Big Ransomware Outbreak Today - Be Vigilant

No one's arguing that Microsoft's patches don't occasionally screw something up. At least I'm not.

The argument is that it is probably better to take the risk of having something occasionally screwed up, and having to rush around and fix it, rather than expoising your organization to data theft or encryption ransomware.

agree but when you have a company spread out over the entire country like fedex all running on separate networks + contract companies running those same systems it's damn near impossible to secure everything.. so yeah maybe some networks wouldn't of been infected but just 1 of those networks within the swarm being infected will have the same effect as all of them being infected when it comes to scheduling. you can't just say well SFO fedex hub is shit out of luck don't fly or transport anything to them because SFO effects all international and west coast regional hubs.

i will say that the fact that the Memphis hub which is fedex's main hub didn't secure it's self is probably the dumbest thing i've seen fedex do though.. there's absolutely no excuse for that.
 
Since the gov't wrote the original, what's their punishment?

Oh that's right, our f'ing gov't is never held accountable. Silly me.

I wonder if companies like FedEx can sue in court for damages for the government being careless with dangerous tools that caused irreparable harm to their business.

government will just blame wikileaks and give them an excuse to throw more money at trying to shut them down.
 
In fact, the NSA has recently scaled back their program of spying on Americans because they bring up a "target" word in conversation. They realized the correlation was small to nill. And NSA really doesn't post when they catch the bad guys do they?

The last time I heard anything that the NSA might have had a hand in stopping was Russian spies transferring sensitive data via pictures. If they were really that effective there is no reason not to put themselves in a public spot light a year after the investigation closes. But for some reason I never hear how they stopped X, Y Z. Why is that? Why don't they publish statistics for everyone to see like:
NSA is responsible for stopping 23 state actor campaign attempts to access defense networks last year
NSA is responsible for exposing 52 terrorist attacks by 152 known terrorist last year
NSA spied on 124,000 americans last year that they discovered had no connection to any investigation
NSA helped craft fixes to 16 exploits which were used in attacks by state actors last year

Why don't they publish any of that @#%@#$@#? You can't tell me such generic numbers are classified.

And yes other countries like NK, China, and Russia are having all kinds of fun with their spear fishing script kiddies and exploits. There are other ways to inflect damage to them without holding out on potentially damaging information as has happened here.

I still think IF you are part of classified information or infrastructure there should be a law to keep you off any external systems except for a very very tight firewall system that processes batch commands for file transfers, and white listed email that can be monitored for suspicious activity. And that email system is text only with limited MIME support. No HTML crap. Any USB access would get you insta arrested and fired. Any bios/UEFI access insta arrested and fired. (Outside upper IT admins)

I mean, to be honest, offensive capabilities are important in warfare. We are experiencing a arms race between states (and individuals/groups), and unless a balance of power is achieved, the U.S can't have a 100% defensive posture against other powers. Cutting the ability of the NSA to develop offensive tools won't stop China or Russia or etc from making them. Only a situation where states know that launching attacks will result in headaches that will inflict hard damage will defer future attacks. And of course, with the addition of individual and group actors that can wage attacks makes the situation much more confusing and dangerous.

And while we could always bomb them, I don't think that solution will help......

So, here is a article concerning your angle, the U.S Government and their spying tools, etc.
http://www.techrepublic.com/article/inside-the-secret-digital-arms-race/

When is a cyberwar not a cyberwar?
The greatest trick cyberwar ever played was convincing the world it doesn't exist.

While the laws of armed conflict are well understood — if not always adhered to — what's striking about cyberwar is that no one really knows what the rules are.

As NATO's own National Cybersecurity Framework Manual notes: "In general, there is agreement that cyber activities can be a legitimate military activity, but there is no global agreement on the rules that should apply to it."

Dr. Heather A. Harrison Dinniss of the International Law Centre at the Swedish National Defence College said that most cyber warfare shouldn't need to be treated differently to regular warfare, and that the general legal concepts apply "equally regardless of whether your weapon is a missile or a string of ones and zeros."

But cyberwarfare does raise some more difficult issues, she says. What about attacks that do not cause physical harm, for example: do they constitute attacks as defined under the laws of armed conflict?

Dinniss says that some sort of consensus emerging that attacks which cause loss of functionality to a system do constitute an attack, but the question is certainly not settled in law.

Western nations have been reluctant to sign any treaty that tries to define cyberwar. In the topsy-turvy world of international relations, it is China and Russia that are keenest on international treaties that define cyberwarfare as part of their general desire to regulate internet usage.

The reluctance from the US and the UK is partly because no state wants to talk candidly about their cyberwarfare capabilities, but also by not clearly defining the status of cyberwarfare, they get a little more leeway in terms of how they use those weapons.

And, because in many countries cyberwarfare planning has grown out of intelligence agencies as much as out of the military, the line between surveillance-related hacking and more explicitly-offensive attacks is at best very blurred.

The greatest trick cyberwar ever played was convincing the world it doesn't exist.

That blurring suits the intelligence agencies and the military just fine. While espionage is not illegal under international law, it is outlawed under most states' domestic laws.

"It could well be that states were waiting to see what use would be made of cyber operations — how much they could get away with under the rubric of espionage," Dinniss adds. For example, although the US might consider Stuxnet to be an espionage project, that might not be the way it is interpreted by others.

This is not some arcane debate, though. If a cyber attack can be defined as an attack under the laws of armed conflict, a nation has a much better case for launching any kind of response, up to and including using conventional weapons in response. And that could mean that using digital weapons could have unexpected — and potentially disastrous — consequences.

Right now all of this is a deliberately grey area, but it's not hard to envisage an internet espionage attempt that goes wrong, damages something, and rapidly escalates into a military conflict. Can a hacking attempt really lead to casualties on the battlefield? Possibly, but right now those rules around escalation aren't set. Nobody really knows how or if escalation works in a digital space.

If I hack your power grid, is it a fair response to shut down my central bank? At what point is a missile strike the correct response to a denial of service attack? Nobody really knows what a hierarchy of targets here would look like. And that's without the problem of working out exactly who has attacked you. It's much easier to see a missile launch than work out from where a distributed digital attack is being orchestrated. Any form of cyber arms control is a long way off.
 
Dr. Heather A. Harrison Dinniss of the International Law Centre at the Swedish National Defence College said that most cyber warfare shouldn't need to be treated differently to regular warfare, and that the general legal concepts apply "equally regardless of whether your weapon is a missile or a string of ones and zeros."
/

And there's your problem. A lawyer, not a computer security expert, made this decision as it being ethical. No one understands the true ramifications like engineers and computer people.

I got news for you, there is defective hardware out there ATTACHED to SCADA systems. And I'm not talking about small harmless systems, I'm talking HUGE Insecticide plants (https://www.theatlantic.com/photo/2...st-industrial-disaster-30-years-later/100864/), HUGE power plants, etc. God help us if they burn out the power grid.

And NSA sits on thise exploits because some other state uses this same defective hardware. But people like NSA don't sit there and consider that it would take weeks or months to fix all these systems (as it is the case here). They don't sit and consider that the Russians already know of this exploit and plan to use it themselves.

There are other ways you can do damage without creating an offensive toolkit designed to exploit weaknesses which affect EVERYONE.
 
Last edited by a moderator:
Cool, no patch for malware like this but we have an update for Windows Creative BS! Priorities MS......:confused:
 
This is spreading fast, reminds me of blaster in terms of spread of infection rate. At least back then, blaster didn't encrypt everything. The guys doing this deserve some serious consequences.
 
Why do so many large corp still use MS software.

I make money installing Linux... I'm not sure how I feel about this one yet. I am either going to get lots of new clients. Or have my time wasted by a lot of people calling asking me a million questions even though they aren't ready to really pull the trigger on MS. I would bet on more time wasting calls then clients out of this one. lol
 
Why do so many large corp still use MS software.

I make money installing Linux... I'm not sure how I feel about this one yet. I am either going to get lots of new clients. Or have my time wasted by a lot of people calling asking me a million questions even though they aren't ready to really pull the trigger on MS. I would bet on more time wasting calls then clients out of this one. lol

Maybe because a lot of off the shelf software works on Windows.
 
Since the gov't wrote the original, what's their punishment?

Oh that's right, our f'ing gov't is never held accountable. Silly me.

I wonder if companies like FedEx can sue in court for damages for the government being careless with dangerous tools that caused irreparable harm to their business.
You could say it's about intent. Ostensibly, the government was looking to protect us. Ostensibly.
 
they called me crazy for blocking every single incoming connection.

i don't care if my network is a check valve.

it beats this shit.
 
Maybe because a lot of off the shelf software works on Windows.

large corps never buy off the shelf.... so ya it still boggles my mind that a company like fedex running custom software is using the largest attack vector in the world on the majority of their systems. lmao
 
Old internet, where people wrote viruses for the lulz, and the worst they did was fry PCs hardware.
In the old days, ransomware was more bothersome for the writer because payment had to be made to a P.O. Box, where it was collected at midnight while wearing a disguise.
 
The "Hackers" apparently call themselves the "Shadow Brokers" lol.....Mass Effect much?
 
so glad Vault 7 was released to the public. I mean, I feel so vindicated and much more secure knowing that CIA secret tools are now public domain and using in more hacks against more targets. Nasty CIA and their tools. I mean, it's not like other countries are using these types of tools against us! Glad it all got put into the light!

/sarcasm
I am glad as at least things will get patched now. How long would have these exploits been used if not made public?
 
Yup, just heard that Frankfurt Airport got hit. That's bad. Big airports like that getting whacked can't bode well for travelers. :confused:
 
I'm curious to know how MS knew about before the rest of us? Seems awfully troubling.
NSA Vault7 leak that occured in March. MS released a patch.
As I previously stated... Either the NSA found out about it and just sat on it OR MS found out about it and colluded with NSA to leave it unpatched until it became known...
Couple that with ChicagoMed episode playing this exact situation out...
 
Yup, just heard that Frankfurt Airport got hit. That's bad. Big airports like that getting whacked can't bode well for travelers. :confused:

Where? I googled a bit after Kyle posted that in this thread but came up empty.

Shutting down a hospital puts patients' lives in imminent danger, and so does shutting down an airport. It is difficult to think of this as something other than an act of war or terrorism.
 
It's hard to patch in the work environment. We have desktops set to run weekly and install updates, but server are a different thing.

Depending on what the servers task is, it might only get updated 4 times a year. Less mission critical servers get updated monthly.

If what I'm reading is correct, it is getting into networks via email? So I guess it's really important to keep your spam filter up to date? I will have to check out barracuda spam box later to see if blocked any emails related to this.
 
If Microsoft could be trusted at all, many more systems would be patched with the March update that closes this security hole.

http://windowsitpro.com/patch-tuesday/patch-tuesday-kb3023607-breaks-cisco-anyconnect-heres-fix

Patch Tuesday: KB3023607 Breaks Cisco AnyConnect, Here's a Fix (2015)...

And there have been more recent examples

ok, I accept Microsoft's explanation for forcing everyone onto Windows 10

No one's arguing that Microsoft's patches don't occasionally screw something up. At least I'm not.

The argument is that it is probably better to take the risk of having something occasionally screwed up, and having to rush around and fix it, rather than exposing your organization to data theft or encryption ransomware.

Well, apparently it didn't work.





My biggest gripe with all this is the fact that MS over the last few years has continually forced things on peoples computers that they just DO NOT WANT. When you continually force people to do things they do not want to do, or fill up their computer with BULLSHIT they will try and block EVERYTHING you do.

I am perfectly ok with them forcing security updates on me

What I am NOT OK WITH is

CANDY CRUSH

CORTANA

SEARCH THAT IS LINKED WITH THE FUCKING INTERNET

LIVE TILES

THE WINDOWS STORE

EDGE

CALCULATOR IS NOW AN "APP" AND ASKS FOR MY FUCKING REVIEW WHEN I USE IT

I am one of those people that now hold off on updates whenever possible, I now have gone in and messed with things to get rid of those things.

It fucking pisses me off to no end when companies do this.

I completely blame MS for this, 100%
 
Yup, just heard that Frankfurt Airport got hit. That's bad. Big airports like that getting whacked can't bode well for travelers. :confused:
Link on that, the info I got was very possibly fake, so I pulled back.
 
honestly... Microsoft need to be bound to the DO178 software design process

If they actually had to fully specify exactly what they are going to implement, requirements flowdown to drive actual implementation, test vectors to demonstrate coverage NOT only would it be a wakeup for them BUT the likelyhood of stuff like this occurring would plummet
 
And there's your problem. A lawyer, not a computer security expert, made this decision as it being ethical. No one understands the true ramifications like engineers and computer people.

I got news for you, there is defective hardware out there ATTACHED to SCADA systems. And I'm not talking about small harmless systems, I'm talking HUGE Insecticide plants (https://www.theatlantic.com/photo/2...st-industrial-disaster-30-years-later/100864/), HUGE power plants, etc. God help us if they burn out the power grid.

And NSA sits on thise exploits because some other state uses this same defective hardware. But people like NSA don't sit there and consider that it would take weeks or months to fix all these systems (as it is the case here). They don't sit and consider that the Russians already know of this exploit and plan to use it themselves.

There are other ways you can do damage without creating an offensive toolkit designed to exploit weaknesses which affect EVERYONE.

I don't think that the lawyer in the quote was suggesting that cyberwarfare be considered different than other forms of war. But I suppose your referring more broadly to decision-makers.

You probably know better than me, so I'll take your word on it, but I dunno, the development of nuclear weapons, basically the biggest weapon that could affect everyone, was spurred by states reluctant to allow other states advantages, even in destructibility. Both Russia and the U.S focused on developing better and deadlier nuclear weapons, and their delivery systems in order to retain balance of power and MAD. I don't know about computers and programs, etc, but if China developed a toolkit designed to exploit a weakness that would affect everyone (in some way), MAD, balance of power would mean that the U.S would have to focus on developing a toolkit that it could use on China in response to achieve the same results.
 
If what I'm reading is correct, it is getting into networks via email? So I guess it's really important to keep your spam filter up to date? I will have to check out barracuda spam box later to see if blocked any emails related to this.

I don't know about this email, but most the exploit emails I've seen this year just have a link, or a password encrypted word document to try and get around the spam filters.
 
I'm curious to know how MS knew about before the rest of us? Seems awfully troubling.

The SMB exploit was actually known and being talked about back in February before SB released the NSA's version of the exploit. It's speculated that it's the reason Patch Tuesday that month was ultimately canceled because MS found out about it right before PT and, in the course of patching the flaw ran into issues that required them to delay (and eventually cancel) the Feb. rollout. It was officially reported to MS late last year by a 3rd party late last year.
 
Damn this shit is spreading like wildfire. I'm all for keeping the government in check with wikileaks but they have to be careful in what they leak. Some things that are highly disruptive could instead be leaked via articles instead of the actual programs.
 
This shit is crazy. I wonder how long this type of operation took to coordinate?

I hope they find these bastards, some how.
 
This shit is crazy. I wonder how long this type of operation took to coordinate?

I hope they find these bastards, some how.

Just an email list and an email server from the sounds of how it works.

People open up things/click on links that they never should have and you end up with this kind of mess.

We have our people pretty well trained to immediately report any email that they weren't expecting or that looks suspicious.

I haven't had an issue with anybody opening up crap like this in the last 2 years.

They report it to me and I send it on to the security team to check out.

Better to have false alarms than what is going on with this crap.
 
Back
Top