Dutch university hit by cyber attack on its Windows systems (opens in new tab)

> chances are very high that some university administrator probably downloaded a shady program from a porn site.

Nah, in reality someone probably clicked a link in a malicious email that launched a backdoor on their computer. The likelihood of that approaches 100% on untrained users. And, as this is a university environment, that user likely had local admin.

You only need 1 successful click to breach the good ol' "secure internal network" after which all bets are off - few companies sufficiently secure their networks from "internal" attackers.

On a traditional Windows network, credential hygiene practices are woeful and Domain Admin (admin access to every single domain-joined device on the network) level credentials are lying around everywhere and once those are compromised, every single domain-joined device on the network can be compromised.

I've seen this all happen in the span of 10 minutes - a remote user with VPN gets compromised, the attacker connects to the corporate network through them, gets Domain Admin and spreads malware through Active Directory to every single device on the network - X thousand workstations, Y hundred servers etc.

There's no actual vulnerability to remediate - you just have to "administrate properly" to prevent this. (https://aka.ms/spa)

All of this shit comes through phishing emails with Office docs containing malicious macros or links. Literally 99% of it. All of these stories should say "Sysadmins ignored best practices of disabling unapproved macros, allowing malware to gain a foothold, dump privileged credentials on the system, and move laterally through the environment with ease"

Jason from Defcon had an interesting quote about it...

"It's not an Advanced Persistent Threat, it's Basic Ass Threat, but you just want your cyberinsurance policy to pay out. Fuck off"

Uh so they don’t have up-to-date AV definitions? Sounds like McAfee was on it in August and Windows Defender has it no later than the 9th of December [1].

[1] I’d expect it to be earlier than that, but this article date is the only thing I’ve found: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclo...

I had a linux system hit with a virus early 2000s. I had more confidence than linux skills back then and made some colossal blunders to make it happen. But whatever you use as your daily machine, it isn't immune. It's a smaller target, but there is still malware out there for Linux. One of the first widespread computer worms was Unix based[1].

[1] https://en.wikipedia.org/wiki/Morris_worm

PS Edit: Many routers are linux/unix based so it is a much bigger target than a lot of people on this thread are making out. If you have control of a company's routers you are in position to do a lot of damage.

Basically 99.99% of companies and governments use windows so its unlikely to see this happening.

There was (recently) some ransomware for (unpatched, IIRC) Synology devices.

Ten years ago or so, our NMR spectrometer was held ransom. OK, it was a completely out-of-date Solaris, not Linux, but if don't use Windows you are not immune.

Linux systems are less targeted because they're less commonly used, their userbase on average knows more about technology and they're inherently more secure.