Given the mentioning of two python scripts being involved, isn't the solution to disable python?
And of course, PowerShell, cmd.exe, etc.
And probably the .NET echo-system.
I think COBOL-68 is still OK, tho.
Spies for months hid inside a US military contractor's enterprise network and stole sensitive data, according to a joint alert from the US government's Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and NSA. The intruders somehow broke into the defense org's Microsoft Exchange Server – the Feds still aren't …
Given your mention of Cobol, I don't know if you're being serious about blocking Python, but it's an argument I've heard before from people who definitely intend to do it. It doesn't work.
Of course, blocking Python would prevent some infection. And execution of any code outside the Windows directory. And inside that directory. And in the bootloader. I can provide you perfect security in this vein using the fail-safe security tool known as a blowtorch.
If you disable every function of a computer, it becomes a lot worse for doing useful things. Maybe nobody uses Python themselves, but there are still applications written in it which disabling every copy of Python will break. That's not a realistic way to block malware because it's a lot easier for the malware writers to port their script to something else or hide their interpreter than for the average user to get around a block that prevents them from working. They clearly didn't think they needed to hide their tooling this time, and they were right, but if it turned out they needed to, that's a day's effort for one programmer and your efforts to block Python are circumvented.
Thank you for a serious reply to my flippant comment. I've gotta stop doing that!
Python has become a very important language in systems that are powering the machine-learning world. In my little knowledge it seems that most natrual-language-processing (NLP) uses Python to run the low-level tools (mainly C/variants and CUDA logic.)
I might have expected perl to be the glue-type language but it got stuck in a mud-hole a few years ago.
1. Don't connect your network to the Internet (sorry, people you can no longer pretend to work from home)
2. Don't use Microsoft products on your network.
3. Spend the money to properly secure and monitor your network (i.e. hire a competent network/SA team, pay them properly and buy appropriate resources/equipment to help protect your network and configure them properly).
It's not easy, but if you want security you have to make sacrifices.
re: 1 - dumbass
re: 2 - dumbass
re: 3 - close but no cigar. You aren't going to find many competent network admins who are aslo competent system admins
And finally, wrong again. It isn't hard and you don't have to make sacrifices, but with Windows its not simple, straightforward and quick.
the few document servers/stores/servers I have been forced to use were useless at classifying, let alone search, though one on a very recent M$ platform looks like it may work. All required server farms to not work very well and with user interfaces designed by neuro-atypical types. Yet, small intrusionware can do it to find items of interest while hiding in an existing system.
I think we'll all find that the organzations being hacked successfully allowed too many of their staff to either pick their own tools or allowed upper-upper management to have one-button/one-click access to data. And administrators who use their domain admin accounts as their every-day-use accounts.
Prepositional phrases in English may proceed verbs. It may not be the most typical order, but it is for most uses accepted by grammarians. Sometimes, to comply with their other rule of not putting the preposition last, this pattern ends up being more common in formal writing than informal speaking, where most rules of grammar are discarded in favor of the "it sounds right and I'm not going to complain about it" principle.