Learn the lessons of the past
Welcome to our first blog of this year, slightly delayed by the dreaded CV-19. In this missive, we will have a look at what is going on at the start of the year, summarise some of the big-ticket cyber security issues of last year and be bold enough to make some predictions for the year to come.
Since the start of the year there have been many attacks on servers with unpatched Log4j, which we discussed toward the end of last year. The company that runs Apache’s Maven Central Repository, Somatype have claimed to see 4 Million downloads from that repository alone, of which they claim 40% are from the UK!
With numerous other organisations seeing successful breaches, it is imperative that you validate that all your servers are patched (presumably after finding them). The basics of having an accurate asset model and prioritised patching regime cannot be understated and if you are in IT management or at board level you should be asking hard questions of your people.
- Do we know how many of our servers run Log4j?
- If not, how do we find out servers and Apache versions?
- How many of these servers remain unpatched
- Who is responsible for watching activities (internal/outsourcer)?
- Build a plan to patch all Apache servers reporting back daily on progress (please).
In other interesting news, Norton 360 antivirus now ships with (somewhat unbelievably) a crypto mining module. Running as an opt-in service, the software does what it says on the tin with Norton taking a cheeky 15%. One can only imagine how machines are teamed for mining effectiveness – something unknown at this time until the code is thoroughly pulled apart, although even that leaves the Norton Server end obfuscated. If you are running Norton360, haver a good read through the user agreements and read the article above as well as checking the status of your machines.
Looking back over the past year there are several clear themes:
Bugs in Legacy Open Source and proprietary code
Every year sees the discovery of bugs in old code, presumably in line with servers scaling out to unprecedented levels, many using open-source components, together, of course, with code that was written for single-use machines before security was even a thing.
- Log4j (as above).
- Microsoft’s Printnightmare which continues to rumble since discovery.
- The OMIGOD issues to do with the default installation of the Open Management Interface on Azure hosted Linux servers.
- Serious bugs in Dell supplied drivers which have been around for years.
Targeted supply chain attacks
The single biggest supply chain attack of last (or possibly any) year was the very popular Network Management software SolarWinds being edited to include a back door when installed on SolarWinds’ clients.
Even though the activity appeared (allegedly proven) to be nation state activity, the collateral damage was enormous requiring sleeves rolled up patching.
Ransomware, Ransomware, and more Ransomware
Targeted at individuals, businesses and critical national infrastructure by specialist criminal gangs, Ransomware attacks came thick and fast.
Possibly the most disturbing for us was the attack on the Irish Health Service which is still paying the price for the attack as systems are rebuilt (even though a decrypt key was allegedly provided).
The security dynamic changing rapidly due to Covid restrictions
When remote working was mandated, we saw a flurry of activity of people breaking into Zoom and other provider’s calls. This was followed swiftly by a drive from initially smaller SASE vendors followed by all big boys with Zero-Trust architectures to change the paradigm of on-premise security, now declared defunct in many places.
This is bound to be a theme continued into this year, so talking of which, let’s make some predictions:
Prediction 1 – Zero trust and borderless security will ripple down to smaller businesses
This will be driven by both the new approach and acceptance of home working by most forward-thinking outfits, together with the fact that a return to the office by users carrying machines that have been away from corporate security infrastructure presents something of a nightmare!
The rollout of these technologies will start to build momentum in the latter half this year and progressively move down the pipe.
Prediction 2 – Ransomware legislation will be introduced in many countries
This year will only be the start as more and more countries follow suit. Ransomware will be the hot topic at big government get togethers, presumably with the usual suspects on the naughty step.
Prediction 3 – Ransomware will continue to grow in volume and sophistication
We are only just at the start of the Ransomware journey. Attacks will continue using the techniques we see today (Phishing, utilising unpatched software on Internet facing servers etc.) but will become increasingly more difficult to detect and stop. Initial access via Internet-Of-Things devices will grow in volume.
We may see some in-fighting between Ransomware gangs which can only be a good thing, can’t it?
Prediction 4 – Supply chain attacks will grow rapidly
Probably fuelled by exploits against Unix based servers, which are on the rise already, supply chain attacks by nation-states and criminals will increase rapidly.
Supply chain attacks impacting critical national infrastructure will be seen.
Prediction 5 – Automated security protection is the only solution
Now, of course, as a provider of automated security services, Tiberium would say that, but our highly experienced (some longer in the tooth than others!) Team really believe it and to that end have developed some fantastic services to automatically protect your business.
Next week (17th January 2022, 12 pm GMT), we are running an event which shows the power of our automated and human services, showing how they work together. This will be an event using real tooling and examples and is very much worth signing up for.
We look forward to seeing you there.
Now of course, the song. Welcome To The Future is a song by Brad Paisley that takes a lovely trip down the memory lane of technology.
Let us show you the future.