Back to basic hygiene
Although there are few quiet moments in this world of what is now called ‘cyber security’, it is sometimes difficult to find something to write about week in, week out, especially during the summer break when we know the evil overlords are relaxing on their secret islands, sleek super yachts and of course massive submarines.
The last few months however have reversed this problem. There is simply so much activity in the nation state, organised crime and total incompetence arenas. Perhaps this blog will come to be named ‘Threats of the Minute’, who knows?
So this week, let’s take it from the top.
At a nation state level, this week’s massive story is a real spy versus spy saga.
If you believe what you read in the press, it seems that the Kaspersky suite of antivirus products have been used by the Russian Government (SURPRISE) as a distributed search tool to hunt for code and documents containing the codenames of US Government exploits. Funnily enough, Israeli agents, who hacked Kaspersky and then informed the USA, who then it would seem, informed the press, discovered this activity. Madness. We can only speculate on where they got the codenames, probably from some shadowy broker or some such?
In the world of organised crime, Hyatt Hotels ‘fessed up to the second breach of its front desk card systems in two years. Expensive hotels are a perennial target for hackers since the punters tend to be wealthy, busy and often using corporate cards. Fraud on these has little consequence to the beleaguered ‘road warrior’ and credit limits are often high. In this case it looks like Hyatt are doing a fairly transparent job of reporting the breach, even if a tad late – it finished in July
Moving down the ladder to the organised crime/incompetence border, this week saw a heist (love that word) of $60 meellion from a Taiwanese bank using (and you would never, ever guess this), a tailored attack against the bank’s SWIFT system. According to the aforementioned report, over $1 million of this was then found in the bank account of the head of the state-run Sri Lankan Litro Gas company and he has had his collar felt along with an associate. A third man, presumably a doppelganger of Richard Pryor’s character in Superman 2 remains on the run.
If you had the smarts to arrange a crafted SWIFT attack on a bank, would you transfer the money to your personal account? Doubt it. Time will tell.
Now we come to the tragic bit (harum). Hot on the heels of the on-going Deloitte debacle, where it seems that transparency only applies to the cling film that covers the prawn sandwiches and clearly having not read our prior missive regarding the misconfiguration of Amazon S3 buckets, Accenture dropped a major clanger by leaving ‘the keys to the castle’ exposed to World and his Dog via yet another misconfigured S3 bucket. Whoops. Perhaps they had a crack Deloitte consultancy team assisting with deployment?
There is a common theme to many of the recent breaches and exploits and that is basic hygiene. How many ‘misconfigurations’ or unpatched systems are enough to change the attitude of the industry to do the basics right? We do not know if these issues are lethargy, incompetence, lack of process, control failure? What we do know is that with a growing enemy we need to feed, drill and equip our troops to be best prepared for battle, and that means patching, change control, regular assessment, vulnerability management and all of the relevant defences available.
On that subject you may have missed this weeks Microsoft ‘Security Update Tuesday’, formerly known as Patch Tuesday. It patches a load of ‘critical’ and ‘important’ vulnerabilities including remote code exploits, which are in the wild of Office and Microsoft DNS. Please patch your stuff.
As a footnote, which should probably be labelled ‘yet more incompetence’, Equifax’s servers have been delivering Malvertising via a third party.
Please make it stop.
If you would like a one to one tutorial on how to slap your palm into your forehead or the best way to bang your head onto your (or your boss’) desk, or would like to discuss straightforward processes and technologies to get the basics right, please contact us at:
[email protected] or call 0207 517 3900.