Ransomware attackers have gone from 'spray and pray' to 'slayin' prey' Ransomware infections may be down, but only because attackers are getting better at targeting them. This is according to a report from Malwarebytes, whose team said that when it comes to crimeware figures, numbers can be deceiving. Speaking to El Reg ahead of the 2019 Black Hat conference, Malwarebytes Labs director Adam …
"Well, you should not run outdated insecure old crap on your network and if you do, you will get all you deserve."
But sometimes you MUST, as the OS is specific to the service contract specified by the manufacturer, and they may refuse to update the OS unless you change out the entire piece of machinery, often a six- to seven-figure budget buster. And the manufacturer can counter any claims of security by citing legal standards compliance which pits law against law.
'and they may refuse to update the OS unless you change out the entire piece of machinery, often a six- to seven-figure budget buster.'
In which case it would be worth putting the vulnerable machine on a separate network and wrapping it with firewall and proxy tuned to it's requirements and special backup routines. You could probably do that with something quite inexpensive.
Very true. The current trend to move on from that seems to be "everything on the Mighty Cloud", which -as most buzzword-led trends- is creating more problems than it solves; and it's only the beginning. Truth is, no matter what external consultants and "solutions" vendors say, security/safety does come at a price, and must be part of the design process from the very start of any new "thing" (dev, arch, app, you name it). That includes keeping the employees happy, btw.
That usually doesn't go down very well with the kind of managers who think saying "DevOps" and "Scrum" in every sentence and showing 40% margin MSPowerpoint slides makes them Hip, but these are usually shortlived. Unfortunately, their ill-conceived projects take forever to clean up for those of us who are in for the long run (especially frustrating when you warned everyone about the risks, it went forward anyway, and the proponent left for greener pastures when it became to go south, which seems to be the standard OP in today's IT management).
Kind of obvious really... consumers can move on from a ransomware account without that much pain other than the emotional aspect of losing family pictures, etc. and often don't have lots of disposable cash to gamble with the chance of it not getting back. Whereas a business infected with ransomware could go completely out of business, and they are going to be more willing to gamble on giving them money to get it back because if they don't get the encryption keys they are going out of business anyway.
Ransomwares can be stopped by simply creating an application whitelist. There's no need for typical employee to download a new binary/application to do his job. If you block all new binary/exe's those windows boxes won't get ransomwares. Heck, even Windows XP Pro have this feature and tried to enable it on my home machine. It won't run any new applications inserted by my daughter.
That kind of whitelist won't protect from macros running inside approved applications, javascript or web assembly running inside approved browsers, nor code injected into approved applications. In a corporate setting, it causes complaints, and gets turned off after some director can't run the xyz app that his nephew recommended.
While most home users know better than to open attachments in unsolicited emails or download files from untrusted sources, employees on work PCs can at times be far more reckless in their behaviour
And based on personal experience I have to wonder how close a correlation there is between the salary of the employee and the reckless behaviour.
Also, how likely is one in some positions to get unsolicited emails from someone else? To make matters worse, many of these emails are important. At home, one probably has a far more limited set of people who email you with very few being unsolicited. And of the unsolicited, only a very small number would even be worth skimming.
I have worked with people who would willingly and happily click on an infected email knowing that it would cause maximum disruption to their employer. Unionized drones in the public sector, for example (with apologies to the good public-sector employees). I wouldn't be at all surprised to read that an employee was in cahoots with the scammers for a cut of the action.
For home users they generally just accept Windows and other application updates as they arrive. There is no picking and choosing with much hand-wringing about KB12345 risking SMB1 for some obscure system or waiting to see if any other organisation has a problem.
For larger enterprises with thousands or tens of thousands of PC's you cannot just upgrade them all to the latest version of Windows. It takes time with huge amounts of planning. Hardware replacement cycles are even worse with the logistics and costs. Business can do more to protect themselves but the numbers game means that at some point a user is going to do something dumb that then slips past defences. A business is always going to be a more valuable target than an individual so it is no surprise that attacks are becoming targets.
It does not help that there appears to be a generation that think they know everything about "computing" with demands for access to resources and equally useless managers that just cave in because they are too scared to say "No!".
When I first started out in the public sector many years ago Internet access was a privilege that you had to have a business case for. A login was needed to get through the proxy and it was heavily filtered. Skip forward 20 years and every device has Internet access whether is needs it or not. Filtering is extremely light only taking out the real dregs. Users have streamed audio and video on most of the day, regularly doing personal tasks (banking, purchases browsing) throughout the working day. Hell, even The Register would have been verboten as there is no business case.
The consumerisation (is that even a word) of business IT with BYOD, unfettered access and so much of the actual business tools being online (i.e. in the Cloud" gets you to where we are now.
I have made the business case for The Register, it alerts you to security issues (including which Windows patches to avoid installing).
I have also made the case for the access to the discussions as well as the articles as there is often extra information from experienced people in there. I used the example where I discover a rootkit removal tool from having read about in the discussion on an article related to a virus. If I hadn't read that I would have had to wipe the HR directors laptop without any extra backups of it, as it was I was confidant enough that the infection and rootkit had been removed to allow the laptop back on the network to do some backups of data that had been worked on while the director was travelling.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
