Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Go Back   Calgarypuck Forums - The Unofficial Calgary Flames Fan Community > Main Forums > The Off Topic Forum > Tech Talk
Reload this Page Suncor Energy Major Cybersecurity Incident/Outage
Register Forum Rules FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 2 1 2
 
Thread Tools Search this Thread
Old 06-29-2023, 12:50 AM   #21
DoubleF
Franchise Player
 
DoubleF's Avatar
 
Join Date: Apr 2014
Exp:
Default
Quote:
Originally Posted by Fuzz View Post
How do they not have a disaster recovery plan? Rebuild from scratch? That's the plan?
It's possible the disaster recovery plan was compromised too.

I heard of an IT company like this before. I heard the clients servers, their servers and the server with the backups were all ransomwared. Some of the clients had no choice but to pay the ransom or they'd be out of business. Some clients took it as fate and closed down their businesses and retired.

It was so ####ing jaw dropping moronic.
DoubleF is offline   Reply With Quote
Old 06-29-2023, 09:06 AM   #22
Flacker
Powerplay Quarterback
 
Flacker's Avatar
 
Join Date: Apr 2006
Exp:
Default
Quote:
Originally Posted by DoubleF View Post
It's possible the disaster recovery plan was compromised too.

I heard of an IT company like this before. I heard the clients servers, their servers and the server with the backups were all ransomwared. Some of the clients had no choice but to pay the ransom or they'd be out of business. Some clients took it as fate and closed down their businesses and retired.

It was so ####ing jaw dropping moronic.
A company the size of Suncor has to have immutable offsite backups of critical systems, or there has been complacency and neglect for a long, long time. Ransomware is not a new concept.

Or there was complacency and neglect in the time to detect the compromise, and the immutable backups got impacted.
Flacker is offline   Reply With Quote
Old 06-30-2023, 12:52 AM   #23
DoubleF
Franchise Player
 
DoubleF's Avatar
 
Join Date: Apr 2014
Exp:
Default
Quote:
Originally Posted by Flacker View Post
A company the size of Suncor has to have immutable offsite backups of critical systems, or there has been complacency and neglect for a long, long time. Ransomware is not a new concept.

Or there was complacency and neglect in the time to detect the compromise, and the immutable backups got impacted.
Oh, I was just talking about some IT people being morons. I've heard of companies where the off site systems were removed for "cost cutting measures" even though the IT department was protesting.

I'm also just saying that moronic things happening to key systems is nothing new.
DoubleF is offline   Reply With Quote
Old 06-30-2023, 10:09 AM   #24
Bill Bumface
My face is a bum!
 
Bill Bumface's Avatar
 
Join Date: Feb 2003
Exp:
Default
Quote:
Originally Posted by Flacker View Post
A company the size of Suncor has to have immutable offsite backups of critical systems
Just because you have them, doesn't mean someone can't reach them if they get in the gates.

As someone wise told me "As a head of infosec, you only have to be wrong once to be screwed. As an attacker, you can try thousands of times and only have to be right once".
Bill Bumface is offline   Reply With Quote
The Following 4 Users Say Thank You to Bill Bumface For This Useful Post:
Old 07-06-2023, 12:13 PM   #25
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default
https://www.cbc.ca/news/canada/calga...ctor-1.6898118

To me, all signs point to an intruder or malware was successful in penetrating their environment and lurking/staying dormant for long enough that they don't know what devices and accounts and systems are compromised because of the spread of the malware or by potential lateral movement.

That explains why they might be wiping all accounts and rebuilding from scratch as well as replacing all endpoints in phases because they have no way of knowing that even if they restore all systems that attacker hasn't hidden backdoors, worms, etc. that could be reactivated after the all-clear.

So in this case, it's not so much about time for restoring backups, but a complete decontamination and clean sweep of all systems. That also indicates to me that given the timeframe, that the backups might have also contain those same backdoors and malware so they would need to be very careful about what to restore. If they surmise from the SIEM and forensics that someone has been poking around their network for the past 6 months undetected for example - how can you safety restore from backup without losing 6 months of business changes?
Last edited by Hack&Lube; 07-06-2023 at 12:15 PM.
Hack&Lube is offline   Reply With Quote
The Following User Says Thank You to Hack&Lube For This Useful Post:
Old 07-06-2023, 02:05 PM   #26
Azure
Had an idea!
 
Azure's Avatar
 
Join Date: Oct 2005
Exp:
Default
I work with a few companies that got hit worldwide and they chose to have a month of downtime and rebuild from scratch. Cost them millions to do so.

Not sure to avoid getting hit if the infection lurks in your system that long.

At that point it isn't as much about backups as it is perhaps detection. Gotta invest in something (Huntress, etc) that has the capability of letting you know 'hey, even though its not locking you down, you got hit and you need to deal with it.'

Otherwise it'll sit there and try to gain access to everything possible before they execution the encryption.
Azure is offline   Reply With Quote
Old 07-10-2023, 08:15 PM   #27
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default
Quote:
Originally Posted by Flacker View Post
A company the size of Suncor has to have immutable offsite backups of critical systems, or there has been complacency and neglect for a long, long time. Ransomware is not a new concept.

Or there was complacency and neglect in the time to detect the compromise, and the immutable backups got impacted.
People talk during Stampede week. May have just been a drunken game of telephone, but I heard they have no recoverable backups
Last edited by Hack&Lube; 07-10-2023 at 09:12 PM.
Hack&Lube is offline   Reply With Quote
Old 07-10-2023, 08:18 PM   #28
chemgear
Franchise Player
 
Join Date: Feb 2010
Exp:
Default
Quote:
Originally Posted by Hack&Lube View Post
People talk during Stampede week. I heard they have no recoverable backups
chemgear is offline   Reply With Quote
Old 07-10-2023, 10:50 PM   #29
Whynotnow
Scoring Winger
 
Join Date: Jun 2023
Exp:
Default
Quote:
Originally Posted by Hack&Lube View Post
People talk during Stampede week. May have just been a drunken game of telephone, but I heard they have no recoverable backups
It may be that they didn’t trust anything at all, so they may have backups but don’t even know if they are safe.
Whynotnow is offline   Reply With Quote
Old 07-15-2023, 09:30 AM   #30
CaptainReboot
Backup Goalie
 
Join Date: Sep 2005
Exp:
Default
Some of their systems are back up and they do have some clean environments now. Their environments basically had to be rebuilt. All employees are getting new laptops. Talking to friends that work there, it’s a mess but expected since they had very little controls apparently.
CaptainReboot is offline   Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 06:27 PM.
Calgary Flames
2023-24



Contact Us - Calgarypuck Forums - Unofficial Calgary Flames Community - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021