Well at least you have experts doing proper network management
They will patch that horrible hole they just used
Ensure its secure for them
Manage load balancing
Steal your data... ok not so good
Network intruders are staying longer and going after wider swathes of machines with their attacks. This is according to the latest quarterly report (PDF) from security company Carbon Black, which analysed various incident reports from about 40 of its enterprise customers. It found that attackers are doing more to cover their …
This post has been deleted by its author
Actually, its all down to their (hackers) code, especially if it contains comments, error messages, or other text. Also, you can find clues in the included and called libraries, compilation time, and other artifacts.
The fact that they haven't attributed any malware to you probably isn't by accident.
This post has been deleted by its author
That's well and good, and usually it's fine, but how do you prove for a certainty that your network device that faces the public internet because it has to is definitely clean? You can prove that you've followed security best practices. You can confirm that you audit its configuration to ensure you see if it suddenly changes and check that against your known changes. You can confirm that you do penetration tests on it and that it passes. You couldn't confirm as easily that it does not contain flaws that could be/are actively being used by an adversary. Consider what happens if there is a flaw allowing an attacker to inject network traffic. If the flaw is unknown, you can't detect that the flaw is there and hasn't been patched. If the traffic is injected but doesn't update the configuration, you can't get info about that from a status audit. If the traffic is convincing in that it successfully pretends to be from a known device and fit the patterns from that device, you wouldn't expect it to be flagged by a firewall. I admit that this scenario isn't very likely, but there is some argument that if something of this complexity happens, it's not entirely fair to blame the administrators for it.
As I think I posted when the subject came up after another article on security; I think the secret is to bar corporations from claiming damages if they are vulnerable to a known exploit, and make it easier for their customers to do so. We've all seen the stories where some yutz is caught and charged with some eye-watering amount of "damage" to the victim's computer systems with civil penalties to recover the "lost" money. Meanwhile, the company "generously" pays out pennies-worth of account monitoring and the like.
Making it so that the company is on the hook for all damages from both sides might go a ways to "concentrate (their) mind(s) wonderfully," as Mr. Johnson might have said.
(Oh, and documentation showing that: "I asked for 'X' resources to mitigate 'Y' security issues, which were refused by 'Z'," should be an automatic "get out of jail free" card for any IT personnel with responsibility for security. The penalty should be on the higher-ups, not on the workers in the trenches who are given responsibility without authority.)
I am firmly of the opinion that absolutely nothing will change until businesses feel a direct, immovable financial impact from failing to secure their systems. [...] When businesses feel fear -- real, brown-trousered fear in the C-suite -- then they act. Until then, nothing much.
These are the kinds of attacks that might cause a Code Brown on Mahogany Row.
You're right that most execs don't shit themselves over a few million customer credit cards or PII records getting hacked. They'll run a PR campaign, offer some credit monitoring that >90% of the affected customers won't sign up for anyway, and in a few weeks it's back to business as usual.
IP is a different matter. It costs a shit-ton of money to design and engineer things like stealth fighters, rockets, supercomputers, cutting-edge chip fab tech, cancer drugs, etc. Having a 9- or 10-figure investment stolen by a competitor -- especially one backed and protected by an untouchable nation-state -- might soil a few top-grain leather chairs and well-tailored trousers.
Quote: "I can't believe WMI and Powershell is still being misused in such a dramatic fashion," he said. "It is time Microsoft got their act together."
*
Not pick on Microsoft. It's the WHOLE INDUSTRY that needs to get real. We've known this since 1999 when Scott McNeally said "You have zero privacy anyway. Get over it." https://www.wired.com/1999/01/sun-on-privacy-get-over-it/ The industry as a whole HAS DONE NOTHING.
*
And here we are twenty years later wondering why hackers are getting comfortable in corporate networks, "island hopping" to other networks. Obvious isn't it? No one cares. What will it take for the industry to pay attention and do something?
“Part of the cause is a skyrocketing rate of attackers targeting intellectual property. As companies (and governments) in China and Russia increasingly look to lift tech and documents from their competitors”
“motives and methods may very well reflect roiling geopolitical tensions — be it uneasy trade relations with China or what looks to be a new nuclear arms race with Russia — as nation states seek competitive advantage.”
Have these companies ever considered not exposing their secret intellectual property to the public Internet.
I read every now and then that monitoring Powershell is now a first thing to do when setting up intrusion detection. Five Powershell sessions suddenly popping up in accounting after it has never been used in the last five years? You don't need another hint at what's on.
Quote: "I can't believe WMI and Powershell is still being misused in such a dramatic fashion," he said. "It is time Microsoft got their act together."
It was time they got their act together around '94.
Boot sector infectors were the bane of computer users BEFORE the internet. Win95 came out as a system to be networked, with approximately 0 attention paid to security.
Because approximately 0.01% of the market had the ability to understand the s******* that was about to be unleashed.
There are many security fixes they could work on, but it's a bit unfair to blame powershell for this. The fault is at least partially on bad administration. Should the admins want, they could simply disable powershell. They could lock it down. They could monitor it. Powershell is also not by design insecure, but simply allows attackers to execute scripts without having a noticeable file stored on disk. If more of the industry was using Linux, we'd hear about the terrible security hole of shell scripts, because attackers could use them to execute commands on remote machines (see XKCD 1808, specifically the title text). In either case, it is not powershell or the interpreter of your choice that is at fault, but whatever security problem (whether the fault of bad software or incompetent administration) that allowed them to get in and the other one used to escalate from the system they first got to to one with more privileges or at a different location. Only by analyzing the most prominent security holes can one assign blame to the correct piece of software and the entity responsible for making it insecure.