Discussion:
Worse than WannaCry
(too old to reply)
RS Wood
2017-06-22 19:52:30 UTC
Permalink
Raw Message
https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html

But in this case, modern-day detection systems created by Cylance,
McAfee and Microsoft and patching systems by Tanium did not catch the
attack on IDT. Nor did any of the 128 publicly available threat
intelligence feeds that IDT subscribes to. Even the 10 threat
intelligence feeds that his organization spends a half-million dollars
on annually for urgent information failed to report it. He has since
threatened to return their products.

“Our industry likes to work on known problems,” Mr. Ben-Oni said. “This
is an unknown problem. We’re not ready for this.”

No one he has spoken to knows whether they have been hit, but just this
month, restaurants across the United States reported being hit with
similar attacks that were undetected by antivirus systems. There are
now YouTube videos showing criminals how to attack systems using the
very same N.S.A. tools used against IDT, and Metasploit, an automated
hacking tool, now allows anyone to carry out these attacks with the
click of a button.

Worse still, Mr. Ben-Oni said, “No one is running point on this.”

Last month, he personally briefed the F.B.I. analyst in charge of
investigating the WannaCry attack. He was told that the agency had been
specifically tasked with WannaCry, and that even though the attack on
his company was more invasive and sophisticated, it was still
technically something else, and therefore the F.B.I. could not take on
his case.

The F.B.I. did not respond to requests for comment.

So Mr. Ben-Oni has largely pursued the case himself.
--
RS Wood <***@therandymon.com>
Andy K.
2017-06-22 20:00:33 UTC
Permalink
Raw Message
On Thu, 22 Jun 2017 15:52:30 -0400
Post by RS Wood
So Mr. Ben-Oni has largely pursued the case himself.
The article goes to great lengths to describe how he wants to catch
whoever's doing the attacks and to get them behind bars or whatnot. But
what about doing the smart thing first and fixing your environment to be
secure from the "two cyberweapons stolen from the National Security
Agency"?
Post by RS Wood
But in this case, modern-day detection systems created by Cylance,
McAfee and Microsoft and patching systems by Tanium did not catch the
attack on IDT. Nor did any of the 128 publicly available threat
intelligence feeds that IDT subscribes to. Even the 10 threat
intelligence feeds that his organization spends a half-million dollars
on annually for urgent information failed to report it. He has since
threatened to return their products.
Good for him for calling out their snake oil. Security is not about
fancy software products that make you feel safe.


--
AndyK
Rich
2017-06-22 20:30:09 UTC
Permalink
Raw Message
Post by RS Wood
https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html
But in this case, modern-day detection systems created by Cylance,
McAfee and Microsoft
All of this software is quite similar to age-old snake-oil.

They *all* work by detecting *known* threats. Which means you are
vulnerable until the vendor learns of the threat, updates the software
to detect the threat, and then you update your copy of the software.

They all work the same way the TSA works, checking for "what someone
has tried to do before". None of them (nor the TSA) checks for
"something new someone might try".

Loading...