Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.
The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.
Here are some trends and predictions for cyber security in 2020:
Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.
IoT security: IoT security is still getting worse until it starts to get better. IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.
IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.
Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.
Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA 70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.
Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.
Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.
Security First: Implementing Cyber Best Practices Requires a Security-First Approach. Competing in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.
Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devices. Zero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.
Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.
Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacks. Microsoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.
Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.
Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.
API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.
Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.
Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.
Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination. Amnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”
5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.
5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.
DNS Over HTTPS (DoH): DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.
Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.
Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.
Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.
Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.
Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.
Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.
Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.
False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.
Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.
Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fix. There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams. The preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.
Ransomware: Cybercriminals have become more targeted in their use of ransomware. It is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.
Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.
Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.
Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.
DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago. DNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%. Mobile Devices Account for 41% of DDoS Attack Traffic.
Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.
Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.
New encryption: The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.
Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.
2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.
Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.
Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices. If back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.
2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.
Myth of sophisticated hacker in news: It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.
New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.
Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.
RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.
Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data stores. All organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.
Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.
Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.
Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.
Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.
World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.
Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new. SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.
Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and software. Chinese government to replace foreign hardware and software within three years. Who needs who more?
International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.
Sources:
https://pentestmag.com/iot-security-its-complicated/
https://isc.sans.edu/diary/rss/25580
https://www.securityweek.com/case-cyber-insurance
https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/
https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636
https://pacit-tech.co.uk/blog/the-2020-problem/
https://www.theregister.co.uk/2019/12/09/dronesploit_framework/
https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/
https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext
http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759
https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/
https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/
https://www.securityweek.com/case-cyber-insurance
https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/
https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/
https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/
https://github.com/dhondta/dronesploit/
https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/
https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
https://www.eff.org/wp/behind-the-one-way-mirror
https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks
https://www.is.fi/digitoday/tietoturva/art-2000006342803.html
https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/
https://www.wired.com/story/sobering-message-future-ai-party/
https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1
https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/
https://www.schneier.com/blog/archives/2019/12/scaring_people_.html
https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html
https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/
https://www.bbc.com/news/amp/world-australia-46463029
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/
https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://edri.org/facial-recognition-and-fundamental-rights-101/
https://techcrunch.com/2019/12/10/insider-threats-startups-protect/
https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore
https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/
https://chiefexecutive.net/bridge-cybersecurity-skills-gap/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html
https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk
https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/
https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/
https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/en/documents/pol30/1404/2019/en/
https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk
https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers
https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows
https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand
https://www.helpnetsecurity.com/2019/11/19/successful-soc/
https://www.securityweek.com/making-network-first-line-defense
https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure
https://www.securityweek.com/transitioning-security-driven-networking-strategy
https://www.theregister.co.uk/2019/11/16/5g_iot_report/
https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections
https://www.securityweek.com/fears-grow-digital-surveillance-us-survey
https://www.kaspersky.com/blog/attack-on-online-retail/31786/
https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach
https://securelist.com/advanced-threat-predictions-for-2020/95055/
https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597
https://www.cisomag.com/the-future-of-ai-in-cybersecurity/
https://www.ibm.com/security/artificial-intelligence
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/
https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/
https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/
https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity
http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista
http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan
http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali
https://www.is.fi/digitoday/tietoturva/art-2000006316233.html
https://www.cyberscoop.com/apt33-microsoft-iran-ics/
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/
https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid
https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/
https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/
https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens
https://www.wired.com/story/iran-internet-shutoff/
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/
https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7
https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom
1,468 Comments
Tomi Engdahl says:
FBI and CISA warn of major wave of vishing attacks targeting
teleworkers
https://www.zdnet.com/article/fbi-and-cisa-warn-of-major-wave-of-vishing-attacks-targeting-teleworkers/
The Federal Bureau of Investigation (FBI) and the Cybersecurity and
Infrastructure Security Agency (CISA) have issued a joint security
advisory on Thursday, warning about an ongoing wave of vishing attacks
targeting the US private sector. Vishing, or voice phishing, is a form
of social engineering where criminals call victims to obtain desired
information, usually posing as other persons.
Tomi Engdahl says:
Physical locks are less hackable than digital locks, right? Maybe not:
Boffins break in with a microphone
https://www.theregister.com/2020/08/21/spikey_paper_acoustic_lock_pick/
A computer scientist at the National University of Singapore claims to
have demonstrated how recording the sound of a lock turning can be
sufficient to make working replica keys. In March 2020, Soundarya
Ramesh, a third-year PhD candidate at the National University of
Singapore, published a paper [PDF] co-authored by security researcher
Harini Ramprasad and Professor Jun Han on the topic of
“acoustics-based physical key inference”.
Tomi Engdahl says:
‘Next-Gen’ Supply Chain Attacks Surge 430%
https://www.darkreading.com/application-security/next-gen-supply-chain-attacks-surge-430-/d/d-id/1338717
As commercial and enterprise software developers become more
disciplined about keeping their open source software components
updated to reduce the risk of software supply chain attacks, the bad
guys are getting craftier: Researchers warn that they’re over-running
open source projects to turn them into malware distribution channels.
Tomi Engdahl says:
74 Days From the Presidential Election, Security Worries Mount
https://www.darkreading.com/risk/74-days-from-the-presidential-election-security-worries-mount/d/d-id/1338728
With pandemic measures continuing and political divisions deepening,
security experts express concern about the security and integrity of
the November election. Spamming post offices with letters that feature
a specific bar code to reset sorting machines. Creating fake reports
that immigration and enforcement officers would hit certain polling
places. Hacking into a COVID-19 test database and increasing the
number of positive cases.
Tomi Engdahl says:
How 25 Dice In A Box Solve The Secure Password ConundrumIntroducing
DiceKeys
https://www.forbes.com/sites/daveywinder/2020/08/22/how-25-dice-in-a-box-solve-the-secure-password-conundrum-introducing-dicekeys/
Want to create a master password that’s not only almost impossible to
crack but easy to recall? Just roll the dice… There are a
confusingly large number of problems with passwords, of that there can
be little doubt. Password reuse across services that shoots holes in
your security posture when, almost inevitably, just one of those
services gets breached being among them. Recent research revealed
there are more than 15 billion stolen logins available on the Dark
Web, from 100,000 such breaches, which is why I, and many other
security-oriented folks, recommend the use of a password manager.
Tomi Engdahl says:
Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in
Common?
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
I’m glad you asked. I’m always interested in trends and reviewing the
activity capture by my honeypot over this past week, it shows that no
matter what port the RDP service is listening on, a specific RDP
string (Cookie: mstshash=) might be sent to any ports to find out if
it is listing for this service.
Tomi Engdahl says:
2020 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
The 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous
Software Weaknesses (CWE Top 25) is a demonstrative list of the most
common and impactful issues experienced over the previous two calendar
years. These weaknesses are dangerous because they are often easy to
find, exploit, and can allow adversaries to completely take over a
system, steal data, or prevent an application from working.
Tomi Engdahl says:
Why you should always scan UDP ports (part 2/2)
https://medium.com/bugbountywriteup/why-you-should-always-scan-udp-part-2-2-42050fb136d8
We finished part 1 having gained unprivileged access to a host in a
new network. Afterwards, we wanted to gain privileges to continue.
This is how we did it.. Part 1:
https://medium.com/bugbountywriteup/why-you-should-always-scan-udp-ports-part-1-2-d8ee7eb26727.
In this story well see how we exploited snmp vulnerabilities, used a
Jenkins console to call a reverse shell, bypassed firewall rules,
worked around AppArmor and exploited bash injections to escalate
privileges, amongst other things.
Tomi Engdahl says:
It’s a cybersecurity vulnerability that would have been unimaginable as recently as last year: A single California-based company, Zoom, is now the foundation for education access from elementary school up through graduate school. It has also become a critical tool for many businesses. When Zoom goes down, teachers can’t teach, students can’t learn, and business meetings, conferences, and webinars grind to a halt.
Zoom is now critical infrastructure. That’s a concern
https://www.brookings.edu/blog/techtank/2020/08/27/zoom-is-now-critical-infrastructure-thats-a-concern/
It’s a cybersecurity vulnerability that would have been unimaginable as recently as last year: A single California-based company, Zoom, is now the foundation for education access from elementary school up through graduate school. It has also become a critical tool for many businesses. When Zoom goes down, teachers can’t teach, students can’t learn, and business meetings, conferences, and webinars grind to a halt.
That was demonstrated in dramatic form on Monday, August 24 when a widespread outage blocked many users from accessing Zoom.
Without information regarding the details of how Zoom’s systems are designed and protected, it’s hard to identify the greatest sources of risk for future service interruptions. But the fact that the August 24 incident occurred at all underscores the possibility that future service outages, whether due to a systems failure or to a cyberattack, could leave classrooms and business meetings shut down for much longer.
There’s nothing new about dependence on digital technologies, which underlie several of the Department of Homeland Security’s 16 critical infrastructure sectors, including “financial services,” “communications,” and “information technology.” But in many of the verticals in these sectors—such as banking or mobile phone services—no single company dominates the market. A cyberattack knocking a leading bank or mobile phone network provider offline for a few hours would be a major event and an enormous inconvenience for thousands of individuals and businesses, but it wouldn’t shut down the entirety of the financial system or of mobile cellular communications.
By contrast, a successful cyberattack targeting Zoom could bring education and an enormous amount of business activity to a complete halt.
There are plenty of alternatives to Zoom, including Skype, Webex, and GoToMeeting. The challenge of course, is that Zoom has benefited from an enormous network effect. The time people have invested learning how to use Zoom and the licenses companies and universities have signed to make it their main platform for real-time video interactions create strong incentives against adopting an alternative.
people who have spent hours getting used to Zoom don’t want to start over on another platform.
In combination, these factors mean that we aren’t likely to shake our dependence on Zoom anytime soon. That’s a concern, because if a list of critical infrastructure sectors were created from scratch today, it would probably include videoconferencing as a distinct sector. Organizations that rely on video conferencing—and today, that’s most organizations—would be well served to put backup plans in place to minimize the disruption from future Zoom outages.
Tomi Engdahl says:
Understanding How to Conduct a Risk and Resilience Assessments (RRA)
https://pentestmag.com/understanding-how-to-conduct-a-risk-and-resilience-assessments-rra/
#pentest #magazine #pentestmag #pentestblog #PTblog #risk #resilience #assessment #RRA #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
The Rainbow Hat #Hackers
https://medium.com/@website4creators/the-rainbow-hat-hackers-7e44e15c4b6a
Tomi Engdahl says:
Diffie-Hellman key exchange in End-to-End Encryption (E2EE)
https://medium.com/@shubhomoybiswas/diffie-hellman-key-exchange-in-end-to-end-encryption-e2ee-2366e056661
When it comes to data encryption, there are mainly two types — Symmetric and Asymmetric. Popular encryption methods like AES uses symmetric key encryption whereas RSA uses an asymmetric approach.
Nowadays, chat applications use end-to-end encryption to protect users’ chat messages from getting compromised by hackers or by the organization itself. End-to-end encryption (E2EE) asserts encryption and decryption to take place at the clients’ devices (end destinations). This allows the ciphered texts to transmit via an insecure and public channel, such as the internet, without the messages being compromised.
Let’s look at E2EE using both asymmetric and symmetric approaches.
Tomi Engdahl says:
Three Ways to Hack a Printed Circuit Board
https://spectrum.ieee.org/computing/hardware/three-ways-to-hack-a-printed-circuit-board
Tomi Engdahl says:
https://edri.org/edri-demands-open-safe-and-accountable-internet-will-you-join-us/
Tomi Engdahl says:
Why Cloud Networking is a must for Flexibility, Scalability, and Visibility
https://pentestmag.com/why-cloud-networking-is-a-must-for-flexibility-scalability-and-visibility/
#pentest #magazine #pentestmag #pentestblog #PTblog #cloud #networking #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Looking at active Cyber Threats with LeakIX
https://pentestmag.com/looking-at-active-cyber-threats-with-leakix/
#pentest #magazine #pentestmag #pentestblog #PTblog #LeakIX #OSINT #threatintelligence #tool #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
https://www.makeuseof.com/tag/avoid-bad-vpns/?utm_source=MUO-FB-P&utm_medium=Social-Distribution&utm_campaign=MUO-FB-P
Tomi Engdahl says:
How many spycams can Stacey Dooley find in a love motel bedroom? | BBC
https://m.youtube.com/watch?v=ggYIsnUgUdU
Pornography is illegal in South Korea, and molka has emerged as an illicit DIY alternative. The devastating impact of molka is revealed in the increasing number of molka-related suicides. Now, criminal gangs are starting to install cameras on an industrial scale, selling people’s most private moments as pornography for strangers to consume. The country’s advanced technology allows criminals to stream videos live and share them at lightning speeds.
Can those fighting molka stay ahead of this quickly evolving crime?
Tomi Engdahl says:
TOP 5 Latest Cyber Security Books (2017-2019) | Best & Latest Must-Reads For Any Aspiring or Seasoned Hacker
https://pentestmag.com/top-5-latest-cyber-security-books-2017-2019-best-latest-must-reads-for-any-aspiring-or-seasoned-hacker/
#pentest #magazine #pentestmag #pentestblog #PTblog #top #cybersecurity #hacking #books #best #latest #mustread #infosecurity #infosec
Tomi Engdahl says:
Is China the World’s Greatest Cyber Power?
https://www.darkreading.com/threat-intelligence/is-china-the-worlds-greatest-cyber-power/d/d-id/1338778
The nation’s aggressive approach to using cyber operations to achieve
political and national aims has set its cyber strategy apart from the
more cautious and considered approaches of most other nations.
Attackers linked to China have vacuumed up personally identifiable
information on US and European citizens, stolen trade secrets and
intellectual property, and exfiltrated classified information from
government agencies, all without much political impact to the Chinese
government. PDF:
https://wow.intsights.com/rs/071-ZWD-900/images/Dark%20Side%20of%20China.pdf
Tomi Engdahl says:
Näin poistat tietokoneen datat turvallisesti ennen myyntiä: 4
vaihtoehtoa
https://www.tivi.fi/uutiset/tv/1361f684-1d3f-4d93-ac2f-0fcce2c32a13
Mitä tehdä kun olisi tarve päästä eroon vanhasta tietokoneesta
turvallisesti? Koska tietotekniikka kannattaa kierrättää, on seuraava
etappi joko koneen myyminen käytettynä tai vieminen
SER-keräyspisteeseen. Molemmissa tapauksissa kaikki koneella oleva
data on syytä poistaa ensin.
Tomi Engdahl says:
Putting the Pieces Together for Extended Detection and Response
https://www.securityweek.com/putting-pieces-together-extended-detection-and-response
Pulling the Right Data From the Right Tools Allows You to Validate a Detection and Respond Effectively
The Data Breach Investigations Report (DBIR) from Verizon has evolved significantly since it was first published. But one thing that hasn’t changed over the last dozen years is the consistent finding that security professionals have the tools to detect many of the breaches they face. In fact, the very first report back in 2008 found that 87% of the breaches were considered avoidable through reasonable controls. The indicators exist in logs in various security technologies. The challenge is that they’re hard to see because logs are cluttered, and most security departments don’t have enough people to sift through them and make sense of the data.
Fast forward to the 2020 DBIR and approximately two-thirds of breaches are being detected in days or less. So, the good news is that we’re becoming more effective at using these tools to detect breaches. But what about the other third? And of the two-thirds detected, did we detect the entire scope of the attack, or were certain indicators missed and is the adversary still lurking, waiting to re-emerge later?
The definition of detection is very relevant as extended detection and response (XDR) solutions become the next hot topic in the security industry. Because how we define detection will drive the outcome of XDR and, ultimately, the other key component – response.
Tomi Engdahl says:
Takeaways From the “CryptoForHealth” Twitter Hack
https://www.securityweek.com/takeaways-cryptoforhealth-twitter-hack
On July 15th, US-based microblogging and social networking service, Twitter, disclosed a security incident whose full impact has yet to be determined. According to court documents, the attack started around May 3rd and was only discovered in July when accounts belonging to well-known public figures and executives like Jeff Bezos, Bill Gates, Warren Buffet, President Barack Obama, and Joe Biden were used as part of scheme to extort bitcoins from their followers, which netted more than $117,000. However, the tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Twitter is one of the most-popular social media platforms in the world and is used by more than 145 million people daily.
Modus Operandi
The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom”. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. As a result, it’s not surprising that most of today’s cyber-attacks are front ended by phishing campaigns. In fact, nearly one third of all breaches in the past year involved phishing, according to the 2020 Verizon Data Breach Investigations Report. The initial phase of compromise is typically followed by and exploration phase and the exfiltration of sensitive data, which includes covering up tracks and potentially creating a backdoor for future attacks.
In the Twitter breach, the attackers leveraged social engineering tactics to target a small number of employees through a phone spear phishing attack. Subsequently, the attackers obtained access to both Twitter’s internal network, as well as specific employee credentials that granted them access to internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access Twitter’s internal systems and gain information about the company’s processes.
These exploratory efforts are very common for the anatomy of a hack, whereby reconnaissance is carried out to identify regular IT schedules, seacurity measures, network traffic flows, and scan the entire IT environment to gain an accurate picture of the network resources, privileged accounts, and services. Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
In Twitter’s case, the intelligence gained by the attackers enabled them to target additional employees who did have access to the Twitter account support tool, which allows privileged employees to control all facets of a Twitter account.
Tomi Engdahl says:
Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme
https://www.zdnet.com/article/top-exploits-used-by-ransomware-gangs-are-vpn-bugs-but-rdp-still-reigns-supreme/
While some ransomware groups have heavily targeted Citrix and Pulse Secure VPNs to breach corporate networks in H1 2020, most ransomware attacks take place because of compromised RDP endpoints.
Tomi Engdahl says:
50 Private Companies That Take Security Seriously
https://www.designnews.com/industry/50-private-companies-take-security-seriously?ADTRK=InformaMarkets&elq_mid=14267&elq_cid=876648
The companies featured in Inc.’s annual ranking of the leading privately-held American security organizations have found innovative techniques to provide both physical and cybersecurity.
In the recent Inc. 5000 2020 list, 5000 of the fastest-growing private companies in America have been rated. Grouped by industry, including engineering, manufacturing, transportation, and others, this list covers a wide range of specific technologies. For example, the security category displayed a median growth of 187%, total revenues of $10.3 billion, and contributions of over 86,991 jobs, according to Inc.
These security providers are in markets of either physical or cloud-based services and products. Major offerings were in cloud video surveillance and video, network and information protection, security awareness training and simulated phishing, identifying security violations and threats, and the like. Regardless of the products or services, these security-focused private companies found innovative techniques to provide both physical and cybersecurity.
Tomi Engdahl says:
https://cybernews.com/security/a-tale-of-three-major-cyber-breaches/?utm_source=facebook&utm_medium=traffic_rm&utm_campaign=news&utm_content=major_cyber_breaches
Tomi Engdahl says:
The Life Cycle of a Compromised (Cloud) Server
https://blog.trendmicro.com/the-lifecycle-of-a-compromised-cloud-server/
Trend Micro Research has developed a go-to resource for all things
related to cybercriminal underground hosting and infrastructure. Today
we released the second in this three-part series of reports which
detail the what, how, and why of cybercriminal hosting (see the first
part here). As part of this report, we dive into the common life cycle
of a compromised server from initial compromise to the different
stages of monetization preferred by criminals. It’s also important to
note that regardless of whether a company’s server is on-premise or
cloud-based, criminals don’t care what kind of server they compromise.
To a criminal, any server that is exposed or vulnerable is fair game.
Tomi Engdahl says:
Quarterly Report: Incident Response trends in Summer 2020
https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html
For the fifth quarter in a row, Cisco Talos Incident Response (CTIR)
observed ransomware dominating the threat landscape. Infections
involved a wide variety of malware families including Ryuk, Maze,
LockBit, and Netwalker, among others. In a continuation of trends
observed in last quarter’s report, these ransomware attacks have
relied much less on commodity trojans such as Emotet and Trickbot.
Interestingly, 66 percent of all ransomware attacks this quarter
involved red-teaming framework Cobalt Strike, suggesting that
ransomware actors are increasingly relying on the tool as they abandon
commodity trojans. We continued to see ransomware actors engage in
data exfiltration and even observed the new cartel formed by Maze and
other ransomware operations in action.
Tomi Engdahl says:
Technical Approaches to Uncovering and Remediating Malicious Activity
https://us-cert.cisa.gov/ncas/alerts/aa20-245a
This joint advisory is the result of a collaborative research effort
by the cybersecurity authorities of five nations: Australia, Canada,
New Zealand, the United Kingdom, and the United States. It highlights
technical approaches to uncovering malicious activity and includes
mitigation steps according to best practices. The purpose of this
report is to enhance incident response among partners and network
administrators along with serving as a playbook for incident
investigation.
Tomi Engdahl says:
Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
LDAP, like many UDP based protocols, has the ability to send responses
that are larger than the request. With UDP not requiring any handshake
before data is sent, these protocols make ideal amplifiers for
reflective distributed denial of service attacks. Most commonly, these
attacks abuse DNS and we have talked about this in the past. But LDAP
is another protocol that is often abused. Some of our honeypots have
been seeing a small number of the reflected packets from these
attacks. In investigating them, we noticed that many of them appear to
come from exposed windows domain controllers. Windows domain
controllers do use LDAP for active directory and support
connectionless LDAP (CLDAP) out of the box. CLDAP is part of the issue
here as it supports UDP. So what should you do? I do not know of a
good reason to allow clear text LDAP (Port 389, not LDAP over TLS)
across your perimeter. Close that port!
Tomi Engdahl says:
Phishing gangs mounting high-ticket BEC attacks, average loss now $80,
000
https://www.helpnetsecurity.com/2020/09/01/high-ticket-bec-attacks/
Companies are losing money to criminals who are launching Business
Email Compromise (BEC) attacks as a more remunerative line of business
than retail-accounts phishing, APWG reveals. Abuse of web security
infrastructure reached a grim new plateau in Q2 2020, as well, with
PhishLabs reporting that nearly 78 percent of all phishing websites
employ SSL/TLS certificates as part of the deceptive schemes they use
to lure in users and gain their confidence.
Tomi Engdahl says:
Cybersquatting: Attackers Mimicking Domains of Major Brands Including
Facebook, Apple, Amazon and Netflix to Scam Consumers
https://unit42.paloaltonetworks.com/cybersquatting/
Cybercriminals take advantage of the essential role that domain names
play on the internet by registering names that appear related to
existing domains or brands, with the intent of profiting from user
mistakes. This is known as cybersquatting.
Tomi Engdahl says:
Is Your Boardroom The Weakest Cybersecurity Link?
https://www.forbes.com/sites/bobzukis/2020/09/01/is-your-boardroom-the-weakest-cybersecurity-link/
- From phishing to ransomware, one of the primary challenges with
effective cybersecurity risk management is related to the weakest link
theory.. The essence of this theory is the phrase “a chain is no
stronger than its weakest link.” This idiom reflects the fact that
effective cybersecurity risk management is a complex system of related
and inter-dependent parts. If one component fails, it can jeopardize
the entire system.. For many companies, their weakest cybersecurity
link is at the top, in their boardroom.
Tomi Engdahl says:
Elephant in the Doggy Door (Redux) – The Importance of Process Optimization
https://www.securityweek.com/elephant-doggy-door-redux-importance-process-optimization
Back in 2015 I wrote an article, right here in SecurityWeek, about process parity. It was a riff off the old adage “garbage in, garbage out”. It seems that the article from nearly 5 years ago continues to age well, but rather than be excited about that, I’m a little disappointed. Allow me to explain.
If you know me, or have worked with me at all, you’ll know I’m a process nerd. I get it, that’s not necessarily ‘cool’ in cyber security, but it’s what my brain gravitates to. Remember that slide that everyone had at one point in their presentations (guilty…) that said “People, Process, Technology”? I still have it, if only to remind people that we’re still not getting process right.
Technology has advanced tremendously. Nobody is going to dispute that. But we’ve not got entire market segments that are tools built to – wait for it – integrate and operationalize other tools. I feel like that’s a failure somewhere along the line if you’ve designed tech that doesn’t work well with other tech. Maybe it’s just me.
People still don’t scale, and now we’re short on talent to hire. Listen, even if you could hire an infinite number of security professionals, they don’t solve the problem we actually have. The problem we are increasingly seeing in cyber security is the space between systems. If you’ve got 10 different screens where alerts are being generated and screaming at you – there isn’t a meaningful way to make sense of those screens without integrated technology. Humans simply can’t do the job, and process optimization is literally the only way you’ll find the real baddie in all that noise.
Tomi Engdahl says:
Coronavirus & Cybersecurity: 3 Areas of Exploitation
https://pentestmag.com/coronavirus-cybersecurity-3-areas-of-exploitation/
#pentest #magazine #pentestmag #pentestblog #PTblog #exploitation #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Machine learning from idea to reality: a PowerShell case study
https://blog.fox-it.com/2020/09/02/machine-learning-from-idea-to-reality-a-powershell-case-study/
This blog provides a look behind the scenes’ at the RIFT Data Science
team and describes the process of moving from the need or an idea for
research towards models that can be used in practice. More
specifically, how known and unknown PowerShell threats can be detected
using Windows event log 4104. In this case study it is shown how
research into detecting offensive (with the term offensive’ used in
the context of offensive security’) and obfuscated PowerShell scripts
led to models that can be used in a real-time environment.
Tomi Engdahl says:
Gartner expects more CEOs to be personally liable for cyber-physical
security incidents
https://www.zdnet.com/article/gartner-expects-more-ceos-to-be-personally-liable-for-cyber-physical-security-incidents/
The liability for failing to protect systems from cyber incidents will
fall directly onto many CEOs by 2024, Gartner is predicting.
“Regulators and governments will react promptly to an increase in
serious incidents resulting from failure to secure CPSs, drastically
increasing rules and regulations governing them, ” research vice
president at Gartner Katell Thielemann said.
Tomi Engdahl says:
Sean Lyngaas / CyberScoop:
DHS mandates US agencies have vulnerability disclosure programs within six months that will expand to cover all internet-accessible systems within two years — Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers …
CISA orders agencies to set up vulnerability disclosure programs
https://www.cyberscoop.com/cisa-vulnerability-disclosure-directive-omb/
Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector.
Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs).
CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life.
“We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director Bryan S. Ware said in announcing the directive.
Binding Operational Directive 20-01
September 2, 2020
Develop and Publish a Vulnerability Disclosure Policy
https://cyber.dhs.gov/bod/20-01/
Tomi Engdahl says:
Verizon reveals quantum networking trials
The technology would help secure the network
https://www.cnet.com/news/verizon-reveals-quantum-networking-trials/?ftag=CAD090e536&bhid=20035345449657381409697266932077&mid=13025453&cid=534936198
Verizon is expanding a test of quantum computing technology that the carrier believes could help secure its networks. A pilot project of a technology called quantum key distribution in Washington DC was successful, so Verizon it will now test it across the US.
Quantum computing could solve some computing problems impossible for conventional machines, the most famous being an ability to crack conventional encryption, at least if engineers can make quantum computers vastly more powerful than today’s research projects. But Verizon is exploring a different way that the physics of the ultrasmall could be useful — protecting those encrypted network connections.
Quantum key distribution a more mature technology than quantum computing, lets two parties share the encryption keys used to secure their communications. A key element of the technology is the ability to detect if somebody else is trying to get access, too.
“Quantum-based technology can strengthen data security today and in the future,” said Nicki Palmer, chief product innovation officer at Verizon.
Tomi Engdahl says:
Making Remote Working Safer Through Securing the Router
https://pentestmag.com/making-remote-working-safer-through-securing-the-router/
#pentest #magazine #pentestmag #pentestblog #PTblog #router #security #remotework #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
The Evolution of Phishing: Welcome “Vishing”
https://www.securityweek.com/evolution-phishing-welcome-vishing
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites. The threat actor’s objective is to persuade the target either to reveal their credentials over the phone or to input them manually at a website set up by the cyber adversary that impersonates the company’s corporate email or virtual private network (VPN) portal.
According to the advisory, the uptick in usage of this TTP is driven by the COVID-19 pandemic, which has resulted in a mass shift to working from home, the widespread use of corporate VPNs, and elimination of in-person verification.
How to Protect Against Vishing
IT security professionals can implement the following proactive measures to protect their organization:
• Security Awareness Training: Incorporate vishing detection education in your overall security awareness training program. This is a good reminder that it is important to frequently update your training content to account to changes in TTPs. Furthermore, augment the training with phishing simulations to gauge your employees’ awareness level and correct their behavior.
• Restrict VPN Connections: Use mechanisms like hardware checks or installed certificates, so user input alone is not enough to access the corporate VPN. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.
• Employ Domain Monitoring: Track the creation of, or changes to, corporate, brand-name domains.
• Harden Use of MFA: If not yet implemented, enforce multi-factor authentication (MFA) which requires multiple methods for identification (something you know, something you have, and something you are) and therefore is one of the best ways to prevent unauthorized users from accessing sensitive data and moving laterally within the network. If MFA has been implemented, harden your usage by deploying authenticators that support NIST SP 800-63-3 Assurance Level 3. These hardware-based devices (e.g., YubiKey, Titan Security Key) are proven to be a reliable deterrent.
• Apply Least Privilege: Configure access controls — including file, directory, and network share permissions — with least privilege in mind. If a user only needs to read specific files, they should not have write-access to those files, directories, or shares. Gartner has identified Privileged Access Management as one of the Top 10 information security projects over the last two years, since it is an area where organizations can achieve the greatest return on IT security investments.
Tomi Engdahl says:
The Hidden Costs of Losing Security Talent
https://www.darkreading.com/risk/the-hidden-costs-of-losing-security-talent/d/d-id/1338816
According to Simone Petrella, founder and CEO of online training site
CyberVista, an experienced security analyst commands an average annual
salary of about $100, 000. And when that analyst leaves a company, it
typically takes eight months to replace that person and almost four
months to train a replacement. That’s nearly a full year of
productivity lost, she says. Then it’s always possible the company
could lose a second employee because that person became overloaded
while the new hire was getting up to speed.
Tomi Engdahl says:
Russian-Related Threats to the 2020 US Presidential Election
https://www.recordedfuture.com/us-election-russia-threats/
In this report, Recorded Future provides an overview of Russia-nexus
cyberespionage and influence operations activity related to the 2020
U.S. elections, including from advanced persistent threat (APT)
groups, information operations (IO) entities,. as well as likely front
entities and non-state groups aimed at presidential candidates,
political parties, elections infrastructure, media platforms, voting
efforts, and the U.S. population at large.
Tomi Engdahl says:
Under Attack: How Threat Actors are Exploiting SOCKS Proxies
https://securityintelligence.com/articles/what-is-socks-proxy-exploit/
A SOCKS proxy can be used to improve network security in an
enterprise, but can also be exploited by cybercriminals for nefarious
reasons. Take a look at how SOCKS proxies have been manipulated
recently by threat actors.
Tomi Engdahl says:
Australian government releases voluntary IoT cybersecurity code of
practice
https://www.zdnet.com/article/australian-government-releases-voluntary-iot-cybersecurity-code-of-practice/
The voluntary Code of Practice: Securing the Internet of Things for
Consumers is intended to provide industry with a best-practice guide
on how to design IoT devices with cybersecurity features. It will
apply to all IoT devices that connect to the internet to send and
receive data in Australia, including “everyday devices such as smart
fridges, smart televisions, baby monitors, and security cameras”.
Tomi Engdahl says:
Steve Kovach / CNBC:
Facebook’s new policies on the US election are so narrow, and come into effect so late, that they won’t have any real effect on election misinformation — – Facebook on Thursday said it would ban new political ads in the week before the Nov. 3 presidential election and enforce …
Facebook’s ban on new political ads won’t change anything
https://www.cnbc.com/2020/09/03/facebooks-ban-on-new-political-ads-wont-change-anything.html
Tomi Engdahl says:
Mike Isaac / New York Times:
Facebook says it will limit message forwarding on Messenger to five people or groups at a time to tackle the spread of misinformation — The social network said it would block new political ads in late October, among other measures, to reduce misinformation and interference.
Facebook Moves to Limit Election Chaos in November
https://www.nytimes.com/2020/09/03/technology/facebook-election-chaos-november.html
The social network said it would block new political ads in late October, among other measures, to reduce misinformation and interference.
Tomi Engdahl says:
Reuters:
Facebook partners with Reuters to show live US election results, including vote tabulation, exit polls, and projections, in Facebook’s Voting Information Center
https://www.reuters.com/article/rpb-facebookelectionnightresults-idUSKBN25U1RI
Tomi Engdahl says:
Why cloud costs get out of control: Too much lift and shift, and pricing that is ‘screwy and broken’
The Reg talks to the experts about how to manage spend
https://www.theregister.com/2020/09/03/cloud_control_costs/
Spinning up services on public clouds is dead easy, but what about staying in control of the bill?
Organisations are “over budget for cloud spend by an average of 23 per cent, and expect cloud spend to increase by 47 per cent next year,” according to a “State of the cloud 2020″ report by Flexera, based on a survey of 750 technical professionals.
As if that weren’t bad enough, respondents self-estimate that 30 per cent of cloud spend is wasted. COVID-19 has, if anything, made the problem worse, with most respondents saying the pandemic has increased planned cloud usage.
The biggest problem, said Bradley, is that organisations “make a lot of compromises” moving to the cloud because the level of digital transformation needed to get the full benefit is not there.
Tomi Engdahl says:
Facebook to blab bugs it finds if it thinks code owners aren’t fixing fast enough
And reveals half a dozen WhatsApp bugs into the bargain
https://www.theregister.com/2020/09/04/facebook_vulnerability_disclosure_policy/
“Facebook may occasionally find critical security bugs or vulnerabilities in third-party code and systems, including open source software,” the company writes. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”
The Social Network™ has made itself the arbiter of what needs to be disclosed and when it needs to be disclosed. The company’s policy is to contact “the appropriate responsible party” and give them 21 days to respond.
“If we don’t hear back within 21 days after reporting, Facebook reserves the right to disclose the vulnerability,” the policy says, adding: “If within 90 days after reporting there is no fix or update indicating the issue is being addressed in a reasonable manner, Facebook will disclose the vulnerability.”
But the company has also outlined exceptions to those rules, with acceleration of disclosure if a bug is already being exploited and slowing down news “If a project’s release cycle dictates a longer window.”
The third reason is:
“If a fix is ready and has been validated, but the project owner unnecessarily delays rolling out the fix, we might initiate the disclosure prior to the 90-day deadline when the delay might adversely impact the public.”
Facebook “will evaluate each issue on a case-by-case basis based on our interpretation of the risk to people.”
The policy isn’t wildly difficult from that used by Google’s Project Zero, which also discloses bugs after 90 days and also offers extensions under some circumstances.