Jump to content

Eurofins Scientific: Forensic services firm paid ransom after cyber-attack


CyberMaster

Recommended Posts

Eurofins Scientific: Forensic services firm paid ransom after cyber-attack

Full Story :  https://www.bbc.co.uk/news/uk-48881959

So it would appear the hackers are winning in today's cyber world, but I am surprised that no one is investing in training staff how to stay safe, I am also surprised that people are not investing in betting practices and cyber equipment to prevent such attacks, it will be interesting to follow this story and see how things unfold.

we know the following at least,

  1. The criminal would have needed access to the site
  2. Used social engineering to get the user to click on  a link
  3. Used a zero day to get the code to execute on the PC some how 

so was it (1) an employee or ex employee (2) Social Engineering that could have been prevented with training (3) a zero day exploit and managed to get the code to run on the system

My bet is it was probably number (2) social engineering getting a user to download a file with a payload.

It amazes me how the same criminals are getting away with it, getting law enforcement agency's to pay for there own data

Which asks the question,

  • Why is there no backup's of the data that are separate from the connected drives
  • Why is no one training staff
  • why is no one testing the system for example create a fake situation to see how things would go in a real situation and the test against it

The more you train the staff and test them on what you have trained them the wiser they become

As a security researcher I test hardware and software for vulnerabilities but still find the biggest vulnerability is people.

 

 

Link to comment
Share on other sites

  • 2 months later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...