THE TIBERIUM BLOG - recent events, threats, and all things cyber

School’s out before summer

It’s not all about making zee monies (whilst providing excellent customer service, value and security outcome, obvs) at Tiberium HQ.

As well as providing friends and family information security support (in fact all IT support as our readers will know), we all try our best to help out individuals and organisations that get into a scrape, usually because they cannot afford, or in some cases have not prioritised information security, presumably being oblivious to the growing clamour of news articles and not noticing what might be coming over the hill

As it happens, ‘What’s that coming over the hill’ was written and performed by ‘The Automatic’ who are from Cardiff, so in their case, what might be coming over the hill is something to be seriously concerned about.

By a total coincidence, at Tiberium, we prepare our customers for what may come over the hill through systems hardening (at on-boarding time, in one day, see below), continuous, measurable improvement and, most importantly, Automatically respond when, to use Cardiff as a metaphor, Swansea Town come in disguise, intent on wanton destruction. (Boom Tish)

Back to the subject. We have seen an incredible increase in a couple of types of sector/business size attacks, which are:

  • Ransomware against Schools, Colleges and other educational facilities.
  • Business Email Compromise (BEC) and related attacks, especially to small businesses.

Our anecdotal evidence is well supported. As a business, we reduce our client’s exposure and help out by sharing information and offering assistance.

We think that everyone reading this, apart from maybe UNKNOWN from the ransomware outfit REvil, also known as Sodinokib who was, in our opinion for the better, given a platform on Recorded Future’s ‘The Record’ recently will be outraged by Ransomware attacks against schools, especially state schools (in the UK), trying their very best with limited resources.

We have seen at least two London schools that have suffered exactly this, as well as perhaps five London based businesses with a small number of employees turning over under £4 Million being subjected to BEC fraud.

The BEC frauds will be discussed in another blog. If you would like to do your homework prior, have a read of this terrifying FBI warning (USA focussed but highly relevant) .

The vectors for the delivery of ransomware are not rocket science and certainly nowhere near as complex as flying a drone on Mars.

Phishing emails are a primary and successful route in, as is the exploitation of Internet-facing servers which are unpatched or have registered users with easy to guess passwords or are misconfigured.

Regular readers will recall that we have been discussing the active exploitation of unpatched Internet-facing Exchange servers for the past few weeks. We have even published endpoint prevention rules.

We all know that many organisations, from the smallest to some of the biggest, may not know how many legacy, unpatched servers facing the Internet they have. Perhaps set up by maverick IT guy  Chris (Nat) King to solve a point issue in 2007 and left alone ever since with a Post-it note  attached saying ‘DO NOT TURN OFF’.

This is bad news, more so in the case of the Exchange server issue, which is turning into the gift that keeps on taking. Having been assaulted by none other than the Chinese hacking establishment, the publication of exploit code has resulted in a huge increase in automated discovery, attack, infection and infiltration activity by criminals. The current leader’s being ‘Black Kingdom’

What we have here is a perfect storm for bad guys. Businesses who do not know they have an issue, or perhaps do not understand how serious it is, being attacked by automated systems with only limited manual resources to identify and react manually.

The growth of this sort of automated attack is precisely why Tiberium has developed a fully automated solution (FROST), which not only implements best practice configuration on day one which deals with many of the attack vectors ,including Phishing if you are using Microsoft Defender (in our opinion a rising star in the space), but also automatically remediates common attacks.

In our opinion, manual Secure Operation Centres, which phone you up to give you the great news that you have been under attack for the last five minutes, five hours, two days etc. (you get the picture), are a thing of the past. We should know because we have all grown up with the evolution of attack and defence and really, really, know our stuff.

The proof of the pudding is in the eating (especially if you are J Horner Esq.), and we would very much like to show you our wares.

This coming Tuesday (30/03/21, 0900), we have a 45-minute session that shows the day one results of implementing Tiberium FROST at a real customer.

We would really like it if you would do us the honour of attending and give us some feedback.

You can register here, there may well be a prize for the best feedback.

As we all know, there may well be a return to the office soon. Have you thought out the possible ramifications of this from a security perspective?

Back in June 2020, this issue was raised in other blogs and is now being discussed at length . Watch out for a Tiberium special over the next few weeks.

If you would like to contact us for a discussion, demo or suggestions, please do here. Your call is very important to us.

Alice Cooper’s ‘School’s out for Summer’ does have some pertinent words to describe the ransomware criminals:

Well, we got no class

And we got no principals

We ain’t got no innocence

We can’t even think of a word that rhymes

We can. Can you?

Have a great weekend, and thanks for reading.

Share on: