|
|
|
|
| Author |
|
|
Get off my lawn!
|
How are the ranson ware hackers gaining access?
Question for the IT pros.
The news is full of reports of all sorts of companies getting their systems hacked, and locked with ransom ware. Are the hackers just so smart and devious that they can get through the firewalls, passwords, and other protections and take over or is it some idiot employee opening an email attachment or downloading a software application? Just how do the hackers get in and take over? I am just curious. My computer is just a really nice setup running Win 10 Pro. Yea, I have a firewall, and I would never open any attachment if I don't know the sender. I do run antivirus software, and my router is just a few months old, and the firmware up to date. I am way too small to attract the bad guys, but I am amazed that large corporations are getting hacked and locked out of their systems. And it keeps happening. HOW?
__________________
Glen 49 Year member of the Porsche Club of America 1985 911 Carrera; 2017 Macan 1986 El Camino with Fuel Injected 350 Crate Engine My Motto: I will never be too old to have a happy childhood! |
||
07-07-2021, 05:25 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,844
|
I'd say it's primarily 2 routes.
1 Servers and IT gear that are not patched up to date. Lots of folks don't keep up on updates and patching which often leaves security holes and vulnerabilities available for hackers. 2 Possibly used even more frequently than #1 the human security vulnerability. Phishing, trojans, etc... Trick some employee out of their credentials or send an email with a malicious tool that provides access or information that will provide access.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa  SOLD 2004 - gone but not forgotten
|
||
|
07-07-2021, 05:30 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,844
|
There are lots of places that are so bad at installing security updates that they've practically left the doors and windows open or left the keys in the lock on the front door or whatever. And if you've got 100 servers, and 1 has a hole, it's possible for a bad person to exploit that one hole to gain access to that one server or the information on that server. Once they've done that, they may then be able to hop from that server to some/any of the rest of the servers because that server is trusted.
And never underestimate the likelihood of an employee, even an IT employee, clicking on a link or attachment in a bogus email.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
07-07-2021, 05:55 AM
|
|
|
Banned
Join Date: Oct 2007
Location: SoCal
Posts: 4,842
|
it starts with external & internal firewall hardware with COTS (commercial off the shelf software)
It also takes constant internal system spyware to check for ransomware being built onto your network system backbone. The DoD does this, Corporations don't BTW the US Navy was formed due to ransom attacks on US business in early 1800's. In the end, they were paying the US Navy to quit pounding them Obviously the Navy isn't the answer, but nobody world wide knows what to do in any political party. Politics neuters the logical response of collateral damage for retribution because.... |
||
|
07-07-2021, 06:00 AM
|
|
|
Preferred pronoun:Maestro
Join Date: Sep 2012
Location: Group W Bench
Posts: 11,359
|
Quote:
They should be hunted down and dealt with accordingly, their tragic ends made public, so that copycats and other would-be hackers understand very clearly the fate that awaits them should they opt to travel that road. _
__________________
When in doubt, use overwhelming force. |
||
|
07-07-2021, 06:38 AM
|
|
|
White and Nerdy
|
What about bribery?
|
||
|
07-07-2021, 06:43 AM
|
|
|
|
Get off my lawn!
|
I know many people on this board brag about NOT updating and not letting the system update. I ain't one of them, I keep my system updated to the latest Microsoft patches. I will wait a while for Win 11, but my Win 10 will be patched and up to date.
Same thing for my Router.
__________________
Glen 49 Year member of the Porsche Club of America 1985 911 Carrera; 2017 Macan 1986 El Camino with Fuel Injected 350 Crate Engine My Motto: I will never be too old to have a happy childhood! |
||
|
07-07-2021, 07:17 AM
|
|
|
Registered
|
Quote:
I would lay odds that almost most ransomware gets into a system via social engineering. Some does get in through unpatched systems, but most of those hacks are to put stuff on a network to glean data from the system over a period of time and they can use that data for social engineering, use the data as a hostage or sell the data. For an example of a fair amount of money involved in social engineering with no ransomware: https://www.csoonline.com/article/2961066/ubiquiti-networks-victim-of-39-million-social-engineering-attack.html
__________________
Brent The X15 was the only aircraft I flew where I was glad the engine quit. - Milt Thompson. "Don't get so caught up in your right to dissent that you forget your obligation to contribute." Mrs. James to her son Chappie. |
||
|
07-07-2021, 01:14 PM
|
|
|
Registered
|
Quote:
We also do lots and lots of training, but that has gotten us from an 18% click thru rate before training to a 1.08% after. The only way to be 100% sure you will never get hit is to turn off USB/Flash drives, optical drives, disk drives and unplug from the internet and turn the machine off.
__________________
Brent The X15 was the only aircraft I flew where I was glad the engine quit. - Milt Thompson. "Don't get so caught up in your right to dissent that you forget your obligation to contribute." Mrs. James to her son Chappie. |
||
|
07-07-2021, 01:21 PM
|
|
|
Formerly bb80sc
Join Date: Aug 2001
Location: Hollywood Beach, CA
Posts: 4,361
|
Users clicking links in targeted email, users have too many privileges, ransomware downloads to users system and has permissions to install and move laterally, game over. I won't go into a sales speech, but the company I work for is 100% effective in stopping ransomware, for just a tiny portion of what's being paid for ransom. Use to be large corporations, now its moving to SMB and municipalities. Very scary. I am getting alerts almost every day about attacks on infrastructure.
__________________
Cheers -Brad 2015 Cayman GTS 2015 4Runner Limited Last edited by Vipergrün; 07-07-2021 at 01:43 PM.. |
||
|
07-07-2021, 01:41 PM
|
|
|
Registered
Join Date: Dec 1969
Location: chula vista ca usa
Posts: 5,695
|
When I was an Oracle DBA there were several of our programmers from India that would open emails with "free" programmer utilities software or something similar and their laptops would go nuts! Our IT manager/Unix admin fellow would have to wipe their computer then reinstall everything from a backup. We kept the databases on stand alone servers, weather production or test or upgrades ETC so the application(s) could read/write data using Oracles comms software. Finally the worst of the trouble causing programmers would get let go. Fortunately Oracle had/has really great software utilities to let the DBA monitor users, activities, reports or other activities and let you see who is connecting or trying to and Oracle would notify me of strange activities.
John |
||
|
07-07-2021, 01:58 PM
|
|
|
Registered
|
Quote:
I'm running OS 10.14.6 now. Terrified of updating again.
__________________
. |
||
|
07-07-2021, 02:25 PM
|
|
|
Get off my lawn!
|
I received a really convenient email overnight from Microsoft that my email password had expired, and a nice link to update it. I though it was really nice of them to add the hyperlink.
I just sent the email to the Junk box & blocked senders list. It was from a Gmail account! So sure, Microsoft sends my an email using Gmail. Yea, right.
__________________
Glen 49 Year member of the Porsche Club of America 1985 911 Carrera; 2017 Macan 1986 El Camino with Fuel Injected 350 Crate Engine My Motto: I will never be too old to have a happy childhood! |
||
|
07-08-2021, 06:19 AM
|
|
|
It'll be legen-waitforit
Join Date: Jan 2002
Location: Calgary, Canada
Posts: 6,975
|
Phishing is the easiest way. There are also LOTS of username password DB’s on the web where people don’t change theirs and use one password everywhere. With all the vulnerabilities still in systems and components it’s not too hard but requires a little more work. Latest in Printnightmare.
Social Engineering is big to but more personal: https://youtu.be/xuYoMs6CLEw
__________________
Bob James 06 Cayman S - Money Penny 18 Macan GTS Gone: 79 911SC, 83 944, 05 Cayenne Turbo, 10 Panamera Turbo |
||
|
07-08-2021, 06:31 AM
|
|
|
Registered
Join Date: Mar 2003
Posts: 10,318
|
In addition to the viruses and social engineering and in general user error, industrial control systems are notorious for not having any sense of security, and things like hard coded user/passwords for admin level access, etc.
Once those systems, or even admin front ends for those systems are accessible via the 'net things get hosed quick. |
||
|
07-08-2021, 06:59 AM
|
|
|
Registered
|
Hacking systems with ransomware is the new playtoy for those who used to write viruses. I was in IT for years. What fun! Some people are just like bad little kids.
__________________
2001 911 Cabriolet |
||
|
07-08-2021, 07:11 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,844
|
Quote:
Where I work, almost no one has admin rights on their machine and USB and optical drives are disabled. As we are a very large financial institution, I think we have a bigger focus and spend a lot more time, energy and money on security. We also have lots of training and even receive email tests to find out if the response is correct.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
07-08-2021, 07:26 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,844
|
Quote:
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
07-08-2021, 07:31 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,844
|
Quote:
I thought it was pretty amusing since Defender was always free and then there's the whole Microsoft != Google thing. But then that's what the perps are doing is trying to catch the folks that aren't the brightest.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
07-08-2021, 07:34 AM
|
|
|
Get off my lawn!
|
As a home computer user it just astonishes me that Apple, Microsoft, the FBI, Department of Defense, the IRS, and even the NSA have been hacked.
To get into a hospitals system seems easier. I would bet there are computers on the network with a USB port open, and so many users that hated computers all along and resisted ever learning computers. They seem ripe for opening an email, or not check out where the email originated. I am also surprised how no one has been able to reverse engineer the ransom ware software and decrypt the password, and track down the location of the hackers. Of course if they are in Russia, and Putin is behind it as we all suspect not much but a Mission Impossible like rendition is going to stop them. Not likely.
__________________
Glen 49 Year member of the Porsche Club of America 1985 911 Carrera; 2017 Macan 1986 El Camino with Fuel Injected 350 Crate Engine My Motto: I will never be too old to have a happy childhood! |
||
|
07-08-2021, 07:44 AM
|
|
Carrera
Copenhagen Blue
I
