back to article CISA's early-warning system helped critical orgs close 852 ransomware holes

As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place. The US government's cybersecurity nerve center launched its Ransomware Vulnerability Warning Pilot scheme …

  1. Mike 137 Silver badge

    On the other hand ...

    "According to the Homeland Security agency almost half (852, or 49 percent) of these notifications resulted in organizations either patching, taking systems briefly offline to fix the issue, or in some other way mitigating exploitable flaws."

    A couple of points though:

    [1] more than half of those notified apparently took no action -- not a good outcome really;

    [2] a considerable proportion of successful ransomware attacks (as indeed other successful attacks) result, not directly from tech vulnerabilities in the conventional sense of software bugs, but from intrinsically fragile operating conditions (unfettered script ridden web browsing, weak credentials on poorly protected exposed kit etc.). So even if the response had been 100% it would only have addressed part of the problem.

    In order to protect ourselves in an increasingly hot attack space we absolutely must move on from an essentially reactive technocentric primary reliance on bug alerts and patches to a proactive one that assesses the entire business space within which our technologies operate. A very high proportion of data breaches have primarily resulted from lax management that allowed systems to be operated insecurely. For example the 2017 Equifax data breach, which primarily resulted from complete failure of management processes (they had prior warning of the tech vulnerability and were provided with a patch in good time, but couldn't find the vulnerable server because there was no service inventory).

    1. ChrisElvidge Silver badge

      Re: On the other hand ...

      "In order to protect ourselves in an increasingly hot attack space we absolutely must move on from an essentially reactive technocentric primary reliance on bug alerts and patches to a proactive one that assesses the entire business space within which our technologies operate."

      Isn't that what a perimeter firewall is for? To limit the incoming to addresses from which we're expecting connections. E.g. start by blocking all Russian/Chinese address space, dodgy VPNs etc. Well, it could/would be a start.

      1. Claptrap314 Silver badge

        Re: On the other hand ...

        Russia & China have not attacked directly from their space in quite a while. For a while they preferred AWS/GCP/Azure. Now they seem to be compromising home kit -- so the attack comes from Comcast or AT&T.

        IP-based defenses, especially in the work-from-home environment, are becoming a much weaker defense. The exception being if you have a vetted whitelist. I built a dynamic IP whitelister for our back end. It was not particularly hard.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like