| CURRENT EVENTS Any of you guys dealing with gas shortages?
- Thread starter TerryP
- Start date
XXL TideFan
Member
Diesel?
TerryP
Staff
XXL TideFan
Member
Look on the bright side. No mean tweets from orange man.
rocknthefreeworld
Member
Were this to happen under Trump it would all be because he didn't have a proper Cybersecurity focus and was asleep at the wheel. There are 500K opening in InfoSec in the US right now, mostly because companies want 5+ years of experience and a degree but want to pay like it is entry level. Nothing the President can do will do a damn thing about any of this. Hell, Congress could barely get away with a law that would fix this (I expectt eh courts would throw it out). When the guy you hire is what is between you and paying millions just for the possibility of getting control of your systems back (noting that they have already told others how to attack you so you will get hit again) you might want to pay him like it matters.
Our enemies can't go toe to toe with us in a conventional war.... but over the last year, they have seen the damage they can do to us by shutting us down with a virus and/or bringing us to a halt in a number of different ways like cutting off supply or hacking the supply we control. But, you know, climate change and roving bands of white supremacists are the greatest threats to our country and stuff...
rocknthefreeworld
Member
These are opportunistic hackers. They aren't state sponsored and may not even be in Russia. And they even state they only care about making money from companies that can't secure their systems.
Just so you know where I am coming from here, if you have ever paid a credit card bill in the United States it is probably about 90% likely that your payment has went through software I wrote. Truly higher than that since insurance and utilities also use it. I am a few classes from a Masters in Cyber Security and Information Assurance and have worked with auditors regarding Sarbanes-Oxley, HIPAA, and PCI. I work with InfoSec often on issues.
Darkside are well known as basically sellers of software that others use. The people who did this were paying Darkside for the use of those hacks. Darkside basically takes a cut of the ransom. At least $90 million had been paid to Darkside by various companies in crypto (mostly Bitcoin and from all over the world) which they then took their cut of and sent to the actual hackers. Russia may just be the exit point of their VPN or multiple proxy (although personally I think Darkside is in Russia, at least nominally). This isn't political at all, just good business. Colonial seems to not even have cared about InfoSec before the hack, thinking that a rudimentary firewall between billing and production would do the job. Colonial shut down the pipeline themselves after they paid the ransom, all because they were afraid the hack of their billing systems would mean they wouldn't get paid right for fuel delivered.
Don't most ransomware incidents still commence through phishing? I know there are other ways in, like recent vulnerabilities with Sonic Wall, but I've never understood why companies won't just kill all links within external emails, and, after scanning, require a second level verification of any attachments.
I'm just saying that to me, it's a much bigger issue than most believe or know. Just here in the Tuscaloosa area, DCH has had to shut down because of it. Another large health care facility nearby has been hit also, twice in about a year now. The insurance companies ended up paying the ransom, but not before days of chaos for the business. It just seems like a really easy way to target our nation if China or Iran wanted to pay folks to do so. If you say that isn't really the case, then that actually makes me feel better.
rocknthefreeworld
Member
Yes. But external attachment links may be something they have to allow to do business and scanning is only good against known code. Polymorphic exploits are not caught by most malware scanning in a lot of cases. InfoSec is basically perpetual escalation. You find a way to stop something and they find a way to get around it.
There are a ton of ways for them to get in though. Unpatched or misconfigured router, IoT devices, misconfigured ftp, etc. Once you get past the external firewall you plant a backdoor and start looking for machines you can put the payload on. Colonial seems to have not paid a lot of attention to their security posture according to this and I suspect that their patchwork network is still a liability.
rocknthefreeworld
Member
I can't say 100% they aren't acting in concert with some foreign entity. The fact that they set ransoms low enough to be paid easily and actually release the data when paid makes me think not. It sets up the expectation that paying will result in release, so the next target knows they are honorable thieves. The exploits they use will be found and fixed so why would they let their chance go to shut things down completely? China/Russia/Iran can't be sure that Colonial will be vulnerable two weeks from now after this. If they wanted to take it down they would do so the moment they got in. Why would they not just deface everything as if it was an ecoterrorism group and shut everything down? That would do damage without drawing attention to them. Ransomware with cryptocurrency payment is the newest way to make money. Much more reliable and less traceable than the old Nigerian Prince scam, especially when using an anonymous third-party software and payment system to do everything.
Basically, is it a concern overall? Yes. I am concerned that the people who hacked will sell the details of it to foreign entities, especially now that Darkside has been driven underground. They may have seen ways to get into the actual pipeline controls and have held those back. We have to hope Colonial fixes their issues and other pipelines are not vulnerable to this same attack. That is how they so easily pivot from one hospital to the next, through commonly used software that has an unpatched hole.
Wasn't ago when diesel was lower than regular gas!
