View previous topic :: View next topic |
Author |
Message |
|
NJ_
Joined: 31 Oct 2009
Posts: 3121
Location: Wallington, NJ
|
Posted: Fri Apr 08, 2022 7:37 am
|
|
|
Ouch!
IIRC, this was the same kind of attack that affected Capcom two years ago which led to a lot of stuff getting leaked.
|
Back to top |
|
|
FrodoGate222
Joined: 21 Jun 2019
Posts: 107
|
Posted: Fri Apr 08, 2022 8:20 am
|
|
|
I wonder if this has affected the development of One Piece Film Red?
|
Back to top |
|
|
DRosencraft
Joined: 27 Apr 2010
Posts: 675
|
Posted: Fri Apr 08, 2022 8:39 am
|
|
|
Yeah, once stuff was getting delayed by weeks it was clear that there were only two real possibilities; someone went in and deleted stuff, or access was being blocked as in a ransomware attack. As is always the case, someone likely got an email they thought was legit, clicked a bad link, and boom goes the dynamite. It's unlikely we will ever know for sure if they managed to root out the ransomware, or just paid off the attackers. Either way, this is likely costing them a bunch and created massive headaches.
|
Back to top |
|
|
Hoppy800
Joined: 09 Aug 2013
Posts: 3331
|
Posted: Fri Apr 08, 2022 8:59 am
|
|
|
Case closed
Toei should keep offline backups of finished episodes next time, also tell your employees not to click every email they see.
|
Back to top |
|
|
Ruhrpottpatriot
Joined: 26 Aug 2021
Posts: 68
|
Posted: Fri Apr 08, 2022 9:27 am
|
|
|
Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend. Automatically of course with a special account that nobody has access to. With that employees can only read from backup and you loose a week's work at most in the absolute worst case. Encryption keys can the be stored offline and airgapped on tape or on thumb-drives (but since flash is notoriously unreliable just go tape).
This knowledge is pretty much data security 101, but companies still try to save money and then everybody whines when things go down the drain.
|
Back to top |
|
|
ximpalullaorg
Joined: 16 Jan 2007
Posts: 396
|
Posted: Fri Apr 08, 2022 9:55 am
|
|
|
Ruhrpottpatriot wrote: | Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend. |
Offline backups are never a waste of money IMO (even with the downside of not using tapes), especially if for any reason the access to cloud providers is cut off (and this can and will happen). Not to mention, misconfigurations in AWS, Azure, etc that end up in data being exposed (or worse) are nothing new.
Without any idea of how Toei's systems are set up and which policy is being used it's difficult to say how it happened (though personally I wouldn't surprised if it was more social engineering than say, a mail) and what can be done to avoid another situation like this.
|
Back to top |
|
|
Ruhrpottpatriot
Joined: 26 Aug 2021
Posts: 68
|
Posted: Fri Apr 08, 2022 10:45 am
|
|
|
Quote: | especially if for any reason the access to cloud providers is cut off (and this can and will happen). |
A decent cloud provider will have an SLA with downtimes of 24 or 48h on average at the minimum. Even if if at some point takes longer you still have a local backup. That's what the "2" in 3-2-1 stands for: Three copies for each data, two backups (one remote and one local) and one working copy.
It also doesn't matter if you can't reach your cloud provider during the attack. Your data you pull from remote is going to be encrypted again anyway and after that, that one or two days's not going to matter much, if at all.
Offline storage is more dangerous anyway as there's really no way to make disks read only. Even if you could, you'd have to make them writeable and plug them in to the system to backup your data and that's precisely the problem. No ransomware attacks immediately. It can slumber for days, weeks if not months and then encrypt when you plug in your external drive(s).
And if the attacker is somewhat clever, they don't encrypt immediately and only when the drive is almost full to get the maximum out of it. After all, they don't care for episodes aired already, but those very close to being aired.
For you as IT-Sec you now have the problem, that you don't know when and if you're going to be attacked. You don't know what's the target.
So the only (as in: most secure) solution would be to store only one episode on each disk, which is a huge waste of money, disks and storage space. Anything else has the potential to destroy weeks of work. And that doesn't even factor in the laziness of humans. What if an employee doesn't want to go to storage to check out a new disk an plug in an old one? No security against that.
Cloud storage on the other hand, has automatic syncs for a few folders (which you can easily monitor for weird data) and then can pack disks to the brim at the remote servers. No humans involved that make errors and no storage space wasted.
And then there's the issue of restoring your data. If you plug in your backups too early you risk your offline storage getting encrypted, too. If you pull from cloud, since your user has only read access you don't risk anything.
Quote: | Not to mention, misconfigurations in AWS, Azure, etc that end up in data being exposed (or worse) are nothing new. |
Well... yeah. Duh! But the same can be said for any network configuration. So stop using networks and the internet altogether? Probably not.
|
Back to top |
|
|
Nate148
Joined: 24 May 2012
Posts: 521
|
Posted: Fri Apr 08, 2022 2:19 pm
|
|
|
Not shocked.
|
Back to top |
|
|
TheMorry
Joined: 08 May 2014
Posts: 660
|
Posted: Fri Apr 08, 2022 3:49 pm
|
|
|
Despite that i hate hacks and I'm sorry for them i really wished that awfull DB super cgi fugly movie got lost.
|
Back to top |
|
|
Penrhos
Joined: 09 Jun 2021
Posts: 169
|
Posted: Fri Apr 08, 2022 5:15 pm
|
|
|
The company I work for is spending a fortune on immutable backup solutions because of the risk from ransomware.
Just having 321 backup strategy isn't good enough anymore. Some ransomware targets backups first or may wait long enough for all your backups to have been encrypted before triggering the ransom demand. Plus there's always the issue of how much data leaks out undetected while the threat vector is active.
Firewalls. Antivirus, patching, education & uncorruptable backups are the only protection.
|
Back to top |
|
|
TarsTarkas
Joined: 20 Dec 2007
Posts: 5958
Location: Virginia, United States
|
Posted: Fri Apr 08, 2022 6:15 pm
|
|
|
Lot of companies think it is far cheaper to take the risk and pay up if they get attacked, than to pay the cash for the cyber protection and recovery in advance. Or they think it is something they can pay the lowest (cheapest) price for. And not implementing the most basic of cyber awareness training for their employees.
|
Back to top |
|
|
Covnam
Joined: 31 May 2005
Posts: 3850
|
Posted: Fri Apr 08, 2022 9:36 pm
|
|
|
Ah, that makes sense. I guess they didn't have good redundancy measures in place =/
|
Back to top |
|
|
Ruhrpottpatriot
Joined: 26 Aug 2021
Posts: 68
|
Posted: Sat Apr 09, 2022 7:16 am
|
|
|
Penrhos wrote: | Just having 321 backup strategy isn't good enough anymore. |
It's good enough if you do it right. Just taking 3-2-1 as the number of backups isn't enough. But also the original rule never said it was. At least one backup must be offsite and those backups be immutable. But -- again -- that's data protection 101.
There's really no need to spend a fortune on that, but you also shouldn't cheap out on.
|
Back to top |
|
|
vgiannell5
Joined: 10 Jan 2012
Posts: 100
|
Posted: Sat Apr 09, 2022 2:42 pm
|
|
|
FrodoGate222 wrote: | I wonder if this has affected the development of One Piece Film Red? |
I'm sure is has. They just haven't announced it just yet.
|
Back to top |
|
|
Cutty Mink
Joined: 13 Feb 2022
Posts: 26
|
Posted: Sat Apr 09, 2022 3:59 pm
|
|
|
Ruhrpottpatriot wrote: | Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend. Automatically of course with a special account that nobody has access to. With that employees can only read from backup and you loose a week's work at most in the absolute worst case. Encryption keys can the be stored offline and airgapped on tape or on thumb-drives (but since flash is notoriously unreliable just go tape).
This knowledge is pretty much data security 101, but companies still try to save money and then everybody whines when things go down the drain. |
As someone who has been in web hosting and systems administration for a decade, I agree. Not only that, but there are affordable solutions for hourly or multiple time per day backups.
There's absolutely no reason Toei should have lost more than a few hours of work.
|
Back to top |
|
|
|