FBI Security Alerts

[rthonpm]

The reason why this is happening is because they see Biden as a pushover. He better act and it better be severe or the cyber attacks will only get worse.

Wouldn't matter who is in the White House, that's never been a concern for state actors or criminal groups. There's no enthrallment to American politics, state actors know that no-one is going to a shooting war over ransomeware and corporate hacks as long as they don't affect critical infrastructure, and criminals are deep enough into the shadows that they can always design some plausible deniability or get cover from a state agents.

Attacks like this have been happening for years, it's just becoming more of a commodity service as opposed to always being nation states. There are even criminal organisations that will do ransomeware as a service for a cut of any ransom.

The real issue is the state of most corporate networks is incredibly sloppy, or pieced together thanks to the need to keep legacy software floating around or just the offloading of access and management to centralized systems where one attack gives access to multiple networks at once.

In many ways, this is just an escalation of the same kind of industrial espionage that nation states have pursued for years, except now it can also be used to not only exfiltrate data, but also to gain money from the fools willing to pay ransom, but not willing to pay to backup and protect their data. Everything old is new again.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

Wouldn't matter who is in the White House, that's never been a concern for state actors or criminal groups. There's no enthrallment to American politics, state actors know that no-one is going to a shooting war over ransomeware and corporate hacks as long as they don't affect critical infrastructure, and criminals are deep enough into the shadows that they can always design some plausible deniability or get cover from a state agents.

Attacks like this have been happening for years, it's just becoming more of a commodity service as opposed to always being nation states. There are even criminal organisations that will do ransomeware as a service for a cut of any ransom.

The real issue is the state of most corporate networks is incredibly sloppy, or pieced together thanks to the need to keep legacy software floating around or just the offloading of access and management to centralized systems where one attack gives access to multiple networks at once.

In many ways, this is just an escalation of the same kind of industrial espionage that nation states have pursued for years, except now it can also be used to not only exfiltrate data, but also to gain money from the fools willing to pay ransom, but not willing to pay to backup and protect their data. Everything old is new again.

Sent from my BlackBerry using Tapatalk

So, in other words, all this talk that Biden is doing is just that, talk? I'm gonna disagree with you on this. I do believe there are things that Joe can do that would help greatly other than a full blown war. If not, we're in big trouble.

[rthonpm]

There are things that can be done politically, but those are never going to solve a technical issue, just morph it to another form. All the feds can really do is enforce, and really enforce, baseline guidance and adherence to it as well as draw a line in the sand in terms of protecting critical infrastructure.

The real meat of what can be done from an offensive standpoint will be just as shrouded in plausible deniability as an attack from another nation state. Just look at Stuxnet years ago, or the REvil disappearance. Countermeasures generally aren't that sexy and rarely make headlines.

My main point has always been that as long as private industry deems it cheaper to operate without adherence to very well documented guidance then there's always going to be a problem. Any idiot with a Shodan account and a list of known vulnerabilities could likely hit some companies with a decent success rate.

I'd fine companies and municipalities that pay a ransom twice what they pay, and it's often cheaper to just rebuild than recover now compromised data.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

There are things that can be done politically, but those are never going to solve a technical issue, just morph it to another form. All the feds can really do is enforce, and really enforce, baseline guidance and adherence to it as well as draw a line in the sand in terms of protecting critical infrastructure.

The real meat of what can be done from an offensive standpoint will be just as shrouded in plausible deniability as an attack from another nation state. Just look at Stuxnet years ago, or the REvil disappearance. Countermeasures generally aren't that sexy and rarely make headlines.

My main point has always been that as long as private industry deems it cheaper to operate without adherence to very well documented guidance then there's always going to be a problem. Any idiot with a Shodan account and a list of known vulnerabilities could likely hit some companies with a decent success rate.

I'd fine companies and municipalities that pay a ransom twice what they pay, and it's often cheaper to just rebuild than recover now compromised data.

Sent from my BlackBerry using Tapatalk

I understand. My only point is that if a government (see dictator) is ultimately behind some of these attacks (and I believe they are) then Biden is gonna have to react in such a way that it'll make them think twice before doing it again.

[SalesServiceGuy]

MORE Alarming Cybersecurity Stats For 2021 !

A new study says by cybersecurity company BlueVoyant shows that the supply chain is a magnet for cyber breaches. “A whopping 97% of firms have been impacted by a cybersecurity breach in their supply chain, and 93% admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain.“ Supply chain cybersecurity breaches have hit alarming percentage of firms: survey | Fox Business

“Supply chain attacks rose by 42% in the first quarter of 2021 in the US, impacting up to seven million people, according to research. Analysis of publicly-reported data breaches in quarter one by the Identity Theft Resource Center (ITRC) found 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors.” ‘Troubling’ rise in supply chain cyber-attacks – Supply Management (cips.org)

For a deeper dive into supply chain cyber issues, please see: Chuck Brooks: Government Focused on Securing the Cyber Supply Chain

“Supply chain issues are being formally adapted into security strategy by the federal government. On May 15, 2019, the White House Presidential Executive order was issued to help secure the supply chain (both public and commercial) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States.”

The remedy to fixing supply chain vulnerabilities is heightening government and industry collaboration highlighted in the policy initiatives, such as NIST, and in task forces on supply chain security established by the Executive Branch. More precisely, it requires enacting a risk management process that identifies vulnerable systems (especially legacy) and gains visibility into all the elements of the supply chain.”


Cybersecurity is all about risk management. The Cyber Risk list below compiled by Fortinet speaks volumes:

1. Cyber RisksIDC predicts there will be 55.7 billion connected devices by 2025, of which 75% will be connected to the IoT. IDC also estimates that IoT devices will generate 73.1 zettabytes of data by 2025, up from just 18.3 zettabytes in 2019.
   
2. Cisco data estimates that distributed denial-of-service (DDoS) attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018.
   
3. DDoS attacks became more prevalent in 2020, with the NETSCOUT Threat Intelligence report seeing 4.83 million attacks in the first half of the year. That equates to 26,000 attacks per day and 18 per minute.
   
4. More than four-fifths of data breaches in 2020 (86%) were financially motivated, according to Verizon’s 2020 Data Breach Investigations Report (DBIR).
   
5. Security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020, according to Dragos Inc.’s Year in Review report.
   
6. McKinsey insight finds 70% of security executives believe their budget will decrease in 2021, which will limit and reduce their spending on compliance, governance, and risk tools.
   
7. Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 DBIR found that 70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering.

[SalesServiceGuy]

• November 26, 2021

IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails.

A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients' devices.

IKEA is warning employees of an ongoing reply-chain phishing cyber-attack targeting internal mailboxes. These emails are also being sent from other compromised IKEA organizations and business partners.

"There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA," explained an internal email sent to IKEA employees.

"This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious."

IKEA IT teams warn employees that the reply-chain emails contain links with seven digits at the end and shared an example email




Threat actors have recently begun to compromise internal Microsoft Exchange servers using the ProxyShell and ProxyLogin vulnerabilities to perform phishing attacks.
Once they gain access to a server, they use the internal Microsoft Exchange servers to perform reply-chain attacks against employees using stolen corporate emails.
As the emails are being sent from internal compromised servers and existing email chains, there is a higher level of trust that the emails are not malicious.


Attack used to spread Emotet or Qbot trojan

The Qbot and Emotet trojans both lead to further network compromise and ultimately the deployment of ransomware on a breached network.

Due to the severity of these infections and the likely compromise of their Microsoft Exchange servers, IKEA is treating this security incident as a significant cyberattack that could potentially lead to a far more disruptive attack.

[SalesServiceGuy]

Log4Shell attack

Does anybody have any idea of how vulnerable a network copier/printer is to this newfound design flaw in many computer systems?

What the Log4Shell Bug Means for SMBs: Experts Weigh In | Threatpost

Apache Log4j is a Java-based logging tool that is used by many companies around the world, either through open source libraries or directly embedded in their software. The Log4Shell vulnerability can be easily exploited for remote code execution by sending a specially crafted request to the targeted system.


The request generates a log using Log4j, which leverages the Java Naming and Directory Interface (JNDI) lookup feature to perform a request to an attacker-controlled server, from which it fetches a malicious payload and executes it.

[rthonpm]

Log4Shell attack

Does anybody have any idea of how vulnerable a network copier/printer is to this newfound design flaw in many computer systems?

What the Log4Shell Bug Means for SMBs: Experts Weigh In | Threatpost

This is an application level flaw, not a computer flaw. I would highly doubt that MFP's are using anything beyond standard Unix logging, especially as log4j is Java dependent, which would add an additional layer of complexity to the very basic embedded operating systems that most MFP's use.

This would be found more in server applications where you may need a more sophisticated logging function for an application.

There's also no way to query the logs of an MFP beyond a simple download, and also no way to actively run commands.

Sent from my BlackBerry using Tapatalk

[SalesServiceGuy]

This is an application level flaw, not a computer flaw. I would highly doubt that MFP's are using anything beyond standard Unix logging, especially as log4j is Java dependent, which would add an additional layer of complexity to the very basic embedded operating systems that most MFP's use.

This would be found more in server applications where you may need a more sophisticated logging function for an application.

There's also no way to query the logs of an MFP beyond a simple download, and also no way to actively run commands.

Sent from my BlackBerry using Tapatalk

Would something like Papercut or Docuware installed on a client's server be vulnerable to this type of attack?

Would apps installed in a copier be vulnerable?

Would Cloud apps like MS365 be vulnerable?

Is Windows 10 installed on a local PC vulnerable?

Toshiba copiers run on a Linux operating system. Is Linux vulnerable?

[rthonpm]

Would something like Papercut or Docuware installed on a client's server be vulnerable to this type of attack?

Would apps installed in a copier be vulnerable?

Would Cloud apps like MS365 be vulnerable?

Is Windows 10 installed on a local PC vulnerable?

Toshiba copiers run on a Linux operating system. Is Linux vulnerable?

The only thing vulnerable is the log4j framework itself. If an application uses it and isn't patched it can be used to run code on the device it's installed on. Beyond that, if there's no Java or Java based applications on a system and no log4j, you're in good shape.

M365 wouldn't be vulnerable since it doesn't rely on or use Java in any manner whatsoever.

I spent most of my Monday wasting my time with a customer who needed to be assured that nothing in his environment was susceptible to exploit. Nothing in the environment was using the framework so there was nothing to worry about.

This is going to hit fringe applications and custom apps more than anything as this is not like Heartbleed where it's a vulnerability in a crucial component of an OS like SSH. This is a developer tool for building logging.

If there's any doubt, check the developers of any third-party applications in a customer environment as it can be hidden in plain sight.

Sent from my BlackBerry using Tapatalk