Crash, Bang, Wallop

 In ITC's Threat of the Week

As computer systems become increasingly integral, unavoidable and essential components of our everyday lives, the potential impact of failure does not sit easily with the drivers for development such as profit, performance and feature enhancement.

Regular readers of this blog or attendees of our Cyber Summit, which now seems a lifetime away, may recall our mutterings about the intersection of rapid development frameworks, cloud migration and containerisation.

Since our event, we have already seen issues in some of the quite old but extensively used underlying code in many containerisation deployments, which would enable an attacker to merrily jaunt through the virtual instances on a physical host, harvesting information such as cryptographic keys or passwords held in memory.

We have also seen unpatched Docker hosts being used to mine crypto currency, obviously in addition to trying to do their day jobs, which might well be something critical to an individual, a group of individuals, a town, a city, a country, you get the picture.

The amount of time between a vulnerability being even hinted at and exploited in the wild is falling faster than Michael Jackson’s record sales. This is perfectly illustrated by a couple of zero-day flaws in Microsoft platforms, which are in active use and have been for weeks now and have just been patched by Mister Softee in this week’s ‘Patch Tuesday’.

Ever keen to jump the queue for the naughty step, Messers Adobe and  WordPress have also disclosed and patched critical vulnerabilities, and when we say critical, we mean it is essential that you ensure that your systems are up to date or expect dire consequences.

Of course understanding what systems you have, together with their criticality to your business and the risk of them failing is a significant challenge, made more onerous when the status of your third-party supply chain is considered, which it must be.

ITC has a very mature set of tools, technologies and processes, which enable you to understand your risk, understand your assets and their associated foibles and be in a position to prioritise patching, or other remediation, through to dealing with a fully blown data breach. We really would love to talk these through with you. Our crack team can be reached as usual here: [email protected] or call 020 7517 3900.

Of course, the failure of computer systems can cause disruption and ultimately death. This week saw the systems of Facebook being extensively disrupted, apparently due do a change on a server (our tongues are firmly in our cheeks at this time). Bad news for users of Facebook messaging, who by all accounts turned to Telegram in their droves and will probably stay there.

We have also seen the grounding of every Boeing 737 MAX aircraft after a second crash resulting in everyone on-board perishing. It is looking increasingly likely that a software or sensor hardware issue is to blame and that pilots prior to the two fatal accidents had raised the issue, although some argue that this is no big deal.

Whatever the truth, one has to wonder if the drivers for delivery, profit or cost saving may have resulted in individuals paying the ultimate price.

Failure or compromise of your systems may not result in loss of life. They may result in loss of jobs, bonuses or profits however, and we urge you to have a rigorous programme to understand the consequences and mitigate your risks. In the meantime. Get patching.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900