What happened to OC? - CLOSED Carnage?!
Solaris

Ransomware virus plagues 100k computers across 99 countries

30 posts in this topic
6 hours ago, Solaris said:

The ransomware only affects those who receive and open malicious emails/attachments containing the exploit.

 

 

That's incorrect.  It can be spread remotely through a vulnerability in network shares by just knowing the IP of an unpatched machine.

 

I can assure you that I did not open any emails or attachments on my VPS.

Share this post


Link to post
Share on other sites

Tiddy-bits:

7 hours ago, Solaris said:

The ransomware only affects those who receive and open malicious emails/attachments containing the exploit.

Oh. Go me for not even really using Email.

Share this post


Link to post
Share on other sites
18 hours ago, Krazychic said:

That's incorrect.  It can be spread remotely through a vulnerability in network shares by just knowing the IP of an unpatched machine.

 

I can assure you that I did not open any emails or attachments on my VPS.

 

This only happens to networks that don't have strict firewall policies, for example, blacklist everything and only whitelist what you want. A VPS is a little bit of a different environment, because they don't want to put restrictions on their internal network to prevent services from being blocked. It's also possible, as a VPS, your environment was infected due to someone else (in another VPS on that same hypervisor host) could have infected the other VMs. There's way too many variables to account for on a VPS. I was more specifically talking about internal organization networks. While a lot of businesses host their services on a VPS, a lot of the ones that were targeted (and a big deal) were the ones who had stricter networks and were targeted through the distribution of malicious emails, which caused execution on the machine that opens it and populates itself via the SMB exploit. 

 

The real difference here is on a public/unfiltered network, all you have to do is exploit the protocol. On an internal organization level, someone has to execute it internally. I should have clarified.

Krazychic and WaeV like this

System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites

You'd think the hosting provider would've done something about it by now, since it affects such a swath. That's kind of their responsibility, no matter how unmanaged the service is.

DiSiAC likes this

Oddly, this is familiar to you... as if from an old dream.  

Share this post


Link to post
Share on other sites
19 hours ago, Tucker933 said:

You'd think the hosting provider would've done something about it by now, since it affects such a swath. That's kind of their responsibility, no matter how unmanaged the service is.

You would assume that they would force the customers to patch their servers since they technically don't have access to force update them. If they didn't, you could threaten being taken offline due to potential harm of other customers on the network.

DiSiAC likes this

System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites
On 5/14/2017 at 0:57 AM, 002 said:

 

A large portion of DoD control systems use XP still. 

Share this post


Link to post
Share on other sites
1 hour ago, Wojtek said:

A large portion of DoD control systems use XP still. 

What are we considering control systems?


System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites
6 minutes ago, Solaris said:

What are we considering control systems?

 

Anything being used as an interface to run legacy systems/hardware due to cost prohibition or lack in capability. Silo interfaces/control points for our LGM-30s, critical systems on-board our SSN fleet, the FCS on the Abrams, some avionics packages, portions of the HF nets, some radar systems, ect... Mil-Embedded Systems has some good articles covering what DoD is doing to bridge the gap. NASA faced similar issues, nearly everything they utilized for the Space Shuttle program was designed in the 70's as a closed system, doing any soft of upgrading or restructuring would have been way to costly, so they stuff with the 70's era systems and components. 

Share this post


Link to post
Share on other sites
9 minutes ago, Wojtek said:

Anything being used as an interface to run legacy systems/hardware due to cost prohibition or lack in capability. Silo interfaces/control points for our LGM-30s, critical systems on-board our SSN fleet, the FCS on the Abrams, some avionics packages, portions of the HF nets, some radar systems, ect... Mil-Embedded Systems has some good articles covering what DoD is doing to bridge the gap. NASA faced similar issues, nearly everything they utilized for the Space Shuttle program was designed in the 70's as a closed system, doing any soft of upgrading or restructuring would have been way to costly, so they stuff with the 70's era systems and components. 

I'm just curious, because I don't know how those systems can keep getting extensions for their ATO/ATC, considering the DoD CIO mandate to move to Windows 10 SHB in January of this year (which was extended to 2018). What's going to be even tougher for those guys are the re-accreditation with the Risk Management Framework (RMF) accreditation model and keeping up with maintaining every single one of those systems. I guess if you have some proprietary applications and hardware that aren't supported by the vendors anymore and no contractor has stepped up for the replacement of those programs, that can be the exception to the rule as well.


System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites
5 minutes ago, Solaris said:

I'm just curious, because I don't know how those systems can keep getting extensions for their ATO/ATC, considering the DoD CIO mandate to move to Windows 10 SHB in January of this year (which was extended to 2018). What's going to be even tougher for those guys are the re-accreditation with the Risk Management Framework (RMF) accreditation model and keeping up with maintaining every single one of those systems. I guess if you have some proprietary applications and hardware that aren't supported by the vendors anymore and no contractor has stepped up for the replacement of those programs, that can be the exception to the rule as well.

 

That's the issue, as it always is. DoD puts out a decree department wide for all to meet said standard by said mandate (which is always pushed back) and everyone is left scrambling to meet said mandate, even if a system who's original manufacturer dissolved over two decades ago and the control system for the legacy hardware was implemented in 2000 and hasn't seen nary an upgrade or update since. The IT equivalent of ten pounds of shit and a five pound bag to put it in. 

 

Same shitshow is going on across all departments, from DoJ to HHS. 

Solaris likes this

Share this post


Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.