Uni sysadmins, don't relax. Cybercrooks are still after your crown jewels, warns NCSC Cybercrims are still likely to affect universities and other educational institutions online with ransomware, reckons GCHQ offshoot the National Cyber Security Centre. Attacks by online criminals and nation states alike are "rising", the NCSC warned in a report published today. Sarah Lyons, deputy director for economy and …
When the Internet started, the biggest threat was spam mail.
Then the Internet got the ability to manage transactions, so getting user credentials became important.
Now, state-level confidential information is stored on cloud servers or otherwise internet-accessible data repositories, so well-funded actors are looking for ways to infiltrate and monetize that information.
The more complexity we add to our Internet experience, the more attractive that will become to well-heeled blackhats.
The more complexity we add to our Internet experience, the more attractive that will become to well-heeled blackhats. ...... Pascal Monett
The more complexity added to our Internet experience, the greater the need of well-heeled supporters of blackhats and greybeards for attractive feeds and/or destructive and/or disruptive seeds, PM, for an abiding expanding problem program and Persistent ACTive Cyber Threat is dirt poor blackhats and greybeards also finding the well-heeled an attractive target for acquisition/secrets phishing and knowledge sharing.
In a ménage à trois of concise and precise nutshells of an explanation and revelation, here be some evidence for prosecution teams .....
The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country. We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. ... Edward Bernays"Money is only a tool. It will take you wherever you wish, but it will not replace you as the driver." – Ayn Rand
“The most dangerous man, to any government, is the man who is able to think things out for himself…Almost inevitably, he comes to the conclusion that the government he lives under is dishonest, insane, and intolerable.” ..... H.L. Mencken, American journalist
Phishing is highly effective against most organisations, not just universities. Email tools are notoriously difficult to operate safely, and MFA is not a panacea—if an attacker can lure a user to a fake login page under their control, they can MITM most MFA options and still gain access to the user's accounts.
Hardware tokens such as Yubikeys can be proof against such things, but procuring tens of thousands of these is hideously expensive, and has historically presented compatibility problems with common end-user devices.
Yep. Tell me what association of (say) retail shops runs IT security reports on their industry? And makes the results public?
As for password brute-forcing attacks, if you're not seeing them, you're either not looking closely enough or you don't run anything exposed to the Internet.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
