Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
https://www.beckershospitalreview.com/cybersecurity/10-most-common-passwords-in-2021.html
Tomi Engdahl says:
Miksi suomalaiset eivät opi? Nettihuijareiden saama saalis kipuaa tänä vuonna ennätykseen tuhansilta suomalaisilta on viety jo 33 miljoonaa euroa
https://yle.fi/uutiset/3-12189926
Poliisihallituksen tietojen mukaan suomalaiset ovat menettäneet nettihuijaireille varojaan jo 33 miljoonan euron verran. Huijareiden ansoihin on langennut etenkin ikäihmisiä, mutta myös nuoria aikuisia.
Jotkut ovat menettäneet koko omaisuutensa.
Tomi Engdahl says:
Tässä 7 yleistä huijausta varoita läheisiäsi
https://www.iltalehti.fi/tietoturva/a/dbe81c49-ff61-4c77-9ec9-c624b10ab16f
Verkkopankkitunnuksia kalastellaan yhä aktiivisesti.
Tomi Engdahl says:
Celestine Bohlen / New York Times:
As Moscow Metro introduces Face Pay, digital privacy activists express alarm at the implications of introducing city-wide facial recognition — The latest example is Face Pay, which replaces a Metro card with facial recognition. It may be advanced, but activists are sounding the alarm on privacy issues.
https://www.nytimes.com/2021/11/16/world/europe/moscow-face-pay-technology-privacy.html
Tomi Engdahl says:
Cybersecurity Spending: An analysis of Investment Dynamics within the EU https://www.enisa.europa.eu/news/enisa-news/cybersecurity-spending-an-analysis-of-investment-dynamics-within-the-eu
The European Union Agency for Cybersecurity issues a new report on how cybersecurity investments have developed under the provisions of the NIS directive.
Tomi Engdahl says:
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service https://www.bleepingcomputer.com/news/security/threat-actors-offer-millions-for-zero-days-developers-talk-of-exploit-as-a-service/
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.
Some adversaries claim multi-million U.S. dollar budgets for acquiring zero-day exploits but those that don’t have this kind of money may still have a chance to use zero-days if a new ‘exploit-as-a-service’
idea becomes reality.
Tomi Engdahl says:
Evil Corp: ‘My hunt for the world’s most wanted hackers’
https://www.bbc.com/news/technology-59297187
Many of the people on the FBI’s cyber most wanted list are Russian.
While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein.
Tomi Engdahl says:
Most SS7 exploit service providers on dark web are scammers https://www.bleepingcomputer.com/news/security/most-ss7-exploit-service-providers-on-dark-web-are-scammers/
The existence of Signaling System 7 (SS7) mobile telephony protocol vulnerabilities is something security researchers warned about in 2016, and it only took a year before the first attacks exploiting them were observed.
Tomi Engdahl says:
CISA Releases Incident and Vulnerability Response Playbooks
https://www.securityweek.com/cisa-releases-incident-and-vulnerability-response-playbooks
In response to an executive order signed by President Biden in May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two cybersecurity playbooks focusing on incident response and vulnerability response.
The executive order on improving the nation’s cybersecurity tasked CISA with developing playbooks for federal civilian agencies to help them plan and conduct vulnerability and incident response. While the playbooks have been created for federal civilian agencies and their contractors, CISA says the information could also be useful to critical infrastructure organizations and private sector companies.
The new playbooks are designed to provide agencies with a standard set of procedures for identifying, coordinating, remediating, recovering and tracking mitigations from incidents and vulnerabilities affecting their systems, data and networks
Cybersecurity Incident
& Vulnerability Response Playbooks
https://www.cisa.gov/sites/default/files/publications/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf
.
Operational Procedures for Planning and
Conducting Cybersecurity Incident and Vulnerability
Response Activities in FCEB Information Systems
Tomi Engdahl says:
Salaus kannattaa aina tehdä laitetasolla
https://etn.fi/index.php/13-news/12835-salaus-kannattaa-aina-tehdae-laitetasolla
Suomalainen Xiphera on pitkänä kehittänyt ratkaisuja internet-liikenteen laitepohjaiseen salaukseen. Eilisessä webinaarissa yhtiön perustaja Kimmo Järvinen muistutti, että salaus kannattaa aina tehdä laitetasolla.
Laitesalauksen ylivoimaa Järvinen perusteli eilen seikkaperäisesti. Ohjelmistopohjaisena salaus pitää mapata prosessorin käskykantaan, joka ei ole helppoa. Prosessit vievät käskyjä, mikä aiheuttaa latenssia salaukseen. -Raudalla, esimerkiksi FPGA-piirillä salaus voidaan optimoida bitti- ja kellojaksotasolla, Järvinen muistutti.
Periaatteessa ohjelmistopohjainen salaus on vain ohjelma ja dataa. Avaimet tallentuvat käyttömuistiin ja ohjelmistopinon virheet ja toiminnot voivat riskeerata turvallisuuden. – Salauspinot kuten Arm:n TrustZone parantavat tilannetta, mutta niihinkin voidaan kohdistaa hyökkäyksiä, Järvinen muistutti.
Laitepohjainen salaus muuttaa kuvion täysin. Salauslaskenta ja avaimet voidaan eristää toisistaan. Vaikka ohjelmisto murrettaisiin, avaimet pysyisivät suojattuna. Näin on tehty esimerkiksi Xipheran IP-ratkaisussa, jossa salausprosessointi ja avaimet ovat eristettynä FPGA-matriisissa.
- Jos salaus on erillisessä laitteistossa, avaimia ei voi saada haltuunsa, koska ne eivät ole samassa muistissa koskaan, Järvinen korosti.
Ei kuitenkaan riitä, että avaimet ovat omassa suojatussa laiteosiossaan, jos ohjelmisto voi tehdä kutsuja siihen. Mikäli ohjelmisto murretaan, koko järjestelmän turvallisuus todennäköisesti murtuu joskus. Rataisu tähän on rakentaa luottamus luotetun HW-komponentin avulla. Tätä kutsutaan nimellä Root-of-Trust eli luottamuksen juuri.
FPGA-pohjaisissa toteutuksissa tärkeää on myös piirin ulkopuolelta flash-muistista ladattavan konfigurointidatan suojaaminen. Moderneissa FPGA-piireissä tämä ei ole ongelma, sillä ne tukevat salattua ja antentikoitua konfigurointia. Konfigurointidata voidaan purkaa vain FPGA:lle tallennetulla salausavaimella.
Järvisen mukaan Xipheran salaus on tarjolla kolmena eri kategoriana. Niistä kompaktein sopisi myös pienemmille FPGA-piireille ja periaatteessa mahdollistaisi myös IoT-laitteiden laitepohjaisen salauksen.
Tomi Engdahl says:
Koko internet voidaan skannata 45 minuutissa
https://etn.fi/index.php/opinion/12837-koko-internet-voidaan-skannata-45-minuutissa
Mikään aukko ei nykyään jää verkossa kokeilematta. Suurten yritysten verkkopalveluita skannataan useita kertoja päivässä, ja koko internet voidaan skannata 45 minuutissa, kun aikaisemmin siihen on mennyt viikkoja, kirjoittaa Haaga-Helia ammattikorkeakoulussa tutkimusaluejohtajana toimiva Ari Alamäki.
Kuvittele, että murtovaras on joka hetki kokeilemassa, pääseekö hän sisään kotiisi tai yrityksesi toimitiloihin. Tai että rikollinen pystyy minuutin aikana skannaamaan helikopterista, onko kaupungissa yhtään auki unohtunutta ovea. Tällainen on nykytilanne internetissä.
Kuvaus hätkähdytti, vaikka olin jo yli vuosikymmen sitten hämmästellyt palvelunestohyökkäysten päivittäistä määrää maailmalla reaaliaikaisen datan kautta. Kymmenessä vuodessa haavoittuvuuksien skannauksen nopeus on kasvanut 1500-kertaiseksi.
Tietoverkosta on tullut modernin yhteiskunnan keskeinen moottori, joka on lisännyt työn tehokkuutta ja tuonut ajallisia säästöjä. Toisaalta se on myös muuttunut haavoittuvammaksi, kun kansainväliset rikolliset ovat alkaneet hyödyntää sitä yhä enemmän. Verkon kautta varastetut tai kiristetyt rahat on mahdollista muuttaa kryptovaluutoiksi, jolloin niiden jäljittäminen on tavallisten pankkien ja viranomaisten ulottumattomissa.
Kaikkia kyberrikollisuuden muotoja ei tehdä murtautumalla vaan esimerkiksi huijaamalla käyttäjä klikkaamaan väärennetylle sivustolle, jonne tämä ei haluaisi päätyä. Siksi kansalaisten digitaalinen lukutaito myös kyberturvallisuuden vaarojen tunnistamisessa on yhä tärkeämpää. Ehkä digitaalisen lukutaidon käsitteeseen tulisikin lisätä myös kyberturvallisuuden riskien tunnistaminen.
Tomi Engdahl says:
How to Improve Red Team Effectiveness using Obfuscation
https://www.securityweek.com/how-improve-red-team-effectiveness-using-obfuscation
Setting up an obfuscated network in the cloud gives a red team the flexibility to test security against different cloud vendors
In the cybersecurity field, red teams are unsung heroes. These are the “ethical hackers” or white hats that test an organization’s defenses by staging controlled attacks that simulate a real-life breach. This kind of penetration testing can yield invaluable information to help the defensive “blue teams” build defenses to protect the system before an attack happens.
For red teams to do their work, they need to operate in the most realistic way possible, the better to spot the vulnerabilities that could put your network’s security in danger. Yet, at the same time, the testing procedure needs to protect the system so the pen testing itself doesn’t end up accidentally crippling operations. This is where obfuscation comes in.
What is Obfuscation
At its most basic, obfuscation is camouflage, making things look like something else. In cybersecurity, it’s making data and code look unlike themselves.
Attackers use obfuscation to conceal their tracks and data that is being exfiltrated. Defenders can use it too; to protect intellectual property or hide IP addresses or network identities that could expose the system to attack. Obfuscation using VPNs, browser plug-ins and virtual desktops is an effective way to reduce attack surface, making it harder for bad guys to target networks and slowing down their lateral moves.
For red teams, using an obfuscated network for testing offers the advantage of hiding who is performing the attack and where it is originating, for a more real-life context. It lets the red team blend in with the normal network traffic while performing reconnaissance and test attacks in a more realistic manner.
Tomi Engdahl says:
Acronyms Aside, the SOC of the Future Needs These 3 Capabilities
https://www.securityweek.com/acronyms-aside-soc-future-needs-these-3-capabilities
To be efficient and effective, the SOC of the future needs to be able to:
1. Focus on data. Data is the lifeblood of security because it provides context from a wide range of internal and external sources, including systems, threats, vulnerabilities, identities and more. When security is data-driven, teams have the context to focus on relevant, high-priority issues, make the best decisions and take the right action. Data-driven security also provides a continuous feedback loop that enables teams to store and use data to improve future analysis.
2. Ensure systems and tools can work together. Since the data that teams need for analysis is spread throughout the typical organization, bi-directional integrations enable teams to bring that data together in a common work surface. An open integration architecture provides the greatest access to data from technologies, threat feeds and other third-party sources. It also enables teams to drive action back to those technologies once a decision is made.
3. Balance automation with human response. The most effective way to empower teams is to apply automation to repetitive, low-risk, time-consuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, times-sensitive investigations are best led by a human analyst with automation simply augmenting the work. Automation, when there is a balance between human and machine, ensures that teams always have the best tool for the job.
Tomi Engdahl says:
Solving the Right to be Forgotten Problem
https://www.securityweek.com/solving-right-be-forgotten-problem
The Right to be Forgotten (technically the right to erasure or for users to have personal data removed from service providers’ records) creates a big problem for suppliers. This right is becoming standard across the new global wave of data protection and consumer privacy legislation that has followed GDPR.
The process of continuous location monitoring and/or on-demand detection of users’ data for erasure is time-consuming and costly. A new tokenization service offers a potential solution.
Tokenization is an attractive option for protecting data. For full benefit, individual characters should be tokenized. However, the processing power necessary for such a process has held back its implementation. Now the compute power and low storage cost of cloud computing is removing this restriction.
Start-up firm Rixon Technology has developed and is using its own patented cloud-based vaultless tokenization engine to provide flexible and almost real-time tokenization and detokenization.
The basic Rixon approach to tokenization is that cleartext should never be stored on its customer’s network. Raw text is sent to the cloud tokenization engine and returned as tokens. The original cleartext is stored neither locally nor in the cloud – the engine simply remembers the tokenization process. This is held in immutable cloud servers that cannot be accessed by any human, whether the customer, a hacker or Rixon itself. If the server detects anything unusual, it simply burns itself down and rebuilds elsewhere.
Rixon invited Joseph Demarest, former assistant director for the cyber division of the FBI, to review its security. “I couldn’t find any gaps,” he told SecurityWeek. “The technology is durable, very fast, flexible and customizable. The customer retains ownership of the data and can decide on its security policy based on its own risk tolerances.”
Tokenization is by nature format-preserving, which means that tokenized data can still be processed by existing applications. Since individual characters can be tokenized, enough of the cleartext can be retained to be useful to the company without being useful to any criminal – for example, the last four characters of a bank card number or a portion of an email address that can confirm the identity.
RTBF – the user’s right to have PII erased
PII is ubiquitous within business. It is basically ‘customer information’. RTBF requires that every instance of PII should be available for deletion on demand. But most companies don’t know where it is held. It could be in databases; it could be free form in emails and letters; and with the rise of remote working, it could be on employees’ home computers in spreadsheets or in their Shadow IT cloud apps.
Much of this PII is initially captured by online retailers for purchasing transactions. With Rixon’s RTBF solution, the Rixon customer – such as an online retailer or service provider – can add an additional button to its online payment data collection form. The button is a toggle between ‘allow’ and ‘forget’. The initial state is ‘allow’.
Tomi Engdahl says:
Cyber Defenders Should Prepare for Holiday Ransomware Attacks
https://www.securityweek.com/cyber-defenders-should-prepare-holiday-ransomware-attacks
High days and holidays are prime time for ransomware. This should come as no surprise to anyone – but many companies remain surprisingly unaware or at least unprepared.
On August 31, 2021 – just ahead of Labor Day – a joint alert from the FBI and CISA warned that ransomware attacks will likely increase on specific holidays and generally throughout the entire holiday season. The alert specifically cited the DarkSide Colonial Pipeline attack (Mother’s Day weekend), the REvil JBS attack (Memorial Day weekend), and the Sodinokibi/REvil Kaseya attack (Fourth of July holiday weekend).
Tomi Engdahl says:
Supply Chain Security Fears Escalate as Iranian APTs Caught Hitting IT Services Sector
https://www.securityweek.com/supply-chain-security-fears-escalate-iranian-apts-caught-hitting-it-services-sector
Fears of software supply chain attacks escalated again this week with a new warning from Microsoft that it has caught Iranian threat actors breaking into IT services shops in India and Israel and using that access to hit the real targets.
Two of Redmond’s premier threat hunting units — the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) — are sounding the alarm for a series of intrusions at companies that sell business management and integration software to millions of global organizations.
Once inside the IT services organizations, Microsoft said the Iranian hackers are “extending their attacks to compromise downstream customers,” much like the SolarWinds supply chain mega-hack that snagged thousands of corporate victims globally.
Microsoft warned of a significant surge in these attacks — more than 1,600 notifications to over 40 IT companies in response to Iranian targeting, compared to 48 notifications in 2020 — and warned that downstream attacks are targeting organizations in the defense, energy, and legal sectors
“As India and other nations rise as major IT services hubs, more nation state actors follow the supply chain to target these providers’ public and private sector customers around the world matching nation state interests,” Microsoft said in a report calling attention to the surge in these Iran-linked attacks.
Iranian targeting of IT sector on the rise
https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/
Tomi Engdahl says:
CISA Adds Four Known Exploited Vulnerabilities to Catalog
https://us-cert.cisa.gov/ncas/current-activity/2021/11/17/cisa-adds-four-known-exploited-vulnerabilities-catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch (FCEB) agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
Tomi Engdahl says:
Dark web crooks are now teaching courses on how to build botnets https://www.zdnet.com/article/college-for-cyber-criminals-dark-web-crooks-are-teaching-courses-on-how-to-build-botnets/
Security researchers are warning that the botnet threat could increase as more would-be crooks learn how to build their own.
Tomi Engdahl says:
Iranian targeting of IT sector on the rise https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/
Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain. Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
Tomi Engdahl says:
Verkkohuijauksia kannattaa varoa ja varoittaa myös muita
https://www.uusiteknologia.fi/2021/11/19/verkkohuijauksia-kannattaa-varoa-ja-varoittaa-myos-muita/
Tomi Engdahl says:
OpenSSH is critical for #Linux and #Unix servers including desktop systems such as macOS or WSL. However, misconfig can create issues. But fear not, you can audit the SSH server and client config easily. You don’t have to be a security guru for that. New developers and sysadmins can look for security and other issues. https://www.cyberciti.biz/tips/how-to-audit-ssh-server-and-client-config-on-linux-unix.html
Tomi Engdahl says:
Privacy Report: What Android Does In The Background
https://hackaday.com/2021/11/18/privacy-report-what-android-does-in-the-background/
While Apple keeps their mysteries to themselves and thus can’t be fully trusted, Android is much more open which paradoxically makes it easier for companies (and malicious users) to spy on users but also makes it easier for those users to secure their privacy on their own. Thanks to this recent privacy report on several different flavors of Android (PDF warning) we know a little bit more on specifically what the system apps are doing, what information they’re gathering and where they’re sending it, and exactly which versions of Android are best for those of us who take privacy seriously.
Android Mobile OS Snooping By Samsung,
Xiaomi, Huawei and Realme Handsets
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
Tomi Engdahl says:
https://bgr.com/tech/these-are-the-worst-passwords-of-2021-so-stop-using-them-asap/
Tomi Engdahl says:
https://pentestmag.com/is-the-future-of-cyber-security-in-the-hands-of-artificial-intelligence-ai/
Tomi Engdahl says:
https://www.hackster.io/news/sudomaker-s-picorng-is-a-pic-based-true-random-number-generator-with-some-neat-features-a044bc961617
Tomi Engdahl says:
https://www.sitefix.fi/tietoturva/miksi-wordpress-sivustoja-hakkeroidaan/
Tomi Engdahl says:
Hackers backed by Iran are targeting US critical infrastructure, US warns
Vulnerabilities already patched by Microsoft and Fortinet are being exploited en masse.
https://arstechnica.com/gadgets/2021/11/beware-of-iranian-government-backed-hackers-waging-ransomware-us-warns/
Tomi Engdahl says:
Congress passes bill banning new FCC equipment authorizations for Hikvision, Dahua and others
Oct. 29, 2021
Secure Equipment Act would enshrine proposed rule introduced by FCC earlier this year into law
https://www.securityinfowatch.com/video-surveillance/article/21243600/congress-passes-bill-banning-new-fcc-equipment-authorizations-for-hikvision-dahua-and-others
Tomi Engdahl says:
Ransomware gangs are now rich enough to buy zero-day flaws, say researchers
Zero-day cybersecurity vulnerabilities have traditionally been the preserve of nation states – but now criminal gangs have the funds to buy their own.
https://www.zdnet.com/article/ransomware-gangs-are-now-rich-enough-to-buy-zero-day-flaws-say-researchers/
Tomi Engdahl says:
US regulators order banks to report cyberattacks within 36 hours
https://www.bleepingcomputer.com/news/security/us-regulators-order-banks-to-report-cyberattacks-within-36-hours/
Tomi Engdahl says:
The Best Ransomware Response, According to the Data
https://threatpost.com/ransomware-response-data/176360/
An analysis of ransomware attack negotiation-data offers best practices.
Ransomware has become part of the cost of doing business, and driving down that cost can be the difference between recovery and catastrophe.
Once breached, the researchers explain the optimal response is none, but of course, that’s a luxury most victims can’t afford.
Fox-IT cybersecurity analyst Pepijn Hack and Zong-Yu Wu, a threat analyst with the company, explained that when negotiation is the only choice, there are strategies to affect the best possible outcome.
“There is a negative sentiment in our society towards paying or negotiating with criminals, and the legitimacy and ethics of it are also questionable to say the least,” the report said. “Nonetheless, we realize that a significant percentage of companies currently do end up paying the ransom demand.”
Costs to ransomware groups can include fees to launder extorted cryptocurrency, ransomware-as-a-service fees and commissions, and the cost of carrying out the attack itself, according to the report.
“The results show that the adversaries operating behind the dataset we collected knew how much ransom a victim is willing to pay before the negotiation had started,”
Tomi Engdahl says:
Massive camera hack exposes the growing reach and intimacy of American surveillance
https://www.washingtonpost.com/technology/2021/03/10/verkada-hack-surveillance-risk/
A breach of the camera start-up Verkada ‘should be a wake-up call to the dangers of self-surveillance,’ one expert said: ‘Our desire for some fake sense of security is its own security threat’
Tomi Engdahl says:
Windows 10 Zero-Click Security Exploit Wanted. Reward: $3 Million
https://trib.al/M43IXpp
The $3 million Windows 10 no-click zero-day exploit is here
According to the latest research from Digital Shadows, a digital risk protection specialist, the cybercriminal marketplace is booming. Once the prerogative of nation-state actors, the kind of no-click zero-day exploits used in secret-squirrel surveillance operations that come with multi-million price tags are now within reach of criminal actors as
The report, ‘Vulnerability Intelligence: Do you know where your flaws are?’ found that the ceiling for such zero-day pricing has now hit $10 million. Not that there is evidence, as of yet, that these sums have been realized, but the chatter is there, and that’s worrying. As is the $3 million that has been put on the table by one threat actor looking for a working zero-click zero-day remote code execution exploit for Windows 10.
One thing I can’t dispute, however, is the Digital Shadows conclusion that it could lead to “more and more financially motivated threat actors with their hands on dangerous tools.” And that’s something we should all be concerned about.
Vulnerability Intelligence: What’s The Word In Dark Web Forums?
https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-whats-the-word-in-dark-web-forums/
Tomi Engdahl says:
Zero Trust: An Answer to the Ransomware Menace?
https://www.darkreading.com/vulnerabilities-threats/zero-trust-an-answer-to-the-ransomware-menace-
Zero trust is the latest buzzword thrown around by security vendors, consultants, and policymakers as the panacea to all cybersecurity problems. Some 42% of global organizations say they have plans in place to adopt zero trust. The Biden administration also outlined the need for federal networks and systems to adopt a zero-trust architecture. At a time when ransomware continues to make headlines and break new records, could zero trust be the answer to ransomware woes? Before we answer this question, let’s first understand zero trust and its core components.
Tomi Engdahl says:
Näin suojaudut nettihuijauksilta suomalaisilta viety tänä vuonna jo kymmeniä miljoonia euroja
https://www.tivi.fi/uutiset/tv/86a47977-d868-465f-a515-1d3dd0434da4
Tänä vuonna poliisin tilastojen mukaan suomalaiset ovat menettäneet nettihuijauksissa yli 35 miljoonaa euroa. Nyt finanssialan toimijat,
Liikenne- ja viestintäviraston Kyberturvallisuuskeskus, Kuluttajaliitto, poliisi, Digi- ja väestötietovirasto, Kela ja Microsoft ryhtyvät yhteistyöhön, jotta entistä harvemmat lankeaisivat huijauksiin. Poliisi kertoo, että sijoitushuijauksilla on viety 13 miljoonaa, it-tuki-, toimitusjohtaja- ja rakkaushuijauksilla yli 13 miljoonaa ja pankkihuijauksilla yli yhdeksän miljoonaa euroa.
Tomi Engdahl says:
NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures https://us-cert.cisa.gov/ncas/current-activity/2021/11/19/nsa-and-cisa-release-guidance-securing-5g-cloud-infrastructures
CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects of pod security including limiting permissions on deployed containers, avoiding resource contention and denial-of-service attacks, and implementing real-time threat detection.
Tomi Engdahl says:
The House passes Biden’s $1.7 trillion budget plan, with millions in cybersecurity spending https://therecord.media/the-house-passes-bidens-1-7-trillion-budget-plan-with-millions-in-cybersecurity-spending/
The House on Friday voted along mostly party lines to approve President Joe Biden’s $1.7 trillion social and climate change bill, which devotes millions to cybersecurity programs throughout the federal government. The House voted 220 to 213 to pass Biden’s Build Back Better bill. One Democrat joined all Republicans in opposing the measure. The legislation now goes to the Senate, where its future is murky.
Tomi Engdahl says:
Tor Project sees decline in server numbers, will offer rewards for new bridge operators https://therecord.media/tor-project-sees-decline-in-server-numbers-will-offer-rewards-for-new-bridge-operators/
The Tor Project said this week that it has seen a drop in the number of Tor relays and bridge servers and is now offering various rewards to users who help bring the number back up. Rewards include the likes of hoodies, t-shirts, and stickers and are meant to provide some sort of meaningful gift to those who help keep the Tor anonymity network alive and resilient to censorship. More specifically, the rewards will be provided to those who run Tor “bridges, ” which serve as entry points into the Tor network for users located in countries that block access to Tor servers. “We currently have approximately 1, 200 bridges, 900 of which support the obfs4 obfuscation protocol, ” said Gustavo Gus, Community Team Lead for the Tor Project.
Tomi Engdahl says:
Ransomware is now a giant black hole that is sucking in all other forms of cybercrime https://www.zdnet.com/article/ransomware-is-now-a-giant-black-hole-that-is-sucking-in-all-other-forms-of-cybercrime/
Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being repurposed into a system for delivering potential victims. “The gravitational force of ransomware’s black hole is pulling in other cyberthreats to form one massive, interconnected ransomware delivery system — with significant implications for IT security, ” said security company Sophos in a report. Ransomware is considered by many experts to be most pressing security risk facing businesses — and its extremely lucrative for the gangs involved, with ransom payouts increasing significantly.
Tomi Engdahl says:
Tällaisia lunnaita nettikiristäjät vaativat suomalaisyrityksiltä “Gdpr on vain pahentanut tilannetta”
https://www.tivi.fi/uutiset/tallaisia-lunnaita-nettikiristajat-vaativat-suomalaisyrityksilta-gdpr-on-vain-pahentanut-tilannetta/1f13080d-0204-4809-b0e3-094937e53c52
Tomi Engdahl says:
Microsoft warning: Now Iran’s hackers are attacking IT companies, too https://www.zdnet.com/article/microsoft-warning-now-irans-hackers-are-attacking-it-companies-too/
Microsoft has raised an alarm about a massive surge in Iranian state-sponsored hacking attempts against IT services firms. According to Microsoft, attacks from state-sponsored Iranian hackers on IT services firms were virtually non-existent in 2020, but this year exceeded 1, 500 potential attacks. “Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks, ” it said.
Tomi Engdahl says:
Your Smartphone May Soon Be Able To Detect Hidden Spy Cameras https://www.forbes.com/sites/leemathews/2021/11/19/your-smartphone-may-soon-be-able-to-detect-hidden-spy-cameras/
This new ability is thanks to the addition of a time-of-flight (ToF) sensor to many new models. The sensor helps a smartphone analyze depth information about a scene that’s being photographed. It does that by beaming out a laser. The laser bounces off objects and then returns to the sensor, and the phone can then analyze the data that’s been gathered and use it to optimize camera settings. A team of researchers discovered that the laser from the ToF sensor can do more than produce better-looking pictures. It turns out that the intense beam causes abnormal reflections when it hits something like the lens of a camera.
Tomi Engdahl says:
Businesses’ proxyware headache
https://www.kaspersky.com/blog/proxyware/42947/
Employees can install proxyware without their employer’s knowledge, introducing additional business cyberrisks. Researchers at Cisco Talos coined the term proxyware and have reported on the phenomenon in depth. Essentially, a proxyware service acts as a proxy server. Your best way to combat criminal exploitation through proxyware is to install a reliable antivirus solution on every computer that has Internet access. Not only will that protect your company from the harmful effects of proxyware, but if said proxyware includes, or is included with, other malware, you’ll still be covered.
Tomi Engdahl says:
U.S Banks Required to Report Cyberattacks to Regulators Within 36 Hours
https://www.securityweek.com/us-banks-required-report-cyberattacks-regulators-within-36-hours
In less than half a year, banks in the United States will be required to notify federal regulators of serious cybersecurity incidents within 36 hours.
The final version of this cybersecurity incident notification rule was announced on Thursday by the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve, and the Office of the Comptroller of the Currency (OCC).
The rule applies to banking organizations and their service providers, and it will take effect on April 1, 2022, with full compliance extended to May 1, 2022.
“FDIC-supervised banking organizations will be required to notify the FDIC as soon as possible and no later than 36 hours after the banking organization determines that a computer-security incident that rises to the level of a notification incident has occurred,” the agencies said. “The banking organization must provide this notification to the appropriate FDIC supervisory office, or an FDIC-designated point of contact, through email, telephone, or other similar methods that the FDIC may prescribe.”
“Security incidents” are incidents that result in actual harm to the confidentiality, integrity or availability of information systems. “Notification incidents” are incidents that cause serious disruption to operations, ones that prevent the bank from delivering its products and services, or ones that pose a risk to the stability of the financial sector. Examples provided by the agencies include computer failures, DDoS attacks or ransomware attacks.
Bank service providers will be required to report incidents to client banks in case banking services are — or are likely to be — disrupted for more than four hours.
https://www.fdic.gov/news/board-matters/2021/2021-11-17-notational-fr.pdf
Tomi Engdahl says:
Acronyms Aside, the SOC of the Future Needs These 3 CapabilitiesTo be efficient and effective, the SOC of the future needs to be able to:
1. Focus on data. Data is the lifeblood of security because it provides context from a wide range of internal and external sources, including systems, threats, vulnerabilities, identities and more. When security is data-driven, teams have the context to focus on relevant, high-priority issues, make the best decisions and take the right action. Data-driven security also provides a continuous feedback loop that enables teams to store and use data to improve future analysis.
2. Ensure systems and tools can work together. Since the data that teams need for analysis is spread throughout the typical organization, bi-directional integrations enable teams to bring that data together in a common work surface. An open integration architecture provides the greatest access to data from technologies, threat feeds and other third-party sources. It also enables teams to drive action back to those technologies once a decision is made.
3. Balance automation with human response. The most effective way to empower teams is to apply automation to repetitive, low-risk, time-consuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, times-sensitive investigations are best led by a human analyst with automation simply augmenting the work. Automation, when there is a balance between human and machine, ensures that teams always have the best tool for the job.
https://www.securityweek.com/acronyms-aside-soc-future-needs-these-3-capabilities
Tomi Engdahl says:
Researchers Scan the Web to Uncover Malware Infections
https://www.darkreading.com/security-monitoring/researchers-scan-the-web-to-uncover-malware-infections
Dozens of companies and universities regularly scan the Internet to gather data on connected devices, but some firms are looking deeper to uncover the extent of detectable malware infections.
Tomi Engdahl says:
Identifying Vulnerabilities in Cellular Networks
Oct. 27, 2021
This article takes an in-depth look at a systematic framework for the analysis of cellular-network protocols, involving a 4G LTE example, to enhance security.
https://www.mwrf.com/technologies/test-measurement/article/21179664/identifying-vulnerabilities-in-cellular-networks?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS211029009&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
What you’ll learn:
Why systematic methodologies are critical for securing communication protocols.
High-level view of key elements of these systematic methodologies.
Tomi Engdahl says:
Privacy Report: What Android Does In The Background
https://hackaday.com/2021/11/18/privacy-report-what-android-does-in-the-background/
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
Tomi Engdahl says:
Trend Micro: kyberturva jää yrityksissä usein kakkoseksi
https://etn.fi/index.php/13-news/12846-trend-micro-kyberturva-jaeae-yrityksissae-usein-kakkoseksi
Tietoturvayritys Trend Micron uuden tutkimuksen mukaan 93 prosenttia suomalaisista IT-päättäjistä väittää, että heidän yrityksensä on valmis tekemään kompromisseja kyberturvallisuudesta digitaalisen muutoksen, tuottavuuden tai muiden tavoitteiden hyväksi. Luku on tietysti varsin huolestuttava.
Suomalaisten yritysten lukema on hieman maailmanlaajuista 90 prosentin tulosta korkeampi. Lisäksi 80 prosenttia suomalaisista vastaajista on painostettu vähättelemään kyberriskien vakavuutta.
- IT-päättäjät sensuroivat itseään yritysten hallituksen edessä, sillä he ovat huolissaan toistuvien tai liian negatiivisten raporttien vaikutuksesta. Lähes kolmasosa päättäjistä kertoo paineen riskien vähättelyyn olevan jatkuvaa. Tämä muodostaa jatkuvan noidankehän, jonka tuloksena yrityksen johto ei tiedä todellisia riskejä, kertoo Trend Micron kyberturva- asiantuntija Kalle Salminen.
BUSINESS FRICTION IS EXPOSING ORGANISATIONS TO CYBER THREATS
https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study
Tomi Engdahl says:
How to defend your website against card skimmers https://blog.malwarebytes.com/web-threats/2021/11/how-to-defend-your-website-against-card-skimmers/
Black Friday and the holiday season are approaching, and shoppers are forecast to spend record amounts again this year. Retail websites big and small can expect a lot of interest from shoppers looking for deals, and a lot of interest from cybercriminals looking to cash in on those shoppers, by stealing their credit card details with stealthy card skimmers. Card skimmers, or web skimmers, are pieces of malicious software that criminals piggyback on to legitimate websites, so they can steal shoppers’ credit card details. The skimmers read the details as users type them into the sites’ payment forms, or replace the payment forms with convincing fakes. Attackers have even been seen adding entire checkout pages to sites that don’t take payments.
Skimmers can steal card details in real time, as they are typed, even before the victim clicks “submit” on the payment form. Skimmers allow criminal hackers to silently rob every customer that makes a purchase on an infected website, until they are discovered and removed.
Malwarebytes products detect card skimmers, and our Threat Intelligence team tracks and investigates them. We know that card skimming activity tends to increase inline with busy shopping days, and shop owners need to be extra-vigilant heading in to the holiday season.