Skip to main content

Tons of great Sophos research is dropping today which I’ll link in thread. China goes brrr.

I want to give them particular credit for directly talking about the cyber industry elephants in the room, both in the research and during media interviews

e.g. insecurity in appliances, need for industry change, monitoring threat actors through telemetry etc etc.

It’s really refreshing as they’re talking about what is *actually happening* - not all vendors do this.

wired.com/story/sophos-chengdu…

reshared this

in reply to Kevin Beaumont

Kevin Beaumont
Kevin Beaumont

First one news.sophos.com/en-us/2024/10/…

“Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns”

Threat actor calls themselves Tstark (lol) and has an SSH backdoor called libgoat


Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices
Sophos News
in reply to Kevin Beaumont

Kevin Beaumont
Kevin Beaumont

Next up news.sophos.com/en-us/2024/10/…

“Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats”

Lots in there again but big one for me - the threat actor started blocking on appliance telemetry and breaking update process. They also developed patch bypasses.


Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats

Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices
Sophos News
in reply to Kevin Beaumont

Kevin Beaumont
Kevin Beaumont

Another news.sophos.com/en-us/2024/10/…

“Digital Detritus: The engine of Pacific Rim and a call to the industry for action”

Contains lots of bangers from a wider theme.

Digital Detritus: The engine of Pacific Rim and a call to the industry for action

Decades of obsolete and unpatched hardware and software endanger us all
Sophos News
in reply to Kevin Beaumont

Kevin Beaumont
Kevin Beaumont

I’ve worked for two telcos now and one thing I’ll say - China goes brrrr…. a LOT.

If you sell security products to countries of interest to China - eg large populations of Uyghurs, Tibetan nationals etc - you should not be running apache as root on appliances, you should be monitoring telemetry, and your customers (and their customers) are in danger from highly determined threat actors.

The security industry needs to mature and to do that it needs to talk about it and make better products.

in reply to Kevin Beaumont

unicornCoder ☑️ :gnome: :bash:
unicornCoder ☑️ :gnome: :bash:
I don't know if you heard but Canadian government said that India has started ramping up its hacking of Canadians along with misinformation. Reported by the CBC News.
Unknown parent

silverwizard
silverwizard
@catte_salad clone (da_667) @Kevin Beaumont The problem is that CEOs want to buy appliances instead of paying staff. And they buy products the way they buy every product. By how cool the demo looks.
@da_667 @Kevin Beaumont
in reply to silverwizard

daveyk00
daveyk00
@silverwizard @da_667 More than once I've spoken to IT managers and CIO about sql injection vulnerability in their apps and the response is "we will just stick a web application firewall" in front of it rather than fix the code
@da_667 @silverwizard
Unknown parent

lit
lit
@da_667 in addition to that, my beef with cybersecurity is that I‘d really enjoy working on something the customer really wants instead of halfway feeling that they need it, for a change. I keep coming back to FX‘ apt comparison of software industry and drug dealers in terms of product liability. Cyber security software vendors are just an especially impactful flavor of that in terms of negative customer value.
@da_667