Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blog post on Thursday. Burt's post says the attacks saw Nobelium gain access to accounts on the email marketing service "Constant Contact" operated …
Russiagate, Russiagate, Russiagate!
Joseph Goebbels: “If you tell a lie big enough and keep repeating it, people will eventually come to believe it."
I quoted Orwell: “Journalism is printing what someone else does not want printed: everything else is public relations.”
Assange, anyone? Craig Murray? Hello?!?
My posting got removed SILENTLY, along with the answers to it. It now shows "Rejected 14 days" in the top right corner of my postings.
Hello 1984. This isn't journalism, this is propaganda.
Your quotes are certainly reasonable but I generally trust El Reg, sure I've had posts deleted too occasionally - nothing odd about that.
Does the apparent (probably) Russian hacking indicate the state of things these days? I am puzzled that we don't hear any reports of Russian and Chinese agencies being hacked ... are the Proud Boys much better at it, or are they still running Windows 3.1? /joke - the fact is that all these media reports normally just tell us what's seems to be happening and how it's being seen.
Orwell spent most of his career warning of the dangers of Russia. Murray and Assange have spent most of the decade preoccupied with Murray and Assange. And you've spent a good portion of your posts on the Reg ranting against the dangers of China in general and Huawei in particular. Overall, it's not a convincing argument.
No idea why you got so many downvotes, most of the awake people know that the USA is very good at self-harming and then blaming an enemy of the corporations
Nobody with a brain, trusts these cunts anymore, UK/US etc
Hey you're always free to post somewhere else dude. That's what freedom of speech and journalism are all about. Why do you still read and interact with a propagandist website, when there are so many free and journalistically independent outlets for you to use?
I think the US and EU should stop companies from offshoring their development to Russia and its client states. Aside from any security risk (which could be mitigated by good QA) this is pumping money into the Russian economy and building up their reserve of skilled coders.
US reveals new security directives for pipelines after
hack
Owners and operators of critical pipelines will be required to report confirmed and potential cyber security incidents
I am shaking in my boots. Y'all hear that? Report confirmed and potential cyber security incidents -- That's the only thing they are required to do. Report confirmed and potential cyber security incidents.
Whew! For a minute there I thought DHS was mandating owners and operators to strengthen cyber security.
I find the notion of Russia installing ransomware on the Colonial pipeline rather odd, if they were capable of gaining access, I would have thought something far more insidious and malicious would have been installed.
Half the time I feel blaming Russia, China, the Norks or any other vaguely nation state hacker is due to embarrassment at having been hacked at all so they have to point at someone who must have had huge resources.
Whoever used the usaid link though would have been looking for intelligence, considering usaid and the NED are often used as fronts for CIA operations.
I find the notion of Russia installing ransomware on the Colonial pipeline rather odd, if they were capable of gaining access, I would have thought something far more insidious and malicious would have been installed
I do not believe the Russian government or intelligence agencies "sanctioned" this. According to the article (DarkSide ransomware crims quit as Colonial Pipeline attack backfires) as soon as the "heat" started coming down on them DarkSide cohorts were "told" to lie low by their host country.
And now here comes the "flip" side: What if the hackers were NOT Russians? What if the hackers were NOT the Chinese? What if the hackers were Iranians or the North Koreans?
Now that is a scenario I really do not want to see in the future.
Users: stop clicking links
Admins: give your users plaintext email.
Or filter out all links that don't point at local intranet, eg. your sharepoint etc or other whitelisted stuff.
Or just have sacrificial mailhosts in the DMZ.
Come on, who's actually working on this shit? And why aren't they actually working on it? Our shared family photo archive is more secure than this bollocks.
This is not going to change until the heads at the top start to roll. That is literally all that needs to happen. If you are in charge of one of these colander like organisations the holes are your fault. Even if you don't know how to fix them yourself, you know how to get others to fix them. It's your responsibility. Step TF up.
"Admins: give your users plaintext email.
Or filter out all links that don't point at local intranet, eg. your sharepoint etc or other whitelisted stuff."
Is a great suggestion and would solve the problem. However the first time a (legitimate) customer sends a link to an urgent order they want to place that is not on a whitelist (their Sharepoint or Google drive for example) and you as the one person who can send it through happens to be off for the day then the stuff really will hit the fan..
Security and useability are always going to be at opposing ends of the see-saw. The trick is getting the blooming thing to balance..
"However the first time a (legitimate) customer sends a link to an urgent order they want to place that is not on a whitelist (their Sharepoint or Google drive for example) and you as the one person who can send it through happens to be off for the day"
Is it? An order is going to be late. Or someone needs a phone call? Or maybe the company shouldn't have had a single point of failure with an important client. I think we may be in 'hard cases make bad law territory here,' anyway - I'd certainly a bit suspicious of a customer that could only place an order by sending me a link at the last minute, because if that doesn't stink of Phish, what does? If the person who sent it can't be reached on the phone for confirmation, is the order even that important?
I agree that security and usability don't always share the same end of the see-saw, but I don't see them as fundamentally diametrically opposite if the appropriate resources are deployed. If I really want to open a link of unknown provenance, I just paste it into a browser in VM I use for that sort of stuff. A typical end user might not be so comfortable doing that but surely it's not impossible for a mail system to replace an external links with ones that connect the user to, for instance, a disposable VM in the DMZ, with a browser pointing to that link? Or maybe just not have all the mail and web clients on exactly the same network as all the company's crown jewels?
I work for a large US corporation (50k+ employees around the globe).
We have a 'Report a Phish' button in our email client (desktop Outlook).
We receive regular test phishing emails from our security people, so I've used the button a few times, and you then get a congratulatory email in return, "Well done, you got it right..." etc.
I received an email one day recently, from an external email address, not corporate, or even a company known to be affiliated with us (I'd never even heard the name before). It had external links, poor grammar, images that were blocked by default, even stating I'd have to log in using my corp email address and global password!
Basically all the hallmarks of a phish, so I reported it (as did quite as few others, I found out later).
A few hours later, I get a email back stating it was a legit email! A few hours after that, a corporate internal email was sent out letting everyone know this was legit and needed to be responded to.
The subject of the original email? '<redacted company name> Secure Accounts Annual Security Awareness training'.
I really really wish I was joking! :-/
A breached Constant Contact account is only a security risk if it has any deliverability... which around here it doesn't.
Unlike Sendgrid and Mailchimp / Mandrill, there is no transactional meat shield that I was aware of.
Besides, I thought all of the respectable US agencies were with GovDelivery?
The damaged was limited because parent company EIG is rabid marketing.
My first experience with EIG was them buying my domain name registrar and adding a ton of spam hosting subdomains without my permission. I blocked all of EIG from my mail server when their abuse contact rejected all complaints as spam because they mentioned EIG hosted domains.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
