[Info-vax] Some attackers are going after older operating systems

Dave Froble davef at tsoft-inc.com
Wed Oct 20 13:42:08 EDT 2021 

On 10/20/2021 11:19 AM, Arne Vajhøj wrote:
> On 10/20/2021 9:02 AM, Simon Clubley wrote:
>> On 2021-10-20, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>> On 10/20/2021 8:14 AM, Simon Clubley wrote:
>>>> For those of you who think that only the currently fashionable systems
>>>> get probed, this is an article for you:
>>>>
>>>> https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
>>>>
>>>> Basically, the article claims other operating systems are being
>>>> probed precisely because they are _NOT_ being watched by infosec teams.
>>>
>>> Actually the article says that the current fashionable and
>>> biggest server marketshare OS Linux is being probed because
>>> infosec has more focus on Windows.
>>>
>>
>> Erm, Arne, did you miss the Solaris references in the URL and in the
>> article ?
>>
>> Solaris occupies the same places in organisations that VMS does and
>> by now probably also has the same "something different" mindset about
>> it to those organisations.
>
> They also went after Solaris. And Solaris is niche today like VMS.
>
> But the fact that they did go after Linux showed that the attackers
> were not specifically going after older niche systems.
>
> The premise that infosec teams are not watching Linux
> and Solaris systems are also highly questionable.
>
> The other argument "critical telecommunications infrastructure running
> on those operating systems" on the other hand sounds way more plausible.
>
> For a targeted attack you attack whatever OS you need to attack.
>
> If that critical infrastructure had been running on VMS and Windows
> then they would have had to attack VMS and Windows.
>
> Arne
>

A while back one of our customers had a problem.  Apparently someone got to
at least one of the WEENDOZE PCs in the accounting department with a KB logger.

In addition to getting at credit card stuff, they also used "ransomware" software
to get to the rest of the PCs in the company.

Company would not pay ransom, just rebuilt all the PCs.  Of course, also destroying
potential information that might have allowed some activity to be tracked.

Never came near the VMS system, which runs everything, and why company could just
rebuild all the PCs.  They were advised to look closely at an inside job.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list