BadRabbits, corporate hack back, and nation-state targeting of our critical infrastructure. It's been a busy week:
- A pirate's life for me: With the new ACDC hack-back bill (as usual, Congress' acronym game is strong) in consideration on the hill, the public debate on whether private companies should be permitted to hack back is heating up again. Every new rash of breaches seem to lead back to the question of why companies can't send out private cyber-forces to bring the Internet to heel. To this day, I stll haven't heard a strong argument, grounded in actual proposals, for how hack back by private corporations would make anyone safer (indeed, the evidence suggests it would have destabilizing, unproductive effects). Still, silver bullets always look tempting (as in: if only companies could hack back, our problem with breaches would finally go away!). Here's hoping we all figure out that this bullet is just plain old lead before Congress takes any rash steps.
I'm reading: "Offensive security: The pros and cons of hacking back." [Editor's Note: 11/20 update - Author has deleted story.]
- Follow the white rabbit: BadRabbit has picked up the torch left by notPetya and WannaCry, hitting systems in many countries, with a particular focus in Ukraine and Russia. Analysis continues to confirm that BadRabbit is essentially an improved form of notPetya, and is made especially dangerous (as with all of this type of ransomware) because of how rapidly it can spread. Although each of these threats has relied on slightly different methods to cross the perimeter (BadRabbit seems to prefer a fake Adobe Flash update), it's telling that all use strikingly similar methods for propogation. Our networks are radically overconnected inside the perimeter (most environments that I have analyzed use less than three percent of the potential connections they permit between interior systems). As long as this continues, threats like BadRabbit will only get worse.
I'm reading: "BadRabbit Technical Analysis."
- Nice electric grid you've got there ...: DHS and FBI recently issued a joint alert that they were seeing an uptick in nation-state targeting of U.S. critical infrastructure. This increasing threat shouldn't be a surprise to anyone, but the fact that DHS and FBI chose now to highlight the danger suggests that the threat is only getting worse. It's always important to be careful about the overuse of the term "attack" in this context – it's a word with specific meaning in the physical world that doesn't always translate well to the network – but even if foreign nation states are only establishing "access" to our infrastructure for future use, we should all recognize the serious threat that poses.
I'm reading: "DHS, FBI issue warning and details concerning on-going ICS attacks on power, aviation sectors."