If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!
Merry Christmas to all hackers
A list of tips and different presents to make your life easier and things you can give to your random hacker.
Since the use of MFA (Multi Factor Authentication) takes a lot of time from your productivity, why even enable it? Just trust that everyone doesn’t use the same password everywhere and that who logs on are friendly and you will be fine… Do hackers hack or do they log in?
Why should you even bother using MFA on external services, it's so much easier to use a password that is easy to share amongst your colleagues… and hackers. Would it really be that bad to have your company Instagram or LinkedIn taken over?
Gifts for everyone
Set up a Windows server with a network interface on internet, then enable RDP, Remote Desktop Protocol (or is it Ransomware Deployment Protocol?). Within a few minutes your random hacker will start to knock on that server and try to logon. And why not give every wannabe hacker out there the chance to get into your network? An unpatched and unprotected server out on the internet is a perfect gift for the hacker community. Another nice present is to forward ports from your firewall to some server on the local network.
You do not need to remember simple passwords
Complex passwords are hard to type so just use a simple one instead. This can be a bonus for the local admin account on the RDP-enabled server but can also be used on all sensitive accounts. And if you forget the password there are nice tools that can test thousands of passwords within a few seconds. And by using a password in wordlist makes it even easier to figure out that password you forgot.
Domain Admin is cool
Domain Admin is cool and switching accounts is boring. Why not make it easy for yourself and be Domain Admin with the account you always use. Why even bother to implement a tiering-model or have account separation, by just using the same accounts everywhere it's so much easier to move around in the environment without the need to authenticate and all that fancy stuff. And do not even think about starting a PAW or Bastion… those machines are so boring and hard to manage, life as a Domain Admin is much easier without those.
Links are meant to be clicked
If someone sends you a link it's meant to be clicked, so why not just do it. Safe Links and similar services just take time and gives you irritating warnings.
Keep your legacy protocols
Kerberos just sounds strange to pronounce and everything works just fine as it is. Why should we even consider removing NTLM when it just works. The upside with NTLM is that if you forgot a password, it’s easy to just use the NTLM-hash to logon. Even better is to keep the same password for the KRBTGT-account forever, a lot easier to just grab that NTLM-hash and create golden ticket so you have a master key whenever needed. And while you are at it, enable WDigest Authentication. It makes it so much easier to retrieve that missing password.
The one with most plugins wins
If a website wants you to install a plugin to your browser, it’s probably just to make your life easier. No one would even consider adding tracking or password theft ability to a friendly plugin.
Sharing as backup
If everyone uses the same admin account there is no risk of losing the password, it is called backup. And as a bonus, your boss can’t really see who did a change in the environment outside of the boring change process. Another easy way to remember the passwords is to use the default’s that came with the product. If you forget it, the password is just one Google away.
Just plug it in
If you find a USB-device out in the parking lot, just plug it in to your computer to see who owns it. There is probably a document or some executable you can run to see who owns it. The same goes for these funny USB-enabled toys you get sent to you. Since it’s Christmas you will probably just get a friendly and funny meme shown, who would even think about arming those with a malicious payload?
If it works – Don’t patch it
Do not keep up to date with security patches. The risk of installing patches on a system that works might even give you unwanted work, just keep it as it is. Who would even think about using a security flaw to attack your company?
Just crack it
That software you just need for a short time and do not want to pay the license fee for, just download a license key generator or crack for it, you might even be lucky to find a torrent with an already cracked installer. It’s just software you need for a short time, and no one would event think about adding some payload to those cracks or generators.
Sharing is caring
These new cool cloud apps out there are for sharing, so why not use them? The easy way is to share your company data on multiple platforms. And as a bonus you can even share the data with whoever you like no matter what the company policy says. And when it comes to internal Team’s, why not open them up to everyone so you don’t have to manage access rights and this boring stuff. No one would ever share that information somewhere else, or would they?
Relax during the holidays
Since people are especially nice around the holidays and no one is in the office you can lower your guard and give your MDR a few days off. No hacker would think about using the holidays to attack someone, hackers are nice, friendly and just works from nine to five on business days. And if you’re not working within IT… Just kick back, relax and click away, keeping up the security posture is someone else responsibility.
Btw, hope you all realize that this post contains lot of irony. 😀
Happy Holidays to you all and stay safe out there!