I don't have any inside knowledge but it strikes me that all these ransomware attacks on various health (and fuel line) systems around the world have a common denominator that's never ever mentioned: Microsoft Windows. If people (especially running critical infrastructure) didn't use it... I'm confident we wouldn't have ransomware attacks.

Follow

@lightweight Even with all the bad incentives and their influence on big corporate systems... the cloud isn't being overrun with ransomware yet? And from what I've seen, "the cloud" is largely Ubuntu, RHEL, and their variants, and containers built on "bases" from their packages.

· · Web · 2 · 0 · 1

@unlofl yes, an interesting observation. :) I'd say it's not because those systems wouldn't be valuable targets. I'd say it's a combination better security models, better code, better sysadmins, and less disdain for #FOSS than for US multinational products that powerful but technologically clueless people run.

@lightweight And I think even if some ops teams are bad, the whole IaaS model protects it too. Hard for ransomware to be effective when a cloud platform controls the backups/snapshots and your average sysadmin can't screw it up if they try.

Still waiting for the inevitable first time an entire datacenter is held hostage though.

@unlofl yup, could happen. Ultimately, though, I think the major vulnerabilities are due to a very simple combo: (painfully) naive users and MS Windows. That's why we're in a digital dark age (davelane.nz/darkage).

@unlofl In my experience, many of these institutional IT systems (in addition to naive users and MS Windows) also have woeful sysadmins.

@unlofl @lightweight 'The Cloud', maybe not... It's the integration between Azure, O365, D365, Sharepoint, Teams, Skype, AD and back to the MS desktop that is the issue.
Even though a small subset of the darkside tools may run on Linux the vast majority target and use the MS ecosystem to do their dirty work.
NZ government departments have been going offline around once a month recently due to flaws in cloud AD and so on.
Teams recently allowed arbitrary commands on *any* system it was on...

@unlofl @lightweight the security community have been bitching recently about the 'attack surface' FOSS presents but that is minor compared to the attack surface MS has been for the last thirty years.
Moving the crap off the desktop into Azure has not made it any better... you might have removed the requirement to continually upgrade the local systems but when MS fucks up their routing tables half the planet goes offline.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!