Top | |
Newsletter 02/06/2022 | Back to Contents |
You know what I hate... ,
This post was originally intended to be one of my meager attempts at humor
using a bit of
this article as a jumping off point. But the
notion that tens of millions of PCs and other devices are probably
already infected with stealth malware that cannot be removed just ain't
all that funny given the state of the world in the macro; and, in the
micro, that the IT industry itself is a big part of the bigger problem.
Another major global IT services company has itself been hacked.
So if the big IT guys are constantly getting hit, there are no good
defenses against a coordinated focused cyber attack for us mere mortals. It is naive
to think otherwise.
Researchers have discovered 23 "high-impact vulnerabilities"
affecting any vendors that adopted Independent BIOS Developers (IBV)
code into their Unified Extensible Firmware Interface (UEFI) firmware.
That's right. Like Log4j, another open source 3rd party
software application, that has been integrated into the systems of
hundreds of different manufacturers of different products, has a
vulnerability that in the real world of digital commerce is not going to
be fixed — and probably cannot be fixed. The result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. In the report, CISA detailed recent attacks on municipal water systems here in the US. WWS Sector cyber intrusions from 2019 to early 2021 include:
On January 24, 2022, the DHS released a paper discussing the imminent threat to US water systems in the event of a Russian invasion of Ukraine. “Russia maintains a range of offensive cyber tools that it could employ against U.S. networks that make everything from planes to hospitals to dams and bridges operate." is how USA Today reported it. Paul Rosenzweig, a former senior Homeland Security official, told USA Today that: “In a globally connected world, conflicts are no longer geographically isolated. As DHS is warning, Russia may respond to U.S. actions in support of Ukraine by using offensive cyber tools against U.S. networks.”. “We have seen how vulnerable American systems are – think of the criminals who disrupted gas pipelines and meat packing last year. Now imagine that an angry Russia decides to take it to the next level – wastewater treatment; agriculture; transportation are all potential targets.” If that isn't indicative of a slow burning global war, then I don't know what would be.
The Russian cyberwar is a global effort. It employs millions of
infected devices into its botnets. Cities all over the west are
being brought to their knees by cyberattacks that for the most part
originate in Russia. Enter into all this chaos comes the pandemic
and its tentacles are also being yanked on by Russian misinformation
specialists. The stresses and strains on the social orders of the
western democracies are becoming apparent. Twenty years ago a fist
fight on a airplane among the passengers was both unthinkable and
unheard of. Now it's an everyday occurrence. Useful idiots abound. |
|
There are about a dozen variations of this comic circulating around the
Internet that I have seen. This is my favorite. No, I do not
envision myself as that one guy. This is comedy and parody.
There isn't just one guy holding it all together. But there are far
fewer guys and gals trying to hold it all together than there are
miscreants trying to bring the entire structure down. The point
of the comic is our modern digital infrastructure is not built upon any
plan, blueprint, or schematic. Much like the hoarder's kitchen
table, our digital infrastructure is just one individual mess piled upon
another. And when that one peg holding the whole mess together finally
breaks, the entire edifice comes tumbling down. And maybe a vast chunk
of American society along with it. None of this is theoretical now. Log4j is still very much a global problem. As Microsoft reported January 10, 2022, In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware. And the fallout from Log4j is still impacting the real lives of real people. If you doubt this, ask anyone who works for the very, very posh Ritz-Carlton Hotel at Lake Tahoe, who haven't been paid since December. And December though March would be the height of the ski season, now wouldn't it be? And that is just one example. What I am about to say and close with is not because I want to sell you a PC. If every person reading this would all of a sudden contact me and say, Gerry, Get me a new PC, please! I would not be able to procure enough product of the type of product I want to sell. I got my own ongoing supply chain issues. And, if you have purchased new computer gear in the last 18 months or so, or you intend to make a purchase soon, I salute your patriotism and love of country. But, on the other hand, for Christ's sake, it's not like you are being asked to storm a beach while running headlong into machine gun fire. |
|
If you will not replace that old PC — and you have the means to do so;
If you will not replace that old router — and you have the means to do so; If you will not at least get off your ass and talk to your ISP about replacing that 10 year old DOCSIS 2.0 modem with a shiny new, faster and more secure DOCSIS 3.x modem; Then I will call you what you are. At best, you are a useful idiot. At the worst, you are a communist sympathizer.
Well, I quit my job so I could work all alone
Bob Dylan, Talkin’ John Birch Paranoid Blues Gerald Reiff |
Back to Top | ← previous post |