Cisco: Yes, Yanluowang leaked our data. No, it's not serious The Yanluowang ransomware group behind the May attack on Cisco Systems has publicly leaked the stolen files on the dark web over the weekend, but the networking giant says there's nothing to worry about. Talos, Cisco's threat intelligence arm, confirmed the authenticity of the files leaked, saying they matched what the …
Cisco with all its resources and egghead staff could not (or did not) prevent this. No doubt Cisco has 24x7 computer/network security staff. They caught it after the event. It's the equivalent of some burglars getting in, the alarm goes off, the security mob comes running, but the burglars get away with a load of loot. The specifics don't matter, there *always* seems to be a way in. It doesn't matter how many times Cisco prevented access if the bad guys get in once. They will probably get in again.
Is there *really* much hope for smaller companies to prevent this happening to them? Surely it is time to stop talking of "computer security" and instead consider that computers (in general, including networks) are insecure? Efforts to prevent unauthorised access will fail. It is only a matter of time.
The fact that you haven't been hacked offers a few possibilities: 1. You're not important enough (time is money to the bad guys too). 2. There are easier targets. 3. You have been hacked and you don't know about it. It doesn't mean that you are secure.
Maybe it is time to keep data in air-gapped silos. If you want access to accounts, you have to go to the accounts room because that is where the data is. Etc.
There has to be a trade off between ease of use, convenience and security.
Air-gapped data is secure, but convenient? No.
Time-based 2FA (e.g. Google Authenticator) is probably one of the best compromises, but can be MITM-ed.
SMS-based 2FA can also be MITM-ed.
A hardware (U2F/FIDO) key is probably the most secure, but less convenient to use. And it can be lost...
I think the best option is continuously educating the user, but that is often seen more as a cost than a benefit to the company.
or maybe using insecure services should be prohibited from commercial use.
Goog services are banned/blocked at our company due to insecure storage being abused by criminals all the time. Emailed links to malicious files and or redirect links (to hide the malicious destination) are an everyday thing. 'ain't nobody got time for that"
......how big does a hack have to be before someone notices IN REAL TIME??
One or two petabytes.......or does it have to be EVERYTHING??
And then there's the question of the bandwidth used by the criminals during the slurp.......you know, SNORT might notice that one end of the slurp is not actually a known Cisco address!
What am I missing here?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
