Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Avoiding the Ransomware Mistakes that Crippled Atlanta
Newest First  |  Oldest First  |  Threaded View
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/17/2018 | 8:32:25 PM
Re: System failures
You can tell they really thought that out. :-)
Take Care,

Margaret

 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/17/2018 | 3:17:56 PM
Re: System failures
Stupid as stupid does ----- and why did Hartsfield Airport in Atlanta  have both primary and secondary power cables router through the same underground tunnel only a few feet from each other when a fire broke out taking about both primary AND REDUNDANT POWER ?????   Because nobody thought it could happen!!!
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/13/2018 | 4:53:49 PM
Re: System failures
I agree to use it as a comparison for server failure. The recovery is going to be the same. What is wrong with the City of Atlanta? We as a group know it pretty much the standard best practices. I can't believe the City of Atlanta is that stupid. Now they have outsiders public and private wanting money to solve their problems. They really need to put on their big boy pants and solve it themselves. They will never be ready for the next server failure or attack. Much of the problem needs to solved from within.

I just want to take moment to thank everyone on the posting of this article. I glad we have people still with solid foundation for systems and security.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 12:10:51 PM
Re: System failures
A better comparison can be made with Merck which was hit hard by WannaCry in 2016.  I remember from all the chatter on the web that they discovered their recovery protocols were about nill!  Which hurt them big time.  YOU have to be able to recover whether from ransomware or drive failure or electrical power outage (Hello, DELTA/).  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 10:34:24 AM
Re: System failures
WOW!!!   LIKE I DON'T KNOW THAT?????   I used it as a comparison for server failure.   And the existance of a recovery plan which, from whati can see, does NOT exist in Atlanta.
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/13/2018 | 10:17:37 AM
Re: System failures
9-11 had nothing to do with the City of Atlanta. Many of the mistakes were due to the security and the protection of data. I have worked on the inside temporarily. They have a tendency to have shadow IT departments. They are not unified in IT structure of who has control. NO IT GOVERNANCE and no incident response plan. Someone should have been aware of current possible threats like ransomware in general. Who let the media loose with a screen shot of how to contact the cybercriminals is totally stupid because the media contacted cybercriminals for an interview of questions and they asked for money. The security manager should have handled this quietly with the mayor. Controlled and gave the media constructive information. Handle it in the same fashion as the hospitals did before. If the mayor decided not to pay the $51,000 in Bitcoin. Make a plan. Take the infected systems off the network, restore from backup and recover any workstations the same way. Then have meeting with the stakeholders like the mayor and IT director to develop a plan for going foreward. SAMSAM is usually done by phishing attack using an attachment. Time for end user training along with strengthing your security armor. No one can be bullet proof in IT security but you can have a heathly security appetite. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 8:49:33 AM
System failures
17 years ago one morning in September, my data center crashed.  Dropped 103 floors to the ground when the South tower collapsed on THAT DAY.   I was 101st floor so mad eit out though many others did not.  In some ways a Ransomware attack CAN be equivalent to a total system failure.  You had better have a good disaser recovery plan in place and tested!!!!  Upgrading hardware and patching is a NORMAL IT FUNCTION.  It is what the IT staffers are PAID to do and testing a plan is icing on the cake.  It had better be done too because when needed, nobody thinks straight at 2AM rebuilding a server array.   The difference is the exfiltration of data but otherwise they are the same event in many ways.  From what I have heard, THERE WAS NO PLAN and they are rebuilding from ground up.  Horrible.  $3 million in costs to consultants.  
mugsprt
100%
0%
mugsprt,
User Rank: Strategist
4/12/2018 | 1:14:57 PM
Problems is not legacy boxes and out dated applications
I agree with the article to a certain point. Even the oldest software should have been updated. Why? The IT management did not update the software nor move the data to an updated secure platform. Supposedly the City of Atlanta has Cybersecurity manager is also the blame. There is no IT governance to audit the systems and apps to develop risk factors, then resolve them. I BLAME THE PEOPLE. There should be resignations being handed in and termination notices being handed out. The Mayor of Atlanta should be handing down orders to clean this mess up once and for all. I would feel bad for the people let go but there is a huge system to get a security net around and right now they have a lot of companies try to sell the City of Atlanta that they have all the answers.  OUTDATED APPLICATIONS CAN BE PROTECTED. OLD OPERATING SYSTEMS CAN BE HARDED. Read the 2018 Data Base Incident Report from Verizon. Ransomware is climbing on companies or organizations. EASY MONEY. Ransomware sold as service on the dark web. Ransomware is not going away, it will only increase. Now I expressed my opinion. The City of Atlanta will never have updated IT security defense and reasonable protection until they get rid of all the snake oil dealers trying to sell them the latest and greatest cybersecurity package and develop a real cybersecurity plan with a person in charge with the city of Atlanta interest in mind.

Margaret Grigor MCSE,MCSA,CSA,CASP


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3758
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.