An ideas site for network intelligence

Ransomware: Lurking on Defended Networks

Spiceworks post on RansomewareA post on A Spiceworks community post demonstrated that a network with at least pretty-good defenses could nonetheless infected with ransomware. It’s a sobering reminder that is best read by users responsible for patching their own machines, or by admins responsible for keeping workstations current across their network.


Unclassified State Department Servers Breached

US State Department logoFollowing an earlier AP story, the NY Times reported that the US State Department had been added to a list of government agencies attacked in recent weeks. Attribution has been difficult, with NOAA and Post Office hacks apparently originating in China, with a White House breach thought to be the work of Russians. Other outlets report that State Department mail servers worldwide will be shutdown until security patches (of some sort) are implemented. It case it wasn’t made clear, the Fox station  in Boston reminded readers that it was State’s worldwide unclassified system that was affected.

An old principle is at work: economies of scale from centralization can lead to increased risk.

Chinese Govt Engineers Thought Behind USPS Breach

USPS Post Office Box

According to the Washington Post, Chinese government engineers are suspected of breaching U.S. Postal Service computer networks. While credit card and financial data was not compromised, sources said, the Post wrote that “The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information . . .The data of every employee were exposed.”

Previous attacks thought to be of Chinese origin had been conducted against the Office of Personnel Management and, just last August, against a US government contractor responsible for conducting background security checks.

Slow Pace of Forensics Dogs JPMorgan Chase Cyberattack Postmortem

Dealbook logo New York Times logo

Dealbook by New York Times

Despite discovering the attack in “late July,” the NYT Dealbook story reports that investigators are still unsure about many aspects of what was described as “a huge cyberattack” on JPMorgan Chase. Recently disclosed information revealed that the scale of the attack — apparently launched from overseas — indicated that around nine other financial institutions were also attacked, most likely by the same group.

The lag between the discovery and report (on 3 October) reveals the difficulties faced in uncovering the source and impact of such attacks. While few additional details have been reported, except that JPM Chase defenders were able to blunt the “burrowing” attack before any confidential information was disclosed, these facts alone suggest that even well-funded, presumably top flight defense can be compromised by dedicated attackers. More importantly, even after such attacks have been to some extent foiled, it remains difficult to assess the scope or source of the attacks. The NYT Dealbook report says current opinion has it that attacks were initiated by groups loosely connected to the Russian government, but this evidence is likely not definitive.