#16
|
|||
|
|||
Quote:
IME, there are very few (not many as you suggested) companies that do this type of broad and deep training and testing for non-IT employees. At-best, it is once a year or at time of hiring and thus simply not enough. |
#17
|
|||
|
|||
Quote:
Greg |
#18
|
|||
|
|||
Quote:
Any chance I can get you to overnight me a sandwich from Brooklyn Pickle and some food from Dinosaur BBQ? |
#19
|
|||
|
|||
Quote:
|
#20
|
|||
|
|||
Quote:
Greg |
#21
|
||||
|
||||
Quote:
|
#22
|
|||
|
|||
Interestingly the group that hacked Garmin is on the US terrorist list. Giving a terrorist group $10M is a pretty big no-no.
I was also amused the hack only received 6 words on Garmin's earnings phone call on the 29th. |
#23
|
||||
|
||||
Quote:
Tim |
#24
|
|||
|
|||
These articles are fun but as I said in the other threads they are just wild fun speculation from cycling journalists with little knowledge of computer systems or networks.
As an engineer working in software security these articles don't convince me of anything. It's all speculation with zero revealed sources or primary source information. Wasted Locker can't take down a whole organization like this. It doesn't take down Garmin's phone systems. It's not going to take down a data center that doesn't run on Windows. It's not going to affect the machines that are Macs and we know Garmin has some of those. It would have 0 effect on Connect if Connect was running in the cloud on a non-windows setup (which is almost everything). Amazingly the comments on these articles often have people pretending Wasted Locker could go into AWS or another cloud platform and erase the backups, etc... It's a Windows thing. Most of the non-tech people where I work have Windows machines and if they weren't patched/managed well one of them could click on these phishing type scams and get something like Wasted Locker introduced into the system. But Wasted Locker could never cause this level of damage and shut down.. it might spread through some of the department's windows machines where the initial infection happened. It's not going to do a damn thing to phone systems or non-windows development systems or non-windows servers running on the other side of firewalls. It's not going to take out routers or any of these other things. Garmin had so much damage & so many things shutdown this story just doesn't sound legit to me it could be a piece of what happened but not the whole thing. And it keeps being reported this way by Cycling journalists with no inside sources. This isn't even the same story that was unfolding when I went and started reading the twitter threads about it. Even the windows machines.. if you don't build the whole network in a completely windows way that's completely incompetent you can just wipe all these machines and reimage them and lose almost nothing. My employer can erase my workstation today and we'd lose almost nothing. It'd take me a day or two to set everything back up to get productive again but there would be no need to pay the ransom. Last edited by benb; 08-03-2020 at 10:26 AM. |
#25
|
||||
|
||||
Quote:
|
#26
|
|||
|
|||
What the heck is our NSA doing? This is such massive exposure to US companies (Garmin is a large MIL provider and of course airlines). Just firing a bunch a people and setting up new corporate policies won't work - all they need is one key in.
This 100% agree! Since, we've spend a large sum trying to keep our system free from outside hacking. Nearly every consultant we've engaged has said there's little way to fully prevent it, and it's better to put resources into developing a parallel system and backing up data frequently. Given hacks of Twitter, Facebook and even Garmin, it seems they're correct, that no system is impenetrable. |
#27
|
|||
|
|||
US regulators are hilariously underfunded and have no teeth, and have tons of "private" partnerships for governance and auditing. Very much like the Credit Agencies during the 2008 financial crisis and garbage mortgage securities.
European regulators are much more serious. I would trust a european entity over an american any day. Also: Training is pointless and merely there as a CYA for the company. Limited span of control, minimizing blast radius, separation of duties, extreme access control at all layers and assuming all actors are bad actors (including your own employees) is the only way to secure things. 99% of companies don't operate like this - it is expensive, it is hard, and if you're a legacy company nearly impossible to retrofit. As someone said earlier.. cost/benefit is "risk a piddly $10M cyber attack, or spend a hundred million plus give up $x earnings-per-share forever" - 9 times out of 10, executives are gonna go with the near term stock price. |
#28
|
|||
|
|||
Also keep in mind every website in the chain you follow reading these stories is ad driven, including the security blogs.
|
#29
|
|||
|
|||
Quote:
The amount of downtime/damage Garmin had here is more like the NSA + IDF attacking the Iranian nuclear program. To take everything down including phone systems, data centers, servers, etc, etc.. it would have taken a multi-prong approach that was way more sophisticated. The only way it was just Wasted Locker is if Garmin's setup is so incompetent & homogenous it's unimaginable to me. Other possibilities would be Garmin lying about some of the effects, like their phones were fine the whole time and they were just lying cause they didn't want anyone calling. It is way more plausible they just shut everything down and did a large & time consuming restoration from backup than it is that the only solution was paying the ransom. |
#30
|
|||
|
|||
Quote:
|
|
|