How long is your backup!

Computers screensRestoring backups can take some time! A number of years ago we had a NAS die on us. That was ok because we had it backed up on tape! (you know where this story is going?) Well the restore worked ok, and we were lucky because we could grab what we needed and then worry about the rest later…. but it took well over a week (and a lot of stuffing tapes into a machine) to get that thing  up and running again.

I helped a friend back up her laptop the other day – we used a usb3 drive that had an ssd installed – it took about an hour to restore 6-7 hundred gig’s worth of data. How much data do you have?

One element of contemporary Cyber Security is to have multiple backups so that if you don’t want to pay all that bitcoin to the bad guys, you just start with a new machine (or wipe the old one, if your brave enough) and start from backup.

The problem is of course is that if your whole network or 70 of your machines are now large bricks? How long is that process going to take and how much human power are you going to need to get things running again? Not to mention the cost.

A couple of things to consider is Cyber liability insurance. (although this is still not going to help if your public reputation is part of the issue)

A very good disaster recovery plan that is regularly tested and paid for as part of the on going company budget. The frustrating thing of course is that we hope that you never need this (just like dental work) we hope that things are going to be just fine and all. But hey – stay safe on the inter-webs people…. and maybe consider how long that backup / restore process takes.

If you want to read more about the horrors of being hacked and ransome ware and further discussion of the backup process this article from Brian Kerbs is well worth the read.

 

https://krebsonseurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/

The Darkside

Ransomware, the stuff of your worst nightmares. It seems as if this is getting very serious. The Darkside is a group of hackers that have recently caused a lot of pain. For example in the US the Colonial Pipeline has been shut down – that’s 5,550 miles of pipe for the oil industry. Meanwhile in Washington DC police are also subject to ransomware – they have allegedly offered $100,000 dollars – apparently this was not enough! So not only are they locking up all those machines they are also sifting thru all your data, and exposing that infomation on the net, using it as an extra point of leverage.

As noted in the Kerbs article. “Security firm Emsisoft found that almost 2,400 U.S.-based governments, healthcare facilities and schools were victims of ransomware in 2020”.

How do you defend against this? So there is a few ways to approach this – one is to air-gap and remove mission critical computers from the internet. Think about it, that payroll machine? That set of servers that run the production plant? Do they really need to be on the internet 24 /7 ? May be you have one cable that you physically connect when and only when you need to (to run OS software and security updates). Maybe you set up a seperate airgaped network for that server and the network of production machines. Silo those machines. 

Anti virus software. Use it but configure it so it doesn’t stop your functionality. This can sometimes feel like a black art, and it’s often hard to get the balance right but it is a good idea for a lot of users. 

Backup your files. You have that latest pitch? Is it backed up? Can you restore it? Do you know how long it would take to re build your server? Those 20 machines that are the core of your company? Knowing this and the cost of the emergency rebuild process is something that you should be on to. 

Get rid of those very old machines! If you have an old machine that’s never been updated it’s a huge risk vector. Spend some time and money now before it costs you big time.

Use your firewall /s! This is a great starting point, if your activley monitoring things use that info – put it back into your firewall. Do you have a mcahine build you maintain? Why not use that firewall info in your machine builds?

What ever you do “Have a plan!” A cyber security plan.

Being able to protect and if necessary re build you network from scratch is one way of beating these crooks – but if you start looking into the detail of what’s involved it’s scary stuff. Stay safe on the interwebs people!

 Related reading – Darkside hack
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

https://en.wikipedia.org/wiki/Colonial_Pipeline_cyberattack

https://www.intel471.com/blog/darkside-ransomware-colonial-pipeline-attack

Washington DC Police
https://www.vice.com/en/article/5dbgbk/washington-dc-police-allegedly-offered-dollar100000-to-hackers-to-stop-leak

From my Spells book No2 The ls command

So the simple “ls” command is one we use often but like many nix commands you may not delve into it other than basic usage. ls -1 is interesting as it gives a directory list in one column of text – this can be great if you want to pipe it into a search or another collection of commands.

  ls -1
3245
340598
453.tx
asdf
bb.txt
d9e8rh.txt
qwer
sdfew.sh

ls -f is also useful as it creates a sorted list

  ls -f
ls -f
	3245		453.tx		bb.txt		qwer
	340598		asdf		d9e8rh.txt	sdfew.sh

Combining the 2 commands is also possible ls -f -1

  3245
340598
453.tx
asdf
bb.txt
d9e8rh.txt
qwer
sdfew.sh

On one level the above is fairly simple stuff, but it’s the combination of these lego like commands that suddenly become very useful and powerful over time.

xeuledoc

xeuledoc is a tool (hacking?) that can determine the owner of a google doc and often the name and email are available. I’ve been testing it and it seems to work well! Although it seems to only work with publicly shared documents.

The interesting thing is that you may not want your name and email address available to every one! Ever shared info via a google doc? You may be exposing at least your name and email to people who are unscrupulous – might be time to think about all the docs you may have shared! Is it a good thing that your email address and name are linked to this data?

It also seems to work with the “Security setting” anyone who has this link. It will be interesting to see if google “fix” this, and how long it might take.

Note this above example is included in the application as published by its owner.

Github link to application
https://github.com/Malfrats/xeuledoc

Apparently it can also work on
Google Docs – Google Spreadsheets – Google Slides – Google Drawning – Google My Maps – Google Apps Script – Google Jamboard