SolarWinds attacker on the move: Russia's Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft Russia's Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against …
Neil Barnes,
"The casual observer might carelessly conclude that you think the Russians are behind all this..."
And the casual observer would be 100% right !!! :)
Could you believe any such actions would be allowed in Putins Russia ???
The only way they could be continuing is that Putin and his friends are 'allowing' it to continue ..... because it is in fact 'Putin and his friends' who are behind it !!!
It serves 2 useful aims:
1: It annoys the west and causes a lot of useful wasting of time & resources.
2: It obtains a 'small' amount of 'Pin money' that can help grease palms around the world to facilitate chasing so called enemies and accidentally pushing them in front of trains etc. As per SOP.
I guess its good they don't know about this newly identified issue at all DOCSIS cable co's. It starts with discussions and then a MSO insider lets loose about the "maintence network connects EVERY device on the DOCSIS network and has no security. Its like a 16 million port switch tied to the LAN side. Modems are handing with SAMBA access... FIrmware is security from the 1990s'. All DOCSIS networks worldwide are WIDE OPEN to attack.. So now we just wait for a MSO to have all its CPE taken over and ransomware is called into action with 16 million set top box computers fully taken over by a worm in a hour and now scraping the clients networks for data and attacking the MSO. https://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion~start=9780
Are you surprised? If a high turnover min wage call centre operative can perform a remote reset/reconfig then yeah the maintenance network will be wide open.
Just about all firmware sucks at security, and I'm pretty sure there was a bot net arround the time of stuxnet hitting the news that mainly comprised set top boxes and modems and spread by sftp (might have been ftp or samba) ...
It's the main reason I will always provide my own terminating hardware and not do anything but recycle what ever crap the isp sends out. That and you can leap frog to 2nd line support when they can't follow any of the script, failing that you need to get them to try and guess which layer of the osi model we are talking about then inform them they are not qualified to accept your answer and to escalate it...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
