RE: Security Attack
Date: Mon, 8 Jan 2024 16:09:45 -0800
Message-ID: <025f01da4290$27ec91b0$77c5b510$_at_comcast.net>
Part of the problem here is no one releases all the information for each attack how many systems and of what type were compromised or how the attack was perpetrated.
Only the specific company/organization helping the attacked details and they are not releasing the information either.
Many attacks have nothing to do your keeping up with patching.
From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> On Behalf Of Rajeev Prabhakar
Sent: Monday, January 8, 2024 3:56 PM
To: "l.flatz_at_bluewin.ch <l.flatz_at_bluewin.ch>
Cc: ORACLE-L <oracle-l_at_freelists.org>
Subject: Re: Security Attack
Hi Lothar,
I am going to send you the links.
Regards,
Rajeev
On Jan 8, 2024 at 5:58 PM, <Kellyn Pot'Vin-Gorman <mailto:dbakevlar_at_gmail.com> > wrote:
I wanted to jump in here and as someone who's worked at Microsoft can attest, it's not just Microsoft systems. Linux and any OS is vulnerable to security exploits and numerous flaws have been discovered by hackers over the years in every OS platform. As for organizations that have example Oracle ransomware stories, no matter if we're talking Maersk, which a couple of the systems compromised where Oracle and on Solaris or UK health systems, there was either compromised login information that was gathered and used to ransom data or destroy critical data. Encryption often slows them down, but some are just as happy corrupting the datafiles and destroying recovery from backup media.
There are now snapshot copies and monitoring systems that can alert with the help of AI when unusual access patterns occur and use protected snapshots to recover from. A friend of mine just went through this on the SQL Server side with Linux and Microsoft OS, but they had to wipe everything and I mean EVERYTHING(cloud domain, network, infrastructure VMs/storage, etc.) and build from scratch to stop the perpetrators.
Kellyn Gorman
DBAKevlar Blog <http://dbakevlar.com>
about.me/dbakevlar <http://about.me/dbakevlar>
On Mon, Jan 8, 2024 at 2:14 PM Danny B <dbryant_at_dbaontap.com <mailto:dbryant_at_dbaontap.com> > wrote:
You might check for municipalities that have been attacked. In 2018 the City of Atlanta was hit with a Ransomware attack which was covered quite extensively. They did have Oracle ERP so maybe ….
Sent from my Commodore VIC 20
_at_dbaOnTap
www.dbaOnTap.com <http://www.dbaOnTap.com>
On Jan 8, 2024, at 13:47, Lothar Flatz <l.flatz_at_bluewin.ch <mailto:l.flatz_at_bluewin.ch> > wrote:
Good evening,
thanks. I also believe as well that encrypt datafiles the classical ransomware style would result in immediate denial of service.
Regards
Lothar
Am 08.01.2024 um 18:57 schrieb Douglas Dunyan:
Greetings Lothar !
I am not personally aware of news articles or blogs providing that level of detail of ransomware events.
The ransomware events I am aware of, have only been via Microsoft platforms. Because Oracle Databases can run on Microsoft platforms, depending on the attack vectors, it's conceivable to me that datafiles *could* become victims.
I would also expect, once an Oracle File ( data, temp, control, online log, etc) was encrypted, the alert log would begin to log errors, and depending on which files, potentially crash the database.
Additionally, because it is possible to access storage typically accessed by NFS services, any file systems mounted to Microsoft platforms with write access are at risk as well.
I am not aware of ransomware attacks upon *nix platforms, but I expect they do exist.
HTH Doug
On Mon, Jan 8, 2024, 3:24 AM Lothar Flatz <l.flatz_at_bluewin.ch <mailto:l.flatz_at_bluewin.ch> > wrote:
HI,
was there every a ransomeware attack were an Oracle Database got encrypted?
Do not share ideas, just references to public available arcticles, please.
I could not find any.
Thanks
Lothar
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Tue Jan 09 2024 - 01:09:45 CET