Juha Saarinen: Our IT has leaky buildings syndrome


What’s behind all the devastating ransomware attacks, like the ones crippling Waikato District Health Board facilities and many, many other organisations around the world?

If you think of the state of information technology in many sectors as similar to the leaky buildings crisis, you’ve pretty much got it.

Bad construction decisions, lack of up-to-date standards, outmoded componentry that’s at times not fit for purpose, and not enough skilled people for repairs and maintenance.

That’s just to start with and like leaky buildings, it’s a mess that has built up over the years.

Sorting both out will be expensive and disruptive to those involved but at least with leaky buildings, there’s an acceptance that it has to happen.

With IT, it seems more that living on a wing and a prayer and weighing up whether the effort of shoring up systems is worth the cost is the strategy.

Ransomware raiders know this. They try to pass themselves off as being trustworthy and reliable to deal with, and that their extortion demands are reasonable. Being too random and destructive is bad for business and might force targets into actually securing their systems, ironically enough.

More irony: the very same IT that we rely on to bring agility and rapid adaptation has turned out to be rigid and resistant to change.

“It works; don’t touch it.” That’s why easy Internet scans throw up so many ancient versions of for example Windows Server that Microsoft either long ago stopped supplying with patches, or now charges big bucks for end of life extended support.

Apart from legitimate worries that updates will break stuff, it could be legacy applications that won’t work well or at all on newer foundations. Upgrading to something new and more secure could involve forking out for relicensing on new hardware which there often isn’t the budget for.

If there’s a straightforward upgrade path, that is. It’s 2021, and there’s this cloud computing thing in full swing. Which can be helpful and cheaper in the long run, but there’s a lot to learn when migrating to the cloud, and the opportunity to make hair-raising mistakes as well.

The workaround for not being able to refresh software and hardware is to hide the old stuff. It goes behind elaborate security devices, which too have to be monitored and updated or they’ll be attacked and used as springboards for hackers to get in and move around in organisations’ networks.

Judging by repeated alerts from United States cyber security agencies, said security devices go unpatched in many places, and get hijacked for crypto currency mining while leaving the door open for ransomware raiders. You’d think that expensive Sharknado X 3000 box should be unhackable, but no …

When they do get in, ransomware criminals and hackers head straight to the House of Holy: the one computer to manage them all, like the Active Directory server.

It’s an amazing piece of software magic that makes it possible to manage hundreds, nay, thousands of worker bee computers and the user accounts on them.

Take over those powerful management servers, and there are few if any limits to what attackers can do. Like getting access to, and copying over data from other servers to facilitate extortion, kicking off administrators, deleting network backups and making sure that every company PC is locked and encrypted.

Multiple times even, if there’s more than one ransomware gang at large in an organisation’s network.

It must suck extra hard if the ransom’s been paid and the decryption works, only to reveal that some other scumbags had scrambled beforehand and now want another ransom.

Messing up AD servers doesn’t quite get you lynched in public, but almost and it’s a very career-limiting move. As a result, they tend to be updated rarely and only by the bravest of sysadmins.

You can see where this is going: it’s high time to renew, rethink and rebuild organisational IT systems to make it less easy for intruders.

We can’t have “leaky buildings” style IT, with healthcare and other critical areas being closed down and people risking long-term injury and death as a result.

Source: Read Full Article