Cyber security trends for 2021

Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.

2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.

Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”

In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.

DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.

One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.

Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.

Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.

The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)

Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.

Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.

A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.

Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.

Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.

Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.

7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.

IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.

2,203 Comments

  1. Tomi Engdahl says:

    Onko sinulla kiire luopua rahoistasi?
    https://poliisi.fi/blogi/-/blogs/onko-sinulla-kiire-luopua-rahoistasi
    Poliisin tietoon tulleiden tietoverkkoavusteisten rikosten uhriksi on joutunut jo tuhansia suomalaisia. Vaikka luulet, ettei niin voisi käydä sinulle, pysähdy ja mieti vielä hetki. Petosrikoksissa on kyse toisen erehdyttämisestä tai erehdyksen hyväksikäyttämisestä siten, että rikoksen uhrille syntyy taloudellista vahinkoa. …pelkästään muutamaan nykypäivänä yleiseen ja kohtalaisen tunnettuun petostapaan (niin sanottuihin nigerialaiskirjeisiin, rakkaus-, sijoitus-, laina-,
    HelpDesk- ja toimitusjohtajapetoksiin) liittyen on kirjattu tänä vuonna noin 1 400 rikosilmoitusta ja suomalaiset ovat menettäneet petosrikollisille yli 23 miljoonaa euroa.

    Reply
  2. Tomi Engdahl says:

    U.S. Government set to ban sale of hacking tools to China and Russia https://therecord.media/u-s-government-set-to-ban-sale-of-hacking-tools-to-china-and-russia/
    The Commerce Department introduced a new export control rule on Wednesday aimed at curbing the export or resale of hacking tools to China and Russia. The regulation had been held up for years amid concern that attempting to curb such sales would inadvertently hobble defensive cyber efforts. Lisäksi:
    https://www.commerce.gov/news/press-releases/2021/10/commerce-tightens-export-controls-items-used-surveillance-private.
    Lisäksi:
    https://www.bleepingcomputer.com/news/security/us-govt-to-ban-export-of-hacking-tools-to-authoritarian-regimes/

    Reply
  3. Tomi Engdahl says:

    OWASP’s 2021 List Shuffle: A New Battle Plan and Primary Foe https://thehackernews.com/2021/10/owasps-2021-list-shuffle-new-battle.html
    In this increasingly chaotic world, there have always been a few constants that people could reliably count on:. The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the top ten most common and dangerous vulnerabilities that attackers are actively exploiting. Lisäksi: https://owasp.org/Top10/

    Reply
  4. Tomi Engdahl says:

    Russian-speaking cybercrime evolution: What changed from 2016 to 2021 https://securelist.com/russian-speaking-cybercrime-evolution-2016-2021/104656/
    Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi.

    Reply
  5. Tomi Engdahl says:

    DoS attacks against Russian firms have almost tripled in 2021 https://www.bleepingcomputer.com/news/security/ddos-attacks-against-russian-firms-have-almost-tripled-in-2021/
    A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year. Lisäksi:
    https://rt-solar.ru/analytics/reports/2403/

    Reply
  6. Tomi Engdahl says:

    Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/
    Researchers with Google’s Threat Analysis Group (TAG), who first spotted the campaign in late 2019, found that multiple hack-for-hire actors recruited via job ads on Russian-speaking forums were behind these attacks.

    Reply
  7. Tomi Engdahl says:

    Thanks to COVID-19, New Types of Documents are Lost in The Wild
    https://isc.sans.edu/diary/rss/27952
    ..there seems to be a new type of data leak, many people exchange certificates which contain a lot of sensitive information. For a few days, I run a hunting search on VT to try to find interection documents and I found some nice PDF files. Lisäksi:
    https://www.rfi.fr/en/france/20210924-health-officials-identify-suspects-behind-macron-s-qr-data-leak-health-pass-digital-security

    Reply
  8. Tomi Engdahl says:

    Lasten digitaalista hyvinvointia ja turvallisuutta parannetaan yhteistyöllä – Microsoftin, Accenturen ja Pelastakaa Lasten viidesluokkalaisille suunnattu oppimisalusta otetaan käyttöön vuonna
    2022
    https://www.epressi.com/tiedotteet/avustukset-ja-vapaaehtoistyo/lasten-digitaalista-hyvinvointia-ja-turvallisuutta-parannetaan-yhteistyolla-microsoftin-accenturen-ja-pelastakaa-lasten-viidesluokkalaisille-suunnattu-oppimisalusta-otetaan-kayttoon-vuonna-2022.html
    Monenlainen digilaitteiden käyttö voi olla lapsille hauskaa ja hyödyllistä, mutta digipalvelujen käyttöön liittyymyös haasteita ja vaikeita tilanteita. Lisäksi:
    https://www.pelastakaalapset.fi/kehittamis-ja-asiantuntijatyo/digitaalinen-hyvinvointi-ja-lapsen-oikeudet/digitaalinen-hyvinvointi-ja-turvallisuus-kouluille/

    Reply
  9. Tomi Engdahl says:

    Investors Bet Big on Attempts to Solve Encryption ‘Holy Grail’
    https://www.securityweek.com/investors-bet-big-attempts-solve-encryption-holy-grail

    News Analysis: Venture capital investors are pumping millions of dollars into privacy enhancing technology (PET) projects, betting that hardware and software innovation is finally coming together to solve one of the “holy grails” of encryption.

    Just this month, a handful of ambitious startups — Duality Technologies ($30 million, Series B), Tonic.ai ($35m Series B), and Gretel ($50 million, Series B) — banked a combined $115 million to keep pace in the race to allow “privacy enhancing computation” on encrypted data without the need to decrypt and expose sensitive data.

    The latest funding flurry follows a recent Gartner report picking privacy-enhancing computation as one of 2021′s top strategic technology trends and predicting that by 2025, half of large organizations will adopt privacy-enhancing computation as a means of processing data.

    Existing encryption products seek to protect data while stored or in transmission, but the data must be decrypted — and exposed — if entities want to run computations or train machine learning models. The category of Privacy Enhancing Technologies — particularly homomorphic encryption — has emerged as a way to allow multi-party data sharing and computation without the need to decrypt and expose sensitive data or intellectual property.

    Even in the PET category, there are multiple different approaches with fully homomorphic encryption (FHE) considered the “holy grail” because of the promise of enabling computation on encrypted data, or ciphertext, rather than plaintext, or unencrypted data – essentially keeping data protected at all times.

    Despite its potential, FHE requires enormous computation time to perform even simple operations, making it exceedingly impractical to implement with traditional processing hardware. Earlier this year, the U.S. government’s Defense Advanced Research Projects Agency (DARPA) announced investments and projects in homomorphic encryption space.

    One of the companies cashing in on the DARPA moves is Duality Technologies, an Israeli/US tech startup founded by world-renowned cryptographers. Duality’s tools offer a blend of homomorphic encryption with data science expertise to secure analysis on encrypted data — while complying with data privacy regulations and protecting intellectual property.

    A second player making waves is Gretel.ai, a San Diego company that sells a “privacy engineering as a service” platform for developers to share and collaborate on sensitive data across teams and even external organizations.

    Gretel.ai, which has so far raised close to $68 million in funding, is innovating around the use of synthetic data sets to preserve privacy during computation and data-sharing. Gretel.ai says its tools offer developer APIs and utilities that provide the highest quality results through data operations to label and classify, transform and anonymize, and generate synthetic data.

    Gretel says its products can be used to train machine learning models on datasets and generate synthetic data that is statistically equivalent; transform data via automatic labeling and classification.

    Another startup banking investor dollars is Tonic, a company that describes itself as “the fake data company.” Tonic just secured a $35 million Series B round to continue developing its own tools to generate synthetic data sets to mimic production data for development.

    Several other well-capitalized players in the PET category include Enveil, the brainchild of former NSA mathematician Ellison Anne Williams. Enveil has closed $15 million in funding and is finding success with its ZeroReveal API-based product that delivers homomorphic encryption capabilities.

    While a surge in venture capital funding can be seen as an attempt to create markets that didn’t exist before, the value of running computations against encrypted data is huge, particularly in heavily regulated industries.

    Reply
  10. Tomi Engdahl says:

    Ellen Nakashima / Washington Post:
    US Commerce Department announces rules banning the export or resale of hacking tools to China, Russia, and other countries of concern — The Commerce Department on Wednesday announced a long-awaited rule that officials hope will help stem the export or resale of hacking tools to China …

    Commerce Department announces new rule aimed at stemming sale of hacking tools to Russia and China
    https://www.washingtonpost.com/national-security/commerce-department-announces-new-rule-aimed-at-stemming-sale-of-hacking-tools-to-repressive-governments/2021/10/20/ecb56428-311b-11ec-93e2-dba2c2c11851_story.html

    The Commerce Department on Wednesday announced a long-awaited rule that officials hope will help stem the export or resale of hacking tools to China and Russia while still enabling cybersecurity collaboration across borders.

    The rule, which will take effect in 90 days, would cover software such as Pegasus, a potent spyware product sold by the Israeli firm NSO Group to governments that have used it to spy on dissidents and journalists.

    It would bar sales of hacking software and equipment to China and Russia, as well as to a number of other countries of concern, without a license from the department’s Bureau of Industry and Security (BIS).

    What it is not intended to do, senior Commerce Department officials say, is prevent American researchers from working with colleagues overseas to uncover software flaws, or cybersecurity firms from responding to incidents.

    The rule had been in the works for years, stalled earlier by fears that it would stymie defensive work in the cyber field. Now officials hope they have reached the right balance.

    “The rationale is these are items that can be misused to abuse human rights, to track and identify dissidents or disrupt networks or communications, but they also have very legitimate cybersecurity uses,” said one senior official, who spoke on the condition of anonymity under ground rules set by the agency. “So what the rule does is restrict these exports to the problematic countries.”

    Commerce already has export controls on products containing encryption, so the new rule applies to products that do not contain encryption, officials said.

    There are probably few U.S. companies whose products would be covered by the rule, but anyone who sells U.S.-origin software or technology to develop cyber intrusion products outside the United States must also seek authorization, officials said.

    The rule is complicated. For instance, an American company wanting to ship “intrusion software” to the governments of Israel, the United Arab Emirates and Saudi Arabia would require a license. If the software is to be used for cyberdefense purposes, such as penetration testing, and will be sold to nongovernment persons, then a license is not required.

    Any intrusion software, even for defensive purposes, being sold to anyone in China or Russia, whether or not they work for the government, will require a license, according to the rule.

    Commerce’s BIS will vet the end user before deciding whether to grant a license.

    “That’s one of the primary purposes of the license application,”

    The rule will align the United States with the 42 European and other allies that are members of the Wassenaar Arrangement, which sets voluntary export control policies on military and dual-use technologies — or products that can be used for both civilian and military purposes.

    China is not a Wassenaar member, but Russia is. Israel is also not a member but voluntarily adopts its controls, although that apparently did not prevent Pegasus from being sold to and used by Saudi Arabia to track journalists and dissidents, as countries can vary in how they implement Wassenaar controls.

    NSO has said it does not sell its products to China and Russia, and it requires its customers to use the software only for law enforcement or counterterrorism purposes.

    Most of the other Wassenaar countries have already imposed regulations on hacking tools. The United States would be the last or near last to do so, officials said. The delay grew out of the issue’s complexity and the agency’s desire not to impede legitimate cybersecurity work.

    Unlike most of the other Wassenaar countries, the United States has a large cybersecurity industry.

    “We’re trying to walk the line between not impairing legitimate cybersecurity collaboration across borders, but trying to make sure these pieces of hardware and software technology aren’t obtained and used by repressive governments,” the senior official said.

    The push for a control on hacking tools began about a decade ago in the wake of reports about firms whose wares were used to target dissidents.

    French company, Amesys

    In the ensuing years, other companies that produced spyware made headlines: The Italian company Hacking Team. The European firm Gamma. The Israeli NSO Group.

    In late 2013, Wassenaar members agreed to add products that aid cyber intrusions to the list of controls. It was up to each member state to adopt the control as it saw fit.

    The rule’s complexity makes comment from the security community crucial

    Commerce should assign a team tasked with educating cyber researchers and companies about the rule, he said. “They’re very used to engaging with large companies, but the security community is not centered in a few industry giants.”

    “Commerce appears to have threaded the needle of controlling cyber intrusion software without harming legitimate cyber defense efforts,”

    Commerce is giving the public 45 days to comment on the rule, and the agency will have another 45 days to make changes before the rule becomes final.

    Reply
  11. Tomi Engdahl says:

    Paul Sawers / VentureBeat:
    Honeycomb, which develops a software observability tool used by companies including Stripe and Slack, raises a $50M Series C led by Insight Partners — Honeycomb, a software observability platform used by developers at companies such as Stripe, Slack, Heroku, and LaunchDarkly, has raised $50 million in a series C round of funding.

    Software observability platform Honeycomb raises $50M
    https://venturebeat.com/2021/10/20/software-observability-platform-honeycomb-raises-50m/

    Honeycomb, a software observability platform used by developers at companies such as Stripe, Slack, Heroku, and LaunchDarkly, has raised $50 million in a series C round of funding.

    “Observability” is chiefly concerned with metrics, logs, and traces — that is, measuring the internal state of a system by analyzing the raw data outputs to understand what may be impacting an application’s performance. Indeed, while there are many bug-squishing and testing tools designed for the pre-deployment phase, observability is all about the production stage, once a software update has been pushed out into the wild.

    Insights at speed

    Observability represents a natural extension to the existing application performance monitoring (APM) process. While APM is generally about tracking software performance metrics over long periods of time to derive aggregates or averages, observability brings deeper technical insights to developers and site reliability engineers (SREs), allowing them to dig down and understand exactly what is happening inside an application. This is particularly important at a time when companies transition to the cloud and microservices-based architecture, which brings new complexities and promotes faster software development cycles that increase the likelihood that bugs or “bad code” funnel their way into a live codebase.

    In short, the need to know why an app is behaving badly is more important today than it ever has been, which is where platforms such as Honeycomb come into play.

    “Traditional monitoring and APM approaches were built for simpler, monolithic architectures, and they aren’t built to collect the large volumes of data and provide the exploratory analytical capabilities required to quickly understand how code behaves in the hands of real customers,” Honeycomb CEO and cofounder Christine Yen told VentureBeat. “Enterprises are demanding a new generation of tools specifically built for this modern world.”

    Reply
  12. Tomi Engdahl says:

    The U.S. Cracks Down on Exports of Hacking Tools and Spyware
    https://worldview.stratfor.com/article/us-cracks-down-exports-hacking-tools-and-spyware

    New U.S. export controls on hacking and cyber-surveillance software will limit the proliferation of such tools being developed in the West, though at the risk of at least temporarily undermining cybersecurity research. On Oct. 20, the U.S. Commerce Department’s Bureau of Industry and Security issued a new interim final rule that will tighten export restrictions on cyber tools used for surveillance, espionage and other malicious activities. Under the new rule, exports of hacking tools to government end-users in a select number of countries — including Bahrain, Israel, Saudi Arabia, Taiwan and the United Arab Emirates — will need a special license granted by the U.S. Commerce Department. Exports to non-government users in those countries for research and other cyber defensive purposes will not need a license.

    Reply
  13. Tomi Engdahl says:

    Commerce Tightens Export Controls on Items Used in Surveillance of Private Citizens and other Malicious Cyber Activities
    https://www.commerce.gov/news/press-releases/2021/10/commerce-tightens-export-controls-items-used-surveillance-private

    Reply
  14. Tomi Engdahl says:

    Kotien IoT-älylaitteet ovat riski yritysverkkojen kannalta
    https://www.uusiteknologia.fi/2021/10/20/kotien-iot-alylaitteet-ovat-riski-yritysverkkojen-kannalta/

    Etätyöaikana kotien IoT-laitteet heikentävät turvallisuutta myös yritysten tietoverkoissa, arvioitiin tietoturvayhtiö Palo Alto Networksin uudessa raportissa. 82 prosenttia it-alan päätöksentekijöistä Euroopan, Lähi-Idän ja Aasian alueella (EMEA) uskoo raportin mukaan yritysten tietoturvan heikentyneen etätyön ja uusien älylaitteiden takia.

    Palo Alto Networksin ja Vanson Bournen koostamaa raportti varten kerättiin tietoa maailmanlaajuisesti 1 900 it-alan päätöksentekijältä, joista jokainen työskenteli vähintään tuhannen työntekijän yrityksessä. Avainkysymykset käsittelivät verkkoturvallisuutta IoT-laitteiden kannalta. Vastaajista 750 vaikuttaa EMEA-alueella.

    EMEA-alueella tutkimustulokset jakaantuivat laajasti it-päätöksentekijöiden ja laitteiden internetin osalta. Päätöksentekijät ovat aiempaa luottavaisempia IoT-laitteiden näkyvyyteen verkossa (70 prosenttia vuonna 2021, 58 prosenttia vuonna 2020).

    Reply
  15. Tomi Engdahl says:

    Gartner predicts privacy law changes, consolidation of cybersecurity services and ransomware laws for next 4 years
    https://www.zdnet.com/article/gartner-predicts-privacy-law-changes-consolidation-of-cybersecurity-services-and-ransomware-laws-for-next-4-years/

    Gartner analysts also think weaponized operational technology will result in human casualties by 2025.

    Gartner analysts released their list of cybersecurity and privacy predictions for the next few years, floating a number of potential ideas about how the world will respond to certain problems over the next decade.

    The predictions ranged from potential legislation to how the market for certain technologies will change from now until 2025. Gartner analysts predicted weaponized OT environments will result in human casualties by 2025 due to malware that they believe will spread at “wirespeeds.” The analysts say by that time, cybercriminals will shift from business disruption to physical harm, leading to regulations placing liability on CEOs.

    For 2023, Gartner expects 75% of the world to be covered under some kind of privacy law with built-in subject rights requests and consent. The key, they said, will be whether privacy management programs can be automated.

    By 2024, Gartner said it believes organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.

    They expect security to stop being baked into assets and instead be “bolted on.” But with the permanent shift to remote work for many companies, Gartner predicted more organizations to use adaptive access control capabilities to facilitate it.

    The research institution is also expecting consolidation in the cloud and security edge services market, predicting that 30% of people will end up using the same provider by 2024.

    They noted that SaaS platforms are becoming “the preferred delivery model for organizations,”

    “By 2024, 30% of enterprises will adopt cloud-delivered SWG, CASB, ZTNA and FWaaS capabilities from the same vendor,” the analysts said, adding that by 2025, “60% will use cybersecurity risk as a primary determinant for business transactions.”

    Reply
  16. Tomi Engdahl says:

    Unfortunately, phones can get computer viruses too.

    Gaming-Related Malware on the Rise on Mobile, PCs Mobile devices increasingly targeted by attacks
    https://spectrum.ieee.org/mobile-malware-increasing?utm_campaign=RebelMouse&socialux=facebook&share_id=6739587&utm_medium=social&utm_content=IEEE+Spectrum&utm_source=facebook

    Popular online games such as Minecraft and The Sims are helping spread malware on both PCs and mobile devices, highlighting the risks that both games and mobile devices now pose, a new study finds.

    Gaming is increasingly a way not just for people to entertain themselves, but also to connect with others, which is otherwise difficult to do during the pandemic, notes freemium virtual private network service Atlas VPN.

    Reply
  17. Tomi Engdahl says:

    Cyberespionage with Benefits
    https://bostonreview.net/war-security-law-justice/sophia-goodfriend-cyberespionage-benefits

    In the high-tech culture of Tel Aviv, military-grade spying on civilians has become just another office job.

    This summer a coalition of seventeen media organizations published a series of articles indicting the NSO Group, an Israeli cyberespionage company. The consortium of journalists, working in conjunction with civil society organizations like Amnesty International, alleged that thousands of dissidents, human rights workers, and opposition politicians around the world had been targeted by the NSO’s Pegasus spyware. Outrage over what a U.S. White House spokesperson condemned as “extrajudicial surveillance” echoed worldwide. Within Israel’s insular high-tech community, however, few seemed alarmed by the news.

    The NSO Group is among a handful of boutique Israeli spyware firms marketing intelligence capabilities once reserved to military superpowers.

    “The whole ethics thing is quite diluted here,” J, an ex-developer at a spyware firm in Tel Aviv, told me over coffee in central Tel Aviv last month.

    The NSO Group is one of a handful of boutique spyware firms that have arrived on Israel’s high-tech scene in the last decade, marketing spying capabilities once reserved to military superpowers. Most such firms have offices across the globe and are filled with developers and analysts headhunted from the world’s elite intelligence agencies, like the National Security Agency of the United States or Unit 8200 of the Israeli Defense Forces. These firms make millions of dollars selling the ability to breach the privacy of anyone, anywhere in the world, to the highest bidder—whether dictatorial regimes, like Saudi Arabia, or private criminals

    While international media, alongside governing bodies like the United Nations, condemned the NSO group for human rights violations, few in Israel’s high-tech ecosystem seemed concerned by the revelations. To many in Israel’s tech community, the NSO is just another high-tech firm putting military-grade espionage to use in an industry where these skills are celebrated. In Tel Aviv, the capabilities of army-trained IT specialists are highly sought after by global tech giants, up-and-coming start-ups, and boutique cyberespionage firms alike. The work done—specialized data analysis, cybersecurity, digital espionage—is more or less the same, transposed from a military to a civilian context. The difference is the impact of this work: critics accuse the cyberespionage industry of facilitating human rights violations around the world at a massive scale by silencing journalists and stifling political dissent.

    Like many Israeli cybersecurity firms, the NSO Group was founded by alumni of Unit 8200, the elite intelligence unit responsible for surveillance across Israel and the Palestinian territories.

    Privatized surveillance firms sit in the same office buildings hosting dating apps, gaming platforms, and biomedical imaging devices.

    “People won’t think too deeply about it because they’re making good money and working in a nice office all day.”

    Intelligence veterans are also unaccustomed to parsing the messy ethics of cyberespionage. Service in an intelligence unit is largely seen as removed from the moral quandaries of combat service; the technical skills are apprehended as more politically neutral than another kind of military labor. Indeed, many intelligence officers come from affluent and liberal sectors of Israeli society, striving to serve in intelligence in order to avoid doing things like raiding Palestinian homes in the West Bank.

    Hiring networks also prime young veterans to view a career in cyberespionage as no different from a career in another high-tech sector. Those who served in Unit 8200, for example, network through an “Alumni” Facebook page.

    Hiring networks prime young veterans to view a career in cyberespionage as no different from a career in another high-tech sector.

    When cyberespionage is normalized as any other high-tech service, even those who want to stay away from the industry find themselves caught up in privatized surveillance.

    “The surveillance stuff was inescapable,” she emphasized, “but sandwiched in between really normal research on global investment trends. If you wanted to, it was easy to ignore how one task differed from the other.”

    The cycle of scandals that plague the NSO Group thus arguably speaks less to one firm’s questionable ethics and more to a fundamental rot in the culture of the digital economy writ large, especially in Israel but also around the world. Viewed in this context, scandals like this are, in a sense, inevitable. Those staffing and managing Israel’s high-tech firms come straight from army intelligence units; veterans have no trouble transferring the surveillance skills carried out in the name of national security to largely unregulated private sectors that have also been surveilling masses without their consent. Change may be coming in the coalitions of journalists, civil society organizations, and politicians demanding that the private surveillance industry comply with international human rights standards.

    But to truly rein in the industry, we need to ensure cyberespionage stops being perceived as just another office job.

    Reply
  18. Tomi Engdahl says:

    Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks https://therecord.media/cybercrime-gang-sets-up-fake-company-to-hire-security-experts-to-aid-in-ransomware-attacks/
    A cybercrime group known as FIN7 has created a fake security firm earlier this year, used it to hire security researchers, and then trick them into participating in ransomware attacks. Named Bastion Secure, the company claims to provide penetration testing services for private companies and public sector organizations across the world.

    FIN7 hacking group created and operated a fake security company called Bastion Secure.
    The group used the company to recruit and trick security researchers into executing ransomware attacks.
    Bastion Secure recruited via job portals for Russian-speaking users.

    A cybercrime group known as FIN7 has created a fake security firm earlier this year, used it to hire security researchers, and then trick them into participating in ransomware attacks.

    Named Bastion Secure, the company claims to provide penetration testing services for private companies and public sector organizations across the world.

    But according to an investigation by Gemini Advisory, a division of Recorded Future, the company is a front for the FIN7 group, which used the Bastion Secure website as a front to post ads on Russian job portals seeking to hire cybersecurity experts for various positions [1, 2, 3, 4, 5, 6, 7].

    Ads on its website [archived] show that FIN7 recruited reverse engineers, system administrators, C++, Python, and PHP programmers.

    Those who applied went through a three-phase interviewing process; the Gemini Advisory team said today after one of its partners went through the process in order to study the shady company.

    Phase 1
    The first phase included a basic interview process with an HR representative, typically carried out via Telegram. After a successful interview, the job applicants were told to sign a contract with a non-disclosure agreement and configure their computer by installing several virtual machines and opening certain ports.

    Phase 2
    Applicants received legitimate penetration testing security tools from the company to conduct a series of test assignments.

    Phase 3
    Applicants were brought in to participate in a “real” assignment where they were told to conduct a penetration test against one of Bastion Secure’s customers.

    Gemini Advisory said that this last step in the interviewing process did not include any form of legal documents authorizing the penetration tests, as it’s customary in such cases, or explanation to participants.

    Furthermore, Bastion Secure representatives also told applicants to use only specific tools that would not be detected by security software and to specifically look for backups and file storage systems once inside a company’s network.

    FIN7 group identified as operators of the Darkside RaaS

    Reply
  19. Tomi Engdahl says:

    Detections That Can Help You Identify Ransomware https://securityintelligence.com/posts/detections-help-identify-ransomware/
    One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs.

    Reply
  20. Tomi Engdahl says:

    What is killware?
    https://www.pandasecurity.com/en/mediacenter/security/what-is-killware/
    Killware is a type of malware that is being deployed with the sole intention of causing physical harm, even death. Cyber psychopaths deploying such malicious code have one goal to case pure real-life destruction.

    “Killware”: Is it just as bad as it sounds?
    https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/
    On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching
    headline: “The next big cyberthreat isn’t ransomware. It’s killware.
    And it’s just as bad as it sounds.”

    Reply
  21. Tomi Engdahl says:

    Microsoft-Signed Rootkit Targets Gaming Environments in China https://www.darkreading.com/attacks-breaches/microsoft-signed-rootkit-targets-gaming-environments-in-china
    FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft’s driver certification process.
    Researchers have identified a rootkit with a valid digital signature from Microsoft being distributed within gaming environments in China.

    Reply
  22. Tomi Engdahl says:

    Cybercrime matures as hackers are forced to work smarter https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/
    An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today. Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide. One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better.

    Reply
  23. Tomi Engdahl says:

    Google disrupts massive phishing and malware campaign
    https://www.zdnet.com/article/google-disrupts-massive-phishing-and-malware-campaign/#ftag=RSSbaffb68
    Google has blocked 1.6 million phishing emails since May 2021 that were part of a malware campaign to hijack YouTube accounts and promote cryptocurrency scams. According to Google’s Threat Analysis Group (TAG), since late 2019 it’s been disrupting phishing campaigns run by a network of Russian hacker subcontractors who’ve been targeting YouTubers with “highly customized” phishing emails and cookie-stealing malware.

    Reply
  24. Tomi Engdahl says:

    Franken-phish: TodayZoo built from other phishing kits https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/
    A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today. We uncovered this phishing kit while examining an extensive series of credential phishing campaigns that all sent credentials to a set of endpoints operated by the attackers. We named the kit “TodayZoo” because of its curious use of these words in its credential harvesting component in earlier campaigns, likely a reference to phishing pages that spoofed a popular video conferencing application.
    Our prior research on phishing kits told us TodayZoo contained large pieces of code copied from widely circulated ones. The copied code segments even have the comment markers, dead links, and other holdovers from the previous kits.

    Reply
  25. Tomi Engdahl says:

    U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes https://thehackernews.com/2021/10/us-government-bans-sale-of-hacking.html
    The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security
    (NS) and anti-terrorism (AT) reasons. The mandate, which is set to go into effect in 90 days, will forbid the export, reexport and transfer of “cybersecurity items” to countries of “national security or weapons of mass destruction concern” such as China and Russia without a license from the department’s Bureau of Industry and Security (BIS).

    Reply
  26. Tomi Engdahl says:

    US to Curb Hacking Tool Exports to Russia, China
    https://www.securityweek.com/us-curb-hacking-tool-exports-russia-china

    US authorities unveiled Wednesday long-delayed new rules aimed at clamping down on export to nations like Russia and China of hacking technology amid a sharp uptick in cyberattacks globally.

    The rules, which are set to go into force in 90 days, would prevent the sale of certain software or devices to a list of countries unless approved by a bureau of the Commerce Department.

    Reply
  27. Tomi Engdahl says:

    How to Spot an Effective Security Practitioner
    https://www.securityweek.com/how-spot-effective-security-practitioner

    By understanding what makes a great security practitioner, organizations can learn how to recruit and retain effective security practitioners

    So, as requested, here are my thoughts on seven traits that effective security practitioners exhibit:

    ● Selfless: The best security practitioners aren’t worried about themselves, their careers, what people will think of them, or what is and is not in their job description. Instead, they look out for team members and do what is best for the security organization and the enterprise. This behavior does not go unnoticed – the good security professionals I know see and appreciate it. The result is that what is best for the team is also generally best for the individual.

    ● Good listener: As far as I am aware, the human brain is not capable of speaking and listening at the same time. As a result, people who speak a lot and/or dominate in a spoken forum often have a listening deficit as a result. Great security practitioners listen more than they speak. This allows them to truly understand the issues and challenges at hand, process them, analyze them, and then offer insightful and helpful suggestions and ways forward.

    ● Introspective: The author Bertrand Russell wrote in 1933 that “The fundamental cause of the trouble is that in the modern world the stupid are cocksure while the intelligent are full of doubt.” The most talented security professionals I’ve worked with over the course of my career were incredibly introspective. They were always analyzing and re-analyzing events to understand if they could have handled them better, behaved differently, or led the efforts in a different direction. The result is a near constant course correction that leads them in a better direction security wise.

    Security Practitioner

    ● Credits others: Some people take credit for everything that goes right and blame others for everything that goes wrong. Not an effective security practitioner. They take the blame when mistakes are made and work to rectify those mistakes and improve the state of affairs. When things go well, those same practitioners give all of the credit to the team. As you can imagine, this builds confidence in and loyalty among other security practitioners. That, in turn, motivates them such that they produce higher quality work.

    ● Collaborative: Improving the security posture of the organization and elevating the level of the security team as a whole both require working collaboratively within the team and with the business, executives, and other stakeholders. This is where the best practitioners excel – building bridges, relationships, and trust across organizational boundaries. This benefits the enterprise as a whole and makes the state of security within the enterprise much stronger.

    ● Communicative: Whereas weaker and more ineffective contributors seek to control the narrative and the flow of information, stronger and more effective contributors do not. When a security professional is operating above the board, they need not fear openness, transparency, and straightforwardness. As a result, the top professionals are often quite communicative. This makes it easy to understand where they are, where they are going, and what the plan is to get there. As you can imagine, this openness, coupled with a receptiveness to feedback and an ability to make adjustments around the direction make for a much better security state overall.

    ● Delivers: Talk is cheap. Actions speak louder than words. At the end of the day, no matter what has been said, promised, or touted, for a security practitioner to be effective, they need to deliver results. Actual results that is, and not fluff. The discerning, trained, and experienced eye will be able to tell the difference quite quickly. The most effective security practitioners deliver quality results consistently. Other talented and effective practitioners will stand up and take notice of this.

    Reply
  28. Tomi Engdahl says:

    Research finds consumer-grade IoT devices showing up… on corporate networks
    Considering the slack security of such kit, it’s a perfect storm
    https://www.theregister.com/2021/10/21/iot_devices_corporate_networks_security_warning/

    Increasing numbers of “non-business” Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations’ threat models.

    According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: “When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents.”

    Reply
  29. Tomi Engdahl says:

    Ransomware: Looking for weaknesses in your own network is key to stopping attacks
    https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/

    Ransomware criminals look for easy targets – knowing what could be vulnerable on your network can help stop attacks.

    One of the first things cyber criminals distributing ransomware will do after entering a network – which is often achieved with phishing attacks or exploiting unpatched vulnerabilities – is finding out what the network looks like in order to determine the best way to move around it and eventually execute the ransomware attack.

    Reply
  30. Tomi Engdahl says:

    Don’t want to get hacked? Then avoid these three ‘exceptionally dangerous’ cybersecurity mistakes
    https://www.zdnet.com/article/dont-want-to-get-hacked-then-avoid-these-three-exceptionally-dangerous-cybersecurity-mistakes/

    CISA warns of risky behaviours that leave networks exposed to cyberattacks – and should be addressed immediately if employed.

    Reply
  31. Tomi Engdahl says:

    Pandora papers: biggest ever leak of offshore data exposes financial secrets of rich and powerful
    https://www.theguardian.com/news/2021/oct/03/pandora-papers-biggest-ever-leak-of-offshore-data-exposes-financial-secrets-of-rich-and-powerful

    Pandora Papers illustraion
    Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officials

    Reply
  32. Tomi Engdahl says:

    European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity.
    Here Niamh Martin shares the story of how her social media account was hacked and her business almost destroyed.
    https://cybersecuritymonth.eu/social-media-hacked

    Reply
  33. Tomi Engdahl says:

    Ransomware: Looking for weaknesses in your own network is key to stopping attacks https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/
    Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place. While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter.

    Reply
  34. Tomi Engdahl says:

    Ransomware: Why do backups fail when you need them most?
    https://blog.malwarebytes.com/malwarebytes-news/2021/10/ransomware-why-do-backups-fail-when-you-need-them-most/
    It’s widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a ransomware attack is your backups. “We’re also feeling relatively confident, we have a very good backup system and then we find out at about four or five hours after the attack that our backup system is completely gone.”

    Reply
  35. Tomi Engdahl says:

    Didier Stevens – New tool
    https://blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/
    cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon.

    Reply
  36. Tomi Engdahl says:

    How to analyze a suspicious e-mail
    https://www.kaspersky.com/blog/analyzing-mail-header/42665/
    If you receive an e-mail of dubious authenticity, analyze it yourself.
    Here’s how. The technique is fairly uncommon in cases of mass phishing, but we see it quite a bit more in targeted messaging. If a message looks real, but you doubt the sender’s authenticity, try digging a little deeper and checking the Received header. This post describes how.

    Reply
  37. Tomi Engdahl says:

    BlackMatter ransomware victims quietly helped using secret decryptor https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-victims-quietly-helped-using-secret-decryptor/
    Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars. Emsisoft and its CTO Fabian Wosar have been helping ransomware victims recover their files since 2012. Since then Wosar and others have been working tirelessly to find flaws in ransomware’s encryption algorithms that allow decryptors to be made.

    Reply
  38. Tomi Engdahl says:

    FTC: ISPs collect and monetize far more user data than you’d think https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/
    The Federal Trade Commission (FTC) found that the six largest internet service providers (ISPs) in the U.S. collect and share customers’
    personal data without providing them with info on how it’s used or meaningful ways to control this process. “Many internet service providers (ISPs) collect and share far more data about their customers than many consumers may expectincluding access to all of their Internet traffic and real-time location datawhile failing to offer consumers meaningful choices about how this data can be used, ” the FTC said.

    Reply
  39. Tomi Engdahl says:

    Ben Hubbard / New York Times:
    Citizen Lab: the iPhone of Ben Hubbard, an American reporter for NYT, was hacked in 2020 and 2021, likely by Saudi Arabia using NSO’s Pegasus; NSO denies claim — Invasive hacking software sold to countries to fight terrorism is easily abused. Researchers say my phone was hacked twice, probably by Saudi Arabia.

    I Was Hacked. The Spyware Used Against Me Makes Us All Vulnerable.
    https://www.nytimes.com/2021/10/24/insider/hacking-nso-surveillance.html

    Invasive hacking software sold to countries to fight terrorism is easily abused. Researchers say my phone was hacked twice, probably by Saudi Arabia.

    BEIRUT, Lebanon — In Mexico, the government hacked the cellphones of journalists and activists. Saudi Arabia has broken into the phones of dissidents at home and abroad, sending some to prison. The ruler of Dubai hacked the phones of his ex-wife and her lawyers.

    So perhaps I should not have been surprised when I learned recently that I, too, had been hacked.

    Still, the news was unnerving.

    As a New York Times correspondent who covers the Middle East, I often speak to people who take great risks to share information that their authoritarian rulers want to keep secret. I take many precautions to protect these sources because if they were caught they could end up in jail, or dead.

    But in a world where we store so much of our personal and professional lives in the devices we carry in our pockets, and where surveillance software continues to become ever more sophisticated, we are all increasingly vulnerable.

    Reply
  40. Tomi Engdahl says:

    Google removes support for FTP and old-gen U2F security keys in Chrome 95
    https://therecord.media/google-removes-support-for-ftp-and-old-gen-u2f-security-keys-in-chrome-95/

    Google has released today Chrome v95, the latest version of its popular web browser, a version that contains several changes that will likely cause problems for a considerable part of its users.

    The problematic changes include:

    removing support for File Transfer Protocol (FTP) URLs — ftp://
    removing support for the Universal 2nd Factor (U2F) standard, used in old-generation security keys (Chrome will only support FIDO2/WebAuth security keys going forward)
    adding file size limits for browser cookies
    removing support for URLs with non-IPv4 hostnames ending in numbers, such as http://example.0.1

    Reply
  41. Tomi Engdahl says:

    U.S. counterintel hubs warns of foreign threats to emerging technologies
    https://therecord.media/u-s-counterintel-hubs-warns-of-foreign-threats-to-emerging-technologies/

    The National Counterintelligence and Security Center on Friday warned that China’s goals in certain key emerging technologies could give Beijing an advantage over the U.S. and its security interests.

    In a new paper, the branch of the Office of the Director of National Intelligence, said that China “has a goal of achieving leadership in various emerging technology fields by 2030.” It notes the country is also the “primary strategic competitor to the United States because it has a well resourced and comprehensive strategy to acquire and use technology to advance its national goals.”

    The NCSC said that while technologies like quantum computing, biotechnology, semiconductors and artificial intelligence can be “beneficial” they “warrant extra attention” by the private sector and others due to “their implications for security.”

    The warning marks the latest attempt by the Biden administration to educate the private sector and the public about the risks of working with China — which senior officials, such as CIA Director Bill Burns, have said is the greatest strategic threat to the U.S.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*