Cozy Bear the solarwinds crew
We should be worried.
Knew this was not just mailboxes, bur Microsoft effectively covered it up.
Something big going down.
66 publicly visible posts • joined 8 Jul 2013
Ties in nicely to the Combi/FIN7 incident.
Notorious FIN7 gang Cybercrime gang posed as penetration testing firm to recruit hackers
35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang, realised it was actually an eCrime unit after joining.
Beware those startups!! Its all starting to fall in place, gangs such as PYSA leave notes about 'better security' and improving posture after payment.
The attackers have sys admin skills as well as pen-testing skills, they are converted IT workers some of them. They are operating as business units, with targeted BUs, organised reconnaissance, front end correspondence helpdesks.
Absolutely this rings true for me, I have personally witnessed it. What is missing from the RDP explainers is that: RDP is AKA terminal services gateway a command line authentication medium. It can be authenticated against in non-GUI command form with repeated password brute force tooling easily. I think that would help folks understand. Threat actors absolutely went after all these new RDP setups, +768% is certainly what I would expect from my CERT position.
Also, some genius MSPs decided to leave Administrator as an option over RDP. Administrator does not have a default lockout as standard. So they get smashed first.
Hackers love recon. They pull usernames from that recon, start using these gleaned usernames on the available RDP services, they get smashed next.
Sites don't restrict GEO or remote access to their RDP. Any IP in the globe can attempt access for full desktop control. Madness. But thats the pandemic.
People have been very slow to learn, Windows O/S and RDP is not a secure or workable soluton for remote working. At all. Firewalls and web servers are things designed to face the internet, not RDP. RD Gateway will still be an easy win with a phishing creds steal.
I have seen over a dozen institution ransomware cases 90% started with pandemic induced RDP. Most had alternating actual malicious tooling/binary delivery methods/TTPs - thats different groups attacking via the same initial vulnerability.
I used to ponder whats the worst multi-nation cyber attack that could happen, within the remits of commercial infosec? A supply chain attack against a major U.S. systems supplier. In the mould of Not Petya M.E. Doc update alteration(was that a practice run)?
Well its happened and they try to keep a lid on this. So since March/April high profile companies with large CERT teams nevertheless have been compromised and who knows how many have had this threat actor floating in their network yet not caught until December. Plenty of time to implant further beacons. Microsoft, Lockeed, Nuclear weapons agency, U.S. Treasury, FireEye, where does the list end..
Increase your logging to centralised logging including PowerShell if Windows and perform widespread backups to offline/segreagated backups. Also ensure you are using LAN segmentation with VLANs, not flat LANs!
Investigate the intrusion and restore from backup. Some extra security steps mean no payment needed.
Don't get me wrong, implement Defence in Depth and next-get Anti-virus capable of heuristic detection of process injections and Firewalls capable of detection unusual session traffic, but good security can use accept breach and handle the unknown threats.
RDP lockdown solution or email. Secure both extensively and get that RDP behind VPN. Plain text email, Mark all external emails as external, mail filtering solution too. All public IP resources such as pulse VPN endpoints must have absolute priority in patching.
If it’s another vector such as chain supply attack, your isolated backups, VLAN segmentation and segregated endpoint logging will help.
Also South Korea:
https://indianexpress.com/article/explained/coronavirus-covid-19-italy-south-korea-6317647/
The Ministry of the Interior and Safety developed a mobile phone app, “Self quarantine safety precaution”, to keep tabs on “super spreaders” of the infection. The app monitors the GPS coordinates of those under home quarantine, and alerts the government if they step out.
China WeChat Apps enforcement:
https://news.sky.com/story/coronavirus-italy-struggles-to-cope-as-chinas-cases-slow-11949189
Italy was mentioned as tracking on Sky News live, but no record of it on the Internet seen.
How can I join for a useful on-going alternative to COMMERCIAL NET © what used to be known as the Internet. After all the writings on the wall for wikipedia.ORG and useful free sites.
I would like to submit my application to your alternative Internet and offer the possibility of extending it in the future through a local Wifi MESH.
There is no UK representative of Libremesh we need to change that
https://libremesh.org/
Guifi.net Iberian peninsula http://guifi.net
FreiFunk Germany http://freifunk.net
FunkFeuer Austria https://www.funkfeuer.at
Ninux.org Italy http://ninux.org
AlterMundi Argentina http://altermundi.net
I'm all for banding together and creating a MESH network of inter-connected national WIFI points and locally adminstered server content and services. We don't need these giant ISPs, CDN bohemoths and Internet giants. The corporate commercial Internet can be left by householders and non-commercial pioneers.
The tech is there now, just need some good long distance beaming between towns.
A separate Internet can be formed, just band together and do it........ I'm waiting for it to happen. The only global firm i'd want to be part of it in some way would be a wikipedia.
@frontline_ops
https://mashable.com/2018/01/09/mesh-networks-provide-alternative-intenet-connection/#igk1CqVMYqql
Yes the Internet is the new battle space, and also the arena for influencing hearts and minds.
So witness now how it is being ring fenced with favoured tech giant providers in national geographies, chiefly by the search provider/service provider:
Yandex
Ten-cent/Baidu
In the years to come we could withness the regionailisation of the Internet and barriers put up around TLDs and address space.
A large donation of campaign money was donated to Darren Grimes 'social media campaigner' who passed that money on to Aggregate IQ -- AggregateIQ had just been a short-term “contractor” to Cambridge Analytica.
Robert Mercer of Cambridge Analytica is good friends with Nigel Farage, who does seem to spend a lot of time in the states these days... with these Trump aides. "Andy Wigmore, Leave.EU’s communications director, told me that it was Mercer who had directed his company, Cambridge Analytica, to “help” the Leave campaign."
Cambridge Analytica has data points such as social media, financial, residential, employment and connections on many millions of people. They can target individuals using tracking in browsers as well as social media. They can understand who are vulnerable and target them. They can influence voters with online targeting and media targeting to smear opposition to encourage voters to stay at home. The Guardian has done some top notch investigative journalism on this.
https://www.theguardian.com/politics/2017/nov/21/electoral-commission-documents-reveal-more-details-on-vote-leave-donations
The value of US dollar is heavily based on confidence and reserve currency status based on US Gold reserves, rather than the IOU value of gold in the vaults.
The value of Bitcoin is based on confidence in proven cryptographic hash calculations and the confidence in the difficulty of such.
The US dollar is heavily transacted digitally.
Bitcoin is entirely digital.
The US dollar is preserved by US hegemoney, some gold reserves, currency float valuation and US Securities.
Bitcoin is preserved by CPU power and limited supply.
Surely the next big thing is the malicious actors sussing out the 'Bouncer' system wholesale and creating bots that grow within 6 months to hundreds of thousands.
I'm thinking apps such as the face swap apps and these sorts of crazes, with seemingly low numbers of face swap apps from large coding houses, instead many curious little coding houses offer them.
Because very few people run AV or have MDM full lock down on their Android phones....
Yep including:
Slagging each other off behind closed doors in conferences
CEOs calling out other NextGen InfoSec companies tech and strategy in press articles
Poaching each others staff, with younger non-public companies offering large options.
Undercutting each other at tenders
Shameless job hopping around NextGen InfoSec by SEs and Sales leaders
3rd largest cloud hosting company with their own data centres
O365 drive going very well, Outlook the most advanced and favourite email client, Word and Excel dominate
Microsoft Active Directory still the favoured enterprise user catalogue and authentication system
Still the favoured corporate OS
Microsoft shares are at their highest in 10 years and 4 x what they were in 2008.
They have a place in the corporate computing world, but maybe not in the home anymore!
For Kotkin, at the heart of Brexit was the calculated decision to respond to low birth rates by importing cheap labour :
Yes, it was lazy economics, Gov don't fix the issues, instead allow migration to give us economic growth.
But now, our population will not get to the 80 million with no space on the roads and STEM jobs handed to immigrants with degrees. Its the one potential hope that comes from the mess of Brexit. Fix the STEM shortage by funding STEM degrees. Promote and train staff to advanced positions.
My hope is, we follow and are seen to be similar to the Switzerland model.
We still have the vast city of London with its global outlook, Tech hub.
The new government surely realise trade and commercial continuity are key and will keep many agreements in place. Its possible they even negociate a deal that keeps much of the EU policies as they are, after all, most MPs dont want to sever links with europe.
Otherwise, Dublins going to get a second Celtic tiger revival.........
I'm starting to see a lot of parallels between the IT industry and the banking industry.
Huge size, employing large amounts of employees in cities.
Beholden to shareholders somewhat for most.
Global industry employing the brightest of certain specialists plus others in company running.
Leading edge adaptation of new working methodologies and restructuring.
Ruthless cost cutting.
Its beyond most peoples comprehension that Amazons original market was Geeks buying heavy expensive technical books and manuals, Cisco and Microsoft press books. From there they conquered the book world and beyond.
The web was orginally a document sharing service populated by computer operators and universities and now is critical to business and most commercial businesses consider launching primarily as a website.
Geeks favoured Apple devices and these days they are the prominant mobile and premium business laptop.
When machines replace workers in site automation and self-learning AI automation robots, the geeks will be kings.
Amusing read. Whats happened in the 20-teens is the marketing industry has blown up and jumped on/attached itself to the IT industry. People are paid thousands and thousands to hype apps/advertise in the channel/run stands at infosec/Perform SEO for industry giants/viral marketing.
Successes like Uber and AirBnB encourage it, but those are Californian digital disrupters. it doesn't seem very English to create such things. We are more liekly to succeed with purposeful Apps and leave the guff to California.