Fresh Thoughts #124: Consistency

    Newsletter
abstract oil on water with blue tint

A few months ago, my son's confidence took a hit.
He's been learning to dance for about a year, and it's the time of year for examinations.
Over the last year, he has made some great friends.
But in early April, he was told...
"I'm not putting you forward for your Grade 1 Ballet. You're not ready."

He took it hard for a few days.
His friends were able to do the grading, but he was not.
And - after a week or so - he agreed...
He wasn't ready.

We tracked down his first and most inspiring dance teacher - Tom - to get him back on course.
After a performance, I asked Tom - so my son could hear - "Given the situation, what does he need to be thinking and doing?"
Tom's answer was simple...

"Be consistent.
I'm 22 and have been dancing every week since I was 7.
Every week.
Every month.
Every year.
You see that guy there?
He's 27. He's been dancing every week for over 20 years.
Consistency is all that matters."

These were the words my son needed to hear.
And it caused me to think about two incidents that I had recently reviewed.

Inconsistency Leads to Vulnerabilities

Several months ago, a scammer had used a staff account to send phishing emails.
Oddly, multi-factor authentication (MFA) was enabled for all staff members.
So, it should have been impossible to conduct a simple password-stealing attack.

The vast majority of the staff had activated MFA.
But this individual had continuously pushed enrolment off to the future.
The MFA was enabled but not enforced.
The configuration left room for inconsistency - and that was what was exploited.

Over the weekend, I watched an excellent video explaining how security researcher Sam Curry could control millions of modems connecting Cox Business customers to the internet.

The video and article are technical and provide excellent detail.
In summary, Sam was able to add carefully crafted words to the end of the Cox Business Portal web address to gain complete control over all the customer modems on the network.

In the middle of the article, a tiny detail highlights the most likely root cause of the vulnerability.
When Sam added the words to the web address, it only worked once out of every three or four attempts.
Most of the time, the system - correctly - blocked Sam's attempts.
But every now and then, it leaked information to Sam.

This suggests that several servers were being used by the Cox Business Portal.
And one of them was not configured like the rest...
This allows hackers to bypass security controls and control customers' internet modems.

Again, the vulnerability was the inconsistency of the configuration.

Final Thoughts

In both examples, IT administrators were well-intentioned.
Security controls and safeguards were in place to protect against the known threat from hackers and scammers.
However, the security was applied inconsistently.
And it was inconsistency that was exploited.

When you think about a security control - like MFA - ensure it is consistently applied.
Enforced... rather than just available for those who want to use it.

June 25, 2024
3 Minutes Read

Related Reads

salt marsh

Fresh Thoughts #96: Robust or Resilient?

Robust. Resilient. Words sprinkled into IT presentations and marketing, but what do they actually mean?

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.

Resources

Fresh Security Support

Your Questions

Blog

Fresh Sec Limited

Call: +44 (0)203 9255868