23
June
2021
Security Scene: June 2021 Edition
By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer
Estimated reading time: 2 minutes
Well, it’s summer, and things are starting to get back to normal in many places. Living in a college town, we typically see fewer people outside in the summer because many of them have gone back home, but I was driving yesterday and was surprised by just how many people are out and about. It’s starting to feel more like a real town again!
In a move that’s both surprising and not surprising, Norton is adding cryptocurrency mining to its products. If you’re like me, you read that sentence and assumed that you just skipped over the word “detection.” You did not. They’re literally turning their antivirus products into crypto miners.
The Colonial Pipeline attack in May was accomplished by compromise of a disused, but not disabled, VPN account that was protected only by single-factor authentication. We know how important multifactor authentication is these days, but how confident are you that none of your accounts have slipped through those cracks?
I was also interested in how they were able to recover most of the $4 million ransom money that Colonial Pipeline paid. Bloomberg has a good story about it. Turns out it’s not too different from chasing actual laundered money, although there are probably a lot more midpoints involved with crypto.
ARIN is trying something of a “scream test” at an unannounced point in July. They’re taking down their RPKI service for about half an hour to test that networks are configured to fall back to using unvalidated routing announcements. The best practice as recommended by RFC7115 is to accept unvalidated routes, though this behavior can be changed. Do you think your network will be affected, or do you think you’ll even notice the outage?