Massive Attack

 In ITC's Threat of the Week

This week has seen some fairly big news on a number of fronts, some good, some less so, as per usual.

Let’s get the baddest news out first. The press has covered this extensively, but in case you missed it, it turns out that our warnings of the bad guys consolidating credential breaches and making them searchable to identify password reuse etc. are a considerable problem and will be for some time.

Security researchers at 4iq located a single database on the dark web (mwahahaha), which contains no fewer than 1.4 Beeellion credentials mostly in plain text. You read that right. 1.4 Beeellion.

The database is totally searchable and is incredibly professionally presented. Amazingly the top passwords are the usual:

Password                  Count

123456                       9218720

123456789                3103503

qwerty                        1651385

Unfortunately, our favourite cat related password that was in the AdultFriendFinder breach doesn’t even make the top 40.

The message here is really very clear. We must all assume that passwords we use are out there. We must stop reusing the same password on different sites and wherever possible we must enable two-factor authentication. In fact, consider if you should even use a site that doesn’t support 2FA, or multi factor authentication as it is also called to keep us Safe From Harm.

Next year will see increased levels of identity theft and online fraud and the reuse of passwords is a serious enabler to this practice.

In slightly better news, after apparently extensive negotiations the three, not Five Man Army who created the Mirai Botnet have pleaded guilty in a US court. Originally identified by the one and only Brian Krebs it is astonishing what these guys have coughed to.

Not only did they rent out their bad boy botnet for the purposes of Denial Of Service, they used it personally to generate revenue through ClickFraud to cheat advertisers out of money. Oh no we hear you cry, not advertisers? What a crying shame.

That aside, a guilty plea is a big win for US prosecutors. As we have mentioned before, prosecuting these cases is going to be very hard when the Judge, Jury and the majority of everyone else in the court room are not equipped to deal with the complexity of this shizzle.

Lately there have been a series of very odd, out of band patches, the strangest of which was the announcement of two vulnerabilities in Microsoft Defender last week, just days before the regular Patch Tuesday. We thought we might be Daydreaming when we first saw this come up, but it looks like a continuation of the July issue. Here are the facts:

  • Microsoft decided to alert the world to a new bug in the Windows Defender package, which enables remote code execution.
  • The bug is not known to be exploited currently.
  • The highly skilful and thoroughly decent boys and girls at the UK’s GCHQ discovered the bug, or so the story goes.

If you remember, we discussed another unusual Microsoft announcement about ‘features’ in the Dynamic Data Exchange functionality a few weeks ago.

As you will also recall, ‘The Shadow Brokers’ (mwahahaha) stole a significant number of US Government grade malwares written by ‘The Equation Group’ some time ago. These very naughty people are now selling these tools having given some of the secret sauce away, which were quickly used by the underworld to spread RansomWare.

We smell a fish. A big fish, a Jaws size fish. On the one hand, out of band patches (days before a regular patch) indicate that the vendor is on it, on the other it makes us worry what is really going on.

Our advice is to make sure that you patch as soon as possible to any critical announcement. Understand devices in your estate that may be vulnerable and patch them first, prioritise. Basic hygiene is the best defence against what can only be Unfinished. Sympathy will not be forthcoming.

ITC has successfully delivered tools and processes to help customers with patching planning, understanding the estate and identifying vulnerable machines. If you would like to talk to us about this, or anything else information security related, please contact us at: enquiries@itcsecure.com or call 0207 517 3900.

We were (in fact we are) going to get really wound up about the FCC’s decision to repeal President Obama’s (doesn’t he look sensible now?) net neutrality bill. The implications for the future of the Internet has (and this is the opinion of the author and not the company) dark, dystopian and divisive potential. A sad day, more so that most people who have been involved in the technology that has driven The Internet have been firmly and vocally against it. Like tears, in rain.

Happy Christmas to all. If you are stuck for a present to buy someone and they don’t have it, the 1991 Album ‘Blue Lines’ by Massive Attack is very nice. One Love.

 

Author: Kevin Whelan

Recent Posts

Leave a Comment

totw