THE TIBERIUM BLOG - recent events, threats, and all things cyber

Back in the USSR

Well, at least ten Russian diplomats will be expelled by the Biden administration in retaliation for interference in American elections and cyber attacks, including the SolarWinds hack that both the USA and #UsToo soon to be ‘England’ currently known as The United Kingdom.

The SolarWinds gig has now been firmly placed in the paws of Cozy Bear, also known as APT-29 servants of possibly more than one Russian Intelligence agency, in this case doing what bears do in the woods for the Foreign Intelligence Service – SVR.

So far, no individuals have been charged by the FBI, as have individuals from other nation-state agencies such as China. We will wait and see.

A subset of the sanctions was targeted Positive Technologies and four other Russian cyber security outfits with a significant presence in the west. Quite disturbing given that Positive sell to pretty much all of the UK Mobile Network Operators.

Is this a pre-emptive strike, or do we have another Huawei debacle on our hands? In the words of The Beatles, butchered here by Ian Fraser Kilmister, better known as LemmyHoney, disconnect the phone’.

Times are certainly getting a whole lot busier the world over for Administrations/Governments/Juntas/Dictatorships trying to defend state secrets, catch and takedown criminal activity and advise home industries on best practice.

We, and every other cyber security outfit, have been warning everyone about a vulnerability in Microsoft Exchange servers, enabling them to be backdoored for Privileged Remote Code Execution with the cheeky deployment of a shell. Attacks against Exchange servers are currently off the scale.

Of course, many businesses wouldn’t know what servers they may have facing the Internet. They may have been around for a long time (since Dave the IT guy joined a Cult) and remain unpatched like a big hole in the wall of a bank vault.

In what must be a world first, the American Department of Justice decided to something about it. They raised a warrant and proceeded to remove the rogue shells from infected USA Exchange Servers without consulting the business owners. That’s right, they hacked the hackers by hacking US businesses without telling them.

This has obviously raised praise and criticism in fairly equal measure from the Government can do no wrong lot through to the tin hat brigade via mostly sensible people. What do you think? In our opinion, the following questions need to be asked, just so the they can go unanswered:

  • How long has the DOJ had the tooling to discover and execute code against all or an identified subset of the USA’s Internet-connected machines?
  • How does it work? (Actually, that’s probably just people like us).
  • What would happen if this went wrong, leaving the nation’s email flow compromised?
  • What were the ITIL Change meeting and documentation like?

Answers here please! Bag of coffee for the most amusing answer.

Patch Tuesday

This week was of course, Patch Tuesday and Microsoft, as per, rolled out some extremely important fixes, including many to the aforementioned Exchange servers, four of which were notified by no other than the NSA. Did the NSA discover them from the Chinese or the other way round? We will never know.

His nibsness The Esteemed Brian Krebs, as usual, has done a fantastic write up of the Microsoft medicine. Please read it and do what he says. The Krebs, he knows.

As you know at Tiberium we like to inform the family designated IT serf about issues that may ruin their weekends as well as the aged relatives. This week it is the unsurprising news that a bunch of cracked copies of Microsoft Office and Adobe Photoshop are doing the rounds and are not what they seem.

The cracked copies include a special gift. That’s right a bunch of Malwares that steal everything they can from the installed machine. Bank details, virtual  currency, contacts, the whole bit. Please don’t use pirated software. Nobody wants to see developers starving now do they?

On a parting note, if you were already frothing with anger about the UK Government’s Track and Trace scheme, especially the app and its cost (calm down, calm down), you had better sit down.

The latest version of the app, released to coincide with the relaxing of lockdown rules, has

been pulled from both Apple and Google’s stores. Why? Because in their quest for data, the UKG has insisted on collecting location (and probably individuals) data centrally.

In order to use Apple and Google’s privacy secure code, third parties had to sign a contract to say that they would not do this.

Apple and Google have been insisting on this since April 2020 and if we know, why don’t the people at track and trace? It beggars belief. It really does.

Have a great weekend. Looks like the sun will be shining on Pub gardens.

If you would like to contact us and maybe see a Demo of our awesome automated SOC services, book a demo today!

Share on: