More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.
While looking on twitter this morning I discovered a tweet that pointed to the following article, which is relatively devoid of details but none-the-less extreme interesting to those who follow virtualization security: Fired techie created virtual chaos at pharma company. This article points out an external attack that lead to management access of a virtual environment. Now we do not know if the attack was using antiquated credentials or some other means. But what we do know is that VMs were deleted by an external source that used to be a former employee. Hoax or not, this is a very serious issue brought to light.