Seriously, security issues!

I have seen several security issues inside a *redacted* company, just because they think “it’s fine, no one cares about our machines.” and suddenly got rekt by ransomware.

DO NOT EVER (unless necessary) OPEN YOUR PRODUCTION SERVICES TO THE INTERNET!!! IPv4 range is relatively small compared to abundant amount of bots that scans the open and active IP all the time. You will be a target sooner or later. You can relax for a bit if the open one are not in any way critical or connected to one. But SERIOUSLY, this is a security issue! You should recheck which one should and must open to the internet, and which one that don’t really need to be. And if you have something open to the internet, I really recommend you to have like proxy or DMZ that scans and filter any poop that might come with the legit requests. That’s why in big companies that has critical assets, they will pour money for Security Operations Center to monitor and alert everyone if there is a breach and something wrong with security. They have a reason. Even they with the SOC still can be breached, so why wouldn’t you be one?

And you should have DMZ too! Ransomware do not cherry-pick its victims. If there is an opportunity, they WILL use it against you. The really basic thing you can do if you’re in a small scale environment is just firewall everything on your computer, make sure that only trusted services can contact the outside world. Many threat actor will try to inject your service with bots to be a Trojan or “agent” to be used for pawn inside your computer.

You got that? Yeah? Cool, now turn off that VPS that you use for like 10 minutes two months ago.

Leave a Reply

Your email address will not be published.