Infosec Update

[TheDouglas78]

The way you describe it, Bitcoin shouldn’t be used for ransom payment. If that were true, why do they use it? Why are they using crypto(currencies) to buy their new Lambos/Ferraris/Bugatti’s?

Ransom recipient are not cowering, They are using the money to buy luxuries and “reinvesting” in their companies by buying more 0days, so they can do the next thing.

As long as the “hackers” stay in Russia (or China or wherever), they can essentially do whatever they want.

Crypto(currencies) are not my in wheelhouse, but I will say there isn’t any slowing down on pushing out ransomware, collecting the coin, and living the high life.

They aren't slowing down because people hear crypto currency and believe it is safe. especially with movies and televisions shows selling it as the next step in the evolution of hidden funds.

Now it's not as easy to trace as a check or a wire transfer (obviously). But the path is still there. Bitcoin being backed they way they are has a 100% path on both sides of the transaction. The fact that the hackers we know about use Bitcoin, truly shows what level of hackers they are.

Geofencing the US from “the rest of the world” isn’t really feasible. Attribution is hard. They don’t fire up their home computers and start their campaigns. Instead, they bounce off of compromised hosts in other countries (even the US) and the use their ephemeral, cloud-based infrastructure to carry out their deeds.

agreed...

Many in infosec come from military backgrounds (not me), and they have even seriously discussed on Twitter the need for a kinetic response (again, not me). Response, hack-back, or even deep dive attempts to attribute campaign to country/group is way above my pay grade (and can be highly illegal under CFAA - Computer Fraud and Abuse Act)

if there were a simple answer, we wouldn’t be in the position we are in.

This is already happening.

 

[Swamp Donkey]

The way you describe it, Bitcoin shouldn’t be used for ransom payment. If that were true, why do they use it? Why are they using crypto(currencies) to buy their new Lambos/Ferraris/Bugatti’s?
.

Because they arent very bright.

 

[Swamp Donkey]

They aren't slowing down because people hear crypto currency and believe it is safe..

I mean.... it is right there in the NAME....

Crypto. it must be secret.

 

[Swamp Donkey]

This is already happening.

If you blew up a pipeline, youd get a hellfire through you window or down the chimney.

It is always the right response.

 

[Seedy]

Asked the question "will bitcoin grab impact ransomware gangs?" to infosec investigation group Huntress Labs during a webinar. I'll relay any comments they offer.

 

[TheDouglas78]

Asked the question "will bitcoin grab impact ransomware gangs?" to infosec investigation group Huntress Labs during a webinar. I'll relay any comments they offer.

Seedy, they are probably not the same group I talk to on a regular, if so you won't get an official response on a webinar.

 

[Swamp Donkey]

Asked the question "will bitcoin grab impact ransomware gangs?" to infosec investigation group Huntress Labs during a webinar. I'll relay any comments they offer.

From IT people? Dude, just turn it off and turn it back on.

The same people a few weeks ago who were saying it wasnt possible to seize their account while I was telling you it was probably already done?

The only reason they let it sit as long as it did was to see who exactly tried to remove some of it or who it was sent to.

You dont even have to get the hackers necessarily, just disrupt their ability to mix the funds.

They have pissed off the govt. All the three letter feds are now focusing on this and will make their lives hell.

 

[Detroitgator]

I mean.... it is right there in the NAME....

Crypto. it must be secret.

It was in the NYT, so you know it's secret!

 

[TheDouglas78]

From IT people?

Depends on the IT people who talk to...

 

[Seedy]

What if the goal is disruption, and ransom collection is a byproduct? State-sponsored ransomware is a thing.

Generalizing "IT People -- shut off and back on" -- that's too funny. Those are helpdesk personnel. I haven't been in a helpdesk role in 23-25 years. My expertise far exceeds "turn it off and back on again"

 

[Swamp Donkey]

My expertise far exceeds "turn it off and back on again"

No doubt. My point is that even IT people who are in the business of securing networks from ransomware and malware of other types, arent in the business of investigating financial crimes, shutting down criminal networks and putting people in prison.

 

[Seedy]

No doubt. My point is that even IT people who are in the business of securing networks from ransomware and malware of other types, arent in the business of investigating financial crimes, shutting down criminal networks and putting people in prison.

I agree. Infosec should be a one-stop shop and carryout all responses to ransomware. Much of it is Legal, Insurance, SecretService/CIA/FBI, Upper Management, etc., etc., etc.. Clearly, I would not be the right person to discuss how, when, and where to use bitcoin.

The result of bitcoin usage (right or wrong) has enabled ransomware to occur, and we are at the early stages of what the ransomware-arc.

 

[AlexDaGator]

What if the goal is disruption, and ransom collection is a byproduct? State-sponsored ransomware is a thing.

Generalizing "IT People -- shut off and back on" -- that's too funny. Those are helpdesk personnel. I haven't been in a helpdesk role in 23-25 years. My expertise far exceeds "turn it off and back on again"

Same for our IT guy.

Turn it off and turn it back on again, that's rookie stuff.

Our guy googles the problem like a real pro and gets paid the big bucks to do it.


Alex.

 

[AlexDaGator]

So anyway...

Is this a good thing? Like a really big silver lining good thing?

Clearly, some significant weaknesses are being exposed. Imagine if a bunch of those attacks all happened at once during a major blizzard or hurricane or something.

Maybe these ransomware ass holes are doing us a favor by exposing the gaps in our defenses so we can fix them now while this is more of an inconvenience than a freezing, starving Americans in the streets thing.


Alex.

 

[Detroitgator]

What if the goal is disruption, and ransom collection is a byproduct? State-sponsored ransomware is a thing.

Generalizing "IT People -- shut off and back on" -- that's too funny. Those are helpdesk personnel. I haven't been in a helpdesk role in 23-25 years. My expertise far exceeds "turn it off and back on again"

That was a good show...

 

[Detroitgator]

So anyway...

Is this a good thing? Like a really big silver lining good thing?

Clearly, some significant weaknesses are being exposed. Imagine if a bunch of those attacks all happened at once during a major blizzard or hurricane or something.

Maybe these ransomware ass holes are doing us a favor by exposing the gaps in our defenses so we can fix them now while this is more of an inconvenience than a freezing, starving Americans in the streets thing.


Alex.

Like Pearl Harbor?

 

[TheDouglas78]

So anyway...

Is this a good thing? Like a really big silver lining good thing?

Clearly, some significant weaknesses are being exposed. Imagine if a bunch of those attacks all happened at once during a major blizzard or hurricane or something.

Maybe these ransomware ass holes are doing us a favor by exposing the gaps in our defenses so we can fix them now while this is more of an inconvenience than a freezing, starving Americans in the streets thing.


Alex.

It comes down to private businesses believing they need to provide resources too these issues. Some will do so, others will think it won't happen to us. These aren't new weaknesses or weaknesses that were not exposed in 2018, 2019 or 2020... and we still had people that didn't take it seriously...

 

[Detroitgator]

It comes down to private businesses believing they need to provide resources too these issues. Some will do so, others will think it won't happen to us. These aren't new weaknesses or weaknesses that were not exposed in 2018, 2019 or 2020... and we still had people that didn't take it seriously...

FUK! I was going to make a comment regarding this from a specific conversation I had years ago with Ray Musser from GD Big and I see that he just died in February! :(

 

[TheDouglas78]

FUK! I was going to make a comment regarding this from a specific conversation I had years ago with Ray Musser from GD Big and I see that he just died in February! :(

I liked Ray to the few times I got to deal/speak with him.

 

[Swamp Donkey]

So anyway...

Is this a good thing? Like a really big silver lining good thing?

Clearly, some significant weaknesses are being exposed. Imagine if a bunch of those attacks all happened at once during a major blizzard or hurricane or something.

Maybe these ransomware ass holes are doing us a favor by exposing the gaps in our defenses so we can fix them now while this is more of an inconvenience than a freezing, starving Americans in the streets thing.


Alex.

Honestly, I think it is. plus we're going to have some reevaluation of does this stuff actually need to be on the internet anyway. frankly not everything needs to be on the internet and in the cloud. Not everything needs to be completely automated or at least not capable of running on an override manual override by a real person at each oil pipeline junction or whatever.

While the guys are right that it's possible that even if we go to a US only net that there might be some hacks and some vulnerable access points, it will still be better than the system being wide open. Somewhat like a border wall, it's still permeable but it's a lot less permeable.

You will still be able to navigate to www and buy garbage from Russia or China if you want but at least you'll know that youre international.