Cyber security trends for 2020

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.

The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.

Here are some trends and predictions for cyber security in 2020:

Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.

IoT security: IoT security is still getting worse until it starts to get better.  IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.

IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.

Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.

Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA  70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.

Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.

Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.

Security First: Implementing Cyber Best Practices Requires a Security-First ApproachCompeting in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.

Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devicesZero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.

Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.

Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacksMicrosoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.

Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.

Regulation: We will see further legal regulations in the area of cyber security and data protection. The implementation of the GDPR and the IT Security Act have already ensured that the behaviour of companies has changed significantly. The drastic fines are having an effect. However, the GDPR is not the end of the story. The ePrivacy Regulation, the forthcoming reform of the IT Security Act and the European CyberSecurity Act will introduce further requirements, with the aim of improving digital security.

Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.

API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.

Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.

Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.

Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discriminationAmnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”

5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.

5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.

DNS Over HTTPS (DoH):  DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.

Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.

Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.

Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.

Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.

Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.

Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.

False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.

Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.

Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fixThere are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teamsThe preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.

Ransomware: Cybercriminals have become more targeted in their use of ransomwareIt is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.

Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.

Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.

Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.

DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year agoDNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%Mobile Devices Account for 41% of DDoS Attack Traffic.

Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.

Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.

New encryption:  The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.

Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats.  Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.

2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.

Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.

Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devicesIf back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.

Scaring people: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. Which particular horseman is in vogue depends on time and circumstance.

2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.

Myth of sophisticated hacker in news:  It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.

New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.

Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.

RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.

Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data storesAll organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.

Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.

Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.

Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.

Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.

World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.

Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new.  SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.

Trackers: Trackers are hiding in nearly every corner of today’s Internet, which is to say nearly every corner of modern life. The average web page shares data with dozens of third-parties. The average mobile app does the same, and many apps collect highly sensitive information like location and call records even when they’re not in use. Tracking also reaches into the physical world.

Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and softwareChinese government to replace foreign hardware and software within three years. Who needs who more?

International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.

 

Sources:


https://www.csoonline.com/article/3452747/what-you-need-to-know-about-the-new-owasp-api-security-top-10-list.html

https://pentestmag.com/iot-security-its-complicated/

https://isc.sans.edu/diary/rss/25580

https://www.securityweek.com/case-cyber-insurance

https://www.bleepingcomputer.com/news/security/cybercriminals-lend-tactics-and-skills-to-political-meddlers/

https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner

https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/

https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636

https://pacit-tech.co.uk/blog/the-2020-problem/

https://www.theregister.co.uk/2019/12/09/dronesploit_framework/

https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/

https://techcrunch.com/2019/12/15/rcs-messaging-has-rolled-out-to-android-users-in-the-us/?tpcc=ECFB2019&guccounter=1

https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/

https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/

https://www.zdnet.com/article/windows-10-mobile-is-over-prepare-for-final-security-patches-as-support-ends/

https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext

https://www.zdnet.com/article/chinese-government-to-replace-foreign-hardware-and-software-within-three-years/

https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/

http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759

https://www.fireeye.com/blog/threat-research/2019/12/fireeye-approach-to-operational-technology-security.html

https://www.darkreading.com/attacks-breaches/mobile-devices-account-for-41–of-ddos-attack-traffic/d/d-id/1336635

https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/

https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/

https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/

https://www.securityweek.com/case-cyber-insurance

https://www.darkreading.com/threat-intelligence/only-half-of-malware-caught-by-signature-av/d/d-id/1336577

https://securityintelligence.com/posts/public-sector-security-is-lagging-how-can-states-and-governments-better-defend-against-cyberattacks-in-2020/

https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/

https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/

https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/

https://github.com/dhondta/dronesploit/

https://isc.sans.edu/forums/diary/Internet+banking+sites+and+their+use+of+TLS+and+SSLv3+and+SSLv2/25606/

https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/

https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/

https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

https://www.eff.org/wp/behind-the-one-way-mirror

https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks

https://www.is.fi/digitoday/tietoturva/art-2000006342803.html

https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/

https://www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/

https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/

https://www.wired.com/story/sobering-message-future-ai-party/

https://www.reuters.com/article/us-russia-internet-software-idUSKBN1Y61Z4?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1

https://www.forbes.com/sites/richardstiennon/2019/12/09/gartner-has-it-right-palo-alto-networks-has-it-wrong/

https://www.forbes.com/sites/leemathews/2019/12/11/google-chrome-adds-real-time-warnings-for-phishing-attacks/

https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/

https://www.schneier.com/blog/archives/2019/12/scaring_people_.html

https://www.mikrobitti.fi/uutiset/yha-oudompia-kyberiskuja-tahan-sinun-tulee-varautua/146d2459-1709-4109-8615-a24875b5af5d

https://www.fifthdomain.com/smr/reagan-defense-forum/2019/12/07/in-cyber-the-us-cant-enforce-standards-that-dont-exist/?utm_source=facebook.com&utm_campaign=Socialflow+C4&utm_medium=social

https://tcrn.ch/355ZAOT

https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/

https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html

https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/

https://www.theguardian.com/world/2019/dec/09/china-tells-government-offices-to-remove-all-foreign-computer-equipment

https://www.inc.com/chris-matyszczyk/if-you-have-an-amazon-echo-or-google-home-fbi-has-some-urgent-advice-for-you.html?cid=sf01002

https://www.bbc.com/news/amp/world-australia-46463029

https://minnesota.cbslocal.com/2019/12/11/its-scary-stuff-cyber-security-expert-says-recording-device-investigation-at-hyatt-hotel-is-not-uncommon/

https://fin.afterdawn.com/uutiset/artikkeli.cfm/2019/12/11/windows-7-n-tuki-paattyy-pian-microsoft-iskee-koko-nayton-varoituksella

https://tcrn.ch/2rMpx7E

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#36679040bd54

https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/

ttps://www.kauppalehti.fi/uutiset/uusi-alypuhelintekniikka-tuo-mukanaan-tietoturva-aukkoja-muun-muassa-google-ilmoittanut-ottavansa-tekniikan-kayttoon/8d8093a0-71ab-4a9c-838a-eb3bfc697e85

https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://edri.org/facial-recognition-and-fundamental-rights-101/

https://cloud.google.com/blog/products/identity-security/beyondprod-whitepaper-discusses-cloud-native-security-at-google

https://itwire.com/government-tech-policy/encryption-law-40-of-firms-say-they-have-lost-sales-after-passage.html

https://techcrunch.com/2019/12/10/insider-threats-startups-protect/

https://www.newscientist.com/article/2227168-turkey-is-getting-military-drones-armed-with-machine-guns/#ixzz684jm3YzJ

https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore

https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/

https://www.cnbc.com/2019/12/13/new-orleans-reports-cyberattacks-after-other-attacks-in-louisiana.html

https://chiefexecutive.net/bridge-cybersecurity-skills-gap/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://blog.checkpoint.com/2019/12/09/protect-yourself-from-hacker-in-the-box-devices-with-the-iot-security-risk-assessment/

https://www.bloomberg.com/news/features/2019-12-11/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in

https://www.vice.com/en_us/article/k7eq7x/vladimir-putins-computer-is-apparently-still-running-windows-xp?utm_source=vicenewsfacebook

https://nypost.com/2019/12/16/video-surveillance-in-china-isnt-much-worse-than-in-the-us/?utm_campaign=iosapp&utm_source=facebook_app

https://spectrum.ieee.org/the-human-os/biomedical/devices/cyber-attacks-on-medical-devices-are-on-the-riseand-manufacturers-must-respond

https://reason.com/2019/12/16/if-you-think-encryption-back-doors-wont-be-abused-you-may-be-a-member-of-congress/

https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html

https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk

https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/

https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/

https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/

https://www.amnesty.org/en/documents/pol30/1404/2019/en/

https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk

https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers

https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows

https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand

https://blog.radware.com/security/2019/11/why-organizations-are-failing-to-deal-with-rising-bot-attacks/

https://www.helpnetsecurity.com/2019/11/19/successful-soc/

https://shorturl.at/kKLM6

https://www.securityweek.com/making-network-first-line-defense

https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure

https://www.securityweek.com/transitioning-security-driven-networking-strategy

https://www.theregister.co.uk/2019/11/16/5g_iot_report/

https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections

https://www.securityweek.com/fears-grow-digital-surveillance-us-survey

https://www.kaspersky.com/blog/attack-on-online-retail/31786/

https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach

https://securelist.com/advanced-threat-predictions-for-2020/95055/

https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597

https://www.forbes.com/sites/bernardmarr/2019/11/15/what-is-homomorphic-encryption-and-why-is-it-so-transformative/

https://www.cisomag.com/the-future-of-ai-in-cybersecurity/

https://www.ibm.com/security/artificial-intelligence

https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/

https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/

https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/

https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity

http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista

http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan

http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali

https://www.eset.com/blog/company/evading-machine-learning-detection-in-a-cyber-secure-world/?utm_source=facebook&utm_medium=cpc&utm_campaign=corporate-blog&utm_term=machine-learning&utm_content=blog

https://www.is.fi/digitoday/tietoturva/art-2000006316233.html

https://www.uusiteknologia.fi/2019/11/29/5g-verkkojen-tietoturvariskit-listattu-oulu-testaa-ongelmat/

https://www.cyberscoop.com/apt33-microsoft-iran-ics/

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/

https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/

https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid

https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/

https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/

https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens

https://www.wired.com/story/iran-internet-shutoff/

https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/

https://www.zdnet.com/google-amp/article/hacking-and-cyber-espionage-the-countries-that-are-going-to-emerge-as-major-threats-in-the-2020s/

https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7

https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom

 

 

 

1,468 Comments

  1. Tomi Engdahl says:

    https://nakedsecurity.sophos.com/2020/09/18/a-real-life-maze-ransomware-attack-if-at-first-you-dont-succeed/

    Reply
  2. Tomi Engdahl says:

    https://cybernews.com/security/best-cybersecurity-podcasts/

    Reply
  3. Tomi Engdahl says:

    What’s with the Rich Kid Revolutionaries?
    https://mises.org/wire/whats-rich-kid-revolutionaries

    Reply
  4. Tomi Engdahl says:

    Security by Obscurity is Underrated
    https://utkusen.com/blog/security-by-obscurity-is-underrated.html

    In the information security field, we have developed lots of thoughts that can’t be discussed (or rarely discussed):

    Never roll your own crypto

    Always use TLS

    Security by obscurity is bad

    And goes like this. Most of them are very generally correct. However, I started to think that people are telling those because everyone is telling them. And, most of the people are actually not thinking about exceptional cases. In this post, I will raise my objection against the idea of “Security by obscurity is bad”.

    Risk, Defense in Depth and Swiss Cheese
    One of the main goal of defensive security is reducing the risk for the target business. According to the OWASP’s methodology, the risk of an issue is calculated with the formula below:

    Risk = Likelihood * Impact

    According to this formula, a Remote Code Execution issue poses more risk than a Cross Site Scripting one since the RCE causes more impact. This is easy. But what about the likelihood metric. According to the OWASP, likelihood refers that:

    At the highest level, this is a rough measure of how likely this particular vulnerability is to be uncovered and exploited by an attacker
    So, if we can reduce the likelihood, we can reduce the overall risk.

    That’s good. It’s actually very similar to a very common idea called “Defense in Depth”. It’s also referred as “Swiss Cheese Model”

    According to this model, you need to build your defense mechanisms in a layered model so that even the attackers pass the first one, they will get caught on the others.

    Security by Obscurity
    So let’s talk about security by obscurity. It’s a bad idea to use it as a single layer of defense. If the attacker passes it, there is nothing else to protect you. But it’s actually would be good to use it as an “additional” layer of defense. Because it has a low implementation cost and it usually works well.

    As you can see here, lots of people tend to scan the default/most popular ports only. So, if you switch your port from 22 to 64323, you will eliminate some of them. You will reduce the likelihood and risk.

    The same thing goes for software vulnerabilities as well. If a vulnerability found in the Microsoft Remote Desktop Protocol, everybody will scan for the port 3389 globally. You can reduce your risk just by changing the default port.

    Of course, it’s possible to use the same methodology in other fields other than changing the defaults. For example, the following ideas might be a good idea for some specific cases (not always)

    Obfuscating codes: Of course, it’s common knowledge. Hackers are people too. If you obfuscate your code well, they will need to spend more time to find issues. They may give up eventually.

    Using random variable names for a web application: Instead of using clear variable names, you can switch them with random strings. It might help just like the code obfuscation.

    Using Symmetric Encryption in the Database:

    Security by obscurity is widely used in physical/real-life security.

    Conclusion
    Security by obscurity is not enough by itself. You should always enforce the best practices. However, if you can reduce the risk with zero cost, you should do that. Obscurity is a good layer of security.

    Reply
  5. Tomi Engdahl says:

    Microsoft Sysmon now logs data copied to the Windows Clipboard
    https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-logs-data-copied-to-the-windows-clipboard/

    Microsoft has released Sysmon 12, and it comes with a useful feature that logs and captures any data added to the Windows Clipboard.

    This feature can help system administrators and incident responders track the activities of malicious actors who compromised a system.

    Those not familiar with Sysmon, otherwise known as System Monitor, it is a Sysinternals tool that monitors Windows systems for malicious activity and logs it to the Windows event log.

    Sysmon 12 adds clipboard capturing

    Reply
  6. Tomi Engdahl says:

    https://www.microsoft.com/en-us/research/publication/build-software-like-build-houses/

    Reply
  7. Tomi Engdahl says:

    https://pwnagotchi.ai/intro/#how-does-pwnagotchi-work

    Reply
  8. Tomi Engdahl says:

    End of Support for Windows 7 Means Beginning of Upgrade-Themed Phishing Campaigns
    https://cofense.com/end-support-windows-7-means-beginning-upgrade-themed-phishing-campaigns/

    Reply
  9. Tomi Engdahl says:

    Microsoft: Some ransomware attacks take less than 45 minutes
    https://www.zdnet.com/article/microsoft-some-ransomware-attacks-take-less-than-45-minutes/
    Microsoft goes over the recent malware trends in its new “Digital
    Defense Report.”. For many years, the Microsoft Security Intelligence
    Report has been the gold standard in terms of providing a yearly
    overview of all the major events and trends in the cyber-security and
    threat intelligence landscape. While Microsoft unceremoniously retired
    the old SIR reports back in 2018, the OS maker appears to have
    realized its mistake, and has brought it back today, rebranded as the
    new Microsoft Digital Defense Report. report:
    https://www.microsoft.com/en/security/business/security-intelligence-report

    Reply
  10. Tomi Engdahl says:

    All four of the world’s largest shipping companies have now been hit
    by cyber-attacks
    https://www.zdnet.com/article/all-four-of-the-worlds-largest-shipping-companies-have-now-been-hit-by-cyber-attacks/
    With today’s news that French shipping giant CMA CGM has been hit by a
    ransomware attack, this now means that all of the four biggest
    maritime shipping companies in the world have been hit by
    cyber-attacks in the past four years, since 2017.

    Reply
  11. Tomi Engdahl says:

    Tech Firms Accused Of Improper Data Handling – But US Government Says
    It Doesn’t Matter
    https://www.forbes.com/sites/emmawoollacott/2020/09/29/tech-firms-accused-of-improper-data-handlingbut-us-government-says-it-doesnt-matter/
    A new report indicates that US tech giants like Facebook and Netflix
    are failing to handle US-EU data transfers legally – but the US
    government is claiming that it shouldn’t be cause for concern.

    Reply
  12. Tomi Engdahl says:

    Managing Remote Access for Partners & Contractors
    https://isc.sans.edu/diary/rss/26614
    Sometimes their techs will install the Bomgar jump client on your
    servers when they are troubleshooting issues. They don’t remove it, it
    is left to the local entity to remove it or at least disable the
    service until it is needed again. Here are some tips to increase the
    operations security when working with third-parties.

    Reply
  13. Tomi Engdahl says:

    With so many cloud services dependent on it, Azure Active Directory
    has become a single point of failure for Microsoft
    https://www.theregister.com/2020/09/29/onedrive_azure_active_directory_outage/
    Does Redmond have a reliability problem?. Microsoft has fixed an issue
    with its OneDrive and SharePoint services where users were unable to
    sign in, caused by a faulty remediation for the earlier Azure Active
    Directory outage.

    Reply
  14. Tomi Engdahl says:

    Ransomware is your biggest problem on the web. This huge change could
    be the answer
    https://www.zdnet.com/article/ransomware-is-the-biggest-problem-on-the-web-this-big-change-could-be-the-answer/
    Making it illegal for companies to pay up when hit with ransomware
    could finally halt the ‘scourge of the internet’.

    Reply
  15. Tomi Engdahl says:

    FBI warns of disinformation campaigns about hacked voter systems
    https://www.bleepingcomputer.com/news/security/fbi-warns-of-disinformation-campaigns-about-hacked-voter-systems/
    The Federal Bureau of Investigation (FBI) and the US Cybersecurity and
    Infrastructure Security Agency (CISA) today issued a joint public
    service announcement about the threat of disinformation campaigns
    targeting the 2020 US election season.

    Reply
  16. Tomi Engdahl says:

    Too many staff have privileged work accounts for no good reason,
    reckon IT bods
    https://www.theregister.com/2020/09/28/research_user_privileges/
    Ever seen a Trello board you thought you shouldn’t? If you’re in UK or
    US, you’re not alone. Around 40 per cent of staff in British and
    American corporations have access to sensitive data that they don’t
    need to complete their jobs, according to recent research.

    Reply
  17. Tomi Engdahl says:

    The price of stolen remote login passwords is dropping. That’s a bad
    sign
    https://www.zdnet.com/article/the-price-of-stolen-remote-login-passwords-is-dropping-thats-a-bad-sign/
    The cost of RDP credentials is going down – and it’s probably
    happening because of poor cybersecurity is making log-in details easy
    to find.

    Reply
  18. Tomi Engdahl says:

    Revealed: Trump campaign strategy to deter millions of Black Americans
    from voting in 2016
    https://www.channel4.com/news/revealed-trump-campaign-strategy-to-deter-millions-of-black-americans-from-voting-in-2016
    3.5 million Black Americans were profiled and categorised as
    Deterrence’ by Trump campaign voters they wanted to stay home on
    election day

    Reply
  19. Tomi Engdahl says:

    This Hacker University’ Offers Dark Web Cybercrime Degrees For $125
    https://www.forbes.com/sites/daveywinder/2020/09/28/this-hacker-university-offers-dark-web-cybercrime-degrees-for-125/
    A newly published report into the new economy of the dark web from
    cybersecurity-as-a-service specialist Armor’s Threat Resistance Unit
    (TRU), contains much of what you might expect. The relatively cheap
    trade-in loan applications, business ‘fullz’ comprising a complete
    business attack dossier, and even SMS text bombing rental services.
    One discovery, however, stood out from the others as far as this
    somewhat jaded cyber-writer is concerned: a hacker university selling
    cybercrime courses to dark web degree students.

    Reply
  20. Tomi Engdahl says:

    Singapore in world first for facial verification
    https://www.bbc.com/news/business-54266602
    Singapore will be the first country in the world to use facial
    verification in its national identity scheme.

    Reply
  21. Tomi Engdahl says:

    FBI, CISA Warn of Disinformation Campaigns Regarding Hacked Voting Systems
    https://www.securityweek.com/fbi-cisa-warn-disinformation-campaigns-regarding-hacked-voting-systems

    Threat actors are expected to spread false information regarding hacked voter information and voting systems, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) say in an alert.

    Last week, the two agencies issued a warning on possible campaigns aimed at distributing false information about the election results, urging the population to double check all sources of information to ensure their validity and make sure the data they receive comes from reliable sources, such as state and local election officials.

    At the time, the agencies noted that disinformation campaigns might leverage websites, social media, and other venues to disseminate false information about voter suppression, cyber-attacks on election infrastructure, fraud, and other issues.

    In a new alert, the FBI and CISA reiterate the warning, noting that “foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, sow discord, discredit the electoral process, and undermine confidence in U.S. democratic institutions.”

    Reply
  22. Tomi Engdahl says:

    FireEye Proposes Converged Enterprise and ICS ATT&CK Matrix
    https://www.securityweek.com/fireeye-proposes-converged-enterprise-and-ics-attck-matrix

    FireEye’s Mandiant Threat Intelligence and MITRE have collaborated on developing a new visualization able to combine the two separate Enterprise ATT&CK and ICS ATT&CK threat knowledgebases into a single holistic view combining both IT and OT attack behaviors.

    In developing its ICS ATT&CK matrix, MITRE stressed that it is necessary to understand both Enterprise ATT&CK and ICS ATT&CK to accurately track threat actor behaviors across OT incidents. But just as the historical divide between IT and OT can lead to loss of visibility between the two, so too can the separation of ATT&CK into Enterprise and ICS lead to a loss of visibility on attacker behaviors.

    The problem is focused on what FireEye describes as ‘intermediary systems’. These may structurally be part of OT, but nevertheless run on standard enterprise operating systems. They are used to control the ICS equipment, and consequently run non-enterprise software systems. Enterprise ATT&CK can map attacker behavior up to the intermediary systems, but loses visibility in the handover to ICS. The problem in providing a complete view of attack behavior is that most of a sophisticated attack’s behavior is found within the intermediary systems.

    https://collaborate.mitre.org/attackics/index.php/Main_Page

    Reply
  23. Tomi Engdahl says:

    “Over the past 5 to 10 years,” Nathan Brubaker, senior manager at Mandiant Threat Intelligence told SecurityWeek, “every sophisticated ICS attack instance we have observed has passed through these intermediary systems on their way to impacting ICS. This includes malware like Stuxnet, Triton and most others. Ninety to ninety-five percent of threat actor activity occurs on these intermediary systems.” So that’s the most likely place you’re going to find ICS attackers, and the best opportunity to stop them.
    https://www.securityweek.com/mitre-releases-attck-knowledge-base-industrial-control-systems

    Reply
  24. Tomi Engdahl says:

    https://www.securityweek.com/mitre-releases-attck-knowledge-base-industrial-control-systems
    https://collaborate.mitre.org/attackics/index.php/Main_Page

    Reply
  25. Tomi Engdahl says:

    So Wait, What Exactly IS the Dark Web?
    https://www.securityweek.com/so-wait-what-exactly-dark-web

    Reply
  26. Tomi Engdahl says:

    Hard-core data preservation: The best media and methods for archiving your data
    Daily backup isn’t archiving. If you want your data to survive the decades, you need to use the right tools.
    https://www.pcworld.com/article/2984597/hard-core-data-preservation-the-best-media-and-methods-for-archiving-your-data.html

    A lot is written about the importance of backing up data, but the media and methodologies proposed aren’t generally suitable for archiving. Securing your data for posterity, i.e., archiving, requires a different approach, where shelved media life and future file compatibility trump the speed and convenience that make backup palatable to the average user.

    We’ll discuss methodology later, but here’s the low-down on the media types available for backup and archival purposes.

    Reply
  27. Tomi Engdahl says:

    Memory sticks used to program Philly’s voting machines were stolen from elections warehouse
    https://www.inquirer.com/politics/election/philadelphia-election-trump-equipment-stolen-usb-laptop-20200930.html?fbclid=IwAR1q3kzCEQUejrFpj54pvTtj3uap123RNtg9O4YWXh-16WXgOeYHrowGh0k

    A laptop and several memory sticks used to program Philadelphia’s voting machines were stolen from a city warehouse in East Falls, officials confirmed Wednesday, setting off a scramble to investigate and to ensure the machines had not been compromised.

    Though it remains unclear when the equipment was stolen, sources briefed on the investigation said the items vanished this week. The laptop belonged to an on-site employee for the company that supplies the machines. It and the USB drives were the only items believed to have been taken.

    City officials vowed Wednesday that the theft would not disrupt voting on Nov. 3.

    But behind the scenes, they fretted about how President Donald Trump and his allies might use the news to cast doubt on the integrity of the city’s elections in light of false claims and conspiracy theories he cited during Tuesday’s presidential debate.

    The commissioners initially refused to confirm the theft or that an investigation had been opened. They only did so after The Inquirer informed them it would be reporting the incident based on sources who were not authorized to publicly discuss it.

    His rhetoric has alarmed experts and voting rights advocates, who say the president is undermining public confidence in the electoral system and inappropriately politicizing the democratic process.

    Sources familiar with the investigation said late Wednesday that during the review, officials found several machines had the wrong seal numbers, but Custodio said they believe the discrepancies were due to a logging error in recording the numbers and did not indicate that the machines had been compromised.

    Those machines, he said, “will be thoroughly examined, wiped, and tested just to be sure.”

    Philadelphia’s voting machines are fairly new, used for the first time last November. Gov. Tom Wolf ordered every voting machine in Pennsylvania, including those in Philadelphia, be replaced in advance of the 2020 election with more-secure machines that leave a paper trail that can be audited or even individually recounted by hand.

    On Tuesday, the city opened its first-ever satellite elections offices to allow voters to cast mail ballots in person — and the statewide voter database went down moments after the celebratory news conference. That afternoon, Trump falsely accused Philadelphia of blocking his poll watchers from the offices, and again put a target on the city by repeating the claims during the presidential debate.

    Voting via mail ballots has begun in Philadelphia, including at the satellite elections offices opened Tuesday, which city and state officials do not consider to be polling locations. .

    Reply
  28. Tomi Engdahl says:

    This worm phishing campaign is a game-changer in password theft,
    account takeovers
    https://www.zdnet.com/article/this-worm-phishing-campaign-is-a-game-changer-in-password-theft-account-takeovers/
    The security incident highlights the need for multi-factor
    authentication in the enterprise. “The phishing emails were being sent
    as replies to genuine emails, ” the researcher explained. “Emails
    exchanged between our people and our suppliers, our customers, and
    even internally between colleagues.”. The technique, resulting in
    worm-like mass takeovers, left Hays “in awe” of the “phenomenal number
    of accounts [that] were compromised within a few hours.”

    Reply
  29. Tomi Engdahl says:

    The Emerald Connection: EquationGroup collaboration with Stuxnet
    https://fmmresearch.wordpress.com/2020/09/28/the-emerald-connection-equationgroup-collaboration-with-stuxnet/
    This article is part of a continued ongoing effort in my research of
    the use of a series of libraries called Exploit Development Framework
    (EDF) created by EquationGroup for the development of their
    exploitation tools (exploits, implants, tools, and more). In my
    previous piece I wrote about my findings of the Fanny worm better
    known to EquationGroup developers and operators as: DEMENTIAWHEEL
    (DEWH).

    Reply
  30. Tomi Engdahl says:

    GitHub rolls out new Code Scanning security feature to all users
    https://www.zdnet.com/article/github-rolls-out-new-code-scanning-security-feature-to-all-users/
    New Code Scanning feature will tell GitHub users when they’ve added
    known security flaws in their code

    Reply
  31. Tomi Engdahl says:

    CISA Releases Telework Essentials Toolkit
    https://us-cert.cisa.gov/ncas/current-activity/2020/09/30/cisa-releases-telework-essentials-toolkit
    The Cybersecurity and Infrastructure Security Agency (CISA) has
    released the Telework Essentials Toolkit, a comprehensive resource of
    telework best practices. The Toolkit provides three personalized
    modules for executive leaders, IT professionals, and teleworkers. Each
    module outlines distinctive security considerations appropriate for
    their role

    Reply
  32. Tomi Engdahl says:

    CISA and MS-ISAC Release Ransomware Guide
    https://us-cert.cisa.gov/ncas/current-activity/2020/09/30/cisa-and-ms-isac-release-ransomware-guide
    The Cybersecurity and Infrastructure Security Agency (CISA) and the
    Multi-State Information Sharing & Analysis Center (MS-ISAC) have
    released a joint Ransomware Guide that details practices that
    organizations should continuously engage in to help manage the risk
    posed by ransomware and other cyber threats. The in-depth guide
    provides actionable best practices for ransomware prevention as well
    as a ransomware response checklist that can serve as a
    ransomware-specific addendum to organization cyber incident response
    plans.

    Reply
  33. Tomi Engdahl says:

    How Security Programs Are Changing After COVID-19: Maximizing Resiliency
    https://www.securityweek.com/how-security-programs-are-changing-after-covid-19-maximizing-resiliency

    When Security is Seen as a Business Enabler We All Win

    The COVID-19 crisis and its associated constraints taught us how to identify priorities based on the most important outcomes. It showed us that many of the activities we considered “priorities” before March are not really priorities. And it further highlighted resiliency as one of the key objectives of security programs to help businesses maintain productivity and drive competitive advantage.

    As we progress through this period that will have lasting effects on how we work and live, we must continue to select priorities that allow us to focus on our most important objectives. Assuming a distributed working model needs to become the norm, not the exception, the question we need to answer is how to secure data, processes, and communication irrespective of where employees and third parties are located.

    Security teams are changing where they focus their time, effort, and budget accordingly. McKinsey & Company recently surveyed 250 global CISOs and security professionals and found that, over the next 12 months, large enterprises will spend even more on network security, identity and access management, and messaging security, which are the exact priorities of a distributed workforce and infrastructure. As for cybersecurity vendors, McKinsey identified various opportunities to support customers, including rethinking service delivery and solution deployment models, and creating additional offerings.

    Reply
  34. Tomi Engdahl says:

    Takeaways From the Shopify Hack
    https://www.securityweek.com/takeaways-shopify-hack

    On September 22nd, Canadian-based e-commerce company, Shopify, disclosed a security incident involving the breach of data belonging to almost 200 merchants (and their customers). According to the company’s investigation, two rogue members of their support team were engaged in a scheme to obtain customer transactional records of selected merchants. Shopify acknowledged that the hacked online stores may have exposed customer data, including emails, names, addresses, and order details. Shopify claims payment card numbers or other sensitive personal/financial information were not part of the incident. However, the investigation into the breach is still in its early phases and the full extent of exposed data therefore is not yet determined.

    The Shopify hack is an unfortunate illustration of how cyber-attacks are conducted today. Rather than a hooded figure in the darkness penetrating a network, two of Shopify’s own employees went rogue. With an enemy lurking within, the question becomes what measures can organizations take to minimize their exposure to insider threats?

    https://www.securityweek.com/shopify-discloses-insider-threat-incident

    Reply
  35. Tomi Engdahl says:

    https://hackaday.com/2020/09/30/automated-tools-for-wifi-cracking/

    Reply
  36. Tomi Engdahl says:

    https://semiengineering.com/blog-review-sept-30-2/
    Synopsys’ Fred Bals takes a look open source projects that, while popular, go understaffed or underfunded, how that can lead to potential security vulnerabilities, and why users who rely on them should consider stepping up to contribute.

    TANSTAAFL! The tragedy of the commons meets open source software
    https://www.synopsys.com/blogs/software-security/tanstaafl-the-tragedy-of-the-commons-meets-open-source-software/

    Open source projects can become victims of their own success. What can developers do to secure their open source software?

    One of the reasons behind the popularity of open source is the volunteer communities improving and updating code. It’s what software developer and author Eric Raymond called Linus’s Law in action: with many eyes looking at code, “all bugs become shallow.”

    A Purdue University study showed that Linus’s Law does work. Open source communities regularly issue patches faster than their proprietary software counterparts. But Linus’s Law only works when there are enough eyes on the code. And there’s no guarantee that the community behind any given open source project will continue maintaining the code. Of the 1,200+ codebases examined for the 2020 Open Source Security and Risk Analysis (OSSRA) report, 88% contained open source components that had had no development activity in the last two years.

    OpenSSL, Heartbleed, and developer burnout

    The TANSTAAFL price

    In the early 19th century, “free lunches” were a popular saloon promotion. Patrons still had to buy a beer or other drink in order to wash down whatever food the barkeep offered, and that was the catch. Profits on whiskey and beer sales more than compensated the saloon for putting out the free lunch spread, which often was little more than soup, crackers, and problematic pickled eggs. Coined by science fiction author Robert Heinlein, TANSTAAFL (“There ain’t no such thing as a free lunch”) reminds us that things always have to be paid for, whether the price is evident or not.

    With popular open source code, the TANSTAAFL price has been the increased pressure on its maintainers—the people who handle bug reports, feature requests, code reviews, and code commits for their “free” software. Increasingly, as open source use grows in popularity, the TANSTAFFL price has been developer burnout and their open source projects being abandoned.

    It’s the tragedy of the commons in action—a resource growing so much in popularity that it can’t remain viable unless the community shifts to sustenance rather than exploitation. Witness the Twitter thread started by James M. South, creator of several popular open source solutions, who bemoaned the fact that, “#ImageSharp passed 6 million downloads this weekend and I’m a lot less happy about it than I probably should be.”

    Why? South goes on in several follow-up tweets, “Over 5 years of development there have only been 98 collaborators, 23 of which have made more than 10 commits…. it’s not about money, it never was and never will be, it’s about sustainability.”

    Several other developers chimed in with their experiences: “…a similar story for #FluentValidation. Over 41 million downloads … 140 contributors, but only 1 has made more than 10 commits.” “Same with ReportGenerator… 15 million downloads but not a single sponsor.”

    Too few people—and their organizations—who rely on open source software are contributing to the projects whose open source they use. If you’re a developer and have a favorite open source component, you can contribute to its development through development, sharing your modifications, bug reporting, crowd-funding, letting the developers know how you are using it, and helping others get started. That last may be the most important thing you can do for any open source project—helping build a user community large enough to sustain the project.

    While development support is important, it’s not necessarily just about the code. Whether you’re a writer, translator, designer, or information security or legal specialist, the chances are good that you too can help support the community in some fashion.

    Reply
  37. Tomi Engdahl says:

    Drives were encrypted. Don’t know with what, but still a tad detail the inquirer left out.

    https://www.fox29.com/news/laptop-encrypted-usb-drives-stolen-from-philadelphia-election-machine-warehouse-spokesperson-says

    Reply
  38. Tomi Engdahl says:

    More Than 1 Million People Have Registered To Vote Through Snapchat, 65% Of Them Under 24
    https://www.forbes.com/sites/siladityaray/2020/10/01/more-than-1-million-people-have-registered-to-vote-through-snapchat-65-of-them-under-24/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696

    Snapchat has helped more than 1 million users register for November’s presidential elections, with nearly two-thirds of those registered being 24 or younger, a stat that could turn out to be a boon for Joe Biden and the Democratic party.

    During the 2018 midterms, more than 450,000 voters had registered through Snapchat and the company estimated that around 57% of them cast a ballot.

    While 2.5 million voters have registered via Facebook, Snapchat’s user base is significantly younger, a demographic that heavily favors Joe Biden and the Democratic party.

    Social media platforms are attempting to avoid a repeat of 2016 when the likes of Facebook and Twitter saw Russia-backed election interference and the spread of misinformation. To counter this, all major social media platforms have established election-related initiatives to both encourage voting and curb the spread of misinformation. Facebook rolled out its voting-related resources for U.S. users in August. Twitter has also included tools to allow voters to register and view other election-related information within its app. Both platforms and YouTube have been adding labels about mail-in voting to counter misinformation on the issue. Earlier this week, TikTok launched an election guide within its mobile app with information about candidates and how to vote in each state. Unlike Twitter, Facebook and Snapchat, the Chinese-owned platform doesn’t allow voters to register directly through its platform, offering only information about the process.

    Reply
  39. Tomi Engdahl says:

    Report: FBI Catches Another Russian-Made Fake News Site Targeting U.S. Voters
    https://www.forbes.com/sites/jemimamcevoy/2020/10/01/report-fbi-catches-another-russian-made-fake-news-site-targeting-us-voters/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696

    The Kremlin-backed group accused of meddling in the 2016 election has been paying American writers to publish articles slamming Joe Biden, praising President Trump and criticizing Black Lives Matter for a faux conservative news site, according to a Thursday Reuters report, the second such Russian attempt to sow division among U.S. voters ahead of the election.

    In this most recent effort, individuals associated with the Internet Research Agency set up a fake independent news outlet in June to target right-wing social media users, two people  familiar with an FBI probe into the activity told Reuters.

    Reply
  40. Tomi Engdahl says:

    Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam
    https://krebsonsecurity.com/2020/10/ransomware-victims-that-pay-up-could-incur-steep-fines-from-uncle-sam/
    Companies victimized by ransomware and firms that facilitate
    negotiations with ransomware extortionists could face steep fines from
    the U.S. federal government if the crooks who profit from the attack
    are already under economic sanctions, the Treasury Department warned
    today.

    Reply
  41. Tomi Engdahl says:

    New service checks if your email was used in Emotet attacks
    https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-email-was-used-in-emotet-attacks/
    A new service has been launched that allows you to check if an email
    domain or address was in an Emotet spam campaign.

    Reply
  42. Tomi Engdahl says:

    H&M-vaatekauppaketju sai 35 miljoonan euron sakon työntekijöidensä
    henkilökohtaisten tietojen keräämisestä Saksassa
    https://yle.fi/uutiset/3-11574720
    Johtajien käyttöön kerätyssä tietopankissa listattiin muun muassa
    sairauksiin ja uskontoon liittyviä asioita.

    Reply
  43. Tomi Engdahl says:

    FBI, CISA Say DDoS Attacks Won’t Prevent Voting
    https://www.securityweek.com/fbi-cisa-say-ddos-attacks-wont-prevent-voting

    While they might hinder access to information, distributed denial-of-service (DDoS) attacks against election infrastructure won’t prevent voting, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert issued this week.

    DDoS attacks would either slow down election-related public-facing websites or render them inaccessible, thus preventing voters from staying updated with voting information or from accessing voting results.

    Such attacks are meant to disrupt activities for a period of time through flooding Internet-accessible servers with requests and preventing legitimate users from connecting to online resources, such as online accounts or websites.

    “The public should be aware that if foreign actors or cyber criminals were able to successfully conduct DDoS attacks against election infrastructure, the underlying data and internal systems would remain uncompromised, and anyone eligible to vote would still be able to cast a ballot,” the FBI and CISA note.

    Reply
  44. Tomi Engdahl says:

    Treasury Department Warns Ransomware Payment Facilitators of Legal Implications
    https://www.securityweek.com/treasury-department-warns-ransomware-payment-facilitators-legal-implications

    The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities.

    The Treasury Department’s Office of Foreign Assets Control (OFAC) says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.

    Many organizations from around the world, including several cities and universities in the U.S., have paid significant amounts of money to recover their files following a ransomware attack.

    However, the Treasury Department warns, companies that facilitate ransomware payments to cybercriminals on behalf of victims not only encourage future attacks, but also risk violating OFAC regulations. The advisory specifically lists cyber insurance companies, financial institutions, and providers of incident response and digital forensics services as organizations that can facilitate ransomware payments.

    The OFAC noted that many cyber threat actors have been sanctioned over the past years, including for attacks involving malware such as Cryptolocker (linked to a Russian individual), SamSam (linked to Iranians), WannaCry (linked to North Korea) and Dridex (linked to a Russian organization).

    Companies are informed that making a ransomware payment to sanctioned people or countries could be used to fund activities “adverse to the national security and foreign policy objectives of the United States.” The advisory also points out that paying the ransom not only encourages the threat actor to launch more attacks, but there is also no guarantee that the victim will regain access to the compromised data.

    Reply
  45. Tomi Engdahl says:

    Brian Krebs / Krebs on Security:
    US Treasury says those who facilitate payments on behalf of ransomware victims, including digital forensics firms, face fines if recipients are under sanctions

    Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam
    https://krebsonsecurity.com/2020/10/ransomware-victims-that-pay-up-could-incur-steep-fines-from-uncle-sam/

    Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.

    Reply
  46. Tomi Engdahl says:

    Salvador Rodriguez / CNBC:
    Facebook says it will ban Facebook and Instagram ads that seek to delegitimize the outcome of an election, including calling specific voting methods fraudulent

    Facebook will ban ads that seek to delegitimize US election
    https://www.cnbc.com/2020/09/30/facebook-will-ban-ads-that-seek-to-delegitimize-us-election-.html

    Reply
  47. Tomi Engdahl says:

    Hakkerit käyttivät Githubiin ”vuodettuja” tunnuksia minuutin sisällä
    https://etn.fi/index.php/13-news/11229-hakkerit-kayttivat-githubiin-vuodettuja-tunnuksia-minuutin-sisalla

    Erilaisia palveluja testaava Comparitech teki pienen testin. Yhtiön kehittäjät liittivät Githubiin koodin mukana tekaistut tunnukset salasanoineen AWS-pilvipalveluun ja laskivat, kuinka kauan kestää ennen kuin rikolliset yrittävät hyödyntää tunnuksia. Aikaa kului yksi minuutti.

    Testi tulos on sekä odotettu että pelottava. Jo aiemmin on tiedetty, että hakkerit ja verkkorikolliset skannaavat Githubin julkisia koodivarastoja etsien salasanoja, asiakastunnuksia, API-tokeneita, mitä tahansa. Yllättävää ehkä oli se, että testitunnuksia yritettiin käyttää niin nopeasti.

    Reply
  48. Tomi Engdahl says:

    https://cybernews.com/security/are-encrypted-messaging-apps-really-secure/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=encrypted_messaging_secure

    Reply
  49. Tomi Engdahl says:

    Latest web hacking tools – Q3 2020
    https://portswigger.net/daily-swig/latest-web-hacking-tools-q3-2020

    Reply
  50. Tomi Engdahl says:

    What Is Script Kiddie? How To Become Script Kiddie?
    https://www.poftut.com/what-is-script-kiddie-how-to-become-script-kiddie/

    Script Kiddie is an amateur person who tries to hack, exploit, abuse IT systems like computers, networks, web sites, etc. Script Kiddie is generally not a professional or hacker because it has very little knowledge about the hacking but can use the hacking tools by following tutorials.

    Script kiddie is unskilled person which means every person can be a script kiddie easily. And these scripts are generally borrowed from friends or forums on the internet. Even some popular hacking communities provides script kiddie tools to help others.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*