Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
Penetration Testing Your AWS Environment – A CTO’s Guide https://thehackernews.com/2021/10/penetration-testing-your-aws.html
So, you’ve been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly?. There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS.
Tomi Engdahl says:
16-31 August 2021 Cyber Attacks Timeline https://www.hackmageddon.com/2021/10/07/16-31-august-2021-cyber-attacks-timeline/
Here we go! The second timeline of August 2021 is out (first one here) covering the main cyber attacks occurred in the second fortnight of the same month. And it looks like that the end of Summer led to a decrease in the number of attacks with 78 events, corresponding to the minimum value of the last 12 months. Ransomware continues to dominate the threat landscape, but its percentage dropped to 24.4% (19 out of
78 events) in contrast with 39.6% of the previous fortnight.
Tomi Engdahl says:
U.S. to tell critical rail, air companies to report hacks, name cyber chiefs https://www.reuters.com/technology/exclusive-us-tell-critical-rail-air-companies-report-hacks-name-cyber-chiefs-2021-10-06/
The Transportation Security Administration will introduce regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday. The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical”
U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur.
Tomi Engdahl says:
CISA Releases Guidance: TIC 3.0 Remote User Use Case https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/cisa-releases-guidance-tic-30-remote-user-use-case
In coordination with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote User Use Case provides federal agencies with guidance on applying network and multi-boundary security for agencies that permit remote users on their networks. In accordance with OMB Memorandum M-19-26, this use case builds off TIC 3.0 Interim Telework Guidance originally released in Spring 2020.
Tomi Engdahl says:
Vakoilu tapahtuu verkossa Suomi mainittiin useasti toimeksiantajan
kotimaana: saattaa hätkäyttää monia
https://www.tivi.fi/uutiset/tv/ff50969f-b2cd-4e26-b6a1-0d7c1022d690
Vääräleukojen vanhan sanonnan mukaan t&k-raha tuottaa parhaiten yritysvakoiluun sijoitettuna. Korona-aika on laittanut vakoilun uusille kierroksille. Etätyö on lisännyt yrityssalaisuuksien vuotamista ulkopuolisille. Kauppakamarin selityksessä joka kymmenes yritys kertoi salaisen tiedon vaarantuneen etätyön seurauksena.
Sähköpostien lukeminen ja tietoliikenteen hyödyntäminen on yleisin nykyisin yritysvakoilun yleisin muoto. Kotona suojaukset eivät ole välttämättä samaa tasoa kuin työpaikalla, Helsingin kauppakamarin asiantuntija Panu Vesterinen toteaa.
Tomi Engdahl says:
Tietoturvan “rokkitähti” Mikko Hyppönen neuvoo: Älä jaa kavereidesi tietoja hövelisti ja verkkopankkia kannattaa käyttää kännykällä https://yle.fi/uutiset/3-12134104?
Kun F-securen tutkimusjohtajan ja tietoturvan asiantuntijan Mikko Hyppösen kasvot näkyvät televisioruuduissa ja lehtikuvissa, yleensä jotain ikävää on tapahtunut. Joo, kyllä se niin tahtoo olla, että kun tuolla tietoturvakentällä jotain tapahtuu jonnekin murtaudutaan tai jotain tietoja vuotaa puhelin alkaa soida. Mielellänihän näitä tietysti myös kommentoin. Olen niin monta vuotta tätä tehnyt ja pikku hiljaa alan oppimaan, miten näitä monimutkaisia nykyteknologian aiheita pitää selittää niin, että me kaikki ymmärrettäisiin, .
Hyppönen sanoo.
Tomi Engdahl says:
Aerospace, Telecommunications Companies Victims of Stealthy Iranian Cyber-Espionage Campaign https://www.darkreading.com/attacks-breaches/aerospace-firms-telcos-victim-of-stealthy-iranian-cyber-espionage-campaign
A previously unknown advanced persistent threat group likely backed by the Iranian government has been quietly carrying out a sophisticated cyber-espionage campaign against aerospace and telecommunication companies since at least 2018. The campaign has mainly targeted firms in the Middle East and more recently, the United States, Russia, and Europe. Security researchers from Cybereason who have been tracking the campaign have dubbed it Operation GhostShell and attributed it to a new threat group they are calling MalKamak.
Tomi Engdahl says:
What’s in a Threat Group Name? An Inside Look at the Intricacies of Nation-State Attribution
https://www.securityweek.com/whats-threat-group-name-inside-look-intricacies-nation-state-attribution
Understanding the naming conventions of various threat groups can help us better understand the overall threat landscape
Threat group names are an inescapable consequence of cybersecurity malware research. How to name the group is a problem. Why there are so many different names for what may appear to be the same threat group is a related problem.
We’ve all seen “Strontium (APT28, Fancy Bear)”; and sometimes with many more names in parentheses. But what does this tell us? Possibly more than we realize, but probably less than we believe. What, exactly, goes into naming these APT actors, and how are they related?
The three names above come from Microsoft, Mandiant and CrowdStrike. Within each company’s naming conventions, we know that all three research companies believe the threat group to be nation-state affiliated. And from the last, the suffix ‘Bear’ associates that nation state with Russia.
But we know nothing for certain. All we know Is that the researchers have seen something in the malware campaign they are analyzing that has similarities with a threat group given a different name by different researchers. These different names are a blessing, a necessity, and a curse -‒ and understanding how and why researchers name the different threat groups can help us better understand the overall threat landscape.
The need for a name
A name is a label that is used to formalize ideas into an entity. It provides form and limits the form of the ideas. Nothing really exists without a name.
Researchers will first detect what looks like malicious behavior happening to one of their customers. They may detect other very similar examples with other customers. This becomes a cluster of activity – but it is still basically an idea. As they dig deeper, the idea of a single entity behind the cluster may become more formalized until the reality of specific group activity cannot be denied. At this point, the group must be named so that the idea has shape.
Tomi Engdahl says:
Microsoft: Russia Behind 58% of Detected State-Backed Hacks
https://www.securityweek.com/microsoft-russia-behind-58-detected-state-backed-hacks
Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.
The devastating effectiveness of the long-undetected SolarWinds hack — it mainly breached information technology businesses including Microsoft — also boosted Russian state-backed hackers’ success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months.
China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021.
While Russia’s prolific state-sponsored hacking is well known, Microsoft’s report offers unusually specific detail on how it stacks up against that by other U.S. adversaries.
The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation. Ransomware attacks are criminal and financially motivated.
By contrast, state-backed hacking is chiefly about intelligence gathering — whether for national security or commercial or strategic advantage — and thus generally tolerated by governments, with U.S. cyber operators among the most skilled. The report by Microsoft Corp., which works closely with Washington government agencies, does not address U.S. government hacking.
Tomi Engdahl says:
How Integration is Evolving: The X Factor in XDR
https://www.securityweek.com/how-integration-evolving-x-factor-xdr
XDR must be approached as an open architecture where integration is the linchpin
Over the past couple of months, I’ve talked about how adversaries are evolving their approaches to attacks and the ripple effect that is having on our approach to detection and response.
Detection now requires a breadth and depth of information from disparate systems and sources across the infrastructure, with data and actions brought into a single view, so you can gain a comprehensive understanding of the threat you are facing and know what you must defend.
Response is changing in parallel. Because multiple systems are now involved in attacks, we need to be able to put the pieces together to get a complete picture of what is happening. Response is predicated on the capability to look beyond one file or system to find all related events and data across the organization, connecting the dots and contextualizing with additional intelligence so you can remediate and respond to an incident across the infrastructure.
Enter Extended Detection and Response (XDR). There has been a lot of confusion with respect to what XDR is. Much of this stems from initial definitions of XDR as a solution built off of Endpoint Detection and Response (EDR) solutions, where “X” is simply an “extension” or “next-generation” of EDR. But if you consider how detection and response are evolving, we need to rethink how we view “X”.
John Oltsik of ESG captured the need to clarify X when he tweeted: “I for one am sick of hearing that XDR is really an extension of EDR. Wrong! XDR assumes the whole is greater than the sum of its parts. EDR is a part.” His commentary that XDR is more than EDR means integration with additional security tools is critical.
The goal of XDR is detection and response across the infrastructure, across all attack vectors, across different vendors, and across security technologies that are cloud based and on premises. This cannot be achieved if you simply think of XDR as a souped-up solution. To get there, XDR must be approached as an open architecture where integration is the linchpin, the X in XDR. What’s more, integration capabilities must be broad and deep to bring data together and drive action.
Let’s start with the data requirements. Integration must be broad to cover any tool the enterprise has, including all internal data sources – the SIEM system, log management repository, case management system and security infrastructure – on premise and in the cloud.
Integration must also be deep to facilitate the exchange of information for action. With the dots connected to reveal a bigger picture of an attack, you can execute a comprehensive and coordinated response, performing actions across multiple systems and sending associated data back to the right tools across your defensive grid immediately and automatically to accelerate response. Blocking threats, updating policies and addressing vulnerabilities happens faster. Deep integration is also bi-directional to include the ability to send data from the response back to a central repository for learning and improvement.
Tomi Engdahl says:
Kyberturvahyökkäykset kaksinkertaistuivat viime vuodesta
https://etn.fi/index.php/13-news/12670-kyberturvahyoekkaeykset-kaksinkertaistuivat-viime-vuodesta
Tietoturvayhtiö Check Point Softwaren tutkijat kertovat, että kyberhyökkäykset Suomessa ovat lisääntyneet 96 prosenttia viime vuodesta. Viikoittain hyökkäyksiä kohtaa Suomessa keskimäärin 529 organisaatiota.
Keskimäärin Euroopassa hyökättiin 665 yritykseen viikoittain, mikä on 65 prosenttia useampaan kuin viime vuonna. Maailmanlaajuisesti hyökkäykset ovat lisääntyneet viime vuodesta 40 prosenttia. Suomessa teollisuus on tällä hetkellä hyökkääjien eniten suosima kohde.
Kiristyshyökkäyksiä on tänä vuonna Suomessa kohdistunut 1,3 prosenttiin organisaatioista viikoittain, mikä on 5 prosenttia vähemmän kuin viime vuonna. Kiristysohjelmien ykkönen on Mailto, jonka kohteesi on joutunut lähes joka kymmenes yritys (8 prosenttia yrityksistä).
Tomi Engdahl says:
F-Securen Hyppöseltä kyberturvallisuuskirja
https://www.uusiteknologia.fi/2021/10/08/f-securen-hypposelta-kyberturvallisuuskirja/
F-Securen tietoturva-asiantuntija Mikko Hyppönen on koonnut uuteen Internet-kirjaansa tietoja mitä jokaisen meistä tulee tietää internetin uhkista ja mahdollisuuksista IoT-ajan kynnyksellä. Samalla hän kertoo myös omasta matkastaan tietoturvan parissa.
Mikko Hyppönen
Internet
Internet on parasta ja pahinta mitä meille on tapahtunut.
https://www.wsoy.fi/kirja/mikko-hypponen/internet/9789510464410
Tomi Engdahl says:
China Wants Your Data — And May Already Have It
https://www.npr.org/2021/02/24/969532277/china-wants-your-data-and-may-already-have-it
As COVID cases began to rise a year ago, a Chinese company contacted several U.S. states and offered to set up testing labs. As a byproduct, the Chinese firm, Beijing Genomics Institute, would likely gain access to the DNA of those tested.
The offer was tempting for states struggling to set up their own testing facilities for a new virus on short notice. But U.S. national security officials urged the states to reject the offer, citing concerns about how China might use personal data collected on Americans.
Biotech companies in China, the U.S. and elsewhere routinely collect DNA data and use it to help guide the development of cutting-edge medicines that can benefit people worldwide. And BGI says it abides by all the laws in countries where it operates.
However, human rights groups say the Chinese government uses DNA testing for security purposes — such as identifying and tracking Uigher Muslims, the ethnic and religious minority whose members are being held in detention camps, in huge numbers, in western China.
Tomi Engdahl says:
Vältä näitä: Tässä 3 pahinta tietoturvamokaa https://www.is.fi/digitoday/tietoturva/art-2000008263579.html
Tomi Engdahl says:
https://www.zdnet.com/article/dont-want-to-get-hacked-then-avoid-these-three-exceptionally-dangerous-cybersecurity-mistakes/
Tomi Engdahl says:
Common initial attack vectors
https://www.kaspersky.com/blog/most-common-initial-attack-vectors/42379/
Other companies frequently call in our experts for emergency assistance with incident response, to conduct (or help conduct) investigations, or to analyze cybercriminals tools. Throughout 2020, we collected a wealth of data for a view on the modern threat landscape that helps us predict the most likely attack scenarios including the most common initial attack vectors and choose the best defensive tactics.
Tomi Engdahl says:
EDR Bypasses
https://windowsir.blogspot.com/2021/10/edr-bypasses.html
During my time in the industry, I’ve been blessed to have opportunities to engage with a number of different EDR tools/frameworks at different levels. Mike Tanji offered me a look at Carbon Black before carbonblack.com existed, while it still used an on-prem database. I spent a very good deal of time working directly with Secureworks Red Cloak, and I’ve seen CrowdStrike Falcon and Digital Guardian’s framework up close. I’ve seen the birth and growth of Sysmon, as well as MS’s “internal” Process Tracking (which requires an additional Registry modification to record full command lines).
Tomi Engdahl says:
Microsoft: Russian state hackers behind 53% of attacks on US govt agencies https://www.bleepingcomputer.com/news/security/microsoft-russian-state-hackers-behind-53-percent-of-attacks-on-us-govt-agencies/
Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. “Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% largely agencies involved in foreign policy, national security or defense,” said Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust..
Report:
https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/
Tomi Engdahl says:
NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques https://us-cert.cisa.gov/ncas/current-activity/2021/10/08/nsa-releases-guidance-avoiding-dangers-wildcard-tls-certificates
The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). A malicious cyber actor with network access can exploit this vulnerability to access sensitive information.
Tomi Engdahl says:
Singapore tweaks cybersecurity strategy with OT emphasis https://www.zdnet.com/article/singapore-tweaks-cybersecurity-strategy-with-ot-emphasis/
Singapore has tweaked its cybersecurity strategy to beef up its focus on operational technology (OT), offering a new competency framework to provide guidance on skillsets and technical competencies required for OT industry sectors. The revised national cybersecurity roadmap also looks to bolster the overall cybersecurity posture and foster international cyber cooperation. The 2021 cybersecurity strategy also would build on efforts to safeguard Singapore’s critical information infrastructure (CII) and other digital infrastructure, said Cyber Security Agency (CSA). The government organization said it would work with CII operators to beef up the cybersecurity of OT systems where cyber attacks could pose physical and economic risks.
Tomi Engdahl says:
Suojaa kotisi kyberhyökkäykseltä toimi näin
https://www.iltalehti.fi/tietoturva/a/117519ec-954a-40ae-ac3a-d46cde340a26
Lokakuussa vietetään Euroopan kyberturvallisuuskuukautta, jonka tarkoitus on nostaa esiin tärkeitä tietoturvaan liittyviä aiheita.
Vaikka joskus tietoturvaloukkaukseen ei voi itse vaikuttaa mitenkään, on kuitenkin paljon sellaista, johon voi ja pitääkin vaikuttaa itse.
Kyberturvallisuuskeskus jakoi sivuillaan viisi vinkkiä kodin kyberturvallisuudesta huolehtimiseen.
Tomi Engdahl says:
Kolumni: Rahaa kyberpuolustukseen
https://www.tivi.fi/uutiset/tv/4513a081-af60-48f7-8e63-7843f2bc563e
Neljän vuoden välein julkaistava puolustusselonteko ilmestyi 9.
syyskuuta. Se kuvastaa Suomen näkemystä turvallisuustilanteesta ja tulevaisuuden uhkista. Kyber-alkuisia sanoja löytyy yhteensä 56 kappaletta. Uusi muotitermi näyttää olevan sanahirviö informaatiotoimintaympäristö, joka esiintyy peräti viisi kertaa.
Informaatioturvallisuus voidaan laskea osaksi kyberturvallisuutta, joten yhteensä uudet uhkakuvat mainitaan 61 kertaa. Edellisessä, vuoden 2017 selonteossa, kyber-alkuisia sanoja oli 17 kappaletta.
Informaatiovaikuttaminen esiintyi kahdesti, yhteensä siis 19 osumaa.
Tomi Engdahl says:
FinSpy: the ultimate spying tool
https://www.kaspersky.com/blog/finspy-for-windows-macos-linux/42383/
FinSpy spyware targets Android, iOS, macOS, Windows, and Linux users.
Heres what it can do and how to stay protected. At Kasperskys recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read more about their findings in Securelists post. In this article, meanwhile, we explore what kind of malware FinSpy is and how you can protect yourself from it.
Tomi Engdahl says:
Tips for DFIR Analysts, pt III
https://windowsir.blogspot.com/2021/10/tips-for-dfir-analysts-pt-iii.html
Learn to think critically. Don’t take what someone says as gospel, just because they say it. Support findings with data, and clearly communicate the value or significance of something. Be sure to validate your findings, and never rest your findings on a single artifact. Find an entry for a file in the AmCache? Great. But does that mean it was executed on the system? No, it does not…you need to validate execution with other artifacts in the constellation (EDR telemetry, host-based effects such as an application prefetch file, Registry modifications, etc.).
Tomi Engdahl says:
Demo: A Guide to Virtual Machine App Security https://www.trendmicro.com/en_us/devops/21/j/virtual-machine-security-guidelines.html
It may seem like containers are the go-to method for cloud building, however 95% applications run on traditional infrastructure deployments like dedicated servers, shared hosting, and virtual machines (VMs).
While Gartner has predicted that by 2022 15% of organizations will be using containers, that still leaves 85% continuing to run many applications and services as server-based deployments. Servers dont seem to be going anywhere anytime soon.. Enterprises have run legacy architectures for more than a decade while serving their growing customer base. During this time, theyve addressed capacity constraint challenges with cloud platforms.
Tomi Engdahl says:
Google Confirms Powerful Password Shield Heading For 150 Million Chosen Ones https://www.forbes.com/sites/daveywinder/2021/10/09/googles-powerful-password-shield-heads-for-150-million-automatically-opted-in-users/
Google has confirmed that it will be pushing forward, on an ‘automatic enrollment’ basis, with a bold security update for some 150 million users before the year-end. I am sure you are wondering if you will be among the chosen ones who get opted into using this powerful password shield and, if so, what exactly does this mean?. The confirmation from Google came by way of an official safety and security blog posting this week. The announcement by Google’s Chrome group product manager, AbdelKarim Mardini and director of Google account security and safety, Guemmy Kim, reinforces the password security switch message I wrote about back in May.
Tomi Engdahl says:
71% of Security Pros Find Patching to be Complex and Time Consuming, Ivanti Study Confirms https://www.darkreading.com/vulnerabilities-threats/71-of-security-pros-find-patching-to-be-complex-and-time-consuming-ivanti-study-confirms
Ivanti, the automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today announced the results of a survey that found a resounding majority (71%) of IT and security professionals found patching to be overly complex, cumbersome, and time consuming. In fact, 57% of respondents stated that remote work has increased the complexity and scale of patch management.
Tomi Engdahl says:
Vältä näitä: Tässä 3 pahinta tietoturvamokaa https://www.is.fi/digitoday/tietoturva/art-2000008263579.html
YHDYSVALTAIN kyberviranomainen CISA (Cybersecurity and Infrastructure Security Agency) tunnistaa kolme pahaa virhettä, jotka voivat altistaa kriittisen infrastruktuurin hyökkäyksille. CISA:n ohjeet on suunnattu yhdysvaltalaisille yrityksille ja organisaatioille, mutta niistä on apua myös tavallisille kuluttajille Suomessa.
Tomi Engdahl says:
Tietoturvaguru Mikko Hyppönen jakaa vinkkejä uutuuskirjassaan: Väärä PIN-koodi tussilla pankkikorttiin https://www.iltalehti.fi/tietoturva/a/b5833240-20d9-46bb-9c4c-85c4f2e9467e
Tietoturvayhtiö F-Securen tutkimusjohtaja Mikko Hyppönen kertoo uutuuskirjassaan (Internet, WSOY), miten taklata yleisimpiä tietoturvaongelmia, joissa ihminen on heikoin lenkki. Seuraavat otteet ovat suoria lainauksia Suomen tunnetuimman tietoturvagurun uutuuskirjasta.
Tomi Engdahl says:
Valeanturit tunkeutuvat verkkoihin Tällä hetkellä yleisin keino, jolla järjestelmiin murtaudutaan
https://www.tivi.fi/uutiset/tv/1f5c9a14-32bb-4ce0-a39d-e9374a53ec02
Viime toukokuussa Yhdysvallat lähes pysähtyi. Maan suurimpaan polttoaineputkeen tehtiin kyberhyökkäys, jonka seurauksena lähes 9000 kilometrin mittaisessa putkistossa ei siirretty yhtäkään litraa bensiiniä, dieseliä, lentopetrolia tai lämmitysöljyä. Insta Groupin toimitusjohtaja Henry Nieminen nostaa esille yhden äärimmäisen tärkeän asian, miten yritykset voisivat joko estää kokonaan tai vähintään saada kyberhyökkäysten vahingot minimiin.
Tomi Engdahl says:
Ransomware: Cyber criminals are still exploiting these old vulnerabilities, so patch now https://www.zdnet.com/article/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks/
Some of the cybersecurity vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old — but attackers are still able to take advantage of them because security updates aren’t being applied. Cybersecurity researchers at Qualys examined the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years. They found that some of these vulnerabilities have been known for almost a decade and had vendor patches available.
Tomi Engdahl says:
McAfee/FireEye merger completed, CEO says automation only way forward for cybersecurity https://www.zdnet.com/article/mcafeefireeye-merger-completed-ceo-says-automation-only-way-forward-for-cybersecurity/
McAfee Enterprise and FireEye completed their merger on Friday, closing the $1.2 billion, all cash transaction that merges the two cybersecurity giants. FireEye announced the sale of its FireEye Products business to a consortium led by Symphony Technology Group
(STG) in July, separating the company’s network, email, endpoint and cloud security products from Mandiant’s software and services.
Tomi Engdahl says:
https://www.securityweek.com/cia-creates-working-group-china-threats-keep-rising
Tomi Engdahl says:
5 Steps to Secure Linux (protect from hackers)
https://www.youtube.com/watch?v=ZhMw53Ud2tY
Are your Linux servers safe from hackers? Can they be hacked? In this video, NetworkChuck shows you how to secure and HARDEN your Linux server. While nothing is full-proof, taking these steps to harden your Linux server is VITAL and will help protect you from attacks.
Tomi Engdahl says:
Secure Open Source Rewards
https://sos.dev/
The Secure Open Source Rewards pilot program financially rewards developers for enhancing the security of critical open source projects that we all depend on. The pilot program is run by the Linux Foundation with initial sponsorship from the Google Open Source Security Team (GOSST).
Tomi Engdahl says:
A Pentagon official quit because we’ve lost the cyber war to China.
A Pentagon official said he resigned because US cybersecurity is no match for China, calling it ‘kindergarten level’
https://news.yahoo.com/pentagon-official-said-resigned-because-093911720.html
Nicolas Chaillan served as the US Air Force’s software chief and worked on Pentagon security.
He quit in September and told the Financial Times last week that the US was far behind China on AI.
“We have no competing fighting chance against China in fifteen to twenty years,” he said.
A senior cybersecurity official at the Pentagon said he quit because he thought it was impossible for the US to compete with China on AI.
Nicolas Chaillan joined the US Air Force as its first chief software officer in August 2018. He worked to equip it and the Pentagon with the most secure and advanced software available.
But Chaillan quit on September 2. In his departing LinkedIn post, he cited the Pentagon’s reluctance to make cybersecurity and AI a priority as a reason for his resignation.
https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/
Tomi Engdahl says:
Cybersecurity Awareness: How Much Data Can An Attacker Get From an Employee ID?
https://securityintelligence.com/articles/cybersecurity-awareness-data-attacker-employee-id/
Cyber awareness may seem fairly obvious, but its not always. For example, you would never post a photo of your drivers license on Facebook, right? How about your company ID card?. Then theres that selfie you took at the office. Were you wearing your work badge? Not a good idea. Part of cybersecurity awareness is knowing what not to post.
Tomi Engdahl says:
Data Exfiltration, Revisited
https://windowsir.blogspot.com/2021/10/data-exfiltration-revisited.html
I’ve posted on the topic of data exfiltration before (here, etc.) but often it’s a good idea to revisit the topic. After all, it was almost two years ago that we saw the first instance of ransomware threat actors stating publicly that they’d exfiltrated data from systems, using this a secondary means of extortion. Since then, we’ve continued to see this tactic used, along with other tertiary means of extortion based on data exfiltration. We’ve also seen several instances where the threat actor ransom notes have stated that data was exfiltrated but the public “shaming” sites were noticeably empty.
Tomi Engdahl says:
Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack https://thehackernews.com/2021/10/verify-end-users-at-helpdesk-to-prevent.html
Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization’s helpdesk might pose a bigger threat due to social engineering attacks. Social engineering is “the art of manipulating people so they give up confidential information,”
according to Webroot. There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user’s credentials.
Tomi Engdahl says:
Ransomware is the biggest cyber threat to business. But most firms still aren’t ready for it https://www.zdnet.com/article/ransomware-is-now-the-most-urgent-cyber-threat-to-business-but-most-firms-arent-ready-for-it/
Ransomware is the most significant cybersecurity threat facing organisations ranging from critical national infrastructure providers and large enterprises to schools and local businesses but it’s a threat which can be countered. In a speech at the Chatham House Cyber
2021 Conference, Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC) warned about several cybersecurity threats facing the world today, including supply chain attacks, the threat of cyber espionage and cyber aggression by hostile nation-states and cybersecurity exploits and vulnerabilities being sold to whoever wants to buy them.
Tomi Engdahl says:
A Pentagon official said he resigned because US cybersecurity is no match for China, calling it ‘kindergarten level’
https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10?r=US&IR=T
A senior cybersecurity official at the Pentagon said he quit because he thought it was impossible for the US to compete with China on AI.
Nicolas Chaillan joined the US Air Force as its first chief software officer in August 2018. He worked to equip it and the Pentagon with the most secure and advanced software available. But Chaillan quit on September 2. In his departing LinkedIn post, he cited the Pentagon’s reluctance to make cybersecurity and AI a priority as a reason for his resignation.
Tomi Engdahl says:
Julkishallinto auditoi tietoturvaa urakalla 50 miljoonan kilpailutus starttaa https://www.tivi.fi/uutiset/tv/aaf46e5c-fc5b-4dc9-a833-70401f64425f
Valtion ja kuntien yhteishankintayhtiö Hansel kilpailuttaa asiakkailleen tietoturvan auditointipalveluja. Arviointipalvelujen tulee täyttää tietoturvallisuuden arviointilaitoksia koskevan lain vaatimukset.. Hansel arvioi, että perustettavan dynaamisen hankintajärjestelmän arvo on 50 miljoonaa euroa. Tiedot käyvät ilmi julkisten hankintojen Hilma-tietokannasta.. It enables SecOps teams to detect and investigate compromised advanced threats, identities, and malicious insider activity targeting enrolled organizations.
Tomi Engdahl says:
When criminals go corporate: Ransomware-as-a-service, bulk discounts and more https://www.theregister.com/2021/10/11/ransomware_as_a_service/
This summer, Abnormal Security discovered that some of its customers’
staff were receiving emails inviting them to install ransomware on a company computer in return for a $1m share of the “profits”. When Abnormal staff set up a fake persona and contacted the criminals to play along, though, things started to fall apart. While the criminal initially discussed a potential ransom of $2.5m, this figure fell and fell as talks went on, first to $250,000 and then to just $120,000.
Tomi Engdahl says:
Applying Behavioral Psychology to Strengthen Your Incident Response Team https://www.darkreading.com/endpoint/how-behavioral-psychology-can-strengthen-your-incident-response-team
Cybersecurity incident response teams (CSIRTs) rely on technical and social skills. But focusing mostly on technical knowledge can come at the expense of communication and teamwork, according to a new study.
This idea was the focus of a five-year study analyzing incident response teams from a social-behavioral perspective. From 2012 to 2017, a team of researchers funded by the US Department of Homeland Security interviewed more than 200 people and led 80 focus groups across 17 international organizations to identify the key drivers of teamwork within and between teams.
Tomi Engdahl says:
The Security Challenge Of Protecting Smart Cities https://www.forbes.com/sites/chuckbrooks/2021/10/10/the-security-challenge-of-protecting-smart-cities/
As we continue to move forward in the Industry 4.0 era of greater connectivity between the physical and digital, the promise and development of smart cities become a more likely vision. While the term may have differing definitions, the term smart city usually connotes creating a public/private infrastructure to orchestrate the integration of transportation, energy, water resources, waste collections, smart-building technologies, and security technologies and services in a central location.
Tomi Engdahl says:
NSA Warns of Risks Posed by Wildcard Certificates, ALPACA Attacks
https://www.securityweek.com/nsa-warns-risks-posed-wildcard-certificates-alpaca-attacks
The National Security Agency last week issued guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA) techniques.
Titled Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique, the new guidance encourages network administrators to ensure that the use of wildcard certificates does not create unwanted risks and that the enterprise environments are not vulnerable to ALPACA attacks.
Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique
https://media.defense.gov/2021/Oct/07/2002869955/-1/-1/0/CSI_AVOID%20DANGERS%20OF%20WILDCARD%20TLS%20CERTIFICATES%20AND%20THE%20ALPACA%20TECHNIQUE_211007.PDF
Tomi Engdahl says:
Lots and Lots of Bots: Looking at Botnet Activity in 2021
https://www.securityweek.com/lots-and-lots-bots-looking-botnet-activity-2021
A botnet today can be used as a foundation for bad actors to carry out other attacks later
Botnets continue to be a major problem for cybersecurity teams. With the growth in sophisticated threats, botnets are becoming more malicious, sometimes able to create hundreds of thousands of drones that can attack a variety of machines, including Mac systems, Linux, Windows systems, edge devices, IoT devices, and so on.
What’s behind the surge
The traditional perimeter is obviously a relic of the past. The edge – as defined as the kind of barrier between your own network, your LAN and the internet access – has faded away. There are cloud services, mobile services, web services – so there is no edge anymore; everyone’s living on the edge. Organizations are accessing the internet in all sorts of ways, including IoT and other devices, and attackers are leveraging this and finding new ways into your organization. They’re landing and expanding. They’re moving horizontally throughout the network and thinking, “Even if I can only access you through an IoT device, how can I use that to perhaps obtain a more valuable target?”
We’re seeing a lot of web-borne threats and, unfortunately, many environments still aren’t segmented or secured the way they should be. And attackers are definitely using botnets to take advantage of this. A botnet today can be used as a foundation for bad actors to carry out other attacks later.
Global Threat Landscape ReportA Semiannual Report by FortiGuard Labs
https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/report-threat-landscape-2021.pdf
Tomi Engdahl says:
Botnet attacks continue to rise, with many new varieties entering the field. Old defense strategies won’t work, which highlights the need for new ones, including ZTA and ZTNA. Another needed strategy is more proactive collaboration among organizations and law enforcement, like the kind that helped bring down Emotet. Modern endpoint security solutions will also go a long way toward securing your borderless network.
https://www.securityweek.com/lots-and-lots-bots-looking-botnet-activity-2021
Tomi Engdahl says:
US urged to expand ‘tool kit’ against cybercrime amid pipeline hack fallout
This article is more than 4 months old
https://www.theguardian.com/business/2021/may/11/us-pipeline-hack-gas-shortages
‘We must rethink our approach,’ acting chief of the agency charged with protecting federal networks said in Senate testimony
Tomi Engdahl says:
Nmap Tutorial to find Network Vulnerabilities
https://www.youtube.com/watch?v=4t4kBkMsDbQ
Learn Nmap to find Network Vulnerabilities…