The Danger of Management Access

  • Google maps lets you search for grocery stores, which gives a pretty good idea of the impact in an area. For people in the northern half of Sweden it could mean driving another 120km to do your grocery shopping once you find out Coop is closed.


  • I was thinking the other day about why Colonial Pipeline shutdown their flow of oil for weeks after their ransomware attack - rather than simply restoring from backup and/or keeping the oil flowing even with crippled IT operations. Then it came to mind that that more recent ransomware attacks involve much more than just encrypting or deleting data. Maybe victims of ransomware are now intimidated not to resume business as usual without first paying up, because they fear that the data will be leaked. So now even a good backups are no guarantee of a quick recovery and avoiding payment.

  • So, companies that provide 3rd party database management solutions need to do a better job of designing their software to operation with least privilege rather than simply requiring that the service account be granted SYSADMIN. You don't need admin or even read/write permission on user tables to monitor a database. There are other permissions intended specifically for querying server / database meta data and running traces.

  • Wow, that's a long way for groceries. Even I only have to go 12-15km.

    For some companies, it's about billing. In the case of the oil pipeline, they were concerned about billing, and that delayed things. As for why not restoring, who knows. Some people use online backups, and it's possible those systems were shut down. Others might not have recent backups, and data loss is a real issue. They might not easily be able to restore on top of existing data and move forward.

    There also might be issues if you have to rebuild a domain/AD structure. I don't know the extent to which this was an issue, but from friends that have gone through this, some of them get the database up quickly, but other systems take longer for some reason.


