An ideas site for network intelligence

Ransomware: Lurking on Defended Networks

Spiceworks post on RansomewareA post on A Spiceworks community post demonstrated that a network with at least pretty-good defenses could nonetheless infected with ransomware. It’s a sobering reminder that is best read by users responsible for patching their own machines, or by admins responsible for keeping workstations current across their network.


Slow Pace of Forensics Dogs JPMorgan Chase Cyberattack Postmortem

Dealbook logo New York Times logo

Dealbook by New York Times

Despite discovering the attack in “late July,” the NYT Dealbook story reports that investigators are still unsure about many aspects of what was described as “a huge cyberattack” on JPMorgan Chase. Recently disclosed information revealed that the scale of the attack — apparently launched from overseas — indicated that around nine other financial institutions were also attacked, most likely by the same group.

The lag between the discovery and report (on 3 October) reveals the difficulties faced in uncovering the source and impact of such attacks. While few additional details have been reported, except that JPM Chase defenders were able to blunt the “burrowing” attack before any confidential information was disclosed, these facts alone suggest that even well-funded, presumably top flight defense can be compromised by dedicated attackers. More importantly, even after such attacks have been to some extent foiled, it remains difficult to assess the scope or source of the attacks. The NYT Dealbook report says current opinion has it that attacks were initiated by groups loosely connected to the Russian government, but this evidence is likely not definitive.