One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 1128277 |
| Date de publication | 2019-05-27 19:59:38 (vue: 2019-05-28 02:00:40) |
| Titre | A lesson in journalism vs. cybersecurity |
| Texte | A recent NYTimes article blaming the NSA for a ransomware attack on Baltimore is typical bad journalism. It's an op-ed masquerading as a news article. It cites many to support the conclusion the NSA is to be blamed, but only a single quote, from the NSA director, from the opposing side. Yet many experts oppose this conclusion, such as @dave_maynor, @beauwoods, @daveaitel, @riskybusiness, @shpantzer, @todb, @hrbrmst, ... It's not as if these people are hard to find, it's that the story's authors didn't look.The main reason experts disagree is that the NSA's Eternalblue isn't actually responsible for most ransomware infections. It's almost never used to start the initial infection -- that's almost always phishing or website vulns. Once inside, it's almost never used to spread laterally -- that's almost always done with windows networking and stolen credentials. Yes, ransomware increasingly includes Eternalblue as part of their arsenal of attacks, but this doesn't mean Eternalblue is responsible for ransomware.The NYTimes story takes extraordinary effort to jump around this fact, deliberately misleading the reader to conflate one with the other. A good example is this paragraph: That link is a warning from last July about the "Emotet" ransomware and makes no mention of EternalBlue. Instead, the story is citing anonymous researchers claiming that EthernalBlue has been added to Emotet since after that DHS warning.Who are these anonymous researchers? The NYTimes article doesn't say. This is bad journalism. The principles of journalism are that you are supposed to attribute where you got such information, so that the reader can verify for themselves whether the information is true or false, or at least, credible.And in this case, it's probably false. The likely source for that claim is this article from Malwarebytes about Emotet. They have since retracted this claim, as the latest version of their article points out. In any event, the NYTimes article claims that Emotet is now "relying" on the NSA's EternalBlue to spread. That's not the same thing as "using", not even close. Yes, lots of ransomware has been updated to also use Eternalblue to spread. However, what ransomware is relying upon is still the Wind |
| Envoyé | Oui |
| Condensat | :again @beauwoods @dave @daveaitel @hrbrmst @riskybusiness @shpantzer @todb about absurd actual actually added admin after again agenda ago all allow almost also always anonymity anonymous any anyway appears are around arsenal article atlanta attack attacks attribute authors bad baltimore because been begin behind being believe binary blame blamed blaming both bug bugs but came can cannot case cases certainly challenge challenged challenging cites citing city claim claiming claims cleans close community computers conclusion conficker conflate controllers couple course creation and credentials credible credit cybersecurity damage deliberately desktop destroys details devastated devastating develop dhs didn director disagree disclosed discussion does doesn domain doman done effort either emotet entire entirely eternalblue eternalbluescreen ethernalblue even event evidence exaggeration example exist expert experts exploit exploiting exploits extraordinary fact fair fairly false feet figured find first frame from gains generalities genius get going good got gross hacker hackers had handwaving hard harmless has have heap help here hide how however implausible includes including increasingly indeed independent independently infecting infection infections information initial inside instead interview irresponsible isn journalism july about jump know largely last laterally latest lay lead least lesson like likely likewise link look lots main make makes making malfeasance malware malware/ransomware malwarebytes management many masquerading maynor mean mention method microsoft might misleading months more most much needs network networking networking/credential networking/psexec never new news not nothing notified notpetya now nsa nytimes occasionally often once one only opinions oppose opposing opposite other otherwise out over paragraph:that part patch patches patching people phishing point points possible primarily principles privileges probably problem psexec pushing quick quote ransomware ransomware and rather reader reason recent regardless regular released relying relying upon reporter reporting researchers resides responsible rest retracted robinhood said same saw say seems seen should shows side sides since single some source specific spread spreads start stealing/psexec stolen story such support supporting supposed system takes talking technical than that them themselves then there these thing things those through time trouble true truth two typical updated use eternalblue used useful using vague vast verify version vuln vulns wannacry want warning way weaponized website what where whether which who windows within without words work worked would writing years yet |
| Tags | Ransomware Malware Guideline Patching |
| Stories | NotPetya Wannacry |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.