Security Scene: October Edition

Subscribe for more like this


By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer

Security Scene illustration with lock

Ah, October. Time to begin thinking about what Halloween costumes your children will change their minds about wearing at the last minute … and about whether or not they’re going trick-or-treating, and maybe you can build a remote treat delivery tube …

Let’s begin this month with a hat tip to our friends at Temple University, who have created a repository of ransomware attacks on critical infrastructure. “An analysis of the data currently shows that government facilities were the most targeted type of critical infrastructure — followed at a distance by education and healthcare — and Maze was the most common ransomware strain.” For our NREN members especially, that’s a big ouch. The data includes information about attack duration, ransomware family, and the ransom itself.

The Internet Society has released a toolkit aimed at protecting the ideal holistic growth and operation of the Internet. In Critical Property 2, they discuss the importance of using secure building blocks such as TLS instead of having individual developers create their own mechanisms; in Critical Property 3, they touch on well-trod points about routing security such as protecting against malice and human error. They have also created an infographic about regulatory threats to the Internet. Interestingly, they say in the section where the define the critical properties of the internet, “By taking a collaborative approach to routing, the Internet relies on peer pressure and community action to resolve issues — and resolution usually occurs very quickly once the community has identified the problem.” The MANRS initiative has, indeed, made some pretty quick progress – it would be fantastic if the rest of the Internet followed their lead!

In our working group meeting on September 16th, we discussed the Ripple20 attack on PDUs. The Treck IP stack that’s vulnerable has been used in a number of different products over the almost-two-decades since it was developed — including a number of third-party libraries that are then integrated into a wide variety of IOT devices. Several participants noted that they don’t scan PDUs or other embedded devices for vulnerabilities due to licensing limits. I’d encourage you all to give serious consideration to scanning at least your datacenter PDUs, temperature sensors, and other things you don’t think about very often. Ripple20 is a serious vulnerability with multiple paths to remote code execution.

Here’s this month’s survey! We got four respondents in August and three last month. It’s just a fun little survey, y’all!  Three questions this month.

Related articles and blogs: