Your data or your life!

It is not the dream, not this time. I was persecuted by a Construction AI with diminishing reality capacity, but in the humour side there were a few criminals trying to get away with a golden car (like Goldfinger) and they got in the middle, so there. No, today is about Ransomware. Reuters gives us ‘Ransomware breach at Florida IT firm hits 200 businesses’ (at https://www.reuters.com/technology/200-businesses-hit-by-ransomware-following-incident-us-it-firm-huntress-labs-2021-07-02/). Like the solarwinds issue we see “The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers’ customers simultaneously” and no one, most visibly the media is asking the questions that needs asking. The Microsoft Exchange issue, the Solarwinds issue, now Kaseya. We understand that things go wrong, but as I see it the hackers (read: optionally organised crime) have a much better understanding of matters than the lawmakers and police do, we see this with “encrypted the files of those providers’ customers simultaneously” and that is before we consider that ‘an American software company that develops software for managing networks, systems, and information technology infrastructure’ has the kind of security that can be trespassed upon. And why do I think this? It is seen “The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses” and contemplate the issue that this had been happening for the last 5 months. A lack of larger systems as well, and all this continues as the law is close to clueless on how to proceed on this. We see statements like “In their advisory and further incident communications, Kaseya said that only a few out of their 36 000 customers were affected”, yet CNet gives us “REvil, the Russia-linked hacking group behind the attack on meat processor JBS, is linked to the Kaseya attack, The Wall Street Journal reported. Security firms Huntress Labs and Sophos Labs have likewise pointed to REvil”, which gives the law the problem that a member must be a proven member of REvil and that is largely not the case, moreover they have no clue how many members are involved. When one player gives us “We are in the process of formulating a staged return to service of our SaaS server farms with restricted functionality and a higher security posture (estimated in the next 24-48 hours but that is subject to change) on a geographic basis”, all whilst one of the victims is the largest grocery store in Sweden (COOP), the setting of “only a few out of their 36 000 customers” becomes debatable and it will affect the retail stage to a much larger degree, especially when you consider that they are cloud based. I stated in the past (based on data seen) that 90% of the cloud can be transgressed upon. And they are all servicing the larger stage of people dealing with IT requirements on a global scale. Now consider that cloud systems remain largely insecure and beyond the fact that ITWire was giving us “SolarWinds FTP credentials were leaking on GitHub in November 2019” and it was a direct results from someone who thought that ‘solarwinds123’ was a good idea. Oh, I remember a situation involving Sony and stated that there might be an issue that someone (I implied the Pentagon) had a router with password ‘cisco123’, I did that in ‘The Scott Pilgrim of Technology’ (at https://lawlordtobe.com/2019/05/23/the-scott-pilgrim-of-technology/) in MAY 2019, and did anyone learn anything yet? It is now 2 years later and still we see these levels of transgressions? Some might say that IT firms are helping REvil get essential revenues, some might say that these IT firms got themselves in this mess. So when we look at some firms relying on ‘Five years of experience for an entry-level job’, or perhaps “Any of the following will be grounds for immediate dismissal during the probationary period: coming in late or leaving early without prior permission; being unavailable at night or on the weekends; failing to meet any goals; giving unsolicited advice about how to run things; taking personal phone calls during work hours; gossiping; misusing company property, including surfing the internet while at work; submission of poorly written materials; creating an atmosphere of complaint or argument; failing to respond to emails in a timely way; not showing an interest in other aspects of publishing beyond editorial; making repeated mistakes; violating company policies. DO NOT APPLY if you have a work history containing any of the above” (source: Forbes). All this in a stage of age discrimination and narrow minded thinking of HR departments. Yes that is the dynamic stage of people that have bad passwords and a stage of transgressions. So whilst we might think it is a stage of ‘Your data or your life’, there is a larger stage where the law has a bigger issue, it has the issue of IT firms cutting cost and having a blasé approach to the safety of their systems, and more important their customers. And whilst ABC New York gives us “The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact” (at https://abc7ny.com/amp/ransomware-attack-4th-of-july-cyberattack-kaseya/10859014/) we see a first stage where the statement ‘only a few out of their 36 000 customers were affected’ is as I personally see it marketing driven panic. And that is a much larger case. I get that the firm hit does not want too much out in the open, but between a few, 2% and optionally a stage that could go beyond 27% is a setting too many are unable and too uneasy to consider. And when we see that 27%, do I still sound too ‘doomsday’ when I state that there is a much larger problem? And when we see the media go with ‘MSPs on alert after Kaseya VSA supply chain ransomware attack’, all whilst I stated a few issues well over 2 years ago, they should have been on the ball already. I am not blaming the MSP’s, but I do have questions on how their systems are so automated that an attack of this kind (the stated 1000+ customers hit) all whilst some sources state 50 MSP’s, there is a stage where triggers would have been there and the alarms were set to silent because some people might have thought that there were too many false alarms. This is a different stage to the larger playing field, yet I believe it needs to be looked at, especially when the damage can be so large. I am not certain what work lies ahead of the hit customers like COOP that had to close down 800 supermarkets, but in all this something will have to give. 

Leave a comment

Filed under IT, Science

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.