Equinix warns it's infected with ransomware, promises it can carry on regardless Equinix has warned customers it has been infected with ransomware. A brief “Equinix Statement on Security Incident” issued late on Wednesday night US time said the company was “currently investigating a security incident we detected that involves ransomware on some of our internal systems.” Just which systems were infected …
As stated in the article, Equinix may have been bitten by social engineering or hacked, but at least the crises was contained to the non-operational side of the business. That does tend to signal that Equinix, unlike many, has planned and put in place proper security procedures, and that planning, at least, has paid off.
In this case, I doubt that we will see much as far as apologies are concerned. Customer data and operations are not impacted, so Equinix does not need to go promising that "the security of our customers is our greatest concern" - they've just proven that it is (contrary to practically every company that has tried to bullshit us with that line since, well, ever).
I do hope we'll get a report on what happened. I'll be interested in learning just how a company that has things so well-planned still managed to get caught out.
Q: How?
A: In the same myriad of ways any intruder gains access to run their code on your network. Might have smashed in the front door of an internet facing server. Might have found an unpatched VPN server or one without 2FA. Might have sent various types of phishing emails. Or a combination of all of those things.
Q: But this would never happen on my network, could it?
A: Yes it could.
What is currently happening is that the money to be made from ransomware is now big enough to warrant intruding wherever you can get in now. Doesn't matter if that is a small biscuit maker or a defence contractor. That thing where you could hide because nobody cared about YOU, not quite the same any more. Got a weakness and have a cheque book is the only two things important in target selection.
Most people were only never hacked because nobody gave a fig about you, this current trend is entirely different.
Actually it is different.
It's the same brew of stuff normally associated with nation state apt, but without the targeting of a particular group of targets.
It's certainly not your old fashioned targeting of random people with emails or Web page exploits. These are full on network intrusions and code being run on as many machines as they can, dropped by hand or scripts.
I've worked a few of these, it's nothing like old skool locky etc
On top, they usually exfil some data and threaten to release it if you don't pay up... Double threat.
Have customer details such as people who are authorised to have access been compromised ?
(i.e. my details )
I have a sneaky suspension they have and the longer they deny it the more customers that will swear never again...
Reputations are everything and this is not the time to fudge or use a play book for a security investigation.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
