THE TIBERIUM BLOG - recent events, threats, and all things cyber

Sign O’ The Times

Bet you all know that Sino is a word that means Chinese, our ‘of China’. If not, you do now.

Recently, there has been the usual flurry of announcements of breaches, attempted, successful and otherwise, which fall into the following broad categories:

  • Ransomware
  • Ransomware
  • Ransomware
  • Bitcoin robbery
  • Nation-state Intellectual Property theft or other nefarious activities
  • Other stuff

As we pointed out in our last post, most of the Ransomware is attributed to Russian criminals (or at least Cyber Criminals obviously not related to the Russian Government whatsoever). Perish the actual thought.

The rest is usually pinned on the currency embargoed North Korea (imagine that), not to mention gangsters numerous and various.

If you didn’t catch up with our previous blog, the Irish Health Service (HSE) was brutally Ransomwared and refused to pay. An offer of help came from no other than the Russian Government, and all of a sudden, taaaa daaaa, the encryption keys and assistance were freely delivered. Presumably with a note attached saying, ‘please ask Vlad not to hurt us.

We do not believe in coincidences around here, but that seems to be a reasonable resolution. So far.

Attribution of Nation-state activity is fraught with risk. The (now infamous) Solarwinds attack has been pinned on, guess who? Yes, the Russian Government or associated outfit APT29 for some time now.

This week, none other than Microsoft announced that these baddies were back. This time going after ‘government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S’. The infection vector here is, of course, Phishing supported by social engineering

And it doesn’t end there. The pesky Russians, in this case, the misspelt Conti outfit of Irish HSE fame, have been pinned by the Feds for another 400 or so attacks on healthcare entities. What a lovely bunch.

Not wanting to be outdone, The Chinese Red Team Army (TM) has been caught red-handed by none other than FireEye (or Mandiant, same thing) attempting to bust Pulse Secure devices ‘displaying advanced tradecraft and go to impressive lengths to avoid detection. Similar to the Russians who busted them via SolarWinds before. This is really, really worth a read.

The Chinese activity should be of no surprise to anyone who can read. This activity is more than insinuated in the 14th Five Year Plan.

OK, so we have established that the Russians or Chinese Governments (and other naughty people ) are more often than often blamed for all of this. Amazing, isn’t it that we read nothing of similar UK, European or USA activities, at least not on the sites we look at. Goody Two Shoes, obvs.

Some of us at Tiberium (one in particular) has always been troubled by some of the hacking attributions. Not least the SolarWinds supply attack. “Maybe a little too convenient”, this aged, some might say legacy, spent piece of used jet trash, is often heard murmuring.

In 2001, the Russian and Chinese governments signed the ‘Sino-Russian Treaty Of Friendship‘. We do know that both of these massive, old and very different from the West, outfits play a very, very, long game, much longer than that of the one or (if you don’t really balls it up) two-term presidential terms in the USA. Imagine if…….Cyber wasn’t discussed at all during the talks preceding the signing of this treaty? Anyone that can do that, please do get in touch, and we will send you some lovely coffee!

Now certain that we are on at least a number of lists, we would want a refund if we weren’t. Let’s turn our attention to the underlying issues.

Almost all of these attacks from Nation States, Dirty Gertie from number 30, the Bored Panda Franchise, the mwahahaha gang, you get it, arrive via phishing emails, infect one or a very small number of your machines, and they spread laterally to encrypt or pillage your data. Almost all of the other attacks infiltrate via misconfigurations or unpatched Internet-facing systems.

Many businesses are running a load of systems that are just not properly configured, managed or monitored properly. They also tend to have considerable overlap in functionality, even between that of Windows Defender, which requires no licence and many do not use, and a third-party endpoint protection/AV products.

This is usually down to legacy decisions, overloaded IT resource and endless firefighting.

We really understand this at Tiberium, having been through the wringer on more than one occasion over our extensive time on the front line of support, designing, building and running managed services, the whole bit.

Our FROST and MYTHIC services deploy rapidly, seamlessly and achieve measurable results from day one. The majority of Phishing emails are dealt with, and those that sneak through are shut down automatically when they try and start the funny stuff.

Let us show you what we do, and let us help you.

In the Prince song Sign O’ The Times (do you see what we did there), he sings this:

At home, there are seventeen-year-old boys And their idea of fun

Is being in a gang called ‘The Disciples’

These bedroom idiots are the very least of your problems but could give you a nasty cold. Act now.

Sending much love to PW.

Share on: