Details on Cost of Baltimore County Schools Ransomware Attack Uncovered; Patch vCenter Servers Now; Google Details Solid Software Supply Chain Security Framework; Apple Issues Update to Thwart Current Attacks on Older iOS Devices

This was a different event from the Baltimore City incident of 2019. There haven’t been many details made public on the cause of the incident, but odds are high that it started with a phishing attack obtaining reusable passwords. That means the $9,180 cost of Duo (Presidio) multi-factor authentication would have been a very high ROI expenditure if it had been done *before* the attack. Let’s throw in the $743,500 for Dell/Carbon Black “Windows Security Software” and the cost of those two items done proactively is still less than the $860K paid to Kroll for Forensics Investigation and Triage, and significantly less than the $6M+ cost of the incident even after the insurance payout.

John Pescatore

Take the cost of recovery into consideration when proposing security measures. Remember you may have to provide identity protection When personal information is exfiltrated. Once you have funding, execute fully; don’t stop with a partial solution.

Lee Neely

Another example of how cyber criminals will target and attack anyone, including elementary schools, hospitals, non-profits and small mom-and-pop stores, the very organizations where ransomware costs can be devastating and wipe out their ability to operate.

Lance Spitzner

They may still be unpatched. But by now, they are almost certainly exploited. Please check any unpatched system you find for compromise.

Johannes Ullrich

Much like was seen with the equally high severity Exchange and Pulse Secure flaws, IT ops patching performance of these high leverage attack targets has suffered as IT ops has been consumed with keeping work-from-home going and now trying to transition to some level of back to work. Realistically, workaround, mitigation and enhanced monitoring will be needed by many organizations – more trouble tickets pointing out missing patches is not the solution.

John Pescatore

If you haven’t patched, isolate your VCenter services now. Catch your breath and plan your update. Implement now.

Lee Neely

SLSA is a well thought out, multi-level framework that includes code review, testing, authorization and policy definition at various levels. As organization create new app dev processes to move to newer methodologies like DevOps, there is an opportunity to embed these concepts into those processes and the tools used.

John Pescatore

Kudos to Google for this effort. Well-structured code is efficient to review. Too much product code is not well structured or reviewed. If review was working we would not be spending so much on patching. Suppliers must be held accountable for what they distribute for code review to be even marginally effective.

William Hugh Murray

Apple will not continue to provide updates to IOS 12 much longer given the release of iOS 15 is planned for this fall. While you’re getting these updated, initiate plans to replace them with current devices.

Lee Neely

Great news and good to see another take down like this in Ukraine. Eliminating safe havens for cyber crime will go a long way to reducing and limiting the impact of these groups.

Johannes Ullrich

Effective supranational law enforcement is essential to discouraging what, in its absence, will continue to be seen as a crime.

William Hugh Murray

The flaw affects the monitoring dashboard, not necessarily the devices themselves. But by compromising the dashboard, service alerts from devices may go unnoticed leading to faulty defibrillators. It is sad that the list of flaws in the dashboard reads like a list commonly found in low cost consumer devices.

Johannes Ullrich

Bastion devices and services, which sit between your control systems and users, need to be hardened and monitored. This service was marketed for wide access to manage defibrillators remotely, so you may have Internet accessible services. Prefer a model where you provide secure access VPN, VPN tunnel, etc. over bastion services for control systems.

Lee Neely

Apply the June update. You will need to actively monitor the peloton site for update notifications. Don’t allow unauthorized usb devices to be connected.

Lee Neely

Exploitation of the vulnerability requires physical access to the device. Patch, but do not panic.

Johannes Ullrich

Ten / twenty years ago we used to say that no-one died from cybersecurity. In today’s world that has changed. As our world has become so interconnected the physical and cyber lines are blurring. My concern is not so much all-out cyberwar, but more like NotPetya where one country targets another country, and then accidentally impacts critical infrastructure at a global level. If you look at history that is how so many the largest wars started, from smaller nation-state incidents with un-intended, cascading consequences.

Lance Spitzner

News reports yesterday suggested that President Biden is considering “response in kind.” However, because the US and Western Europe are so much more vulnerable than their potential adversaries, this is, at least, an arguably bad idea. “People who live in glass houses should not throw stones.” They may find the same stones thrown back at them. Remember Stuxnet.

William Hugh Murray