There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

sylver_dragon ,

It’s just the latest example of how the scourge of ransomware – which locks computers so hackers can demand a fee chronic failure to implement basic cybersecurity hygiene has disrupted services at health care providers throughout the coronavirus pandemic.

FTFY. I guarantee that, if they ever release a writeup of the intrusion, there’s going to be a bit which reads something like “a user got phished. The local workstation had fuck-all for security hardening. So, the attackers didn’t have to try all that hard to own that system as a beachhead. The rest of the network was a hell-scape of unpatched software, poor security configuration, and just a general lack of monitoring. The domain controllers were owned with little more effort than the attackers teabagging their keyboards. From there, ransomware was deployed with far better automation and tooling than anything local IT had available to them.”

These types of hacks almost always come down to a failure of management. Security costs money and creates friction for users of the network. The benefits are hard to quantify and are all about, “we may have prevented an X million dollar skull fucking of the network”. Eventually, they see the “may have prevented” as “we didn’t do anything” and decide to roll the dice more and more on the risks of poor IT tooling and poor security practices. That goes on until security doesn’t prevent the “X million dollar skull fucking” and then management gets pissy about security not having done anything, despite security having been waving red flags for ages. A few mid-level managers get let go, upper-management makes lots of speeches about “we take security seriously” security gets a temporary boost in funding and the cycle starts all over.

foggy ,

It’s technical debt, is what it is. The more it grows, the more expensive it gets to get rid of. Once it’s insurmountable, you become a sitting duck for an attack as you’ve described.

I don’t know that any (current changes to) management can adequately address the scope of the issue. It will require funding. I can’t imagine some cases of this being fixable without literally doubling the workforce, or outright shutting down until a modernized system is up and running. I’ve worked some places. Ive seen some concerning shit.

I feel like every tech company needs their CTO to be pulling their C-weight. Every tech lead should be yanking on their CTOs balls/ovaries to spend the money or face the consequences. I feel like every CTO would sooner just jump ship and pull the golden ripcord instead.

It’s… A mess.

ramble81 ,

There’s easily a change management can do. Place more focus and time on fixing said technical debt instead of “new features”. The problem is a lot of devs rather work on the new shiny than what needs to be done and management is always looking to get things out the door. You need someone willing to push back and make that decision to better allocate time. People like that do exist which is why you don’t see those companies in the news.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •