Regarding All the Cisco Security Warnings

Started by deanwebb, December 30, 2020, 09:47:07 AM

Previous topic - Next topic

deanwebb

The Cisco security newsfeed is VERY active of late. Yes, it is connected to the SolarWinds breach.

Part of the Cisco security alerts are for recently-discovered breaches. The other part are for additional things they found as they scrambled to make sure they could keep their gear in the Federal space.

I can assure you that they are NOT the only vendor going through such exercises. They just happen to be highly visible here because they do a good job of maintaining their security feed.

What should you do? Get those updates and patches, ASAP. Even if the patch is for a vulnerability that requires authenticated access or some other level of access that normally only goes to trusted insiders, get the patch applied. The reason why is that no company is too small to be potentially exploited as a pivot in the overall digital supply chain.

If all we had to deal with were script kiddies or garden-variety crooks, then a big firewall, IPS, email attachment sanitizer, and proxy server would pretty much do the trick. But we're instead also dealing with groups that have an endgame that involves something other than lulz or a cash shakedown. Those groups want to get into sensitive locations and haul away all the information that they can.

Some of these groups are criminals.

Some of these groups are your business competitors.

Some of these groups are state-sponsored actors.

But they will all be persistent and diligent in trying to crack through small-time parts and services providers in the hope that they can use those resources to get a crack at the bigger, juicier information targets. Even a small shop with no direct connection to a sensitive organization can offer an indirect route... or it can have its IT resources pwned and utilized for in-country data exfiltration or as part of a DDOS network that can launch attacks to provide cover for more sensitive operations. I've worked with more than one customer that had a DDOS and malware outbreak go off in order to wipe out evidence of a long-term APT that was done gathering information. Want to eliminate evidence? Drop a grenade where the crime was committed, easy.

There will be lots more patches to roll out in the days and weeks to come, from all software and hardware vendors. Get your gear brought up to standards. I'd argue that a limited business outage is worth the risk on an upgrade, compared to the worse situation of having one of those criminals, competitors, or foreign governments get control of your network and its endpoints.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.