by jl6 on 5/14/21, 12:05 PM
I have a feeling there is a very short security-hygiene checklist that, if followed, could prevent the vast majority of the ransomware attacked that we have seen in the last few years.
* Keep all systems up to date with the latest patches.
* Have a DR plan and test it regularly.
* Make frequent backups, verify them, and keep them offline.
Historically organizations have been so bad at backups that the advice has been to automate them as much as possible, to try to ensure that a recent backup at least exists. But I am increasingly of the opinion that the next level of backup maturity is to dial back on the automation and invest manual effort in airgapping the backups.
Fully automated backups are necessarily part of the software attack surface.
If you have to hire more ops people to rotate tapes by hand every day, that will have to be a cost of doing business safely.
by new_here on 5/14/21, 11:00 AM
A lot of these articles don't actually mention specifically how the systems were compromised.
Was it a malicious email attachment that propagated through unsecured networks or outdated OS versions? And what data was encrypted? Are we talking regular excel files or actual databases?
It would be interesting to have some more detail or case studies so others could know how to fortify infection points and limit the blast radius of their own systems.
by kasperni on 5/14/21, 10:32 AM
Ransomware: Another great "feature" of difficult to trace digital currencies.
by anonymousDan on 5/14/21, 10:49 AM
For those concerned about privacy violations, this should be rammed home as an argument against centralized collection of medical health data.
by jupiter909 on 5/14/21, 2:23 PM
One can do ZFS snapshots so one does not need do insanely huge backups all the time. Just transfer off the diffs as needed. If an attack happens it's pretty easy to roll-back to a known good state. It's also not that complex to set some process in place that does random checksum verification of some files to trigger an alarm that such an attack has taken place. It is really perplexing me that very large institutes don't do this
by adriancooney on 5/14/21, 11:34 AM
There's a trend of paying these ransomware attacks which are sometimes in the order of millions. Imagine if those millions were _proactively_ invested into the computer security of these systems?
by scandox on 5/14/21, 10:54 AM
by bilekas on 5/14/21, 10:43 AM
What kinda scummy scrote you have to be to attack health services during a pandemic. This is a new low.
by anonymousDan on 5/14/21, 10:53 AM
You'd have to think that sooner or later they are going to get into one of the big cloud providers and cause havoc.
by TheMightyLlama on 5/14/21, 12:51 PM
One of the major issues I've seen while working with large organisation on software development is one of mindset. These are organisations who predominantly think: "We are an 'x' organisation that happens to develop software". The more productive and safer way of thinking is: "We are a software development organisation that is within 'x' market".
However, the latter requires a huge mindset and experience shift from the very top of the organisation. And groups and individuals of that organisation having strong interest in their survivability are, of course, not going to change that.
by motohagiography on 5/14/21, 1:21 PM
Odd effect of this is that it would be difficult to distinguish encrypted backups from ransomware encrypted files being backed up.
Cloud documents like Word and Google docs seem less susceptible, as writing a content parser for each file format to encrypt it would be a higher bar. Or am I missing something there?
It also suggests there could be a market for cryptocurrency futures as a form of insurance. This is one extreme situation where you are forced to buy a currecy at market prices, but I suspect it's the first of more.
by pjmlp on 5/14/21, 11:00 AM
I love the increase in these kind of attacks, eventually there will be enough pressure for liability legislation for companies to take security seriously.
by valenterry on 5/14/21, 10:42 AM
On one hand I'm excited about all the good things that e-health can enable for us, but then again, I'm super scared to leave a trail of my health history in IT systems.
by agumonkey on 5/14/21, 6:32 PM
That's not the first attack on health.. in the context of a worldwide struggle I find the operation against medical institution utterly despicable. God.
by padraic on 5/14/21, 10:46 AM
Not really suprising given that during most of the pandemic, track and trace was done through pen and paper and not through the computer system.
by easytiger on 5/14/21, 10:39 AM
I imagine, to use our vernacular, some chancing gobshite is talking his way our of responsibility for their shitty tender as we speak.
by killjoywashere on 5/14/21, 3:04 PM
The NIST 800 series and the CNSSI 1253 series cover pretty much everything you need to worry about.
by mdeck_ on 5/14/21, 10:56 AM
by dariosalvi78 on 5/14/21, 11:18 AM
wouldn't disrupting healthcare services be an act or terrorism or even war?