AND NOW CLOUD HELD HOSTAGE!
Ransomware has hit the cloud. While a large number of countries busy enacting archaic laws with little or no capability of either prevention, enforcement or investigation, the hackers are as usual on a winning spree. Putting your head in the sand does not improve your stand, has never improved anything, how will it do now. Conversely, you become more vulnerable. We don’t even know the license dates, the known vulnerabilities or if any support is being provided for the software we run, more so at the server level. Cyber security is totally different from physical security and playing the same game will not take us anywhere. It may turn out to be the likely route to digital nemesis. We have Sri Lankan government as the most recent example.
The latest headlines shout out; Sri Lankan government cloud held hostage: ransomware attack sparks panic. In the latest of the infamous ransomware attacks, Sri Lanka’s cloud system, named Lanka Government Cloud (LGC) fell victim to a massive ransomware attack. The breach as the information released or known so far, started on August 26, 2023. No one knows the nature of the security audits being conducted and to what avail. This breach has brought the vulnerabilities in the public domain, with its mismanagement and inefficiencies. The attack has been confirmed by Sri Lanka’s Information and Communication Technology Agency (ICTA). The severity of the breach has so far deciphered to some extent.
In the weeks leading to the attack a domain user reported to receiving suspicious links. It is now being believed that some user clicked on the link, providing the threat actors with an entry point. The target clicks a suspicious link; casual, ignorant and foolish. Whereas the perpetrators quickly encrypted LGC services, crippling government operations. This is the asymmetrical war we are fighting and the governments are blissfully unaware of it. It would not be long before departments and governments, would be thrown out of their own systems, begging hackers for mercy or paying them ransom. If this doomsday scenario does not scare powers that be, then what will?
As per ICTA, around 5000 mail addresses using gov.lk email domain, including those of the Cabinet Office, were affected. The system was successfully brought online within 12 hours of the attack, but the harrowing fact is that the system lacked the backup data from May 17 to August 26, 2023. This has led to a permanent data loss. The system was using Microsoft Exchange Version 2013; obsolete and outdated and hence attack prone. All these details are of no concern to the administrators; officials or political executive. It is said there were plans to upgrade. These plans are endless in nature. It is said the efforts were hampered by financial constraints and previous board decisions. It is known why people who don’t have the full depth of knowledge of cyber security and its likely implications are nearly always made the decision makers in this critical and hugely scary area. To be or not be! It is existential now.
GOVERNMENTS ARE SITTING ON DIGITAL TINDERBOXES TO BE EXPLODED.
Have a nice evening