Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Cybersecurity for banks – Securing growing data centers and high-frequency trading platforms https://blog.checkpoint.com/2022/03/11/cybersecurity-for-banks-securing-growing-data-centers-and-high-frequency-trading-platforms/
Banks need network security that performs at the speed of business.
This is the key to transferring hundreds of terabytes of data securely and in minutes, as well as to providing low latency for high-frequency financial transactions and for scaling security on-demand to support a hyper-growth business such as online commerce. This blog will present a real-life story from a North-American bank, the challenges they faced, and the solutions they leveraged to overcome the challenge and bolster their security posture.
Tomi Engdahl says:
Why Russia’s “disconnection” from the Internet isn’t amounting to much https://arstechnica.com/information-technology/2022/03/why-russias-disconnection-from-the-internet-isnt-amounting-to-much/
Rumors of Russian Internet services degrading have been greatly exaggerated, despite unprecedented announcements recently from two of the world’s biggest backbone providers that they were exiting the country following its invasion of Ukraine.
Tomi Engdahl says:
Hacked US Companies to Face New Reporting Requirements
https://www.securityweek.com/hacked-us-companies-face-new-reporting-requirements
Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.
The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.
“It’s clear we must take bold action to improve our online defenses,” Sen. Gary Peters, a Michigan Democrat who leads the Senate Homeland Security and Government Affairs Committee and wrote the legislation, said in a statement on Friday.
The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.
https://www.securityweek.com/proposed-bill-would-require-organizations-report-ransomware-payments
Tomi Engdahl says:
Google Attempts to Explain Surge in Chrome Zero-Day Exploitation
https://www.securityweek.com/google-attempts-explain-surge-chrome-zero-day-exploitation
14 Chrome Zero-Day Vulnerabilities Exploited in Attacks in 2021
The number of Chrome vulnerabilities exploited in malicious attacks has been increasing over the past years and Google believes several factors have contributed to this trend.
The number of Chrome vulnerabilities exploited in the wild reached 14 in 2021, up from eight in 2020 and two in 2019. Chrome is targeted far more often than Firefox, Safari and Internet Explorer, according to data from Google’s Project Zero research unit, which tracks exploitation of zero-days.
Tomi Engdahl says:
Meta Releases Open Source Browser Extension for Checking Code Authenticity
https://www.securityweek.com/meta-releases-open-source-browser-extension-checking-code-authenticity
Facebook parent company Meta this week announced the release of Code Verify, an open source browser extension meant to verify the authenticity of code served to the browser.
Code Verify is built on the idea of subresource integrity – where browsers verify the integrity of a fetched file – but applies the principle to all resources on the webpage, and leverages Cloudflare as a trusted third party.
WhatsApp Web users, Meta says, can now leverage the extension to ensure that the application has not been tampered with or altered.
The extension was designed to automatically compare code that runs on WhatsApp Web against a cryptographic hash source of truth that was entrusted to Cloudflare, and to notify the user if any inconsistency is found.
According to Meta, the checks are performed automatically, in real-time, and at scale, courtesy of Cloudflare’s third-party verification. With any updates made to WhatsApp Web, Code Verify and the cryptographic hash source of truth on Cloudflare are updated as well.
Code Verify was released for Chrome and Microsoft Edge and will soon arrive on Firefox as well.
Code Verify: An open source browser extension for verifying code authenticity on the web
https://engineering.fb.com/2022/03/10/security/code-verify/
For years, WhatsApp has protected the personal messages you send on WhatsApp Web with end-to-end encryption as they transit from sender to recipient. But security conscious users need to be confident that when WhatsApp Web receives these encrypted messages, it is protected as well. In contrast to a downloadable mobile app, a web app is usually served directly to users, without a third party reviewing and auditing the code. There are many factors that could weaken the security of a web browser that don’t exist in the mobile app space, such as browser extensions. Additionally, because the mobile app space was built after the web was created, the security guarantees offered on mobile can be stronger, particularly given that third-party app stores review and approve each app and software update. But today, that’s changing, as Code Verify is bringing even more security to WhatsApp Web.
Code Verify works in partnership with Cloudflare, a web infrastructure and security company, to provide independent, third-party, transparent verification of the code you’re being served on WhatsApp Web. We hope this gives at-risk users peace of mind.
Code Verify expands on the concept of subresource integrity, a security feature that lets web browsers verify that the resources they fetch haven’t been manipulated. Subresource integrity applies only to single files, but Code Verify checks the resources on the entire webpage. To do this at scale, and to enhance trust in the process, Code Verify partners with Cloudflare to act as a trusted third party.
We’ve given Cloudflare a cryptographic hash source of truth for WhatsApp Web’s JavaScript code. When someone uses Code Verify, the extension automatically compares the code that runs on WhatsApp Web against the version of the code verified by WhatsApp and published on Cloudflare. If there are any inconsistencies, Code Verify will notify the user.
While comparing hashes to detect files that have been tampered with is not new, Code Verify does so automatically, with the help of Cloudflare’s third-party verification, and at this scale for the first time. WhatsApp’s security protections, the Code Verify extension, and Cloudflare all work together to provide real-time code verification. Whenever the code for WhatsApp Web is updated, the cryptographic hash source of truth and extension will update automatically as well.
How Cloudflare verifies the code WhatsApp Web serves to users
https://blog.cloudflare.com/cloudflare-verifies-code-whatsapp-web-serves-users/
Tomi Engdahl says:
EU Lawmakers to Probe ‘Political’ Pegasus Spyware Use
https://www.securityweek.com/eu-lawmakers-probe-political-pegasus-spyware-use
The European Parliament on Thursday created a “committee of inquiry” to probe accusations over the use of Pegasus spyware by governments in the bloc, notably in Hungary and Poland.
Lawmakers voted overwhelmingly to “investigate alleged breaches of EU law in the use of the surveillance software by, among others, Hungary and Poland”, a statement said.
The 38-member committee “is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was used for political purposes against, for example, journalists, politicians and lawyers”, it said.
The Pegasus malware, created by Israeli technology firm the NSO Group, was engulfed in controversy last July after a collaborative investigation by several media outlets reported that a string of governments around the world had used it to spy on critics and opponents.
Tomi Engdahl says:
How an OSPO Can Help Secure Your Software Supply Chain
https://thenewstack.io/how-an-ospo-can-help-secure-your-software-supply-chain/
It’s nearly impossible these days to build software without using open source code. But all that free software carries additional security risks.
Organizations grapple with how best to secure their open source software supply chain. But there’s another problem: Many companies don’t even know how many open source applications they have — or what’s in them.
An open source program office (OSPO) — a bureau of open source experts within your organization dedicated to overseeing how your company uses, creates and contributes to free software — can help coordinate all these efforts.
An OSPO can help a company get a handle on the open source code it uses and establish visibility into open source projects and tools, said Liz Miller, vice president and principal analyst at Constellation Research.
“Fundamentally, the purpose of an open source program office is to centralize the understanding of dependencies, implementation and utilization of open source code across an enterprise,” Miller said. “There is a significant security benefit to an OSPO.”
Today’s software is made up of components from a variety of sources. “It’s never 100% one thing,” said VMware’s Ambiel.
“There’s some code that you have written for the first time, so you obviously know what’s in there. But you may have used some containerized software. And you are going to be reusing some code. And everyone uses open source code.”
Here’s the scary part: In Synopsys’ analysis, 84% of the codebases had at least one vulnerability. And 91% of the open source components used hadn’t seen any maintenance of the past two years.
“The reality of open source is that for the security professional, hearing that a software supply chain is filled with unchecked, unknown and completely invisible open source code is the stuff nightmares are made of,” she said.
That’s why software needs to come with a “bill of materials,” said Ambiel, a complete inventory of all the components that go into a software package, and their versions and license terms.
And there’s a lot happening on that front. An OSPO can help companies stay on top of the latest recommendations, she said.
The CNCF white paper also recommended that companies scan their software with software-composition analysis tools to detect vulnerable open source components, and use penetration testing to check for basic security errors or loopholes and resistance to standard attacks.
Companies need to have a clear understanding of what open source code is used in their environment, stay up to date on patching, and even conduct their own vulnerability scans and assessments if necessary. An OSPO can help coordinate those efforts.
Securing the Software Supply Chain with a Software Bill of Materials
For example, the open source community has been working on supply chain security and compliance for years. The Linux Foundation’s Tern project, which inspects container images, is part of its Automated Compliance Tooling initiative.
“What’s current today is technical debt tomorrow. It’s a big job. But when it comes to these big ecosystem challenges, that’s where the open source community really shines and can step up.”
—Suzanne Ambiel, director of open source marketing and strategy, VMware Tanzu
An OSPO can also tap outside expertise through the OpenSSF, which is working on system solutions and ways to combat increasing attacks like typosquatting and malicious code.
https://thenewstack.io/securing-the-software-supply-chain-with-a-software-bill-of-materials/
What happens when the maintainer of a popular open source framework or component dies, goes to prison or just gets fed up? Developers whose software depends on that repo might have time to prepare; there might be an official repo with a formal succession process, a fast but informal community fork. Or the code might just disappear — which could affect commercial tools using it too. And even if there are a warning and time to plan, it’s only helpful if developers are aware of the dependencies in their software and monitoring their status.
Death, prison terms and abrupt departures might be rare; software vulnerabilities aren’t.
Even large, experienced technology organizations can make mistakes in securing their repo (Canonical’s GitHub account was compromised in 2019) or miss the update that fixes a newly-discovered vulnerability in a component.
Viewing the open source that developers and operations teams consume as a supply chain makes it easier to think about where problems occur.
Importing one package doesn’t add just one dependency; it also brings the upstream dependencies that package imports.
Software security tools like linters, fuzzers and static code analysis can improve code quality. While Coverity is a proprietary static analysis tool, it’s free to scan open source projects written in C, C++, C#, Java, JavaScript, Python and Ruby for defects and to get explanations of the root cause.
Embold is also free for open source use. Google’s OSS-Fuzz service, run in conjunction with the Linux Foundation’s Core Infrastructure Initiative, uses multiple fuzzing engines, checks open source projects written in C/C++, Rust and Go free and has already found 17,000 bugs in 250 projects.
Rather than leaving every maintainer to check one project at a time, GitHub is hoping its Security Lab (free for open source projects) and CodeQL will help remove vulnerabilities at scale across thousands of projects.
Also free for open source projects is Snyk, which will scan your source code repo and tell you if you have dependencies on. Now that GitHub owns npm, it’s going to be easier to check those dependencies
But useful as automated dependency tools are for understanding what code a project is so developers can update and patch (and for automating that patching as part of source code and build management), the longer-term approach needs to be more systematic — because dependency chains are so deep in the open source world. Importing one package doesn’t add just one dependency; it also brings the upstream dependencies that package imports. Because many Node packages are snippets, installing one Node package means trusting, on average, 80 packages, and that number is going up over time.
“One interesting trend we’re seeing with this in these ecosystems is that once something gets popular, it gets even more popular,”
To make it easier to detect when build servers are compromised, Microsoft is pushing the adoption of reproducible builds; builds of source code should be not just versioned but deterministic, with a record of the tools used and the steps needed to either reproduce or verify the build.
Most of Windows is now built with reproducible builds and Linux is moving towards reproducible. It can have some odd side-effects though; the timestamps in signed Windows binaries are no longer actual times because otherwise, they’d be different every time the build was run, so moving to reproducible builds can mean a lot of changes.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/sec-wants-public-companies-to-report-breaches-within-four-days/
Tomi Engdahl says:
A medical student in [India](https://www.independent.co.uk/topic/india) has come under scrutiny after he was allegedly caught cheating with a micro Bluetooth device believed to be surgically implanted into his ear, a college official said.
Tomi Engdahl says:
2021 mobile security: Android more vulnerabilities, iOS more zero-days https://www.bleepingcomputer.com/news/security/2021-mobile-security-android-more-vulnerabilities-ios-more-zero-days/
Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what’s coming in 2022. In general, the focus of malicious actors on mobile platforms has increased compared to previous years, mainly due to the push of the global workforce to remote working. This focus manifested in more significant malware distribution volumes, phishing and smishing attacks, and more efforts to discover and leverage zero-day exploits.
Tomi Engdahl says:
Nyt on syytä hoitaa nämä digiasiat kuntoon kotona – Suomen turvallisuusasema muuttui pysyvästi https://www.is.fi/digitoday/tietoturva/art-2000008673186.html
Tomi Engdahl says:
Talking About Cybersecurity and Cell Phones
Feb. 28, 2022
Alex Leadbeater, ETSI TC CYBER Chair, discusses the organization’s new standard focusing on cybersecurity and cell phones.
https://www.electronicdesign.com/technologies/iot/video/21215825/electronic-design-talking-about-cybersecurity-and-cell-phones?utm_source=EG%20ED%20Connected%20Solutions&utm_medium=email&utm_campaign=CPS220225025&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
Tomi Engdahl says:
The VC View: Incident Response and SOC Evolution
https://www.securityweek.com/vc-view-incident-response-and-soc-evolution
The evolution of cybersecurity incident response and the modern SOC continues to be one of the biggest post-pandemic security trends
The unfortunate modern cybersecurity mindset is that security incidents are a matter of when not if. Not only are reports of high-profile breaches like the SolarWinds hack and Kaseya VSA ransomware attack becoming more common, breaches are so common now that many of them don’t make headlines anymore.
Nowadays, companies still depend on the strength of its incident response talent, processes and security operation centers (SOCs) to respond to security incidents. No matter how much we want to automate, an overloaded IR team is still the state of the art. That’s why the evolution of cybersecurity incident response and the modern SOC continues to be one of the biggest post-pandemic security trends.
Today, many enterprise SOCs have first-hand experience dealing with an active incident but are still hamstrung by manual processes and data silos. Metrics, logs, events, and traces (a.k.a. MELT telemetry data) are often available, but they’re spread across disparate systems and cloud platforms. This creates blind spots for security engineers and makes diagnosing root cause or correlating events to detect threats a tedious manual effort. As a result, malware dwell times continue to be measured in months (IBM pegged average dwell time at 287 days ), and malicious actors can carry out sophisticated attacks with time to spare.
Security information and event management (SIEM) tooling and traditional log management platforms help centralize data and break down silos. However, there’s still progress that needs to be made. NIST’s incident response framework breaks incident response into four phases:
1. Preparation
2. Detection and analysis
3. Containment, eradication, and recovery
4. Post-incident activity
The biggest immediate challenges in the industry are improving the accuracy of phase two and the speed of phase three. For detection and analysis, enterprises need solutions that can rapidly identify threats without going overboard with false positives. Then, once threats are detected, remediation and recovery to a secure state must be as fast as possible.
Strategically, this sounds simple enough. But, there is a very real technical challenge here. Modern network perimeters are fluid, and topologies are complex. SOCs must account for everything from corporate data centers to SaaS platforms to IoT sensors. The quality of telemetry from these devices varies greatly. So does what quantifies malicious behavior.
Tomi Engdahl says:
Does the Free World Need a Global Cyber Alliance?
https://www.securityweek.com/does-free-world-need-global-cyber-alliance
Tomi Engdahl says:
Does the Free World Need a Global Cyber Alliance?
https://www.securityweek.com/does-free-world-need-global-cyber-alliance
The increasing incidence of aggressive cyber activity from Russia, China, Iran and North Korea, together with heightened concerns over the war in Ukraine, raises an important question: should the free world unite with a global cyber alliance in response?
At Cybertech Tel Aviv 2022 (March 1-3, 2022), founder of VC firm JVP, Erel Margalit, called for a global cyber alliance in response to the Russian invasion of Ukraine. “Leadership is required to establish a democratic cyber alliance, including NATO and other free countries, in order to lead values-based cyber that will support democracies and people, and will say ‘enough!’ to dictators and to those who support them,” he said.
At the same time, on March 2, 2022, Robert Silvers of the U.S. DHS and Israel’s National Cyber Directorate director-general Gaby Portnoy signed a cyber collaboration deal between the two countries. This followed a new agreement between the UK and Israel announced in November 2021 – which was described by the UK government as something that “will enable closer working in diplomacy, defense and security, cyber, science, technology, and many other areas.”
Such agreements never publicly disclose the extent to which the intelligence agencies of the different countries will work together, but we can assume that it is part of the arrangement. A third new alliance, known as AUKUS, was more upfront about its design and ability to deliver offensive cyber operations, clearly focused on the Indo-Pacific region and China’s activities.
It is important to understand what we have before asking what we need.
Tomi Engdahl says:
Helsingin Cyber Security Nordicin merkitys kasvoi
https://www.uusiteknologia.fi/2022/03/14/helsingin-cyber-security-nordicin-merkitys-kasvoi/
Viimeaikaiset tapahtumat ovat tuoneet kyberturvallisuuden esille entistä vahvemmin. Alkuvuodesta jo siirretty Helsingin Cyber Security Nordic paneutuu toukokuussa kyberturvallisuuden viimeisimpiin näkökulmiin politiikasta talouteen sekä alan viimeaikaiseen kehitykseen. Tapahtuma järjestetään Helsingin Messukeskuksessa 12.-13.5.2022.
Kyberturvallisuus ja kyberdiplomatia ovat tällä hetkellä ehtistä ajankohtaisempia kuin koskaan. Toukokuuksi Helsingissä järjestettävän Cyber Security Nordic -tapahtuman kohderyhminä ovat alan ammattilaiset, yritysjohto ja asiantuntijat.
“Vaikka tapahtumaa on aikaisempien koronarajoitusten vuoksi jouduttu siirtämään, ajoitus on nykytilanteessa relevantimpi kuin koskaan”, sanoo Peter Sund, toimitusjohtaja, Kyberala ry (FISC).
Tapahtuman ohjelmasta on julkaistu jo seitsemän pääpuhujaa ja kaksi paneelikeskustelua: Case Finland – lessons learned from latest global #cyberthreats ja Cyber conflict resolution approaches. Kaikki osuudet toteutaan englanniksi.
Tomi Engdahl says:
The number of Chrome vulnerabilities exploited in malicious attacks has been increasing over the past years and Google believes several factors have contributed to this trend
https://www.realinfosec.net/cybersecurity-news/google-explains-surge-in-chrome-zero-day-exploitation/
Tomi Engdahl says:
Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in
Q4 2021
https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html
As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.
Tomi Engdahl says:
Kyberhyökkäyksiin varauduttava Suomi kuuluu Venäjän listaamiin sille vihamielisiin valtioihin [TILAAJILLE]
https://www.tivi.fi/uutiset/tv/827b96ee-bba3-46fb-98ba-071123338ac4
Kyberturvallisuuden työelämäprofessori Jarno Limnéll sanoo, ettei halua pelotella mutta herättelee samalla Suomessa varautumaan vastatoimena sanktioille Venäjän valtion tai sille lojaalien ryhmien mahdollisiin kyberhyökkäyksiin. Limnéllin mielestä Suomen kybervarautumisen on oltava jatkuva prosessi. Osana sitä hän puhuu kyberomavaraisuuden käsitteestä, jota kumppanuudet ja oman kansan digitaidot tukevat.
Nyt on syytä hoitaa nämä digiasiat kuntoon kotona — Suomen turvallisuusasema muuttui pysyvästi https://www.is.fi/digitoday/tietoturva/art-2000008673186.html
IS kokoaa yhteen tärkeimmät asiat, jotka on syytä saattaa kuntoon kotona. Lähteinä toimivat haastattelut ja julkiset esitykset, joita ovat pitäneet Aalto-yliopiston professori Jarno Limnéll, tekniikan tohtori ja kyberturvallisuuden erityisasiantuntija Catharina Candolin, ja F-Securen tutkimusjohtaja sekä Digi- ja väestöviraston johtava asiantuntija Kimmo Rousku sekä Rouskun blogi.
Tomi Engdahl says:
Suomen finanssisektorin vakavaraisuus antaa puskuria kohdata heikentyneet talousnäkymät – kohonneisiin riskeihin varautuminen on tärkeää
https://www.sttinfo.fi/tiedote/suomen-finanssisektorin-vakavaraisuus-antaa-puskuria-kohdata-heikentyneet-talousnakymat—kohonneisiin-riskeihin-varautuminen-on-tarkeaa?publisherId=69817444&releaseId=69935060
Venäjän hyökkäys Ukrainaan on kasvattanut myös Suomen finanssisektorin riskejä vaikeasti ennakoitavalla tavalla. Vahva vakavaraisuus antaa puskuria kohdata toimintaympäristön heikkeneminen. Toimijoiden on kuitenkin varauduttava kasvaneisiin riskeihin, joita tuovat niin heikkenevät talousnäkymät kuin kasvanut kyberhyökkäysten uhka.
Banks on alert for Russian reprisal cyberattacks on Swift https://arstechnica.com/information-technology/2022/03/banks-on-alert-for-russian-reprisal-cyberattacks-on-swift/
Big banks fear that Swift faces a growing threat of Russian cyberattacks after seven of the country’s lenders were kicked off the global payments messaging system over the weekend.
Tomi Engdahl says:
Stop Neglecting Your Cloud Security Features: Check Point Research Found Thousands of Open Cloud Databases Exposing Data in the Wild https://blog.checkpoint.com/2022/03/15/stop-neglecting-your-cloud-security-features-check-point-research-found-thousands-of-open-cloud-databases-exposing-data-in-the-wild/
Check Point Research (CPR) warns against bad practices in cloud-based application development that could lead to serious security breaches.
Thousands of new applications every month have their Firebase databasess open leaving data exposed.
Tomi Engdahl says:
What Generation Z can teach us about cybersecurity https://www.microsoft.com/security/blog/2022/03/15/what-generation-z-can-teach-us-about-cybersecurity/
Girl Security National Security Fellows Program fellow Amulya, a 17-year-old interested in countering online disinformation, said she feels her sense of personal privacy has been largely nonexistent “growing up in a media-saturated world.”. She believes her sense of privacy was stolen by a combination of mass media, access to tech without education, and an increasing divide among generations, government, and industry around responsible technology. With an online presence from a young age, members of Generation Z, like Amulya, bring personal insight to the cybersecurity conversation about online privacy.
Tomi Engdahl says:
Investigating an engineering workstation Part 1 https://blog.nviso.eu/2022/03/15/investigating-an-engineering-workstation-part-1/
2021 Malware and TTP Threat Landscape
https://www.recordedfuture.com/2021-malware-and-ttp-threat-landscape/
Tomi Engdahl says:
A Brief History of The Evolution of Malware https://www.fortinet.com/blog/threat-research/evolution-of-malware
So, in recognition of over 50 years since the first computer virus was discovered, we have decided to provide a brief historical insight into the history of computer malware from the pre-internet era to the current world of botnets, ransomware, viruses, worms, etc.
Tomi Engdahl says:
Model contract language for medical technology cybersecurity published https://www.helpnetsecurity.com/2022/03/14/medical-technology-cybersecurity/
Medical technology companies and health delivery organizations have a new template for agreeing on cybersecurity contractual terms and conditions to reduce cost, complexity and time in the contracting process and improve patient safety.
Tomi Engdahl says:
Thousands of Secret Keys Found in Leaked Samsung Source Code
https://www.securityweek.com/thousands-secret-keys-found-leaked-samsung-source-code
An analysis of the recently leaked Samsung source code revealed that thousands of secret keys have been exposed, including many that could be highly useful to malicious actors.
The analysis was conducted by GitGuardian, a company that specializes in Git security scanning and secrets detection. The firm’s researchers looked at the source code leaked recently by a cybercrime group calling itself Lapsus$.
The hackers claim to have breached several major companies in the past weeks, including NVIDIA, Samsung, Ubisoft and Vodafone. In many cases they appear to have obtained source code belonging to the victims, some of which has been made public.
In the case of Samsung, the cybercriminals claim to have stolen 190 Gb of data and the tech giant has confirmed that the compromised information included source code related to Galaxy devices.
GitGuardian’s analysis of the leaked Samsung source code led to the discovery of more than 6,600 secret keys, including private keys, usernames and passwords, AWS keys, Google keys, and GitHub keys.
A few months ago, GitGuardian also analyzed the source code leaked from Amazon-owned live streaming service Twitch, from which hackers obtained and made public roughly 6,000 internal Git repositories.
Tomi Engdahl says:
The Rising Importance of Research Communities for Industrial Cybersecurity
https://www.securityweek.com/rising-importance-research-communities-industrial-cybersecurity
IT security research communities have been around for decades, sharing their findings with community members and the vendors of the affected product with the aim of accelerating some type of corrective action to safeguard users. As appreciation for the value of this service continued to grow, vendors began to offer bug bounty programs to provide researchers financial motivation to work with them to identify vulnerabilities. Today, bug bounty programs are prevalent, and researchers are being well compensated.
But what about research communities focused on the vulnerability landscape relevant to critical infrastructure?
On the heels of a historic period for critical infrastructure organizations, including the acceleration of digital transformation, targeted ransomware attacks, and crafty supply chain attacks, the need for research communities focused on operational technology (OT) and industrial controls systems (ICS) is urgent. While these communities are emerging and having a positive impact, it is still early days. What will it take for them to proliferate and grow?
Let’s look at the unique challenges for researchers analyzing these assets, the current state of these communities, and four ways to accelerate their growth moving forward.
Tomi Engdahl says:
Over 200 Organizations Take Part in CISA’s Cyber Storm Exercise
https://www.securityweek.com/over-200-organizations-take-part-cisas-cyber-storm-exercise
The Cybersecurity and Infrastructure Security Agency (CISA) last week hosted Cyber Storm VIII, a three-day national cyber exercise whose goal was to test preparedness to a cyber-crisis impacting critical infrastructure.
More than 2,000 participants from government, private sector, and international organizations helped evaluate cybersecurity preparedness and incident response and identify opportunities for information sharing.
During the cyber exercise, participants can simulate the process of discovering and responding to a widespread coordinated cyberattack. The scenario used at Cyber Storm VIII combined operational and traditional enterprise systems targeted in attacks such as ransomware and data exfiltration.
Through Cyber Storm, CISA is working with the nation’s critical infrastructure stakeholders to ensure the continuous assessment and strengthening of cyber resilience, with a focus on critical infrastructure.
Tomi Engdahl says:
Lauri Kontron kolumni: Kriisi testaa yhteiskuntamme toimintavarmuuden
https://yle.fi/uutiset/3-12357917
Elämä voi mennä sekaisin, vaikka yhtään luotia ei ammuttaisi.
Televisio- ja radiokanavat voidaan pimentää kyberiskulla, puhelimet voidaan mykistää, kaupunkien vesi- ja energiahuolto voidaan katkaista, junat voidaan pysäyttää asemille, pankkien toiminta voidaan estää.
Eikä tähän tarvita armeijan divisioonia. Muutama hakkeri jossakin kaukana pystyy sen tekemään.
Tomi Engdahl says:
Unpatched plugins threaten millions of WordPress websites https://portswigger.net/daily-swig/unpatched-plugins-threaten-millions-of-wordpress-websites
The number of flaws reported in plugins and themes for WordPress was 150% higher in 2021 than in 2020, according to researchers at WordPress security firm Patchstack. As many as 29% of critical vulnerabilities were never patched. WordPress powers just over 40% of all websites, but bugs in plugins and themes can render those sites vulnerable to SQL injection, arbitrary file upload, remote code execution (RCE) or privilege escalation attacks, among others.
Tomi Engdahl says:
The Workaday Life of the World’s Most Dangerous Ransomware Gang https://www.wired.com/story/conti-leaks-ransomware-work-life/
On February 28, a newly created Twitter account called @ContiLeaks released more than 60, 000 chat messages sent among members of the gang, its source code, and scores of internal Conti documents. The leaked messages, reviewed in depth by WIRED, provide an unrivaled view into Conti’s operations and expose the ruthless nature of one of the world’s most successful ransomware gangs. Among their revelations are the group’s sophisticated businesslike hierarchy, its members’
personalities, how it dodges law enforcement, and details of its ransomware negotiations.
Tomi Engdahl says:
Tietoturvagurun naurettavan helppo kikka suojaa ikäviltä haittaohjelmilta “Tämä ei ole vitsi”
https://www.tivi.fi/uutiset/tv/e9a1bb03-02fc-4709-862b-3fbf6b0ee8a9
Tietoturvaguru Sami Laihon vinkki ei vaadi kuin pari klikkausta.
“Tiedän, että joitain naurattaa, mutta RansomWare yrittää tutkia onko kone kotimainen, ja koska suuri osa ransuista tulee Venäjältä, kannattaa laittaa Venäjä toiseksi näppisvaihtoehdoksi koneelle”, Laiho vinkkaa Twitterissä lisäten, että kyseessä ei ole pila vaan ehta keino suojautua.
Tomi Engdahl says:
The Russia-Ukraine War And The Revival Of Hacktivism https://www.digitalshadows.com/blog-and-research/the-russia-ukraine-war-and-the-revival-of-hacktivism/
Another notable response is the resurgence of hacktivism. A variety of hacktivist attacks have been conducted, with a significant number, unsurprisingly, coming from within Ukraine. This blog will dive into hacktivist activity we’ve observed in the past few weeks, and discuss what hacktivists are doing differently this time around.
Tomi Engdahl says:
Cloudflare Announces New Security Tools for Email, Applications, APIs
https://www.securityweek.com/cloudflare-announces-new-security-tools-email-applications-apis
Cloudflare this week made several security-related announcements, offering customers a new web application firewall (WAF) engine, as well as email security and API security tools.
The new email security tools, announced on Monday, are a result of Cloudflare’s recent acquisition of Area 1 Security. Once the acquisition of Area 1 closes — the deal should be finalized in the second quarter — Cloudflare will provide enterprise-grade email security tools to all customers at no additional charge.
Cloudflare launches new security tools
“Control, customization, and visibility via analytics will vary with plan level, and the highest flexibility and support levels will be available to Enterprise customers for purchase,” the company explained
Tomi Engdahl says:
The Rising Importance of Research Communities for Industrial Cybersecurity
https://www.securityweek.com/rising-importance-research-communities-industrial-cybersecurity
Tomi Engdahl says:
Mobiilivarmenteen käyttö kolminkertaistunut
https://etn.fi/index.php/13-news/13314-mobiilivarmenteen-kaeyttoe-kolminkertaistunut
Kyberhyökkäykset ovat lisääntyneet vauhdilla Venäjän hyökkäyksen jälkeen. Suomalaiset ovat havahtuneet siihen, ettei sähköistä tunnistautumista kannata jättää vain verkkopankkitunnusten varaan. Poikkeuksellinen tilanne näkyy mobiilivarmenteen käyttöönoton huomattavana kasvuna. Telian mukaan käyttö on kasvanut kolminkertaiseksi sodan alettua.
- Venäjän hyökkäys Ukrainaan on ollut käynnissä kolme viikkoa. Näemme datasta, että tuona aikana mobiilivarmennetta on ladattu jopa kolme kertaa enemmän kuin ennen Venäjän hyökkäystä, Telian luottamuspalveluiden johtaja Ari Hakala kertoo.
Tomi Engdahl says:
The Information:
Tech execs may face criminal prosecution or jail time for not abiding by Ofcom’s decisions two months after the UK’s Online Safety Bill passes and takes effect — Executives from Facebook parent Meta Platforms, TikTok and other big tech companies would face the prospect of jail time under sweeping …
Tech Executives Threatened With Jail Time Under Proposed U.K. Law
https://www.theinformation.com/articles/tech-executives-threatened-with-jail-time-under-proposed-u-k-law
Tomi Engdahl says:
Cybersecurity Testing for Industrial Control Systems (W42)
https://pentestmag.com/course/cybersecurity-testing-for-industrial-control-systems-w42/
Tomi Engdahl says:
Free Ransomware Decryption tool -No More Ransom
https://www.socinvestigation.com/free-ransomware-decryption-tool-no-more-ransom/
Ransomware attacks can affect everyone. It starts from small businesses to giant corporates. Without a doubt, ransomware is a danger to organizations all over the world today. With the rise of cryptocurrencies like Bitcoin, ransomware attacks got popular.
Tomi Engdahl says:
Network Encryption: A Double-edged Sword for Cybersecurity
How do you protect the recipient when you can’t see inside the message?
https://www.datacenterknowledge.com/security/network-encryption-double-edged-sword-cybersecurity
In 2013, less than half of all web traffic was encrypted, according to Google. Today, the rate of network encryption stands at 95%.
On the one hand, that’s good for security. The more things are encrypted, the harder it is for attackers to steal data, eavesdrop on communications, and compromise systems.
On the other hand, the same encryption that can be used to protect people, data, and systems is also used by cybercriminals and state actors to protect their people, data, and systems.
According to a report released by Zscaler last fall, 80% of attacks now use encrypted channels – up from just 57% the previous year.
In fact, criminals are ahead of enterprises in their use of encryption.
According to the Ponemon Institute’s 2021 global encryption trends survey, 50% of organizations have a consistently-applied encryption strategy. Another 37% have a limited encryption strategy, applied to a limited number of applications or data types.
Tomi Engdahl says:
https://gchq.github.io/CyberChef/
Tomi Engdahl says:
Solar storm warning: Earth faces ‘triple threat’ from space as ‘direct impact’ predicted
A SOLAR storm is predicted to hit the planet in a “direct hit” this Monday.
https://www.express.co.uk/news/science/1579515/Solar-storm-warning-direct-impact-predicted-Aurora-latest
Tomi Engdahl says:
Why the fuck was I breached?
https://whythefuckwasibreached.com/
Did you just lose 100m customer SSNs because your root password was “password”, you set an S3 bucket to public or you didn’t patch a well known vulnerability for 8 months? Is the media and government chewing you out because of it? Worry not! Our free excuse generator will help you develop an air-tight breach statement in no time!
Tomi Engdahl says:
WAF for everyone: protecting the web from high severity vulnerabilities
https://blog.cloudflare.com/waf-for-everyone/
At Cloudflare, we like disruptive ideas. Pair that with our core belief that security is something that should be accessible to everyone and the outcome is a better and safer Internet for all.
This isn’t idle talk. For example, back in 2014, we announced Universal SSL. Overnight, we provided SSL/TLS encryption to over one million Internet properties without anyone having to pay a dime, or configure a certificate. This was good not only for our customers, but also for everyone using the web.
In 2017, we announced unmetered DDoS mitigation. We’ve never asked customers to pay for DDoS bandwidth as it never felt right, but it took us some time to reach the network size where we could offer completely unmetered mitigation for everyone, paying customer or not.
Today, we’re doing it again, by providing a Cloudflare WAF (Web Application Firewall) Managed Ruleset to all Cloudflare plans, free of charge.
Why are we doing this?
High profile vulnerabilities have a major impact across the Internet affecting organizations of all sizes. We’ve recently seen this with Log4J, but even before that, major vulnerabilities such as Shellshock and Heartbleed have left scars across the Internet.
Small application owners and teams don’t always have the time to keep up with fast moving security related patches, causing many applications to be compromised and/or used for nefarious purposes.
When are we doing this?
If you are on a FREE plan, you are already receiving protection. Over the coming months, all our FREE zone plan users will also receive access to the Cloudflare WAF user interface in the dashboard and will be able to deploy and configure the new ruleset. This ruleset will provide mitigation rules for high profile vulnerabilities such as Shellshock and Log4J among others.
To access our broader set of WAF rulesets (Cloudflare Managed Rules, Cloudflare OWASP Core Ruleset and Cloudflare Leaked Credential Check Ruleset) along with advanced WAF features, customers will still have to upgrade to PRO or higher plans.
The Challenge
With over 32 million HTTP requests per second being proxied by the Cloudflare global network, running the WAF on every single request is no easy task.
Tomi Engdahl says:
How to generate WireGuard QR code on Linux for mobile
https://www.cyberciti.biz/faq/how-to-generate-wireguard-qr-code-on-linux-for-mobile/
Tomi Engdahl says:
Julkishallinto sai api-periaatteet
https://www.tivi.fi/uutiset/tv/fd4a0929-a82b-44db-a2ca-97caf882b8de
Valtiovarainministeriö on julkaissut yhteiset ohjelmointirajapintakehityksen toimintaperiaatteet ja suositukset julkiselle hallinnolle. Nämä api-periaatteet on jaettu kolmelle tasolle, joita ovat strateginen, taktinen ja operatiivinen.
Tomi Engdahl says:
Exposing initial access broker with ties to Conti https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group’s activity, we determined they are an Initial Access Broker
(IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, FireEye) / WIZARD SPIDER (CrowdStrike). EXOTIC LILY is a resourceful, financially motivated group whose activities appear to be closely linked with data exfiltration and deployment of human-operated ransomware such as Conti and Diavol. At the peak of EXOTIC LILY’s activity, we estimate they were sending more than 5, 000 emails a day, to as many as 650 targeted organizations globally.
Tomi Engdahl says:
How CAPTCHAs can cloak phishing URLs in emails https://www.theregister.com/2022/03/17/captcha_phishinbg_url/
CAPTCHA puzzles, designed to distinguish people from computer code, are being used to separate people from their login credentials.
Security firm Avanan on Thursday published its latest analysis of a phishing technique that builds on the internet community’s familiarity with CAPTCHA challenges to amplify the effectiveness of deceptions designed to capture sensitive data.
Tomi Engdahl says:
China’s Government Is Learning From Russia’s Cyberattacks Against Ukraine https://www.recordedfuture.com/chinas-government-is-learning-from-russias-cyberattacks-against-ukraine/
Chinese government entities, state-owned enterprises, and cybersecurity researchers have demonstrated a practical interest in the 2015 cyberattack against Ukraine’s power grid as well as subsequent attacks, which have been credibly attributed to Sandworm Team, a Russian state-sponsored advanced persistent threat group.
Recorded Future has found that procurement documents associated with various Chinese government entities and state-owned enterprises have referenced the attack, with several documents explicitly calling for cybersecurity capabilities to counter or simulate such an attack.
Likewise, cybersecurity researchers associated with the People’s Liberation Army, state-run research organizations, and other such entities have discussed the implications of the incident in their ongoing technical research, highlighting the national security relevance of protecting critical infrastructure and the prominence of this infrastructure as a target in interstate conflict.
Tomi Engdahl says:
EFF Tells E.U. Commission: Don’t Break Encryption https://www.eff.org/deeplinks/2022/03/eff-tells-eu-commission-dont-break-encryption
An upcoming proposal from the European Union Commission could make government scanning of user messages and photos mandatory throughout the E.U. If that happens, it would be inconsistent with providing true end-to-end encryption in Europe. That would be a disaster, not just for the privacy and security of citizens in the E.U., but worldwide.