Cyberpunk 2077 Is "Far, Far Bigger Than The Witcher 3" Says Dev

Started by Syt, October 24, 2015, 05:05:16 AM

Previous topic - Next topic

Jacob

Quote from: garbon on February 09, 2021, 10:59:58 AM
The hackers sort of claimed to though hard to know nature of what they actually took. Could just be some HR policy manuals. :D



That is standard operating procedure for hackers. Get in, download as much as they can, lock everything up, make bold claims, put on time pressure, hope that the victim cracks.

In reality, if they have hundreds of gigs or terrabytes of source code and data they don't actually know exactly what you have - but they will claim to have everything.

The ransom note they send is not necessarily a reflection of reality as much as it's a form letter with a few added details. But the victim doesn't * know *, and it's that fear and uncertainty the attackers rely on.

Jacob

Quote from: Sheilbh on February 09, 2021, 11:02:31 AM
Yeah and given their statement I think they will have had to notify their regulator (you don't if it's low risk) because the wording of that statement is "to the best of our knowledge" no personal data was touched. Which basically sounds to me like the backdoor was open, we know someone was in our systems but we can't definitively work out what they did while they were there.

My guess is that they have no evidence that personal data was touched, but until they've done a full forensic investigation they can't rule it out. And even with a full forensic investigation, you can't rule it out 100% (but maybe you can rule it out enough to satisfy regulators). But there's a lot of uncertainty there, and that's what's so damaging.

Your points are well taken though. "We got hacked, fuck 'em" is potentially a valid strategy, and of course if there are legal mandates that require it you don't have a choice.

Sheilbh

Quote from: DGuller on February 09, 2021, 12:28:55 PM
I think it's time for stuff like this to be treated on a national level.  These ransomware attacks are usually conducted across the border, so really it shouldn't be solely up to companies to defend themselves.  Defending citizens against foreign bad actors is kind of a basic job responsibility for every government.
It is often - but companies aren't always on a national level. If they've got servers, or use the cloud, or even just an establishment somewhere with a single laptop there can vulnerabilities beyond borders.

Lots of countries will have dedicated government agencies that can help companies with an attack - for example in the UK we have the National Cybersecurity Centre who provide lots of guidance but can also help in the event of an attack. But governments are generally more focused on protecting essential infrastructure - so I think several of the Baltic states have basically a reservist force of cyber experts who they can call on. That was established after the Russian attacks in the 2000s and it is like the Territorial Army or Reserve personnel, they're volunteers who can be called up in the event of a cyber attack like they experienced from Russia.

But I think governments have enough of an issue defending the essential infrastructure - transport, energy, water, finance, healthcare, telecoms, satellites. I think the focus is in general on protecting the networks and core infrastructure as far as possible. I'm not really sure if they can proactively defend general corporate IT, even if they can help reactively like the NCSC - especially because most cyberattacks aren't the result of clever, state-sponsored or highly sophisticated hacks. In general most happen because of mistakes like someone in your company falling for a phishing email and a bad actor getting into the network and elevating their privileges to an admin. Even the sophisticated state-sponsored or very smart criminal groups often use a phishing attack or stupid password security as their way in.

Honestly the biggest defence to probably the majority of cyberattacks would be if companies enforced multi-factor authentication for their employees, customers and partners - but it's disruptive and gets in the way of business/work.
Let's bomb Russia!

Sheilbh

Quote from: Jacob on February 09, 2021, 12:38:45 PM
My guess is that they have no evidence that personal data was touched, but until they've done a full forensic investigation they can't rule it out. And even with a full forensic investigation, you can't rule it out 100% (but maybe you can rule it out enough to satisfy regulators). But there's a lot of uncertainty there, and that's what's so damaging.
I agree - and from a European perspective it's a risk based assessment. So the test for notifying regulators is you notify unless it is "unlikely" to result in a risk - and obviously it's quite difficult to get to that position if you know you've been hacked. You'd need a few strong points to get to it being "unlikely" to result in a risk to individuals.
Let's bomb Russia!

Razgovory

Bought this on the Steam sale for half-price.  To get the character creation screen to come up correctly I had to roll back my video drivers.  I may have spent to much money on this.


Seriously, the game has been out for over a year.  I would have thought that these sort of problems had been ironed out by now.
I've given it serious thought. I must scorn the ways of my family, and seek a Japanese woman to yield me my progeny. He shall live in the lands of the east, and be well tutored in his sacred trust to weave the best traditions of Japan and the Sacred South together, until such time as he (or, indeed his house, which will periodically require infusion of both Southern and Japanese bloodlines of note) can deliver to the South it's independence, either in this world or in space.  -Lettow April of 2011

Raz is right. -MadImmortalMan March of 2017

Syt

I am, somehow, less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops.
—Stephen Jay Gould

Proud owner of 42 Zoupa Points.

Josquius

On sale again I note - though on sale means for a regular game price.

Too much to play and too little time though so it shall wait
██████
██████
██████

Syt

RPS seems uncharacteristically hyperbolic in its appraisal for DLC and 2.0 patch:

https://www.rockpapershotgun.com/cyberpunk-2077-phantom-liberty-review

QuoteCyberpunk 2077: Phantom Liberty review: perhaps the best expansion pack ever made
:yeahright:
I am, somehow, less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops.
—Stephen Jay Gould

Proud owner of 42 Zoupa Points.

Crazy_Ivan80