THE TIBERIUM BLOG - recent events, threats, and all things cyber

Return To Sender

It is looking more and more likely that a significant proportion of the workforce may be returning to some kind of office (at least in the UK) soon.

Some businesses have for obvious altruistic, and employee welfare reasons publicly declared a permanent work from home programme and, as it happens,  the closure of numerous offices.

Other businesses thrive on the office/face to face environment, which cannot be replaced by technology, or so the story goes. Remember the ‘Big Bang’, which pretty seamlessly replaced the open-outcry markets with electronic trading? A coincidence (we do not believe in coincidences or Unicorns) of this was that the markets became dominated by very large firms which may be deemed ‘too large to fail’, what could possibly go wrong? Oh, it did.

As many security types have been banging on about for over a year, this mass return to the office presents significant risks https://whelanonsecurity.com/back-to-life-black-to-reality/ some of which may not be predictable with current crystal ball technology.

The disappointing sections of the security industry thrive on Fear, Uncertainty and Doubt in order to sell snake oil wrapped in complex licence agreements. Expect to see many (obviously independent)) research and advisory outfits and associated industry press shrieking warnings any time soon.

We like dealing with facts at Tiberium. Facts that can drive strategy, products and customer advice. What do we think the real risks are with the mass worker influx? How can we support our clients, potential clients and, altruistically, of course, everyone who needs help?

If we were running MegaCorp or even MiddleCorp with some funds, we would probably have used these lockdowns to move as many of our production systems to the cloud, change the ‘perimeter’ paradigm, possibly with a SASE approach (there they are again) and replace every single corporate device that has been used for all this time in the home.

And then we woke up.

It is no secret that the criminal fraternity has been hijacking home routers to poison DNS lookups, using watering holes to infect corporate machines, using other home attached devices as a platform for infection of the now very old looking Thinkpad. Your teenage children’s devices are rich pickings for this.

There are two reasons for this. Money and Intellectual property (AKA Money and Money) and whilst the adversary may change depending upon your sector etc. This will be forever true.

We think that the most significant risk of bringing a Poisoned Chalice (soon to be launched by Acer) back to the office is Ransomware. Last week FatFace ( now considerably thinner due to reduced rations) allegedly paid two meeelion dollars to the clearly dyslexic Conti gang.

Let us try and help stop you from being next.

An infected machine in the office (probably unsegregated) network presents massive headache, even if you do not work in critical national infrastructure. Having sat smugly dormant until returning to Mother, the dreaded malware will awake and, most likely, do two things:

  • Phone home for instructions
  • Try and spread far and wide throughout your network
  • Encrypt your datastores, all of them
  • Exfiltrate your data, including customer information
  • Ruin your day, week, year, company
  • Hang around like a bad smell

As much as you may be on your guard, there will be very little you can do about this if you do not have an automated detection and response system with best practice configuration. That is a very tough call from a standing start, but we are sure we can help you now and make your world a safer place before day zero.

Tiberium’s FROST automated managed security service is deployed in hours, not months, at the press of a few buttons. It hardens your environment, configures best practice and goes to work on identifying and blocking threats immediately, all with quantifiable management reporting and automated workflow.

If you have a predominately Microsoft environment with an Azure presence, we can help you.

Please contact us for more information.

Have a great week!

No such person, no such zone. That’s what happens when you are Ransomwared.

Share on: