To me it feels like a broader audience is starting to realize how much of an unlawful wild west the internet can be - and how much SIGINT and other entities abuse that. And how little preparations some networks have - networks with serious impacts when breached.
I'm working on the defensive side, so we can actively watch new exploits via HTTP being developed, assigned a CVE-ID and splatter on the IDP system on our application clusters in very large numbers. Others of our edge systems are under constant, automated, attacks even utilizing personal information about employees. It's kind of scary, but normal.
But now things are escalating into meatspace, if I may use that term. Norsk Hydro got hit with ransomware and only the engineers on site managed to avoid the loss of the entire smelting plants. Now we have an entire city hit hard enough to be seriously impacted.
Combine this actual impact end-users have with a flashy name from a secretive agency like the NSA, and of course that name gets used.
And I guess personally, if I have to tolerate flashy names in order to get broader awareness towards the importance of cyber security, I'm not that opposed.
Do you think the malware authors know, care, or can even tell the nature of their victims? A Windows box is a Windows box, whether it is connected to my printer or an industrial control system.
If a software has a feature usable in creative ways, and there are persons willing to exploit the software, they eventually will. Exploits and malware will be written due to human curiosity and greed.
And then the exploit is out there and generated, and then it'll be used. Attackers of e.g. Norsk Hydro or Baltimore use the malware in an aggressive, targeted way. A botnet uses the malware in an aggressive, spray-and-pray way. Pentesters are another thing.
However, if the malware hits the right thing, ugly things will happen. That's what I meant with "wild-west". Don't blame the gunsmith for bullets flying around. Build a solid wall to hide behind.
Depends on the malware authors - while in many cases they're just looking for simple money through mass attacks on random machines, there certainly are may active attackers where the malware is explicitly targeted to particular victims, so they definitely know whom they're targeting, and they won't be sending payloads that brick a specific firmware version of some siemens ICS to the windows box connected to your printer.
I'm working on the defensive side, so we can actively watch new exploits via HTTP being developed, assigned a CVE-ID and splatter on the IDP system on our application clusters in very large numbers. Others of our edge systems are under constant, automated, attacks even utilizing personal information about employees. It's kind of scary, but normal.
But now things are escalating into meatspace, if I may use that term. Norsk Hydro got hit with ransomware and only the engineers on site managed to avoid the loss of the entire smelting plants. Now we have an entire city hit hard enough to be seriously impacted.
Combine this actual impact end-users have with a flashy name from a secretive agency like the NSA, and of course that name gets used.
And I guess personally, if I have to tolerate flashy names in order to get broader awareness towards the importance of cyber security, I'm not that opposed.