@WOWCare *cough* WOW!, Frontier is restarting their fiber rollout in St Pete - I just a flyer in the mail.
Your service died at 10:30am in Wednesday well before high winds took out the majority of Duke’s customers who lost power in Pinellas…
@WOWCare Hey WOW! is there some hypercritical node in Pinellas that is without power that you’re waiting on? If so we can watch the Duke Energy power outage *maps* to know when YOU might restore service. Outage maps help set expectations. Tweeted platitudes like yours above do not.
@AdrienneRoyer@100111@briankrebs US gov can’t use data w/o authority. Private sector can use data unless explicitly outlawed. Profit driven data usage by private sector is more concerning to me on the whole. 🤷♂️
but throw away the decryption keys making recovery close to impossible. On the surface it would be indistinguishable from criminal actors being patriotic hactivists.
Separately what data has been stolen but never released? Could Russia weaponize that unreleased information?
Russia had no reason to take steps to placate US on cyber front given troop buildups since last fall. Instead scooping up these criminals gives Russia access & plausible cover. Access to victim networks not yet ransomed & data already stolen, plus use of crimeware kits that 1/
put the fingerprint of the criminal gangs on it instead of the Russian government. Note I didn’t say it would be the criminals on the keyboard. NotPetya tried for a thin veneer of looking like ransomware. This time they could use ransomware & existing access to launch attacks 2/
@jasonhillva Good to see the U-5 continue the tradition of publishing this data. Interesting to see adversaries pivot from OLD endpoint CVEs to new(ish) network access CVEs. 3-5 year old OS and 3rd party app vulns were the norm for several years!
@HelloTwittyNYC@NicoleBeckwith I miss my DefCon crew! We’re from all over so it’s the one time of year we are guaranteed to be in the same city at once. *fingers crossed*
Omg... people think I’m joking. This is not a joke. Look at all the other incident responders quote tweeting and replying to me. Lots of people just didn’t know where the software is in use- particularly in their industrial / operational / automation environments.
Dragos VP of Threat Intel @cnoanalysis spoke with @NBCNews cybersecurity reporter @kevincollier on the extent of the #SolarWindsHack. "Most organizations still lack the basic visibility to even assess whether they were compromised or not." Full story: https://t.co/Wudbfqbodw
@JoeUchill@ryankaz42@sawaba And now you see the likely long term impacts from this breach! Near term worry: code modification. Long term: what vuln insights did they gain? Also did they pull the same trick (code theft/modification) w/downstream victims of Solarwinds breach?
@ryankaz42@sawaba@JoeUchill 2/2 Sometimes malicious code insertion gives you simultaneous access to many victims to help you leapfrog your CNE operations. No need to independently target victims when one victim (Solarwinds) can do it for you.
@ryankaz42@sawaba@JoeUchill ah but why insert malicious code when you can analyze the stolen source code for vulns! Build exploits you can use for years of fun (or profit)! Code adulteration is a 1 trick pony compared to theft enabling multiple exploitation campaigns. 1/2
@grantunderland @malanalysis @hacks4pancakes Airgaps have to be designed w/ assumption that human nature will overtake policy & process. Must design making approved data transfer stupidly easy when appropriate lest they create their own workarounds. All airgapped envs need maintenance.
@secbern @kodefupanda@jennypotts We once hired a junior slot for our team @ AOL. One candidate stood out not because of correct answers during interview but her note taking of questions that stumped her. A drive to learn is so crucial.
@cbrick@jeffmcjunkin@dpendolino@strandjs That and problem solving skills that come from being a sysadmin! I’ve found people w/ strong critical thinking skills are awesome in security & most good sysadmins happen to be solid critical thinkers.