covering the week's top textbooks like
Linux bias the Department of Homeland
Security is said on Tuesday that a
us-based natural gas facility had to
shut down operations for two days after
sustaining a ransomware infection that
prevented personnel from receiving
crucial real-time operational data from
control and communication equipment the
advisory didn't identify the site except
to say that it was a natural gas a
natural gas compression facility such
sites typically use turbines motors and
engines to compress natural gas so that
it can be safely moved through pipelines
the attack started with a malicious link
in a phishing email that allowed
attackers to pivot from the facility's
IT network to the facilities ot network
which is the operational technology hub
of servers that control and monitor
physical processes of the facility with
that both the IT and ot networks were
infected with her and somewhere the
attack knocked out crucial control and
communications gear that on-site
employees depend on to monitor the
physical processes the infection didn't
spread to program a programmable logic
controllers which actually control
compression equipment and it didn't
cause the facility to lose control of
operations the adviser explicitly said
that quote at no time did the threat
actor obtain the ability to control or
manipulate operations end quote okay so
even though they weren't able to control
operations it's still really scary I I
have to kind of bite my tongue on that
statement because it kind of feels like
one of those where there oh well they
didn't they weren't actually able to
take control well they really were yeah
work yeah maybe they didn't take control
and blow something up sure but they had
control mm-hmm so it's kind of like I
don't know if I like that statement
and ransomware is we can be really
complacent and say it's just the
encryption of my files no they had to
get that in somehow and how did they get
that in in this case an email file right
so that email file contained ransomware
which encrypted our files okay what else
did it do what else could it have done
mm-hmm could it have installed a
gigabyte motherboard driver that is
exploitable right that has like a
backdoor in it that allows them into our
network and into our ot network and then
into our actual controllers you don't
really know like that's really
complacent to state unless you've got
data to back it unless you can
legitimately say this was strictly this
infection we found the infiltration
point we've locked it down we've blocked
every instance but I've had computers
come in for service where they say oh I
I accidentally fell for a phishing scam
and they install the they started
controlling my computer yep yeah and
then we found after is so okay they
thought they were safe but then we found
that there was like back-end software
that was running as as services in the
background there was no uninstaller for
it it was just a service running on the
computer that allowed them to remote in
at any time and take control of the
computer which they're only gonna do it
two o'clock in the morning while you're
sleeping sorry so you don't know what's
happening how many people would notice
now can you just as a precaution
I mean I'm not saying that this is the
answer just turn your computer off at
night would that be that in a in a home
environment oh but not environment when
it's controlling the flow of propane
yeah you'd probably want to leave it
running yeah yeah it's just sad that
this is still becoming a regular story
every single week oh that's like come on
how many times do we have to hear this
before we go hey the world finally got
it and it always seems to be the big
companies or the government's that are
getting hit by it it's like then
directed those are the ones that make
the news true but still
like here a bigger target and I think
Jeff and maybe we can you know maybe
this is a discussion to be had in the
comments below
but I think that these big targets and
forgive me if you're in the IT
departments in these companies forgive
me I don't mean this as a jab but it's a
it's a truth it's a sad truth that we
were educated 10 15 20 years ago ok and
we've been in the industry for that long
and and some of us in the IT department
not myself of course but some of us are
on the verge of retirement and that's
again not a jab I entirely respect what
you do however malware has evolved right
significantly significantly what we're
encountering now is not natus we're not
dealing with PSVs we're not dealing when
was the last time you ever saw a bsv and
if you know what a bsv is then you're
you're this I'm speaking to you it's not
about those anymore
no now it's the evolution back in 2017
when wanna cry dropped and we started
seeing ransomware infiltrating networks
and we started seeing RDP attacks and
and eternal blue being exploited and and
all of these kinds of things that's when
the cybersecurity industry woke up and
said okay we need to re-educate
ourselves and if we haven't since then
and if we're still thinking in that old
mindset where viruses as is our threat
I'm sorry to say that viruses are not
our threat when was the last time we
ever heard of a virus infiltration it
truly has been a long time but they'll
still go I don't want viruses it's like
yeah if that's your biggest concern
antivirus
I'm safe yeah when was the last time you
heard of a fire I haven't got a virus
infection because I have antivirus no
I'm just saying that's that's an
old-school way of thinking and it's a
dangerous way of thinking because that's
that's how these big industries are
getting hit because we've got that
old-school thinking and we're
adequately educating and protecting
ourselves and it comes down you know it
comes down to the c-suite as well
educating our staff and making sure that
there are cybersecurity professionals
that are brought in as consultants and
DLP's put in place to be able to protect
our networks from today's threats not
yes not yesterday is not 1999 threats
now I know we have to get to the next
story but as part of this a budgetary
component sure like they're looking at
it go ahead we can only put in one
percent total budget for cybersecurity
when really they should be looking at 10
percent like not that there's a defined
number but like the way that things grow
it's like you have to grow with the
threats and if that means allocating
more of your budget to more
cybersecurity to protect your
investments and your industry whatever
you're doing you gotta just the budget
accordingly you can't just stick in that
same number be like well we've got our
subscriptions we updated that and oh
we've got an old computer we got to
replace so that's our budget it's like
yes I think it's exactly the same
mindset though Jeff it's yes that word I
use complacent we've become complacent
because we're so used to the old way
when things change we have to change
with it
plain and simple otherwise you're gonna
be we're all under attack sorry we are
all under attack are you going to be
susceptible to the attack right are you
gonna fall victim or are you gonna be a
brick wall that they can't penetrate
we're all under attack this is 2020 do
you remember the books when we were kids
2020 is the future hello