Discussion:
Some attackers are going after older operating systems
(too old to reply)
Simon Clubley
2021-10-20 12:14:54 UTC
Permalink
For those of you who think that only the currently fashionable systems
get probed, this is an article for you:

https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/

Basically, the article claims other operating systems are being
probed precisely because they are _NOT_ being watched by infosec teams.

So much for anyone around here who still believes in security by
obscurity...

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Arne Vajhøj
2021-10-20 12:28:08 UTC
Permalink
Post by Simon Clubley
For those of you who think that only the currently fashionable systems
https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
Basically, the article claims other operating systems are being
probed precisely because they are _NOT_ being watched by infosec teams.
Actually the article says that the current fashionable and
biggest server marketshare OS Linux is being probed because
infosec has more focus on Windows.

Arne
Simon Clubley
2021-10-20 13:02:11 UTC
Permalink
Post by Arne Vajhøj
Post by Simon Clubley
For those of you who think that only the currently fashionable systems
https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
Basically, the article claims other operating systems are being
probed precisely because they are _NOT_ being watched by infosec teams.
Actually the article says that the current fashionable and
biggest server marketshare OS Linux is being probed because
infosec has more focus on Windows.
Erm, Arne, did you miss the Solaris references in the URL and in the
article ?

Solaris occupies the same places in organisations that VMS does and
by now probably also has the same "something different" mindset about
it to those organisations.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Arne Vajhøj
2021-10-20 15:19:52 UTC
Permalink
Post by Simon Clubley
Post by Arne Vajhøj
Post by Simon Clubley
For those of you who think that only the currently fashionable systems
https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
Basically, the article claims other operating systems are being
probed precisely because they are _NOT_ being watched by infosec teams.
Actually the article says that the current fashionable and
biggest server marketshare OS Linux is being probed because
infosec has more focus on Windows.
Erm, Arne, did you miss the Solaris references in the URL and in the
article ?
Solaris occupies the same places in organisations that VMS does and
by now probably also has the same "something different" mindset about
it to those organisations.
They also went after Solaris. And Solaris is niche today like VMS.

But the fact that they did go after Linux showed that the attackers
were not specifically going after older niche systems.

The premise that infosec teams are not watching Linux
and Solaris systems are also highly questionable.

The other argument "critical telecommunications infrastructure running
on those operating systems" on the other hand sounds way more plausible.

For a targeted attack you attack whatever OS you need to attack.

If that critical infrastructure had been running on VMS and Windows
then they would have had to attack VMS and Windows.

Arne
Simon Clubley
2021-10-20 17:16:59 UTC
Permalink
Post by Arne Vajhøj
For a targeted attack you attack whatever OS you need to attack.
If that critical infrastructure had been running on VMS and Windows
then they would have had to attack VMS and Windows.
That's exactly my point Arne.

And we have seen way too many people who seem to think that, because
its VMS, they somehow don't have to worry about the things that other
operating systems do.

Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Dave Froble
2021-10-20 17:42:08 UTC
Permalink
Post by Arne Vajhøj
Post by Simon Clubley
Post by Arne Vajhøj
Post by Simon Clubley
For those of you who think that only the currently fashionable systems
https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
Basically, the article claims other operating systems are being
probed precisely because they are _NOT_ being watched by infosec teams.
Actually the article says that the current fashionable and
biggest server marketshare OS Linux is being probed because
infosec has more focus on Windows.
Erm, Arne, did you miss the Solaris references in the URL and in the
article ?
Solaris occupies the same places in organisations that VMS does and
by now probably also has the same "something different" mindset about
it to those organisations.
They also went after Solaris. And Solaris is niche today like VMS.
But the fact that they did go after Linux showed that the attackers
were not specifically going after older niche systems.
The premise that infosec teams are not watching Linux
and Solaris systems are also highly questionable.
The other argument "critical telecommunications infrastructure running
on those operating systems" on the other hand sounds way more plausible.
For a targeted attack you attack whatever OS you need to attack.
If that critical infrastructure had been running on VMS and Windows
then they would have had to attack VMS and Windows.
Arne
A while back one of our customers had a problem. Apparently someone got to
at least one of the WEENDOZE PCs in the accounting department with a KB logger.

In addition to getting at credit card stuff, they also used "ransomware" software
to get to the rest of the PCs in the company.

Company would not pay ransom, just rebuilt all the PCs. Of course, also destroying
potential information that might have allowed some activity to be tracked.

Never came near the VMS system, which runs everything, and why company could just
rebuild all the PCs. They were advised to look closely at an inside job.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
Simon Clubley
2021-10-21 12:11:47 UTC
Permalink
Post by Dave Froble
A while back one of our customers had a problem. Apparently someone got to
at least one of the WEENDOZE PCs in the accounting department with a KB logger.
In addition to getting at credit card stuff, they also used "ransomware" software
to get to the rest of the PCs in the company.
Company would not pay ransom, just rebuilt all the PCs. Of course, also destroying
potential information that might have allowed some activity to be tracked.
Never came near the VMS system, which runs everything, and why company could just
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

That you know of.
Post by Dave Froble
rebuild all the PCs. They were advised to look closely at an inside job.
Simon.
--
Simon Clubley, ***@remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
Stephen Hoffman
2021-10-21 16:10:05 UTC
Permalink
Post by Simon Clubley
Post by Dave Froble
A while back one of our customers had a problem. Apparently someone
got to at least one of the WEENDOZE PCs in the accounting department
with a KB logger.
...
Never came near the VMS system, which runs everything,...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That you know of.
I've been directly involved in cleaning up after two ransomware attacks
against OpenVMS, and in cleaning up after various other OpenVMS
security breaches.

These projects are not fun, as OpenVMS provides no built-in or support
tools for verifying system integrity and whether the changes were
accidental or malicious.
--
Pure Personal Opinion | HoffmanLabs LLC
Dave Froble
2021-10-21 20:16:33 UTC
Permalink
Post by Simon Clubley
A while back one of our customers had a problem. Apparently someone got to at least one of the WEENDOZE PCs in the accounting department with a KB logger.
...
Never came near the VMS system, which runs everything,...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That you know of.
I've been directly involved in cleaning up after two ransomware attacks against OpenVMS, and in cleaning up after various other OpenVMS security breaches.
These projects are not fun, as OpenVMS provides no built-in or support tools for verifying system integrity and whether the changes were accidental or malicious.
I was not implying that VMS could not be affected. Just that in this case obscurity
just happened to be a friend. Better lucky than good. Even better to be both.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: ***@tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
gah4
2021-10-20 15:32:12 UTC
Permalink
On Wednesday, October 20, 2021 at 6:02:14 AM UTC-7, Simon Clubley wrote:

(snip)
Post by Simon Clubley
Erm, Arne, did you miss the Solaris references in the URL and in the
article ?
Solaris occupies the same places in organisations that VMS does and
by now probably also has the same "something different" mindset about
it to those organisations.
Many (many!) years ago, when we had running SunOS systems, there were stories
about attacks on Solaris. It seems that, at that time, Solaris was the most popular
system for running web servers. (Windows NT might have been second.)

Maybe some Solaris web servers are still running.

In any case, I suspect that there aren't many attacking VAX.
V***@SendSpamHere.ORG
2021-10-20 15:29:56 UTC
Permalink
Post by Simon Clubley
For those of you who think that only the currently fashionable systems
https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
Basically, the article claims other operating systems are being
probed precisely because they are _NOT_ being watched by infosec teams.
So much for anyone around here who still believes in security by
obscurity...
My VMS systems get virtually no attacks compared to my linux systems and
they're all in the same CIDR net.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG

I speak to machines with the voice of humanity.
Loading...