Certifications and qualifications
Why choose BladeSec IA?
News and comment <
Products and ServicesTypical work
Terms and conditions
Equality and diversity statement
Latest news and comment.
Comment: 2021/03/10 - Attack traffic.
BladeSec IA maintain a number of small honeypots and the traffic analysis associated with that isn't normally terribly interesting. It is changing however:-
Are we currently at "cyber-war"?
There doesn't seem to be a day goes by whereby we discover another organisation has been compromised by bad guys. And some of those organisations aren't even on the roadmap for nation-state attacks. What they all have in common is that they are all alleged to be be high-complexity, sophisticated attacks.
And that pings my BS indicator.
For an attacker to perpetrate a long-term, highly sophisticated attack, the payout has to be commensurate. Cyber vandalism, for the most part is about trashing the very low hanging fruit. Hence, whilst I accept that some of those attacks are likely to be from well resourced foreign armies of chaos, there will be another significant number that are just down to bad luck such as not patching in time, not patching fully, having an excuse not to patch, failing to apply a patch, infrastructure complexity, or failing to be able to patch upstream vulnerabilities. None of these are complex attacks, they're down to failing to give appropriate priority to what should be job zero of any given IT department.
It's also worth noting when these attacks are happening. We're at the point where we've largely been working from home for ten months. Organisations, for the most part, seem to have adapted well - but staff training will have taken a hit. Equally, moving the corporate boundaries out to vulnerable home networks won't have helped.
Are all these successful, highly complex attacks by nation-state threat actors just indicative of security atrophy rather than the stated truth? In my experience, the simplest solution is the correct one nine times out of ten.
Comment: 2021/01/02 - Happy New Year!
As usual here is our tongue in cheek look at the last twelve months:-
Click here for older News & Comment.