dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
299
HELLFIRE
MVM
join:2009-11-25

12 recommendations

HELLFIRE

MVM

When even the crooks say your org has "chaotic organisation,"sloppy security

»grahamcluley.com/ouch-ra ··· network/
quote:
What’s worse?

Being hit by ransomware attack that sees criminals steal information about your staff and passengers…

or…

Being hit by ransomware attack that sees criminals steal information about your staff and passengers, AND then have the gang tell the world that your firm’s IT infrastructure is so chaotic, poorly-secured, and downright irritating that it refuses to repeat the attack.

That’s the humiliating slap in the face given by the Daixin Team ransomware gang to Air Asia
which lost the personal data of five million passengers and all employees earlier this month.

As DataBreaches.net reports, the incompetence of AirAsia may actually have spared the airline from further attacks:
»www.databreaches.net/air ··· cquired/
quote:
Although Daixin Team allegedly encrypted a lot of resources and deleted backups, they say that they did not really do as much as they normally might do:
quote:
The chaotic organization of the network, the absence of any standards, caused the irritation of the group and a complete unwillingness to repeat the attack.

… The group refused to pick through the garbage for a long time. As our pentester said, “Let the newcomers sort this trash, they have a lot of time.”

DataBreaches cannot think of any other incident this blogger has reported on where threat actors told this site that they actually balked at pursuing an attack because they were irritated by the organization of a network. DataBreaches asked Daixin’s spokesperson if they would confirm that AirAsia’s poor organization really spared the airline from more attacks. The spokesperson responded,
quote:
Yes, it helped them. The internal network was configured without any rules and as a result worked very poorly. It seemed that every new system administrator “built his shed next to the old building.” At the same time, the network protection was very, very weak.
Security by incompetence? Could it catch on?
/spews AM beverage over screen

Regards
Bobby_Peru
Premium Member
join:2003-06-16

6 recommendations

Bobby_Peru

Premium Member

Suggests a fairly obvious "creative" defense for what would otherwise be fairly universally agreed upon as gross negligence. May require serious reorientation of bounties....
mudtoe
join:2005-10-09
Cincinnati, OH

8 recommendations

mudtoe to HELLFIRE

Member

to HELLFIRE
So it's like a burglar breaking into a house owned by a hoarder and walking away empty handed and disgusted because it was taking too long to find anything in the mess worth stealing.....
HELLFIRE
MVM
join:2009-11-25

3 recommendations

HELLFIRE

MVM

@mudtoe See Profile
Very apt analogy there

Regards