Cybersecurity

5752 readers

222 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

kid

[email protected]

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure (thehackernews.com)

submitted 8 months ago by kid to c/cybersecurity

5 comments fedilink hide all child comments

U.S. agencies warn of Phobos ransomware attacks on government entities and critical infrastructure since May 2019. The attacks exploit vulnerabilities and use advanced techniques for persistence and elevated privileges. Despite the high ransom costs, paying does not prevent new attacks, with 78% of victims being attacked again.

top 5 comments

sorted by: hot top controversial new old

[–] potatopotato 8 points 8 months ago (2 children)

Crazy opinion incoming: in the current climate ransomware is just pentesting equivalent of the "free" personal injury attorneys. If the pass the pentest, it's free. If you fail, it's crazy expensive. Either way it's relatively benign security auditing that's causing companies to be slightly less stupid about how they handle IT.

It's not the ideal way of doing this, but it's strangely having a positive impact and mitigating belligerent states abilities to conduct offensive cyber operations if things were to heat up.

[–] kid 1 points 8 months ago

Makes sense

[–] [email protected] 1 points 8 months ago

Honestly not what I have seen with some big companies. Even after getting hit with ransomware they just continue working as if it has never happened.

[–] ogmios 5 points 8 months ago (1 children)

Maybe connecting literally everything to the Internet is a really fucking stupid idea...

[–] [email protected] 1 points 8 months ago

air gapping doesn't really help when basically any interface is an attack vector.

evil maid attacks still work.