News Article: Criminal group originating from Russia believed to be behind pipeline cyberattackal gang called DarkSide, AP says
- Thread starter Bamaro
- Start date
I've seen the aftermath of "DarkSide" ransomware in the wild. Nasty stuff. Like log into your backup system and delete all your backups before encrypting your data nasty.
I’m curious ….are most hacks like this truly hacking in from the outside, or is there usually inside help?
Reason I ask is that when I retired two years ago from a large regional bank, I had worked on several project teams with the head of IT security (I wasn’t in IT, I just dealt with them a lot).
He said that the industry as a whole had made so much of progress in preventing truly external threats, that it was now far easier for the bad guys to compromise an employee that to hack in. Someone needs money to feed a drug or gambling addiction…a boyfriend owes money to people who take a Louisville Slugger to knees and the girlfriend can make that go away by “misplacing” a password…someone‘s disgruntled because they got passed over for a promotion.
Could be any of a zillion sets of circumstances, but the real threat was no longer from the outside. It was compromised employees on the inside.
I realize that was two years ago, an eternity in the world of IT. So is that still the case, and does it change for truly elite-level state-sponsored cyber attacks?
That guy was BS'ing to sound cool
Most "hacking" is actually phishing the stupid, not pressuring the weak. Sure some of what he describe happens, bust "most" not even close
LOL at the bold part.
To answer your question though it came in via a payload attached to an email.
Even two years ago, we had all sorts of training on that, and probably a test phishing / toxic attachment email a month.
Penalties for falling for it started with a nastygram from HR, and got incrementally more severe, up to and including termination. And yes, a few people were stupid enough to fall for it so many times that they were terminated.
You only need one person to fall for it once and your company could be on the news.
That is part of the answer. MFA is big too, but some of this is using windows vulnerabilities to elevate without creds.
Thing is there are a lot of good people in IT, but there are also a lot of lazy and dumb ones too.
Let me add this for any IT ppl out there. After seeing something delete backups and actually infect an ESXi hosts with compromised domain creds, I'd think long and hard about AD integration for any core infrastructure (network gear, firewalls, storage, virtualization hosts, etc) unless I could be 100% sure it was MFA'd.
I am not an IT person, per se'. I work in mergers and acquisitions. But it requires a much higher level of sophistication across an IT department, including a much larger IT spend, to achieve this.
2FA is not expensive, but the rest is, and managing it is expensive.
Guess it’s kind of like Derek Bok’s comment on education….If you think IT security is expensive, just try life without it.
For small companies, it is a risk/reward formula. Buy Cyber insurance and hope for the best. The larger your business, the more complex the cost/benefit analysis becomes.
I think that it really comes down to the type of data that you are trying to protect. Some industries have state and federal regulations which require the investment.
We get cybersecurity refresher training every year. In the last course, one of the things they noted is that in many cases, hackers will tailor a phishing email at a specific person within an organization--making the email appear to come from the person's supervisor, for instance.
Some of the phishes directed my way are really clever. Sometimes, I have to just sit back, reread, trace down their server obscurations , look at the modification of origins I might trust and admire their crooked handiwork...
I work for one of the worlds largest Cyber Security vendors and we do internal pseudo-phishing all the time using examples we find in the wild. It is funny though we are so well protected because it is literally our business that every time we do it people get caught falling for the phishing because "they can't believe a phishing attack could get through so it must not be one...."
you are right some of the stuff out there is insanely creative
I'd be willing to bet I've lost work in the past based on my refusal to open any attachment that I've not been told to expect. I don't even think twice, regardless as to who is sending it - it's deleted. Thankfully, there is some decent detection software available as well so generally the bad stuff gets flagged and thrown into my junk folder for me to glance at before deletion, but yeah, I don't trust any email. Far too easy to spoof.
The closest I've come to getting caught was about 20 years ago. I got an email saying that my card hadn't cleared because of a mixup. It was a Regions card. Well, it truly had happened a week before. I sighed and thought "not again," and followed the link. It was a perfectly rendered Regions page. I dutifully filled in the account number. It had a block for the three digit PIN at the bottom. I thought to myself that they didn't need that and hit "send." Immediately a bolded message came back - "You must enter your PIN!" I then woke up and closed the page. I then called the 800 number and canceled the card. Underneath the URL, the real site they'd borrowed was an Estonian maker of specialty sports clothing, like Formula One, World Cup skiing, etc. I notified them but got no reply.
One other incident happened with a Citibank card. I used it only for office software purchases and I didn't examine every statement since it was normally zero. I just let them stack up, so I was negligent in that respect. When I did open one, I discovered a $1300+ balance. Of course I called Citi and opened the rest of the statements. Several months before there had started to be charges, around $30+ or so, all to x-rated sites. He was testing me to see how closely I monitored. When he got comfortable, he actually paid a web-hosting site and opened his own x-rated website - at my expense. When I checked back, the card had only been used once in the previous year. I had bought a new piece of billing software to experiment with from a small software company in New England, New Hampshire, I think. It was business software, nothing to do with sex in any way. I wrote the president of the company, explaining the situation and telling him to expect to hear from investigators from Citibank, which had backed out all the charges and promised an investigation. I never heard back from him. I wonder why...
What are the chances of there being enough of an electron trail to find these guys? Asking for the brother of friend who’s a drone pilot
Last edited:
This a little off topic. But I was getting Express VPN just to watch out of region television, but constantly the people who market it online usually pitch it as “makes it hard for hackers to get your valuables”. What exactly does a VPN do? Because I’m not really up on the ins and outs on computers, and really only understand VPN as a way to watch out of market television. Does it really make it harder to be hacked.
Latest threads
-
US Army replacing 5.56mm rifle with a 6.8mm for infantry- Started by Tidewater
- Replies: 6
-
-
Game One of Alabama-Texas A&M Alabama Series Moved to Friday as Part of Doubleheader- Started by Diamond Tide
- Replies: 0
-
Bama Game Thread: Bama Gymnastics - NCAA Championship Semi-finals (ESPN2 | 4/18 @ 8pm CT)- Started by BamaNation
- Replies: 32
-
No. 1 Visits Tuscaloosa for Second Straight Week as Alabama Hosts Top-Ranked Texas A&M
- Started by Diamond Tide
- Replies: 0
-