 Tommy here from Lauren systems and on January 11th ubiquity ink disclosed that a breach involving a third-party cloud provider had exposed customer account Credentials now a source who participated in that response to the breach alleges ubiquity massively downplayed a catastrophic Incident to minimize the hit to its stock price and that third-party cloud provider claim was a fabrication This all comes from Krebs on security and I will course link to this article and a lot of you have linked me to this Article, but I was already tweeting about it by the way, but this is Catastrophic or is it nice? Okay? Maybe I'm a little jaded but this happened in January of 2021 and they didn't give us a really good debrief It was kind of a vague statement that they were breached but not really what that breach was and the whole fabrication of a third-party vendor being involved sounds more like a Third-party was the way legal department found a way to rename people who hack systems They're a third-party vendor an unannounced vendor who got in our system. I'm not sure it's a really messy situation But let's get out of the way first action items. What do you need to do? What do you need to change on your cloud key or your system? Well, when I did a video about this and when ubiquity made the announcement back in January of 2021 I suggested changing your password and changing your 2FA I hope you did that back in January of 2021 and are not just now finding out about this catastrophic incident And I think we're going to run out of adjectives because this is becoming all too frequent that a company has a catastrophic incident Not just ubiquity being the one we're talking about now But many companies have security breaches and it's kind of exhausting So for those of you saying this is the end of ubiquity No, it's not and it's also We'll be forgotten about in a week when the next company has a catastrophic Whatever average we're using next week is for an incident not downplaying the Catastrophic nature of this or that how bad this was but we'll get more to Some thoughts in a second on that first. What do you need to do change your password second? How does that really work? And what's your security risk if you didn't change your password? Well, the way these work and I'm holding a cloud key in my hand right now with the unify platform They offer a way to self host the controller Now you can run one of these devices or you can download the controller software and manage all the unify platform devices You do not need to with the self host install system register with their cloud system Unfortunately, they made some changes and they force you registration with their cloud key But you're still hosting the controller itself locally But if a third party vendor the hacker or however unify was referring to them these days Had access to all the credentials that would then allow them to if you had your cloud key registered and connected to their cloud system Remotely access things the reason for ubiquity's cloud is not where the data processing happens But it's a bridging system essentially you would like to remotely access when you're not at home or not at your office The unify cloud key or like the unify nvr I have behind me back here when you like to access those you don't have to open up any ports You can but you don't have to you can use the unify cloud system to bridge to get to your locally hosted devices This is actually a big selling point of the ubiquity equipment and not something a lot of other vendors offer This is one of the things that has just kept them really popular is a combination of low price And actually offering on-prem so opposed to controllers as opposed to forcing a lock into their cloud system That may have a fee or may not have a fee and really ties you to that vendor very tightly And whatever that vendor does in their cloud system And of course breaches when a vendor forces you to register into their cloud system are more catastrophic because if that Breach includes their ability to change configurations on firewalls and access points now you have an even bigger catastrophic incident All right. I'm gonna find a different adjective So as long as you change your password you should be fine If you as I said are using these and you have forced the registration to them Yeah, I mean you can still force registration But then disable cloud access and kind of keep these locked down for those of us And this includes me or like my friend Riley over at hostify We choose not to by default connect our self-hosted controllers to the cloud and not having things connected to the cloud Such as the way it's done over at hostify helps reduce your threat surface of this particular problem Now the unify nvr because that question came up a couple times I've seen in a few discussions on this topic that also does connect to their cloud Now the unify nvr is locally hosted like the unify controller system is but the cloud System by unify does allow you to use the app and get alerts once again without opening up any firewall ports So that still could be an issue But like I said, you should have changed your password back in january when the incident was talked about both on this channel Sent out by ubiquity It was all the notices were sent when this happened and changing your password or just not having it cloud connected Which requires you to either vpn in or publicly exposed ports Those are different ways that would handle this that disconnects you from this particular incident from ubiquity Now let's talk about the breach itself and what details krubs has revealed now The details given by the whistleblower as far as what had occurred says they compromise one of the technicians last pass accounts now we don't have details if they compromised it via a Guest password if it was 2fa or maybe they had the 2fa and the last pass on a single device and that device was compromised That detail is kind of missing But that is the source according to the whistleblower that then gave them the single sign-on services to get into aws have access to all of their source code and That is pretty much all we know But that's still a lot more than we knew before provided all this is true This is provided by a whistleblower, but back to me saying krubs has a history of being credible Yeah, this seems pretty reasonable The other problem is and the bigger issue that really occurs here is the fact that this was not disclosed Well by ubiquity breaches happen breaches happen to companies of all sizes Breaches happening to large companies is not even new many fact. It's not even news for 2021. It's so common That's why sometimes i'm a little jaded by all of these And these incidents fall off the radar quickly and fall out of the news cycle quickly not because they're not important But because there's another catastrophic event right around the corner I'm sure by the time you're watching this another one may have already occurred depending on when you're watching this What we really need is a better disclosure model and a better incident response Like a set of rules that these companies need to follow to do proper incident response Because ubiquity is by far not alone in this and I'll even bring up an incident that was all the way back from 2015 and we still don't have an answer from juniper as to how they got backdoored how someone modified code And this was obviously a big deal juniper is a large publicly traded company sells a Very popular in the commercial and enterprise space firewall. You're not talking about some consumer device here They got backdoored and they're still this was an article from june of 2020 where they were saying we want details Six years later. We don't have the details for what happened over at juniper But like I said not just kind of throw juniper under the bus here They're just a among all the companies and I have a link that I can list on wikipedia Which is by far way too short for all the companies that have had large breaches And many of them handled it poorly This is where the bigger issue lies as I said Because well We don't seem to have a good template for doing it and the worst case they do is get some bad press Maybe a little dip in the stock price and uh, everyone forgets about it next week There's not a real solid consequence for their mishandling of this I think that's where we really need to get to if we want to see this situation improve Because you can't just stop the breaches and if you have a salesperson who comes in and says Oh, I have the breach proof system to sell you Please escort that person right out the door because they're full of it. There's a reason we have a lot of burnout in the cyber security world There's a reason we have people kind of at their wits end who try to protect these companies Because it's really really tough breaches happen. It's how we handle those breaches and the response is given to that breach and how we Notify customers how we Do things to mitigate it how we look at the systems and how they got breached and how that is repaired because sometimes It doesn't even involve Something you did wrong. It could be a third party vendor or a software update that caused this So there's a lot of ways to get in that's always going to happen It's how we handle it and we almost need someone to force the hand of these companies and Seeing as these are publicly traded companies I mentioned it seems like it would happen at some point There's already a law firm that I did tweet and they're just out for well Class action lawsuit law firm. They're the just diving into the litigious nature of it Hopefully that'll create enough noise that more people will notice and at least we can get some details And exactly what happened and of course the better answer what we're going to do to not have it happen again That's what I want to hear from really any company. It was breach. This is what occurred This was how that incident You know was a break broken down inside the company and this is what we're going to do to not have that happen again I look at fire I as a great example of when a breach happens at a company Especially being that fire I as a security company. They're handling of it was well quite good They broke it all down. They gave us lots of details They also went on a full investigative rant that led us to the solar winds Incident that we discovered in december of 2020 and led to a lot of investigation And to how that happened and how to stop it from happening again. That's a Optimal result. It's not that we can stop the breaches, but like I said, we can respond to them in a better way That creates a better ecosystem So I will leave links to the things I talked about in this video the krebs article junior particle If you're interested the links of companies over in wikipedia that are breached it is by far Too short and if someone has a better list of all the companies and maybe mishandling it So we can keep them in the news cycle a little bit longer and make people think differently about security But unfortunately until there are some real changes to the way governance is handled with these companies And there's actual consequences for them mishandling of breaches They're gonna happen again. They're gonna be handled poorly again until there's a reason not to all right. Thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to laurance systems.com And click on the highest button right at the top to help this channel out in other ways There's a join button here for youtube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links and descriptions of all of our videos Including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly So check back frequently And finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you. In the meantime check out some of our other videos