Jump to content

How does a 33 billion dollar company get Ransome ware.


rsailors

Recommended Posts

23 hours ago, EndangeredPootisBird said:

Security products can handle 99.9% of threats that businesses face. The problem is that the most advanced products can still falter if malware don't exhibit enough malicious behavior, or if cybercriminals digitally sign their malware, which greatly reduces the chance of evading on-access scans, creating more room for false negatives.

Another problem is that there are many ways that you can disable security products, as showcased by Impair Defenses Technique T1562,sSo by the time the cybercriminals launch their ransomware, the security product in place may be completely disabled.

It's all about layers and balancing the protection, if you spend all your money on protecting the endpoint then you will leave everything else less protected.

Right, but if a tool like MB can detect encryption or even see it, I would assume it would flag it and stop it. It would be nice for someone at MB to weigh in on this, as it's a bit concerning. I hope MB can't be disabled by any means other than an admin. 

As for the network, I agree that you need a good security appliance. I'm speaking of MB here. If someone makes it past our first layer of defense, we would have a much greater issue. 99% of the time, things are stopped at our security appliance.

Link to post
Share on other sites

49 minutes ago, EndangeredPootisBird said:

I have personally been able to completely disable Avast and Bitdefender using the Process Hacker tool, and I believe I were only able to kill the GUI of Malwarebytes, but not it's services or processes that provide the protection, though that was over a year ago, so things may have changed since then.

Ransomware move fast, I have seen plenty of ransomware encrypting files so fast that security software don't even react, such as the Magniber Ransomware that targeted south-korean users a year and half ago, with Kaspersky being the only one able to detect it and newer variants for well over 6 months until other tools began catching up with their behavioral blockers, not sure how Malwarebytes wouldve fared as I never saw someone testing it against Magniber. Another problem is that ransomware execute remotely, and security tools may not scan files or processes executed remotely.

Very scary stuff, for sure. I guess we have been very lucky with our security appliances and MB. I worked for Lockheed and NASA for over 10 years as a network admin, so I have seen some crazy things. It seems impossible to keep up with the ever-changing threats.

Link to post
Share on other sites

"All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk," the organization wrote in a post on X. Those details came from ALPHV, but have not been independently confirmed by security researchers."

Observation only. 

Edited by NewTricks
Update
Link to post
Share on other sites

It took human error. Ransomware is not the beginning it comes later. Security in layers is effective in theory but you cannot rely one one layer. The threat actors started with psychology to access the system by a phone call and social engineering. That gave them the initial entry. From there is is still a guess but my money is on they dwelled in the environment doing reconnaissance. Carefully poking around to see what alerts were detected and acted on. This was more than likely a organized and sophisticated attack. The ransomware was staged but not detonated originally according the ALPHV's statements. It wasn't until they decided that MGM had brought in a negotiator or government assistance. As stated before 99% is great but that 1% is all it takes. The Ransomware was detonated after showing small bits of proof they had control of the network and systems.

The Uber breach was worse. The threat actor went into their Slack Channels announced that he has control of their environment and they laughed thinking it was a joke. Search the screenshots he supplied.

Malwarebytes is an amazing solution but it is only one layer. Never forget Humans are a layer in security too.

 

  • Like 3
Link to post
Share on other sites

  • Root Admin

Ransomware and Identity theft has sadly become big business itself these days.

I've been doing Enterprise level support for decades and you'd be surprised at the low level of some system admins that even big business hires. Having all the certifications in the world won't help in real life if you don't have real hands-on experience.

 

  • Like 3
Link to post
Share on other sites

10 hours ago, AdvancedSetup said:

Ransomware and Identity theft has sadly become big business itself these days.

I've been doing Enterprise level support for decades and you'd be surprised at the low level of some system admins that even big business hires. Having all the certifications in the world won't help in real life if you don't have real hands-on experience.

 

I agree with this. Ransomware and Identity theft is super popular nowadays. It’s such a sad and scary fact that all security protocols and software can be broken into and how poor some system admins do in some cases. :((

  • Like 1
Link to post
Share on other sites

Thanks for all the feedback. We have been using MB Enterprise for a long time with our stack, and we love it. I suppose it helps that we don't have a huge footprint, but so far, we have never had an issue where MB didn't catch the bug at a single point of infection. It's never made the jump to any other device on the network. What concerns me is how these tools like MB get disabled even though they are password protected. I get it if someone has the password, but if they don't and are still able to bypass that, that's a real issue.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.