Hackers and Attackers are Active

Jules

Jules

SF VIP
There’s big blackmail money for some of these attackers. We’ll probably be learning of more.

That changed recently when the SEC adopted new rules. Public companies now have to report cybersecurity incidents. Anticipate a flood of such reporting, as the number of incidents continues to increase.”

The Weather Network was unavailable for over a day because it was attacked.

In Las Vegas this week, MGM Resorts was and is still suffering after they refused to pay a ransom. Room keys, CC and ATMs, slot machines, databases were stolen. It‘s costing them a fortune. Caesars Ent. paid a $15 Million ransom last week. That’s looking like a bargain to MGM right now.

Bridge Base Online (BBO) was hit with a DDoS (Denial of Service) attack by a group overloading the system, last week. It slowed down games across the globe. I don’t know if there was any blackmail.

Those that are attacked are damned if they do and damned if they don’t. Once you’ve paid, will you be attacked again.
 

The hackers certainly knew where the big money was when they attacked the Vegas casinos! As someone who has struggled with electronic room and car keys, I’m especially sympathetic to those guests locked out of their own rooms. Metallic keys are so much more reliable.

Hacking of individuals, businesses, and organizations has reached epidemic proportions. I regard it as a form of terrorism, and wish that government would take a much stronger hand in countering it… 😠
 
The police force in Manchester in the north of England were hacked yesterday



Police officers' personal details have been hacked after a company was targeted in a cyber attack.
The firm in Stockport, which makes ID cards, holds information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP).

The force confirmed it was aware of the ransomware attack.

The hack means thousands of police officers' names are at risk of being placed in the public domain.
One officer, speaking anonymously to the BBC, said while the names of many officers were publicly available, there was particular concern regarding the identities of undercover officers.

 

Fyrefox said:
The hackers certainly knew where the big money was when they attacked the Vegas casinos! As someone who has struggled with electronic room and car keys, I’m especially sympathetic to those guests locked out of their own rooms. Metallic keys are so much more reliable.

Hacking of individuals, businesses, and organizations has reached epidemic proportions. I regard it as a form of terrorism, and wish that government would take a much stronger hand in countering it… 😠
Click to expand...

What do you imagine a government could do about it? These attacks are invariably from out of the country, with Russia and China being just two. These attacks are multi-national.

The other thing about them is that in a lot of cases they rely on an individual person doing something stupid. For example, clicking on a file they shouldn't, or visiting a web site they shouldn't. Once the virus is inside the business, it's game over. There's always a level of incompetence about these infections, be it user error, someone who hasn't patched a system, or people who have not designed the security protocols adequately.
 
When we built out electronic systems, we didn't consider how easy it was to infiltrate them. What we need now is the next generation of tamper proof software. I'm not sure how you do that or when it will occur.
 
fuzzybuddy said:
When we built out electronic systems, we didn't consider how easy it was to infiltrate them. What we need now is the next generation of tamper proof software. I'm not sure how you do that or when it will occur.
Click to expand...

Not sure who the "we" are in your comment, but generally, network security has been a thing since the very beginning. The trouble is, network security is really a full time job, and it's a job that's never done. Hackers get more sophisticated, and so Network Security Engineers need to keep up. It gets very complicated very quickly. For example, in the major banks I worked with, making any change on their systems takes a minimum of four to six weeks. Security exists at every single point: Computers, Servers, Routers, physically on the wire, and so on. That's EVERY device that touches that network. It's a tough job, but then again it's a necessary one.

These Ransomeware attacks are something else. They essentially lock the data up, and you have to buy the key, or lose your data.

Apple have been in a battle with the EU over encryption of systems and messages in recent times. Apple want to provide security that governments won't be able to crack (or will be very difficult to crack). The EU want to be able to have methods of getting at underlying data. The thing is, a lot of people are on Apple's side with this, they don't want governments effectively having a back door. The flip side of that is you're helping to create an environment where these hackers can do their work, and once they've got you, you're done.

This will be a never ending battle, but keep this in mind. In 2022, it is estimated that revenue to ransomware hackers was almost half a BILLION dollars. In 2021 it was over $760m. Want to know why they do it? There's your answer.
 
In the Vegas hacking, it’s being said that the vulnerability occurred at a 3rd party site.
 
What do you expect when everyone gave their "heart and soul" to the god of technology? Technology was supposed to solve all our problems. Sure, it solved plenty but it also made plenty of new problems. Wait until AI takes over. It will be more fun "then a barrel of monkeys."

I have noticed a great increase in violence, crime, suicides, isolation and unhappiness. I often wonder what is causing all of this? No, it's not global warming! Guess again!
 
The Vegas had nothing to do with technology.
These days, hackers rely on social engineering.
What they did was look up an information security person on LinkedIn that worked in Vegas/MGM and title indicated they were in a position to have administrative access (meaning their login ID would have the most access)
They then called the Help Desk and convinced them to reset his/her password.
Thats how they did it.
I suspect they gained enough information to make it seem ligit.
Once the password was changed, then the bots kicked in and started locking down IP addresses and subnets.
The weakest link into a system for hackers is 'people'
Two factor authentication would have stopped this but guess they may not have had this important piece of software.
 
In the world of hacking, there are two specific forms of hacking that companies use to determine if a hack needs to be reported to government agencies.

'Breach & Compromised'

1) A Breach is when it has been determined by forensic that data/information/personal data has left the secured network owned by the company
2) A Compromise is when it has been determined that bad actors have gotten into the systems but there is no indication that data has left the network.
A 'Breech' must be reported to regulatory agencies within a pre determined amount of time (depending on the type of date)
A 'Compromise' does not need to be reported.
 

You must log in or register to reply here.

Back
Top