top | item 41344719

(no title)

I don't think this is relevant. Even on-prem "air gapped" networks get breached. I would say it happens on as frequent a basis as any other network tbh. Microsoft hacks get headlines because Microsoft is a public company; there are lots of undisclosed breaches happening out there.

Security vulnerabilities come from the same place they always have. Where IO happens, where transactions happen, and where an operating system does a lot of work. How attackers get to these points, what happens when they do, and then how the system reacts when a malicious event occurs are the factors that matter.

In today's world of complex technologies, I have yet to meet a single organization that is invulnerable to these threats. I've seen a lot of organizations limit damage, patch vulnerabilities, and generally manage their risk profile effectively - but losses are a part of the business.

IMO, the only thing that will really make a difference is when we have technologies that are sufficient enough to male the user more resilient. Only then can we have a truly safer web.

discuss

hobs|1 year ago

Citation extremely needed.

I have worked at 20+ companies and the ones that had little to no security got ransomwared at LEAST yearly (with 50m+ in revenues) and the ones that had basic and standard security practices got zero network wide intrusions (at least at lower then say, a nation state level.)

Now, COULD they have been exploited with an 0day? Sure, in theory these networks could be both exploited with the same technology or by a dedicated actor likely without an issue - they're internet connected corporate networks mostly with probably out of date tech; and in practice most attacks corporations need to mitigate are the drive by trash that consumers also face.

Wowfunhappy|1 year ago

> I would say it happens on as frequent a basis as any other network tbh.

...really?

I find this extremely hard to believe on its face. Sure an attacker can infect a system via a USB drive, but they need to get physically close to the victim (at least at one point in time). That both dramatically decreases the number of possible attackers and increases their personal risk.

It also becomes far more difficult for an attacker to exfiltrate any data.

TeMPOraL|1 year ago

Exfil may be tricky if the system is actually airgapped - I take GP's use of scare quotes to mean that most systems are "airgapped" by means of software-enforced security policies, which should correctly be referred to as "not airgapped".

As for the attack method, there's always the good ol' "flash drive found on a parking lot" vector.

cutemonster|1 year ago

Yeah, GP is sort of saying that seat belts are pointless since traffic fatalities can happen anyway

tpmoney|1 year ago

My point is that the vulnerable points, regardless of where they come from, are ultimately there because the purpose of the Defender is not to have perfect cyber security, but to use computers and technology to enable business. Or as you said, "losses are a part of the business"; and that's so because "the business" isn't cyber security.

awkward|1 year ago

If this is true, big if, it’s because air gapping doesn’t happen without a specific threat model in mind. Think of the airplane with red dots.

unknown|1 year ago

[deleted]

lifeisstillgood|1 year ago

I’m sorry but I really really really want some citations here - a network that has VPNs, LANs at multiple locations is as vulnerable as a single location that uses air-gapped computers passing say usb sticks around to share say git repos.

I am not sure I would enjoy working at the second place but I would really hope we weren’t an easy target

chalst|1 year ago

Viruses that infect USB devices can compromise systems based on air gaps.

Cf. eg., https://www.schneier.com/blog/archives/2013/10/air_gaps.html and https://www.schneier.com/blog/archives/2020/05/ramsey_malwar...

t-3|1 year ago

It's been shown many times that people will pick up random USB devices from anywhere and plug them into any computer without thinking. Airgapping just stops the automated scans and stuff that was already being stopped. Defence is reactive, so the momentum and advantage is always on the attacker side, and stopping the lazy ones doesn't do anything to stop the real threats.