Finally, folks might wake up....

philz1982

Weird title for an post on a hack, but finally folks might wake up. The hack has branched out of critical infrastructure and into manufacturing.

BBC News - Hack attack causes 'massive damage' at steel works

lsud00d

I've been saying this for some time but similar to SDN, email should be zoned/sandbox'd based on certain criteria (some combination of non-persistent VDI and email directional rules). The majority of successful cyberintrusions start with social engineering, and the most common attack vector is email. Obviously these emails are getting beyond mail filters, sometimes several layers deep, but conventional defense-in-depth methodologies are still failing at the perimeter, and with the human element.

Either that or get back to faxing

Cyberscum

"booby-trapped emails to steal logins that gave them access to the mill's control systems"
Ha ha the only boobs are the idiots that gave admin creds over an email.

philz1982

I so wanted them to put a picture of Admiral Ackbar yelling It's a Trap!

the_Grinch

People definitely won't learn that much I know. The biggest issue I see in most environments is that no one truly knows exactly what is connecting where. Also, they aren't reviewing and flagging policy violations actively. I had a case where it wasn't until after an issue and some investigation on our part that it was realized their own corporate policy was violated to allow something to happen that if the policy was followed never would have occurred.

philz1982

Seems like there would be a business to build a software suite that can allow a non-techie person to draft a policy through Q/A that automatically outputs Snort, ACL, and Proxy configs.