ITOps: Horror Story Edition

It’s that time of year again: the days are getting shorter, leaves litter the sidewalk, and Halloween is just around the corner. We love a good ghost story at Automox, but we're not talking about werewolves and witches’ brew. Our IT Operations & Security team is spinning up tales of something much more sinister...

Grab some candy, gather close, and brace yourself for some ITOps horror stories.

“At a former employer, I was working with a customer who got hit by some nasty attacks and I noticed they had hundreds of thousands of network connections per second. Analyzing the traffic, there were 90% RDP connections from everywhere across the globe - it was like all of earth had remoted into their environment. I determined this was the original point of entry. When I brought up the issue, they simply stated, 'Oh we left that open for ease of access for our IT team.' Oh, it was easy to access alright.”

“One of the companies I worked for in the early days used to detonate malware on the corporate network every day, with no network segmentation. They told me it was fine because they were using NAT'd Linux VMs on a Windows host.

The same company used the free version of Skype for a 200 person company… They asked us all to use our personal emails to sign up.”

“At a previous company, I was working on a project to tune out false positives from malicious activity alerts and someone also working on the same project decided: why not just curate a list of all directories with FP and bypass EVERYTHING from those directories? It was 720 line items long and would have robbed us of visibility into the environment. It included things like Powershell scripting, remote desktop/admin tools, etc. We would have been dead in the water to any adversary. I tried to convince him we couldn't do good security by blanket-allowing everything, but he got really far up the chain before he finally got shot down.”

“At a previous employer, I was troubleshooting an issue with our enterprise NOC and we were stepping through firewall configs to troubleshoot the issue. The junior tech I was speaking with told me they had explicit rules for email based on the naming of the rule. Turns out the rule was actually ANY/ANY. The tech did not understand that this rule allowed ANYTHING and not just what was in the rule name.”

“At another previous employer, there was a poorly written security requirement that required us to scan every IP rather than every device. When this feature was first rolled out, the person running our scanner did not segment out scanning of the network devices. Within a few minutes, he had managed to over run AAA and cause our core firewall cluster to crash.”

“When I worked in an informal consulting capacity, lack of security awareness was the bane of my existence. I discovered malicious Word macros and Excel macros documents in the environment with base64 encoded commands that successfully executed additional malware. When I looked into spread and prevalence, I noted it was likely spread via email, and assessing the endpoints in scope, they seemed to be coming only from the IT/SecOps team. When I asked about it, someone from the team stated, ‘Oh yeah I got a doc and clicked on it, but it didn't do anything so I sent it to the rest of the (IT/SecOps) team for them to test it.’”

Shudder. Good thing they’re just old scary stories.

Wait, they are just stories, right?...

About Automox IT Operations

Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.

Demo Automox to see how you can immediately gain effortless command of your endpoints.

Dive deeper into this topic