Yesterday it was reported that both TalkTalk and Post Office broadband customers have had their online access cut by an attack targeting certain types of internet routers. A spokeswoman for the Post Office told the BBC that the problem began on Sunday and had affected about 100,000 of its customers. Talk Talk also confirmed that some of its customers had been affected, and it was working on a fix. It is not yet known who is responsible for the attack. (It would also appear that local telco KCOM in Hull suffered similar problems last Saturday.)
In the light of these developments, Andy Green, a senior technical specialist at Varonis, comments: The lessons that should be learned from these ongoing Mirai attacks is just how vulnerable we were as a result of our own IT laziness. Sure, we can excuse harried consumers for treating their home routers and IoT gadgetry like toasters and other kitchen appliances – just plug it in and forget about it. So what excuse do professional IT types have for this rookie-level behaviour?
Not much! Unfortunately, default-itis still plagues large organisations. As long ago as 2014, the Verizon DBIR specifically noted that for POS-based attacks, the hackers typically scanned for public ports and then guessed for weak passwords on the PoS server or device – either ones that were never changed or were created for convenience, “admin1234”. This is exactly the technique used in the Mirai botnet attack against the IoT cameras.
Even if hackers use other methods to get inside a corporate network (phishing, most likely) they can still take advantage of internal enterprise software in which defaults accounts were never changed. For those organisations who think that the Mirai botnet incident has nothing to with them, or have to convince their board of this, here are two points to consider.
1. The lesson of the Mirai botnet attack is that the perimeter will always have leaks. For argument’s sake, even if you overlook phishing scenarios, there will continue to be vulnerabilities and holes in routers, network devices, and other core infrastructure that allow hackers to get inside.
2. Human nature tells us that IT will also continue to experience default-itis. Enterprise software is complicated. IT is often under pressure to quickly get apps and systems to work. As a result, default accounts and weak passwords that were set for reasons of convenience – thinking that users will change the passwords later – will always be an issue for organisations.
You have to plan for attackers breaching the first line of defences, and therefore have in place security controls to monitor and detect intruders. In a way, we should be thankful for the “script kiddies” who launched the Mirai botnet DDoS attack: it’s a great lesson for showing that companies should be looking inward, not at the perimeter, in planning their data security and risk mitigation programs.
This is Urban Fantasist
Barrister and Reuters correspondent turned writer, award-winning tech journalist, radio presenter, podcaster, blogger, storyteller, and sometime werewolf-hunter Charles Christian is here to inform and entertain you with tales of writing, radio, geek, tech, media, music, folklore, and the weird. The site also has links to all Charles Christian's books including fiction, nonfiction, and the latest reviews. Plus links to his weekly Weird Tales and Smart Radio shows.
The Latest Podcast
Episode 45 of the Weird Tales Radio Show meets a mysterious cloaked figure – the Shadowcaster – who takes us on a walk along the haunted lanes of old Norwich. And we also look at the obscure life of that obscure Saxon saint St Tibba.
Follow this link to access episodes of the Weird Tales Radio Show podcast. The page contains links to all our other podcast platforms. Click the player button below to hear latest show.
Hear Charles Christian on Smart Radio
The Midweek Late Lunch
Wednesdays 2:00pm to 4:00pm (UK)
The UK Chart Toppers Show
Sundays 2:00pm to 5:00pm (UK)
and on mobile...
Apple iOS App: Smart Radio GY
Android App: Smart Radio GY
TuneIn Radio App: Smart Radio GY
Weird Tales Podcast Links
The Urban Fantasist website is now averaging over 5000 page views daily and 150,000 page views a month plus over 6000 unique visitors each week.
Tel: 44(0)1986 788666
"Listening to your wonderful show now. I love the stories! Wonderful concept. Great work."
"Charles Christian defiantly makes my world a brighter, funnier place."
"Wonderful show tonight full of all the usual delights we've come to expect."
"The legendary Charles Christian at his eclectic best... his insight and humour alone make this a must-read blog."
"Charles Christian is my inner spirit animal, thank you for making me laugh."
"the funny, wonderful and slightly cantankerous Charles Christian"
"Carlsberg don't make clients, but if they did... they'd be Charles Christian"
"His tech journalism is always witty. He has a talent for pricking the overblown claims of suppliers."
"Charles Christian does awesome!"
Charles Christian's Books
Can I copy content from this site?
Yes... providing you properly credit it. Urban Fantasist content is licensed under a Creative Commons Attribution 3.0 Unported License which means it may be shared, copied, remixed or used commercially as long as Urban Fantasist or the Weird Tales Radio Show are cited as the source.
This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.Opt Out of Cookies
Copyright © Charles Christian
& WordsandVision Limited 2018
Tel: 44(0)1986 788666
Urban Fantasist - infotainment fuelled by green tea and dark chocolate
Contact Address: Oak Lodge, Darrow Green Road, Denton, Harleston, Norfolk IP20 0AY, United Kingdom
Until the next time you visit Urban Fantasist... Stay well, Stay weird, Stay different
GDPR: By completing the Weird Tales newsletter form you opt-in to our emailing list. The only personal data we store is your email address, which is kept in a secure digital format. We will not share, sell or disclose your email address to anyone... ever! You can unsubscribe at any time by emailing firstname.lastname@example.org