"Enterprise" edition that cost $550 for six months of "unlimited VIP support."
Sounds like a bargain compared to certain vendors - how do I sign up ?
Not to make you paranoid, but that business across the street could, under certain conditions, serve as a launching point for Russian cyber spies to compromise your network. Using what it described as "a novel attack vector … not previously encountered," threat intel and memory forensics firm Volexity reported it's spotted …
The GRU (alleged) attack on the Organisation for the Prohibition of Chemical Weapons comes to mind. If your attackers are sufficiently motivated they'll just come to your wifi network in person. With ransoms and espionage as it is I think that's already a meaningful attack vector to consider for many organisations.
Outsourcing that physical presence to someone else - consensually or not - is a natural next step, not very complicated, and will in fact often be easier, but it's still not completely obvious until you've started thinking about it.
Bluetooth, even NFC, too of course. If you're in a multi-tenant office building the attacker could be on the other side of a partition wall. A problem that's surely only going to get worse.
Who hasn't packed a laptop and directional antenna into a car and gone on a quest to see how far away from your office
Ah, you said your office, but-
"Volexity's investigation reveals the lengths a creative, resourceful, and motivated threat actor is willing to go to in order to achieve their cyber espionage objectives,"
Indeed. So AlphaGoo got in a little trouble when they packed that kit into their cars, then roamed around generating maps of WiFi networks. Now, they've gone one better and these creative, resourceful and motivated threat actors have shrunk their WiFi sniffing capabilty so people willingly carry them around in their pockets, on their wrists etc. Plus of course TIA.. I mean AlphGoo etc also map businesses, device IDs, OSs, firewalls etc that are in use, and have communications devices already inside target networks.
But we can trust our tech companies.. can't we? I guess there's some reason why security conscious companies ban wireless devices inside their premises, which may or may not include the land around them.
We seem to be seeing more and more, alleged, Russian activity in the last few years..
Is this actually verifiable or just propaganda, please ite sources ? It's an honest question, I would actually like to know how much of this is real.
If it is real should I also presume that we are doing the same elsewhere ?
How about: "threat intel and memory forensics firm Volexity"
Never heard of them. What do they selll? Weasels?
...it's spotted what it believes to be the APT28 Kremlin-backed threat actor targeting one of its clients
The idea of using an insecure network to jump across to a secure network is older than Alice & Bob's grandparents, and almost certainly pre-dates 'threat intel' businesses trying to flog you $9,999 a month services that state the bleedin obvious.
I monitor our FI firewalls and have the team block malicious IPs nearly every single day.
95% of the attacks (non-stop) are Russian gang Stark Industries. They buy up IPs and ranges by the millions. They mess with who is tables to mislead what country the IPs are in to mess with GEO blocking, but have IP's in likely every country. They have a couple other companies too, but Stark Industries is their biggest brand. Govs should be blackholing their IPs - if they really cared that is.
why yes, yes we do
Why no, no you don't...
They buy up IPs and ranges by the millions
Which isn't supported by the article cited. It mentioned a few /20s, which are 4,096 IP addresses. And it's also not unusual and why the Spamhaus project was invented in the first place. But it might also have overlooked the biggest threat to their business-
https://en.wikipedia.org/wiki/Stark_Industries
Given the MCU is owned by the Mouse, and the Mouse is notoriously litigious. Which might end up being a solution to this particular problem, and Disney ends up seizing any of the IP ranges claimed by Stark. But it's also nothing new, and pretty much a repeat of this problem child-
https://en.wikipedia.org/wiki/Sanford_Wallace
where El Reg gets an honorable mention, and again why Spamhaus sprang into being. Plus that had an ISP who's name escapes me providing Spamford with hosting, and claimed 'free speech' and was almost de-peered by a lot of ISPs.
Wireless networks in corporate environments are supposed to be protected using 802.1x. This access protocol authenticates users before allowing them on the network. Users employ the same credentials -- traditionally username/password but it could be anything -- to log onto the network and if they're permitted the provision of keys for wireless encryption is automatic. Access points capable of managing this security often have a way of steering unauthorized -- visitor -- to a DMZ outside the corporate network proper.
This mechanism isn't novel, its been in Windows since Windows 2000 for example, but for some reason people just don't seem to understand how to deploy it. I worked at one place, for example, where they were still using MAC address authentication in the 2010s.
Yeah, on the basis that a trademark was infringed by the fake sites. It's kinda tenuous as it seems to be a Linux Foundation mark that's affected, and MSFT helps bankroll the foundation. Thus Microsoft gets be involved.
But at least some bad sites got closed down. MS routinely does this, using trademark law to take over fraudulent sites with a court order.
C.