About Us | Contact Us
View Cart

Slammed Again

By Dan Hadaway | Saturday, May 20, 2023 - Leave a Comment

The Evolution of an Inside Term


Used in our Vendor Risk Report
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .


Laptop with a pop-up window that has two buttons that both say yes and the question "Do you wish to report your error?"

Those who audit infotex know that our vendor risk report refers to a couple of our providers as “ransomware companies.” This reference started evolving when a particular organization “slammed” a particular operating system on me. This was in about 2010 or so. Could have been earlier. It was after malware started to become a big thing. It was when we were teaching people to beware of unexpected popup windows, and how to exit them safely.

I had been opting out of a “free upgrade” to an operating system from a particular operating system vendor, for months. I was opting out of this upgrade on a particular personal machine I was using. I was opting out because I used this machine only for one purpose: as a server for my music collection. Every time I would connect the device to the internet . . . primarily to patch the operating system and antivirus . . . a pop-up window would ask me if I wanted to upgrade to the new operating system. One time I even had to click through a set of windows that tried to sell the features of the operating system.

But then one time, when I clicked “no,” the entire window clicked, and it installed the upgrade.

That’s how malware propagated in those days.

Or at least one of the ways.

I fell victim to the very attack vector I had been warning people about. I stupidly clicked on a pop-up window. I trusted that this particular vendor would not use tactics similar to those of the Russian Business Network.

But I was also the person who wrote the vendor management report for our organization. Thus, when we started monitoring this particular operating system vendor, I referred to them as the “malware company.” Years later, when they started denying service until my devices proved they had paid their “ransom,” I changed the reference to “ransomware company.”

All in sarcastic tongue-in-cheek, expressing our frustration with the company whose negligence created our industry.

But guess what? I just fell prey to this approach yet again. A particular device crashed on me due to a particular application. As I was bringing the device up, a window popped up, informing me that the application had crashed the device, and asking if I wanted to “ignore” or “report” the error.

Like an idiot, I clicked “ignore” and noticed that it seemed to report anyway. The whole window seemed to move and disappear. The “ignore” button sure didn’t move. Causing me to wonder, “wait a minute . . .“
After a complete virus scan, a self-scolding, a report to the ISO, and a confirmation that the application was indeed the recipient of the report . . . forty minutes out of my day . . . I wrote this article.

Why . . . why . . . why . . .

If the good guys are going to revert to the tactics of the bad guys, we will lose.


Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex

”Dan’s New Leaf” is a ”fun blog to inspire thought in the area of IT Governance.”


same_strip_012513


 

Posted in Dan's New Leaf

Latest News
    Endpoint Detection and Response and You Webinar-Video In this webinar-Video, we will discuss the advantages, considerations, pricing, and configuration concerns when adding Endpoint Detection and Response to your security posture. If you are using a traditional Anti-Virus/Malware solution, you’ll want to consider adding or replacing it with a comprehensive EDR/XDR/MDR solution for the most bang […]
    R7: 2023’s Top Seven Technology Risks Webinar-Video What are the top seven risks your board should know about in 2023? Since 2006, Dan has been compiling a list of the “top seven risks small institutions are facing,” in preparation for his board presentations. This webinar will present the 2023 list in a manner that you […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX We are excited to announce the addition of William Summers to our team as our new Data Security Analyst. William brings a wealth of knowledge to our organization, and we are confident that he will be an invaluable asset in helping us reach […]
    Yes, the CISO of the Starship Enterprise On AI replacing the business of cybersecurity. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . From time to time, my friends from high school, and even some from college, who have a minimal understanding of the cybersecurity […]
    Artificial intelligence carries risk, but so does organic ignorance … Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . At a recent conference, I noticed two camps emerging in the debate over artificial intelligence. Some people embrace AI as a tool, while others support Elon […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX We are pleased to announce the appointment of Nathan Taylor as our new Network Administrator at infotex.  “We are very excited to have Nathan join our team as a Network Administrator and look forward to his contributions to maintaining and improving our infrastructure!” […]
    about artificial intelligence . . . And who will protect us from it . . .  Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Just watched some press on the the Senate hearings over regulating AI. The normal senator faces, Sam Altman of OpenAI, […]
    The Evolution of an Inside Term Used in our Vendor Risk Report Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Those who audit infotex know that our vendor risk report refers to a couple of our providers as “ransomware companies.” This reference started evolving […]
    Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    New tools could allow unskilled attackers to launch increasingly sophisticated attacks… An article review. Imagine a world where you receive a call from your boss asking you to assist them with something… only it’s not your boss, but an AI being used by an attacker.  This isn’t science fiction, it’s an actual attack that has […]