Kevin BeaumontReally big #outage at #DISH in US, they’ve been offline for hours. https://www.bleepingcomputer.com/news/security/dish-network-goes-down-in-a-mysterious-outage-employees-cut-off/
The evidence with #DISH points less towards ransomware and more towards this.
I’ve been looking at the #DISH #outage situation some more. Based on network boundary, domain name changes and various other artefacts, it appears they may have experienced a destructive attack. Even their business services are MIA. They have a series of sites hosted directly by Wordpress.com, and even those have been deleted.
I would highly recommend Okta customers enable Number Challenge via Okta support on their accounts (similar to Number Matching in Azure MFA, see also LAPSUS$, NewGen, WorstGen, SS etc attacks). https://support.okta.com/help/s/article/Number-Challenge-for-Okta-Verify?language=en_US
The #DISH situation looks bad. They haven’t recovered services 5 days later, and haven’t provided any transparency at all around what has happened. Their share price dropped 8% yesterday.
The #DiSH “internal system outage”, as they described to shareholders on results day, turns out to be due to a #ransomware attack they’re still recovering from, with data exfiltrated. We only know as they were legally required to disclose to regulators.
https://techcrunch.com/2023/02/28/dish-cyberattack-personal-data-theft/
#DISH are still trying to recover from their ransomware/destruction incident. Their share price has not recovered either.
#DISH did have a webpage up about their “system issues” (read: NotLapsus style destructive attack), but now it has basically replaced its front page banner with ‘we fucked, yo’. Nightmare fuel incident clearly, most of their boundary systems appear to still to be missing.
DISH ransomware incident from months ago - which they tried to cover up as an IT outage - impacted 300k people in terms of data exfil. They also covertly paid ransom. https://www.securityweek.com/dish-ransomware-attack-impacted-nearly-300000-people/
For anybody interested, here is DISH share price - where it starts falling was the start of the ransomware incident.
There’s a similar fall on Rackspace, which also had a ~50% share price fall and hasn’t recovered.
I’ve been tracking a range of big ransomware incidents recently, there’s a new pattern emerging where when firms try to obfuscate what happens from investors, they flee. It’s pretty wild.
👾cosmicvisitors@GossiTheDog seems like an incentive for hackers to short stocks aggressively prior to executing their hack..
Matt Kirby@cosmicvisitors @GossiTheDog oh, that's a scary thought! Encrypt, exfil, bet company fumbles the response
0x726f63636f@mattkirbylondon @cosmicvisitors @GossiTheDog the opposite could also make a lot of infosec people rich. Figure out how long it takes onnaverage for the markets to forget the attack, and you'll know when to buy at a discount before the stock starts to rebound.