker with just humans/themselves ?
People have mentioned about ransomware infecting backups.
One of the things we do for our customers is a set of daily checks (something I expect all you sysadmins out there do...) the results of which we record in a spreadsheet. This includes checking the backups and recording the size amongst other things. If we see anything unusual (such as a size increase is the incremental which bucks the normal trend) we start looking into it and if we have a suspicion something is going on we take a separate copy of the older backups which are inaccessible to domain accounts - including domain admins (preferably subsequently made offline).
It's not absolutely infallible, but it's one of our ways for trying to catch this kind of thing.
Also, we also setup SRP whitelists, file screening, decent AV, etc. where the costomer will let us. Again, not infallible, but can stop a lot of things if implemente correctly.
And, of course, end user awareness and training (a constant battle).
I've worked in large, multinational and small even micro businesses over the last 10 years.
I am always surprised just how low the IT comprehension is within the non IT types... They can use a smart phone to download an play FB or Twitter yet cannot comprehend saving a doc to OneDrive/DropBox etc instead of the desktop ffs. They cannot click "Save as" when editing an email attached doc and wonder why their edits aren't saved.
This ISN'T in depth IT knowledge, its should be the starting point of the job interview for any job in the business.
In the case of opening crappy emails... send them two interview invites, one crap and one real... if they open the crap one, decline them!
M