{"id":6342,"date":"2021-05-14T10:20:22","date_gmt":"2021-05-14T17:20:22","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6342"},"modified":"2021-05-17T15:33:07","modified_gmt":"2021-05-17T22:33:07","slug":"to-panic-or-not-to-panic-that-is-the-question","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/","title":{"rendered":"To Panic, or Not to Panic? That is the Question."},"content":{"rendered":"<h3><em>Update May 17, 2021<\/em><\/h3>\n<p>The story behind and around the Colonial Pipeline breach continues to evolve. Over the last 3 days we have learned that:<\/p>\n<ul>\n<li>Colonial Pipeline actually paid $5 million in ransom,<\/li>\n<li>DarkSide claims they are shutting down because they lost their infrastructure and wallets (a screen shot of their announcement is below),<\/li>\n<li>A popular cryptocurrency mixing service used by DarkSide and other cybercriminal groups, BitMix, also appears to be down, and<\/li>\n<li>Other criminal RaaS providers have announced new rules for their customers to avoid a similar situation.<\/li>\n<\/ul>\n<p>But there is still a great deal to learn from this incident to help us better understand how to address the ransomware industry, reduce the risk of becoming the next victim, and minimize the impact of a ransomware event when it does happen.<\/p>\n<p>One thing that has not come up in the Colonial Pipeline discussion so far is cyber insurance, which may have served a critical role. Cyber Insurance policies typically offer coverage for repairing the damage caused by a cyber incident, but also offer \u201cCyber Extortion\u201d options to address a ransom as well any ransom related expenses. In such cases, it would not be uncommon to use a consultant to help with negotiations and other aspects of paying the ransom.<\/p>\n<p>If Colonial Pipeline carried cyber extortion coverage, with a pipeline carrying roughly 3 million barrels of fuel each day, a $5 million ransom may have been much less than the size of any cyber insurance payout, making it a viable option for everyone involved.<\/p>\n<p>So the final question investors will want answered is regarding premium costs. In addition to the size of the policy and the risk of the covered threats, the ability of the insured to defend against those threats is a significant contributing factor. While the rest of us may judge the defense capabilities and response activities at Colonial Pipeline at a distance, any cyber insurance provider would base their premium decision on a closer inspection of their entire security profile. The presence of a single security tool could have a significant impact on premiums. For example, one Infoblox customer noted that they saved $1.3M in cyber insurance fees over a 3 year period after deploying DNS security.<\/p>\n<p>So the gas might be flowing again, but groups operating in both legal and illegal arenas continue to struggle to understand and digest all that is going on &#8211; and keeping an eye out for what might be next.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-6354 size-full\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/Russian-OSINT.png\" alt=\"\" width=\"474\" height=\"630\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Russian-OSINT.png 474w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Russian-OSINT-226x300.png 226w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h3><\/h3>\n<h3><\/h3>\n<h3><\/h3>\n<h3><\/h3>\n<h3><\/h3>\n<h3><em>Original post May 14, 2021<\/em><\/h3>\n<p>Headlines around the globe are proclaiming the Colonial Pipeline breach a &#8220;wake up&#8221; call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of &#8220;possible&#8221;, &#8220;potential&#8221;, or otherwise &#8220;Hollywood-worthy&#8221; scary scenarios being spun about &#8220;what could have happened&#8221;.<\/p>\n<p>But an attack on US infrastructure did not really surprise anyone in the security industry. <img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-6343\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/Colonial-1-300x114.png\" alt=\"\" width=\"300\" height=\"114\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-1-300x114.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-1.png 402w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>If this was a wake-up call for your security team, then they have truly been sleeping. Many papers and conference talks have been dedicated to infrastructure risks and security for two decades. And we have plenty of real-world examples from the last 10-years alone, including:<\/p>\n<ul>\n<li>A ransomware attack on <a href=\"https:\/\/www.taiwannews.com.tw\/en\/news\/3927869\">Taiwan oil and gas infrastructure caused disruptions<\/a> in early 2020<\/li>\n<li>Power Grid breaches in the <a href=\"https:\/\/www.wsj.com\/articles\/americas-electric-grid-has-a-vulnerable-back-doorand-russia-walked-through-it-11547137112\">US<\/a>, <a href=\"https:\/\/www.wired.com\/2016\/03\/inside-cunning-unprecedented-hack-ukraines-power-grid\/\">Ukraine<\/a>, and <a href=\"https:\/\/www.power-technology.com\/features\/the-five-worst-cyberattacks-against-the-power-industry-since2014\/\">more since 2014<\/a><\/li>\n<li>Attacks aimed at poisoning the water supplies in the <a href=\"https:\/\/www.nytimes.com\/2021\/02\/08\/us\/oldsmar-florida-water-supply-hack.html\">US<\/a> and <a href=\"https:\/\/www.csoonline.com\/article\/3541837\/attempted-cyberattack-highlights-vulnerability-of-global-water-infrastructure.html\">Israel<\/a> over the last year<\/li>\n<li>A <a href=\"https:\/\/time.com\/4270728\/iran-cyber-attack-dam-fbi\/\">dam in New York<\/a> was hacked with the potential to kill US citizens with a flood<\/li>\n<li><a href=\"https:\/\/www.bbc.com\/news\/world-europe-57111615\">Hospitals across Ireland<\/a> were crippled by a ransomware attack on the Irish health service.<\/li>\n<\/ul>\n<p>In short, cybersecurity professionals have been aware of the significant potential for even life-or-death consequences of cyberattacks on infrastructure, in healthcare, and other areas of modern life. And to prepare for when (not if) it will happen to us, cybersecurity professionals try to learn from others who have gone through this experience.<\/p>\n<p>So let&#8217;s see what we can learn from the Colonial Pipeline breach.<\/p>\n<h3><strong>How to respond to a breach<\/strong><\/h3>\n<p>It has long been an accepted reality that, while avoiding a breach is ideal, it will happen. So it is surprising how many companies still get their response wrong. And while the Colonial Pipeline response has not been perfect, they have done a few things right that many organizations do not.<\/p>\n<p>First, they made the hard choice to shut down services to avoid a potentially bigger impact later. <img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-6346\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/Colonial-2-300x99.png\" alt=\"\" width=\"300\" height=\"99\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-2-300x99.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-2.png 421w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>It will be fascinating to learn about the Colonial process that allowed them to reach an agreement on such a dramatic and costly decision so quickly. But, clearly, decision-makers wisely refused to rely on crossing their fingers to slow down the spread of ransomware. (A time-honored management practice, often followed by finger-pointing and buck-passing.)<\/p>\n<p>This is even more startling because they claim that the ransomware was found on Colonial&#8217;s &#8216;business systems&#8217;, and the shutdown was done to protect the systems used to &#8216;control and operate the pipeline&#8217;, even though they are likely segmented. For security professionals, that makes sense because we understand how these things can spread. So it was <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/press-briefings\/2021\/05\/10\/press-briefing-by-press-secretary-jen-psaki-homeland-security-advisor-and-deputy-national-security-advisor-dr-elizabeth-sherwood-randall-and-deputy-national-security-advisor-for-cyber-and-emerging\/\">a refreshingly aggressive decision<\/a> by Colonial to shut down the pipeline control and operation-related systems primarily as a preventive measure.<\/p>\n<p>Second, communications about the incident have been fairly proactive and reasonably transparent.\u00a0 Working with all the right authorities, Colonial appears to have only filtered or delayed information in cooperation with those authorities. Initial reports indicated a ransomware attack, a few more details came out in the first few days, and the FBI produced a fact-filled &#8220;Flash Alert&#8221; within a few days providing IoCs and other details about the attack.<\/p>\n<h3><strong>Sorry, we&#8217;ll do better in the future!<\/strong><\/h3>\n<p>The DarkSide (the ransomware used in the Colonial Pipeline attack) cybercrime group is not shy about getting coverage as they sent out a <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2020\/08\/23\/beware-of-the-dark-side-a-sinister-new-1-million-cybersecurity-threat-darkside-ransomware\/?sh=7a1f17a820e9\">press release<\/a> to introduce themselves in August of 2020. But, while most ransomware attacks are designed to cause enough fear or pain that the victim becomes willing to pay an exorbitant ransom, the DarkSide group seems to feel they have gone too far, so <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/darkside-ransomware-will-now-vet-targets-after-pipeline-cyberattack\/\">they recently issued an apology<\/a>. Their apology is ironically similar to those issued by politicians and corporations who get caught doing something unpopular or illegal. It includes the apology and a commitment to do a better job in the future, which is scary in its professionalism.<\/p>\n<p>But this raises a question that may teach us the most from this situation. Why did the people behind DarkSide feel a need to so quickly issue such a public apology, with a commitment not to cause such a public disruption in the future?<\/p>\n<p>The answer is simple. Fear.<\/p>\n<p>In this specific case, we see the President of the United States has become directly involved in responding to the attack and <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2021\/05\/11\/fact-sheet-the-biden-harris-administration-has-launched-an-all-of-government-effort-to-address-colonial-pipeline-incident\/\">bringing the full weight of the US government with him<\/a>. <img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-6347\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/Colonial-3-300x127.png\" alt=\"\" width=\"250\" height=\"106\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-3-300x127.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-3.png 358w\" sizes=\"auto, (max-width: 250px) 100vw, 250px\" \/>While there are always law enforcement efforts to curb cybercrime, this amount of attention puts DarkSide on the top of the wanted list! And it means that allies are more likely to make DarkSide a law enforcement priority as well, which means extraordinarily high levels of international coordination to find and shut down DarkSide.<\/p>\n<h3><strong>The need for better global law enforcement<\/strong><\/h3>\n<p>Don\u2019t let the section title fool you.\u00a0 We are all about the need to continually review and uplift our security skills, tools, and best practices.\u00a0 But all of our combined efforts as cybersecurity professionals are only keeping pace with cybercrime. It might be nice if someone could shut down these attacks at the source, the threat actors.<\/p>\n<p>So, ignoring those attacks rumored or suspected to be nation-state sponsored, consider all the attacks over the last decade tied to cybercriminal organizations based in countries like Russia, China, North Korea, and Iran.\u00a0 Now try to think of an example of a cybercrime group operating in those countries who were caught and prosecuted for offenses they committed outside of those countries.\u00a0 (Spoiler:\u00a0 The list will be short or blank.)<\/p>\n<p>This is due to some common principles used by organizations, like DarkSide, to reduce their risk of being caught.\u00a0 Beyond the technology used to make it hard to trace the attacks or the ransom, these include:<\/p>\n<ol>\n<li>Operate from a country that is <a href=\"https:\/\/www.csoonline.com\/article\/3147398\/why-its-so-hard-to-prosecute-cyber-criminals.html\">less likely to cooperate with extradition<\/a> and similar requests.<\/li>\n<li>Avoid attacking victims within the country you operate from.<\/li>\n<li>Avoid doing anything, anywhere, that impacts the \u2018interests\u2019 of the country you operate from.<\/li>\n<\/ol>\n<p>In the case of DarkSide, they even went to the effort to ensure the attacks facilitated by their <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/05\/11\/joint-cisa-fbi-cybersecurity-advisory-darkside-ransomware\">\u2018Ransomware-as-a-Service\u2019<\/a> (RaaS) would avoid infecting any system where Russian was the default language.<\/p>\n<p>In other words, these groups do all they can to stay off the radar of local law enforcement.\u00a0 <img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-6348\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/Colonial-4-300x118.png\" alt=\"\" width=\"300\" height=\"118\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-4-300x118.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-4.png 457w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>Even in a world of anywhere, anytime news, it remains human nature to prioritize the things that can happen to you or near you.\u00a0 This strategy makes it much more likely that local law enforcement will spend most of their time looking for local criminals who are causing problems locally. There is a clear correlation between choosing your location and your victims carefully &#8211; and remaining free.<\/p>\n<h3><strong>A wake-up call, after all?<\/strong><\/h3>\n<p>This is where change is needed most if we are to tackle ransomware and other cyber threats at the root, the threat actors themselves.\u00a0 The Internet operates without borders, and effective policing of malicious behavior will require enforcement across all borders.<\/p>\n<p>So, as they say, write your local representatives.\u00a0 They need to be reminded of how a breach affects them personally, so they are more motivated to prioritize this issue.\u00a0 And write to them often to remind them to keep it prioritized for more than 30 days after the Colonial Pipeline starts up again.<\/p>\n<h3><strong>Actionable Next Steps<\/strong><\/h3>\n<p>There are some things you can do to protect your organization.\u00a0 In the case of the Colonial Pipeline breach, there are reports that security hygiene failures were involved.\u00a0 So, if you haven\u2019t done so recently, it might be time for a review and possibly some <a href=\"https:\/\/www.cisa.gov\/cyber-hygiene-services\">testing of your organizations\u2019 defenses<\/a>.\u00a0 Since DarkSide has been around for almost a year now, many of the IoCs shared by the FBI were already known.<\/p>\n<p>And we wouldn\u2019t be surprised if phishing was somehow involved in the Colonial breach since it remains the most common attack tactic, and it is not uncommon for a <a href=\"https:\/\/krebsonsecurity.com\/2021\/03\/phish-leads-to-breach-at-calif-state-controller\/\">single user falling for a phishing email<\/a> to result in a major breach.\u00a0 Even globally recognized <a href=\"https:\/\/www.securitymagazine.com\/articles\/93073-sans-institute-suffers-data-breach-due-to-phishing-attack\">security organizations have suffered from phishing attacks<\/a>.\u00a0 So this might serve as another opportunity for user education.<\/p>\n<h3><strong>DNS Security for Detecting and Blocking Ransomware activity<\/strong><\/h3>\n<p>An attack involving DarkSide, like the vast majority of attacks, involves a great deal of internet activity.\u00a0 <img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-6349\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/Colonial-5-300x101.png\" alt=\"\" width=\"241\" height=\"81\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-5-300x101.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Colonial-5.png 364w\" sizes=\"auto, (max-width: 241px) 100vw, 241px\" \/>There are the links used in email, malicious web ads, etc., where the users\u2019 click\u2019 will require DNS to resolve and connect to the initial point of infection. And there are plenty of subsequent communications to request\/receive additional code, establish encryption keys, steal data for extra ransom pressure, provide attackers with status updates, and so on.\u00a0 So this might be the time to invest in DNS Security to be that crucial canary in the coal mine.<\/p>\n<p>Most ransomware, once inside a network, leverages DNS for C&amp;C callbacks and to spread laterally. DarkSide is no exception, and this behavior exposes them to detection by <a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\">Infoblox BloxOne Threat Defense<\/a> at the DNS layer using IoCs such as those shared by the FBI and noted in an <a href=\"https:\/\/blogs.infoblox.com\/cyber-threat-intelligence\/cyber-threat-advisory-darkside-ransomware-attack-on-colonial-pipeline\/\">Cyber Threat Advisory<\/a> from the Infoblox Cyber Intelligence Unit (CIU). Using highly accurate threat intelligence with ML\/AI analytics in internal DNS servers can also detect threat activity through its malicious behavior to block those C&amp;C communications and interrupt its activities. <a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\">\u00a0<\/a>Threat Intelligence sharing as well as automated incident response can be coordinated throughout the rest of the security ecosystem to uplift defenses and drive network-wide remediation.<\/p>\n<p>And DNS is a source of \u2018truth\u2019 that counters many evasive techniques while also providing analysts and responders with a goldmine of information to drive shorter threat investigation and faster incident response.<\/p>\n<p>So the Colonial Pipeline breach may be a \u2018wake up call\u2019 for non-security professionals in regard to the potential of such a threat and may help drive some important changes at government levels.\u00a0 But for those in security, it is just another reminder that most breaches are a failure to use the knowledge and tools available today.<\/p>\n<p>Continue to grow your teams\u2019 skills and capabilities, make adjustments to your toolsets, and then enjoy a well-earned nap.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update May 17, 2021 The story behind and around the Colonial Pipeline breach continues to evolve. Over the last 3 days we have learned that: Colonial Pipeline actually paid $5 million in ransom, DarkSide claims they are shutting down because they lost their infrastructure and wallets (a screen shot of their announcement is below), A [&hellip;]<\/p>\n","protected":false},"author":334,"featured_media":5679,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[288,498],"class_list":{"0":"post-6342","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-ransomware","9":"tag-colonial-pipeline","10":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>To Panic, or Not to Panic? That is the Question.<\/title>\n<meta name=\"description\" content=\"To Panic, or Not to Panic? That is the Question. Headlines around the globe are proclaiming the Colonial Pipeline breach a &quot;wake up&quot; call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of &quot;possible&quot;, &quot;potential&quot;, or otherwise &quot;Hollywood-worthy&quot; scary scenarios being spun about &quot;what could have happened&quot;.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"To Panic, or Not to Panic? That is the Question.\" \/>\n<meta property=\"og:description\" content=\"To Panic, or Not to Panic? That is the Question. Headlines around the globe are proclaiming the Colonial Pipeline breach a &quot;wake up&quot; call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of &quot;possible&quot;, &quot;potential&quot;, or otherwise &quot;Hollywood-worthy&quot; scary scenarios being spun about &quot;what could have happened&quot;.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-14T17:20:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-17T22:33:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png\" \/>\n\t<meta property=\"og:image:width\" content=\"457\" \/>\n\t<meta property=\"og:image:height\" content=\"316\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Bob Hansmann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bob Hansmann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/\"},\"author\":{\"name\":\"Bob Hansmann\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/28fb1d8fd532fc28e3af32405568afd8\"},\"headline\":\"To Panic, or Not to Panic? That is the Question.\",\"datePublished\":\"2021-05-14T17:20:22+00:00\",\"dateModified\":\"2021-05-17T22:33:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/\"},\"wordCount\":2089,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"keywords\":[\"Ransomware\",\"Colonial Pipeline\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/\",\"name\":\"To Panic, or Not to Panic? That is the Question.\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"datePublished\":\"2021-05-14T17:20:22+00:00\",\"dateModified\":\"2021-05-17T22:33:07+00:00\",\"description\":\"To Panic, or Not to Panic? That is the Question. Headlines around the globe are proclaiming the Colonial Pipeline breach a \\\"wake up\\\" call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of \\\"possible\\\", \\\"potential\\\", or otherwise \\\"Hollywood-worthy\\\" scary scenarios being spun about \\\"what could have happened\\\".\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-skull.png\",\"width\":457,\"height\":316},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/to-panic-or-not-to-panic-that-is-the-question\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"To Panic, or Not to Panic? That is the Question.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/28fb1d8fd532fc28e3af32405568afd8\",\"name\":\"Bob Hansmann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/infoblox-author-bob-hansmann-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/infoblox-author-bob-hansmann-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/infoblox-author-bob-hansmann-96x96.png\",\"caption\":\"Bob Hansmann\"},\"description\":\"Bob Hansmann has spent over three decades helping global enterprises and government agencies to uplift their threat prevention, detection, investigation, and response capabilities. Working in areas ranging from threat research and engineering to product management and marketing across his career, Mr. Hansmann has helped pioneer many of today\u2019s security industry standards. This breadth of experience has given him a unique perspective on finding the optimal balance between an organization\u2019s security needs with its success criteria.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/bob-hansmann\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"To Panic, or Not to Panic? That is the Question.","description":"To Panic, or Not to Panic? That is the Question. Headlines around the globe are proclaiming the Colonial Pipeline breach a \"wake up\" call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of \"possible\", \"potential\", or otherwise \"Hollywood-worthy\" scary scenarios being spun about \"what could have happened\".","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/","og_locale":"en_US","og_type":"article","og_title":"To Panic, or Not to Panic? That is the Question.","og_description":"To Panic, or Not to Panic? That is the Question. Headlines around the globe are proclaiming the Colonial Pipeline breach a \"wake up\" call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of \"possible\", \"potential\", or otherwise \"Hollywood-worthy\" scary scenarios being spun about \"what could have happened\".","og_url":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/","og_site_name":"Infoblox Blog","article_published_time":"2021-05-14T17:20:22+00:00","article_modified_time":"2021-05-17T22:33:07+00:00","og_image":[{"width":457,"height":316,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","type":"image\/png"}],"author":"Bob Hansmann","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Bob Hansmann","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/"},"author":{"name":"Bob Hansmann","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/28fb1d8fd532fc28e3af32405568afd8"},"headline":"To Panic, or Not to Panic? That is the Question.","datePublished":"2021-05-14T17:20:22+00:00","dateModified":"2021-05-17T22:33:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/"},"wordCount":2089,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","keywords":["Ransomware","Colonial Pipeline"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/","url":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/","name":"To Panic, or Not to Panic? That is the Question.","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","datePublished":"2021-05-14T17:20:22+00:00","dateModified":"2021-05-17T22:33:07+00:00","description":"To Panic, or Not to Panic? That is the Question. Headlines around the globe are proclaiming the Colonial Pipeline breach a \"wake up\" call for cybersecurity. And, with the help of a few less-principled security vendors, there are plenty of \"possible\", \"potential\", or otherwise \"Hollywood-worthy\" scary scenarios being spun about \"what could have happened\".","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-skull.png","width":457,"height":316},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/to-panic-or-not-to-panic-that-is-the-question\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"To Panic, or Not to Panic? That is the Question."}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/28fb1d8fd532fc28e3af32405568afd8","name":"Bob Hansmann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-author-bob-hansmann-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-author-bob-hansmann-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-author-bob-hansmann-96x96.png","caption":"Bob Hansmann"},"description":"Bob Hansmann has spent over three decades helping global enterprises and government agencies to uplift their threat prevention, detection, investigation, and response capabilities. Working in areas ranging from threat research and engineering to product management and marketing across his career, Mr. Hansmann has helped pioneer many of today\u2019s security industry standards. This breadth of experience has given him a unique perspective on finding the optimal balance between an organization\u2019s security needs with its success criteria.","url":"https:\/\/www.infoblox.com\/blog\/author\/bob-hansmann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/334"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=6342"}],"version-history":[{"count":7,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6342\/revisions"}],"predecessor-version":[{"id":6355,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/6342\/revisions\/6355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5679"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=6342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=6342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=6342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}