Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.
The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.
Here are some trends and predictions for cyber security in 2020:
Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.
IoT security: IoT security is still getting worse until it starts to get better. IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.
IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.
Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.
Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA 70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.
Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.
Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.
Security First: Implementing Cyber Best Practices Requires a Security-First Approach. Competing in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.
Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devices. Zero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.
Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.
Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacks. Microsoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.
Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.
Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.
API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.
Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.
Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.
Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination. Amnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”
5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.
5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.
DNS Over HTTPS (DoH): DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.
Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.
Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.
Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.
Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.
Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.
Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.
Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.
False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.
Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.
Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fix. There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams. The preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.
Ransomware: Cybercriminals have become more targeted in their use of ransomware. It is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.
Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.
Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.
Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.
DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago. DNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%. Mobile Devices Account for 41% of DDoS Attack Traffic.
Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.
Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.
New encryption: The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.
Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.
2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.
Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.
Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices. If back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.
2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.
Myth of sophisticated hacker in news: It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.
New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.
Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.
RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.
Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data stores. All organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.
Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.
Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.
Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.
Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.
World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.
Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new. SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.
Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and software. Chinese government to replace foreign hardware and software within three years. Who needs who more?
International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.
Sources:
https://pentestmag.com/iot-security-its-complicated/
https://isc.sans.edu/diary/rss/25580
https://www.securityweek.com/case-cyber-insurance
https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/
https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636
https://pacit-tech.co.uk/blog/the-2020-problem/
https://www.theregister.co.uk/2019/12/09/dronesploit_framework/
https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/
https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext
http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759
https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/
https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/
https://www.securityweek.com/case-cyber-insurance
https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/
https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/
https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/
https://github.com/dhondta/dronesploit/
https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/
https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
https://www.eff.org/wp/behind-the-one-way-mirror
https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks
https://www.is.fi/digitoday/tietoturva/art-2000006342803.html
https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/
https://www.wired.com/story/sobering-message-future-ai-party/
https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1
https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/
https://www.schneier.com/blog/archives/2019/12/scaring_people_.html
https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html
https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/
https://www.bbc.com/news/amp/world-australia-46463029
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/
https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://edri.org/facial-recognition-and-fundamental-rights-101/
https://techcrunch.com/2019/12/10/insider-threats-startups-protect/
https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore
https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/
https://chiefexecutive.net/bridge-cybersecurity-skills-gap/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html
https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk
https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/
https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/
https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/en/documents/pol30/1404/2019/en/
https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk
https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers
https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows
https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand
https://www.helpnetsecurity.com/2019/11/19/successful-soc/
https://www.securityweek.com/making-network-first-line-defense
https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure
https://www.securityweek.com/transitioning-security-driven-networking-strategy
https://www.theregister.co.uk/2019/11/16/5g_iot_report/
https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections
https://www.securityweek.com/fears-grow-digital-surveillance-us-survey
https://www.kaspersky.com/blog/attack-on-online-retail/31786/
https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach
https://securelist.com/advanced-threat-predictions-for-2020/95055/
https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597
https://www.cisomag.com/the-future-of-ai-in-cybersecurity/
https://www.ibm.com/security/artificial-intelligence
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/
https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/
https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/
https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity
http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista
http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan
http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali
https://www.is.fi/digitoday/tietoturva/art-2000006316233.html
https://www.cyberscoop.com/apt33-microsoft-iran-ics/
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/
https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid
https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/
https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/
https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens
https://www.wired.com/story/iran-internet-shutoff/
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/
https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7
https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom
1,468 Comments
Tomi Engdahl says:
Settings That Impact The Windows OS
http://windowsir.blogspot.com/2020/10/settings-that-impact-windows-os.html
There are a number of settings within Windows systems that can and do
significantly impact the functionality of Windows, and as a result,
can also impact what is available to a DFIR analyst. These settings
very often manifest as modifications to Registry keys or values. These
settings also make excellent targets for threat hunting, as well.
Tomi Engdahl says:
The most common malicious email attachments infecting Windows
https://www.bleepingcomputer.com/news/security/the-most-common-malicious-email-attachments-infecting-windows/
Tomi Engdahl says:
Malware gangs love open source offensive hacking tools | ZDNet
https://www.zdnet.com/article/malware-gangs-love-open-source-offensive-hacking-tools/
Hacking tools released by security researchers often end up being abused by bad guys as well.
In the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license.
OST projects are usually released to provide a proof-of-concept exploit for a new vulnerability, to demonstrate a new (or old) hacking technique, or as penetration testing utilities shared with the community.
Today, OST is one of the most (if not the most) controversial topics in the information security (infosec) community.
One one side, you have the people who are in favor of releasing such tools, arguing that they can help defenders learn and prepare systems and networks for future attacks.
On the opposing side, you have the ones who say that OST projects help attackers reduce the costs of developing their own tools and hiding activities into a cloud of tests and legitimate pen-tests.
Tomi Engdahl says:
Orca Security Research Reveals How Software Industry Unwittingly
Distributes Virtual Appliances with Known Vulnerabilities
https://www.businesswire.com/news/home/20201013005406/en/Orca-Security-Research-Reveals-Software-Industry-Unwittingly
The Orca Security research study found 401, 571 total vulnerabilities
in scanning 2, 218 virtual appliance images from 540 software vendors.
Since alerting vendors of these risks, 287 products have been updated
and 53 removed from distribution, leading to 36, 938 discovered
vulnerabilities being addressed. For example, Dell EMC issued a
critical security advisory; Cisco published fixes to 15 found security
risks; and IBM, Symantec, Kaspersky Labs, Oracle, Splunk, ZOHO and
Cloudflare all removed outdated or vulnerable virtual appliances.
Tomi Engdahl says:
Cloudflare Launches New Zero Trust Networking, Security Platform
https://www.securityweek.com/cloudflare-launches-new-zero-trust-networking-security-platform
Cloudflare on Monday announced the launch of a new zero trust platform that can help organizations address the networing and security challenges associated with an increasingly remote workforce.
Cloudflare One is a cloud-based network-as-a-service solution that is designed to protect networks, devices and applications, and improve performance.
The security and performance solutions provider says it has launched the new platform in response to organizations increasingly moving to the cloud and the changes related to remote workforces brought on by the COVID-19 pandemic.
https://blog.cloudflare.com/cloudflare-one/
Running a secure enterprise network is really difficult. Employees spread all over the world work from home. Applications are run from data centers, hosted in public cloud, and delivered as services. Persistent and motivated attackers exploit any vulnerability.
Enterprises used to build networks that resembled a castle-and-moat. The walls and moat kept attackers out and data in. Team members entered over a drawbridge and tended to stay inside the walls. Trust folks on the inside of the castle to do the right thing, and deploy whatever you need in the relative tranquility of your secure network perimeter.
The Internet, SaaS, and “the cloud” threw a wrench in that plan. Today, more of the workloads in a modern enterprise run outside the castle than inside. So why are enterprises still spending money building more complicated and more ineffective moats?
Today, we’re excited to share Cloudflare One™, our vision to tackle the intractable job of corporate security and networking.
Cloudflare One combines networking products that enable employees to do their best work, no matter where they are, with consistent security controls deployed globally.
Starting today, you can begin replacing traffic backhauls to security appliances with Cloudflare WARP and Gateway to filter outbound Internet traffic. For your office networks, we plan to bring next-generation firewall capabilities to Magic Transit with Magic Firewall to let you get rid of your top-of-shelf firewall appliances.
With multiple on-ramps to the Internet through Cloudflare, and the elimination of backhauled traffic, we plan to make it simple and cost-effective to manage that routing compared to MPLS and SD-WAN models. Cloudflare Magic WAN will provide a control plane for how your traffic routes through our network.
Tomi Engdahl says:
How Security Programs Are Changing After COVID-19: Maximizing Resiliency
https://www.securityweek.com/how-security-programs-are-changing-after-covid-19-maximizing-resiliency
When Security is Seen as a Business Enabler We All Win
The COVID-19 crisis and its associated constraints taught us how to identify priorities based on the most important outcomes. It showed us that many of the activities we considered “priorities” before March are not really priorities. And it further highlighted resiliency as one of the key objectives of security programs to help businesses maintain productivity and drive competitive advantage.
Tomi Engdahl says:
G7 Raises Concerns About Rising Cyberattacks Amid Pandemic
https://www.securityweek.com/g7-raises-concerns-about-rising-cyberattacks-amid-pandemic
Finance ministers from the G7 industrialized countries expressed “concern” on Tuesday over the rise in “malicious cyber-attacks” in the midst of the Covid-19 pandemic, including some involving cryptocurrencies.
These ransomware attacks demanding payments often to facilitate money laundering “have been growing in scale, sophistication, and frequency” over the past two years, causing “significant economic damage and (threatening) customer protection and data privacy,” the ministers said.
“The G7 is concerned by the rising threat of ransomware attacks, particularly in light of malicious actors targeting critical sectors amid the COVID-19 pandemic,” said the statement from the US Treasury issued on the G7′s behalf following their virtual meeting.
Tomi Engdahl says:
https://thisweekin4n6.com/2020/10/11/week-41-2020/
Tomi Engdahl says:
Malware gangs love open source offensive hacking tools
Hacking tools released by security researchers often end up being abused by bad guys as well.
https://www.zdnet.com/article/malware-gangs-love-open-source-offensive-hacking-tools/
Tomi Engdahl says:
Orders from the Top: The EU’s Timetable for Dismantling End-to-End Encryption
https://www.eff.org/deeplinks/2020/10/orders-top-eus-timetable-dismantling-end-end-encryption
The last few months have seen a steady stream of proposals, encouraged by the advocacy of the FBI and Department of Justice, to provide “lawful access” to end-to-end encrypted services in the United States. Now lobbying has moved from the U.S., where Congress has been largely paralyzed by the nation’s polarization problems, to the European Union—where advocates for anti-encryption laws hope to have a smoother ride.
The public signs of this shift in the EU—which until now has been largely supportive toward privacy-protecting technologies like end-to-end encryption—began in June with a speech by Ylva Johansson, the EU’s Commissioner for Home Affairs.
Speaking at a webinar on “Preventing and combating child sexual abuse [and] exploitation”, Johansson called for a “technical solution” to what she described as the “problem” of encryption
The subsequent report was subsequently leaked to Politico. It includes a laundry list of tortuous ways to achieve the impossible: allowing government access to encrypted data, without somehow breaking encryption.
At the top of that precarious stack was, as with similar proposals in the United States, client-side scanning.
It’s also a drastically invasive step by any government that wishes to mandate it. For the first time outside authoritarian regimes, Europe would be declaring which Internet communication programs are lawful, and which are not. While the proposals are the best that academics faced with squaring a circle could come up with, it may still be too aggressive to politically succeed as enforceable regulation—even if tied, as Johannsson ensured it was in a subsequent Commission communication, to the fight against child abuse.
But while it would require a concerted political push, EU’s higher powers are gearing up for such a battle.
While conceding that “the weakening of encryption by any means (including backdoors) is not a desirable option”, the Presidency’s note also positively quoted an EU Counter-Terrorism Coordinator (CTC) paper from May (obtained and made available by German digital rights news site NetzPolitik.org), which calls for what it calls a “front-door”—a “legal framework that would allow lawful access to encrypted data for law enforcement without dictating technical solutions for providers and technology companies”.
A speech by Commissioner Johannsson tying defeating secure messaging to protecting children; a paper spelling out “technical solutions” to attempt to fracture the currently unified (or “one-sided”) opposition; and, presumably in the very near future, once the EU has published its new position on encryption, a concerted attempt to lobby members of the European Parliament for this new legal framework: these all fit the Counter-Terrorist Coordinators’ original plans.
We are in the first stages of a long anti-encryption march by the upper echelons of the EU, headed directly toward Europeans’ digital front-doors. It’s the same direction as the United Kingdom, Australia, and the United States have been moving for some time. If Europe wants to keep its status as a jurisdiction that treasures privacy, it will need to fight for it.
Tomi Engdahl says:
Silent Librarian APT right on schedule for 20/21 academic year
https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/
A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been
actively targeting universities via spear phishing campaigns since
schools and universities went back. We know that the threat actor has
used the “.me” TLD in their past campaigns against some academic
intuitions and this is still the case, along side “.tk” and “.cf”.
Phishing Landscape 2020: A Study of the Scope and Distribution of
Phishing
https://www.cauce.org/2020/10/phishinglandscape2020.html
Over a three-month collection period, we learned about more than 100,
000 newly discovered phishing sites. Sixty-five percent of maliciously
registered domain names are used for phishing within five days of
registration. As previously noted, the Freenom TLDs (.TK, .GA, .ML,
.CF, and.GQ) offer domain names for free, and at least 80% appear to
be maliciously registered
Tomi Engdahl says:
Tactical vs Strategic: CISOs and Boards Narrow Communication Gap
https://www.securityweek.com/tactical-vs-strategic-cisos-and-boards-narrow-communication-gap
91% of Survey Respondents Say Their Boards Have Increased Cybersecurity Investment in Response to COVID-19 Pandemic
A global survey of almost 1000 CISO/Senior IT decision makers shows positive signs of Boards’ willingness to invest in cybersecurity — with perhaps one major rider.
The purpose of the survey, commissioned by Thycotic, was to examine the primary drivers in cybersecurity spend decision-making. The resulting survey report shows that 91% of the respondents say their Board has increased cybersecurity investment in response to the COVID-19 pandemic, and around 60% believe they will receive more security budget next year because of COVID-19. This is a welcome sign that Boards are taking cybersecurity seriously.
Tomi Engdahl says:
FBI, DHS say hackers have gained access to election systems
https://www.foxnews.com/tech/fbi-dhs-hackers-gained-access-election-systems?cmpid=prn_newsstand
Hackers, possibly nation-state actors, have penetrated U.S. government networks and accessed election systems, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said in a joint alert.
In some cases, there was unauthorized access to election support systems, CISA added.
The agency, which is part of the Department of Homeland Security, explained there is no evidence so far that the integrity of elections data was compromised and that “it does not appear these targets are being selected because of their proximity to elections information.”
CISA did intimate that election system data could be compromised, noting “there are steps that election officials, their supporting … IT staff, and vendors can take to help defend against this malicious cyber activity.”
Tomi Engdahl says:
Amazon’s Alexa is driving IT managers crazy
https://www.zdnet.com/article/amazons-alexa-is-driving-it-managers-crazy/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
An extensive new study reveals what’s really worrying IT and security professionals. It also reveals a little of their (deeply human) hypocrisy.
This study seems to reveal that IT people are being driven demented by the fact that they have no idea what sort of Internet of Things devices are being connected to their corporate networks.
What sort of employee does that? (My suspicions fall upon the people in sales and, well, senior executives who think they can do anything,)
Grimm explained: “This is often consumer devices that the user is using for convenience. An Alexa for verbal commands, a smartwatch for email on the go, a connected coffee pot to have coffee ready for the first worker in.”
How painfully modern to think that employees need Amazon’s Alexa to function at work. And a connected coffee pot?
“The danger is that these devices aren’t typically secured by design,” Grimm told me. “They can basically be like an open door or window to the network that an attacker uses as a means to get on the network and look for more valuable resources — intellectual property, personal information, and more.”
“Once IT teams prioritize discovery and employ tools to scan the network for such devices, they can decide whether to allow them to remain, blacklist them, or add security agents to them before allowing ongoing connectivity,’ Grimm told me.
But then I noticed another oddity, one that was equally disturbing.
It seems that these IT professionals put securing delivery of patches and updates to IoT devices as their lowest priority. This despite the fact that they ranked altering the function of a device (say, by loading malware) as the biggest thing to fear.
I sensed Grimm might find this somewhat frustrating. Or even a touch hypocritical.
“It’s like replacing the tires on your car when the brakes aren’t working,” he told me. I thought I detected the rolling of eyeballs and the gritting of teeth.
Employees remain perfectly human, failing to anticipate the most dramatic issues because they’re enthralled by the mundane things technology can do for them. (And goodness do they whine when the network is suddenly down for urgent maintenance.)
IT and security professionals are also perfectly human. They might seem like automatons, but they’re just as willfully inconsistent and maddeningly myopic as everyone else.
Tomi Engdahl says:
Virginia’s online voter registration down due to ‘accidentally cut’ cable on last day to register. https://www.dailykos.com/stories/2020/10/13/1986132/-Cable-accidentally-cut-puts-VA-s-online-registration-system-offline-on-final-day-of-sign-ups
Tomi Engdahl says:
Twitter, Facebook censor Post over Hunter Biden exposé
https://nypost.com/2020/10/14/facebook-twitter-block-the-post-from-posting/
Both Twitter and Facebook took extraordinary censorship measures against The Post on Wednesday over its exposés about Hunter Biden’s emails — with Twitter baselessly charging that “hacked materials” were used.
Tomi Engdahl says:
An experienced cybercriminal can compromise a mobile app in a matter of minutes. Here’s what app developers should do to ensure their software is safe and secure.
Using source code protection to prevent hacks to your mobile apps
https://cybernews.com/editorial/using-source-code-protection-to-prevent-hacks-to-your-mobile-apps/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=hacks_mobile_apps&fbclid=IwAR2hy6k2EfcEqIDz0oCdc2Y5iuBhZu3peasR3CfSZc0t55wA4j2RtGVPaVI
I’m sure we’re all familiar with stories of popular websites being hacked, or of IT systems in airlines and banks coming under attack. We’re perhaps less familiar with the mobile apps that power our smartphones being compromised, yet it’s an increasingly popular target for attackers.
An accomplished hacker can compromise an app in a matter of minutes, thus gaining access to your database, your ERP, your intellectual property, or even your customers. It’s crucial, therefore, that app developers do all they can to ensure their software is safe and secure.
In an ideal world, apps would undergo an independent security audit before they’re launched onto the App Store or Google Play.
Developers should also endeavor to follow application security guidelines that are already well established, such as Mobile Security Testing Guide, developed by Open Web Application Security Project (OWASP).
https://owasp.org/www-project-mobile-security-testing-guide/
Tomi Engdahl says:
Google Says Chinese Hackers Are Impersonating McAfee to Trick Victims Into Installing Malware
https://gizmodo.com/google-says-chinese-hackers-are-impersonating-mcafee-to-1845399061
The same Chinese government-linked hackers who targeted the campaigns of both 2020 presidential candidates earlier this year have been trying to trick users into installing malware by posing as the antivirus provider McAfee and using otherwise legitimate online services like GitHub and Dropbox.
suspected state-sponsored cyberattackers, known as APT 31, and their latest tactics in a company blog post on Friday. In June, Google’s security team uncovered high-profile phishing scams by APT 31 and Iranian state-sponsored hackers intended to hijack the email accounts of campaign staffers with President Donald Trump and Democratic nominee Joe Biden.
https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats
Tomi Engdahl says:
Dark web voter database report casts new doubts on Russian election hack narrative
https://thegrayzone.com/2020/09/13/dark-web-voter-data-russian-election-hack-narrative/
A new report showing that US state-level voter databases were publicly available calls into question the narrative that Russian intelligence “targeted” US state election-related websites in 2016.
Kommersant reported that a user on a dark web Forum known as Gorka9 offered free access to databases containing the information of 7.6 million Michigan voters, along with the state voter databases of Connecticut, Arkansas, Florida and North Carolina.
The DHS and the FBI both acknowledged in response to the Kommersant story that “a lot of voter registration data is publicly available or easily purchased.”
databases can be mined for profits on the dark web, primarily by selling them to scam artists working on a mass scale. Gorka9 was offering state voter files for free because the owner had already squeezed all the potential profit out of selling them.
For the Russian government, on the other hand, such databases would be of little or no value.
Back in 2016, the Department of Homeland Security did its best to market the narrative of Russian infiltration of American voting systems. At the time, the DHS was seeking to increase its bureaucratic power by adding election infrastructure to its portfolio of cybersecurity responsibilities, and exploiting the Russian factor was just the ticket to supercharge their campaign.
They stated it had “established that Internet-connected election-related networks, including websites, in 21 states were potentially targeted by Russian government cyber actors.” That “potentially targeted” language gave away the fact that DHS didn’t have anything more than suspicion to back up the charge.
Ironically, DHS had speculated in its initial intelligence report that “that cyber operations targeting election infrastructure could be intended or used to undermine public confidence in electoral processes and potentially the outcome.”
That speculation, reiterated by corporate media, became a central feature of the Russiagate hysteria
The hysteria surrounding the supposed Russian threat to elections is far from over. The Senate Intelligence Committee report released in July 2019 sought to legitimize the contention by former Obama cyber security adviser Michael Daniel that Russia “may have” targeted all fifty states for cyber attacks on election-related sites. In explaining his reasoning to the Senate committee’s staff, Daniel said: “My professional judgment was we have to work on the assumption [Russians] tried to go everywhere, because they’re thorough, they’re competent, they’re good.”
the Senate Committee report that it could not distinguish between a state-sponsored hack and a criminal hack. This August, the senior cybersecurity adviser for the Cybersecurity and Infrastructure Security Agency (CISA), Matthew Masterson, said, “We are not and have not seen specific targeting of those election systems that has been attributable to nation-state actors at this time…. We do see regular scanning, regular probing of election infrastructure as a whole, what you’d expect to see as you run IT systems.”
Despite these stunning admissions, DHS has faced no official accountability for deliberately slanting its intelligence assessment to implicate Russia for common criminal hacking activity.
Tomi Engdahl says:
Oh wow! A report in a Russian newspaper about the legitimacy of Russian hacking casts doubt on Russian hacking claims by US government agencies..
Tomi Engdahl says:
Google warned users of 33,000 state-sponsored attacks in 2020
https://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/
Google delivered over 33,000 alerts to its users during the first
three quarters of 2020 to warn them of state-sponsored phishing
attacks targeting their accounts.
Tomi Engdahl says:
Political campaign emails contain dark patterns to manipulate donors,
voters
https://www.zdnet.com/article/political-campaign-emails-contain-dark-patterns-to-manipulate-donors-voters/
Princeton researchers analyzed 100,000 different campaign emails from
more than 3,000 political candidates.. US political candidates use
psychological tricks and dark patterns in their emails to manipulate
supporters to donate money and mobilize voters.
Tomi Engdahl says:
Suomi julkisti näkemyksensä kansainvälisestä oikeudesta
kyberympäristössä
https://um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/suomi-julkisti-n-c3-a4kemyksens-c3-a4-kansainv-c3-a4lisest-c3-a4-oikeudesta-kyberymp-c3-a4rist-c3-b6ss-c3-a4
Tomi Engdahl says:
Nation-state actor hit Google with the largest DDoS attack
https://www.bleepingcomputer.com/news/security/nation-state-actor-hit-google-with-the-largest-ddos-attack/
In an overview of distributed denial-of-service (DDoS) trends
targeting its network links, Google revealed that in 2017 a
nation-state actor used massive firepower that amounted to more than
2.54 terabits per second.
Tomi Engdahl says:
5 things you can do to secure your home office without hiring an
expert
https://www.welivesecurity.com/2020/10/16/5-things-you-can-do-secure-home-office-without-hiring-expert/
You dont need a degree in cybersecurity or a bottomless budget to do
the security basics well here are five things that will get you on
the right track
Tomi Engdahl says:
83% Of Enterprises Transformed Their Cybersecurity In 2020
https://www.forbes.com/sites/louiscolumbus/2020/10/18/83-of-enterprises-transformed-their-cybersecurity-in-2020/
Tomi Engdahl says:
Laurens Cerulus / Politico:
Sources: EU is finalizing a plan to toughen export controls on “dual use” technologies, including hacking software and facial recognition systems — EU needs to make sure ‘China or Russia are not simply given the newest technology,’ lead negotiator says.
Europe to crack down on surveillance software exports
https://www.politico.eu/article/europe-to-curtail-spyware-exports-to-authoritarian-countries/
EU needs to make sure ‘China or Russia are not simply given the newest technology,’ lead negotiator says.
The European Union is finalizing a plan to toughen export controls on technologies used for espionage and surveillance outside the bloc, two officials involved in the negotiation told POLITICO.
The new restrictions would affect exports of “dual use” technologies, including hacking software and facial recognition systems, by requiring companies to obtain a license to sell such products abroad and governments to publish details about the licenses they grant.
The move strengthens the case of security hawks who have been calling for a bolder response to surveillance practices in countries like China. Export controls have taken center stage in the raging trade conflict between the U.S. and China as Washington pummeled telecom giant Huawei with such restrictions over the past two years.
European countries “need to make sure that authoritarian regimes such as China or Russia are not simply given the newest technology for our short term profit. They have [been] shown to copy, steal and use this technology against us and other democratic countries,” said Markéta Gregorová, an MEP from the Czech Pirate Party and lead negotiator on the file.
“For the EU to be a global player and to continue to set values-based rules for trade and technology this legislation was an important test” — Marietje Schaake, international policy director at Stanford University’s Cyber Policy Center
Tomi Engdahl says:
Scammers Seize on US Election, But It’s Not Votes They Want
https://www.securityweek.com/scammers-seize-us-election-its-not-votes-they-want
The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote.
But Harvard University graduate student Maya James did not click. Instead, she Googled the name of the soliciting PAC. It didn’t exist — a clue the email was a phishing scam from swindlers trying to exploit the U.S. presidential election as a way to steal peoples’ personal information.
“There was not a trace of them,” James, 22, said. “It was a very inconspicuous email, but I noticed it used very emotional language, and that set off alarm bells.” She deleted the message, but related her experience on social media to warn others.
American voters face an especially pivotal, polarized election this year, and scammers here and abroad are taking notice — posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It’s not votes they’re after, but to win a voter’s trust, personal information and maybe a bank routing number.
Tomi Engdahl says:
U.S. Charges Russian Intelligence Officers for NotPetya, Industroyer Attacks
https://www.securityweek.com/us-charges-russian-intelligence-officers-notpetya-industroyer-attacks
The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.
The defendants are Yuriy Sergeyevich Andrienko, aged 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Ochichenko, 27, and Petr Nikolayevich Pliskin, 32.
They have all been charged with damaging protected computers, conspiracy to conduct computer fraud and abuse, wire fraud, conspiracy to commit wire fraud, and aggravated identity theft.
Tomi Engdahl says:
Singapore’s World-First Face Scan Plan Sparks Privacy Fears
https://www.securityweek.com/singapores-world-first-face-scan-plan-sparks-privacy-fears
Singapore will become the world’s first country to use facial verification in its national ID scheme, but privacy advocates are alarmed by what they say is an intrusive system vulnerable to abuse.
From next year, millions of people living in the city-state will be able to access government agencies, banking services and other amenities with a quick face scan.
This biometric check will do away with the need to remember a password or security dongle when performing many everyday tasks, its creators say.
It is part of the financial hub’s drive to harness technology, from ramping up the use of electronic payments to research on driverless transport.
“We want to be innovative in applying technology for the benefit of our citizens and businesses,” Kwok Quek Sin, who works on digital identification at Singapore’s technology agency GovTech, told AFP.
Facial verification has already been adopted in various forms around the world, with Apple and Google implementing the technology for tasks like unlocking phones and making payments.
Governments have also deployed it at airports for security checks on travellers.
But Singapore’s rollout is one of the most ambitious yet, and the first to attach facial verification to a national identification database.
The technology captures a series of photos of a person’s face in various lights.
These images are matched with other data already available to the government such as national identity cards, passports and employment passes.
Safeguards ensure the process is secure, said Lee Sea Lin of digital consultancy Toppan Ecquaria, which is working with GovTech to implement the technology.
Tomi Engdahl says:
US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit
https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/
The Department of Justice has named and charged six men for allegedly
carrying out many of the most costly cyberattacks in history.. see
also
https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and.
indictment
https://www.justice.gov/opa/press-release/file/1328521/download. see
also
https://www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games
Tomi Engdahl says:
Cloud Threat Hunting: Attack & Investigation Series- Privilege
Escalation via Lambda
https://blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/
Cloud breaches are becoming increasingly prevalent in this modern
digital era. One of the more dangerous strategies attackers deploy
during a cloud breach is Privilege escalation. They use this to move
laterally within a cloud environment and access sensitive assets.
Tomi Engdahl says:
// Learn how to issue Let’s Encrypt wildcard certificate with acme sh and Cloudflare DNS on Linux or Unix system https://www.cyberciti.biz/faq/issue-lets-encrypt-wildcard-certificate-with-acme-sh-and-cloudflare-dns/
Tomi Engdahl says:
Google discloses previously unknown DDoS attack.
Google says it mitigated a 2.54 Tbps DDoS attack in 2017, largest known to date
https://www.zdnet.com/article/google-says-it-mitigated-a-2-54-tbps-ddos-attack-in-2017-largest-known-to-date/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
The Google Cloud team revealed today a previously undisclosed DDoS attack that targeted Google service back in September 2017 and which clocked at 2.54 Tbps, making it the largest DDoS attack recorded to date.
Damian Menscher, a Security Reliability Engineer for Google Cloud, said the 2.54 Tbps peak was “the culmination of a six-month campaign” that utilized multiple methods of attacks to hammer Google’s server infrastructure.
Menscher didn’t reveal which services were targeted.
“The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us,” Menscher said.
“This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier [in 2016].”
Furthermore, this attack is also larger than the 2.3 Tbps DDoS attack that targeted Amazon’s AWS infrastructure in February this year.
The Google TAG team wanted to raise awareness to an increasing trend of nation-state hacker groups abusing DDoS attacks to disrupt targets.
Exponential growth in DDoS attack volumes
https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks
Security threats such as distributed denial-of-service (DDoS) attacks disrupt businesses of all sizes, leading to outages, and worse, loss of user trust. These threats are a big reason why at Google we put a premium on service reliability that’s built on the foundation of a rugged network.
To help ensure reliability, we’ve devised some innovative ways to defend against advanced attacks. In this post, we’ll take a deep dive into DDoS threats, showing the trends we’re seeing and describing how we prepare for multi-terabit attacks, so your sites stay up and running.
So, how can we simplify the problem to make it manageable? Rather than focus on attack methods, Google groups volumetric attacks into a handful of key metrics:
bps network bits per second → attacks targeting network links
pps network packets per second → attacks targeting network equipment or DNS servers
rps HTTP(S) requests per second → attacks targeting application servers
This way, we can focus our efforts on ensuring each system has sufficient capacity to withstand attacks, as measured by the relevant metrics.
bps (network bits per second)
Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack. Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact. The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.
pps (network packets per second)
We’ve observed a consistent growth trend, with a 690 Mpps attack generated by an IoT botnet this year. A notable outlier was a 2015 attack on a customer VM, in which an IoT botnet ramped up to 445 Mpps in 40 seconds—a volume so large we initially thought it was a monitoring glitch!
rps (HTTP(S) requests per second)
In March 2014, malicious javascript injected into thousands of websites via a network man-in-the-middle attack caused hundreds of thousands of browsers to flood YouTube with requests, peaking at 2.7 Mrps (millions of requests per second). That was the largest attack known to us until recently, when a Google Cloud customer was attacked with 6 Mrps. The slow growth is unlike the other metrics, suggesting we may be under-estimating the volume of future attacks.
Cloud-based defenses
We recognize the scale of potential DDoS attacks can be daunting. Fortunately, by deploying Google Cloud Armor integrated into our Cloud Load Balancing service—which can scale to absorb massive DDoS attacks—you can protect services deployed in Google Cloud, other clouds, or on-premise from attacks. We recently announced Cloud Armor Managed Protection, which enables users to further simplify their deployments, manage costs, and reduce overall DDoS and application security risk.
Having sufficient capacity to absorb the largest attacks is just one part of a comprehensive DDoS mitigation strategy. In addition to providing scalability, our load balancer terminates network connections on our global edge, only sending well-formed requests on to backend infrastructure. As a result it can automatically filter many types of volumetric attacks.
For example, UDP amplification attacks, synfloods, and some application-layer attacks will be silently dropped. The next line of defense is the Cloud Armor WAF, which provides built-in rules for common attacks, plus the ability to deploy custom rules to drop abusive application layer requests using a broad set of HTTP semantics.
Working together for collective security
Google works with others in the internet community to identify and dismantle infrastructure used to conduct attacks. As a specific example, even though the 2.5 Tbps attack in 2017 didn’t cause any impact, we reported thousands of vulnerable servers to their network providers, and also worked with network providers to trace the source of the spoofed packets so they could be filtered.
We encourage everyone to join us in this effort. Individual users should ensure their computers and IoT devices are patched and secured. Businesses should report criminal activity, ask their network providers to trace the sources of spoofed attack traffic, and share information on attacks with the internet community in a way that doesn’t provide timely feedback to the adversary. By working together, we can reduce the impact of DDoS attacks.
Tomi Engdahl says:
Cybersecurity Awareness Month reminder: Ensure everything connected is protected
https://cybernews.com/security/ensure-everything-connected-is-protected/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=everything_connected&fbclid=IwAR3MtK9ritEsh5LpOraSV3dqh0wMHykON9w1f0FX98MWP5PrdxMoODWxFKo
The leaves are falling from the trees, Halloween costumes and pumpkin spice lattes are unavoidable. October is officially here. But that also means that it’s time to put the threat of COVID to one side for a few weeks and celebrate National Cybersecurity Awareness Month or NCSAM as techies prefer to call it.
The ECSM in Europe and the FBI in the US are also urging users to protect their digital lives. Online communities are encouraged to think about their personal accountability when drifting seamlessly between an increasing number of always-connected devices. Here are a few steps you can take to prevent your smart home from becoming a cyber-attack in the waiting.
If you connect it, protect it
We’re living in a hyperconnected world where even your next toaster will ask for your wifi password. But will these devices still receive security patches five years from now?
Taking the simple step of changing the password that devices connect to along with the router password that gives you access to the settings is a great starting point. Secure WPA2 authentication or WPA 3 on newer routers will put you in a much safer position than the average user.
Most people accept that if they do not update the security on their laptops or smartphones, it will increase the chances of being exploited by a cyber attacker. But many forget this simple rule with every other device that connects to their router. If any device is not regularly patched with security updates or firmware, it will create a weak entry point into the network.
Personal accountability
Is your private digital life really private? The inconvenient truth is probably not. The many selfies you have uploaded to the web might have already been scraped from the web by tech companies and could now be stored in a law enforcement database. Some agencies are even using big data to fuel algorithms that will help them predict who might commit a crime as Minority Report-esque policing becomes a reality.
Managing risk when working from home
Change and uncertainty are like currency to cyber attackers. Unsurprisingly, there has been a 72% increase in ransomware attacks since the COVID-19 outbreak. Elsewhere, Google detected 18 million malware and phishing messages per day related to COVID-19. As employees leave the safety of the corporate network, employees run the risk of becoming the weakest link in cybersecurity defenses.
Tomi Engdahl says:
NSA: Top 25 vulnerabilities actively abused by Chinese hackers
https://www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/
In an advisory issued today, the NSA said that it is aware of targeted attacks by Chinese state-sponsored hackers against National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and the Department of Defense (DoD) information networks.
NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs
https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2387347/nsa-warns-chinese-state-sponsored-malicious-cyber-actors-exploiting-25-cves/
Tomi Engdahl says:
NSA: Top 25 vulnerabilities actively abused by Chinese hackers
https://www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/
The U.S. National Security Agency (NSA) warns that Chinese
state-sponsored hackers exploit 25 different vulnerabilities in
attacks against U.S. organizations and interests.. see also
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
Tomi Engdahl says:
Mirai-alike Python Scanner
https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/
Tomi Engdahl says:
Facebook: A Top Launching Pad For Phishing Attacks
https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged
by cybercriminals in phishing and fraud attacks including a recent
strike on a half-million Facebook users.
Tomi Engdahl says:
Civil Liberties Group Urges EU To Limit Data Transfers To The UK Post-Brexit
https://www.forbes.com/sites/carlypage/2020/10/12/civil-liberties-group-urges-eu-to-limit-data-transfers-to-the-uk-post-brexit/#8071a6a698ca
The Irish Council of Civil Liberties (ICCL) has urged the European Commission (EC) to limit EU data transfers to the UK after Brexit because of the “dismal record” of the UK Information Commissioner’s Office (ICO).
He claims the ICO cannot be tried on to protect European’s data rights, a duty is established in Article 45 of the GDPR legislation.
“The ICO has failed over the last two years to take any substantive action against the largest data breach that the UK and EU have ever experienced. It would be unreasonable to anticipate that it will perform any better after Brexit is complete,” Ryan wrote in the letter, which was sent to to three European Commissioners, Margrethe Vestager (Competition and Digital), Didier Reynders (Justice) and Thierry Breton (Internal Market).
“The UK lacks an effective independent supervisory authority that is capable of enforcing compliance with data protection law and vindicating data subjects’ rights. As a consequence, the personal data of data subjects in the union do not at present have an adequate level of protection in the UK.
Tomi Engdahl says:
Over 2,000 U.S. Law Enforcement Agencies Have Tools To Unlock Encrypted Phones, Report Finds
https://www.forbes.com/sites/siladityaray/2020/10/21/over-2000-us-law-enforcement-agencies-have-tools-to-unlock-encrypted-phones-report-finds/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
At least 2,000 law enforcement agencies in all 50 states of the U.S. now have access to tools that allow them to get into locked or encrypted smartphones and extract data from it, researchers have found.
Tomi Engdahl says:
Moving to a cloud, not a storm
https://www.ncsc.gov.uk/blog-post/move-to-a-cloud-not-a-storm
Avoiding common problems when moving to the cloud.
Tomi Engdahl says:
The Internet of Things Security Foundation (IoTSF), an effort aimed at improving the security of IoT, has launched an online platform designed to make the reporting of vulnerabilities in IoT devices easier.
https://www.securityweek.com/iot-security-foundation-launches-vulnerability-reporting-platform
Tomi Engdahl says:
Opt out on your terms
Facebook can track almost all your web activity and tie it to your Facebook identity. If that’s too much for you, the Facebook Container extension isolates your identity into a separate container tab, making it harder for Facebook to track you on the web outside of Facebook.
Facebook. Well contained. Keep the rest of your life to yourself.
https://www.mozilla.org/en-US/firefox/facebookcontainer/
The Facebook Container Extension is currently only available for Firefox for Desktop.
Tomi Engdahl says:
Expired TLS/SSL certificates can cause downtime and confusion for end-users. Hence, it is crucial to monitor the expiry date for our TLS/SSL certificates. Let us see how to find out TLS/SSL cert expiry date from the Linux/Unix CLI and write a simple script to alert developers/sysadmin. https://www.cyberciti.biz/faq/find-check-tls-ssl-certificate-expiry-date-from-linux-unix/
Tomi Engdahl says:
Cybersecurity company finds hacker selling info on 186 million U.S. voters
https://www.nbcnews.com/politics/2020-election/cybersecurity-firm-finds-hacker-selling-info-148-million-u-s-n1244211
The cybersecurity company Trustwave said the hacker was offering 186 million U.S. voter records and 245 million records of other personal data.
A cybersecurity company says it has found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million.
The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.
Much of the data identified by Trustwave, a global cybersecurity company, is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. But the fact that so many names, email addresses, phone numbers and voter registration records were found for sale in bulk on the so-called dark web underscores how easily criminals and foreign adversaries can deploy it
Tomi Engdahl says:
U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.
The cybersecurity company Trustwave said the hacker was offering 186 million U.S. voter records and 245 million records of other personal data.
Cybersecurity company finds hacker selling info on 186 million U.S. voters
https://www.nbcnews.com/politics/2020-election/cybersecurity-firm-finds-hacker-selling-info-148-million-u-s-n1244211
Access To and Use Of Voter Registration Lists
https://www.ncsl.org/research/elections-and-campaigns/access-to-and-use-of-voter-registration-lists.aspx
Tomi Engdahl says:
Some say that the password is an outdated concept and therefore recommend using biometric authentication. But the latter comes with its own flaws.
The Achilles’ heel of biometrics: is it safe to ditch passwords?
https://cybernews.com/security/the-achilles-heel-of-biometrics-is-it-safe-to-ditch-passwords/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=achilles_heel_of_biometrics&fbclid=IwAR3NJ-Rqx_Zr5gcDMyzRivt8zfMf54Cs5Zhcpkh5PFAWFsLZ-YvdzoCjPQU
Some say that the password is an outdated concept and therefore recommend using biometric authentication. But the latter comes with its own flaws.
The death of the password has been announced many times before. But currently, it’s not possible to ditch passwords and rely solely on biometric identification. CyberNews asked prominent cybersecurity experts which is worse: sharing your passwords or your fingerprints?
Tomi Engdahl says:
Passwords can be changed. Plus, it is not an invasion of privacy
Tomi Engdahl says:
U.S.: Russian hackers targeting state, local governments on eve of election
https://www.politico.com/news/2020/10/22/russian-hackers-state-local-governments-431327
The attackers may be trying to gain footholds in U.S. computer networks to aid subsequent efforts to undermine the American political process, the federal advisory warned
The Russian government is behind a recent campaign of cyberattacks on state and local governments and aviation networks that has stolen data from at least two victims, federal officials said Thursday in the latest public alarm about foreign hackers’ efforts in the run-up to Election Day.
A Russian hacking team best known for attacks on energy companies “has conducted a campaign against a wide variety of U.S. targets” including “dozens” of state and local governments, the FBI and DHS’s Cybersecurity and Infrastructure Security Agency said in an alert.