ransomware Ransomware and Cyber Security Policies

[GremlinIT]

https://www.theguardian.com/technology/2021/jun/14/ransomware-is-biggest-online-threat-to-people-in-uk-spy-agency-chief-to-warn

 

I recommending reading the full article but what might be on the horizon:
 

Quote

Cameron also called for insurance companies to stop paying out ransoms – currently legal because hackers are rarely members of banned terrorist groups - ...

 

Edited 15 June, 2021 by GremlinIT

[Mark Sollis]

Great link - no business should consider themselves #safe

[GremlinIT]

Had a fun chat with OGI about Open Attach and Ransomware ...

 

Currently, OA uses SYSTEM to modify and create folders and files. However, it uses the User's permissions to read and open files.

 

This means that I can help prevent ransomware from encrypting the data but not prevent it from exfiltrating the client documents.

 

They decided that getting someone to finish the other half of the job was a bespoke contract. Told them we can wait, far more likely another broker is affected and kicks up a storm that affects OGI rather than us.

[Mark Sollis]

Sounds like the usual "Let's wait until it happens and then we will do something about it" kind of approach

 

That approach went well with the NHS too ...

 

[Mark Sollis]

Tbf - I’d be interested in comparing how the competition / alternative OGI solution aka Virtual Cabinet, manages the same situation. That’s the real benchmark / leverage. 
 

If cyber is a concern - or a requirement of your BI - I’d suggest taking a serious look at those security functions in both. Then make your choice. 
 

#whosheadisontheblock

 

[GremlinIT]

17 hours ago, Mark Sollis said:

#whosheadisontheblock

Not mine and I have lead so many horses to the water but I can't get them to drink. Putting it out here in public view is a last straw / venting action.

[Mark Sollis]

17 hours ago, Mark Sollis said:

If cyber is a concern - or a requirement of your BI - I’d suggest taking a serious look at those security functions in both. Then make your choice. 

 

Sorry - the above was a more generic prompt for ALL brokers - particularly those who need to review their risk appetite - not aimed at you guys per-se 

 

17 hours ago, Mark Sollis said:

#whosheadisontheblock

 

Ditto for this - and to make sure everyone is aware they can't blame or claim from, their supplier for their own inadequate security analysis and prevention

 

I feel your pain with the horses - but at least you found the water - that's half the battle 

 

[GremlinIT]

1 hour ago, Mark Sollis said:

I feel your pain with the horses - but at least you found the water - that's half the battle 

Now how do I convince colour blind horses that the water is clean and safe to drink?  

[Mark Sollis]

39 minutes ago, GremlinIT said:

Now how do I convince colour blind horses that the water is clean and safe to drink?

 

Makes no difference if they're not thirsty 

[GremlinIT]

On 18/06/2021 at 17:07, Mark Sollis said:

 

Makes no difference if they're not thirsty 

Oh, they are. They only want the yellow liquid someone else is giving them because they were convinced, somehow, that it is lemonade. 

[GremlinIT]

Latest response from OGI:

Quote

I did discuss this with engineering and we are not sure with what they are asking whether it's even achievable with the software. But if it is Engineering advised it would be chargeable. I discussed this with [hardware technician's name redacted]. 

 

My response:

Quote

This needs to go to development. OA simply needs to change its Read & Execute permissions from Windows Authenticated User to SYSTEM the same as it already does for Write and Modify permissions.

 

I don't know why development did half a job of it in the first place and that getting this on their enhancement wishlist is such an uphill battle.

Anyone else want to log a similar request and join the chorus?  

[Mark Sollis]

Not 24 hrs before your post! A despairing mini-rant criticising the very response you received. Feel free to add a real life instance on there - Typical Standard Response Warning 

[GremlinIT]

On 09/07/2021 at 10:59, Mark Sollis said:

Not 24 hrs before your post! A despairing mini-rant criticising the very response you received. Feel free to add a real life instance on there - Typical Standard Response Warning 

I don't use Linked In. Good post.

My colleague had that all the time, would ask OGI support, "How do I do this?" and would receive the answer, "It can't be done." A week later they would go back to OGI with, "This is how you do it."

 

Now they don't even bother to log tickets with OGI. If OGI cared and had enough staff to put more time into working these things out with my colleague, then they would have an over all better product and better service.

[GremlinIT]

I was discussing measures to guard against ransomware with an OGI support member. 

Hosts of virtual machines are not safe.

 

They had a client a few weeks ago, where the ransomware managed to get into the hosts (plural) and it destroyed the vhdx files (what a virtual machine is stored in). In a lot of instances, with limited access, more ports closed on the host and so forth, you would be inclined to believe that they are safe and only the virtual, more "public access" machines would be affected to different degrees.

 

I am now looking into making a Linux host, so that backup snapshots of a virtual machine will be safe and can easily be fired up for emergency cases.

[Mark Sollis]

OUCH!

So where were the hosts hosted and by whom?

[GremlinIT]

On 31/07/2021 at 13:25, Mark Sollis said:

OUCH!

So where were the hosts hosted and by whom?

I don't know who was hit. It was on premises hosts.

Basically, everything Windows on their network was destroyed.

 

Could possibly have something to do with this.

[GremlinIT]

If you have locked yourself out of a PC by forgetting the administrator details, you can sort it out by buying a Razer mouse! 

 

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

[GremlinIT]

Open Attach hasn't changed. It should be a database, more secure, better control over user access, find and retrieve files more quickly, et cetera.

 

Now everyone is being pushed to use MS Edge. I thought I saw a notice that you could use Firefox or Chrome, that seems to have been retracted and no one in support knows anything about it.

Not sure I want to trust payments to a web browser, which is made by the some company that produces Windows, which has 50-100 vulnerabilites each month with 1-6 of them being zero days.

[Mark Sollis]

The real question for Open GI is why is only 1 browser supported?

 

Why do you think that is?

 

10 points for each correct answer …

[GremlinIT]

On 14/06/2022 at 17:44, Mark Sollis said:

The real question for Open GI is why is only 1 browser supported?

 

Why do you think that is?

 

10 points for each correct answer …

Partnership deals that are in the interests of Open-GI's profits and not the best infrastructure for their clients.

• HP - (30% returns from printers to servers when I worked for a HP partner. Haven't been pleasantly surprised with 6 more years of dealing with their hardware).
• Microsoft - Oh ook another 60 security holes and a zero-day (M$ product zero-days can only be fixed or mitigated by Microsoft) that has been actively exploited for over two months now.
• Sophos - Tavis Ormandy of Google's top security team, charitably wrote a 30 page paper, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time". Recently, they forced through Multi-Factor Authentication for their "cloud" management site (which has a really useless, coutnerintuitve and uninformative interface), that is completely useless in a ransomware take over, you could easily be left without access to your "cloud". They should implement physical keys if they are going to push for this, not software methods that can be taken over as part of an attack. 

Edited 27 July, 2022 by GremlinIT