News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers

Some items in Blocking and Tackling today.  
The FBI has issued a warning about new network protocols that are being used to launch large-scale distributed denial of service attacks.   

The list includes CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software.

Three of the four (CoAP, WS-DD, ARMS) have already been abused in the real-world to launch massive DDoS attacks, the FBI said based on ZDNet’s previous reporting.

The goal of the alert is to warn of the danger, to allow for investment in DDoS mitigation systems.

The US Cybersecurity and Infrastructure Agency and the UK’s National Cyber Security Center have also issued an alert about the risks of infection faced by QNAP NAS devices if QSnatch malware attacks restart, and the alert outlines the procedures to update.
ThousandEyes has a report on the Cloudflare DNS outage from Friday, July 17, showing the ripple effect of a single misconfiguration.  The full report is in the show notes.

And, Bleeping Computer is reporting on the release of source code by a Swiss developer from companies like Microsoft, Nintendo, Disney, Motorola, and others because of insecure DevOps applications leaving the information exposed.

Why do we care?

Misconfiguration – that continues to be the theme!   More and more the value of providers is obvious in the management and controls of configurations.   You can see in the entire section how this is all configuration – from protocols to the DNS outage to code releases.  

Right now, as a provider I would be focused heavily on tools and process that allow for this.    I think “automation” is a distraction when configuration management is so much more valuable, particularly as these systems move entirely to the cloud and someone else’s core management.    
Source: ZDNet

Source: Bleeping Computer

Source: ThousandEyes

Source: Business Insider

 

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories