please check out the anti-mandate news »

« prev   random   next »

3
0

Cyber Attacks that the WEF "Warned" Us About

By Karloff follow Karloff   2021 May 31, 1:10pm 333 views   18 comments   watch   nsfw   quote   share    


First we had the North-East pipeline getting shut down, now a major meat producer.

https://www.abc.net.au/news/2021-05-31/cyber-attack-shuts-down-global-meat-processing-giant-jbs/100178310

"The world's largest meat processing company, JBS Foods, has fallen victim to cyber attacks that have shut down production around the world, including in Australia...
...It could be a day, it could be a week, it could be multiple weeks.
The longer it goes, the worse the situation in terms of supply and disruption. "

Energy and meat producers have been frequent targets of the globalist climate alarmists for a long time now. They warned us about a pandemic, and all of a sudden a pandemic shows up. They warned us of an increase in cyber attacks, lo-and-behold here they are and hitting convenient targets for them."

More on the way, I'm sure. Expect the things that directly affect you to be hit. Keep cash on hand, as well as other non-perishables you may need to avoid inconvenience during any of the attack-related disruptions.
1   Patrick   ignore (1)   2021 May 31, 1:14pm     ↓ dislike (0)   quote   flag      

It's smart of our enemies to attack America with Biden in office, as he is obviously corrupt and senile. Cumala will no doubt be even worse for American security after she pushes Joe down the stairs.

If there is any grim comfort in this, it's that American elites will also lose a lot from their undermining of US election integrity to keep the annual half-trillion dollars in Chinese imports flowing.
2   Tenpoundbass   ignore (16)   2021 May 31, 1:24pm     ↓ dislike (0)   quote   flag      

Joe Biden has sanctioned all hits.
3   HeadSet   ignore (3)   2021 May 31, 5:06pm     ↓ dislike (0)   quote   flag      

Why do any of these major companies have exposed TCP/IP type networks anyway? How hard would it be to harden the datacenters, and only allow access through dedicated appliances that only talk to each other and use a proprietary protocol other than TCP/IP? No DNS, or any directory service at all. If you do not know the appliance's port/address, you ain't getting in.
4   porkchopexpress   ignore (0)   2021 May 31, 6:21pm     ↓ dislike (0)   quote   flag      

Given I live and breathe cybersecurity, I wish it were that simple. Most companies have publicly facing systems exposed to the Internet, and appliances or IoT are rarely designed with security in mind. There's only so much a company can do to harden those types of devices, so you're stuck with network segmentation and tight ACLs which can be onerous to manage. There's no silver bullet and it takes years for a complex organization to tighten security because of all the ways in and the need to support the business.
5   HeadSet   ignore (3)   2021 May 31, 7:36pm     ↓ dislike (0)   quote   flag      

porkchopexpress says
Most companies have publicly facing systems exposed to the Internet,

That's fine for companies like Amazon that rely on public access. There is no reason that pipelines and power stations need a "public facing system" through the common internet. If such entities need remote monitoring or control, use an old fashioned connection method (like a point to point modem) or if a series of connectionless protocols, use something other than TCP/IP.
6   porkchopexpress   ignore (0)   2021 May 31, 8:15pm     ↓ dislike (0)   quote   flag      

HeadSet says
porkchopexpress says
Most companies have publicly facing systems exposed to the Internet,

That's fine for companies like Amazon that rely on public access. There is no reason that pipelines and power stations need a "public facing system" through the common internet. If such entities need remote monitoring or control, use an old fashioned connection method (like a point to point modem) or if a series of connectionless protocols, use something other than TCP/IP.
That's definitely true. For industrial control systems, etc., they should require VPN or Citrix to access. I'm just saying that most companies with Internet-facing systems will always be a potential point of entry to exploit and get inside the network.
7   Shaman   ignore (2)   2021 May 31, 8:50pm     ↓ dislike (0)   quote   flag      

In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.
8   HeadSet   ignore (3)   2021 Jun 1, 6:44am     ↓ dislike (0)   quote   flag      

Shaman says
In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

And how is that not a standard practice for all critical infrastructure?
9   Onvacation   ignore (7)   2021 Jun 1, 8:28am     ↓ dislike (0)   quote   flag      

HeadSet says
Shaman says
In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

And how is that not a standard practice for all critical infrastructure?

And voting?
10   WookieMan   ignore (6)   2021 Jun 1, 8:47am     ↓ dislike (0)   quote   flag      

Onvacation says
HeadSet says
Shaman says
In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

And how is that not a standard practice for all critical infrastructure?

And voting?

Good point. Critical infrastructure can actually be shut down by hackers and the media reports it. Yet it's a pure impossibility voting could be hacked and doesn't get reported. Social media actually will ban you. Twilight Zone shit.
11   stfu   ignore (0)   2021 Jun 2, 4:03am     ↓ dislike (0)   quote   flag      

@porkchopexpress

porkchopexpress says
Given I live and breathe cybersecurity


I'm curious to know your opinion on the reality of all these hacks being done by individuals unaffiliated with the target companies by exposing exploits in the networking stack or via software malware?

My personal feeling is that hollywood type hacking of systems is almost impossible - and that this endeavor almost always requires the help of a target company employee with access to non-public information.

What say you?
12   NuttBoxer   ignore (2)   2021 Jun 2, 10:04am     ↓ dislike (0)   quote   flag      

So this is how to cover up an economic collapse, blame every shortage on a cyber attack!?
13   HeadSet   ignore (3)   2021 Jun 2, 2:22pm     ↓ dislike (0)   quote   flag      

NuttBoxer says
So this is how to cover up an economic collapse, blame every shortage on a cyber attack!?

Yes, just as when a politician is caught saying something damning when he thought he was off camera, it will be called a "deep fake." We already have had politicos claim "hacking: when something bad was found on their personal computer or phone.
14   porkchopexpress   ignore (0)   2021 Jun 2, 3:56pm     ↓ dislike (0)   quote   flag      

stfu says
@porkchopexpress

porkchopexpress says
Given I live and breathe cybersecurity


I'm curious to know your opinion on the reality of all these hacks being done by individuals unaffiliated with the target companies by exposing exploits in the networking stack or via software malware?

My personal feeling is that hollywood type hacking of systems is almost impossible - and that this endeavor almost always requires the help of a target company employee with access to non-public information.

What say you?
I think it could go either way. There's no question that it could be outsiders (or gov't) leveraging exploits in Exchange, Solar Winds, PulseVPN, etc. This is why the Solar Winds hack was so brutal...so many companies own the product and hackers have likely had persistence for ages in all these companies, and probably still do because the damage is done.

As far as Hollywood, it doesn't get more cringeworthy than the Swordfish hacking scene with Hugh Jackman...I literally cry every time I watch it. In over 90% of successful hacks, phishing is involved. All it takes is for some idiot sysadmin to click on an attachment and boom, the hacker has persistence on their machine. It's easy to escalate privilege to Domain Admin from there. Two-factor auth is huge for stopping presentation-layer-type hacks (logging into M365), but there are so many other vectors to exploit (i.e., software vulnerabilities). If an insider sysadmin is involved, there's little you can do and must have the absolute HIGHEST level of control in place to stop or detect it.
15   HeadSet   ignore (3)   2021 Jun 2, 4:12pm     ↓ dislike (0)   quote   flag      

porkchopexpress says
There's no question that it could be outsiders (or gov't) leveraging exploits in Exchange, Solar Winds, PulseVPN, etc.

How about chips in the motherboards of PCs and Servers having a built in back door? A little present from friends in China where these products are made.
16   porkchopexpress   ignore (0)   2021 Jun 2, 4:28pm     ↓ dislike (0)   quote   flag      

HeadSet says
How about chips in the motherboards of PCs and Servers having a built in back door? A little present from friends in China where these products are made.
That too. Lenovo-gate. Who knows what else lurks in hardware, firmware and software these days.
17   Hircus   ignore (0)   2021 Jun 2, 4:41pm     ↓ dislike (0)   quote   flag      

I think many of these hacks probably don't rely on a conventional internet facing entry point.

If you can compromise the computer / laptop of just a single employee, you can then setup an elaborate network tunnel through all kinds of layers, allowing you to remotely control things. It's very difficult to defend against that because they can make the connection originate from the laptop (which has internal network access, either physically, of via vpn), which connects out to the internet, and looks just like any other internet traffic. But, it establishes a tunnel, and network traffic then passes back and forth through the tunnel, likely invisible to most network security.
18   porkchopexpress   ignore (0)   2021 Jun 2, 4:52pm     ↓ dislike (0)   quote   flag      

This is why outbound network traffic inspection (on ALL ports/protocols) is more critical than inbound, but a lot of companies forget that part because it's hard and expensive.

about   best comments   contact   one year ago   suggestions