South Korean Firm Pays Massive Ransom


  • Service Provider

    South Korean firm's 'record' ransom payment
    http://www.bbc.co.uk/news/technology-40340820


  • Service Provider

    I thought it was interesting that so many linux systems were hit. Has anyone heard of phishing attacks (or others) that went after linux boxes before?


  • Service Provider

    @Mike-Davis said in South Korean Firm Pays Massive Ransom:

    I thought it was interesting that so many linux systems were hit. Has anyone heard of phishing attacks (or others) that went after linux boxes before?

    I've heard of a few. they are rare, but Linux system are the much bigger payoff targets. The data, on average, on Linux servers are worth a lot more. but a lot harder to hit.



  • Does anyone know what Linux distro that was a attacked? Besides using certain antivirus, wouldn't apparmor or selinix would of help prevent the attack?



  • $20 says it was an unmatched plugin for a CMS/CMF.



  • @black3dynamite said in South Korean Firm Pays Massive Ransom:

    Does anyone know what Linux distro that was a attacked? Besides using certain antivirus, wouldn't apparmor or selinix would of help prevent the attack?

    Another $20 says they had either one disabled.



  • http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/

    They were running an old kernel, old php, and old apache. According to the article.



  • wow



  • @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    @Mike-Davis said in South Korean Firm Pays Massive Ransom:

    I thought it was interesting that so many linux systems were hit. Has anyone heard of phishing attacks (or others) that went after linux boxes before?

    I've heard of a few. they are rare, but Linux system are the much bigger payoff targets. The data, on average, on Linux servers are worth a lot more. but a lot harder to hit.

    I'm sure that if Linux was as targeted as Windows is, there would be just as many vulnerabilities found... or at least a lot more than you think. However, I'm sure they would be fixed much faster than Microsoft fixes things, due to being open source.



  • @Tim_G said in South Korean Firm Pays Massive Ransom:

    @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    @Mike-Davis said in South Korean Firm Pays Massive Ransom:

    I thought it was interesting that so many linux systems were hit. Has anyone heard of phishing attacks (or others) that went after linux boxes before?

    I've heard of a few. they are rare, but Linux system are the much bigger payoff targets. The data, on average, on Linux servers are worth a lot more. but a lot harder to hit.

    I'm sure that if Linux was as targeted as Windows is, there would be just as many vulnerabilities found... or at least a lot more than you think. However, I'm sure they would be fixed much faster than Microsoft fixes things, due to being open source.

    Sorry, but this is wrong. I work in cyber security department and my focus is server vulnerabilities. Untouched and unpatched linux servers have far less vulnerabilities than Windows servers. It's really a staggering difference. If I take a sample of 100 Windows Servers and 100 Linux Servers. I would venture to guess you'd have at 10x the amount of vulnerabilities on Windows. Keep in mind that generally around 10 or so patches are released each month for Windows. Linux OS updates are much more rare.



  • @IRJ said in South Korean Firm Pays Massive Ransom:

    @Tim_G said in South Korean Firm Pays Massive Ransom:

    @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    @Mike-Davis said in South Korean Firm Pays Massive Ransom:

    I thought it was interesting that so many linux systems were hit. Has anyone heard of phishing attacks (or others) that went after linux boxes before?

    I've heard of a few. they are rare, but Linux system are the much bigger payoff targets. The data, on average, on Linux servers are worth a lot more. but a lot harder to hit.

    I'm sure that if Linux was as targeted as Windows is, there would be just as many vulnerabilities found... or at least a lot more than you think. However, I'm sure they would be fixed much faster than Microsoft fixes things, due to being open source.

    Sorry, but this is wrong. I work in cyber security department and my focus is server vulnerabilities. Untouched and unpatched linux servers have far less vulnerabilities than Windows servers. It's really a staggering difference. If I take a sample of 100 Windows Servers and 100 Linux Servers. I would venture to guess you'd have at 10x the amount of vulnerabilities on Windows. Keep in mind that generally around 10 or so patches are released each month for Windows. Linux OS updates are much more rare.

    From what I've seen on Linux, there's updates almost daily. But you have to define "OS updates". Linux is just a kernel, so in that case I'm sure it's true. How often are Windows kernel updates? The Windows kernel is not patched 10 times a month, either.

    Any OS un-touched/un-updated/un-patched shouldn't even be included in any kind of statistics. Nobody would or should use something like that anyways. The more people looking at something, the more things with it you will find... bad (vulnerabilities) or good things.



  • @Tim_G Good Vulnerabilities?

    I get what you mean, and I think @IRJ is simply stating that Windows is less maintained because of update schedules and patch release schedules.



  • @Tim_G said in South Korean Firm Pays Massive Ransom:

    Untouched and unpatched linux servers have far less vulnerabilities than Windows servers.

    You also need to define which OS you are comparing.

    Are you suggesting that a comparison between Minimal install/deployment of RedHat is more secure than a full GUI install of Windows Server 2012 R2? That's comparing apples to oranges.

    How about a minimal Linux install vs minimal Nano server install?



  • Also, you need to consider what it is that's vulnerable. Is it Linux? Is it Windows?... or is it a program running on top of Linux/Windows such as Apache, Office, video driver? Which doesn't mean the OS is vulnerable.



  • @DustinB3403 said in South Korean Firm Pays Massive Ransom:

    @Tim_G Good Vulnerabilities?

    I get what you mean, and I think @IRJ is simply stating that Windows is less maintained because of update schedules and patch release schedules.

    Not exactly. Windows is just more vulnerable by default. There is really no comparison.

    Do you guys not do vulnerability scanning on your networks? The proof is in the pudding, I challenge you to scan your Windows vs Linux servers to see what I am talking about. Everywhere I have been and done scanning, It has the same result no matter what the company. Linux is less vulnerable than Windows.

    Seriously though, don't take my word for it. Test it yourselves.


  • Service Provider

    The cultural differences are big too. Look at Spiceworks. Nearly everyone runs Windows and there is a huge cultural thing of not patching or not running current versions. No idea why. You only see this in Linux in a weird Ubuntu subset group.

    Treating Windows like a production level system changes things significantly. Just so many people running it don't



  • @Tim_G said in South Korean Firm Pays Massive Ransom:

    Also, you need to consider what it is that's vulnerable. Is it Linux? Is it Windows?... or is it a program running on top of Linux/Windows such as Apache, Office, video driver? Which doesn't mean the OS is vulnerable.

    Does it matter from an attackers point of view? Windows software by design is usually less secure than Linux software. I mean we are looking at attack surface here. If you scan two web servers (Linux and Windows) the Windows one will be more vulnerable every day of the week.

    I understand what you are saying, and yes alot of Windows vulns come from shitty coded applications. However, we cannot ignore that because it is relevant to protecting servers. Your original statement was

    @Tim_G said

    I'm sure that if Linux was as targeted as Windows is, there would be just as many vulnerabilities found... or at least a lot more than you think. However, I'm sure they would be fixed much faster than Microsoft fixes things, due to being open source.

    No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw. It is the server admin's fault for having Adobe Reader on a server in this case. Maybe we see this pattern because of the difference in mindset between Windows and Linux admins, but for me it's held true in at least a dozen different organizations where I have done this type of work.



  • @IRJ said in South Korean Firm Pays Massive Ransom:

    @DustinB3403 said in South Korean Firm Pays Massive Ransom:

    @Tim_G Good Vulnerabilities?

    I get what you mean, and I think @IRJ is simply stating that Windows is less maintained because of update schedules and patch release schedules.

    Not exactly. Windows is just more vulnerable by default. There is really no comparison.

    Do you guys not do vulnerability scanning on your networks? The proof is in the pudding, I challenge you to scan your Windows vs Linux servers to see what I am talking about. Everywhere I have been and done scanning, It has the same result no matter what the company. Linux is less vulnerable than Windows.

    Seriously though, don't take my word for it. Test it yourselves.

    Our Nessus scans show much less vulnerabilities for patched Linux than patched Windows.

    You also have to look at the real world examples already. Windows makes up around 15-20% of the web. The rest is Linux. I'm pretty sure it's heavily targeted daily.



  • @stacksofplates said in South Korean Firm Pays Massive Ransom:

    @IRJ said in South Korean Firm Pays Massive Ransom:

    @DustinB3403 said in South Korean Firm Pays Massive Ransom:

    @Tim_G Good Vulnerabilities?

    I get what you mean, and I think @IRJ is simply stating that Windows is less maintained because of update schedules and patch release schedules.

    Not exactly. Windows is just more vulnerable by default. There is really no comparison.

    Do you guys not do vulnerability scanning on your networks? The proof is in the pudding, I challenge you to scan your Windows vs Linux servers to see what I am talking about. Everywhere I have been and done scanning, It has the same result no matter what the company. Linux is less vulnerable than Windows.

    Seriously though, don't take my word for it. Test it yourselves.

    Our Nessus scans show much less vulnerabilities for patched Linux than patched Windows.

    You also have to look at the real world examples already. Windows makes up around 15-20% of the web. The rest is Linux. I'm pretty sure it's heavily targeted daily.

    Yes, I have used Nessus, OpenVAS, and Qualys, and Nexpose. They are all virtually the same, but their results are consistent in showing Linux as more secure than Windows.



  • @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    Treating Windows like a production level system changes things significantly. Just so many people running it don't

    I know many Windows admins who think all they have to do is deploy MS patches and they are safe. It is quite comical, really. They dont patch 3rd party with any centralized tool and they don't run vuln scans on their servers. As long as their MS patches are up to date, it is smooth sailing. Who cares if you have Adobe Reader 8 on your server as long as you have MS patches ;)



  • @IRJ I'm working to get a proper security assessment of everything in my org.

    I'm also drafting my own documentation on how things are setup, and what is what. So no I don't run security audits of the items on premise, but wish I could / do.



  • @DustinB3403 said in South Korean Firm Pays Massive Ransom:

    @IRJ I'm working to get a proper security assessment of everything in my org.

    I'm also drafting my own documentation on how things are setup, and what is what. So no I don't run security audits of the items on premise, but wish I could / do.

    I can give you some advice on getting started if you'd like. All free , opensource tools :)



  • @IRJ Sure, lets create a new topic though


  • Service Provider

    @IRJ said in South Korean Firm Pays Massive Ransom:

    @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    Treating Windows like a production level system changes things significantly. Just so many people running it don't

    I know many Windows admins who think all they have to do is deploy MS patches and they are safe.

    I know tons that feel that all they have to do is AVOID patching Windows and they'll be safe. How many people have argued with me that the risk of patching and keeping systems up to date is worse than the threat of malware and hacking! I've literally been told this, over and over again! So many Windows Admins fear Windows itself more than they fear anything else.


  • Service Provider

    @IRJ said in South Korean Firm Pays Massive Ransom:

    No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.

    Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.

    By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.

    Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.

    Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.

    Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.

    Summary: Insecure people choose Windows, Windows doesn't make people insecure.



  • The thing I like about Windows 10 is that it does a better job at forcing users or at least home users to update. Unlike Windows XP because we all know back then users hardly pay attention to updates. Heck I still she that happens even with 7 and 8 a lot.



  • @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    @IRJ said in South Korean Firm Pays Massive Ransom:

    No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.

    Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.

    By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.

    Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.

    Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.

    Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.

    Summary: Insecure people choose Windows, Windows doesn't make people insecure.

    Yes, this was the point I was trying to make... but you said it so much better.



  • Besides not patching, I've seen Windows environments where the firewall is turned off or allowing all incoming traffic.

    Home users using a 3rd party paid security software and not keeping up with subscription. Not sure why would anyone use 3rd party when Windows 10 provides a good one that is always available and up to date. That's including Server 2016 too.


  • Service Provider

    @black3dynamite said in South Korean Firm Pays Massive Ransom:

    Besides not patching, I've seen Windows environments where the firewall is turned off or allowing all incoming traffic.

    That's big too. So many people don't trust Microsoft's defaults. They disable nearly all the security that they can find.



  • @scottalanmiller said in South Korean Firm Pays Massive Ransom:

    @IRJ said in South Korean Firm Pays Massive Ransom:

    No there isn't as many vulnerabilities found, and from an attacker point of view who cares if they get in because of the OS or because of an IIS flaw or Adobe Reader flaw.

    Well we do. If we are running our own systems, selecting our own software, etc. we certainly care if the issue is that Windows is insecure, or if something we don't run but lots of other people do on Windows is insecure or if the issue is just that other Windows Admins do insecure things. Yes, there is an association, people running Adobe are way more likely to be doing so on Windows than on Linux, granted. But to say Windows is vulnerable requires causality, not correlation. It's not windows making it vulnerable, it's Adobe.

    By that logic, we'd also say that all people who deploy Windows are vulnerable (which is more true than anything else) and that companies willing to run on Windows are inherently insecure and so forth.

    Windows might not match Linux in security, but it is really good on its own. That it is almost always used by people who can't figured out security or the need for it doesn't influence what is good for us.

    Example - Ferraris are one of the safest cars in the world, yet Ferrari drivers have terrible accidents all of the time because rich kids drive them like idiots. As a car buyer, that other people who drive badly often buy Ferraris does not tell me that a Ferrari is more dangerous for me. The purchasing of the Ferrari does not make me a bad driver.

    Same here, if you are a secure admin, using windows will work just fine for you. If you are an insecure one, Linux won't work for you either... but for other reasons, chances are, you won't deploy Linux, only Windows.

    Summary: Insecure people choose Windows, Windows doesn't make people insecure.

    Well the Windows OS itself is less secure by far. So there is also that...


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.