Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
Navigating around the Cyberthreats in the Digital Economy
https://businessagency.thehague.com/navigating-around-the-cyberthreats-the-digital-economy
Tomi Engdahl says:
Android support chaos is the reason I’m sticking to my iPhone
Yes, device support is a problem. A massive problem.
https://www.zdnet.com/article/android-support-chaos-is-the-reason-im-sticking-to-my-iphone/
Tomi Engdahl says:
What the Internet Bug Bounty Teaches About Open-Source Software Security https://securityintelligence.com/articles/open-source-software-security-bug-bounty/
The security platform HackerOne recently announced the latest version of their Internet Bug Bounty (IBB) program. The IBB strives to enhance open-source software security by pooling resources and encouraging security experts (they call themselves hackers) to find flaws in open-source software (OSS). Now, the program has introduced a new crowd-funding method. This enables more organizations to use the IBB to secure open-source needs in their software. Other program partners include Elastic, Facebook, Figma, GitHub, Shopify and TikTok. These companies, like nearly every digital brand, all depend on open-source software.
Tomi Engdahl says:
How Criminals Are Using Synthetic Identities for Fraud https://www.darkreading.com/edge-articles/how-criminals-are-using-synthetic-identities-for-fraud
Synthetic identity fraud was already a problem before the COVID-19 pandemic shifted spending and work online, but it is becoming a bigger problem now as criminals take advantage of looser rules around credit and the sheer amount of personal information exposed via data breaches.
Tomi Engdahl says:
Stealthy WIRTE’ Gang Targets Middle Eastern Governments https://threatpost.com/wirte-middle-eastern-governments/176688/
A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using “living-off-the-land” techniques and malicious Excel 4.0 macros.
Tomi Engdahl says:
How to Detect DNS Tunneling in the Network?
https://www.catonetworks.com/blog/how-to-detect-dns-tunneling-in-the-network/
In the past several years, we have seen multiple malware samples using DNS tunneling to exfiltrate data. APT groups also used DNS tunneling in a malware campaign to target government organizations in the Middle East. We will present a few techniques you can use to detect DNS tunneling in your network.
Tomi Engdahl says:
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Tomi Engdahl says:
Key Characteristics of Malicious Domains: Report
https://www.darkreading.com/threat-intelligence/research-outs-the-providers-more-likely-to-host-malicious-content
The newness of top-level domains as well as infrastructure located in certain countries continue to be reliable signs of whether network traffic could be malicious, while the use of self-signed Secure Sockets Layer (SSL) certificates or those issued by the free Let’s Encrypt service are not abnormally risky, according to new research.
Tomi Engdahl says:
Technical Problem or Cyber Crime? How to Tell the Difference
https://securityintelligence.com/articles/attack-cyber-crime-difference/
As soon as the Oct. 4 Facebook mega outage took place, questions about the cause ran rampant. Was it a cyber crime or a technical glitch??
Who was at fault?. The outage reportedly resulted in the loss of some
$60 to $100 million dollars of revenue, and Facebook’s stock plunged 4.9% on the same day. That’s a total of $47.3 billion in lost market cap.
Tomi Engdahl says:
End-to-end Testing: How a Modular Testing Model Increases Efficiency and Scalability
https://www.crowdstrike.com/blog/how-a-modular-testing-model-increases-efficiency-and-scalability/
In our last post, Testing Data Flows using Python and Remote Functions, we discussed how organizations can use remote functions in Python to create an end-to-end testing and validation strategy. Here we build on that concept and discuss how it is possible to design the code to be more flexible.
Tomi Engdahl says:
Who Is the Network Access Broker Babam’?
https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam, ” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years
Tomi Engdahl says:
The Fall of a Russian Cyberexecutive Who Went Against the Kremlin
https://www.bloomberg.com/news/features/2021-12-03/who-is-ilya-sachkov-russian-cyber-ceo-linked-to-2016-election-fancy-bear-leaks
Ilya Sachkov, who’s been charged with treason in Russia, is alleged to have given the U.S. information about the “Fancy Bear” operation that sought to influence the U.S. election.
Tomi Engdahl says:
Cyber Command Publicly Joins Fight Against Ransomware Groups
https://threatpost.com/cyber-command-ransomware-groups/176801/
Cybercriminals who launch attacks on critical U.S. companies are going to be targeted by the branch of the military known as Cyber Command, and everyone has been put on notice. Gen. Paul Nakasone, who heads up Cyber Command, told the New York Times this weekend that his team isn’t just going after state actors, but that they’re taking on any cybercriminals who attack American infrastructure.
Tomi Engdahl says:
Hakluke: Creating the Perfect Bug Bounty Automation
https://labs.detectify.com/2021/11/30/hakluke-creating-the-perfect-bug-bounty-automation/
I think I have a problem. I’m addicted to building bug bounty automation. I’ve built a full bug bounty automation framework from the ground up 3 times now. It has become better every time, but I’m still not happy. I’m about to start building my 4th iteration. Every time I build something I refine the process. In this article, I am going to walk you through every attempt I have made to build a bug bounty automation framework including the wins and failures. Then I’m going to tell you exactly how I plan to build my next one.
Tomi Engdahl says:
uBlock, I exfiltrate: exploiting ad blockers with CSS https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css
Ad blockers like uBlock Origin are extremely popular, and typically have access to every page a user visits. Behind the scenes, they’re powered by community-provided filter lists – CSS selectors that dictate which elements to block. These lists are not entirely trusted, so they’re constrained to prevent malicious rules from stealing user data. In this post, we’ll show you how we were able to bypass these restrictions in uBlock Origin, use a novel CSS-based exploitation technique to extract data from scripts and attributes, and even steal passwords from Microsoft Edge. All vulnerabilities discussed in this post have been reported to uBlock Origin and patched.
Tomi Engdahl says:
WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95 https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/
In Firefox 95, we’re shipping a novel sandboxing technology called RLBox developed in collaboration with researchers at the University of California San Diego and the University of Texas that makes it easy and efficient to isolate subcomponents to make the browser more secure. This technique, which uses WebAssembly to isolate potentially-buggy code, builds on the prototype we shipped last year to Mac and Linux users. Now, we’re bringing that technology to all supported Firefox platforms (desktop and mobile), and isolating five different modules: Graphite, Hunspell, Ogg, Expat and Woff2.
Tomi Engdahl says:
Näin piilotat arkaluontoiset kuvat Android-puhelimessa https://www.is.fi/digitoday/mobiili/art-2000008451509.html
Googlen syyskuussa lupaama ominaisuus Kuvat-palveluun on nyt käytettävissä. Voit määrittää Kuvat-sovelluksen Android-versiossa lukitun kansion, jonne voit kätkeä arkaluontoiset valokuvat ja videot.
Tomi Engdahl says:
Public Wi-Fi Security: Is It Safe to Use for Business?
https://securityintelligence.com/articles/is-public-wi-fi-safe-business/
Let’s say you need to send an urgent email to a client while you’re at the store. Or, you’re traveling and need to take a Zoom call at your hotel. Maybe you need to access sensitive client data or employee information while on public Wi-Fi. You wonder how you should connect to the internet to do your task. The easiest and simplest thing to do is just pull out your phone and get the job done. But what about Wi-Fi security concerns?
Tomi Engdahl says:
Why the C-Suite Doesn’t Need Access to All Corporate Data
https://www.darkreading.com/vulnerabilities-threats/why-the-c-suite-doesn-t-need-access-to-all-corporate-data
More than 20 months into a global pandemic, it’s become an article of faith that the best way to keep organizations and critical networks safe is to embrace zero trust. Under that umbrella, it’s assumed that all network access requests originate from an unsafe location, and every single user should be verified according to their locations, identities, and the health of their devices. But here’s the kicker:
Zero-trust policies must apply to everyone even those at the top of the organizational chart, every CXO, director, and line-of-business leader. If C-level users do not need to access data to complete a task, they should not be granted access.
Tomi Engdahl says:
Fearing Misuse, Israel Tightens Supervision of Cyber Exports
https://www.securityweek.com/fearing-misuse-israel-tightens-supervision-cyber-exports
Tomi Engdahl says:
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
Tomi Engdahl says:
Video: CISO Fireside Chat With Steve Katz, World’s First Known CISO
https://www.securityweek.com/video-ciso-fireside-chat-steve-katz-worlds-first-known-ciso
Tomi Engdahl says:
Using secure messaging, voice and collaboration apps
https://www.ncsc.gov.uk/blog-post/using-secure-messaging-voice-and-collaboration-apps
With ‘hybrid working’ (a combination of working from home and the
office) now a way of life for many, the NCSC is frequently asked if the various ‘secure voice and messaging’ apps available from Google Play or the Apple App Store are suitable. What we can do is provide some risk management advice on what organisations should think about before choosing and using such apps for use on ‘corporately provisioned and managed’ devices.
Tomi Engdahl says:
Multi-party disclosure – how does it work?
https://english.ncsc.nl/latest/weblog/weblog/2021/multi-party-disclosure
In this blog, I explain the difference between ‘normal’ coordinated vulnerability disclosure and multi-party disclosure processes. I describe what the different roles are in such a disclosure process and which role NCSC-NL can have. I end with some complications that may come up in such a process.
Tomi Engdahl says:
Israeli govt pledges greater oversight of cyber-exports after NSO tools hacked US officials
https://www.zdnet.com/article/israeli-govt-pledges-greater-oversight-of-cyber-exports-after-nso-tools-used-to-spy-on-us-officials/
The Israeli government’s Defense Exports Control Agency sent out a notice late on Monday indicating it would be enforcing stricter rules governing the export of offensive cyber tools. The Jerusalem Post reported on Monday that the agency published a revised version of its “Final Customer Declaration”, which countries will have to sign before they can get access to powerful spyware technology like the NSO Group’s Pegasus. The declaration says countries will not use the tools to attack government critics or “political speech” and will only use it to prevent terrorism and “serious crimes.” Any country that ignores the declaration will lose access to cyber-tools, according to the document.
Tomi Engdahl says:
Suosittu perhesovellus myy lasten tarkan sijainnin kenelle tahansa “Auttaa pitämään palvelut ilmaisena”
https://www.tivi.fi/uutiset/tv/250d6775-6860-43bb-b046-a1c111409127
Lapsiperheissä suosittu turvasovellus Life360 myy lasten ja perheenjäsenten tarkkaa sijaintidataa kaikille halukkaille ostajille, kertovat The Markup ja Inputmag.com. Sovelluksella on yli 33 miljoonaa käyttäjää ja vanhemmat käyttävät sitä lastensa liikkeiden seuraamiseen. Teknologialehti The Markup haastatteli kahta sovelluksen kanssa työskennellyttä sekä kahta datakaupassa toimivaa henkilöä.
Työntekijät paljastavat, että sovellus toimii yhtenä suurimpana materiaalin kerääjänä varjoissa toimivalle datakaupalle. Dataa voi ostaa melkein kuka tahansa, eikä sen yksityisyydestä tai turvallisuudesta juuri huolehdita.
Tomi Engdahl says:
When Scammers Get Scammed, They Take It to Cybercrime Court
https://threatpost.com/scammers-cybercrime-court/176834/
Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these underground systems and found more than 600 requests for mediation on just one Russian-language forum alone, tackling disputes ranging from missing affiliate payments to contract violations.
Tomi Engdahl says:
Defending Against the Use of Deepfakes for Cyber Exploitation
https://www.darkreading.com/attacks-breaches/defending-against-the-use-of-deepfakes-for-cyber-exploitation
Cybercrime has risen precipitously this year. From July 2020 to June 2021, there was an almost 11x increase in ransomware attacks, we have found. We’re also seeing an increase in attacks on high-profile targets and the rise of new methodologies. Deepfakes, which really started to gain prominence in 2017, have largely been popularized for entertainment purposes. There have also been beneficial use cases for deep fake technology in the medical field. Unfortunately, once again, the maturity of deepfake technology hasn’t gone unnoticed by the bad guys. In the cybersecurity world, deepfakes are an increasing cause for concern because they use artificial intelligence to imitate human activities and can be used to augment social engineering attacks.
Tomi Engdahl says:
The story of the year: ransomware in the headlines
https://securelist.com/the-story-of-the-year-ransomware-in-the-headlines/105138/
In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital
publications: The Wall Street Journal, the BBC, the New York Times. It is no longer just being discussed by CISOs and security professionals, but politicians, school administrators, and hospital directors. Words like Babuk and REvil have entered the everyday lexicon. This is a threat that seems almost inescapable, regardless of whether or not users occupy the cybersecurity or tech space and it is having a direct impact on lives. That is precisely why we have chosen ransomware as our story of the year for Kaspersky’s annual Security Bulletin. But how did we get here and what has changed about the ransomware landscape since it was first our story of the year in 2019?
Tomi Engdahl says:
What are buffer overflow attacks and how are they thwarted?
https://www.welivesecurity.com/2021/12/06/what-are-buffer-overflow-attacks-how-are-they-thwarted/
The Morris worm of 1988 was one of those industry-shaking experiences that revealed how quickly a worm could spread using a vulnerability known as a buffer overflow or buffer overrun. Around 6, 000 of the 60,
000 computers connected to ARPANET, a precursor to the Internet, were infected with the Morris worm. More than thirty years on from the Morris worm, we are still plagued by buffer overflow vulnerabilities with all their negative consequences. To understand how buffer overflows happen, we need to know a little about memory, especially the stack, and about how software developers need to manage memory carefully when writing code.
Tomi Engdahl says:
Money, Reputations at Stake in Dark Web Courtrooms
https://www.securityweek.com/money-reputations-stake-dark-web-courtrooms
Some cybercrime forums on the dark web have virtual courtrooms where members can file complaints against each other, and the judge’s decision is in most cases accepted by the defendant, particularly those who want to maintain a good reputation.
Jon DiMaggio, former intelligence community agent and chief security strategist at threat intelligence firm Analyst1, has analyzed this underground justice system and noticed that “the cybercrime community treats every case equally without prioritizing more complex cases with higher compensation demand.”
DiMaggio told SecurityWeek that only two forums have these courtrooms — both have been around for more than a decade and they are both respected in the criminal community.
The court system is hosted on a sub-forum with the title “court” or “arbitrage” and any member can file a complaint. The complaint must include a brief description, the name of the defendant and their contact information, and the plaintiff can submit evidence to support their case, including chat logs, cryptocurrency transactions, and screenshots. Every member of the forum can take part in the virtual hearing, but the ruling is made by the forum’s administrators and commentators do not act as a jury.
https://analyst1.com/blog/dark-web-justice-league
Tomi Engdahl says:
Ron Miller / TechCrunch:
Amazon launches AWS Top Secret-West, its second Top Secret Region designed for government workloads requiring Top Secret US security classification level — “Amazon’s cloud arm, AWS, announced a new ‘top secret’ region this week, designed specifically for the U.S. government. It is Amazon’s second such region.
https://techcrunch.com/2021/12/07/aws-opens-top-secret-western-region-for-u-s-government-customers/
Tomi Engdahl says:
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin Tietoturvayritys Trend Micron uusi tutkimus ennustaa, että verkkohyökkäysten määrä kasvaa ja niissä keskitytään erityisesti IoT-laitteisiin. Samalla yritys kuitenkin katsoo, että globaalit organisaatiot ovat vuonna 2022 entistä valppaampia ja paremmin valmistautuneita kohtaamaan uusia kyberuhkia.
Tutkimustyö, ennakointi ja automaatio ovat kriittisen tärkeitä riskienhallinnassa ja työntekijöiden suojauksessa. Trend Micro pysäytti 40,9 miljardia sähköpostiuhkaa, haittaohjelmaa ja haitallista linkkiä pelkästään vuoden 2021 ensimmäisellä puoliskolla, 47 prosenttia enemmän kuin vastaavaan aikaan edellisvuonna.
- Kyberturvatiimien arki on ollut viime vuosina raskas. Työntekijöiden siirtyminen etätyöhön on avannut uusia väyliä hyökkääjille, joten yritysten ja organisaatioiden hyökkäyspinta-ala on kasvanut räjähdysmäisesti. Onneksi hybridityö vakiintuu ja muuttuu ennakoitavammaksi, jolloin tietoturvapäättäjät voivat suunnitella ja hioa tietoturvastrategioitaan, kertoo Trend Micron kyberturva-asiantuntija Kalle Salminen.
https://etn.fi/index.php/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Tomi Engdahl says:
Trend Micro ei kuitenkaan näe tilannetta synkkänä vaan arvioi, että monet organisaatiot ovat valmiita kohtaamaan kyberrikollisten haasteet, kunhan ne vain kehittävät ja toteuttavat strategioita, joiden avulla uudetkin uhat voidaan ehkäistä jo ennalta. Näitä ovat
Entistä tehokkaammat suojaukset palvelimille ja sovellustenhallintakäytännöt kiristysohjelmien torjumiseksi
Riskeihin perustuva päivityssuunnitelma ja pyrkimys havaita tietoturvapuutteet etukäteen
Parannettu perussuojaus pilvipalveluja käyttävissä pk-yrityksissä
Aktiivinen verkon valvonta etenkin IoT -ympäristöissä
Zero Trust -suojausmalli kansainvälisten toimitusketjujen turvaamiseksi
DevOps-tiimin arvioimiin riskeihin ja alan parhaisiin käytäntöihin keskittyvä pilvitietoturva
Laajennettu havaitsemis ja vaste (XDR) -toimintamalli laajoihin verkkoihin kohdistuvien hyökkäysten tunnistamiseksi
https://etn.fi/index.php/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Tomi Engdahl says:
Did you know? You can check your TLS/SSL cert expiration date from your Linux or Unix terminal without using any 3rd party app/sites:
openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
See https://www.cyberciti.biz/faq/find-check-tls-ssl-certificate-expiry-date-from-linux-unix/ for more info
Tomi Engdahl says:
New German government coalition promises not to buy exploits https://therecord.media/new-german-government-coalition-promises-not-to-buy-exploits/
The three political parties set to form the new German government have agreed to stop buying zero-day vulnerabilities and limit the government’s future use of monitoring software (spyware). “The exploitation of weak points in IT systems is in a highly problematic relationship to IT security and civil rights, ” the three parties said in the section dedicated to national and internal security.
Tomi Engdahl says:
Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia https://www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/
This report profiles trends in Chinese state-sponsored cyber espionage activity targeting Southeast Asian countries. The activity was identified through large-scale automated network traffic analytics and expert analysis. Data sources include the Recorded Future Platform, SecurityTrails, DomainTools, PolySwarm, Farsight, Team Cymru, and common open-source tools and techniques. The research will be of most interest to individuals engaged in strategic and operational intelligence relating to the activities of Chinese military and foreign intelligence agencies in cyberspace and network defenders with a presence in Southeast Asia.
Tomi Engdahl says:
Tor’s main site blocked in Russia as censorship widens https://www.bleepingcomputer.com/news/security/tor-s-main-site-blocked-in-russia-as-censorship-widens/
The Tor Project’s main website, torproject.org, is actively blocked by Russia’s largest internet service providers, and sources from the country claim that the government is getting ready to conduct an extensive block of the project. Russia’s censorship of Tor’s site started on December 1, 2021, but many initially disregarded it by suggesting it was merely a side effect of experimentation with the Runet, Russia’s sovereign internet project. However, as it now seems to be the case, Russia is undergoing a coordinated action against Tor, orchestrated by Roskomnadzor, the Federal Service for Supervision of Communications, Information Technology and Mass Media.
Tomi Engdahl says:
Digikompassi ja digitoimisto mistä on kyse?
https://impulssilvm.fi/2021/12/08/digikompassi-ja-digitoimisto-mista-on-kyse/
Digitaalinen kompassi eli digikompassi on työkalu, johon kootaan Suomen digitalisaatiotavoitteet vuoteen 2030 saakka. Digikompassin tarkoituksena on rakentaa parempaa arkea ja digitaalisen toiminnan edellytyksiä yhteiskunnan eri aloille. Digikompassin toteuttamiseen tarvitaan kokonaiskuvaa ja kykyjen kohdistamista sinne, missä saadaan aikaan merkittävimmät tulokset. Digitoimisto tuottaa tietoa, jonka avulla ministerit ja ministeriöt voivat suunnata digitalisaatiokehitystä, poistaa sujuvan digiarjen esteitä ja ratkaista havaittuja ongelmia esimerkiksi lainsäädännössä, teknologioissa ja toimijoiden välisessä
Tomi Engdahl says:
When old friends meet again: why Emotet chose Trickbot for rebirth https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Trickbot has been involved in different ransomware campaigns such as infamous Ryuk and Conti attacks. Trickbot is constantly being updated with new capabilities, features and distribution vectors, which enables it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns. It is known since 2016 and is continuing to live and evolve
5 years later despite even the most serious attempts to disrupt the botnet, like the one in October 2020. Recently CPR noticed that Trickbot infected machines started to drop Emotet samples, for the first time since the takedown of Emotet in January 2021. This research will analyze the Trickbot malware, describe its activity after the takedown, and explain why Emotet chose Trickbot when it came to Emotet’s rebirth. We will also dive into the technical details of Emotet infection.
Tomi Engdahl says:
What to Do When a Ransomware Group Disappears https://securityintelligence.com/articles/when-ransomware-attack-disappears/
It’s your company’s worst nightmare: attackers managed to sneak ransomware onto your servers. Now, you’re locked out of every file unless you agree to pay whatever price they’re asking. As if the situation couldn’t get any worse, the attackers disappear without a trace and you can’t even pay their ransom to unlock your files. What do you do now?
Tomi Engdahl says:
Not with a Bang but a Whisper: The Shift to Stealthy C2 https://threatpost.com/tactics-attackers-stealthy-c2/176853/
As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat (APT) malware and the billion-dollar infosec industry is hard to keep up with, so today we’re going to take a closer look at the new tactics threat actors are using for command-and-control (C2) obfuscation.
Tomi Engdahl says:
Burnout: The next great security threat at work https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
Tomi Engdahl says:
But why that VPN? How WireGuard made it into Linux https://www.theregister.com/2021/12/08/wireguard_linux/
Maybe someday maybe Zero Trust will solve many of our network security problems. But for now, if you want to make sure you don’t have an eavesdropper on your network, you need a Virtual Private Network (VPN). Why WireGuard rather than OpenVPN or IKEv2? Because it’s simpler to implement while maintaining security and delivering faster speeds. And, when it comes to VPNs, it’s all about balancing speed and security. So, if WireGuard is all that, why did it take so long to make it into the Linux kernel? After all, its creator, Jason Donenfeld, first came up with the ideas behind WireGuard in 2015.
Tomi Engdahl says:
Why Cloud Service Providers Are a Single Point of Failure https://www.darkreading.com/cloud/why-cloud-service-providers-are-a-single-point-of-failure
The use of cloud computing services is expanding, so it’s no surprise that the number and complexity of cyberattacks are also on the rise.
Making matters worse is the fact that the global cloud market is essentially an oligopoly with a handful of providers dominating the space, creating systemic risk.
Tomi Engdahl says:
Edge Computing and 5G: Will Security Concerns Outweigh Benefits?
https://securityintelligence.com/articles/edge-computing-5g-security-concerns-benefits/
You’re probably hearing a bunch of chatter about edge computing these days and how it, along with 5G, are the latest pieces of technology to redefine how we conduct our business. In fact, you may even be hearing people say that edge computing will replace cloud computing. Let’s separate the facts from the speculation.
Tomi Engdahl says:
What a Departure Email Can Teach Us About Security
https://www.securityweek.com/what-departure-email-can-teach-us-about-security
When someone leaves their job to pursue other opportunities, we often receive an email about their departure. Many times, the departure email praises the person who has given notice. This would seem to be a courteous tradition when someone leaves.
If an organization has attrition under control, people don’t leave all that often. Regardless of how often someone resigns, departure emails do bring to light a common problem in our field. Of course, it is kind to send someone off with praise and wish them well. There is, however, another side to departure emails that many of us don’t consider.
How often do we see emails praising people who have chosen to stay with the team? How often do those people who continue to work hard and go above and beyond for the organization receive praise (via email or otherwise)? If we only praise people when they leave, how exactly do we plan to motivate people or encourage them to stay?
Tomi Engdahl says:
Nicole Wetsman / The Verge:
According to the Department of Health and Human Services, data breaches in 2021 exposed the health information of 40M+ people in the US, up from 26M in 2020
Over 40 million people had health information leaked this year
Hacks and thefts of health data spiked in 2021
https://www.theverge.com/2021/12/8/22822202/health-data-leaks-hacks?scrolla=5eb6d68b7fedc32c19ef33b4
Tomi Engdahl says:
Identity Fraud: A Major Growth Area for Criminals
https://www.securityweek.com/identity-fraud-major-growth-area-criminals
The lockdowns of 2020 led to an increase in online activity. This in turn led to an increase in online identity theft and fraud. The question asked for 2021 is whether 2020 was a temporary spike, or an ongoing change in fraudulent activity.
This is the question discussed by Onfido in its Identity Fraud Report 2022, and answered quite simply, “The jump in fraud that was a direct result of COVID-19 appears to be here to stay.” The reason is simple. People may have been forced into more online shopping and remote working, but have liked what they found. That behavior will continue, and so will fraud.
Along with the growth in fraud, the practice of fraud has also evolved. Firstly, there has been a notable shift towards weekend activity. This could be because more ‘amateurs’ have been attracted by the opportunities (working during their own weekend), or it could be a growth in more professional fraudsters launching attacks when IT staff are known be sparser (just as ransomware attackers take advantage of weekends and holidays). Or it could be both.
Secondly, the most frequently attacked ID document has changed. In 2020, it was the ID card. Now it is the passport. This could be because passports are easier to copy (one-sided) than ID cards (two-sided), but also because passports are still considered to be the most authoritative ID.
Tomi Engdahl says:
Report: Chinese Hackers Targeted Southeast Asian Nations
https://www.securityweek.com/report-chinese-hackers-targeted-southeast-asian-nations