Travel Advice

Comment: 2021/03/10 - Attack traffic.
BladeSec IA maintain a number of small honeypots and the traffic analysis associated with that isn't normally terribly interesting. It is changing however:-

• There are a lot more attacks from the US than we'd expect. That can be written off to trojaned machines operating as friendly fire.
• The speed that the number of attacks ebb and flow is interesting. We'll see little directed traffic for at most, two days, and then the next day, we can be targetted by up to 15 different networks. Is that a fluke, or is there a brain behind that? Who knows - but it's interesting none-the-less.
• The most recent notable change has happened in the last 24 hours. There has been a widespread unilateral change to an attack vector that supports there being a single brain behind it. We might post some of the names associated with the attacks as they are not as universal as "administrator", "root", "anonymous" or "nobody". It's almost like the organ grinder has launched a new tool, and the monkeys driving it are using their real names!

There doesn't seem to be a day goes by whereby we discover another organisation has been compromised by bad guys. And some of those organisations aren't even on the roadmap for nation-state attacks. What they all have in common is that they are all alleged to be be high-complexity, sophisticated attacks.

And that pings my BS indicator.

For an attacker to perpetrate a long-term, highly sophisticated attack, the payout has to be commensurate. Cyber vandalism, for the most part is about trashing the very low hanging fruit. Hence, whilst I accept that some of those attacks are likely to be from well resourced foreign armies of chaos, there will be another significant number that are just down to bad luck such as not patching in time, not patching fully, having an excuse not to patch, failing to apply a patch, infrastructure complexity, or failing to be able to patch upstream vulnerabilities. None of these are complex attacks, they're down to failing to give appropriate priority to what should be job zero of any given IT department.

It's also worth noting when these attacks are happening. We're at the point where we've largely been working from home for ten months. Organisations, for the most part, seem to have adapted well - but staff training will have taken a hit. Equally, moving the corporate boundaries out to vulnerable home networks won't have helped.

Are all these successful, highly complex attacks by nation-state threat actors just indicative of security atrophy rather than the stated truth? In my experience, the simplest solution is the correct one nine times out of ten.

Comment: 2021/01/02 - Happy New Year!
So this year will mark ten years since bladesec.net was registered. Whilst this year is only beginning, as we get closer to the end of the year, we will look back at the events that resulted in BladeSec IA being formed. I will, however, save the blushes of the folk that had a hand in that!

As usual here is our tongue in cheek look at the last twelve months:-

• Average distance travelled to work: 3 yards - unsurprisingly it's fallen considerably this year!
• Distance to farthest job: 411 miles (in March).
• Most popular colour of facemasks used by staff: Black followed by red.
• Amount of money received for anything other than consultancy: £280 (A refund for an unused train ticket).
• Number of customers assisted in the last twelve months: 5.
• Most interesting place visited: "The Rhoddy Strip", Balbirnie, Fife (whilst armed!)
• Value of donatations to Wikipedia as a result of Travel Advice: £13.
• Value of donations made by BladeSec IA to support other good causes: £245.
• Number of new tattoos sported by BladeSec IA staff: Two.
• Amount of time donated by BladeSec IA staff pro-bono: 6 days.
• Number of redundant BlackBerry phones in the "spare handsets box": 3 (A number were securely disposed of this year).
• Model number of oldest BlackBerry in that box: Pearl Flip 8220.
• Number of pages printed on the office colour laser this year: 187.