THE TIBERIUM BLOG - recent events, threats, and all things cyber

Send Me a Letter

In last week’s blog, we talked about the bad news for those running in-house Exchange servers being exploited by an unpatched (aka Zero Day) Remote Code Execution issue, initial being exploited by nation-state type hackers.

Exploitations of un-patched shizzle grow very much like bacteria on agar jelly. See this terrifying video to understand the similarities. So it is for this particular nasty.

Researchers various have released Proof Of Concept code for the exploit, and of course, the man+dog of criminals, script kiddies, bored or disgruntled employees have taken this and are now, shall we say, right on it.

So serious is this issue that Microsoft removed the POC code from Github, which of course they own, causing much consternation from the ‘told you so’ brigade’ in the process – one rule for them, one for us. Clearly, POC code is available from other reputable (haha) repositories.

We understand Microsoft’s position on this. Apparently, the POC code was a whisker away from deployable, and why would you publish vulnerabilities that could be used against your own customers? Imagine the fallout if a large number of breaches of Exchange servers were pinned on code published on one of your managed repositories. That would be share price impacting and governance questioning, would it not?

A really decent write up of the vulnerability is here. When exploited, it provides admin-level access and is now being used to deploy a new strain of ransomware called DEARCRY!.

When Sandy Shaw sang ‘Send Me a Letter’ in May 1969 (it was on the B side Think It All Over for you Pop Pickers), the world of mail was very straightforward. Letterboxes were very rarely used for nefarious purposes other than burglary, arson and the delivery of bad smells.

Fifty years later, digital mailboxes are being used for, err, pretty much the same (apart from the arson part). The only difference is they are being busted automatically at the speed of light.

To effectively protect against a digital onslaught generated and executed by machines, it is essential to protect and defend yourself in the same manner – AUTOMATICALLY, with a full understanding of your weaknesses. If you cannot respond automatically, it will be a turkey shoot for the bad guys who have spent ages preparing the tech to deliver the attack, safe in the knowledge that will overwhelm a significant number of targets in short order and collecting the monies in days (mwahaha).

This week, Tiberium released two new managed services FROST (fully automated) and MYTHIC (automated supported by a crack team of cyber defenders). As part of onboarding, our systems identify what you have, your issues and even give you a score. This enables you to prioritise operational remediation through patching and may even identify an Exchange server or another vulnerable Internet-facing asset (think RDP servers).

Tiberium FROST
Tiberium MYTHIC

But that is not the end of the story at all. Not even close. When Tiberium designed these services, they were designed with an automated response, at the core, from the ground up. in our opinion and experience (and we have some experience around here), this is the only way to protect your assets from nation-states and criminals alike.

We know that a lot of managed service businesses make bold claims. What we have built is groundbreaking, cost-effective and really works. Contact us and arrange a demo.

The marketing spiel now over. Any readers who have been following this blog or other similar will know that a real bugbear of ours is the use of shared libraries, code etc., delivered in a hurry on Internet-facing (often containerised) systems without proper checks and balances.

Delivered by Agile’ Tribes’ of developers, who are obviously being played to maximise productivity (at what cost?) the risks are massive and continue to lead to breaches, supply chain and other.

This week 4000 very dodgy python modules were uploaded to the Python Package Index. These all had similar names to trusted modules and could easily be implemented by mistake at 0427 by Team Hobbit trying to beat Team Uruk-Hai.

If you have teams of developers that you are flogging within an inch of their lives, albeit in beautiful offices with free food, beer, pool tables, slides, bean bags, you may want to think about your governance processes around open source. Tools are available.

The Sandy Shaw song’s lyrics are more nursery than Humpty Dumpty falling off a wall having just been hatched, so for this week’s musical quote we turn to the fantastic Nick Cave and his ballad Love Letter.

A plea, a petition, a kind of prayer

I hope it does as I have planned

The time for hope is over. Get automating your security outcomes. We can help.

Wishing all you mums a Happy Mother’s day and be assured we fully support National Women’s Day. You will be unsurprised to know that we are particularly in awe of Ada Lovelace.

Have a great weekend.

Share on: