Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Avoiding the Ransomware Mistakes that Crippled Atlanta
Newest First  |  Oldest First  |  Threaded View
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/17/2018 | 8:32:25 PM
Re: System failures
You can tell they really thought that out. :-)
Take Care,

Margaret

 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/17/2018 | 3:17:56 PM
Re: System failures
Stupid as stupid does ----- and why did Hartsfield Airport in Atlanta  have both primary and secondary power cables router through the same underground tunnel only a few feet from each other when a fire broke out taking about both primary AND REDUNDANT POWER ?????   Because nobody thought it could happen!!!
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/13/2018 | 4:53:49 PM
Re: System failures
I agree to use it as a comparison for server failure. The recovery is going to be the same. What is wrong with the City of Atlanta? We as a group know it pretty much the standard best practices. I can't believe the City of Atlanta is that stupid. Now they have outsiders public and private wanting money to solve their problems. They really need to put on their big boy pants and solve it themselves. They will never be ready for the next server failure or attack. Much of the problem needs to solved from within.

I just want to take moment to thank everyone on the posting of this article. I glad we have people still with solid foundation for systems and security.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 12:10:51 PM
Re: System failures
A better comparison can be made with Merck which was hit hard by WannaCry in 2016.  I remember from all the chatter on the web that they discovered their recovery protocols were about nill!  Which hurt them big time.  YOU have to be able to recover whether from ransomware or drive failure or electrical power outage (Hello, DELTA/).  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 10:34:24 AM
Re: System failures
WOW!!!   LIKE I DON'T KNOW THAT?????   I used it as a comparison for server failure.   And the existance of a recovery plan which, from whati can see, does NOT exist in Atlanta.
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/13/2018 | 10:17:37 AM
Re: System failures
9-11 had nothing to do with the City of Atlanta. Many of the mistakes were due to the security and the protection of data. I have worked on the inside temporarily. They have a tendency to have shadow IT departments. They are not unified in IT structure of who has control. NO IT GOVERNANCE and no incident response plan. Someone should have been aware of current possible threats like ransomware in general. Who let the media loose with a screen shot of how to contact the cybercriminals is totally stupid because the media contacted cybercriminals for an interview of questions and they asked for money. The security manager should have handled this quietly with the mayor. Controlled and gave the media constructive information. Handle it in the same fashion as the hospitals did before. If the mayor decided not to pay the $51,000 in Bitcoin. Make a plan. Take the infected systems off the network, restore from backup and recover any workstations the same way. Then have meeting with the stakeholders like the mayor and IT director to develop a plan for going foreward. SAMSAM is usually done by phishing attack using an attachment. Time for end user training along with strengthing your security armor. No one can be bullet proof in IT security but you can have a heathly security appetite. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 8:49:33 AM
System failures
17 years ago one morning in September, my data center crashed.  Dropped 103 floors to the ground when the South tower collapsed on THAT DAY.   I was 101st floor so mad eit out though many others did not.  In some ways a Ransomware attack CAN be equivalent to a total system failure.  You had better have a good disaser recovery plan in place and tested!!!!  Upgrading hardware and patching is a NORMAL IT FUNCTION.  It is what the IT staffers are PAID to do and testing a plan is icing on the cake.  It had better be done too because when needed, nobody thinks straight at 2AM rebuilding a server array.   The difference is the exfiltration of data but otherwise they are the same event in many ways.  From what I have heard, THERE WAS NO PLAN and they are rebuilding from ground up.  Horrible.  $3 million in costs to consultants.  
mugsprt
100%
0%
mugsprt,
User Rank: Strategist
4/12/2018 | 1:14:57 PM
Problems is not legacy boxes and out dated applications
I agree with the article to a certain point. Even the oldest software should have been updated. Why? The IT management did not update the software nor move the data to an updated secure platform. Supposedly the City of Atlanta has Cybersecurity manager is also the blame. There is no IT governance to audit the systems and apps to develop risk factors, then resolve them. I BLAME THE PEOPLE. There should be resignations being handed in and termination notices being handed out. The Mayor of Atlanta should be handing down orders to clean this mess up once and for all. I would feel bad for the people let go but there is a huge system to get a security net around and right now they have a lot of companies try to sell the City of Atlanta that they have all the answers.  OUTDATED APPLICATIONS CAN BE PROTECTED. OLD OPERATING SYSTEMS CAN BE HARDED. Read the 2018 Data Base Incident Report from Verizon. Ransomware is climbing on companies or organizations. EASY MONEY. Ransomware sold as service on the dark web. Ransomware is not going away, it will only increase. Now I expressed my opinion. The City of Atlanta will never have updated IT security defense and reasonable protection until they get rid of all the snake oil dealers trying to sell them the latest and greatest cybersecurity package and develop a real cybersecurity plan with a person in charge with the city of Atlanta interest in mind.

Margaret Grigor MCSE,MCSA,CSA,CASP


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.