Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    Researchers show they can steal data during homomorphic encryption
    https://techxplore.com/news/2022-03-homomorphic-encryption.html

    Reply
  2. Tomi Engdahl says:

    Scientists Warn of the Potential for an ET Cyberattack
    https://coast-pr.radio.iheart.com/article/scientists-warn-of-the-potential-for-an-et-cyberattack/

    A pair of astrophysicists have published a new paper which cautions that humans may want to consider the consequences before opening any messages sent to the planet by ETs.

    The intriguing thought exercise from scientists Michael Hippke and John Learned looks at various ways in which first contact may turn out to be a Trojan Horse aimed at wiping out humanity.

    On a technical level, they note that a lengthy, coded missive from aliens would require computers to decipher and, in turn, this process leaves open the possibility of unleashing some kind of ET malware.

    The alien computer virus might then corrupt the systems here on Earth and create chaos on the planet by taking down our power grids and other technological infrastructure.

    “It is cheaper for ETI to send a malicious message to eradicate humans compared to sending battleships,” the authors muse in the paper.

    Reply
  3. Tomi Engdahl says:

    CISO Checklist for Offboarding Security Staff
    The Great Resignation strikes cybersecurity teams, too. Here’s a checklist for CISOs to ensure security is retained even when security staff is not.
    https://www.darkreading.com/edge-articles/ciso-checklist-for-offboarding-security-staff

    Reply
  4. Tomi Engdahl says:

    EU Parliament to launch investigative committee on Pegasus spyware https://www.euractiv.com/section/digital/news/eu-parliament-to-launch-investigative-committee-on-pegasus-spyware/
    The launch of a committee to investigate the use of Pegasus spyware within the EU has been agreed to and is expected to be approved for action by the European Parliament next week.

    Reply
  5. Tomi Engdahl says:

    US legislation brings mandatory cyberattack and ransomware reporting one step closer https://www.tripwire.com/state-of-security/government/us-legislation-brings-mandatory-cyberattack-and-ransomware-reporting-one-step-closer/
    The bipartisan legislation, which still has to pass the House before it is signed into law, demands that critical infrastructure owners such as energy and health care facilities and civilian federal agencies that suffer a cyber attack report it to the US Cybersecurity and Infrastructure Agency (CISA) within 72 hours. In addition, organisations deemed to operate critical infrastructure must report ransomware payments within 24 hours.

    Reply
  6. Tomi Engdahl says:

    Cybersecurity Experts Urge EU Lawmakers to Fix Website Authentication Proposal That Puts Internet Users’ Security and Privacy at Risk https://www.eff.org/press/releases/cybersecurity-experts-urge-eu-lawmakers-fix-website-authentication-proposal-puts
    A letter today to members of the European Parliament said requiring browsers to accept Qualified Website Authentication Certificates
    (QWACs) would put the entire website security ecosystem at risk by requiring browsers to trust third parties designated by the government without any security assurances.

    Reply
  7. Tomi Engdahl says:

    The secret police: Cops built a shadowy surveillance machine in Minnesota after George Floyd’s murder
    https://www.technologyreview.com/2022/03/03/1046676/police-surveillance-minnesota-george-floyd/

    An investigation by MIT Technology Review reveals a sprawling, technologically sophisticated system in Minnesota designed for closely monitoring protesters.

    The secret police: Cops built a shadowy surveillance machine in Minnesota after George Floyd’s murder
    https://www.technologyreview.com/

    An investigation by MIT Technology Review reveals a sprawling, technologically sophisticated system in Minnesota designed for closely monitoring protesters.

    Reply
  8. Tomi Engdahl says:

    Davey Alba / New York Times:
    The US surgeon general formally requests Big Tech to turn over information about the scale of COVID-19 misinformation on their platforms before May 2 — Dr. Vivek Murthy also demanded information from the platforms about the major sources of Covid-19 misinformation. Companies have until May 2 to submit the data.
    https://www.nytimes.com/2022/03/03/technology/surgeon-general-covid-misinformation.html

    Reply
  9. Tomi Engdahl says:

    NSA Publishes Best Practices for Improving Network Defenses
    https://www.securityweek.com/nsa-publishes-best-practices-improving-network-defenses

    The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks.

    The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.

    According to the NSA, organizations looking to ensure that a network is protected from threats and that resources are secured should implement multiple defensive layers and also adopt a zero-trust security model.

    When it comes to network architecture, the NSA recommends that organizations install security devices such as a border router and next-generation firewalls at the perimeter, and also notes that publicly accessible systems and outbound proxies should be placed in between firewalls, and that monitoring solutions, remote log servers, and redundant devices should be deployed within the network.

    Furthermore, the NSA notes in its Network Infrastructure Security Guidance that admins should group together similar systems within the network and isolate them into subnets, applying proper network segmentation to ensure that an adversary able to compromise the most exploitable devices in the environment cannot reach other systems as well.

    https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF

    Reply
  10. Tomi Engdahl says:

    Tens of Cybersecurity Firms Found Exposing Their Assets: Study
    https://www.securityweek.com/tens-cybersecurity-firms-found-exposing-their-assets-study

    Tens of cybersecurity companies expose a large number of assets to the internet, according to a study conducted recently by attack surface management firm Reposify.

    It’s not uncommon for major companies to unwittingly expose databases and other assets, but a study conducted by Reposify over a two-week period in January showed that 35 multinational cybersecurity companies and their more than 350 subsidiaries hosted over 200,000 exposed assets. These assets included databases, remote access sites, and cloud services.

    Reposify’s analysis showed that 86% of these companies have at least one exposed remote access service, 80% expose network assets, and 63% expose back office internal networks. Just over half of the cybersecurity firms have at least one exposed database.

    Reply
  11. Tomi Engdahl says:

    Universities Should Prepare for Attacks
    https://www.securityweek.com/universities-should-prepare-attacks

    Universities have a long tradition of open learning and collaboration, where information is shared freely among students and researchers alike. In fact, universities played a key role in growing the internet from its early military roots to the global communication platform it has become. Unfortunately, in today’s world, ransomware gangs and other bad actors have become a regular part of online life. The tradition of open sharing is under threat, and institutions of higher learning need to find effective ways to protect themselves.

    This threat is not theoretical. In the early days of the pandemic, the University of California San Francisco (UCSF) paid $1.1 million to regain access to research data related to a coronavirus vaccine. In June of 2021, a cyberattack forced the University of Massachusetts Lowell to shut down totally for almost a week. The ransomware situation has become so serious that it prompted the FBI to issue a FLASH warning specifically directed toward educational institutions.

    Security Through Obscurity

    When individuals engage in even the simplest online activity, they leave a “footprint” that includes their IP (Internet Protocol) address and network identity. This information can form the basis for an attack. Obfuscation at the network layer eliminates these footprints and makes hacking practices such as tracking cookies, browser fingerprinting, and device characterization virtually impossible. It also defends against malware, since without access to device information malicious websites won’t upload payloads.

    Obfuscation can be achieved by transparently distributing communications within and across multiple clouds using Software-Defined Network (SDN) virtualization and dynamically shifting communications across multiple commercial providers to regularly churn the underlying network infrastructure.

    The use of multi-hop transport makes it extremely difficult for anyone, including hackers or search engine optimization companies, to determine actual user information, origination location and identities.

    There are two primary reasons why obfuscation is a best practice for institutions of higher learning.

    ● Data protection – Academic institutions are at the forefront of cyber security research and need to perform their work in isolated environments that mitigate the risk of data theft and ransomware.

    ● Secure communication – Global collaboration is central to many academic research projects, and maintaining privacy in these situations is a high priority.

    The obfuscation that results from disguising and varying network pathways achieves both of these objects.

    Reply
  12. Tomi Engdahl says:

    British Firm Tackles ‘Harvest Now, Decrypt Later’ Problem With Sharding Technology
    https://www.securityweek.com/british-firm-tackles-harvest-now-decrypt-later-problem-sharding-technology

    Quantum-proof secure data distribution platform released to enterprise market

    A UK firm believes it has solved the ‘harvest now, decrypt later problem’.

    Harvest now, decrypt later is a pressing concern. Criminals and nation states are stealing personal data and company IP knowing future quantum computers will be able to decrypt any encrypted content. Business is already being urged to switch to some form of quantum-proof security for data transmissions.

    Much of the effort in developing quantum proof document distribution has been focused on what is called ‘quantum-proof encryption’. Majenta Solutions has taken a different route, adding a form of sharding to its existing MX data transfer platform.

    Sharding is a technology more commonly associated with databases – a form of horizontal partitioning that splits large databases into smaller components, which are faster and easier to manage and can be spread across multiple servers.

    The Majenta product, known as MX ASR (MX is an existing managed file transfer platform, while ASR is a new anonymize, shard and restore technology) breaks sensitive documents into four shards that are sent separately to four different cloud servers around the world. The ‘anonymize’ part of the process is a patented technology that ensures no single shard contains any meaningful information without being combined with the other three shards in the ‘restore’ process. If the transmission of one of the shards is intercepted, or the cloud server being used is breached, no information can be lost.

    Since this is fundamentally not a form of encryption, it is not susceptible to decryption even with the potential power of future quantum computers.

    Reply
  13. Tomi Engdahl says:

    Tech workers face a ‘burnout crisis’ unless employers act now
    https://www.zdnet.com/article/tech-workers-face-a-burnout-crisis-unless-employers-act-now/

    A study of more than 36,200 tech workers finds that two in five employees want to quit due to excessive stress, exhaustion and a broken work-life balance.

    The technology industry faces a ‘burnout crisis’ as chronic workplace stress and exhaustion hammers IT workers.

    A study of more than 36,200 IT professionals across 33 counties by mental wellbeing platform Yerbo found that two in five workers are at high risk of burnout, prompted by longer hours, more demanding workloads and conflicts in work-life balance.

    Reply
  14. Tomi Engdahl says:

    Data breaches leave customers very shaky, report says
    https://blog.malwarebytes.com/reports/2022/03/data-breaches-leave-customers-very-shaky-report-says/

    Data breaches are one of the most reported cyberattacks against businesses—regardless of size and industry. And while this has highlighted cybersecurity gaps on so many fronts, some companies are still not prioritizing them as they should. Some have scrambled to be compliant but then find themselves successfully breached weeks or months after getting certified.

    Unsurprisingly, many current and potential customers respond negatively to companies that have been breached. This is evident in the global consumer survey conducted by software company, Axway.

    For many, a breach is treated as proof that companies are not doing what they’re supposed to with their data, and that is to primarily secure it at all cost, especially when businesses are placed high on their attack list. Companies saying that they take the security of their customers “very seriously” looks more like lip service than genuine concern over data security.

    Reply
  15. Tomi Engdahl says:

    NSA-linked Bvp47 Linux backdoor widely undetected for 10 years
    https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/

    A report released today dives deep into technical aspects of a Linux backdoor now tracked as Bvp47 that is linked to the Equation Group, the advanced persistent threat actor tied to the U.S. National Security Agency.

    Bvp47 survived until today almost undetected, despite being submitted to the Virus Total antivirus database for the first time close to a decade ago, in late 2013.

    Until this morning, only one antivirus engine on Virus Total detected the Bvp47 sample. As the report spread in the infosec community, detection started to improve, being flagged by six engines at the moment of writing.

    Reply
  16. Tomi Engdahl says:

    Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures
    https://thehackernews.com/2022/02/experts-create-apple-airtag-clone-that.html

    Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol.

    The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security’s co-founder Fabian Bräunlein said in a deep-dive published last week.

    Find My is Apple’s asset tracking app that allows users to track the GPS location of iOS, iPadOS, macOS, watchOS devices, AirPods, AirTags as well as other supported third-party accessories through a connected iCloud account. It also enables users to view the location of others who have opted to share their location.

    Reply
  17. Tomi Engdahl says:

    Russia’s Sandworm Hackers Have Built a Botnet of Firewalls
    Western intelligence services are raising alarms about Cyclops Blink, the latest tool at the notorious group’s disposal.
    https://www.wired.com/story/sandworm-cyclops-blink-hacking-tool/

    Reply
  18. Tomi Engdahl says:

    Ground Glass Secret Keys Could Deliver High-Performance High-Security Facial Recognition Systems
    By scattering light into “speckles” for input into a specially-trained neural network, this cryptosystem works at the speed of light.
    https://www.hackster.io/news/ground-glass-secret-keys-could-deliver-high-performance-high-security-facial-recognition-systems-a0bca9fc9f2d

    Reply
  19. Tomi Engdahl says:

    Onko Google Analytics laiton? – 3 vaihtoehtoista tapaa reagoida viranomaislinjauksiin
    https://www.hopkins.fi/artikkelit/onko-google-analytics-laiton/

    Reply
  20. Tomi Engdahl says:

    NIST proposes model to assess cybersecurity investment strategies in network security
    https://www.zdnet.com/article/nist-proposes-model-to-assess-cybersecurity-investment-strategies-in-network-security/

    The larger the network, the larger the attack surface. Computational models may pinpoint the best places for investment.

    Reply
  21. Tomi Engdahl says:

    Open Source Code: The Next Major Wave of Cyberattacks
    https://www.darkreading.com/vulnerabilities-threats/open-source-code-the-next-major-wave-of-cyberattacks

    The ubiquity of open source software presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently) to those who use it

    Reply
  22. Tomi Engdahl says:

    Senate passes major cybersecurity legislation to force reporting of cyberattacks and ransomware
    https://www.cnn.com/2022/03/02/politics/senate-passes-major-cybersecurity-legislation/index.html

    The Senate on Tuesday passed major cybersecurity legation, moving one step closer toward forcing critical infrastructure companies to report cyberattacks and ransomware payments.

    The passage comes as federal officials have repeatedly warned of the potential for Russian cyberattacks against the United States amid the escalating conflict in Ukraine.

    Reply
  23. Tomi Engdahl says:

    MITRE launches final first version of Engage deception framework https://www.scmagazine.com/analysis/attack-simulation/mitre-launches-final-first-version-of-engage-deception-framework
    MITRE released the first official version of its deception framework Engage on Monday after eight months of operating as a public beta. The finalized version 1.0 is more friendly to inexperienced users, less dependent on a matrix of strategies, and more fine-tuned in language.

    Reply
  24. Tomi Engdahl says:

    NSA Releases Network Infrastructure Security Guidance https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance
    The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats.
    Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. See
    also:
    https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF

    Reply
  25. Tomi Engdahl says:

    Tehostettua seurantaa finanssisektorin tilanteeseen, pakotteiden toimeenpanoon ja kyberriskeihin varautumiseen https://www.finanssivalvonta.fi/tiedotteet-ja-julkaisut/lehdistotiedotteet/2022/tehostettua-seurantaa-finanssisektorin-tilanteeseen-pakotteiden-toimeenpanoon-ja-kyberriskeihin-varautumiseen/
    Kansainvälisen turvallisuustilanteen kiristyminen lisää kyberhyökkäysten mahdollisuutta myös finanssialan toimijoita ja palveluntuottajia vastaan. Finanssivalvonta kehottaa valvottavia varmistamaan, että niiden suojaukset erilaisia kyberuhkia vastaan ovat ajan tasalla.

    Reply
  26. Tomi Engdahl says:

    Singapore to set up digital intelligence unit as cyber threats intensify https://www.zdnet.com/article/singapore-to-set-up-digital-intelligence-unit-as-cyber-threats-intensify/
    Singapore is building a new digital intelligence unit within its armed forces that will look to boost the country’s defence against cyber threats. The government has described the move as necessary, with online threats growing in volume and sophistication and attacks targeting both physical and digital domains. Expected to be operational by end-2022, the DIS would enable SAF to deal with cyber threats that were known today as well as future attacks, said Singapore’s Defence Minister Ng Eng Hen. He noted that threats in the digital domain already were spilling over to the physical space and such risks were expected to escalate.

    Reply
  27. Tomi Engdahl says:

    73 Ransomware Statistics Vital for Security in 2022 https://www.pandasecurity.com/en/mediacenter/security/ransomware-statistics/
    Unfortunately, this type of cyberattack is on the rise ransomware was named the top threat type for 2021, and attacks increased over 140% in
    Q3 of 2021 alone. Ransomware attacks are more prevalent than ever, and they’re wreaking havoc across a range of industries. This became especially apparent amid COVID-19, which provided new opportunities for attackers ransomware attacks surged by 148% in March of 2020.

    Reply
  28. Tomi Engdahl says:

    Emergency preparedness: How to disasterproof your tech https://www.welivesecurity.com/2022/03/04/emergency-preparedness-how-disaster-proof-tech/
    Here are a few tips that will help you get your go bag’ ready if you have to leave at a moment’s notice and need your communications and data to survive. If you live in an area where emergencies aren’t rare (like I do; our area has one of the highest rates of fire evacuations in the world), getting your tech set up so it’s ready to go quickly makes sense. Here are a few tips that will help you get your go bag’
    ready in case you have to leave suddenly and you need your communications, data and a way to stay alive to survive during an emergency.

    Reply
  29. Tomi Engdahl says:

    These are the problems that cause headaches for bug bounty hunters https://www.zdnet.com/article/these-are-common-problems-that-cause-headaches-for-bug-bounty-participants/
    It was once common practice that vulnerability reports were made piecemeal; it may have been through a generic email or by telephone, and some organizations would be spooked by bug reports or would respond negatively. While penetration testers at the company attempt to disclose bugs, a frequent lack of communication are deemed a “time-consuming process.” If the organization doesn’t have an established bug bounty project, researchers can find themselves trying multiple channels ranging from LinkedIn and social media to generic email addresses and sales channels.

    Reply
  30. Tomi Engdahl says:

    DFIR Reporting
    http://windowsir.blogspot.com/2022/03/dfir-reporting.html
    In 2014, Windows Forensic Analysis Toolkit 4/e was published, and in this edition, I included a chapter on reporting. It was (and still is) a general overview addressing a lot of things that folks miss when it comes to technical reporting, going from the importance of spelling and grammar to the nature of an “Executive Summary” and beyond. So why does any of this matter? Not to put too fine a point on it, but it doesn’t matter how good or thorough you are, it doesn’t matter if you’re technically light years beyond the bad guys. If you can’t communicate your findings to those to whom it matters, in an actionable manner…who cares? What does any of it matter?

    Reply
  31. Tomi Engdahl says:

    Data breaches leave customers very shaky, report says | Malwarebytes Labs
    https://blog.malwarebytes.com/reports/2022/03/data-breaches-leave-customers-very-shaky-report-says/
    Data breaches are one of the most reported cyberattacks against businesses—regardless of size and industry. And while this has highlighted cybersecurity gaps on so many fronts, some companies are still not prioritizing them as they should. Some have scrambled to be compliant but then find themselves successfully breached weeks or months after getting certified.
    Unsurprisingly, many current and potential customers respond negatively to companies that have been breached. This is evident in the global consumer survey conducted by software company, Axway.
    For many, a breach is treated as proof that companies are not doing what they’re supposed to with their data, and that is to primarily secure it at all cost, especially when businesses are placed high on their attack list. Companies saying that they take the security of their customers “very seriously” looks more like lip service than genuine concern over data security.
    According to the survey, respondents are more comfortable with businesses in the financial (65 percent) and health (50 percent) sectors to protect their data. On the flip side, they are less confident entrusting their data to insurance companies (31 percent), retailers (26 percent), and educational institutions (31 percent).
    When asked, “Would an online retailer’s lack of security for your private data prevent you from making a purchase through their website?”, 68 percent gave a resounding YES. This number is even higher—75 percent—when asked if they’d stop doing business with a company that has fallen victim to a breach or cyberattack that potentially compromised data. For companies with a history of cyberattacks or data breaches, 50 percent say they would not do any business with them.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*