RiskyBiz: Corporate-Funded Front, Publishing Tool of Microsoft and the 'Fake Security' Industrial Complex (Trying to Fix What Lacks an Incentive to Fix)
They say they're here "to help"... but they will shoot you in the back for some back doors (and profits)
THE article of this morning is the outcome of internal collaboration and it primarily seeks to point out that RiskyBiz (RB) is not a news site. It's mostly propaganda and it's important to remember who funds it (and what for). It is, in some sense, like Security Boulevard.
Our discussion began due to this spin about ransomware, which is primarily a Windows issue (over 90% or over 95% of ransomware targets Windows, depending on who surveys the whole lot). "It is shockingly high," said an associate regarding ransomware payments, "not low."
As I saw this claim in another site (claiming that payments have dropped) it is likely that this propaganda is rather pervasive, even if there are no good observations, science and facts to back that up. As our associate put it, "that any of them pay is too many [because] paying only funds better resources to expand the scope of the attempts."
So now there's this shadow "industry" - a highly rewarding (they're profiting a lot!) and growing "industry" - thriving due to Microsoft's software being so sloppy (Microsoft profits more from this sloppiness, but at whose expense?).
"RiskyBiz's recent episode fawned over Microsoft," the associate said, "and how it was so large as to be effectively its own nation state with which agencies have no choice but to make a deal with."
We generally try to avoid linking to that site (RiskyBiz or RB for short) as it employs Microsoft moles like Mr. Winterford [1, 2]. A lot of what we saw there in the past was pure lies, often for Microsoft.
"I generally avoid it," the associate noted, "except to track what the bullshitters are bullshitting about. It is occasionally useful to know what garbage they are pushing so that one can push back."
"Such as in the case of Microsoft being unavoidable. It can and should be avoided, and there are lots of ways to do that."
We reckon that their principal sponsor in that site will walk away when they don't meet traffic expectations.
"RB seems to be able to get Australian politicians for interviews," the associate recalled, "and Gray spend a week or so schmoozing with NSA IIRC. RB is unlikely to go away due to the large amount of money sluicing through it each quarter."
Well, maybe Microsoft too is funding it with its considerable debt, but we've mostly noticed the name of other companies that sell 'security'. Search for "This episode sponsored by Push Security" and "This episode sponsored by runZero" (we'd rather not link directly to that site).
We can hope they will vanish, at least by not linking to them. Given the lack of visibility of that site in the past year, we suppose that they probably have very little real traffic and nowadays boast to their sugar daddy about "FACEBOOK FRIENDS" (and such).
"RB are bullshitters," the associate concluded, "to be sure."
They don't promote real security, they just try to sell it like a separate "product", just like Microsoft does (see below). █
Last week, CNBC gave me a chance to discuss Microsoft’s Friday-night news dump of a new breach by Russian intelligence services, in which I called for more details from Microsoft so that other organizations could defend themselves.On January 25th, we gained a bit more transparency in the form of a blog post from “Microsoft Security”, the commercial security division of Microsoft. Let me offer some reactions.
[...]
Microsoft is using this announcement as an opportunity to upsell customers on their security products, which are apparently necessary to run their identity and collaboration products safely!
This is morally indefensible, just as it would be for car companies to charge for seat belts or airplane manufacturers to charge for properly tightened bolts. It has become clear over the past few years that Microsoft’s addiction to security product revenue has seriously warped their product design decisions, where they hold back completely necessary functionality for the most expensive license packs or as add-on purchases.
While these two arrogant and circumspect posts do, at least, admit “the urgent need to move even faster” in securing their products, I would argue that Microsoft has a much deeper cultural problem to solve as the world’s most important IT company.
They need to throw away this poisonous idea of security as a separate profit center and rededicate themselves to shipping products that are secure-by-default while providing all security features to all customers. I understand the need to charge for log storage or human services, but we should no longer accept the idea that Microsoft’s basic enterprise offerings (including those paid for by the US taxpayer) should lack the basic features necessary to protect against likely attacks.
My current employer competes against some of these products, but if Microsoft did a better job by default then that would actually reduce the need for SentinelOne and other security vendors to provide basic safety protections.
For all the language about the sophistication of the SVR hackers behind this attack, there is nothing here that is outside the norm for ransomware groups attacking Microsoft technologies, and Microsoft customers of all sizes should be concerned that these techniques will be deployed against them if they do not pay extra for the secure version of Microsoft’s cloud products.