How are the ranson ware hackers gaining access?
 

Question for the IT pros.

The news is full of reports of all sorts of companies getting their systems hacked, and locked with ransom ware. Are the hackers just so smart and devious that they can get through the firewalls, passwords, and other protections and take over or is it some idiot employee opening an email attachment or downloading a software application?

Just how do the hackers get in and take over?

I am just curious. My computer is just a really nice setup running Win 10 Pro. Yea, I have a firewall, and I would never open any attachment if I don't know the sender.

I do run antivirus software, and my router is just a few months old, and the firmware up to date. I am way too small to attract the bad guys, but I am amazed that large corporations are getting hacked and locked out of their systems. And it keeps happening. HOW?

I'd say it's primarily 2 routes.

1 Servers and IT gear that are not patched up to date. Lots of folks don't keep up on updates and patching which often leaves security holes and vulnerabilities available for hackers.

2 Possibly used even more frequently than #1 the human security vulnerability. Phishing, trojans, etc... Trick some employee out of their credentials or send an email with a malicious tool that provides access or information that will provide access.

There are lots of places that are so bad at installing security updates that they've practically left the doors and windows open or left the keys in the lock on the front door or whatever. And if you've got 100 servers, and 1 has a hole, it's possible for a bad person to exploit that one hole to gain access to that one server or the information on that server. Once they've done that, they may then be able to hop from that server to some/any of the rest of the servers because that server is trusted.

And never underestimate the likelihood of an employee, even an IT employee, clicking on a link or attachment in a bogus email.

it starts with external & internal firewall hardware with COTS (commercial off the shelf software)
It also takes constant internal system spyware to check for ransomware being built onto your network system backbone. The DoD does this, Corporations don't

BTW the US Navy was formed due to ransom attacks on US business in early 1800's.
In the end, they were paying the US Navy to quit pounding them

Obviously the Navy isn't the answer, but nobody world wide knows what to do in any political party. Politics neuters the logical response of collateral damage for retribution because....

That's not obvious to me at all. Hackers who attack our infrastructure and corporations are, by extension (a very, very short extension), attacking our people and our way of life.

They should be hunted down and dealt with accordingly, their tragic ends made public, so that copycats and other would-be hackers understand very clearly the fate that awaits them should they opt to travel that road.

_

What about bribery?

I know many people on this board brag about NOT updating and not letting the system update. I ain't one of them, I keep my system updated to the latest Microsoft patches. I will wait a while for Win 11, but my Win 10 will be patched and up to date.

Same thing for my Router.

Some MS Office users don't realize that using the preview pane is far more secure than opening the email to read it.

I would lay odds that almost most ransomware gets into a system via social engineering. Some does get in through unpatched systems, but most of those hacks are to put stuff on a network to glean data from the system over a period of time and they can use that data for social engineering, use the data as a hostage or sell the data.

For an example of a fair amount of money involved in social engineering with no ransomware:

https://www.csoonline.com/article/2961066/ubiquiti-networks-victim-of-39-million-social-engineering-attack.html

Our users don't like it but everything here not on a whitelist gets opened in a sandbox first and analyzed and if deemed non-threatening it is allowed to run. We have a lot of false positives and have to manually whitelist them, but that doesn't bother me. It still isn't 100%, but it sure helps with due diligence should something happen.

We also do lots and lots of training, but that has gotten us from an 18% click thru rate before training to a 1.08% after.

The only way to be 100% sure you will never get hit is to turn off USB/Flash drives, optical drives, disk drives and unplug from the internet and turn the machine off.

Users clicking links in targeted email, users have too many privileges, ransomware downloads to users system and has permissions to install and move laterally, game over. I won't go into a sales speech, but the company I work for is 100% effective in stopping ransomware, for just a tiny portion of what's being paid for ransom. Use to be large corporations, now its moving to SMB and municipalities. Very scary. I am getting alerts almost every day about attacks on infrastructure.

When I was an Oracle DBA there were several of our programmers from India that would open emails with "free" programmer utilities software or something similar and their laptops would go nuts! Our IT manager/Unix admin fellow would have to wipe their computer then reinstall everything from a backup. We kept the databases on stand alone servers, weather production or test or upgrades ETC so the application(s) could read/write data using Oracles comms software. Finally the worst of the trouble causing programmers would get let go. Fortunately Oracle had/has really great software utilities to let the DBA monitor users, activities, reports or other activities and let you see who is connecting or trying to and Oracle would notify me of strange activities.
John

I'm not bragging about it, I'm just afraid to. A few months ago I updated my Mac from something (I don't remember) to Big Surple and it turned my computer into an ugly desk decoration for a couple of days.
I'm running OS 10.14.6 now. Terrified of updating again.

I received a really convenient email overnight from Microsoft that my email password had expired, and a nice link to update it. I though it was really nice of them to add the hyperlink.

I just sent the email to the Junk box & blocked senders list. It was from a Gmail account! So sure, Microsoft sends my an email using Gmail. Yea, right.

Phishing is the easiest way. There are also LOTS of username password DB’s on the web where people don’t change theirs and use one password everywhere. With all the vulnerabilities still in systems and components it’s not too hard but requires a little more work. Latest in Printnightmare.

Social Engineering is big to but more personal: https://youtu.be/xuYoMs6CLEw

In addition to the viruses and social engineering and in general user error, industrial control systems are notorious for not having any sense of security, and things like hard coded user/passwords for admin level access, etc.

Once those systems, or even admin front ends for those systems are accessible via the 'net things get hosed quick.

Hacking systems with ransomware is the new playtoy for those who used to write viruses. I was in IT for years. What fun! Some people are just like bad little kids.

I feel like SMB and municipalities and small local/regional govt is often not well run (maybe I'm thinking years past) with respect to patching and security.

Where I work, almost no one has admin rights on their machine and USB and optical drives are disabled. As we are a very large financial institution, I think we have a bigger focus and spend a lot more time, energy and money on security. We also have lots of training and even receive email tests to find out if the response is correct.

My iMac is just a little over a year old. I'm on Big Sur and had no issues with the upgrade, but I'm a bit trepidacious to update the missus' nearly 8 year old macbook air.

My wife got an email the other day to warn her that her $399/year subscription to Windows Defender would be automatically renewing. It also came from a gmail account.

I thought it was pretty amusing since Defender was always free and then there's the whole Microsoft != Google thing.

But then that's what the perps are doing is trying to catch the folks that aren't the brightest.

As a home computer user it just astonishes me that Apple, Microsoft, the FBI, Department of Defense, the IRS, and even the NSA have been hacked.

To get into a hospitals system seems easier. I would bet there are computers on the network with a USB port open, and so many users that hated computers all along and resisted ever learning computers. They seem ripe for opening an email, or not check out where the email originated.

I am also surprised how no one has been able to reverse engineer the ransom ware software and decrypt the password, and track down the location of the hackers. Of course if they are in Russia, and Putin is behind it as we all suspect not much but a Mission Impossible like rendition is going to stop them. Not likely.

I will not divulge my secrets....

For free :D!

What’s the name of the software or company? A hint anyway?

Here's a little tidbit to make you worry. 4 or 5 years ago when I was teaching evening classes on basic computer security as well as a class for databases design I had a student who was the Information Systems Officer at the Sub Base San Diego and on one of the nights were were discussing disabling DVD drives, USB ports and such to prevent the bad boys and girls from breaking in. The student had been to a big time security seminar in Washington and they were demo'd a thumb drive with a copy of the Windows OS, boot instructions and a bunch of other utilities so a user could put the thumb drive in, reboot the computer then take their time searching for passwords, documents, databases or other nice to grab files! If out of time a reboot could be done after pulling the thimb drive and the PC would then wait for the normal user to login and grad that persons info and it would all be sent to the bad guy. Of course my students all laughed and said no way so the following class I got a laptop from the school and "Bill" did a demo......scary!

So that is why Camp Pendleton, Sub Base and MCRD San Diego ( I know of for sure) ALL have DVD hardware removed and the USB ports disabled and alarmed so if someone just sticks a thumb drive in the opening an alarm goes off and the building gets locked down that had the offense! Does it work.....yes the security is tested yearly on a usually unsuspecting civil servant and all is good to the world.
John

Wow, that sounds like something from the movies.

Way back in the stone ages we were still running DOS 6.1 and 2 MB of RAM as the new latest and greatest. The company owner spent several hours putting passwords on his system. I told him that was pointless if someone has access to the computer itself. He challenged me to get into his computer. I closed the door, slipped in a 3.5 inch boot floppy, and had total control. I changed his passwords to GGAR (Give Glen A Raise) and was done in a minute. Reboot with no floppy, and pocket the floppy. Open the door and he was locked out. He laughed when I told him what the new password was.

I told him he does not have enough money to make me risk jail so he is safe from me.

That was still in the dial up modem days so hacking and viruses were pretty much unheard of.

You guys should watch the show Mr ROBOT. It’s a bit trippy but seems to do a good job showing all the ways computers can be exploited.

CyberArk and our Endpoint solution... Hope it's cool to post that.