Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.
The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.
Here are some trends and predictions for cyber security in 2020:
Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.
IoT security: IoT security is still getting worse until it starts to get better. IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.
IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.
Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.
Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA 70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.
Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.
Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.
Security First: Implementing Cyber Best Practices Requires a Security-First Approach. Competing in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.
Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devices. Zero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.
Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.
Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacks. Microsoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.
Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.
Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.
API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.
Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.
Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.
Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination. Amnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”
5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.
5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.
DNS Over HTTPS (DoH): DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.
Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.
Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.
Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.
Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.
Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.
Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.
Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.
False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.
Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.
Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fix. There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams. The preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.
Ransomware: Cybercriminals have become more targeted in their use of ransomware. It is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.
Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.
Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.
Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.
DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago. DNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%. Mobile Devices Account for 41% of DDoS Attack Traffic.
Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.
Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.
New encryption: The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.
Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.
2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.
Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.
Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices. If back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.
2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.
Myth of sophisticated hacker in news: It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.
New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.
Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.
RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.
Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data stores. All organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.
Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.
Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.
Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.
Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.
World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.
Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new. SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.
Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and software. Chinese government to replace foreign hardware and software within three years. Who needs who more?
International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.
Sources:
https://pentestmag.com/iot-security-its-complicated/
https://isc.sans.edu/diary/rss/25580
https://www.securityweek.com/case-cyber-insurance
https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/
https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636
https://pacit-tech.co.uk/blog/the-2020-problem/
https://www.theregister.co.uk/2019/12/09/dronesploit_framework/
https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/
https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext
http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759
https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/
https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/
https://www.securityweek.com/case-cyber-insurance
https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/
https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/
https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/
https://github.com/dhondta/dronesploit/
https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/
https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
https://www.eff.org/wp/behind-the-one-way-mirror
https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks
https://www.is.fi/digitoday/tietoturva/art-2000006342803.html
https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/
https://www.wired.com/story/sobering-message-future-ai-party/
https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1
https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/
https://www.schneier.com/blog/archives/2019/12/scaring_people_.html
https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html
https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/
https://www.bbc.com/news/amp/world-australia-46463029
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/
https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://edri.org/facial-recognition-and-fundamental-rights-101/
https://techcrunch.com/2019/12/10/insider-threats-startups-protect/
https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore
https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/
https://chiefexecutive.net/bridge-cybersecurity-skills-gap/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html
https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk
https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/
https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/
https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/en/documents/pol30/1404/2019/en/
https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk
https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers
https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows
https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand
https://www.helpnetsecurity.com/2019/11/19/successful-soc/
https://www.securityweek.com/making-network-first-line-defense
https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure
https://www.securityweek.com/transitioning-security-driven-networking-strategy
https://www.theregister.co.uk/2019/11/16/5g_iot_report/
https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections
https://www.securityweek.com/fears-grow-digital-surveillance-us-survey
https://www.kaspersky.com/blog/attack-on-online-retail/31786/
https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach
https://securelist.com/advanced-threat-predictions-for-2020/95055/
https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597
https://www.cisomag.com/the-future-of-ai-in-cybersecurity/
https://www.ibm.com/security/artificial-intelligence
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/
https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/
https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/
https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity
http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista
http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan
http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali
https://www.is.fi/digitoday/tietoturva/art-2000006316233.html
https://www.cyberscoop.com/apt33-microsoft-iran-ics/
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/
https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid
https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/
https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/
https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens
https://www.wired.com/story/iran-internet-shutoff/
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/
https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7
https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom
1,468 Comments
Tomi Engdahl says:
Facebook Says Fake Accounts From China Aimed at US Politics
https://www.securityweek.com/facebook-says-fake-accounts-china-aimed-us-politics
Facebook said Tuesday it derailed a network of fakes accounts out of China that had recently taken aim at the US presidential race.
The takedown came as part of the social networks fight against “coordinated inauthentic behavior” and marked the first time Facebook had seen such a campaign based in China targeting US politics, according to head of security policy Nathaniel Gleicher.
Facebook did not connect the campaign to the Chinese government, saying its investigation found links to individuals in the Fujian province of China.
In the takedown, Facebook removed 155 accounts, 11 Pages, 9 Groups and 6 Instagram accounts for violating its policy against foreign interference in deceptive schemes.
Tomi Engdahl says:
Report: Trump Campaign Actively Discussing Radical Measures To Bypass Election Results
https://www.forbes.com/sites/tommybeer/2020/09/23/report-trump-campaign-actively-discussing-radical-measures-to-bypass-election-results/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie/#76616c657269
A jarring new report from The Atlantic claims that the Trump campaign is discussing potential strategies to circumvent the results of the 2020 election, should Joe Biden defeat Donald Trump, by first alleging the existence of rampant fraud and then appointing electors in battleground states where Republicans maintain a legislative majority, whom Trump would ask to bypass the state’s popular vote and instead to choose electors loyal to the GOP and the sitting president.
Following the casting of ballots and counting individual votes in a presidential election, the United States Constitution prescribes that the 538 electors who constitute the Electoral College cast their electoral votes, determining the winner.
Since the late 1800s, every state in every presidential election has ceded the decision to its voters, but the Supreme Court affirmed in Bush v. Gore that a state “can take back the power to appoint electors.”
The chairman of the Pennsylvania Republican Party says, on the record, that he has discussed appointing loyal electors with the Trump campaign: “It is one of the available legal options set forth in the Constitution.”
A critical factor in the Trump campaign’s approach is delegitimizing mail-in and provisional ballots and any other votes that are not counted by the end of Election Day, Nov. 3rd, as those other votes are expected to heavily favor Biden. Earlier this summer, Trump tweeted, “MAIL-IN VOTING WILL LEAD TO MASSIVE FRAUD AND ABUSE. IT WILL ALSO LEAD TO THE END OF OUR GREAT REPUBLICAN PARTY. WE CAN NEVER LET THIS TRAGEDY BEFALL OUR NATION.” Later, in a Twitter post in July, Trump wrote, “With Universal Mail-In Voting, 2020 will be the most INACCURATE & FRAUDULENT Election in history.” However, due to the coronavirus pandemic, 2020 will feature more voting by mail than any other election in history. Earlier this week, Senator Bernie Sanders (I-Vt.) said he plans to spend the next six weeks urging the country to prepare for a “nightmare scenario” in which Trump declares himself the winner of the election and refuses to leave the White House. Thus, Sanders recommends states tally mail-in ballots as quickly as possible, urging them to begin processing and counting ballots before Election Day. When The Atlantic asked the Trump campaign to comment on the quotes in the article, and about possible plans to take the unprecedented step of appointing loyal electors, the president’s deputy national press secretary, Thea McDonald, did not address the questions directly. “It’s outrageous that President Trump and his team are being villainized for upholding the rule of law and transparently fighting for a free and fair election,” McDonald said in an email. “The mainstream media are giving the Democrats a free pass for their attempts to completely uproot the system and throw our election into chaos.”
Tomi Engdahl says:
Trump: 9th Justice Needed Before Election To Rule On Mail-In Ballot ‘Scam’
http://on.forbes.com/6182Gx6i4
President Trump made it known Wednesday that his motivation for nominating a ninth Supreme Court justice in the short window before the November election is both personal and political, particularly on the issue of mail-in voting.
Trump also repeated his unfounded conspiracy that mail-in voting is an “easy system” for foreign countries to “break into” and that expanding mail-in voting “opening” for North Korea and Iran to use “counterfeit ballots,” a claim Trump’s intelligence community has debunked.
“Donald Trump isn’t just trying to steal a Supreme Court seat — he’s trying to steal the election along with it,” Brian Fallon, executive director of liberal judicial activist group Demand Justice, said in a statement. “Even though Republicans may claim to already have the votes to confirm Trump’s pick, Democrats cannot afford to compartmentalize this Supreme Court fight because the fate of the election itself may ride on it.”
Tomi Engdahl says:
FBI Director Says No Evidence Of ‘National Voter Fraud Effort,’ Undercutting Trump
https://www.forbes.com/sites/alisondurkee/2020/09/24/fbi-director-says-no-evidence-of-national-voter-fraud-effort-undercutting-trump/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
FBI Director Christopher Wray testified to Congress on Thursday that the agency has not historically seen “any kind of coordinated national voter fraud effort in a major election,” including through mail-in voting, undermining repeated baseless claims by President Donald Trump and his allies that mail-in voting will lead to widespread voter fraud.
Tomi Engdahl says:
Trump Tells Floridians To Request Mail-In Ballots After Call To ‘Get Rid Of The Ballots’
https://www.forbes.com/sites/andrewsolender/2020/09/24/trump-tells-floridians-to-request-mail-in-ballots-after-call-to-get-rid-of-the-ballots/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
Amid President Trump’s crusade against mail-in voting, which he has cast as substantially fraudulent despite an abundance of evidence pointing to the opposite, Trump on Thursday encouraged voters in Florida to request mail-in ballots, in line with an exception he has made for the GOP-controlled battleground state.
Tomi Engdahl says:
Sandbox in security: what is it, and how it relates to malware
https://blog.malwarebytes.com/awareness/2020/09/sandbox-in-security/
To better understand modern malware detection methods, its a good idea
to look at sandboxes. In cybersecurity, the use of sandboxes has
gained a lot of traction over the last decade or so. With the plethora
of new malware coming our way every day, security researchers needed
something to test new programs without investing too much of their
precious time. Sandboxes provide ideal, secluded environments to
screen certain malware types without giving that malware a chance to
spread. Based on the observed behavior, the samples can then be
classified as harmless, malicious, or needs a closer look.
Tomi Engdahl says:
Threat landscape for industrial automation systems. H1 2020 highlights
https://securelist.com/threat-landscape-for-industrial-automation-systems-h1-2020-highlights/98427/
Beginning in H2 2019 we have observed a tendency for decreases in the
percentages of attacked computers, both in the ICS and in the
corporate and personal environments. In H1 2020 the percentage of ICS
computers on which malicious objects were blocked has decreased by 6.6
percentage points to 32.6%. The number was highest in Algeria (58.1%),
and lowest in Switzerland (12.7%). Despite the overall tendency for
the percentages of attacked computers to decrease, we did see the
number grow in the Oil & Gas sector by 1.6 p.p. to 37.8% and by 1.9
p.p. to 39.9 % for computers used in building automation systems.
These numbers are higher than the percentages around the world
overall.
Tomi Engdahl says:
Fuzzing Image Parsing in Windows, Part One: Color Profiles
https://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-in-windows-color-profiles.html
Image parsing and rendering are basic features of any modern operating
system (OS). Image parsing is an easily accessible attack surface, and
a vulnerability that may lead to remote code execution or information
disclosure in such a feature is valuable to attackers. In this
multi-part blog series, I am reviewing Windows OS built-in image
parsers and related file formats: specifically looking at creating a
harness, hunting for corpus and fuzzing to find vulnerabilities. In
part one of this series I am looking at color profilesnot an image
format itself, but something which is regularly embedded within
images.
Tomi Engdahl says:
Party in Ibiza with PowerShell
https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/
Today, I would like to talk about PowerShell ISE or “Integration
Scripting Environment”[1]. This tool is installed by default on all
Windows computers (besides the classic PowerShell interpreter). From a
malware analysis point of view, ISE offers a key feature: an
interactive debugger!
Tomi Engdahl says:
One of this years most severe Windows bugs is now under active exploit
https://arstechnica.com/information-technology/2020/09/one-of-this-years-most-severe-windows-bugs-is-now-under-active-exploit/
One of the highest-impact Windows vulnerabilities patched this year is
now under active exploitation by malicious hackers, Microsoft warned
overnight, in a development that puts increasing pressure on laggards
to update now. CVE-2020-1472, as the vulnerability is tracked, allows
hackers to instantly take control of the Active Directory, a Windows
server resource that acts as an all-powerful gatekeeper for all
machines connected to a network. Also:
https://krebsonsecurity.com/2020/09/microsoft-attackers-exploiting-zerologon-windows-flaw/.
https://www.zdnet.com/article/microsoft-says-it-detected-active-attacks-leveraging-zerologon-vulnerability/.
https://www.bleepingcomputer.com/news/microsoft/microsoft-hackers-using-zerologon-exploits-in-attacks-patch-now/
Tomi Engdahl says:
Phishing attacks are targeting your social network accounts
https://www.bleepingcomputer.com/news/security/phishing-attacks-are-targeting-your-social-network-accounts/
Scammers are targeting your social network accounts with phishing
emails that pretend to be copyright violations or promises of a shiny
‘blue checkmark’ next to your name. With social networks such as
Twitter, Facebook, Instagram, and TikTok becoming a significant
component in people’s lives, attackers target them for malicious
purposes. These stolen accounts are then used for disinformation
campaigns, cryptocurrency scams like the recent Twitter hacks, or sold
on underground markets. Due to this, social accounts should be treated
as a valuable commodity and protected as such.
Tomi Engdahl says:
New Snort, ClamAV coverage strikes back against Cobalt Strike
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html
Cisco Talos is releasing a new research paper called The Art and
Science of Detecting Cobalt Strike.. We recently released a more
granular set of updated SNORT and ClamAV detection signatures to
detect attempted obfuscation and exfiltration of data via Cobalt
Strike, a common toolkit often used by adversaries. Cobalt Strike is a
paid software platform for adversary simulations and red team
operations. It is used by professional security penetration testers
and malicious actors to gain access and control infected hosts on a
victim network. Cobalt Strike has been utilized in APT campaigns and
most recently observed in the IndigoDrop campaign and in numerous
ransomware attacks.
Tomi Engdahl says:
Wondering how to tell the world you’ve been hacked? Here’s a handy
guide from infosec academics
https://www.theregister.com/2020/09/24/how_to_admit_youve_been_hacked/
Infosec boffins at the University of Kent have developed a
“comprehensive playbook” for companies who, having suffered a computer
security breach, want to know how to shrug off the public consequences
and pretend everything’s fine. In a new paper titled “A framework for
effective corporate communication after cyber security incidents,”
Kent’s Dr Jason Nurse, along with Richard Knight of the University of
Warwick, devised a framework for companies figuring out how to
publicly respond to data security breaches and similar incidents where
servers are hacked and customer records end up in the hands of
criminals.
Tomi Engdahl says:
Pandemic Leads to Rise in Industrial Systems Targeted Via RDP: Report
https://www.securityweek.com/pandemic-leads-rise-industrial-systems-targeted-rdp-report
The COVID-19 pandemic has apparently resulted in industrial systems being increasingly targeted by malicious actors through brute-force attacks on the Remote Desktop Protocol (RDP), Kaspersky reported on Thursday.
Kaspersky’s report on the industrial threat landscape for the first half of 2020 reveals that the number of attacks aimed at RDP on industrial computers increased steadily between February and May.
The cybersecurity firm has seen brute-force attacks against RDP passwords on 0.16% of the industrial control systems (ICS) it protected in February and 0.33% in May. The percentage dropped slightly in June, but still remained at an above average level.
Tomi Engdahl says:
Google Launches Enterprise Threat Detection Solution
https://www.securityweek.com/google-launches-enterprise-threat-detection-solution
Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud.
This is the first threat detection product out of the Chronicle cybersecurity platform after Chronicle became part of Google in June last year.
Launched in 2018 as a separate entity, Chronicle was established in 2016 within Google’s parent company Alphabet, aiming at delivering visibility into possible vulnerable areas, to help improve security posture. In March 2019, Chronicle launched security telemetry platform Backstory, and in June 2019 it announced joining Google Cloud.
The newly announced detection tool, Google revealed in a blog post this week, takes advantage of its large infrastructure to help organizations identify threats faster and at a higher scale than before.
Modern detection for modern threats: Changing the game on today’s threat actors
https://cloud.google.com/blog/products/identity-security/introducing-chronicle-detect-from-google-cloud
Tomi Engdahl says:
Want to stop cybercrimes tearing through your network? First check your privileges
Your most powerful admins are the weakest links
https://www.theregister.com/2020/09/25/privileged_access_security/
The consequences of cybercrime are ever more costly, with Accenture’s Ninth Annual Cost of Cybercrime Study showing the average financial impact per company rose by $1.4m to $13m in 2018.
If the first half of 2020 is any indication, this number will continue to rise as attackers amplify their campaigns to take advantage of emerging opportunities, like those associated with changing work environments, and continue to target organizations’ weakest links.
As more companies move workloads to the cloud, adopt collaboration tools to support remote workforces, and increase automation capabilities, attackers are simultaneously and consistently refining their own strategies to exploit areas of business transformation.
Maintaining business continuity and resiliency in the face of this dynamic threat landscape starts with understanding the mindset of an attacker. Their motivations may vary – from financial gain and espionage to business disruption – but the attack cycle remains relatively constant.
Motivated attackers will initially use fairly standard means to gain a foothold on a network, like phishing or exploiting a known software vulnerability. But once they’ve wormed their way in, they’ll typically seek to exploit privileged accounts with broad and powerful administrative access to carry out reconnaissance or to maintain persistency on the network to launch further attacks. If they don’t achieve this privileged access, the vast majority of attacks simply won’t proceed beyond nascent stages.
Tomi Engdahl says:
Bentsi Ben-Atar, a prominent cybersecurity expert, and chief marketing officer at Sepio Systems, says that it “only takes a number of highly publicized attacks” to drive significant budget increases in cybersecurity.
Why is your personal health information worth 350 dollars on the black market?
https://cybernews.com/editorial/why-is-your-personal-health-information-worth-350-dollars-on-the-black-market/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=health_information_350_dollars
A woman who died in Duesseldorf University Hospital during a ransomware attack might be the first victim linked to a cyberattack on a hospital. Bentsi Ben-Atar, a prominent cybersecurity expert, and chief marketing officer at Sepio Systems, says that it “only takes a number of highly publicized attacks” to drive significant budget increases in cybersecurity. At the moment, the healthcare system worldwide doesn’t invest enough to shield themselves from cyberattacks.
Why is your medical data worth hundreds of dollars on the black market? How can your keycard be used to hack into a hotel? CyberNews spoke to Bentsi Ben-Atar to find out. He
Tomi Engdahl says:
An Analyst’s Review of Top Cyber Certs
https://pentestmag.com/an-analysts-review-of-top-cyber…/
#pentest #magazine #blog #pentestblog #PTblog #certs #cybercerts #certificates #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
White House Chief of Staff Mark Meadows suggested FBI Director Chris Wray was not competent enough to “figure out whether there’s any kind of voter fraud” during an interview today after the director played down the extent of voting fraud.
White House Attacks FBI Director For Playing Down Mail Voting Fraud
http://on.forbes.com/6186GxYbe
White House Chief of Staff Mark Meadows lambasted FBI Director Chris Wray on Friday for accurately playing down the extent of voting fraud and encouraged him to “get involved” with the Trump Administration’s efforts to investigate a handful of ballots in Pennsylvania—a probe that has alarmed election experts.
During testimony in front of Congress Thursday, FBI Director Wray said that the agency has not “historically” witnessed “any kind of coordinated national voter fraud effort in a major election,” including through mail-in voting, rebuffing President Trump, who has frequently claimed—wrongly—that the process is riddled with fraud.
Tomi Engdahl says:
MandaloreQuest: An Offensive Journey
https://pentestmag.com/mandalorequest-an-offensive-journey/
#pentest #magazine #pentestmag #pentestblog #PTblog #MandaloreQuest #exploitation #autoexploitation #tool #offensive #journey #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
NASA Astronaut Plans To Cast Her Ballot From Space
http://on.forbes.com/6183GxS3R
NASA astronaut Kate Rubins, who is training for a six-month mission scheduled to launch in October, says she plans to cast her next vote from space.
Tomi Engdahl says:
FBI, CISA urge public not to panic if they hear about election hacking
https://www.politico.com/amp/news/2020/09/24/fbi-cisa-election-hacking-panic-421144
Trump — contradicted by his own intelligence agencies — claims that foreign powers plan to “rig” the election by printing fraudulent mail-in ballots.
The U.S. election system is resilient enough that voting and vote-tallying can continue even if hackers breach one of its components, the Department of Homeland Security’s cyber arm and the FBI said on Thursday in their latest attempt to soothe worries about Election Day.
“The public should be aware that election officials have multiple safeguards and plans in place — such as provisional ballots to ensure registered voters can cast ballots, paper backups, and backup pollbooks — to limit the impact and recover from a cyber incident with minimal disruption to voting,” the agencies said in a public service announcement.
Tomi Engdahl says:
Facebook vows to restrict users if US election descends into chaos
Head of global affairs says Facebook could take exceptional measures.
https://arstechnica.com/tech-policy/2020/09/facebook-vows-to-restrict-users-if-us-election-descends-into-chaos/
Facebook has said it will take aggressive and exceptional measures to “restrict the circulation of content” on its platform if November’s presidential election descends into chaos or violent civic unrest.
In an interview with the Financial Times, Nick Clegg, the company’s head of global affairs, said it had drawn up plans for how to handle a range of outcomes, including widespread civic unrest or “the political dilemmas” of having in-person votes counted more rapidly than mail-in ballots, which will play a larger role in this election due to the coronavirus pandemic.
“There are some break-glass options available to us if there really is an extremely chaotic and, worse still, violent set of circumstances,” Mr Clegg said, though he stopped short of elaborating further on what measures were on the table.
Tomi Engdahl says:
How cybercriminals launder money stolen from banks
https://www.kaspersky.com/blog/money-laundering-schemes/37175/
Before the thieves can enjoy them, the proceeds of cybercrime have to
jump through a few hoops. We discuss the complexities involved.
Tomi Engdahl says:
Pastebin adds ‘Burn After Read’ and ‘Password Protected Pastes’ to the
dismay of the infosec community
https://www.zdnet.com/article/pastebin-adds-burn-after-read-and-password-protected-pastes-to-the-dismay-of-the-infosec-community/
The two new features will make it easier to disguise malware
operations.
Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password.
None of the two features are original, as they have been present on many paste sites for years.
However, they are new to Pastebin, which is, by far, today’s most popular pastes portal,
Tomi Engdahl says:
So Wait, What Exactly IS the Dark Web?
The Dark Web Boundaries Are Not Always Clear, and Many Sites Fall in a Gray Area
https://www.securityweek.com/so-wait-what-exactly-dark-web
Cyber security always had a thing with terminology. Back in the day, its very name was the subject of many articles that tried to explain how “Cyber” is different than traditional infosec. The term “Advanced Persistent Threats” was also under scrutiny when it became popularized
Despite being around in its current form for almost 15 years, and a household name with references in television shows and even Disney cartoons, the Dark Web as a term is no different. Speak with security professionals who are involved in monitoring the Dark Web and you will probably end up getting varied responses as to what it is and what it is comprised of. Some claim that the Dark Web is another definition of the anonymizing network TOR, while others claim that the Dark Web is mainly comprised of dissident sites, with illegal activity only being a small part of it. Such claims are contested by others, meaning that there is no consensus of what this term exactly refers to.
Since the Dark Web is more than just popular culture, but its monitoring is a major offering in the security industry, it is important to have an accurate definition for it. Lack of clarity leads to misconceptions which consequentially cause gaps between customer expectations and vendor offerings.
Considering the fact that in the security industry, the Dark Web is mainly referenced in the context of intelligence work, to best define the scope of the Dark Web we need to look at it from that perspective – with the eyes of an intelligence operation. This can help us understand what the Dark Web is, but also, just as importantly – what it isn’t.
The Dark Web is not a synonym for TOR. If an intelligence operation identifies an automated site selling stolen credit cards, should it consider the site relevant only if it has a dot-onion address? (domains of TOR sites have an “onion” TLD) If a site is hosted on the clearweb, with a regular dot-com domain, does it automatically stop being relevant? What about the many sites on the Dark Web that offer both clearweb and TOR domains? Is only the TOR version relevant? That answer to all of these questions is, of course, no.
TOR is a technology designed to provide anonymity on the internet. Many Dark Web sites are not on TOR simply because they do not need this anonymity or use other technologies. Sites hosted on “bulletproof hosting” services, hosting services operated by criminals for criminals, who ignore takedown requests from law enforcement, do not need anonymity. As they can’t be taken down, it doesn’t matter if their location is known. Other sites obfuscate their location through other means, such as legitimate anti-DDoS services that conceal the server’s IP address as they route all traffic through their servers first. Just because one technology is being used and not another does not define whether it is or isn’t relevant in the eyes of a Dark Web intelligence operation.
Another often-used way to define the Dark Web is through categorizing the different “webs” that exist – the visible web, the deep web and the dark.
According to this classification, the visible web is all the sites that have been indexed by search engines and therefore can be found. The invisible web, which is many times larger than the visible web, are all the resources that cannot be found – internal companies’ intranet, pages that have specified for search engines crawlers not to index them, as well as pages that are not linked to anything. The Dark Web, according to this classification, is the part of the invisible web that is does not want to be found due to illegitimate activity.
While this definition is closer to what the Dark Web really is, it’s still inaccurate. There are plenty of carding forums and automated credit card vendors that can be found on Google and other search engines if you know what to search for. Even more so, not only can you the login page of certain Dark Web forums, but search engines were also able to index their content. By this classification, they should be part of the visible web, but their content is clearly dark. Does such a site become irrelevant to an intelligence operation just because it was indexed by a search engine?
The reality is that the Dark Web is comprised of many individuals with varying technical capabilities. This is also true to the members of these circles who operate sites. Some may not have the technical prowess to properly prevent search engines from indexing their sites. Some may not even care. Taking this a step further – there’s plenty of carding, hacking and other nefarious activities on legitimate sites, such as social media. For an intelligence operation, does the relevance of the content change just based on where it was posted? again the answer is no, and by process of elimination – we can understand what the Dark Web is.
From an intelligence point of view, the only thing that is relevant in determining whether a source is relevant is the content. If the content is illegal, or problematic, and is the type of data that the Dark Web intelligence operation cares about – then it can be classified as “Dark Web”. The “Dark Web” isn’t necessarily a place, it’s an activity.
This activity is varied – there’s carding, pedophilia, Jihadism, hacking and other types of illegal content that can all be classified as Dark Web. In a sense, there are many “Dark Webs” – with their own resources, code of conduct, threat actors, terminology and characteristics. If you must view the “Dark Web” as a place, then it is the sites that are dedicated to those activities, as well as the “enclaves” in legitimate sites such as Facebook and Telegram where such activity takes place in specific groups.
It doesn’t matter where the site or enclave are hosted, which methods or tools are applied to ensure that this content remains online, or how the hosting was technically set up. It’s the content.
Tomi Engdahl says:
Google removes 17 Android apps doing WAP billing fraud from the Play
Store
https://www.zdnet.com/article/google-removes-17-android-apps-doing-wap-billing-fraud-from-the-play-store/
The 17 apps were infected with the Joker (Bread) malware, which Google
described in January 2020 as one of the most persistent threats it
dealt with since 2017.
Tomi Engdahl says:
The Android 11 Privacy and Security Features You Should Know
https://www.wired.com/story/android-11-privacy-and-security-features/
Many of the updates to Google’s mobile OS are behind the scenesbut
they can help you control your app permissions and keep your data
safe.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11201-huawei-connect-kyberturva-voi-perustua-vain-avoimuuteen
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11203-varo-verkkokauppoja-tuhansissa-kaappausohjelmistoja
Tomi Engdahl says:
The Android 11 Privacy and Security Features You Should Know
Many of the updates to Google’s mobile OS are behind the scenes—but they can help you control your app permissions and keep your data safe.
https://www.wired.com/story/android-11-privacy-and-security-features/
Tomi Engdahl says:
Big US election coming up, security is vital and, oh look… a federal agency just got completely pwned for real
Hacker had set up shop on network using stolen Office 365 accounts
https://www.theregister.com/2020/09/25/cisa_agency_hacked/
Tomi Engdahl says:
Not Particularly Mortifying: IEEE eggheads probe npm registry, say JavaScript libs not as insecure as feared
Oh sure, there are plenty of flaws in those packages though not even one in ten are anything to worry about
https://www.theregister.com/2020/09/25/npm_security_risks/
Tomi Engdahl says:
Are injection flaws the Bohemian Rhapsody of cybersecurity?
Get ready for this year’s OWASP Top 10 with us and F5
https://www.theregister.com/2020/09/28/owasp_top_10_webcast/
Tomi Engdahl says:
Foreign Hackers Cripple Texas County’s Email System, Raising Election Security Concerns
https://www.propublica.org/article/foreign-hackers-cripple-texas-countys-email-system-raising-election-security-concerns
The malware attack, which sent fake email replies to voters and businesses, spotlights an overlooked vulnerability in counties that don’t follow best practices for computer security.
Last week, voters and election administrators who emailed Leanne Jackson, the clerk of rural Hamilton County in central Texas, received bureaucratic-looking replies. “Re: official precinct results,” one subject line read. The text supplied passwords for an attached file.
But Jackson didn’t send the messages. Instead, they came from Sri Lankan and Congolese email addresses, and they cleverly hid malicious software inside a Microsoft Word attachment. By the time Jackson learned about the forgery, it was too late. Hackers continued to fire off look-alike replies. Jackson’s three-person office, already grappling with the coronavirus pandemic, ground to a near standstill.
“I’ve only sent three emails today, and they were emails I absolutely had to send,” Jackson said Friday. “I’m scared to” send more, she said, for fear of spreading the malware.
The previously unreported attack on Hamilton illustrates an overlooked security weakness that could hamper the November election: the vulnerability of email systems in county offices that handle the voting process from registration to casting and counting ballots.
Tomi Engdahl says:
http://hacking-printers.net/wiki/index.php/Main_Page
Tomi Engdahl says:
https://www.wired.com/story/single-sign-on-facebook-google-apple/
Tomi Engdahl says:
Top 7 Cybersecurity Innovations in 2020
https://pentestmag.com/top-7-cybersecurity-innovations-in-2020/
#pentest #magazine #pentestmag #pentestblog #PTblog #top #cybersecurity #innovations #infosecurity #infosec
Tomi Engdahl says:
Week in review: Infosec career misconceptions and challenges, early warning signs of ransomware
Here’s an overview of some of last week’s most interesting news and articles
https://www.helpnetsecurity.com/2020/09/27/week-in-review-infosec-career-misconceptions-and-challenges-early-warning-signs-of-ransomware/
Tomi Engdahl says:
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
Tomi Engdahl says:
How to systematically secure anything: a repository about security engineering
https://github.com/veeral-patel/how-to-secure-anything
Tomi Engdahl says:
FEDS ARE TAPPING PROTESTERS’ PHONES. HERE’S HOW TO STOP THEM.
Use Signal and add a PIN code to your phone’s SIM card to help protect against spying.
https://theintercept.com/2020/09/25/surveillance-sim-cloning-protests-protect-phone/
Tomi Engdahl says:
HiSTORY
When “Captain Midnight” Hacked HBO
https://www.mentalfloss.com/article/75907/when-captain-midnight-hacked-hbo
Tomi Engdahl says:
A Comprehensive List of Data Wiping and Erasure Standards
https://www.blancco.com/blog-comprehensive-list-data-wiping-erasure-standards/
There are numerous data erasure and data wiping standards for the secure removal of sensitive information from PC hard drives, removable media, LUNs and other storage devices. Rigorous standards for these procedures are set forth by government agencies and private institutes across the globe. View the data wiping and erasure standards below, then decide which one(s) is the best fit for your business.
Tomi Engdahl says:
What are password managers and how do they work?
https://cybernews.com/best-password-managers/how-do-password-managers-work/
Tomi Engdahl says:
Average American recorded by security cameras 238 times each week
https://www.studyfinds.org/americans-security-cameras-study/
Tomi Engdahl says:
Google unveils new real-time threat detection tool from Chronicle
https://www.zdnet.com/article/google-unveils-new-real-time-threat-detection-tool-from-chronicle/
The tool is the culmination of Chronicle’s efforts to build a rules engine that can handle complex analytic events, flesh out a new threat detection language tuned for modern attacks and take advantage of the security advantages offered by Google’s scale.
Tomi Engdahl says:
Ransomware is evolving, but the key to preventing attacks remains the same
https://www.zdnet.com/article/ransomware-is-evolving-but-the-key-to-preventing-attacks-remains-the-same/
Ransomware attacks continue to adapt and evolve. That doesn’t mean they can’t be stopped, or that paying up is the only option
Ransomware attacks are getting more aggressive according to a senior figure at Europe’s law enforcement agency, but there are simple steps which organisations can follow to protect themselves – and their employees – from falling victim to attacks.
This year has seen a rise in ransomware attacks where cyber criminals aren’t just encrypting the networks of victims and demanding six-figure bitcoin payment to return the files, but they’re also threatening to publish sensitive corporate information and other stolen data if the victim doesn’t pay the ransom.
However, Europol’s No More Ransom project is attempting to take the fight to cyber criminals by offering free decryption tools for hundreds of different families of ransomware, something which is estimated to have stopped over four million victims from giving into ransom demands.
Tomi Engdahl says:
Defending critical national infrastructure… hmm. Does Zoom count as critical now?
https://www.theregister.com/AMP/2020/06/03/defending_critical_national_infrastructure_talk/
All the old lines are getting pretty darn blurred, say security experts at Euro online confab
Tomi Engdahl says:
8 Free Resources To Learn Ethical Hacking With Python
https://analyticsindiamag.com/8-free-resources-to-learn-ethical-hacking-with-python/