cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion

Shuttering a business the hard way.

Only the best business plans have an exit strategy when the business has exceeded it's design and needs to be closed. This company probably didn't have in mind what happened to them.  

 

For those of you who read the article I'm curious what you think of the incident. I think it had to be a disgruntled employee.  What do you think?

5 Replies
emb021
Advocate I

Clearly, who ever did it has inside information.  Could have been operating inside.

 

Motive is unclear.  Maybe a disgruntled employee, or someone else wanting to hurt the company.  Strange they didn't want to extort money from them.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
rslade
Influencer II

My little brother didn't trust GMail, so almost all of his various email addresses/accounts were on VFEmail.net.  I guess I'll have to wait until he sends me a message from some new platform  🙂

 

(Possibly one of the reasons I have multiple accounts on at least six different platforms ...)

 

(On at least two continents  🙂

 

"Disgruntled employee" sounds likely, particularly since the different servers had different authentications.  (Finding someone who had all those authentications shouldn't be hard.)

 

On the forum, someone said that the story set off all his conspiracy theory alarms.  He also posited that, if you had broken into a system and were using it for other attacks, you might just flatten the thing on your way out, to destroy any evidence.  Hacked systems are just so cheap, these days.

 

The fact that no ransom was demanded is also another possible indicator of "disgruntled employee."  Which brings me to my recommendation for ransomware and many, many other forms of attack: backup.

 

Backup, backup, backup.

 

The oldest protection in the book, possibly the most effective, and the one that everyone has (mostly invalid) reasons that they don't use.

 

Yes, I know the backup servers were formatted as well.  That just means you use other forms of backup.

 

I've got an external drive that's semi-permanently attached and running a Windows backup program. It's supposed to backup any changes every fifteen minutes. I don't really trust it, but I've recovered stuff off it occasionally. I don't really trust it because it's attached. Like in the VFEmail case, I figure if I can get at it without plugging in cables, so can the bad guys. I figure the same goes for other machines on the LAN or online or cloud drives or storage systems. I do keep my "current" presentations on Google Drive, just in case.

 

The one I really rely on is an old Passport drive. I have to plug it in to make a backup. I do it sporadically, and probably not as frequently as I should, but it's been surprisingly effective. That drive is, itself, backed up on to external and non-connected laptops. (Well, at this point, laptop. It's on the Windows laptop. It used to be on the Mac as well, but the Mac had a corruption breakdown recently, and I replaced the drive. Since I keep all my old drives [hey, I'm an old malware researcher, and I've got samples and zoos all over the place, so just sending them to recycling would be a bit irresponsible] then I guess it is still backed up on a very external drive.)

 

I got a "credit card" USB drive at a show, recently, and I keep it in my wallet. It's pig slow, so I don't do backups on it as much, but I do keep my current presentations on it, and, at the moment as I writing this, I'm backing up all my email onto it.

 

OK, this is all just to back up my own stuff, and I couldn't keep masses of corporate data in my wallet.  (Although it's surprising how much of the most important stuff you can put on there.)  But the point is the same: backups can save your backside, and a little thought and imagination is more important than million dollar contracts on remote hot sites.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

It could have been a cover up for something else going on internally to protect the integrity of the organisations business or associates?

 

Regards

 

Caute_cautim

rslade
Influencer II

OK, this story still needs some work.  My brother, who I mentioned has lots of VFEmail accounts, says that, while he lost email sent/received during a certain period, can access his (new) email, although only via Web access ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Shannon
Community Champion

 

Securing backups often involves keeping them offline --- that way, you have to access them physically to do any damage. If all this has been the result of an attacker 'formatting everything' --- as was described --- then it's clear that the company's security was lax. We could have a disgruntled employee working by himself, an outsider having an accomplice on the inside, or else an outsider taking advantage of bad security.

 

Motivations can vary: if there's no ransom demand, it's not necessarily a disgruntled employee --- it might be an external party who's been well compensated by a competing organisation, or perhaps even someone who doesn't treasure financial benefits...

 

 

Also, an organization might be more likely to claim it's been the victim of cyber-attacks, rather than admit that its infrastructure was so poorly secured that internal factors were to blame.

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz