Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
MAKSUMUURI. Kyberhäirinnässä ja urheilun dopingissa on paljon yhteistä. Jäljitys ja testausmenetelmät kehittyvät, mutta niin kehittyy huijauskin. Ja huijarit tuntuvat olevan aina askelen verran edellä. Joskus he paljastuvat vasta vuosia myöhemmin. “Maailma on matkalla siihen suuntaan, että teknologia kehittyy yhä nopeammin ja lisääntyessään pikemminkin lisää erilaisten häiriötilojen mahdollisuutta ja luo uudenlaisia haavoittuvuuksia. Ei ole olemassa aukotonta turvallisuutta”, Limnéll sanoo. Teknologiankaan avulla maailmaa ei siis saada valmiiksi. Lisäksi kriisit tuppaavat aina tulemaan yllätyksenä: New York 11. syyskuuta, Bosnian sota, Hitlerin valtaantulo, Sarajevon laukaukset. “Historian valossa meidät yllätetään aina. Ja jos teknologian kannalta asiaa miettii, niin teknologia vain lisää kriisien monimutkaisuutta ja yllätyksellisyyttä.”
Tomi Engdahl says:
Biometric auth bypassed using fingerprint photo, printer, and glue https://www.bleepingcomputer.com/news/security/biometric-auth-bypassed-using-fingerprint-photo-printer-and-glue/
Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools. Although fingerprint-based biometric authentication is generally considered superior to PINs and passwords in terms of security, the fact that imprints can be left in numerous public places makes it ripe for abuse. It has been previously proven that there are ways to collect and use people’s fingerprints to fool even the most sophisticated sensors. However, these typically involve using niche tools such as DSLR cameras and high-fidelity 3D printers.
If only there was a cheap way to retrieve these imprints and convert them to usable fingerprints, it would severely and negatively impact the security of this particular authentication method.
Tomi Engdahl says:
Delivering on the Promise of 5G Requires New Security Standards
https://www.securityweek.com/delivering-promise-5g-requires-new-security-standards
In order to deliver on the promise of 5G, we need new industry standards for security, testing, and training
5G has the potential to deliver incredible innovations — from smart cities to self-driving cars to advances in healthcare, manufacturing, and other key verticals. While 5G improves upon previous generations’ cybersecurity vulnerabilities, it also brings new risks:
● 5G is software-defined. The increased role of software in 5G makes it more susceptible to dynamic, software-based attacks on the software that manages the network and the network itself.
● 5G will accelerate IoT. Frost & Sullivan predicted there will be 67.7 billion IoT devices in service by 2025. Each of these devices represents expanding attack surfaces and potential entry points for cyber attackers to gain access to the network and its connected devices. This opens up a wealth of frightening possibilities for attackers — from taking over a webcam or manipulating sensor readings to far more serious implications like crashing a power station, shutting off a pacemaker, or even taking control of a car.
● 5G has a complex supply chain. 5G’s decentralized, open source foundation is made up of a complex, interconnected supply chain of networks (as recent high-profile breaches can attest), mobile operators, and suppliers that creates new opportunities for cyber attacks.
Tomi Engdahl says:
NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures
https://us-cert.cisa.gov/ncas/current-activity/2021/11/19/nsa-and-cisa-release-guidance-securing-5g-cloud-infrastructures
CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects of pod security including limiting permissions on deployed containers, avoiding resource contention and denial-of-service attacks, and implementing real-time threat detection.
Identifying Vulnerabilities in Cellular Networks
Oct. 27, 2021
This article takes an in-depth look at a systematic framework for the analysis of cellular-network protocols, involving a 4G LTE example, to enhance security.
https://www.mwrf.com/technologies/test-measurement/article/21179664/identifying-vulnerabilities-in-cellular-networks?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS211029009&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
What you’ll learn:
Why systematic methodologies are critical for securing communication protocols.
High-level view of key elements of these systematic methodologies.
Tomi Engdahl says:
CISO Conversations: Honda Aircraft, Bombardier CISOs Discuss Getting Started in Security
https://www.securityweek.com/ciso-conversations-honda-aircraft-bombardier-cisos-discuss-getting-started-security
Cybersecurity is a relatively new profession. If you want to get in today, you will need to start with a university degree – or be able to demonstrate serious aptitude and attitude, or experience. But what about our current security leaders? They entered the profession before security-relevant university degrees existed, and without prior experience.
In this issue we ask two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier – how they got started in security. In both cases it was a combination of luck and foresight: being in the right place at the right time combined with the ability to see and take the opportunity.
Tomi Engdahl says:
Almost 50% Of Surveyed Companies Are Not Confident They Can Fend Off A Ransomware Attack
https://www.forbes.com/sites/edwardsegal/2021/11/23/almost-50-of-surveyed-companies-are-not-confident-they-can-fend-off-a-ransomware-attack/?sh=2156b2dd1e24&utm_medium=social&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB
Tomi Engdahl says:
Preventing a Cyber Pandemic in Healthcare
https://www.securityweek.com/preventing-cyber-pandemic-healthcare
Without the sacrifice of our frontline workers over the past two challenging years, many of our communities would not have been able to receive vital care. However, while healthcare providers have been busy protecting our communities, who has protected the sensitive personal data collected in the process?
Many factors have added complexity to the healthcare industry during the pandemic – from admitting and triaging an increasing volume of patients (virtually or in-person) to managing a workforce that shifts from hospital to hospital while combating a dwindling supply of healthcare workers.
With tight resources for managing healthcare, the IT challenge to keep track of vast amounts of data being created, accessed and modified is critical. How can we ensure the need for data privacy and security doesn’t accidentally slip through the cracks?
The best starting point for reviewing data privacy and security best practices is to consider the tasks staff need to complete. Too often, complex software and hardware deployments overwhelm and fail because a business need was not considered at the design phase and the resulting solutions added complexity instead of focusing on improved user experience.
Tomi Engdahl says:
s. The key steps in an assessment are:
1. Determine what needs assessment: It is not practical to assess a large organization at one time (especially one dealing with critical healthcare services). The assessment can be broken into more manageable pieces with a focus on individual units or functions. This way, it will be easier to gain stakeholder support and reduce the time taken to perform the assessment
2. Identify which assets are included in the assessment: Understand what needs protecting. Do not just consider the big items such as highly valued medical devices, but also look at methods of access and connectivity. A criminal is unlikely to attack directly as this will be spotted quickly. Attacks typically come from unexpected directions.
3. Analyze the risk impact of an attack: An un-patched web server may allow access to an attacker using a code-injection attack. What risk does this pose to the business? Understanding the risk posed to the organization by a vulnerability and weighing that against other risks to build an acceptable posture is the aim of an assessment. Rate specific risks on how likely it is to occur, which helps make decisions on what needs to be changed. Then consider the impact of the risk using Confidentiality, Integrity and Availability (or CIA, that well-known cybersecurity acronym) to the organization. Cross-reference these scores for a final decision on the final impact of any given risk – allowing a decision on when/how to update.
https://www.securityweek.com/preventing-cyber-pandemic-healthcare
Tomi Engdahl says:
The Microsoft SDL introduces security and privacy considerations throughout all phases of the development process, helping developers build highly secure software, address security compliance requirements, and reduce development costs. The guidance, best practices, tools, and processes in the Microsoft SDL are practices we use internally to build more secure products and services.
https://www.microsoft.com/en-us/securityengineering/sdl
Secure Development Lifecycle: The essential guide to safe software pipelines
https://techbeacon.com/security/secure-development-lifecycle-essential-guide-safe-software-pipelines
Tomi Engdahl says:
Newcomers can use the ‘skills gap’
The much-hyped skills gap in cybersecurity can also help newcomers get into the profession. There are different attitudes toward and definitions of this gap. To Mark, it doesn’t really exist. “It’s really a capacity gap,” he says. “There isn’t enough capacity to fill the hiring requirements — that’s the issue we have now.”
Mark believes the skills exist, but not enough people claim them. The industry demands both qualifications and experience from new hires – but getting one usually excludes getting the other. “So, people with a natural aptitude for the job are discouraged and don’t even apply,” he says.
https://www.securityweek.com/ciso-conversations-honda-aircraft-bombardier-cisos-discuss-getting-started-security
Tomi Engdahl says:
[CVE-2021-31956] Exploiting the Windows Kernel (NTFS with WNF) – Part 1
https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/
Tomi Engdahl says:
Tietoturvan suunnannäyttäjä -tunnustus LähiTapiolalle – Erityiskiitos nuorten hakkeritaitojen kanavoinnista yhteiskunnan hyväksi https://www.epressi.com/tiedotteet/tietoturva/tietoturvan-suunnannayttaja-tunnustus-lahitapiolalle-erityiskiitos-nuorten-hakkeritaitojen-kanavoinnista-yhteiskunnan-hyvaksi.html
Tietoturvan suunnannäyttäjä -tunnustus myönnettiin LähiTapiolalle ansiokkaasta yhteiskunnallisesta aktiivisuudesta tietoturva-alalla.
Tunnustuksen vastaanotti LähiTapiolan vastuullisuus- ja yhteiskuntasuhdejohtaja Eeva Salmenpohja Tietoturva 2021
- -virtuaaliseminaarissa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen jakama tunnustus esimerkillisestä tietoturvaa edistävästä työstä jaettiin nyt kuudetta kertaa.
Tietoturva 2021 -virtuaaliseminaari järjestettiin 24.11.2021.
Tapahtumaan oli ilmoittautunut lähes 2000 osallistujaa.
Tomi Engdahl says:
Hospital Ransomware Attacks Go Beyond Health Care Data https://securityintelligence.com/hospital-ransomware-health-care-data/
The health care industry has been on the front lines a lot lately.
Along with helping control the effects of COVID-19, it has been a prime target for ransomware. In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party, such as what happened earlier this year with Kaseya. The effects go beyond stolen health care data, although that is important, too. What does it mean when a health care organization faces an attack? And what can they do to protect themselves?
Tomi Engdahl says:
How the pandemic pulled Nigerian university students into cybercrime https://therecord.media/how-the-pandemic-pulled-nigerian-university-students-into-cybercrime/
ILORIN, NigeriaAround November 2020, Kayode said he was invited to a house partythe kind attended mostly by others involved in the country’s illicit digital economy. The college sophomore studying towards a hard sciences degree had reservations about attending a party during a global pandemic, but he didn’t have much other to do than spend time with other so-called “yahoo boys”an archaic nickname that recalls when Nigerian cyber fraudsters were synonymous with Yahoo Mail and “Nigerian Prince” spam.
Tomi Engdahl says:
Password usage analysis of brute force attacks on honeypot servers https://blog.malwarebytes.com/reports/2021/11/password-usage-analysis-of-brute-force-attacks-on-honeypot-servers/
As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe environment to study ongoing attacks. This provides researchers with data on how attackers operate and enables them to study different threats. Now, Bevington has released information gathered from Microsoft honeypots of over 25 million brute force attacks against SSH. Some highlights of these results: 77% of the passwords were between 1 and 7 characters long, Only 6% of the passwords were longer than 10 characters, 39% of the passwords contained at least one number, and None of the attempted passwords contained a space
Tomi Engdahl says:
Japan, Vietnam Look to Cyber Defense Against China
https://www.securityweek.com/japan-vietnam-look-cyber-defense-against-china
Japan and Vietnam on Tuesday signed a cybersecurity agreement as the two Asian nations rapidly step up their military ties amid concerns over China’s growing assertiveness.
Japan’s Defense Minister Nobuo Kishi told reporters that the cyberspace agreement aimed to address a “strong sense of urgency” over activities in the Indo-Pacific region that challenge the existing international order, indicating China without identifying any country by name.
Kishi said talks with his Vietnamese counterpart, Phan Van Giang, had taken “defense cooperation between the two countries to a new level.”
Japan has in recent years stepped up cyber defense cooperation with the United States, Australia and other partners, and participated in a NATO cyberspace exercise in April. Japan has also held cybersecurity talks with Vietnam, Singapore and Indonesia.
Tomi Engdahl says:
3 Key Questions for CISOs on the Wave of Historic Industrial Cybersecurity Legislation
https://www.securityweek.com/3-key-questions-cisos-wave-historic-industrial-cybersecurity-legislation
The last 18 months have been nothing short of historic for critical infrastructure companies. First, came a series of dramatic developments that highlighted the risks to industrial environments:
• Digital transformation accelerated. Connectivity – from Operational Technology (OT) to IT and up to the cloud – for business efficiency and profitability has taken off. But this hyperconnectivity has created a much larger attack surface and exposes vulnerabilities that are a boon for threat actors.
• Ransomware went corporate. No longer satisfied with locking-up someone’s personal data and laptop, threat actors shifted their focus to locking-up a factory or pipeline. The lack of a highly visible response from the U.S. government emboldened hackers to continue to move the line they are willing to cross in a bad direction.
• Craftiness of nation-states grew. A flurry of supply chain attacks against companies such as SolarWinds, Accellion, and Kaseya to name a few, impacted millions of users downstream. The scope and stealthy nature of these attacks demonstrated the advanced capabilities and backdoors in use and woke us up to our own cyber insecurities in the world.
In response to this confluence of factors, the U.S. federal government has issued an unprecedented wave of legislation focused on better securing critical infrastructure. We’ve seen a White House Executive Order followed by national security memorandums and industry-specific directives that have set the stage for the formation of a Cyber Incident Review Office. If you’re a CISO or security leader, here are three questions to ask yourself as you consider this legislation and look to improve the security posture of your OT environment.
1. Section 2 of the executive order focuses on removing barriers to sharing threat information. Over time we have learned that cybersecurity is a team sport. What any one entity sees has the potential to help others. However, all too often there is a hunger to receive threat information, but a reluctance to share.
The question for CISOs: Are you using information provided from a specific Information Sharing and Analysis Center (ISAC) or from your cyber security provider to gain visibility into incidents that others see? And are you sharing high-value information back out?
2. Section 4 of the executive order focuses on enhancing software supply chain security. The National Institute of Standards and Technology (NIST) has been directed to publish a definition of “critical software” that has minimum standards for least privileged access, configuration, and inventory, as well as developer criteria to ensure secure coding practices.
The question for CISOs: Have you considered leveraging some of these new standards and criteria as part of your software procurement practices?
3. Section 5 of the executive order focuses on establishing a cyber safety review board. Just as the National Transportation Safety Board (NSTB) has become the gold standard for understanding transportation incidents and continuous learning to reduce accidents, a cyber safety review board holds the same promise for cyber activities.
The question for CISOs: Do you have a culture of continuous improvement in risk and cyber security that drives learnings from your own failures and those of others?
A surge in cyberattacks impacting critical infrastructure and the delivery of services vital to the public well-being has spurred much needed legislation to better protect against these threats. And more proposals are likely to come. For CISOs of critical infrastructure organizations and those of us who work on their behalf, the writing is on the wall. The government needs better visibility into OT networks vital to the country’s economic and national security, regardless of ownership. Together, we can and must take action to improve the security posture of the industrial domain.
Tomi Engdahl says:
CISA, FBI Warn of Potential Critical Infrastructure Attacks on Holidays
https://www.securityweek.com/cisa-fbi-warn-potential-critical-infrastructure-attacks-holidays
The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week reminded organizations of all types – with a focus on critical infrastructure – that cybercriminals tend to launch impactful cyberattacks during holidays and weekends.
Over the past years, it has become clear that cybercriminals often plan major cyber-assaults for the time when employees are out of office, namely weekends or holidays such as Independence Day, Mother’s Day, Thanksgiving and Christmas.
“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” the two agencies note in a joint alert.
Organizations, CISA and the FBI say, can take proactive measures to improve their security posture and make sure they can prevent cyberattacks, including possible ransomware assaults, during the holiday season.
Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends
https://us-cert.cisa.gov/ncas/current-activity/2021/11/22/reminder-critical-infrastructure-stay-vigilant-against-threats
CISA and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:
Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
Implement multi-factor authentication for remote access and administrative accounts.
Mandate strong passwords and ensure they are not reused across multiple accounts.
If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:
Phishing scams, such as unsolicited emails posing as charitable organizations.
Fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online.
Unencrypted financial transactions.
Tomi Engdahl says:
Windowsiin kehitetty tänä vuonna yli 107 miljoonaa haittaohjelmaa
https://etn.fi/index.php/13-news/12867-windowsiin-kehitetty-taenae-vuonna-yli-107-miljoonaa-haittaohjelmaa
Atlas VPN:n analysoiman datan perusteella Windows-haittaohjelmien kehityksessä kirjataan tänä vuonna uusi ennätys. Vaikka vuotta 2021 on vielä kuukausi jäljellä, kyberrikolliset ovat jo kehittäneet huikeat 107,3 miljoonaa nimenomaan Windows-laitteisiin kohdistettua uhkaa.
Microsoft jakaa haittaohjelmat kolmeentoista eri luokkaan: takaovet, latausohjelmat, dropperit, hyväksikäytöt, hakkerointityökalut, makrovirukset, hämärtäjät, salasanan varastajat, kiristysohjelmat, rogue-tietoturvaohjelmistot, troijalaiset, troijalaiset napsauttavat ja madot. Atlas VPN:n raportissa Windows-haittaohjelmat kattavat kaikki kolmetoista luokkaa.
Tomi Engdahl says:
Älysopimus tekee lohkoketjuista mahdollisia
https://etn.fi/index.php?option=com_content&view=article&id=12863
Älysopimukset ovat digitaalisia sopimuksia, joissa hyödynnetään lohkoketjuteknologiaa. Niiden odotetaan mullistavan tapaa sopia asioista ja ne ovat saaneet paljon huomiota niiden etujensa ansiosta. Älysopimuksien perusteisiin kannattaa tutustua, jotta niiden ominaisuudet, hyödyt ja uhat ovat tiedossa.
Älysopimukset ovat koodeja, jotka tallennetaan lohkoketjuun. Ne ovat digitaalisia sopimuksia, jonka kaksi osapuolta ovat laatineet ja jonka ehtoja osapuolien on noudatettava. Älysopimus noudattaa automaattisesti siihen ohjelmoituja sääntöjä ja ehtoja. Siihen voidaan liittää jopa sanktioita, jotka käyvät toteen sopimusta laiminlyödessä. Ehdot ja säännöt ovat muuttumattomia, eli niitä ei voi enää muokata, kun ne on tallennettu lohkoketjuun.
Älysopimukset toimivat Ethereum-alustalla, jonka on perustanut Vitalik Buterin. Buterin halusi luoda ekosysteemin, jossa kuka tahansa voi luoda älysopimukset mahdollistavan dApp-sovelluksen. Ethereumin taiva on ollut huimaa ja se on nykyään tunnetuin kryptomaailman jättiläinen heti Bitcoinin jälkeen. Kryptovaluutoista voit lukea lisää Cryptomeister.comista.
https://cryptomeister.com/fi/
Tomi Engdahl says:
Meir Orbach / CTech:
Israel reduces the countries approved for export of cyber tools from 102 to 37, most of which are in the West, after US sanctions NSO and Candiru — The Ministry of Defense has reduced the number of countries approved for export of cyber tools by Israeli companies from 102 to 37
Exclusive
Israel defense ministry slashes cyber export list, drops Saudi Arabia, UAE
https://www.calcalistech.com/ctech/articles/0,7340,L-3923361,00.html
The Ministry of Defense has reduced the number of countries approved for export of cyber tools by Israeli companies from 102 to 37
Israel has updated the list of countries local companies are permitted to sell cybersecurity tools to, reducing the overall number to 37 countries, down from 102. The new list mainly includes western European countries, the U.S., and Canada
The updated list released at the beginning of November doesn’t include countries such as Morocco, Mexico, Saudi Arabia, or the UAE, which according to reports are among the countries to have acquired offensive cyber tools from Israeli company NSO. The embroiled company hasn’t confirmed which countries it has done business with but did state that it only sold to countries approved by the Ministry of Defense. Assuming this claim is correct, it seems that Israel was very lenient in providing approvals for the sale of cyber tools and was aware of all the sales being made by NSO.
The new list will significantly complicate matters for Israeli cybersecurity companies, especially those selling offensive cyber tools, to operate in countries with totalitarian regimes or with a record of violating human rights.
The Israeli cybersecurity sector currently generates $10 billion in annual revenue, with offensive cyber believed to be responsible for 10% of those sales. Some 13% of all cybersecurity companies operate from Israel, with 29% of all investments in the sector being directed to Israeli companies.
The updated list includes Austria, Italy, Iceland, Ireland, Estonia, Bulgaria, Belgium, the UK, Germany, Denmark, The Netherlands, Greece, Luxembourg, Latvia, Lithuania, Liechtenstein, Malta, Norway, Slovenia, Slovakia, Spain, Portugal, Finland, Czech Republic, France, Croatia, Cyprus, Romania, Sweden, Switzerland, Australia, India, Japan, New Zealand, South Korea, United States, and Canada.
Tomi Engdahl says:
Threat actors find and compromise exposed services in 24 hours https://www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.
Tomi Engdahl says:
How Threat Actors Get Into OT Systems
https://www.darkreading.com/edge-articles/how-threat-actors-get-into-ot-systems
The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.
Tomi Engdahl says:
3 Key Questions for CISOs on the Wave of Historic Industrial Cybersecurity Legislation
https://www.securityweek.com/3-key-questions-cisos-wave-historic-industrial-cybersecurity-legislation
Tomi Engdahl says:
They Say She Rigged a Homecoming Queen Contest. She Faces Decades Behind Bars.
https://www.thedailybeast.com/florida-teen-emily-grover-was-accused-of-hacking-a-homecoming-queen-contest-and-faces-16-years-in-prison
was named homecoming queen, the school accused her and her mom of hacking students’ accounts to cast votes. They face hefty sentences—but say they’ve been framed.
Tomi Engdahl says:
““Depending on the scope of an attack, this could impact individual customers, geographic market areas, or potentially the [Lumen] backbone,” Korab continued. “This attack is trivial to exploit, and has a difficult recovery. Our conjecture is that any impacted Lumen or customer IP address blocks would be offline for 24-48 hours. In the worst-case scenario, this could extend much longer.””
I know this is kind of old news, given how long ago the Facebook BGP error was, but I didn’t realize how fragile all of these systems are
The Internet is Held Together With Spit & Baling Wire
https://krebsonsecurity.com/2021/11/the-internet-is-held-together-with-spit-baling-wire/
Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.
Based in Monroe, La., Lumen Technologies Inc. [NYSE: LUMN] (formerly CenturyLink) is one of more than two dozen entities that operate what’s known as an Internet Routing Registry (IRR). These IRRs maintain routing databases used by network operators to register their assigned network resources — i.e., the Internet addresses that have been allocated to their organization.
The data maintained by the IRRs help keep track of which organizations have the right to access what Internet address space in the global routing system.
Regardless of how they get online, each AS uses the same language to specify which Internet IP address ranges they control: It’s called the Border Gateway Protocol, or BGP. Using BGP, an AS tells its directly connected neighbor AS(es) the addresses that it can reach. That neighbor in turn passes the information on to its neighbors, and so on, until the information has propagated everywhere [1].
A key function of the BGP data maintained by IRRs is preventing rogue network operators from claiming another network’s addresses and hijacking their traffic. In essence, an organization can use IRRs to declare to the rest of the Internet, “These specific Internet address ranges are ours, should only originate from our network, and you should ignore any other networks trying to lay claim to these address ranges.”
In the early days of the Internet, when organizations wanted to update their records with an IRR, the changes usually involved some amount of human interaction
But over the years the various IRRs made it easier to automate this process via email.
For a long time, any changes to an organization’s routing information with an IRR could be processed via email
MAIL-FROM has long been considered insecure, for the simple reason that it’s not difficult to spoof the return address of an email. And virtually all IRRs have disallowed its use since at least 2012, said Adam Korab, a network engineer and security researcher based in Houston.
All except Level 3 Communications, a major Internet backbone provider acquired by Lumen/CenturyLink.
“LEVEL 3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity. “Other IRR operators have fully deprecated MAIL-FROM.”
Importantly, the name and email address of each Autonomous System’s official contact for making updates with the IRRs is public information.
Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities.
“If such an attack were successful, it would result in customer IP address blocks being filtered and dropped, making them unreachable from some or all of the global Internet,”
The recent outage that took Facebook, Instagram and WhatsApp offline for the better part of a day was caused by an erroneous BGP update submitted by Facebook.
Now consider the mayhem that would ensue if someone spoofed IRR updates to remove or alter routing entries for multiple e-commerce providers, banks and telecommunications companies at the same time.
“This attack is trivial to exploit, and has a difficult recovery. Our conjecture is that any impacted Lumen or customer IP address blocks would be offline for 24-48 hours. In the worst-case scenario, this could extend much longer.”
Lumen told KrebsOnSecurity that it continued offering MAIL-FROM: authentication because many of its customers still relied on it due to legacy systems. Nevertheless, after receiving Korab’s report the company decided the wisest course of action was to disable MAIL-FROM: authentication altogether.
“We recently received notice of a known insecure configuration with our Route Registry,” reads a statement Lumen shared with KrebsOnSecurity.
Tomi Engdahl says:
SASE: ”Kaikki ovat tekemässä tietomurtoa, kunnes toisin todistetaan”
Yritysten IT-arkkitehtuurin viimeinen silaus tulee SASEsta
https://www.dna.fi/yrityksille/blogi/-/blogs/yritysten-it-arkkitehtuurin-viimeinen-silaus-tulee-sasesta/?utm_source=facebook&utm_medium=linkad&utm_content=ILTE-blogi-yritysten-it-arkkitehtuurin-viimeinen-silaus-tulee-sasesta&utm_campaign=H_MES_21-45-48_artikkelikampanja&fbclid=IwAR24ko6NpdesKCvRBKoRSnhP_lRlFjFrgy3tVsFkHScy9zUO5FIG9-VualM
Työelämän uudeksi vakioksi muodostuneet etä- ja hybridityö asettavat tietoturva- ja yhteysarkkitehtuurille uudenlaisia vaatimuksia. Nämä vaatimukset koskevat erityisesti työntekijöiden fyysistä sijaintia sekä SaaS-palvelumallin yleistymistä. SASE on vastaus tähän huutoon.
SASE eli Secure Access Service Edge on informaatio- ja kommunikaatioteknologia-alan tutkimus- ja asiantuntijayritys Gartnerin synnyttämä termi vanhoille ja tuleville teknologioille, jotka niputetaan nyt uuden konseptin alle. SASE on sateenvarjotermi, jonka kahdesta kulmakivestä ensimmäinen on yrityksen ulkoverkon luominen ohjelmistopohjaisella sd-wan-tekniikalla ja toinen kattaa joukon tietoturvatoimintoja. Jos nykyinen IT-arkkitehtuuri on rakennettu tulevaisuuden kestäväksi, SASE on, lyhyesti sanottuna, viimeinen 20 prosentin päivitys sille.
Kaikki mobiiliverkot ja paikalliset tietoverkot ovat samaa internetprotokollaa, ja nämä yhteiskäyttöverkot altistuvat helposti ruuhkalle. SASE sujuvoittaa tätä tarjoamalla käyttäjille pääsyn pilvipalveluihin pilvessä sijaitsevan yhdyskäytävän läpi, jolloin ei tarvitse kilpailla rajallisesta yhteydestä. SASE myös optimoi sovellusten käyttöä tietoturvallisesti.
Jos organisaation IT-arkkitehtuuri rakennetaan tulevaisuutta ajatellen, SaaS-palvelut ja yksinkertainen infrastruktuuri astuvat isompaan rooliin.
SASE ei ole vielä täysin valmis
”Palvelut ovat SASEn ylivoimainen etu. Se mahdollistaa muokkaamisen dynaamisesti taustalla vuosien varrella, ja lopulta palvelu voi olla ihan toista kuin mitä alun perin ostettiin, toisin kuin aiemmin pisteratkaisuina ostetut internetyhteys ja palomuuri”, Lohenoja sanoo.
Saarinen DNA:lta muistuttaa, että SASEsta ei pitäisi ajatella, että se tulee jonain tiettynä päivänä. SASEsta tulee saataville vaiheittain ominaisuuksia ja käyttötarkoituksia ja monet niistä ovat jo nyt olemassa.
”Mielenkiinnolla odotan, että SASE saavuttaa maturiteetin, ja että siitä tulee helppo ja kustannustehokas. Silloin mekin otamme SASEn tarjottavaksi. SASElla on paljon lupauksia lunastettavaksi”,
Tietoturvallinen ja sujuva yhteys mistä tahansa
Sekä Saarinen että Lohenoja ovat yhtä mieltä siitä, että SASE on osa IT-ratkaisujen evoluutiopolkua. Se on tarpeellinen kaikille organisaatioille, joissa tehdään etätyötä.
”Kompleksisuus on tietoturvan pahin vihollinen. SASEn pohjana on zero trust access, eli ajatus siitä, että kaikki ovat tekemässä tietomurtoa, kunnes toisin todistetaan”, Lohenoja sanoo.
Jos SASEn saa implementoitua osaksi tulevaisuutta varten rakennettua IT-arkkitehtuuria, niin se tuo enemmän SaaS-palveluita ja yksinkertaistaa infraa. Se voi jopa vähentää kytkimiä, tukiasemia ja palomuureja, kun siirrytään laajemmin SaaS-palvelujen käyttöön.
Tomi Engdahl says:
Nearly 600,000 open cybersecurity-related jobs were listed over 12 months
https://www.helpnetsecurity.com/2021/11/25/open-cybersecurity-related-jobs/
New CyberSeek data reveals that there were 597,767 online job listings for cybersecurity-related positions in the 12 months from October 2020 through September 2021.
Employers are seeking cybersecurity professionals at all stops on the career pathway; from entry-level cybersecurity specialists (8,889 job openings) to mid-level cybersecurity analysts (27,919) to advanced-level cybersecurity engineers (61,579).
“Filling cybersecurity job positions is a critical pain point for employers,” Will Markow, vice president of applied research at Emsi Burning Glass, said. “Closing this talent gap is vital for our economic and national security, but you can’t close a talent gap you don’t understand. That’s why it is essential for employers, educators, policy makers, and individuals to have actionable data about their local cybersecurity workforce.”
The new data shows the supply of cybersecurity workers is only enough to fill 68% of cybersecurity jobs demanded. On average, cybersecurity roles take 21% longer to fill than other IT jobs.
“The persistent and growing gap between job openings and candidates should be a warning sign that we need to rethink how we educate or train, recruit and hire cybersecurity workers,” said Randi Parker, senior director for partner engagement with CompTIA’s Creating IT Futures.
Tomi Engdahl says:
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
Tomi Engdahl says:
How SASE can help secure your network against online threats
VMware’s cloud-based secure access service edge solutions provide speed and security for working from anywhere.
https://brand-studio.fortune.com/vmware/How-sase-can-help-secure-your-network-against-online-threats/?prx_t=eQIHAAAAAAoPEQA&fbclid=IwAR19J5sUmPQjOTPLLTNpmKdc8g3doFUvh6tx-yiNKRoJX30YFNaxeLnSF0g
Tomi Engdahl says:
https://portswigger.net/daily-swig/new-differential-fuzzing-tool-reveals-novel-http-request-smuggling-techniques
Tomi Engdahl says:
How Sun Tzu’s Wisdom Can Rewrite the Rules of Cybersecurity
The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place.
https://www.darkreading.com/attacks-breaches/how-sun-tzu-s-wisdom-can-rewrite-the-rules-of-cybersecurity
Tomi Engdahl says:
https://threatpost.com/cloud-misconfigurations-exploited-in-minutes/176539/
Tomi Engdahl says:
Cybersecurity, skills gap, and digital transformation: TEC Summit recap
https://www.cnbc.com/2021/11/20/cyberattacks-skills-gap-and-digital-transformation-tec-summit-recap.html
KEY POINTS
The shortage of cyber talent won’t abate if companies don’t address what’s happening at the entry level.
We’re starting to see a better coordinated national and international response to cyber attacks, says Kevin Mandia, CEO of Mandiant.
The dysfunction in Washington is the biggest threat to our national security, according to speaker Leon Panetta, former Secretary of Defense.
Tomi Engdahl says:
Tech Q&A: Some users of Windows 11 Home can avoid unwanted encryption
https://www.thestar.com.my/tech/tech-news/2021/11/21/tech-qa-some-users-of-windows-11-home-can-avoid-unwanted-encryption
The good news about Windows 11 automatic encryption is that at least some readers can avoid the problem.
In the last two columns, I’ve warned that Microsoft had set Windows 11 Home and Pro operating systems to automatically encrypt consumer data. I said that was dangerous because if a PC were disabled with encryption on, a repair shop would be unable to copy its data to another PC unless the consumer could produce an “encryption key” that Microsoft had not adequately explained. As a result, I suggested that consumers turn off automatic encryption on their newly downloaded copies of Windows 11.
But a few readers who had recently downloaded Windows 11 Home said they were surprised to find that their PCs had not automatically encrypted their data, even though mine did.
Tomi Engdahl says:
The Flipper Zero Pocket Cyberdolphin “Multi-Tool Device for Geeks” Enters Mass Production
Component shortages finally at rest, and backers could be getting their devices pretty soon — and with shiny new features, too.
https://www.hackster.io/news/the-flipper-zero-pocket-cyberdolphin-multi-tool-device-for-geeks-enters-mass-production-8523b2d96d96
Tomi Engdahl says:
10 most common passwords in 2021
https://www.beckershospitalreview.com/cybersecurity/10-most-common-passwords-in-2021.html
Tomi Engdahl says:
https://pentestmag.com/dagon-advanced-hash-cracking-manipulation-system/
Tomi Engdahl says:
https://resources.infosecinstitute.com/topic/dumping-a-database-using-sql-injection/
Tomi Engdahl says:
North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro
https://thehackernews.com/2021/11/north-korean-hackers-target.html
Tomi Engdahl says:
https://www.wpwhitesecurity.com/enumerate-wordpress-users-wpscan-security-scanner/
Tomi Engdahl says:
Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic
https://thehackernews.com/2021/11/researchers-demonstrate-new.html
Tomi Engdahl says:
https://pentestmag.com/security-vs-privacy-or-security-privacy/
Tomi Engdahl says:
Google launches open source fuzzing tool to tackle SolarWinds-style attacks
By Mayank Sharma last updated 17 days ago
https://www.techradar.com/news/google-launches-open-source-fuzzing-tool-to-tackle-solarwinds-style-attacks
Google asserts that ClusterFuzzLite will help improve the quality of code
Tomi Engdahl says:
8 advanced threats Kaspersky predicts for 2022
https://www.techrepublic.com/article/8-advanced-threats-kaspersky-predicts-for-2022/
Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing Kaspersky to predict what threats might lead in the future.
Tomi Engdahl says:
Massive camera hack exposes the growing reach and intimacy of American surveillance
A breach of the camera start-up Verkada ‘should be a wake-up call to the dangers of self-surveillance,’ one expert said: ‘Our desire for some fake sense of security is its own security threat’
https://12ft.io/proxy?q=http://www.washingtonpost.com/technology/2021/03/10/verkada-hack-surveillance-risk
Tomi Engdahl says:
https://pentestmag.com/the-art-of-ciso-master-of-warfare/
Tomi Engdahl says:
https://pentestmag.com/amazon-eks-security-5-hacks-and-tricks/
Tomi Engdahl says:
https://pentestmag.com/working-at-a-cert-and-shifting-to-technical-lead/
Tomi Engdahl says:
I Always Feel Like Somebody’s Watching Me
This app repurposes a sensor already in many smartphones to detect hidden cameras that could be spying on you.
https://www.hackster.io/news/i-always-feel-like-somebody-s-watching-me-0e0d8ae83895
The good news is that tiny video cameras are now widely accessible, inexpensive, and completely unintrusive. The bad news is that tiny video cameras are now widely accessible, inexpensive, and completely unintrusive. There are two sides to every coin, and those same cameras that keep your home and business secure, or just let you check up on your pets while you are away, can also be used to covertly spy on you in sensitive locations such as hotel rooms or bathrooms. While there are ways to detect nearby cameras, doing so typically requires both expertise and specialized equipment — and may also rely on assumptions, such as wireless streaming of camera data over WiFi. These types of solutions do not have the average person that just wants to make sure they are not being spied on in their hotel room in mind.
A team of researchers at National University of Singapore and Yonsei University have leveraged advances in smartphone technology to develop a hidden camera detector that is easy enough for Grandma to use.
The method, called LAPD (Laser Assisted Photography Detection), makes use of the time-of-flight (ToF) sensor present on many newer smartphones, including Apple iPhones and Samsung Galaxy devices. These ToF sensors normally emit a beam of laser light to determine how far away objects are. LAPD repurposes the ToF sensor to observe reflections of the laser light, to search out unique, unusually intense, reflections that are characteristic of the lenses of hidden cameras
Boffins find way to use a standard smartphone to find hidden spy cams
Smartphones now have lasers so we’re gonna use them to find voyeurs
https://www.theregister.com/2021/11/18/smartphone_camera_detection/
ToF is a measurement technique that relies on reflected light to quickly determine the distance of objects. ToF sensors are used in LIDAR (light detection and ranging) systems and in other applications that utilize SLAM (simultaneous localization and mapping) algorithms, all of which involve the analysis of the visible and near-visible spectrum.
These sensors have started showing up in smartphones recently – Apple’s iPhone 12 and 13, and Samsung’s Galaxy S20+, among others, include a laser-based Sony ToF sensor – for augmented reality applications and adding depth information to 2D imagery.
“Tiny hidden spy cameras placed in sensitive locations such as hotel rooms and lavatories are increasingly a threat to individual privacy globally,” the research paper explains. “For example, in South Korea alone, there were over 6,800 such reported cases in a single year.”
Salacious snooping has become a particular issue for users of services like AirBnB, where the platform operator doesn’t control room providers or guarantee trustworthiness.
There are dedicated signal detection devices for finding hidden cameras and other electronics like the CC308+ and the K18, to say nothing of what can be done with open source Wi-Fi analysis software.
“From our comprehensive experiments, LAPD achieves an 88.9 per cent hidden camera detection rate, compared to just using the naked eye which yields only a 46.0 per cent hidden camera detection rate,” the paper reads.
The dedicated K18 signal detector managed detection rates of 62.3 per cent and 57.7 per cent using its continuous and blinking methods respectively.
“The ‘attackers’ have all the power to place hidden cameras anywhere, and the public is, in contrast, generally defenseless,” he explained. “That’s why we’re doing this work, and why we hope hidden camera detection can become more commonplace.”
Sami said he intends to release the source code for LAPD but has to coordinate that with his colleagues.