Finally, folks might wake up....

philz1982philz1982 Member Posts: 978
Weird title for an post on a hack, but finally folks might wake up. The hack has branched out of critical infrastructure and into manufacturing.

BBC News - Hack attack causes 'massive damage' at steel works

Comments

  • lsud00dlsud00d Member Posts: 1,571
    I've been saying this for some time but similar to SDN, email should be zoned/sandbox'd based on certain criteria (some combination of non-persistent VDI and email directional rules). The majority of successful cyberintrusions start with social engineering, and the most common attack vector is email. Obviously these emails are getting beyond mail filters, sometimes several layers deep, but conventional defense-in-depth methodologies are still failing at the perimeter, and with the human element.

    Either that or get back to faxing :)
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    "booby-trapped emails to steal logins that gave them access to the mill's control systems"
    Ha ha the only boobs are the idiots that gave admin creds over an email.
  • philz1982philz1982 Member Posts: 978
    I so wanted them to put a picture of Admiral Ackbar yelling It's a Trap!
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    People definitely won't learn that much I know. The biggest issue I see in most environments is that no one truly knows exactly what is connecting where. Also, they aren't reviewing and flagging policy violations actively. I had a case where it wasn't until after an issue and some investigation on our part that it was realized their own corporate policy was violated to allow something to happen that if the policy was followed never would have occurred.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • philz1982philz1982 Member Posts: 978
    Seems like there would be a business to build a software suite that can allow a non-techie person to draft a policy through Q/A that automatically outputs Snort, ACL, and Proxy configs.
Sign In or Register to comment.