Krebs Whistleblower Says Ubiquiti Breach was “Catastrophic”?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

I added Ubiquiti's response which was not available when I made this to the pinned comment in the video. TL;DR; they don't deny it and don't offer any insights into if they fixed their security issues.

👍︎︎ 3 👤︎︎ u/lawrencesystems 📅︎︎ Apr 03 2021 🗫︎ replies

Didn't care, don't care, won't care. Subscribers and drama= attention seekers media (...). If someone really wants to break in and is a real pro, you will NEVER know. The rest is nothing, not important, never will be.

👍︎︎ 1 👤︎︎ u/krisdeb78 📅︎︎ Apr 04 2021 🗫︎ replies
Captions
tom here from lawrence systems and on january 11th ubiquity inc disclosed that a breach involving a third party cloud provider had exposed customer account credentials now a source who participated in that response to the breach alleges ubiquity massively downplayed a catastrophic incident to minimize the hit to its stock price and that third-party cloud provider claim was a fabrication this all comes from krebs on security and i'll of course link to this article and a lot of you have linked me to this article but i was already tweeting about it by the way but this is catastrophic or is it nice okay maybe i'm a little jaded but this happened in january of 2021 and they didn't give us a really good debrief it was kind of a vague statement that they were breached but not really what that breach was and the whole fabrication of a third party vendor being involved sounds more like a third party was the way legal department found a way to rename people who hack systems they're a third-party vendor an unannounced vendor who got in our system i'm not sure it's a really messy situation but let's get out of the way first action items what do you need to do what do you need to change on your cloud key or your system well when i did a video about this and when ubiquity made the announcement back in january of 2021 i suggested changing your password and changing your 2fa i hope you did that back in january of 2021 and are not just now finding out about this catastrophic incident and i think we're going to run out of adjectives because this is becoming all too frequent that a company has a catastrophic incident not just ubiquity being the one we're talking about now but many companies have security breaches and it's kind of exhausting so for those you think this is the end of ubiquity it no it's not and it's also it will be forgotten about in a week when the next company has a catastrophic whatever average we're using next week is for an incident not downplaying the catastrophic nature of this or that how bad this was but we'll get more to uh some thoughts in a second on that first what do you need to do change your password second how does that really work and what's your security risk if you didn't change your password well the way these work and i'm holding a cloud key in my hand right now with the unifi platform they offer a way to self-host the controller now you can run one of these devices or you can download the controller software and manage all the unified platform devices you do not need to with the self-host install system register with their cloud system unfortunately they made some changes and they force you registration with their cloud key but you're still hosting the controller itself locally but if a third-party vendor the hacker or however unified was referring to him these days had access to all the credentials that would then allow them to if you had your cloud key registered and connected to their cloud system remotely access things the reason for ubiquiti's cloud is not where the data processing happens but it's a bridging system essentially you would like to remotely access when you're not at home or not at your office the unifi cloud key or like the unifi nvr i have behind me back here when you'd like to access those you don't have to open up any ports you can but you don't have to you can use the unifi cloud system to bridge to get to your locally hosted devices this is actually a big selling point of the ubiquiti equipment and not something a lot of other vendors offer this is one of the things that has just kept them really popular is a combination of low price and actually offering on-prem self-hosted controllers as opposed to forcing a lock into their cloud system that may have a fee or may not have a fee and really ties you to that vendor very tightly and whatever that vendor does in their cloud system and of course breaches when a vendor forces you to register into their cloud system are more catastrophic because if that breach includes their ability to change configurations on firewalls and access points now you have an even bigger catastrophic incident all right i'm gonna find a different adjective so as long as you change your password you should be fine if you as i said are using these and you have forced the registration to them yeah i mean you can still force registration but then disable cloud access and kind of keep these locked down for those of us and this includes me or like my friend riley over at hostify we choose not to by default connect our self-hosted controllers to the cloud and not having things connected to the cloud such as the way it's done over at hostify helps reduce your threat surface of this particular problem now the unifi nvr because that question came up a couple times i've seen in a few discussions on this topic that also does connect to their cloud now the unifi nvr is locally hosted like the unified controller system is but the cloud system by unify does allow you to use the app and get alerts once again without opening up any firewall ports so that still could be an issue but like i said you should have changed your password back in january when the incident was talked about both on this channel sent out by ubiquity it was all the notices were sent when this happened and changing your password or just not having it cloud connected which requires you to either vpn in or publicly exposed ports those are different ways that would handle this that disconnects you from this particular incident from ubiquity now let's talk about the breach itself and what details krebs has revealed now the details given by the whistleblower as far as what had occurred says they compromised one of the technicians lastpass accounts now we don't have details if they compromised it via a guest password if it was 2fa or maybe they had the 2fa and the lastpass on a single device and that device was compromised that detail is kind of missing but that is the source according to the whistleblower that then gave them the single sign-on services to get into aws have access to all of their source code and that is pretty much all we know but that's still a lot more than we knew before provided all this is true this is provided by a whistleblower but back to me saying krebs has a history of being credible yeah this seems pretty reasonable the other problem is and the bigger issue that really occurs here is the fact that this was not disclosed well by ubiquity breaches incidents fall off the radar quickly and fall out of the news cycle quickly not because they're not important but because there's another catastrophic event right around the corner i'm sure by the time you're watching this another one may have already occurred depending on when you're watching this what we really need is a better disclosure model and a better incident response like a set of rules that these companies need to follow to do proper incident response because ubiquity is by far not alone in this and i'll even bring up an incident that was all the way back from 2015 and we still don't have an answer from juniper as to how they got back toward how someone modified code and this was obviously a big deal juniper is a large publicly traded company sells a very popular in the commercial and enterprise space firewall you're not talking about some consumer device here they got backdoored and there's still and this was an article from june of 2020 where they were saying we want details six years later we don't have the details for what happened over at juniper but like i said not just kind of throw juniper under the bus here they're just a among all the companies and i have a link that i can list on wikipedia which is by far way too short for all the companies that have had large breaches and many of them handled it poorly this is where the bigger issue lies as i said because well we don't seem to have a good template for doing it and the worst case they do is get some bad press maybe a little dip in the stock price and uh everyone forgets about it next week there's not a real solid consequence for their mishandling of this i think that's where we really need to get to if we want to see this situation improve because you can't just stop the breaches and if you have a sales person who comes in and says oh i have the breach proof system to sell you please escort that person right out the door because they're full of it there's a reason we have a lot of burnout in the cyber security world there's a reason we have people kind of at their wit's end who try to protect these companies because it's really really tough breaches happen it's how we handle those breaches and the responses given to that breach and how we notify customers how we do things to mitigate it how we look at the systems and how the operation how that is repaired because sometimes it doesn't even involve something you did wrong it could be a third party vendor or a software update that caused this so there's a lot of ways to get in that's always going to happen it's how we handle it and we almost need someone to force the hand of these companies and seeing as these are publicly traded companies i mentioned it seems like it would happen at some point there's already a law firm that i did tweet and they're just out for well class action lawsuit law firm they're the just diving into the litigious nature of it hopefully that'll create enough noise that more people will notice and at least we can get some details and exactly what happened and of course the better answer what we're going to do to not have it happen again that's what i want to hear from really any company it was breach this is what occurred this was how that incident you know was a break broken down inside the company and this is what we're going to do to not have that happen again i look at fireeye as a great example of when a breach happens at a company especially being that fire isa security company their handling of it was well quite good they broke it all down they gave us lots of details they also went on a full investigative rant that led us to the solar winds incident that we discovered in december of 2020 and led to a lot of investigation into how that happened and how to stop it from happening again that's a optimal result it's not that we can stop the breaches but like i said we can respond to them in a better way that creates a better ecosystem so i will leave links to the things i talked about in this video the krebs article junior article if you're interested the list of companies over on wikipedia that embraced it is by far too short and if someone has a better list of all the companies and maybe mishandling it so we can keep them in the news cycle a little bit longer and make people think differently about security but unfortunately until there are some real changes to the way governance is handled with these companies and there's actual consequences for them mishandling of breaches they're going to happen again they're going to be handled poorly again until there's a reason not to all right thanks and thank you for making it to the end of this video if you enjoyed this content please give it a thumbs up if you'd like to see more content from this channel hit the subscribe button and the bell icon to hire a shared project head over to lawrences.com and click on the hire us button right at the top to help this channel out in other ways there's a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly so check back frequently and finally our forums forums.lawrentsystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thank you again and we look forward to hearing from you in the meantime check out some of our other videos you
Info
Channel: Lawrence Systems
Views: 49,788
Rating: 4.8962312 out of 5
Keywords: lawrencesystems
Id: OVQkS2Tk13w
Channel Id: undefined
Length: 11min 40sec (700 seconds)
Published: Wed Mar 31 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.