Subj : Issue with URL shortener
To   : August Abolins
From : Brian Rogers
Date : Wed May 12 2021 10:52 pm

Hello August;

-=> August Abolins wrote to Brian Rogers <=-

AA> I'm not too overly concerned anymore about short links. It's
AA> been about 20 yrs now since TinyUrl launched.  Weren't they the
AA> first with that idea?  Anyway.. They've built a vetting process
AA> into them and block links that have nefarious purposes.

They still crop up from time to time. Remember it's not necessarily TinyURL
itself doing the dirty deeds but the users who may decide to use it.

AA> The only thing I won't do is click on a short link from
AA> unsoliced email or if something arrives from someone I do not
AA> know.

That should be standard operating practice in today's world :)

AA> I have to wonder if that or a similar technique was used to be
AA> the vector for inviting the ransomeware that shut down the east
AA> coast pipeline.

Unless a formal explanation is given it'll be uncertain.

AA> Krebbs article "A Closer Look at the DarkSide Ransomware Gang
AA> May 11, 2021" talks about the end result of that, but I wonder
AA> what the vector was for infection.

It may have been anything.

AA> This is a pretty good article that examines the techinal
AA> tricks:

AA> https://securityintelligence.com/posts/darkside-oil-pipeline-
AA> ransomware-attack/

Security online is like a hurdle to a runner, you can only hope that you can
build a hurdle so high they tire out trying to get over it.

AA> "A favorite entry point appears to be connecting via RDP on
AA> port 443 typically routing via a TOR browser."

TOR is evil. 'nuff said. <G>

AA> And..  I did not know that VPNs and Linux were not immune:

I think you're confusing a VPN with a VM.

AA> "The malware can attack both Windows and Linux environments,
AA> making enterprise servers just as `encryptable' as an
AA> employee's endpoint. DarkSide can also attack virtual machines
AA> and encrypt data on their hard drives."

There's NO OS or platform that's 100% immune to viri/warez of any kind. There
are those which may be less immune than others. Even a virtual machine has to
run some form of OS on them! A VPN on the other hand is a transport mechanism
that uses a combination of ipencapsulation AND encryption. These are used to
hide your information and possibly your IP. This is why companies like to
have VPNs set up for those who work-from-home.

AA> Apparently all the activity of making backups is no guarantee
AA> that you could just ignore the ransomeware attack and just
AA> restore an ealier backup.  Apparently, the "attack" lurks in
AA> the background for an amount of time that might represent a
AA> typical schedule for several backups - so, when it comes time
AA> to use a previous backup, all those backups will have already
AA> have copies of the infection.

If one is in need of doing a restore due to a virus or ransomware hit, then
they should restore on a platform:
- not connected to the internet
- not the same machine as the infected one
- look for and patch the security hole that was exploited before deploying
 that drive back into production

Some, not all, viri are on a time trigger and may be lurking around. Others
are not. This is why after a restore you wish to do a scan from a BOOTABLE
media -not- that of the local hard drive(s). No one said being a sysadmin
was easy work even if it's on a hobby machine.

... Gone crazy, be back later, please leave message.
--- MultiMail/Linux v0.52
* Origin: SBBS - Carnage! (1:142/103)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.