Re: Security Attack

To add to this, also there is ransomware that operates at the hypervisor level so I know of cases where the VMware vms and VM disks were compromised and systems taken hostage (so not at the "O/S" level per se). I cannot talk about this however or give any references.

Niklas Iveslatt
Senior Partner

Arisant LLC ~ http://www.arisant.com
44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112 mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155

  Need to send me something securely? *Click here* <https://arisant.sendsafely.com/u/niklas.iveslatt>

On Mon, Jan 8, 2024 at 4:32 PM Clay Jackson <dmarc-noreply_at_freelists.org> wrote:

> What Kellyn said – “the list (of companies who have been hit by
> ransomware) is long and distinguished”. I personally know of several
> Oracle shops running *nix who have had at least one system compromised. In
> one case, the database was NOT compromised, “only” some
> (non-WebLogic/Oracle) externally facing web/application servers. In the
> other cases, I’m not close enough to know the specifics other than to know
> they use Oracle on *nix.
>
>
>
> Be careful out there! And keep your systems patched!
>
>
>
> *Clay Jackson*
>
> Database Solutions Sales Engineer
>
> <https://www.quest.com/solutions/database-performance-monitoring/>
>
> clay.jackson_at_quest.com
>
> *office* 949-754-1203 *mobile* 425-802-9603
>
>
>
> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
> Behalf Of *Kellyn Pot'Vin-Gorman
> *Sent:* Monday, January 8, 2024 2:56 PM
> *To:* dbryant_at_dbaontap.com
> *Cc:* l.flatz_at_bluewin.ch; dmdunyan_at_gmail.com; ORACLE-L <
> Oracle-L_at_freelists.org>
> *Subject:* Re: Security Attack
>
>
>
> *CAUTION:* This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
>
>
> I wanted to jump in here and as someone who's worked at Microsoft can
> attest, it's not just Microsoft systems. Linux and any OS is vulnerable to
> security exploits and numerous flaws have been discovered by hackers over
> the years in every OS platform. As for organizations that have
> example Oracle ransomware stories, no matter if we're talking Maersk, which
> a couple of the systems compromised where Oracle and on Solaris or UK
> health systems, there was either compromised login information that was
> gathered and used to ransom data or destroy critical data. Encryption
> often slows them down, but some are just as happy corrupting the datafiles
> and destroying recovery from backup media.
>
>
>
> There are now snapshot copies and monitoring systems that can alert with
> the help of AI when unusual access patterns occur and use protected
> snapshots to recover from. A friend of mine just went through this on the
> SQL Server side with Linux and Microsoft OS, but they had to wipe
> everything and I mean EVERYTHING(cloud domain, network, infrastructure
> VMs/storage, etc.) and build from scratch to stop the perpetrators.
>
>
>
>
>
> *Kellyn Gorman*
>
> DBAKevlar Blog <http://dbakevlar.com/>
>
> about.me/dbakevlar
>
>
>
>
>
>
>
> On Mon, Jan 8, 2024 at 2:14 PM Danny B <dbryant_at_dbaontap.com> wrote:
>
> You might check for municipalities that have been attacked. In 2018 the
> City of Atlanta was hit with a Ransomware attack which was covered quite
> extensively. They did have Oracle ERP so maybe ….
>
>
>
>
>
> Sent from my Commodore VIC 20
>
> _at_dbaOnTap
>
> www.dbaOnTap.com <http://www.dbaontap.com/>
>
>
>
> On Jan 8, 2024, at 13:47, Lothar Flatz <l.flatz_at_bluewin.ch> wrote:
>
> 
>
> Good evening,
>
> thanks. I also believe as well that encrypt datafiles the classical
> ransomware style would result in immediate denial of service.
>
> Regards
>
> Lothar
>
> Am 08.01.2024 um 18:57 schrieb Douglas Dunyan:
>
> Greetings Lothar !
>
>
>
> I am not personally aware of news articles or blogs providing that level
> of detail of ransomware events.
>
>
>
> The ransomware events I am aware of, have only been via Microsoft
> platforms. Because Oracle Databases can run on Microsoft platforms,
> depending on the attack vectors, it's conceivable to me that datafiles
> *could* become victims.
>
>
>
> I would also expect, once an Oracle File ( data, temp, control, online
> log, etc) was encrypted, the alert log would begin to log errors, and
> depending on which files, potentially crash the database.
>
>
>
> Additionally, because it is possible to access storage typically
> accessed by NFS services, any file systems mounted to Microsoft platforms
> with write access are at risk as well.
>
>
>
> I am not aware of ransomware attacks upon *nix platforms, but I expect
> they do exist.
>
> HTH
>
>
>
> Doug
>
> On Mon, Jan 8, 2024, 3:24 AM Lothar Flatz <l.flatz_at_bluewin.ch> wrote:
>
> HI,
>
> was there every a ransomeware attack were an Oracle Database got encrypted?
> Do not share ideas, just references to public available arcticles, please.
> I could not find any.
>
> Thanks
>
> Lothar
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
>

--
http://www.freelists.org/webpage/oracle-l






(image/jpeg attachment: image001.jpg)