Tech
Pulling the plug: A way to halt a cyber attacker in your network? | Computer Weekly
There’s a cyber attack under way. An intruder is inside your network: moving freely, collecting data, and setting up a command-and-control (C&C) node for future communication. Except this time, you’re watching them – you can see what they’re doing. The dilemma remains: what do you do? Allow them to continue traversing the network while you operate, wait for forensic specialists to arrive or find a way to stop them?
Earlier this year, a BBC news report on the Co-op incident claimed that the IT team at the UK retailer “made the decision to take computer services offline, preventing the criminals from continuing their hack”.
The criminals sent a message to the BBC, stating: “Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics and torching shareholder value.”
In its statement, Co-op said it “took early and decisive action to protect our Co-op, including restricting access to some systems”, which helped to contain the issue, prevent further data being accessed and protect the wider organisation.
When questioned at the Business and Trade Sub-Committee in July, Co-op representatives did not use the phrase “pulling the plug” directly. But Rob Elsey, group chief digital information officer at Co-op, said VPN and remote access were restricted “as a way of ensuring that we were able to keep the criminals out of our systems”.
Elsey explained that software within its network was “effectively trying to communicate with a threat actor’s website”, and after identifying the source, the team took the proactive measure of pausing all communication within that zone.
This, he stressed, was not “pulling the plug”. Co-op’s systems “are heavily segregated, which means this was very much focused on one specific zone”. He told the committee: “Throughout this, all our online business continued to operate normally, and our retail stores and payments are segmented, so they were not part of this attack.”
Which plug do you pull?
Whether Co-op truly pulled the plug is open to interpretation. But in the wake of recent rulings on ransomware payments, the option to take immediate action may lead to more pragmatic decisions.
Ev Kontsevoy, CEO of Teleport, says that while pulling the plug might be an effective short-term tactic, “it’s a sledgehammer approach, not a strategy”, adding: “Taking systems offline might stop lateral movement or data exfiltration in the moment, but it doesn’t solve the root problem: how attackers got in, how long they were there and what they accessed. It also causes unnecessary business disruption, which is one of the more tangible impacts of cyber attacks these days. We should not be encouraging even more disruption by taking systems offline.”
Tim Rawlins, director and senior adviser at NCC Group, tells Computer Weekly that it is not as straightforward as simply “pulling a plug”. The critical question, he says, is which plug – one connected to the outside world, or one on the internal network?
“When people talk about pulling out the plug, we don’t want them to turn off systems completely, because then we lose all the volatile forensic evidence – the data in memory. If you pull the plug in the classic ‘turn it off, turn it back on again’ sense, that’s what we lose,” he says.
Instead, Rawlins advises proper network segmentation: “You’re trying to make it harder to get from this segment to that segment. It’s either entirely physically separated, or it’s got firewalls with additional role-based access control.”
Segmenting a network, he adds, is best practice regardless. In the event of an attack, it makes lateral movement more difficult. “If you can pull the network plug, not the power plug, then you can reduce the chances of it spreading off one host onto multiple hosts – and really that is where ‘pulling the plug’ comes in,” Rawlins says.
“There is an element of shutting down things you believe haven’t been compromised. If you can see the route they came in, you can get ahead of that and stop access to it. But you need to make sure it fails gracefully. If you just turn a system off – literally pull the plug – a lot of systems will crash.
“You can instead shut them down so they are dormant and not available to be attacked – that’s what a lot of organisations will do. The shorthand is to pull the plug; the longhand is that you’ve got to think about it a bit more carefully.”
Context matters
The issue is not simply whether to pull the plug, but what the situation demands. In a LinkedIn poll this reporter ran on this subject, 55% of respondents said pulling the plug was the best way to stop an attack in its tracks. However, comments on the poll made it clear that it’s not so binary. One respondent said it was “drastic, last resort stuff”. Others stressed the need to consider “architecture, segmentation, critical servers, type of incident and many more data points” before acting.
Tim Anderson, chief customer officer for the UK at CyberCX, explains that while taking servers offline is a common and often effective step, it is not straightforward and can introduce new risks.
“It’s important to target the right systems,” he says. “Given how interconnected modern computer systems are – both internally and to the internet – switching everything off can be complex, time-consuming and disruptive.
“Where possible, our digital forensics and incident responders prefer ‘surgical’ network isolations of specific systems or portions of the network. This effectively disconnects the impacted systems from the internet, rather than pulling the power. It can contain the attack and allow investigators crucial time to understand the scale and impact.”
Pulling the plug, he acknowledges, can sometimes be effective, but it’s not preferred. It can be highly disruptive, and sophisticated attackers often deploy methods of regaining access once systems come back online.
Admission of failure?
Another angle is perception. If you do pull the plug, are you effectively admitting failure? Rafal Los, podcast host and head of services GTM at ExtraHop, suggests yes. “That’s one of the few things I’d fire a CISO for – you’re having a security issue and you have to shut down business? You’re fired,” he says.
Los cites the 2003 SQL Slammer worm as an example of when networks collapsed entirely, leaving shutdown as the only option. But a mere 18 months later, he says, better practices allowed for more surgical interventions, like shutting down specific network segments or ports.
“In 2025, this cannot be a working strategy,” Los argues. “If the answer is ‘shut it all down’, then you’ve got what you perceive to be an uncontrollable bleed in one of your fingers, and your answer is to lop it off.”
He points out that micro-segmentation and zero trust have been discussed for years. If the playbook still ends with pulling the power cable, that signals you’ve lost visibility and control. “At that point, that is every cyber security expert’s absolute worst nightmare,” he says. “I can’t imagine giving the advice to somebody to just shut it down. That sounds, dare I say it, just irresponsible.”
The precedent
Despite these warnings, there are high-profile examples of shutdowns. According to Newsweek, a 2012 cyber attack on Saudi Aramco saw the Shamoon virus delete hard drives, forcing the company to destroy more than 30,000 computers.
Similarly, the 2021 attack on Colonial Pipeline led to several systems being taken offline to contain the breach. That move temporarily halted pipeline operations and disrupted multiple IT systems.
Los acknowledges there are extreme cases where shutting down everything is the only option. But, he said, if that’s the only solution on the table, it reflects being “wholly unprepared as an organisation”.
Rawlins agreed that cutting internet access mid-attack can sometimes make sense, as it deprives attackers of their command-and-control node. But the wider consequences – what else depends on that connectivity – must be weighed.
Final thoughts
Fictional depictions of cyber security often portray pulling the plug as the dramatic solution. But in reality, it’s rarely the final or best option. More often, it reflects poor network architecture or insufficient segmentation.
The true solution lies in preparedness: segmentation, playbooks and rehearsed incident response plans. In cyber security, switching it off and on again may work for some problems – but when it comes to an active attack, it’s rarely the best option.
Design Within Reach carries some of the best and coolest home decor you can find, from modern couches to fantastic office chairs and fun designers like Herman Miller and Dusen Dusen. It’s not a cheap store to shop at, though, which is what makes these coupons something to jump on. Unlock online-exclusive discounts of up to 50%, free shipping, plus 20% off featured brands and 15% off office furniture bundles with Design Within Reach promo codes and Summer 2025 sale events. Save on hundreds of stylish items, including our favorite Design Within Reach office chairs, plus some other fantastic home gear we’ve earmarked for testing.
Extra 25% Off at Design Within Reach
Upgrade your digs to sleek Eames-esque mid-century modern design for up to 25% off furniture with Design Within Reach promo code EXTRA25. Head to Design Within Reach’s sale page for huge markdowns of live-proof, luxe furniture and household items like storage furniture, bar stools, chairs, couches, cabinetry, accessories, and more. And don’t forget to use that Design Within Reach promo code for even more savings.
Get 15% Off Furniture With Design Within Reach Promo Codes
On Design Within Reach’s website, you’ll see an expansive catalogue with a huge range of furniture to revamp any room—from couches and credenzas to coffee tables and bar stools for way less than normal designer prices. Flos lamps, known for mixing functionality and style, are now 20% off for a limited time. These colorful table lamps start at $255, with wall sconces, pendants, and more on sale.
Summer’s here, and it’s better late than never to get some great outdoor furniture. During Design Within Reach’s outdoor sale event, you can get up to 30% off great outdoor furniture essentials, like outdoor sectionals, chaise lounge chairs, benches, and outdoor tables. You can get bonus savings with sitewide Design Within Reach promo codes during this time. But you can still save thousands of dollars, on top of 50% off markdowns. If you’ve been eyeing the Eames Lounge Chair, Aeron Chair, or Noguchi table, this is your chance to save over $1,500.
One of the easiest ways to get a design within reach coupon is by signing up for their emails. When you sign up for DWR’s email list, you’ll get 15% off your first order, plus, you’ll be the first to know of flash sale events and discount codes when the updates are sent straight to your inbox.
You can ditch the delivery fees with Quick-Ship free shipping offers. You can save up to $699 and get complimentary shipping sitewide on orders of $2,000 or more. Explore the many items with quick-ship and free shipping offers, including sofas, storage pieces, coffee tables, and more iconic furniture. Check out their New to Sale deals too, with 40% off select bar stools, 20% off sectionals, and decor for 50% off. Design Within Reach’s end-of-season sales are some of the best times to save big on those pricier purchases, but you’ll be surprised to find that many new arrivals will go on sale too. While you’re browsing the Sale section, you can use the filter button to organize by category, specific designers, brands, and even price. Unleash your inner interior designer and go wild.
Shop up to 50% Off Design Within Reach Clearance Sale Deals
Buying furniture and other household items can be one of the biggest purchases one makes in their life. Luckily, Design Within Reach has some great furniture deals, with clearance deals that are even steeper than their usual sale discounts. These deals include last-chance furniture discounts, with up to 50% off on all home categories and decor—including light fixtures, tables, ottomans, furniture cushions, and more. Check out Design Within Reach clearance deals and take advantage of the final sale prices, where furniture items are at their lowest prices yet—before they go out of stock.
More Ways to Save on Design Within Reach Furniture
Design Within Reach is also here for small business owners and design industry professionals, to help them jumpstart and elevate their businesses in style. They can apply to the free DWR Trade program, where they will receive sitewide discounts every day, a dedicated Account Executive, exclusive promotions only available to Trade members, and exclusive and discounted Trade pricing across Design Within Reach’s 200 premium design brands in one place.
Our Favorite Design Within Reach Gear
Design Within Reach has a huge range of designers and home pieces, from massive couches to decor and chargers. They carry Herman Miller pieces we love from our guide to the Best Office Chairs, plus chargers from Courant that we recommend in our Best Wireless Chargers guide. We’ve also got our eye on couches and sheets from designers like Hay and Dusen Dusen to test too that you can find at Design Within Reach.
As the Trump administration phases out the use of animal experimentation across the federal government, a biotech startup has a bold idea for an alternative to animal testing: nonsentient “organ sacks.”
Bay Area-based R3 Bio has been quietly pitching the idea to investors and in industry publications as a way to replace lab animals without the ethical issues that come with living organisms. That’s because these structures would contain all of the typical organs—except a brain, rendering them unable to think or feel pain. The company’s long-term goal, cofounder Alice Gilman says, is to make human versions that could be used as a source of tissues and organs for people who need them.
For Immortal Dragons, a Singapore-based longevity fund that’s invested in R3, the idea of replacement is a core strategy for human longevity. “We think replacement is probably better than repair when it comes to treating diseases or regulating the aging process in the human body,” says CEO Boyang Wang. “If we can create a nonsentient, headless bodyoid for a human being, that will be a great source of organs.”
For now, R3 is aiming to make monkey organ sacks. “The benefit of using models that are more ethical and are exclusively organ systems would be that testing can be meaningfully more scalable,” Gilman says. (R3’s name comes from the philosophy in animal research known as the three R’s—replacement, reduction, and refinement—developed by British scientists William Russell and Rex Burch in 1959 to promote humane experimentation.)
New drugs are often tested in monkeys before they’re given to human participants in clinical trials. For instance, monkeys were critical during the Covid-19 pandemic for testing vaccines and therapeutics. But they’re also an expensive resource, and their numbers are dwindling in the US after China banned the export of nonhuman primates in 2020.
Animal rights activists have long pushed to end research on monkeys, and one of the seven federally funded primate research facilities across the country has signaled it would consider shutting down and transitioning into a sanctuary amid growing pressure. The US Centers for Disease Control and Prevention is also winding down monkey research, part of a bigger trend across the government to reduce reliance on animal testing.
As a result, Gilman says, there aren’t enough research monkeys left in the US to allow for necessary research if another pandemic threat emerges. Enter organ sacks.
Organ sacks would in theory offer advantages over existing organs-on-chips or tissue models, which lack the full complexity of whole organs, including blood vessels.
Gilman says it’s already possible to create mouse organ sacks that lack a brain, though she and cofounder John Schloendorn deny that R3 has made them. (For the record, Gilman doesn’t like the term “brainless” to describe the organ sacks. “It’s not missing anything, because we design it to only have the things we want,” she says.) Gilman and Schloendorn would not say how exactly they plan to create the monkey and human organ sacks, but said they are exploring a combination of stem-cell technology and gene editing.
It’s plausible that organ sacks could be grown from induced pluripotent stem cells, says Paul Knoepfler, a stem cell biologist at the University of California, Davis. These stem cells come from adult skin cells and are reprogrammed to an embryonic-like state. They have the potential to form into any cell or tissue in the body and have been used to create embryo-like structures that resemble the real thing. By editing these stem cells, scientists could disable genes needed for brain development. The resulting embryo could then be incubated until it grows into organized organ structures.
“Tavajoh! Tavajoh! Tavajoh!” a man’s voice announces, before going on to narrate a string of numbers in no apparent order, slowly and rhythmically. After nearly two hours, the calls of “Attention!” in Persian stop, only to resume again hours later.
The broadcast has been playing twice a day on a shortwave frequency since the start of the US-Israel attack on Iran on February 28.
According to Priyom, an organization which tracks and analyses global military and intelligence use of shortwave radio, using established radio-location techniques, the broadcast was first heard as the US bombing of Iran began. It has since played on the 7910 kHz shortwave frequency like clockwork—at 02.00 UTC and again at 18.00 UTC.
Over the weekend, Priyom said it had identified the likely origin of the broadcast. Using multilateration and triangulation techniques, the group traced the signal to a shortwave transmission facility inside a US military base in Böblingen, southwest of Stuttgart, Germany.
The site lies within a restricted training area between Panzer Kaserne and Patch Barracks, with technical operations possibly linked to the US army’s 52nd Strategic Signal Battalion, headquartered nearby.
That identification narrows the field, but it does not reveal who is behind the transmissions or who they are meant for.
The two-hour-long transmission is divided into five to six segments, each lasting up to 20 minutes. Each opens with “Tavajoh!” before shifting into a string of numbers in Persian, sometimes punctuated with an English word or two. Five days into the broadcast, radio jammers were heard attempting to block the frequency. The following day, the transmission shifted to a different frequency—7842 kHz.
Radio communication experts believe the broadcast is likely part of a Cold War–era system known as number stations.
The Return of the Numbers
Number stations are shortwave radio broadcasts that play strings of numbers or codes that sound random—like the one now heard in Iran. “It is an encrypted radio message used by foreign intelligence services, often as part of a complex operation by intelligence agencies and militaries,” says Maris Goldmanis, a Latvian historian and avid numbers stations researcher.
Number stations are most commonly associated with espionage. “For intelligence agencies, it is important to communicate with their spies to gather intelligence,” says John Sipher, a former US intelligence officer who served 28 years in the CIA’s National Clandestine Service. “This is not always possible in person due to political constraints or conflict. This is where number stations come in.”
While the use of number stations can be traced back to the First World War, they gained prominence during the US-Soviet Cold War. As espionage grew more sophisticated, governments used automated voice transmissions of coded numbers to communicate with agents, Goldmanis says. Citing declassified KGB and CIA documents, he adds that number stations were widely used during this period, often as Morse code transmissions and, in many cases, as two-way communications, with agents reporting back using their own shortwave transmitters.
“Nowadays, you have various satellite and encrypted communications technologies,” Sipher says. “But during the Cold War and even before that, governments had to find ways to do this without being noticed, and broadcasting coded messages was one way to communicate with your assets discreetly.”
The apparent randomness of the numbers means they can be understood only with a codebook, Sipher adds. “Nobody can make heads or tails of it or understand what it says unless you have the codebook that can give you hints to decrypt the code,” he says, noting that such systems must be set up and coordinated in advance.
A Signal Without a Sender
While the likely origin of the signal may now be clearer, its purpose and intended recipient remain unknown.
Because the broadcasts are encrypted and designed to be covert, those details may remain unclear for years, Goldmanis says. The structured nature of the transmission—its fixed schedule and consistent use of frequencies—further suggests it is part of a planned operation.
How Jaxon Smith-Njigba’s contract extension impacts Seahawks
China sees rise in new FDI firms despite lower inflows
Vets to be legally required to publish price lists and cap prescription fees
-
Sports1 week agoJapan suffers shocking collapse to Venezuela in World Baseball Classic
-
Entertainment1 week agoStrategic oil stocks to be released ‘immediately’ in Asia and Oceania: IEA
-
Sports1 week agoTransfer rumors, news: Real Madrid open to Camavinga exit, as Premier League clubs circle
-
Business1 week agoNew Income Tax Act 2025 To Take Effect From April 1: 10 Key Changes That Will Affect Your Money
-
Sports1 week agoPCB files complaint over allowing Bangladesh to take review on penultimate ball – SUCH TV
-
Business7 days agoStocks and pound rise as US rate call approaches
-
Tech6 days agoJustice Department Says Anthropic Can’t Be Trusted With Warfighting Systems
-
Sports6 days agoMarch Madness 2026 – How to watch in SA, start time, schedule, TV channel for NCAA championship basketball tournament