Fabrizio Baiardi

Fabrizio Baiardi

Fabrizio Baiardi is a Full Professor at Università di Pisa where he has chaired one of the first degree on security of ICT infrastructures. His main research interests are formal approaches to risk assessment and resilience of critical ICT infrastructures. Fabrizio Baiardi has been involved in the risk assessment and management of several systems and of industrial control systems with SCADA components. He has authored several papers on ICT security and currently teaches university courses on security related topics.

Welcome, Unplanned Ransomware Attack. Seriously

The news that an unplanned ransomware attack to a German hospital resulted in the death of a woman has produced a large number of comments, articles etc. One of the most interesting ones, at https://medium.com/@fluchsfriction/lessons-from-the-first-deadly-hacker-attack-on-german-hospital-2977cb13916f , stresses several important lessons to be learned. Among them, an important one is the attack was not planned. This often happens with ransomware because this attack may involve systems that are infected randomly. In other words, the way malware spreads in a network makes it impossible, even for the attackers, to predict which systems will be attacked. If we recall that several groups are renting their malware to a large number of other groups for a percentage of the ransomware, it is obvious that the number of targets increases exponentially. In my opinion, another interesting point is in the subtitle that claims that “patch all” has failed. At Haruspex, we can rephrase an old Apple commercial to welcome the first IBM PC and say “welcome, seriously”.

We have told in any occasion, meeting or workshop that the important point is patching just the vulnerabilities in the critical attack path from the attack surface to the jewels of the crown. Even more, we have developed, tested, and validated platforms that can compute which vulnerabilities to patch and shown that they are just a few percentages of all the vulnerabilities. Hence, a small number of patches can defeat ransomware and attackers provided that you know which are those to apply.

PS: According to an old legend, the original commercial was “The bastard says welcome” but this was then censured 

More to explore

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *