THE TIBERIUM BLOG - recent events, threats, and all things cyber

Elastic Fantastic

This week, Indonesia has had more than a few serious issues with its Cyber security. 

After a month or so of communications and rectification, the Indonesian Government came clean, admitting that up to 13 Million records of travellers had been exposed to the public internet due to a poorly, or not at all, secured Elastic database, internet-facing, whoops. 

The data exposed is massively significant, and if you have travelled in or out of Indonesia, you should take the time to read this announcement from vpnMentor, an organisation that has a very interesting past and reputation. 

Hot on the heels of this disclosure was the release of the Indonesian President’s vaccination certificate, which can only lead to the question ‘what is really at play?’. At least that’s what we think over here in Cynical HQ. 

The world of “Cloud First’, Agile Development, DevOps, EAAS (Everything As A Service – The Future TM) brings rapid results along with a potential plethora of security risks. But, in our opinion, an Elephant in every Dev Team meeting is often ignored.  

You may not have heard of the term ‘Initial Access Brokers‘ (IABs, obvs), but you probably should know about them. This particular breed of miscreant, usually quite serious hackers, find a way into your systems using the usual methods – good fortune, misconfiguration, lack of patching (especially of internet-facing machines), untrained users, no rapid (preferably automated) response. 

Once in, they go on to sell access to your systems to the highest bidder, who will almost certainly ransomware you, steal your Intellectual Property or seriously disrupt your business in other ways. Access to medical providers in the States being quite common targets. These are not nice people, and they have a lot of cash to support their nefarious plans.  

Whilst IABs have been around for ages, it seems, at least according to a report by Lacework, that cloud accounts are now very much the focus of these scallywags attention. No surprise really given the dynamic and fast-moving nature of all things cloud. 

What does this mean? It means that you should: 

  • Pay keen attention to the provision and use of cloud accounts (even non administrative) 
  • ALWAYS use two factor authentication, just in time access, certificates or preferably physical tokens  
  • Have a robust and audited Joiners, Movers and Leavers process 

This is not rocket science and will significantly reduce your risk

What with this (seemingly) being the week/month/year/decade of unauthorised access, Microsoft has announced the existence of a ‘widescale credential phishing campaign‘ which uses ‘open redirector links’ to tempt users to click on links embedded in emails, which ultimately lead to the very bad stuff. 

The worry is with this technique that even employees/family members/pets that are trained to check the link URL in a browser will be fooled because the first click seems legitimate. For those who would like the full detail, the Microsoft report is very detailed and worth a read, so good we linked it twice. 

The good news for Microsoft Defender (and Tiberium) customers is that Defender for Office 365 protects against these attacks and the tooling is capable of examining past emails of all your mailboxes and deleting any of these seemingly innocuous communications.  

The incredible breadth, depth, functionality and integration of the Microsoft security product set is the reason that Tiberium‘s managed services, FROST and MYTHIC are built on Azure Sentinel with full support and integration for the Defender stack and Microsoft ecosystem, along with integrations for other product sets (especially Endpoint). 

Frost and Mythic

Our proposition is very compelling. Your systems are hardened to best practice at onboarding time and this continues during live service, with automated remediation for common attacks that is delivered within hours. Quantifiable security scoring and reporting enables you to engage with your board and staff and effectively focus investment. All supported by very knowledgeable and experienced security professionals.  

We would very much like the opportunity to present our solutions to you. You will not be disappointed. Please contact us.

The song Elastic Fantastic is from 2019 by Reverend and The Makers, it includes the lyrics: 

I like the thought that you know my name 

And that you’d beg me to make it stop 

Don’t let them know your name. Give us a call.  

Blog subscription banner
Share on: