1/ Other cities should heed what happened to Atlanta. Such problems are coming to many cities in the near future.https://twitter.com/NYTNational/status/978806916087537666 …
-
Show this thread
-
2/ They'll misinterpret what happens here. They frequently get individual desktops infected with ransomware, so they falsely believe they are on top of the situation. What happened in Atlanta is a wholly different attack, where ransomware spread to the servers.
1 reply 11 retweets 60 likesShow this thread -
3/ All the news stories are asking how the ransomware got inside their network. This is the wrong question, it doesn't matter. The question they should be asking is, once inside, how it spread. It spread because it got "admin" credentials.
1 reply 23 retweets 97 likesShow this thread -
4/ The SamSam ransomware is notorious for this. It aggressively looks for admin credentials on any system it effects and uses them to spread to other systems on the local network.
1 reply 11 retweets 49 likesShow this thread -
5/ Atlanta reports that 911, police, fire, and the local airport were unaffected by the attack. That's because systems were on different domains, firewalled, or used other operating systems (like Linux).https://www.cnn.com/2018/03/27/us/atlanta-ransomware-computers/index.html …
1 reply 19 retweets 62 likesShow this thread -
6/ People think "Oh, the police had smarter IT staff, and that's why it wasn't infected". What really happened is there was a firewall blocking port 445, or simply they were on a different Windows domain, with different credentials.
2 replies 9 retweets 67 likesShow this thread -
7/ According to news reports, the city has been working with Microsoft, Cisco, SecureWork, Georgia Tech, Homeland Security, and the Secret Service to figure out what happened. This is nonsense. We know what happened.
1 reply 8 retweets 55 likesShow this thread -
8/ We know how such attacks get in: the hacker sends obvious phishing emails or uses obvious exploits against exposed servers. Then, once in, it uses whatever credentials it finds on the infected systems to spread to other systems.
1 reply 17 retweets 59 likesShow this thread -
9/ According to news reports, Atlanta has Windows-based web servers with port 445 exposed. It doesn't matter if that was the particular vector SamSam used -- it matters that no sane organization would have those ports exposed.
6 replies 29 retweets 90 likesShow this thread
Arguably, no sane vendor would make it so you have to use firewalls/network-level access control to protect their product in its default/usual configuration...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.