Posted on 05/08/2021 10:33:09 AM PDT by Beave Meister
Amen to that!
That's true. But the pipe line controllers and associated computers should be insulated from almost all of the workers.
At least they hired a cybersecurity firm to advise them. Maybe they will harden their system.
The firm I work for was hacked by the Chinese about 6 years ago. They continue to harden systems. They hired white knight hackers to hack our systems and show us our vulnerabilities.
This is from our enemies like China and Russia. No one else would target out infrastructure like this.
Yes. I know firsthand a lot of Chinese students and employees at a big university were only there to send passwords, usernames and details about gaining access back to China.
IT guy said to me there are hundreds of external attempts to break in each day at this one university. Listed China and Russia but many others. It does not even do any defense or research work. However, my idea is they communicate with the ones who do, and especially with the big resedarch and tech companies elsewhere. Might ask for technical journal articles or scientific papers on file.
So, gain access to the unimportant university then use their passwords to access the others with defense and high security data. Indirect but works eventually if one person makes a mistake due to phishing. Especially with those real appearing false web pages and counterfeit email setups.
Saw one diagram showing how they do it. One panel was “Bill, is this genuine?” with counterfeit fraudster replying using the real looking information “Sure, Ted. I had dealings with him and he’s legit. Stop worrying.”
We only managed the Carter gas rationing era because my mom was a mail carrier and could fill up every day.
“Up 10 cents since yesterday.”
Same here, and the gas tanker was pulling in as I was pulling out. I’ll have to see if prices go up again.
Or at least look at it as a proof of concept for a new weapon to be developed and used at some time in the future by our enemies.
“whoever was visiting sites they shouldn’t have on company computers”
There are some systems that should not be connected to the internet. The problem is good old fashioned hubris on the part of people who design and deploy these systems. They truly believe that nobody can hack THEIR program or penetrate THEIR firewall.
“Just topped of my tank 2.99/ gal. Up 10 cents since yesterday.”
I just got back from topping off. $2.65 outside of Raleigh. No panic apparent. Yet.
Has ransomeware been confirmed?
Earlier in the day it was only suspected.
“Conversely, the remedy fo the attack, short of paying the extortion money, is to restore everything from backups, which hopefully was snapshot *before* the ransomware attack and and stored offline.”
I’ve consulted on this subject dozens of times, companies big and small.
Almost nobody can restore their key services and applications from back-ups. And fewer still have ever tested their REAL ability to do so.
Too many companies do not take IT as seriously as they ought to, and it’s often the first budget cut.
Then BAM! they’re out of business.
“This is from our enemies like China and Russia. No one else would target out infrastructure like this.”
If it was one of them there would be fires and explosions, real damage.
Sounds like North Korea’s style. He has thousands of folks doing ransom ware stuff every day.
There probably 100 high school kids that could pull this off at a company that only gives lip service to security.
Which is no less than 50% of the Fortune 500, and just about everybody else.
The pipeline between Texas and NJ is a national security risk. There is no effing way the NSA is not all over their security. This is not some group of high school kids.
“There is no effing way the NSA is not all over their security. This is not some group of high school kids.”
I assure you the NSA was not involved, at least until yesterday. This is the realm of FBI and DHS/CISA.
While there are specific regulations for critical infrastructure, they are really not seriously enforced. There is no lawful way to do that, though folks may want to consider it given the importance.
I was involved with an incident where a major defense contractor and manufacturer was compromised entirely.
Of course that was China.
But it happens all the time with major corporations. Most of them you never hear about.
I worked in telecom for a bank. The bank regulators took this stuff very, very seriously. It was tedious how serious it was. I imagine in the years since I have been retired I imagine it’s gotten even more serious.
Glanced at title of this [not Q] thread.
Thought it read, Ransomnote attack . . .
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.