Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.
The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.
Here are some trends and predictions for cyber security in 2020:
Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.
IoT security: IoT security is still getting worse until it starts to get better. IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.
IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.
Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.
Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA 70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.
Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.
Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.
Security First: Implementing Cyber Best Practices Requires a Security-First Approach. Competing in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.
Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devices. Zero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.
Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.
Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacks. Microsoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.
Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.
Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.
API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.
Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.
Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.
Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination. Amnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”
5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.
5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.
DNS Over HTTPS (DoH): DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.
Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.
Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.
Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.
Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.
Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.
Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.
Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.
False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.
Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.
Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fix. There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams. The preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.
Ransomware: Cybercriminals have become more targeted in their use of ransomware. It is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.
Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.
Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.
Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.
DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago. DNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%. Mobile Devices Account for 41% of DDoS Attack Traffic.
Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.
Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.
New encryption: The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.
Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.
2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.
Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.
Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices. If back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.
2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.
Myth of sophisticated hacker in news: It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.
New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.
Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.
RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.
Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data stores. All organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.
Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.
Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.
Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.
Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.
World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.
Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new. SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.
Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and software. Chinese government to replace foreign hardware and software within three years. Who needs who more?
International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.
Sources:
https://pentestmag.com/iot-security-its-complicated/
https://isc.sans.edu/diary/rss/25580
https://www.securityweek.com/case-cyber-insurance
https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/
https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636
https://pacit-tech.co.uk/blog/the-2020-problem/
https://www.theregister.co.uk/2019/12/09/dronesploit_framework/
https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/
https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext
http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759
https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/
https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/
https://www.securityweek.com/case-cyber-insurance
https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/
https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/
https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/
https://github.com/dhondta/dronesploit/
https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/
https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
https://www.eff.org/wp/behind-the-one-way-mirror
https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks
https://www.is.fi/digitoday/tietoturva/art-2000006342803.html
https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/
https://www.wired.com/story/sobering-message-future-ai-party/
https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1
https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/
https://www.schneier.com/blog/archives/2019/12/scaring_people_.html
https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html
https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/
https://www.bbc.com/news/amp/world-australia-46463029
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/
https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://edri.org/facial-recognition-and-fundamental-rights-101/
https://techcrunch.com/2019/12/10/insider-threats-startups-protect/
https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore
https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/
https://chiefexecutive.net/bridge-cybersecurity-skills-gap/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html
https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk
https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/
https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/
https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/en/documents/pol30/1404/2019/en/
https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk
https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers
https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows
https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand
https://www.helpnetsecurity.com/2019/11/19/successful-soc/
https://www.securityweek.com/making-network-first-line-defense
https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure
https://www.securityweek.com/transitioning-security-driven-networking-strategy
https://www.theregister.co.uk/2019/11/16/5g_iot_report/
https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections
https://www.securityweek.com/fears-grow-digital-surveillance-us-survey
https://www.kaspersky.com/blog/attack-on-online-retail/31786/
https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach
https://securelist.com/advanced-threat-predictions-for-2020/95055/
https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597
https://www.cisomag.com/the-future-of-ai-in-cybersecurity/
https://www.ibm.com/security/artificial-intelligence
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/
https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/
https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/
https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity
http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista
http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan
http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali
https://www.is.fi/digitoday/tietoturva/art-2000006316233.html
https://www.cyberscoop.com/apt33-microsoft-iran-ics/
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/
https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid
https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/
https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/
https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens
https://www.wired.com/story/iran-internet-shutoff/
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/
https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7
https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom
1,468 Comments
Tomi Engdahl says:
Top 10 Cyber Security Fundamentals for Small to Medium Businesses
https://pentestmag.com/top-10-cyber-security-fundamentals-for-small-to-medium-businesses/
#pentest #magazine #pentestmag #pentestblog #PTblog #top #cybersecurity #business #fundamentals #infosecurity #infosec
Tomi Engdahl says:
All-in-One Vs. Point Tools For Security
Security is a complex problem, and nothing lasts forever.
https://semiengineering.com/all-in-one-vs-point-tools-for-security/
Security remains an urgent concern for builders of any system that might tempt attackers, but designers find themselves faced with a bewildering array of security options.
Some of those are point solutions for specific pieces of the security puzzle. Others bill themselves as all-in-one, where the whole puzzle filled in. Which approach is best depends on the resources you have available and your familiarity with security, as well as the sophistication of the attackers and the complexity of the attack surface.
“We’re still in the dark ages, trying to catch up to an adversary that seemingly is always coming up with a new and better approach to break into a system long before we’ve even thought about being able to check on it,” said John Hallman, product manager for trust and security at OneSpin Solutions. “We need to understand what are the characteristics that would jump this race back closer into the realm where we might be able to better attack the attacker.”
Point tool providers claim they do a better job at their specialties than is possible for a company that’s doing the whole thing. Meanwhile, all-in-one providers offer to solve the complete security problem in one fell swoop. There are even all-in-one solutions that license and incorporate point tools that are available separately. Some solutions are tied to specific hardware platforms, others are generic. It can truly be overwhelming to contemplate all of the possibilities, but at least there are some basic building blocks in place.
“Security is always a system question,” said Helena Handschuh, a fellow Rambus Security Technologies. “You have to consider how your device or how your chip, or even lower your IP fits into the rest of the system. So, of course, you have to ask yourself more questions. What are the new threat models around the new vertical you’re trying to go into? That will change a number of things. But fortunately you can have some basic building blocks that are always kind of the same to solve security aspects. And those ones can be built with the same type of architecture. Then it’s a question of performance and throughput. But regardless of whether that’s going to work or not, the basics are always the same. You need some crypto, you need cryptography algorithms, and you need acceleration if performance or bandwidth is going to be an issue. And you need to have some notion of trusted execution environment.”
Tomi Engdahl says:
How many spycams can Stacey Dooley find in a love motel bedroom? | BBC
https://m.youtube.com/watch?feature=share&v=ggYIsnUgUdU
Tomi Engdahl says:
The Facebook CEO says the social network is getting ready for the possibility a winner won’t be declared on election night.
Facebook CEO Mark Zuckerberg Warns Of ‘Violence Or Civil Unrest’ After Election
http://on.forbes.com/6181GqxUz
Facebook CEO Mark Zuckerberg warned in an interview with Axios on HBO that there’s a “heightened risk” of “violence or civil unrest” in the wake of the November election—particularly between election night and when the winner is declared—as Facebook scrambles to address concerns around how it handles election information and misinformation.
Zuckerberg noted to Axios that “we may not know the final result on election night,” and said Facebook would provide messaging to start “preparing” people that it’s “normal” if tallying the vote takes days or weeks, as well as messaging on posts in which a candidate claims victory before there’s a consensus.
Zuckerberg said Facebook was “trying to make sure that we do our part” to ensure any post-election unrest is not organized on Facebook’s platforms.
Tomi Engdahl says:
FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US networks
The two Chinese tech giants have been designated national security threats.
https://www.cnet.com/news/fcc-estimates-itll-cost-1-8b-to-remove-huawei-zte-equipment-from-us-networks/
The Federal Communications Commission on Friday said it could cost an estimated $1.8 billion to remove and replace Huawei and ZTE equipment that’s in US telecommunications networks receiving federal funds.
In June, the FCC officially classified Huawei and ZTE as national security threats, though since 2019, the agency has barred carriers from using its $8.3 billion a year Universal Service Fund to purchase equipment from the two Chinese tech giants.
US President Donald Trump also signed legislation in March that stops carriers from using government funds to buy network equipment from Huawei and ZTE.
“By identifying the presence of insecure equipment and services in our networks, we can now work to ensure that these networks — especially those of small and rural carriers — rely on infrastructure from trusted vendors,” said FCC Chairman Ajit Pa in a release, adding that he would “once again strongly urge” Congress to appropriate funding to reimburse carriers.
The US, UK and Australia have all banned Huawei from providing 5G technology for their respective wireless networks over security concerns that Huawei has close ties with the Chinese government.
Huawei has long denied its gear can be used to spy or to compromise US security.
Secure networks and 5G
The stakes are especially high when it comes to 5G, the next generation of wireless technology rolling out across the world.
Carriers around the globe are racing to deploy networks. In the US, AT&T, Verizon and T-Mobile are well on their way to building out 5G.
Huawei is a dominant supplier in the 5G market, which again heightens the stakes when it comes to 5G. National security experts say Huawei gear could be used for espionage or to shut down critical communications networks during some future conflict.
None of the major US telecom operators, including AT&T, Verizon or T-Mobile, which now includes Sprint’s assets, say they have deployed Huawei or ZTE 5G gear in the US. The FCC has not published which carriers in the US have used Huawei or ZTE gear. But the big three wireless carriers in the US — AT&T, Verizon and T-Mobile — have each said they don’t have any this equipment in their 4G LTE networks either.
The carriers in the US that have been using Huawei gear are generally smaller rural operators. These operators have previously taken advantage of financing options that have made the Chinese equipment more affordable than alternatives from companies like Ericsson and Nokia
ripping out and replacing equipment in rural networks would be like “attempting to rebuild the airplane in mid-flight.”
He said the biggest difficulty for smaller carriers would be ensuring that they would still be able to keep service going.
Tomi Engdahl says:
Why We Are Facing The Biggest Election Nightmare In Modern American History No Matter Who Ends Up Winning
September 3, 2020 by Michael Snyder
http://endoftheamericandream.com/archives/why-we-are-facing-the-biggest-election-nightmare-in-modern-american-history-no-matter-who-ends-up-winning
It looks like we are headed for the most chaotic presidential election in modern U.S. history. According to some estimates, somewhere around 40 percent of all U.S. voters will vote by mail this year. That means that tens of millions of votes will be going through the postal system, and that has the potential to create all sorts of problems. For one thing, it is going to take a lot of extra time to open those ballots and count them. For states that allow mail-in votes to be counted in advance, that shouldn’t delay final results by too much, but in other states we are facing the possibility of a nightmare scenario. There are certain states that are not allowed to start counting any ballots until the polls close on election day, and that includes key swing states such as Wisconsin, Michigan and Pennsylvania…
Tomi Engdahl says:
https://pentestmag.com/gpo-abuse-you-cant-see-me/
A Group Policy Object is a component of Group Policy that can be used as a resource in Microsoft systems to control user & computer accounts.
Tomi Engdahl says:
Pelkäätkö Koronavilkkua? Vielä keväällä ammattihakkeri Benjamin Särkkä sanoi, ettei asentaisi koronasovellusta – 5 syytä miksi mieli on nyt muuttunut
“Moni taskulamppukin vaatii enemmän oikeuksia kuin Koronavilkku”, tietoturva-asiantuntija sanoo.
https://yle.fi/uutiset/3-11523504
Tomi Engdahl says:
Australia to embed intelligence officers within some private companies
https://uk.reuters.com/article/uk-australia-security/australia-to-embed-intelligence-officers-within-some-private-companies-cyber-chief-idUKKBN25S3TQ
Citing estimates that cyber attacks on businesses and households are
costing about A$29 billion (16.03 billion pounds) or 1.5% of the
country’s Gross Domestic Product, Australia said last month it would
spend A$1.66 billion over the next 10 years to strengthen companies’
cyber defences.
Tomi Engdahl says:
White House publishes a cyber-security rulebook for space systems
https://www.zdnet.com/article/white-house-publishes-a-cyber-security-rulebook-for-space-systems/
The new rules, detailed in Space Policy Directive-5 (SPD-5), are meant
to establish a cybersecurity baseline for all space-bound craft,
systems, networks, and communications channels built and operated by
US government agencies and commercial space entities. “Examples of
malicious cyber activities harmful to space operations include
spoofing sensor data; corrupting sensor systems; jamming or sending
unauthorized commands for guidance and control; injecting malicious
code; and conducting denial-of-service attacks, ” said officials.
Tomi Engdahl says:
Which cybersecurity failures cost companies the most and which
defenses have the highest ROI?
https://www.helpnetsecurity.com/2020/09/03/cost-cybersecurity-failures/
Massachusetts Institute of Technology (MIT) scientists have created a
cryptographic platform that allows companies to securely share data on
cyber attacks they suffered and the monetary cost of their
cybersecurity failures without worrying about revealing sensitive
information to their competitors or damaging their own reputation.
Tomi Engdahl says:
AES-finder – Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys.
https://github.com/mmozeiko/aes-finder
Tomi Engdahl says:
Phones for low-income users hacked before they’re turned on, research find
https://www.cnet.com/news/phones-for-low-income-users-hacked-before-theyre-turned-on/#ftag=COS-05-10aaa0i
Endless pop-up ads siphon off data paid for with federal subsidies in the Lifeline program, researchers found.
Researchers found phones in the Lifeline program came with malware installed, causing the phones to be loaded up with adware.
Rameez Anwar’s phone had serious problems. The device, paid for by the federally funded Lifeline program for low-income people, was overrun with pop-up ads that made it unusable. Despite multiple factory resets, the problem wouldn’t go away.
“As soon as it detected internet,” Anwar said, “it started doing the pop-ups.”
Collier confirmed Anwar’s hunch: The phone’s settings and update apps contained code that allowed them to load malicious apps known as adware. The adware displayed ads that covered users’ screens, no matter what they were doing on their phones.
phone model, made by American Network Solutions. Because the phones and their service plans were subsidized by a US program, taxpayers were funding the data that was used to display the promotional campaigns. On top of that, the adware prevented the phones doing their intended job: keeping low-income people connected to vital services via phone and internet.
Evidence suggests pre-installed malware plagues inexpensive phones around the world. Earlier this year, Collier found pre-installed malware, a broad range of disruptive or dangerous apps, on a phone made by Unimax and distributed by the Lifeline program. Collier says he frequently sees similar malware on cheap phones outside the Lifeline program. A BuzzFeed investigation found inexpensive phones popular in African countries had similar problems.
Tomi Engdahl says:
Everything Is Listening – We Already Live In A Surveillance State; We Just Don’t Know It
https://www.forbes.com/sites/augustinefou/2020/09/01/everything-is-listeningwe-already-live-in-a-surveillance-state-we-just-dont-know-it/#3f6ad2633635
As consumers use more and more devices that have CPUs and are constantly connected to the Internet (IoT – Internet of Things), they are exposing themselves to more and more risks that they don’t even know about, nor do they have any proven means to stop it and protect themselves. And you thought Alexa spying on your dinner conversations was creepy?
Tomi Engdahl says:
Five Eyes Cybersecurity Agencies Release Incident Response Guidance
https://www.securityweek.com/five-eyes-cybersecurity-agencies-release-incident-response-guidance
Cybersecurity agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States have published a joint advisory focusing on detecting malicious activity and incident response.
Best practice incident response procedures, the report notes, start with the collection of artifacts, logs, and data, and their removal for further analysis, and continue with implementing mitigation steps without letting the adversary know that their presence in the compromised environment has been detected.
State: Cybercrime on the Rise During Pandemic, Caution Urged
https://www.securityweek.com/state-cybercrime-rise-during-pandemic-caution-urged
State securities officials say cybercrime including email attacks are on the rise during the pandemic, and they’re warning people to be careful online.
A statement from the Alabama Securities Commission says social engineering attacks have been increasing with more people working at home and children using virtual learning because of the coronavirus outbreak.
The agency says “phishing” attacks are a particular threat. That’s when scammers mimic a legitimate source in an attempt to access personal information, often by email. Many of the attacks try to create a sense of urgency by making people think information or financial accounts are at risk.
Tomi Engdahl says:
Margaret Sullivan / Washington Post:
Media must start preparing the public for the possible election-night uncertainty now and resist answering the question “who won?” until it is settled
Here’s what the media must do to fend off an election-night disaster
https://www.washingtonpost.com/lifestyle/media/heres-what-tv-news-must-do-to-fend-off-an-election-night-disaster/2020/09/04/c94cee50-ed1c-11ea-b4bc-3a2098fc73d4_story.html
I learned about the hazards of election night the hard way. In late 2000, only a year into my job as the Buffalo News’s top editor, I had to make the high-anxiety wee-hours decision about a main headline for the paper’s first Wednesday morning print editions. The problem was that no one knew for certain whether it was George W. Bush or Al Gore who had won the presidential race.
You would think that would have scarred media organizations for life and served as a cautionary tale. You might think that 2000 would have adequately prepared the media — and the American public — for the complete unpredictability of what may happen in November 2020 as a nation votes in the midst of a pandemic with a sitting president who is busy creating mistrust in the system and threatening not to accept a defeat.
But there’s not much reason for confidence. Recall the 2018 midterms when some media figures rushed to judgment again.
“When the results failed to materialize on schedule . . . the normally unflappable Blitzer grew increasingly impatient, even slightly agitated, as if channeling the state of mind of a dozen campaign staffs and the millions watching at home,” my colleague Paul Farhi reported. The embarrassing culmination came with Blitzer attempting to listen in — live — on a phone call between a precinct secretary and a Democratic Party official, which ended in an on-air hang-up.
This time, with the stakes of the election so high, news organizations need to get it right. They need to do two things, primarily, and do them extraordinarily well.
First, in every way possible, they must prepare the public for uncertainty, and start doing this now. Granted, the audience doesn’t really show up in force until election night itself, but news reports, pundit panels and special programming can help plow the ground for public understanding of the unpredictability — or even chaos — to come.
Second, on election night and in the days (weeks? months?) to follow, news organizations will need to do the near-impossible: reject their ingrained instincts to find a clear narrative — including the answer to the question “who won?” — and stay with the uncertainty, if that’s indeed what’s happening.
Some seemed to be in early denial. “We don’t want to create a self-fulfilling prophecy of chaos and confusion or suggest somehow that that’s a preordained outcome,” NBC News president Noah Oppenheim told New York Times columnist Ben Smith last month. But more recently, NBC News and MSNBC announced they would begin a round of programming focused on election security, voting access and misinformation, starting with this weekend’s “Meet the Press.”
That’s good to see — but then there’s election night itself. While chaos may not be preordained, it’s hard to imagine things proceeding in an orderly way unless Trump wins in a landslide.
No, the more likely occurrences — a close race and/or a Biden win — will make the contentious 2000 election look like a neighborhood block party.
The known factors we’re dealing with this year — the plethora of mail-in votes, a sitting president with authoritarian leanings and a proven record of sowing discord, and an attorney general who often functions as his personal lawyer — argue against the likelihood of a calm and buttoned-up outcome.
Journalists and media honchos should be thinking hard about that now, even though it means setting aside their most deeply ingrained instincts.
And they shouldn’t stop until it’s over, whenever that might be.
Tomi Engdahl says:
Loren Grush / The Verge:
Trump administration issues its fifth Space Policy Directive, aimed at enhancing cybersecurity, with officials saying threats “occur with concerning regularity” — Government officials are worried about increasing cyber threats — Today, the Trump administration released …
https://www.theverge.com/2020/9/4/21423087/space-policy-directive-5-cybersecurity-threats-satellites?scrolla=5eb6d68b7fedc32c19ef33b4
Tomi Engdahl says:
Why We Are Facing The Biggest Election Nightmare In Modern American History No Matter Who Ends Up Winning
http://endoftheamericandream.com/archives/why-we-are-facing-the-biggest-election-nightmare-in-modern-american-history-no-matter-who-ends-up-winning
It looks like we are headed for the most chaotic presidential election in modern U.S. history. According to some estimates, somewhere around 40 percent of all U.S. voters will vote by mail this year. That means that tens of millions of votes will be going through the postal system, and that has the potential to create all sorts of problems. For one thing, it is going to take a lot of extra time to open those ballots and count them. For states that allow mail-in votes to be counted in advance, that shouldn’t delay final results by too much, but in other states we are facing the possibility of a nightmare scenario.
So as we all watch the election results come in on the night of November 3rd, what we will be getting will only be partial results.
And at this point the mainstream media is assuming that the votes that are cast in person will heavily favor President Trump, and so they are warning us that there could be a “red mirage” scenario in which it appears that Trump is easily winning an election that he has actually lost.
Of course if Trump builds a huge lead on election night, he is likely to declare victory, and Facebook has already stated that they intend to “flag” any such attempt…
“Facebook plans to flag any attempt by the Trump campaign to declare a premature victory in the presidential race on the platform, the company announced on Thursday.”
This is one of the reasons why I have always been strongly against mail-in voting. Our nation is likely to be thrown into a state of chaos in November because it is going to take so long to count all the votes. President Trump and his supporters will be absolutely convinced that they have won the election if they have a big lead on election night, and Joe Biden and his supporters will be absolutely convinced that they will be victorious once all of the mail-in votes are finally counted. And then no matter what the final result is, about half the country will not be willing to accept it as legitimate.
This is going to be such a disaster, but nobody can do anything about it now. All we can do is watch this slow-motion train wreck play out.
Tomi Engdahl says:
Suurin osa yrityksistä pelkää tukehtuvansa dataan – infoähkyn järkevyys ja turvallisuus hirvittää
https://www.tivi.fi/uutiset/tv/4680944b-21f1-4078-8f17-8811964e0b81
Data on siitä merkillinen varallisuuden laji, että mitä reilummin tätä rahanalaista hilloa firman holveihin kertyy, sitä enemmän se yritysjohtajia myös pelottaa.
Tervetuloa datan uudelle aikakaudelle, toivottaa Splunk uudessa tutkimuksessaan. Kyselyssä 57 prosenttia it-pomoista ja muista yritysjohtajista on sitä mieltä, että heidän yrityksensä keräävät enemmän informaatiota kuin mitä niissä kyetään järkevästi ja turvallisesti käsittelemään.
Tomi Engdahl says:
Science:
Researchers propose using AI in collaboration with human input to draw up electoral districts to combat gerrymandering
Policy Forum
Human-centered redistricting automation in the age of AI
https://science.sciencemag.org/content/369/6508/1179
Redistricting—the constitutionally mandated, decennial redrawing of electoral district boundaries—can distort representative democracy. An adept map drawer can elicit a wide range of election outcomes just by regrouping voters (see the figure). When there are thousands of precincts, the number of possible partitions is astronomical, giving rise to enormous potential manipulation. Recent technological advances have enabled new computational redistricting algorithms, deployable on supercomputers, that can explore trillions of possible electoral maps without human intervention. This leaves us to wonder if Supreme Court Justice Elena Kagan was prescient when she lamented, “(t)he 2010 redistricting cycle produced some of the worst partisan gerrymanders on record. The technology will only get better, so the 2020 cycle will only get worse” (Gill v. Whitford). Given the irresistible urge of biased politicians to use computers to draw gerrymanders and the capability of computers to autonomously produce maps, perhaps we should just let the machines take over. The North Carolina Senate recently moved in this direction when it used a state lottery machine to choose from among 1000 computer-drawn maps. However, improving the process and, more importantly, the outcomes results not from developing technology but from our ability to understand its potential and to manage its (mis)use.
Tomi Engdahl says:
97% of the leading #cybersecurity companies have had their data exposed on the #darkweb in 2020 – Research.
https://www.immuniweb.com/blog/state-cybersecurity-dark-web-exposure.html
Tomi Engdahl says:
What price security? Well, for the US ban on Huawei/ZTE kit it’s around $1.8bn, and you’re going to pay most of it
Ripping and replacing Chinese-made gear won’t be cheap
https://www.theregister.com/2020/09/04/fcc_huawei_zte_replacement/
Tomi Engdahl says:
Which cybersecurity failures cost companies the most and which defenses have the highest ROI?
https://www.helpnetsecurity.com/2020/09/03/cost-cybersecurity-failures/
Massachusetts Institute of Technology (MIT) scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation.
The SCRAM platform allows defenders to learn from past attacks and provides insight into which cyber-risk control areas require additional scrutiny or investment.
Tomi Engdahl says:
Hidden Linux kernel security fixes spotted before release – by using developer chatter as a side channel
Data mining of code commits and chat gives hackers a cunning edge
https://www.theregister.com/2020/09/04/linux_kernel_flaw_detection/
Tomi Engdahl says:
Security Implications Of Quantum Computing
https://semiengineering.com/security-implications-of-quantum-computing/
The race is on to find and implement a public-key cryptographic algorithm that will stand up to the challenges posed by quantum computers.
Tomi Engdahl says:
Shannon Vavra / CyberScoop:
Behind the US cybersecurity defense led by DoD’s Defense Digital Service of Operation Warp Speed, meant to protect vaccine research from nation-state attacks — Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19 …
How the government is keeping hackers from disrupting coronavirus vaccine research
https://www.cyberscoop.com/operation-warp-speed-coronavirus-vaccine-cybersecurity-dds-nsa-dhs-cisa-fbi-hhs/
Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts.
Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021.
Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time.
Tomi Engdahl says:
A Guide to Writing an Effective Cybersecurity Policy
https://pentestmag.com/a-guide-to-writing-an-effective-cybersecurity-policy/
#pentest #magazine #pentestmag #pentestblog #PTblog #effective #cybersecurity #policy #writing #guide #infosecurity #infosec
Tomi Engdahl says:
Mile Markers of Tyranny: Losing Our Freedoms on the Road from 9/11 to COVID-19
written by john w. whiteheadwednesday
http://ronpaulinstitute.org/archives/featured-articles/2020/september/09/mile-markers-of-tyranny-losing-our-freedoms-on-the-road-from-911-to-covid-19/?fbclid=IwAR0pNs1HWD2Z0UkmxivFg2bNaevx14Hb687zN1zuQzFBX1AN7XzYeBAMjms
Tomi Engdahl says:
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections.
https://raccoon-attack.com/
Tomi Engdahl says:
August 2020′s Most Wanted Malware
https://blog.checkpoint.com/2020/09/09/august-2020s-most-wanted-malware-evolved-qbot-trojan-ranks-on-top-malware-list-for-first-time/
Top-3: Emotet, Agent Tesla, Formbook
Ransomware: Huge rise in attacks this year as cyber criminals hunt
bigger pay days
https://www.zdnet.com/article/ransomware-huge-rise-in-attacks-this-year-as-cyber-criminals-hunt-bigger-pay-days/
Researchers warn of a seven-fold rise in ransomware attacks compared
with last year alone – and attackers are continually evolving their
tactics. “Looking into the evolution of last year’s ransomware
families and how they’ve changed this year, most of them have actually
gone down in numbers. This year’s popular ransomware families are not
last year’s popular ransomware families, ” Liviu Arsene, global
cybersecurity researcher at Bitdefender told ZDNet.
Tomi Engdahl says:
Vulnerabilities in CodeMeter Licensing Product Expose ICS to Remote
Attacks
https://www.securityweek.com/vulnerabilities-codemeter-licensing-product-expose-ics-remote-attacks
CodeMeter can be used for a wide range of applications, but it’s often
present in industrial products, including industrial PCs, IIoT
devices, and controllers. Researchers at Claroty have discovered six
vulnerabilities in CodeMeter, some of which could be exploited to
launch attacks against industrial control systems (ICS), including to
shut down devices or processes, deliver ransomware or other malware,
or to execute further exploits.
Tomi Engdahl says:
Most cyber-security reports only focus on the cool threats
https://www.zdnet.com/article/most-cyber-security-reports-only-focus-on-the-cool-threats/
Academics: Only 82 of the 629 commercial cyber-security reports (13%)
published in the last decade discuss a threat to civil society, with
the rest focusing on cybercrime, nation-state hackers, economic
espionage. In contrast, most of the reports produced by independent
research centers were focused on the threats to civil society.
Tomi Engdahl says:
Phishing tricks – the Top Ten Treacheries of 2020
https://nakedsecurity.sophos.com/2020/09/04/phishing-tricks-the-top-ten-treacheries-of-2020/
Are business email users more likely to fall for sticks or carrots?
For threats or free offers? For explicit instructions or helpful
suggestions? For “you must” or “you might like”?. The answers covered
a broad range of phishing themes, but had a common thread: not one of
them was a threat
Tomi Engdahl says:
Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days
https://www.zdnet.com/google-amp/article/ransomware-huge-rise-in-attacks-this-year-as-cyber-criminals-hunt-bigger-pay-days/
Researchers warn of a seven-fold rise in ransomware attacks compared with last year alone – and attackers are continually evolving their tactics.
Tomi Engdahl says:
You can probably expect to lose one laptop per hundred per year. If the security people never formally recommended encryption controls, fire the security department. If they did recommend encryption controls and were ignored, fire the person who ignored them.
Tomi Engdahl says:
“Chinese hackers & intellectual property thieves attack other countries to advance the PRC’s military & economy. The U.S. will continue to work with the EU and likeminded countries to promote a framework of responsible state behavior in cyberspace.”
The global reach of the Chinese government’s hackers and thieves
https://share.america.gov/global-reach-china-s-hackers-and-thieves/
Hackers and intellectual property thieves with the People’s Republic of China are attacking countries worldwide.
Thieves working to advance the PRC’s military and economic development goals have targeted a German pharmaceutical giant, semiconductor producers in Taiwan and high-tech manufacturers in countries from the U.S. to South Korea to Australia.
“The threat of intellectual property theft is incredibly real,” he added.
The European Union recently sanctioned two PRC nationals and the Haitai Technology Development Company Limited, all based in China, for “malicious cyberactivities that aim to undermine the Union’s integrity, security and economic” competitiveness.
“Cyberthreats are increasing and evolving, they affect our societies,” EU Foreign Minister Josep Borrell said while announcing the first sanctions in a July 30 tweet. “We will not tolerate such behaviour.”
Tomi Engdahl says:
Practical Insider Threat Penetration Testing Cases with Scapy (Shell Code and Protocol Evasion)
https://pentestmag.com/practical-insider-threat-penetration-testing-cases-with-scapy-shell-code-and-protocol-evasion/
#pentest #magazine #pentestmag #pentestblog #PTblog #InsiderThreat #Scapy #shellcode #protocol #evasion #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Ransomware accounted for 41% of all cyber insurance claims in H1 2020
https://www.zdnet.com/article/ransomware-accounts-to-41-of-all-cyber-insurance-claims/
Cyber insurance claims ranged in size from $1, 000 to well over $2,
000, 000 per security incident. Ransomware incidents have accounted
for 41% of cyber insurance claims filed in the first half of 2020,
according to a report published today by Coalition, one of the largest
providers of cyber insurance services in North America. “In the first
half of 2020 alone, we observed a 260% increase in the frequency of
ransomware attacks amongst our policyholders, with the average ransom
demand increasing 47%, ” the company added.
Tomi Engdahl says:
Knowing The Cyber Landscape: Five Ways CFOs Can Quantify And
Articulate Data Security And Privacy
https://www.forbes.com/sites/jimdeloach/2020/09/08/knowing-the-cyber-landscape-five-ways-cfos-can-quantify-and-articulate-data-security-and-privacy/
Tomi Engdahl says:
Microsoft to finally kill Adobe Flash support by January 2021
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-finally-kill-adobe-flash-support-by-january-2021/
Tomi Engdahl says:
How Self-Doubt Can Keep Your Security Team Sharp
https://www.securityweek.com/how-self-doubt-can-keep-your-security-team-sharp
A Healthy Sense of Self-Doubt Can Go a Long Way Towards Avoiding False Negatives
Tomi Engdahl says:
Russian Hackers Target U.S. Campaigns, Parties: Microsoft
https://www.securityweek.com/russian-hackers-target-us-campaigns-parties-microsoft
The same Russian military intelligence outfit that hacked the Democrats in 2016 has attempted similar intrusions into the computer systems of more than 200 organizations including political parties and consultants, Microsoft said Thursday.
Those efforts appear to be part of a broader increase in targeting of U.S. political campaigns and related groups, the company said. “What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues,” Tom Burt, a Microsoft vice president, said in a blog post.
New cyberattacks targeting U.S. elections
https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/
Tomi Engdahl says:
Assessing cybersecurity today to improve tomorrow’s manufacturing operations
https://www.controleng.com/articles/assessing-cybersecurity-today-to-improve-tomorrows-manufacturing-operations/?oly_enc_id=0462E3054934E2U
Simple strategies to achieve the most value from cyber risk assessments. Three strategies for operations technology (OT) teams to avoid while performing assessments are highlighted.
There are three common missteps operations technology (OT) teams should be aware of when performing or requesting assessments:
Assuming their own team already knows and understands all the risks
Pursuing “magic pill” solutions, and then not acting due to the considerable number of issues
A lack of prioritization and limited funding.
Organizations that arm themselves against these potential roadblocks can reap the full benefits of a risk assessment. They can drive toward more cybersecure operations and providing the business justification most security-oriented projects lack and asset owners struggle with.
1. Identifying unknown cybersecurity risks, solutions
Cybersecurity is an evolving arms race that may seem overwhelming to an OT team, or even some cyber-experienced information technology (IT) teams. Learning that anti-virus software and a firewall is no longer sufficient protection can be intimidating.
2. Technology alone cannot fix cybersecurity
For every known cybersecurity risk, there is at least one company with the latest and greatest solution, an all-in-one piece of astounding technology. However, when one cuts through the hype, it becomes clear they have varying levels of effectiveness. What’s more: few of these devices or software solutions are designed with control system technology in mind.
Even the best all-in-one solution is not a substitute for a cyber assessment. Regardless of the assessment’s results, a holistic approach supported by a roadmap will always be the best path forward. Technology solutions alone will never remove the need for understanding what’s important to each organization, along with a flexible strategy reflecting operational and business needs.
3. Overwhelmed and underfunded cybersecurity departments
The simplest example of inaction is a small department handling information technology (IT) and OT on a limited budget. It is easy for such a team to become overwhelmed because there are so many vulnerabilities that need to be addressed and there’s never enough time, resources or overall funding.
Even large, well-funded organizations need to start with individual solutions and build toward a comprehensive defense-in-depth strategy. Not every problem needs to be fixed at once. A good cybersecurity risk assessment will create a prioritized roadmap to build the defense layers that will close gaps over time and at a reasonable cost.
Another important strategy is reliance on a trusted partner to perform or help with assessments. Partner organizations have strategies and tools to help make the case for cybersecurity enhancements to management, justifying the investment by examining information regarding the cost of cybersecurity breaches.
How to begin with a cyber risk assessment
Taking concrete steps in response to a cyber risk assessment is not as daunting as it may seem. While it is true new cybersecurity risks may appear in the future, these risks are not as well known or as likely to be exploited as old risks that are covered by security patches, hotfixes and upgrades.
An organization is more likely to be targeted using an old exploit they never patched than by a new, freshly discovered vulnerability simply because more attackers will have tools to attack older vulnerabilities in their arsenal. These are the vulnerabilities most likely to be discovered with an assessment and deterred by basic defense layers.
A defense-in-depth strategy starts with a good context definition so each protection layer can be properly designed and then prioritized against available resources. A cyber risk assessment helps build a good context definition appropriate for the organization’s unique needs.
Being proactive with a cyber risk assessment also can help OT teams ensure any security measures don’t impact operations. If OT waits too long to identify and pursue solutions suited to operations, IT may step in and provide its own solutions without understanding the operations’ team unique needs.
When risks are assessed and solutions are deployed appropriately, cybersecurity becomes a bridge between IT and OT that mutually benefits both groups. This is particularly valuable at a time when organizations are forced to operate leaner and remotely to ensure operations and business continuity.
Tomi Engdahl says:
A sheriff launched an algorithm to predict who might commit a crime. Dozens of people said they were harassed by deputies for no reason.
https://www.businessinsider.com/predictive-policing-algorithm-monitors-harasses-families-report-2020-9?fbclid=IwAR01_-6eRsjIQZP34-HIA60AIfpgYsvPvBujbjV56tF9ZUlcKMnms0KEpuE
A Florida sheriff’s office deployed a futuristic algorithm that uses crime data to predict who is likely to commit another crime.
In a sweeping six-month investigation published this week, the Tampa Bay Times reported that the algorithm relied on questionable data and arbitrary decisions and led to the serial harassment of people without any evidence of specific crimes.
According to the report, former sheriff’s office employees said officers went to the homes of people singled out by the algorithm, charged them with zoning violations, and made arrests for any reason they could. Those charges were fed back into the algorithm.
The report shines a light on the pitfalls of algorithm-driven policing and casts doubt on AI-powered tools meant to fight crime.
https://projects.tampabay.com/projects/2020/investigations/police-pasco-sheriff-targeted/intelligence-led-policing/
Tomi Engdahl says:
The IRS offers a $625,000 bounty to anyone who can break Monero and Lightning
The United States Internal Revenue Service has announced a bounty of up to $625,000 to anyone who can crack Monero’s privacy.
https://cointelegraph.com/news/the-irs-offers-a-625-000-bounty-to-anyone-who-can-break-monero-and-lightning
Tomi Engdahl says:
‘Security vs Privacy’ OR ’Security & Privacy’
https://pentestmag.com/security-vs-privacy-or-security-privacy/
#pentest #magazine #pentestmag #pentestblog #PTblog #security #privacy #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Is your CISO really C-Level?
https://pentestmag.com/is-your-ciso-really-c-level/
#pentest #magazine #pentestmag #pentestblog #PTblog #CISO #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
The Ethical Hacking Lifecycle — Five Stages Of A Penetration Test
https://www.freecodecamp.org/news/ethical-hacking-lifecycle-five-stages-of-a-penetration-test/
Penetration testing is the process of exploiting an organization’s network in order to figure out how defend it better.
In this article, we’ll discuss the five steps involved in a successful penetration test.
Tomi Engdahl says:
NSA’s Cybersecurity Directorate is still figuring out how to measure success
https://www.cyberscoop.com/nsa-cybersecurity-directorate-wendy-noble-billington-cybersecurity/
Since the National Security Agency established a new directorate focused on cybersecurity, the organization once known as “No Such Agency” has engaged in some behavior that would have seemed revolutionary a decade ago: publicly sharing information about several large-scale hacking threats, including Russian hacking incidents, as well as information about a critical Microsoft vulnerability.
How successful the agency considers that behavior is still something it’s examining.
The NSA’s Cybersecurity Directorate, which was established last October in part to share more threat intelligence with the public and the private sector, has been examining the impact of its Cybersecurity Advisories in a variety of ways, the NSA’s Executive Director, Wendy Noble, said during a virtual Billington CyberSecurity Summit Wednesday.
“The more important thing to track is how [CSD information gets] used, the operational outcome,” Noble said. “We are working to develop those metrics to make sure we understand the value proposition … how it benefits government, how it benefits industry, and how it benefits our allies.”
Tomi Engdahl says:
4 top vulnerabilities ransomware attackers exploited in 2020
https://www.csoonline.com/article/3572336/4-top-vulnerabilities-ransomware-attackers-exploited-in-2020.html
As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.