Party like a rock star

Kaseya today, __________ tomorrow

Chili Cheese Charlie

Let’s just put it out there. Kaseya got hit – or more to the point, their customers and their customers’ clients got hit. Depending on what article you read or which quote you reference, somewhere around 1,500 customer clients were ransomed.

My mom asked my why does this happen. Short of being an ass, my answer for her was it just does.

But really, the question is why? Why does this sort of thing happen. Or more importantly, how does this sort of thing happen?

If you refer to any movie, there is usually some neck-bearded nerd in a dark room some where, “hacking”. The fact of the matter is this – that isn’t quite how it works.

A majority of devices on the Internet are not just “hacked”. Most hacked systems are a result of user intervention – by phishing or other scams; poor coding; or poor hygiene.

The first thing here is phishing – generally accomplished via email. There are tools available for download for anybody to use to run a phishing campaign. These tools operate in such a way to either gain access, via credential harvesting or malicious payload, to protected systems. Generally speaking, the first point of entry will be email – where we all store a treasure trove of information. You click a link, think you are logging in to your email, and voila – the malicious actor has your credentials. In some cases, although not as common, there is a payload that is delivered to your device to give access to the malicious actor. From here, what can a 3rd party gain access to in your work email? Now imagine somebody with a lot more responsibility than you getting duped…

Poor coding? Simply put, every web site you visit online lives some where. Sometimes, the code on that page uses other code from other pages to make the page look pretty. Perhaps, they use coding to connect to a database server and they did a poor job of securing the code and/or the database server. Perhaps the code that is poorly written lives on your home network device. At any rate, a majority of poor coding mistakes are documented. Malicious actors don’t generally sit down and try to find the code that was poorly written on the Internet. Instead, they have applications of their own that go out and look for specific bad code to exploit. Once it is found, then they may try to gain further access. In the case of a login page – perhaps there is code that gives them access to the local server. On your home device, perhaps they gain access to a web cam.

Lastly is poor hygiene. And that is where most of the issues today can be resolved. What is poor hygiene? For one, not changing the default passwords on your devices that you connect to the Internet. Your printer? Have you changed the password? Your new firewall from Walmart? Your baby monitor? Well, if you don’t know how, it would probably surprise you that for even people that do know how sometimes don’t take the time to do it.

Poor hygiene is also not training your team or not having proper controls in place to protect your company if one of your people get compromised. Poor hygiene can also be not implementing minimum internal controls to ensure that your people know what is expected of them – and this goes for all people in the organization. From training to proper configuration practices, it all contributes to ensuring your company stays as safe as possible.

Lastly, poor hygiene is not updating the software on your devices. Windows. Linux. Mac. IOS. Android. Firewalls. Switches. Access Points. The list goes on and on. The purpose for updating your software is to make sure that any known issues or vulnerabilities are patched and addressed. If you have a device that is out of service or warranty and can no longer get patches – that is on you to fix – and really the Internet community as a whole to protect one another.

Think of it this way. If you live in a house, you probably have doors. If you have doors, you probably have doorknobs and locks. If you have doorknobs and locks, you probably lock them to protect what is inside. If you found out that your lock on your house was not functioning – would you ignore it? Even in a nice neighborhood?

Your network is the same. From the web server hosting your website, to the firewall protecting your physical network, to the virtual infrastructure hosting your business critical applications, to the switches, routers, and access points delivering data to your protected network – every layer needs that love and care. Really, allowing one layer to go bad is a lot like having a rotten onion in your cupboard. It is all bad man.