Ransomware Attack Insights from UK Retail Infosec Experts for The Stack

Lots of posts on the retail ransomware attacks. We haven't added anything on The Stack as right now I don't feel we have anything to add and we don't want to just chase a "bad things happened" story without novel insight on attack paths, etc. (Incident response professionals with meaningful stuff to share, I'm Signal at @Targett.11.) I'm told VMware vulnerabilities from March are involved... https://lnkd.in/eqWrJ5hZ It goes without saying that "do tabletop exercises" and "have segmented and up-to-date back-ups and the ability to restore from them if you lose your Active Directory" etc, are all sound advice and probably deserve repeating, but really? I'm a bit past making a story out of that. If anyone has meaningful insight beyond "buy our shiny widgets" or "fail to prepare, prepare to fail"-type nonsense, I am all-ears. Here's one thing I would say. I went to probably the only good talk at UK Cyber Week the other week. It was by the Information Security Officer at retailer River Island. His security "team", if I remember correctly, was him and two analysts. It didn't sound like they had a CISO. If there's 25 priorities, he can probably actually pick and fix 5, he said. "UK retail is on its knees" was the quote. And that was reflected in budgets and resource. (Retail probably has a very soft underbelly on the "cyber" side and infosec is still a cost centre to a lot of margin-militant retailers.) There's a lot of organisations out there making do with threadbare teams. Not everyone is a $600m-cybersecurity-budget-big-bank. Anyhow, if you *do* think you have something meaningful and un-hackneyed to add, aren't just ambulance-chasing, and possibly have inside intel on the TTPs used in this set of campaigns that aren't just regurgitating previous blogs on the apparent group's social engineering techniques, I AM interested. [email redacted] #journorequest #infosec #ransomware