We all know about patch Tuesday, the regular and often dreaded patches from Microsoft and other large vendors. Many of these patches are automagically deployed without testing, certainly in smaller organisations, and in the case of the recent SolarWinds snafu, large enterprises, large software companies, and critical government departments.
This month, Microsoft did not cover itself in glory by including a typo on the landing page which, instead of going to Microsoft.com, went to A similarly named site “Microsooft”. Whoops.
Many will be familiar with so-called ‘typo-bait domains’ or ‘typo-squatting’.
These are registered by opportunists waiting for the domain to be bought by the proper company, lightweight cyber fraudsters, and in a lot of cases, serious criminals(who also purchase the domains from the opportunists).
The bait domains’ Serious uses are password harvesting using a looky-likey page, links that look legitimate but install malware, the whole bit. They even use this tactic for business email compromise attacks, ‘w’ looks very much like ‘vv’ does it not?
We monitor for this here at Tiberium, and we can tell you when someone registers or changes a domain that looks like yours.
Lucky them for Microsoft, this particular bait site merely redirected punters to one of these very boring holding pages “findanswersnow”. This was a lucky escape for sure. One imagines that when the heads have stopped rolling, quality control will be somewhat improved in the patch Tuesday workflow. You have to feel sorry, a bit, for the junior employee, or perhaps now deceased Bot that messed up, don’t you.
Regular readers of this and other blogs that may or may not be related will be aware that we have always warned against misconfiguration, lack of controls in process, the casual use of Open Source code, etc. all of which have led to some of the biggest data breaches of all time. Amazon S3 buckets exposed to the public because of typos, ransomware being delivered to an unsuspecting organisation through weak passwords on Internet-facing RDP servers, the connection of new cloud deployments to both the Internet and the legacy network, the list goes on. We can send you a free report to show if your RDP ports are exposed, please close them!
Written in 2015, this academic piece remains bang on the money. It is worth a read.
Google is very concerned about the potential issues presented by the use of Open Source code and are building a database of open source vulnerabilities , and whilst admitting that many Open Source projects in use by themselves are privately held, want to do something about it before something bites in a big way.
Whilst this is a noble cause, it currently relies on a Google platform account and has some tight restrictions in the Ts&Cs. The major cloud vendors all use Open Source code. Look for instance at Microsoft’s new Edge browser based on Chromium, and it would be, to our mind, A Very Good Idea if the Open Source vulnerability database could be, well, err, Open Source. Time will tell.
Tiberium’s managed security platform always starts with rigorous onboarding checks to identify any misconfigurations or other issues that may be used to compromise your business. After onboarding, checks against configuration issues and other weaknesses are part of the service supported by our expert, experienced and charming team.
We would love to share our story and plans with you over a virtual coffee. Contact us, and we will send you some of our very own blend, which seems to work with the hackers, so it must be ok.