Cyberfreek on Twitter  


CyberFreek Follows:  


It is now being reported that the Pacific Northwest National Labs (PNNL) was hit over the July 4th 2011 weekend by a sophisticated hacking attack.

Little is being said about this, but the attack seems to have crippled their network and infrastructure. They had to bring down all services to decipher what has happened.  People have reported that the attack has caused their IT people to bring down their network and slowly rebuild it.  Logical right ?  The depth of services brought down is always an indication to the depth of the attack.


I noted one very interesting phrase in the article.  It was reported that "Full access will only be restored once we are able to thoroughly diagnose what occurred and once we have added a security patch that will repel further attacks of this kind."  Interesting phrase isn't it ?

Economy being what it is, many organizations have cut back on IT and/or Security departments.  Physical equipment and the maintenance of these devices are increasingly being easier to maintain.  Thus the need to "cut back"?  Security is still that intangible department that some may say "can't justify their existence, we've never been attacked."  However blind these words are, it is an integral part of any infrastructure to issue and update systems and software.  I think it's called "patch management", isn't it ?

Security and infrastructure co-exist and must do so for any organization no matter how large or small, to survive.  No one likes to be told or hear "we have to do this to ensure our data and networks are safe", because the eternal argument will be there's been no attack.  How many organizations blindly hide behind this statement?  Have they done risk assessments? Have they updated them ?  Have they had professional Penetration Testers push their network and/or infrastructure? Do they listen to these findings?  "We have no budget anymore", "we're safe because our hardware vendor told us we were".  Hasn't anyone ever listened to the old adage "Trust but Verify"?

The more complex a network or infrastructure is, the more chance of a hole or multiple holes opening up.  Nothing is ever 100% secure.  The proof is in the vast amount of break-ins and hacker attacks that are hitting the news everyday.

Words of advice,  listen to your experts, listen to your Security Department.  They're not there to berate, but protect and double check things are as safe as they can be.

If you don't have a Security Department, maybe its time to listen to your internal experts ?  Maybe its time to take these news events seriously?

It's a new wave out there of Cyber attacks.  Either ride the wave to protect yourself or drown in the crashing of the waves.





© 1997-2021