Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
How to Spot an Effective Security Practitioner
https://www.securityweek.com/how-spot-effective-security-practitioner
By understanding what makes a great security practitioner, organizations can learn how to recruit and retain effective security practitioners
Tomi Engdahl says:
Drew Harwell / Washington Post:
A look at the bitter privacy debate in a Colorado neighborhood over the use of license plate scanners made by Flock, whose customer base has risen 4x since 2019 — A battle among homeowners in the Colorado mountains shows how a new generation of surveillance technology is reshaping American neighborhoods
https://www.washingtonpost.com/technology/2021/10/22/crime-suburbs-license-plate-readers/
Tomi Engdahl says:
Digital transformation is creating new security risks, and businesses can’t keep up
Digital transformation without cybersecurity is a recipe for disaster.
https://www.zdnet.com/article/digital-transformation-is-creating-new-security-risks-and-businesses-cant-keep-up/
Business strategies around technology are constantly evolving. Usually it’s a process that takes time, carefully plotted out in order to avoid disruption.
But that wasn’t the case when many office workers were rapidly shifted over to remote working for the past 18 months. Employees who might not have experienced remote working suddenly found themselves working from a laptop on their living-room table, kitchen worktop or bedroom as a result of the pandemic.
The sudden shift may have helped organisations keep operating, but for many it also came at the expense of cybersecurity.
Organisations had to transform their business processes, but security didn’t necessarily keep pace, says Ian Wood, head of technology for UK and Ireland at enterprise data management software company Veritas.
“That was more of an afterthought — it was all about ‘how do I get up and running, how do I transform the business?’ Not thinking about how to secure things,” he adds.
And it’s not just offices that were forced to change. For example, bars and restaurants suddenly found that, due to social distancing rules, they had to alter how they worked. Customers couldn’t queue up to order their food and drinks, so pubs and bars had to provide digital ordering services.
“Pubs which didn’t have much IT infrastructure suddenly had to adopt a huge amount of it,” says Wood.
But without guidance some struggled, with privacy activists expressing concerns over the amount of information these applications were collecting — particularly when a lack of experience with collecting and storing all this data could lead to issues with information not being correctly secured.
The rush to build new systems caused by the pandemic is an extreme example of digital transformation — one done with a deadline of days, rather than months or even years. However, the same problem — cybersecurity as an afterthought — is also a significant risk in long-term projects.
Some boardrooms are focused primarily on efficiency and the bottom line — and when spending on applications and tools to help keep the company secure cuts into those areas, there’s reluctance to spend the money.
“There’s this split between the business decision and the view of the business risk, and then the view of the cyber risk, and at the moment, the two can’t combine, don’t collaborate and don’t come together in the way that they need to,” says Lorna Rea, consultant for central government at BAE Systems.
“Security just isn’t keeping pace with the digital transformation. Organisations have finite resources, and it’s very difficult to mobilise the limited resources,” says Alastair Williams director of solutions engineering for EMEA at Skybox Security.
But even if organisations have limited resources, that doesn’t mean that cybersecurity should simply be ignored: the cost of falling victim to a data breach or ransomware attack could cost a business much more than implementing cybersecurity practices ever would. And that’s without the ongoing damage that could be caused if consumers and partners lose faith in a business because it fell victim to an avoidable cyberattack.
Digital transformation in many cases means investing in cloud computing services. And the basics of securing cloud services is a well understood, if sometimes, ignored practice.
For example, securing the cloud means ensuring that multi-factor authentication (MFA) is applied to every user. Then, if usernames and passwords are breached, there’s an additional step that can prevent attackers gaining direct access to the network. Some executives might grumble that MFA cuts down productivity, because people need to take a little time out to verify their identity — but it’s one of the most effective actions that can be taken to help prevent unauthorised access to company services.
Ultimately, when looking at digital transformation, one of the best ways to help ensure data protection is prioritised is to invest in an information security team and involve them in every step of the journey. There might sometimes be tension between the business and information security units, but such integration will ultimately ensure that security is baked into the whole process.
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
Microsoft says the Russian-backed Nobelium group, responsible for the SolarWinds hack, is still targeting global IT supply chain with 14 breaches since May 2021 — Microsoft says the Russian-backed Nobelium threat group behind last year’s SolarWinds hack is still targeting the global IT supply chain …
Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May
https://www.bleepingcomputer.com/news/microsoft/microsoft-russian-svr-hacked-at-least-14-it-supply-chain-firms-since-may/
Microsoft says the Russian-backed Nobelium threat group behind last year’s SolarWinds hack is still targeting the global IT supply chain, with 140 managed service providers (MSPs) and cloud service providers attacked and at least 14 breached since May 2021.
This campaign shares all the signs of Nobelium’s approach to compromising a significant list of targets by breaching their service provider.
Just as in previous attacks, the Russian state hackers used a diverse and ever-changing toolkit, including a long list of tools and tactics ranging from malware, password sprays, and token theft to API abuse and spear phishing.
Tomi Engdahl says:
Here’s the FBI’s Internal Guide for Getting Data from AT&T, T-Mobile, Verizon
https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon
The newly obtained document shows in granular detail the sort of data that the country’s carriers keep, and for how long.
Tomi Engdahl says:
Microsoft Digital Defense Report shares new insights on nation-state attacks https://www.microsoft.com/security/blog/2021/10/25/microsoft-digital-defense-report-shares-new-insights-on-nation-state-attacks/
The aims of nation-state cyber actorslargely espionage and disruptionremain consistent, along with their most reliable tactics and techniques: credential harvesting, malware, and VPN exploits.
However, a common theme this year among the actors originating from China, Russia, North Korea, and Iran has been increased targeting of IT service providers as a way of exploiting downstream customers.
Tomi Engdahl says:
Changing Approaches to Preventing Ransomware Attacks
https://www.securityweek.com/changing-approaches-preventing-ransomware-attacks
Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries
Attempting to detect ransomware is generally a losing proposition. Security teams usually report the moment an exploit or vulnerability is released to the public. Attackers typically begin exploiting the vulnerabilities within 12 hours. Access to internal networks happens quickly. More problematic, the timeline from initial access to escalating privileges and deploying ransomware can be less than six hours. In other words, whether it’s a set of credentials found on the dark web and a lack of two factor authentication, or the exploitation of an internet facing application, a malicious actor needs very little time before they are sending emails to executives with ransom requests.
Defending against this type of threat is challenging. Enterprises are better served by focusing on systematically identifying initial access vectors and supply chain risks that serve as the precursors to data theft and ransomware attacks. Open source, dark web, and external attack surface monitoring at scale and with the proper collection parameters is an important tool for identifying and preventing attacks.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/10/25/digiturvaviikko-alkaa-ilmaisia-webinaareja/
Tomi Engdahl says:
Olemmeko jo liian riippuvaisia teknologiajäteistä?
https://etn.fi/index.php/13-news/12745-olemmeko-jo-liian-riippuvaisia-teknologiajaeteistae
Digi- ja väestötietoviraston Digiturvaviikolla ruoditaan digiturvallisuutta eri näkökulmista. Lokakuun alussa Facebook, Whatsapp, Instagram, Messenger ja Oculus olivat nurin kuuden tunnin ajan. Tietoturvan ammattilaisten näkökulmasta katkos suosituissa palveluissa herättää kysymään, joko olemme liian riippuvaisia teknologiajäteistä.
Eilisen ensimmäisen digiturvapäivän päättäneessä paneelissa olivat mukana F-Securen Mikko Hyppönen, Aalto-yliopiston ja Innofactorin Jarno Limnell sekä valtion kyberturvallisuusjohtaja Rauli Paananen. Limnell muistutti, että olemme jo riippuvaisia internetistä. Mikko Hyppösen mukaan pandemian aikana digitaalinen työnteko on tullut niin tärkeäksi, että nettikatkokset on yhä harmillisempia.
- Verkosta saadaan uutta bisnestä ja uutta viihdettä. Hyödyt ovat niin isoja, että hyväksymme haitat, Hyppönen sanoi.
Maailman on aiemminkin rakentanut isoja riippuvaisuuksia. Maailma tuli riippuvaiseksi sähköstä 150 vuoden aikana, nyt mikään yhteiskunta ei tulisi toimeen ilman sähköä. – Nyt olemme parikymmentä vuotta rakentaneet riippuvuutta tietoverkoista. Kohta olemme tilanteessa, että kun tietoverkot pysähtyvät, tehtaat pysähtyvät, Hyppönen ennusti.
Facebookin sovellusten kaatuminen ei aiheuttanut kovin isoja ongelmia kenenkään elämässä, mutta pinnan alla vaikutukset olivat suuria. – Sovellusten kaaduttua miljardit kännykät ryhtyivät pommittamaan netin nimipalvelimia ja niiden kuorma kasvoi 300-kertaiseksi. Facebookin ongelmien takia koko muu netti toimii hitaammin. Tämä oli hyvä esimerkki riippuvuussuhteista: kun tarpeeksi iso osa verkosta muuttuu mustaksi aukoksi, koko muu verkko kärsii, Hyppönen muistutti.
Tomi Engdahl says:
Data ei ole uusi öljy, vaan uusi uraani
https://etn.fi/index.php/13-news/12744-data-ei-ole-uusi-oeljy-vaan-uusi-uraani
Digi- ja väestötietoviraston tänään alkaneella Digiturvaviikolla ruoditaan digiturvallisuutta eri suunnista. Data avaa uusia bisnesmahdollisuuksia, mutta väärissä käsissä se on vaarallinen ase. – Data ei ehkä olekaan uusi öljy, vaan uusi uraani, sanoi F-Securen Mikko Hyppönen.
Jarno Limnellin mukaan case Vastaamo oli digitaalinen suuronnettomuus. – Oltiin hämillään siitä, miten pitäisi toimia, kun uhreja oli kymmeniä tuhansia. Hyvää on se, että tästä on olut pakko oppia. Mutta herättikö Vastaamo siltikään suomalaista yhteiskuntaa tarpeeksi, Limnell kysyi.
- Toivottavasti on opittu, että ollaan enemmän huolestuneita siitä, minkälaisia tietoturvahaasteita on. Toivottavasti tämä johtaa siihen, että olemme entistä valveutuneempia, Paananen komppasi.
Mikko Hyppösen mukaan Vastaamossa oli kansainvälisestikin poikkeuksellista se, että yritys meni konkurssiin. – Tiedossa on vain noin 30 tapausta, joissa yritys on mennyt nurin tietomurron takia.
Tämän takia yritysten johto on pyytänyt it-osastoja selvittämään, missä data on ja miten se on suojattu ja varmuuskopioitu. – Yhteiskunta reagoi melko hitaasti mutta yritykset ovat reagoineet varsin nopeasti, Hyppönen kehuu.
Mikko Hyppönen muistuttaa, että Vastaamo oli rikoksena poikkeuksellisen julma. – Kyse ei ollut vahingosta, vaan uhreja kiristettiin kaikkein synkimmillä salaisuuksilla.
Jarno Limnellin mukaan usein mietitään tietoturvan hallintakeinoja, kun pitäisi miettiä sitä, mitä ollaan suojaamassa. – Mikä on kaikkein tärkeä, kriittinen data? Tämän Vastaamo-case opetti meidät huomaamaan, hän kiittelee.
Dataa on usein kutsuttu uudeksi öljyksi, mutta Mikko Hyppönen haluaa kutsua sitä uudeksi uraaniksi. – Uraani on hyvin arvokasta, mutta myös hyvin vaarallista. Uraani myös säilyy vaarallisena hyvin pitkään. Samoin varastettu data on verkossa vielä sata vuotta sen jälkeen, kun kaikki uhrit ovat jo kuolleet, hän muistuttaa.
Jarno Limnellin mukaan ennen saa unohtaa, että meillä on kymmeniä tuhansia ihmisiä, jotka eivät tiedä, onko heistä varastettu jotain tietoja, tämä voi tulla pidemmällä aikavälillä eteen.
Tomi Engdahl says:
US State Department Sets Up Cyber Bureau, Envoy Amid Hacking Alarm
https://www.securityweek.com/us-state-department-sets-cyber-bureau-envoy-amid-hacking-alarm
US Secretary of State Antony Blinken announced Monday that the State Department will establish a new bureau and envoy to handle cyber policy, revamping amid alarm over rising hacking attacks.
In a memo to staff, Blinken said that a review showed a need for structural changes on “how the State Department should adapt to 21st-century challenges.”
He announced plans, subject to approval by Congress, to create a Bureau of Cyberspace and Digital Policy with a new special envoy for critical and emerging technology.
“This structure will provide us with greater leadership and accountability to drive the diplomatic agenda within the interagency and abroad,” Blinken wrote.
He said he would provide more details in a speech Wednesday at the Foreign Service Institute, the State Department’s training center in suburban Washington.
State Department spokesman Ned Price told reporters the envoy will focus on “three key areas: international cyberspace security, international digital policy and digital freedom.”
Tomi Engdahl says:
Illumio Brings Visibility, Zero Trust Principles to Hybrid Cloud
https://www.securityweek.com/illumio-brings-visibility-zero-trust-principles-hybrid-cloud
A new product seeks to solve the two primary security issues that come with moving to the cloud: the danger of accidental misconfigurations and the loss of visibility.
On the first, Gartner suggests, “Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users.” It further warns that, “By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services.”
The lack of visibility means that security teams may be unaware of the misconfigurations and will be unaware of what is happening to and with the workloads within the cloud. Security cannot protect what it cannot see.
Illumio is tackling both problems by extending its Core datacenter zero trust/segmentation solution into the hybrid cloud with a new CloudSecure offering. After gaining visibility and locating any misconfigurations, CloudSecure improves the security posture by adding zero trust principles natively via the cloud’s own security controls. CloudSecure is available now for AWS, and will include Azure and Google Cloud in 2022.
Tomi Engdahl says:
Targets and Prizes Announced for 2022 ICS-Themed Pwn2Own
https://www.securityweek.com/targets-and-prizes-announced-2022-ics-themed-pwn2own
The Zero Day Initiative (ZDI) on Monday announced the targets and prizes for the next Pwn2Own Miami hacking contest, which focuses on industrial control system (ICS) products and associated protocols.
Pwn2Own Miami 2022 is scheduled to take place on January 25-27, 2022, and it has four main target categories: control server, OPC UA server, data gateway, and human-machine interface (HMI).
In the control server category, participants can earn up to $20,000 for hacking Iconics Genesis64 and Inductive Automation Ignition products.
In the OPC UA category, white hat hackers can earn between $5,000 and $40,000 for demonstrating exploits against the Unified Automation C++ demo server, the OPC Foundation’s OPC UA .NET standard, the Prosys OPC UA SDK for Java, and Softing Secure Integration Server. The highest rewards are for security bypass exploits and the lowest rewards are for DoS vulnerabilities.
Pwn2Own Miami 2022 is expected to be a hybrid event, with contestants invited to attend physically from the S4 conference in Miami and remotely from anywhere in the world.
Tomi Engdahl says:
FBI: Ranzy Locker ransomware hit at least 30 US companies this year https://www.bleepingcomputer.com/news/security/fbi-ranzy-locker-ransomware-hit-at-least-30-us-companies-this-year/
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.’
Tomi Engdahl says:
FCC revokes license for China Telecom Americas amid national security concerns https://therecord.media/fcc-revokes-license-for-china-telecom-americas-amid-national-security-concerns/
The U.S. Federal Communications Commission voted unanimously to revoke China Telecom Americas U.S. operating license on Tuesday, citing national security concerns. Among the reasons cited for the switch:
China Telecom’s status as a subsidiary of a state-owned enterprise and the possibility that the company could provide a conduit for hackers intent on launching cyber attacks in this country.
Tomi Engdahl says:
Protect your business from password sprays with Microsoft DART recommendations https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/
Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to find new ways to detect these types of attacks and help protect its customers.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12750-deepfake-videot-yleistyvaet-huijauksissa
Tomi Engdahl says:
Kyberhyökkäys ei vaadi syvää teknistä osaamista
https://etn.fi/index.php/13-news/12751-kyberhyoekkaeys-ei-vaadi-syvaeae-teknistae-osaamista
Haittaohjelma. Tietojenkalastelu. Kyberuhat kasvavat edelleen vuosi vuodelta. Verkkorikollisuus on muuttunut teknisesti kiinnostuneiden harrastuksesta miljardin dollarin teollisuudeksi, joka tuottaa nykyään enemmän rahaa kuin maailmanlaajuinen huumekauppa. Työntekijöiden ymmärryksen ja taitojen lisäämisellä voidaan välttää valtaosa uhkista, sanoo kyberturvakoulutukseen erikoistunut SANS Institute.
- Nykyinen tilanne on se, että huijarit voittavat. IT-maailma on erittäin nopeaa, ja uusia laitteistoja, päivityksiä ja tietoturvapäivityksiä tulee lähes päivittäin. Kehitys on niin nopeaa, että IT-osastojen on erittäin vaikea pysyä ajan tasalla. Ja lähes mahdotonta poliitikoille ja lainsäätäjille, joilla ei useinkaan ole edes perustietoa, sanoo River Securityn pääkonsultti ja SANS-instituutin sertifioitu kouluttaja Chris Dale.
Yleinen käsitys on, että kyberhyökkäyksen toteuttaminen on vaikeaa ja että se vaatii syvää teknistä tietämystä ja vuosien erikoistumista. Ehkä se johtuu siitä, että tiedotusvälineissä nähdään usein vain haitallisimpia hyökkäyksiä.
Chris Dalen mukaan asia on juuri päinvastoin. – On olemassa valmiita työkaluja, jotka tekevät hakkeroinnista helppoa. Tiedämme, että koululaiset ovat onnistuneet hakkeroimaan hallituksia. Suurin osa hyökkäyksistä ei ole hienostuneita, eivätkä ne keskity jännittäviin kohteisiin, jotka koskevat sotilaallista turvallisuutta tai kansainvälistä rahoitusta. Valtaosa kohdistuu pieniin ja keskisuuriin yrityksiin, joilla on huonosti hoidettu tietoturva.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/10/26/kyberkonnien-uusimmat-kikat-listattiin/
Tietoturvayhtiö Check Point Software on listannut tulevan vuoden tärkeimmät tietoturvahaasteet. Niissä toimitusketjuhyökkäykset lisääntyvät, ja hakkereiden lunnasvaatimusten rikkovan ennätyksiä. Hyökkääjät jatkavat Covid-19-pandemian hyödyntämistä ja ottavat uusina käyttöön myös syväväärennöksiä, kryptovaluuttoja ja mobiililompakoita.
Tomi Engdahl says:
SolarWinds Outlines ‘Triple Build’ Software Development Model to Secure Supply Chain
https://www.securityweek.com/solarwinds-outlines-triple-build-software-development-model-secure-supply-chain
When FireEye (now Mandiant) disclosed the SolarWinds breach in December 2020, the security world was forced to accept the reality that given the motivation, time and resources, an advanced attacker can breach any organization. And if the breached organization is part of an important supply chain, the potential damage could be devastating.
In the SolarWinds incident, up to 18,000 companies could have received the malware injected into the SolarWinds software. Not all could have been affected. Many of these ‘victims’ did not install the infected version, and many others did so on servers with no internet connectivity. Of those companies that did receive the Nobelium Sunburst malware, only a relatively small number received any follow up attention from the hackers. In the final analysis, fewer than 100 victims’ servers communicated with the hackers. These were important companies and government offices that would be of interest to a foreign adversary state.
SolarWinds has attempted to be open and transparent about the incident and its effects. Its most recent ‘investigative update’ on the incident was published on May 7, 2021. In this analysis, SolarWinds outlines a ‘secure by design’ future, and adds, “We hope sharing of our learnings about this attack serves our customers—as well as the broader IT industry…”
The document — Becoming Secure by Design with SolarWinds — describes a new triple build model designed to ensure that software builds can never again be compromised in the way that Nobelium injected the Sunburst malware into SolarWinds Orion software. It also includes a summary of the security controls implemented to provide resiliency to the SolarWinds environment.
Becoming Secure by Design With SolarWinds
https://www.solarwinds.com/secure-by-design-resources/becoming-secure-by-design-with-solarwinds
Tomi Engdahl says:
Many Ransomware Attacks on OT Organizations Involved Ryuk: IBM
https://www.securityweek.com/many-ransomware-attacks-ot-organizations-involved-ryuk-ibm
Many attacks that impacted organizations with operational technology (OT) networks in 2021 involved ransomware, and operators of the Ryuk ransomware in particular appear to gravitate towards this type of target, according to research conducted by IBM’s X-Force cybersecurity unit.
The company says ransomware has been by far the top attack type launched against OT organizations to date in 2021, accounting for 32% of attacks. The Ryuk ransomware has been involved in many of these attacks and IBM says there has been more documented cases of Ryuk ending up on OT networks compared to most other ransomware strains.
Singleton told SecurityWeek ahead of the event that the study is based only on attacks that have the potential to affect industrial control systems (ICS) or OT systems, including attacks involving insiders, remote access trojans, or IoT botnets.
“Manufacturing and transportation are the two operational technology-related industries X-Force most commonly observes Ryuk actors target, but we know Ryuk actors also love energy and utilities, industrial distribution, oil and gas, and healthcare,” Singleton explained.
While in many attacks the Ryuk ransomware actually makes it to ICS or other OT systems, there are attacks that only hit IT systems directly but still cause disruption to operational systems.
“Ransomware attacks on IT systems alone often also have operational impact because operational systems are shut down as a precaution,” Singleton said. “Our research shows that ransomware attacks have an operational impact 56% of the time—even when the ransomware does not get onto the OT network.”
Ryuk ransomware operators encrypt files found on the victim’s network in an effort to convince them to pay a ransom, but they sometimes also steal valuable data to increase their chances of getting paid. However, in the attacks where Ryuk got into OT networks, IBM did not observe any data theft.
Singleton says OT organizations should focus on segmentation if they want to reduce the risk of significant damage.
“In every instance we have seen where Ryuk got into an OT network, poor network segmentation played a role,” the expert said. “Paying close attention to domain controllers, limiting domain administrator accounts, locking them down and auditing them heavily can decrease the chances ransomware actors can gain access to domain controllers—which is key to deploying ransomware—and in some cases can even decrease opportunities to move over to the OT network.”
Tomi Engdahl says:
Nightmare Email Attacks (and Tips for Blocking Them) https://www.paloaltonetworks.com/blog/2021/10/email-attacks-mitigation-tips/
This type of attack is known as a business email compromise, or BEC.
Each year, Unit 42 security consultants spend thousands of hours on BEC investigations, combing through logs to identify unauthorized activity, determine how unauthorized access occurred and find security gaps that need to be addressed.
Tomi Engdahl says:
Twitter employees required to use security keys after 2020 hack https://www.bleepingcomputer.com/news/security/twitter-employees-required-to-use-security-keys-after-2020-hack/
Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year’s hack. “Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks, ” they said.
Tomi Engdahl says:
Top 5 Cloud Native Security Challenges
https://blog.checkpoint.com/2021/10/27/top-5-cloud-native-security-challenges/
As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints, to compliance fines and new threats of attack. Threats to cloud data security can come from many areas, both internal and external, ranging from valid users misusing data to bad actors attempting to use stolen credentials. While the threats and theft remain ubiquitous, the tactics used by attackers are constantly adapting. In this blog, we’ll look at the top 5 cloud native security challenges and briefly cover ways to mitigate risk.
Tomi Engdahl says:
A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365 https://thehackernews.com/2021/10/a-guide-to-shift-away-from-legacy.html
Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft’s cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols.
Tomi Engdahl says:
NSA and CISA share guidance on securing 5G cloud infrastructure https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-guidance-on-securing-5g-cloud-infrastructure/
CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure.
Tomi Engdahl says:
Kiinnostaako digiturva? Nyt tietoa ilmaiseksi avoimesta yliopistosta
https://etn.fi/index.php/13-news/12761-kiinnostaako-digiturva-nyt-tietoa-ilmaiseksi-avoimesta-yliopistosta
Digiturvallisuus huolettaa yhä useampia. Jyväskylän yliopisto ja Maanpuolustuskoulutus MPK ovat yhdessä suunnitelleet maksuttoman Kansalaisen kyberturvallisuus -kurssin, joka on avautunut ilmaiseksi opiskeltavaksi avoimen yliopiston verkkokoulutuksena.
Jyväskylän yliopiston Lehtori Panu Moilasen mukaan kurssilla paneudutaan tietoihin, jotka ovat nykyään yhtä tärkeää osata kuin vaikkapa liikennesäännöt. – Tämä osaaminen edistää niin yksilön kuin yhteiskunnankin turvallisuutta.
- Kurssin tekijät ovat kärkiosaajia. Tässä yhteistyössä yhdistyvät Jyväskylän yliopiston kyberturvallisuuden tieteellinen ja koulutuksellinen osaaminen Maanpuolustuskoulutus MPK:n kovan luokan ammattilaisten asiantuntemukseen, sanoo Maanpuolustuskoulutus MPK:n toiminnanjohtaja Antti Lehtisalo.
https://www.avoin.jyu.fi/fi/opintotarjonta/informaatioteknologia/kyberturvallisuus
Tomi Engdahl says:
Zachary Basu / Axios:
Microsoft launches a campaign to help fill 250,000 cybersecurity jobs in the US by 2025, offering scholarships and free curriculum for community colleges
Microsoft launches campaign to fill 250,000 cybersecurity jobs
https://www.axios.com/microsoft-cybersecurity-workforce-shortage-4f05feab-17b7-4334-8a1c-85440859660a.html
Microsoft announced Thursday that it’s launching a national campaign to help fill 250,000 cybersecurity jobs in the U.S. by 2025, including by providing free curriculum to every public community college.
Why it matters: The company’s president Brad Smith warned that the current workforce shortage is at crisis levels and threatens to undermine the country’s ability to protect itself against cyber and ransomware attacks.
The big picture: The demand for cybersecurity workers is far outstripping the supply, as cyberattacks by foreign government and non-state actors have caused unprecedented disruptions to federal agencies, supply chains and individual businesses over the last year.
About 263,000 people have joined the cybersecurity workforce in the U.S. in 2020 and 2021 — and yet the number of open cyber jobs still has increased by 17,000, according to a report by cyber nonprofit (ISC)2.
One-third of all cybersecurity jobs in the U.S. are unfilled due to the workforce shortage, according to Microsoft. The gap is currently estimated to be nearly 500,000 open jobs, which Microsoft believes it can halve in the next four years.
Driving the news: In addition to providing free, certificate-oriented curriculum to more than 1,000 community colleges, Microsoft will train faculty at 150 schools and provide scholarships to 25,000 students.
Tomi Engdahl says:
Ransomware: It’s a ‘golden era’ for cyber criminals – and it could get worse before it gets better
The ENISA Threat Landscape report details how ransomware has become the ‘prime’ cybersecurity threat facing organisations today.
https://www.zdnet.com/article/ransomware-its-a-golden-era-for-cyber-criminals-and-it-could-get-worse-before-it-gets-better/
Tomi Engdahl says:
Ransomware: Industrial services top the hit list – but cyber criminals are diversifying
Ransomware gangs are heavily targeting industry with attacks – but increased competition means cyber criminals are expanding their targets.
https://www.zdnet.com/article/ransomware-industrial-services-are-still-the-most-popular-target-but-now-cyber-criminals-are-diversifying-attacks/
Tomi Engdahl says:
Large DDoS attack shuts down KT’s nationwide network
Users of KT’s network were unable to access the internet for around 40 minutes, which the telco said was caused by a ‘large-scale DDoS attack’.
https://www.zdnet.com/article/large-ddos-attack-shuts-down-south-korean-telcos-nationwide-network/
South Korea telco KT said on Monday that the temporary nationwide shutdown of its network earlier today was caused by a large-scale distributed denial-of-service (DDoS) attack.
Customers who use the telco’s network were unable to access the internet for around 40 minutes at around 11am on Monday.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/10/22/verkosta-skannataan-jalleen-suojaamattomia-automaattijarjestelmia/
Tomi Engdahl says:
Heimdal™ Security SOC Team Discovers Typosquatting Domain Masquerading as Crypto-Swapping Platform
https://heimdalsecurity.com/blog/heimdal-typosquatting-domain/
Heimdal™ Security’s Security team has recently unearthed a new typosquatting domain specifically crafted to resemble Trader Joe XYZ’s URL, one of the most sought-after cryptocurrency trading platforms. Tricked by a typo in the spelling of the crypto-swapping platform’s URL, users would send their MetaMask wallets to an unknown party or parties that would ultimately despoil their contents.
Tomi Engdahl says:
https://talentree.fi/softa/euroopan-kyberturvallisuuskuukausi/
Tomi Engdahl says:
How We Can Narrow the Talent Shortage in Cybersecurity
Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a “cybersecurity professional” and rewriting traditional job descriptions.
https://www.darkreading.com/careers-and-people/how-we-can-narrow-the-talent-shortage-in-cybersecurity
Tomi Engdahl says:
Viewing website HTML code is not illegal or “hacking,” prof. tells Missouri gov.
Professor demands that governor halt “baseless investigation” and apologize.
https://arstechnica.com/tech-policy/2021/10/viewing-website-html-code-is-not-illegal-or-hacking-prof-tells-missouri-gov/
Tomi Engdahl says:
A coding bug helped researchers build a secret BlackMatter ransomware decryption tool
https://techcrunch.com/2021/10/25/blackmatter-ransomware-bug-decryption-tool/
Tomi Engdahl says:
Microsoft warns over uptick in password spraying attacks
State-sponsored hackers and cyber criminals are going after identities with password spraying, a low-effort and high-value method for the attacker, says Microsoft’s Detection and Response Team (DART).
https://www.zdnet.com/article/microsoft-warns-over-uptick-in-password-spraying-attacks/
Tomi Engdahl says:
https://www.nixcraft.com/t/error-message-ssl-certificate-problem-unable-to-get-local-issuer-certificate-on-opensuse/3998
Tomi Engdahl says:
https://pentestmag.com/practical-insider-threat-penetration-testing-cases-with-scapy-shell-code-and-protocol-evasion/
Tomi Engdahl says:
Malicious NPM Libraries Caught Installing Password Stealer and Ransomware
https://thehackernews.com/2021/10/malicious-npm-libraries-caught.html
Tomi Engdahl says:
https://voidsec.com/driver-buddy-reloaded/
As part of my continuous security research journey, during this year I’ve spent a good amount of time reverse-engineering Windows drivers and exploiting kernel-mode related vulnerabilities.
While in the past there were (as far as I know), at least two good IDA plugins aiding in the reverse engineering process:
DriverBuddy of NCC Group.
win_driver_plugin of F-Secure.
unfortunately, nowadays, they are both rusty, out of date and broken on the latest version of IDA. They relied on external dependencies, were lacking documentation and in general, they are obsolete.
So, I’ve started developing an internal tool to speed up Windows drivers reverse engineering and security testing efforts. I’m excited to announce that Driver Buddy Reloaded is now available on GitHub.
https://github.com/VoidSec/DriverBuddyReloaded
Tomi Engdahl says:
Palo Alto warns of BEC-as-a-service
According to Palo Alto Networks ‘ researchers, business email compromise continues to be one of the leading ways cybercriminals scam victims finding an average wire fraud attempt of $567,000 with a peak of $6 million.
https://www.zdnet.com/article/palo-alto-warns-of-bec-as-a-service-finds-average-wire-fraud-attempted-is-567000-with-peak-of-6-million/
Tomi Engdahl says:
https://pentestmag.com/pwn-methodology-linux/
Tomi Engdahl says:
https://www.extremetech.com/internet/328503-ftc-study-confirms-isps-collect-a-scary-amount-of-your-personal-data
Tomi Engdahl says:
https://www.blackhillsinfosec.com/dumping-firmware-with-the-ch341a-programmer/
Tomi Engdahl says:
https://www.instructables.com/CH341A-Programmer/
Tomi Engdahl says:
https://www.enertec.fi/natiivi/2962/verkkohyokkaykset-uhkaavat-energia-alaa?fbclid=IwAR0utEr8tLodQlAXo7y9424TWbNLFGqG5J6rkN8kpKYA3NlidwlV9XIR9XE
Tomi Engdahl says:
How to Use Raspberry Pi to Practice and Prevent SQL Injection Attacks
By Ellora James 28 days ago
Create a purposefully vulnerable server and hack it to learn.
https://www.tomshardware.com/how-to/use-raspberry-pi-sql-injection-penetration-testing
Tomi Engdahl says:
https://www.cyberciti.biz/linux-news/google-chrome-extension-to-removes-password-paste-blocking-on-website/