Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Suomessa viime vuonna 62 miljoonaa vaarallista sähköpostia
https://etn.fi/index.php/13-news/13319-suomessa-viime-vuonna-62-miljoonaa-vaarallista-saehkoepostia
Tomi Engdahl says:
https://thehackernews.com/2022/03/the-golden-hour-of-incident-response.html
Tomi Engdahl says:
Helpotus dronen omistajalle: Rajoituksiin vuoden lykkäys https://www.is.fi/digitoday/art-2000008688605.html
Tomi Engdahl says:
https://www.facebook.com/126000117413375/posts/5549203518426314/
I am glad some FLOSS authors add JSON/YAML output support to popular Linux and Unix CLI utilities. Don’t get me wrong, text output is incredible, but a well-defined format is much better for parsing purposes. Exhibit a) DNSSEC validation with YAML outputs https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/ JSON or YAML output is excellent for scripting or writing web frontend in Perl/Python etc.
Tomi Engdahl says:
https://elisa.fi/varmenne/
Tomi Engdahl says:
What the Newly Signed US Cyber-Incident Law Means for Security
Bipartisan cybersecurity legislation comes amid increased worries over ransomware, and fears of cyberattacks from Russia in the wake of its invasion of Ukraine.
https://www.darkreading.com/attacks-breaches/new-cyber-incident-law-not-a-national-breach-law-but-a-major-first-step
Tomi Engdahl says:
Half of Americans accept all cookies despite the security risk
By Anthony Spadafora published 1 day ago
Accepting all cookies without thinking could be putting you at risk online
https://www.techradar.com/news/half-of-americans-accept-all-cookies-despite-the-security-risk
Tomi Engdahl says:
Satellite Networks Worldwide at Risk of Possible Cyberattacks, FBI & CISA Warn
Agencies provide mitigation steps to protect satellite communication (SATCOM) networks amid “current geopolitical situation.”
https://www.darkreading.com/vulnerabilities-threats/satellite-networks-worldwide-at-risk-of-possible-cyberattacks-fbi-cisa-warn
Tomi Engdahl says:
Does Linux Need Antivirus?
https://planetstoryline.com/does-linux-need-antivirus/
Tomi Engdahl says:
Cloudflare and Aruba partner to deliver a seamless global secure network from the branch to the cloud
https://blog.cloudflare.com/cloudflare-aruba-partnership/
Tomi Engdahl says:
Stopping Russian Cyberattacks at Their Source
Step up training with cybersecurity drills, teach how to avoid social engineering traps, share open source monitoring tools, and make multifactor authentication the default.
https://www.darkreading.com/attacks-breaches/stopping-russian-cyberattacks-at-their-source
Tomi Engdahl says:
Tech CEOs to face faster criminal liability under UK online safety law
https://techcrunch.com/2022/03/16/online-safety-bill-parliament/
Tomi Engdahl says:
These four types of ransomware make up nearly three-quarters of reported incidents
https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/
Any ransomware is a cybersecurity issue, but some strains are having more of an impact than others.
“The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%,” said the researchers.
Tomi Engdahl says:
Patrick Howell O’Neill / MIT Technology Review:
The US is shifting its cybersecurity strategy from relying on companies’ voluntary cooperation toward stronger oversight, minimum security standards, and more — The specter of Russian hackers and an overreliance on voluntary cooperation from the private sector means officials are finally prepared to get tough.
Inside the plan to fix America’s never-ending cybersecurity failures
https://www.technologyreview.com/2022/03/18/1047395/inside-the-plan-to-fix-americas-never-ending-cybersecurity-failures/
The specter of Russian hackers and an overreliance on voluntary cooperation from the private sector means officials are finally prepared to get tough.
Tomi Engdahl says:
Trend Micro Secures Endpoint Protection Top Spot
https://www.statista.com/chart/27071/biggest-corporate-endpoint-protection-providers-by-market-share/
Italy has become the second European country cautioning against the usage of Kaspersky anti-virus software in the public sector this week. On March 15, Germany’s federal agency Federal Office for Information Security (BSI) issued a similar warning, citing concerns about the government of Russia coercing the Russian company to hack into connected systems in light of the invasion of Ukraine. While this risk shouldn’t be downplayed, corporate endpoint protection is firmly in the hands of other players as our chart shows.
According to data by IDC, CrowdStrike and Trend Micro, the latter is the world leader in corporate endpoint protection with a market share of 10.5 percent.
Tomi Engdahl says:
Merenkulun robotisaation hidaste ? [Uusi raportti korostaa miljoonia dollareita, joita laivanvarustajat maksavat hakkereille vuosittain](https://splash247.us9.list-manage.com/track/click?u=d9cd6e3c7ddb7a9f609caa158&id=3d96359ac7&e=b2801f26ba)
22. maalis 2022 16:20 | Sam-kammiot
Uusi tutkimus on havainnut, että jos meriteollisuuden kyberhyökkäykset johtavat lunnasmaksuun, laivanvarustajat maksavat tekijöille keskimäärin yli 3 miljoonaa dollaria. Uusi 43-sivuinen raportti nimeltä The Great Disconnect, jonka ovat tuottaneet merenkulun kyberturvallisuusyritys CyberOwl, merenkulun innovaatiovirasto Thetius ja asianajotoimisto HFW, paljastaa myös merkittäviä aukkoja …
New report highlights the millions of dollars shipowners pay hackers every year
https://splash247.com/new-report-highlights-the-millions-of-dollars-shipowners-pay-hackers-every-year/
New research has found that where cyber attacks in the maritime industry lead to a ransom payment, shipowners pay more than $3m on average to the perpetrators.
A new 43-page report entitled The Great Disconnect, produced by maritime cyber security company CyberOwl, maritime innovation agency Thetius and law firm HFW, also reveals significant gaps in cyber risk management that exist across shipping organisations and the wider supply chain. It is based on a survey of more than 200 industry professionals, including C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers and also covers the increased risks of cyber attacks in the wake of Russia’s invasion of Ukraine.
Tomi Engdahl says:
The Automated SOC: Reviewing the Future of Layered Security Solutions
https://pentestmag.com/the-automated-soc-reviewing-the-future-of-layered-security-solutions/
Tomi Engdahl says:
New Linux kernel bolsters random number generation
Bigger changes are afoot in the next release, too
https://www.theregister.com/2022/03/21/new_linux_kernel_has_improved/
Tomi Engdahl says:
Half of Orgs Use Web Application Firewalls to Paper Over Flaws
WAFs remain a popular backfill for complex and fraught patch management.
https://www.darkreading.com/tech-trends/half-of-orgs-use-web-application-firewalls-to-paper-over-flaws
Tomi Engdahl says:
I ditched consumer Wi-Fi routers, and I recommend you do too
My new Ubiquiti Wi-Fi setup is faster, stronger, and a lot more upgradable.
https://www.androidauthority.com/ubiquiti-dream-machine-wifi-router-3136705/
Tomi Engdahl says:
Securing your digital life, the finale: Debunking worthless “security” practices
We tear down some infosec conventional wisdom—there’s a lot of bad advice out there.
https://arstechnica.com/information-technology/2021/11/securing-your-digital-life-part-4/
Tomi Engdahl says:
https://securityonline.info/uncover-quickly-discover-exposed-hosts-on-the-internet/
Tomi Engdahl says:
Web3 digital identity startup Unstoppable Domains said to seek funding at $1 billion valuation
https://techcrunch.com/2022/03/22/web3-digital-identity-startup-unstoppable-domains-said-to-seek-funding-at-1-billion-valuation/
Unstoppable Domains allows people to create their username for crypto and build decentralized digital identities. The startup, which sells domains with certain TLDs for as low as $5, has helped people register over 2.1 million domains to date, it says on its website. Some of the popular TLDs it offers include .crypto, .coin, .bitcoin, .x, .888, .nft and .dao.
Unstoppable Domains, which includes members who worked at companies such as Amazon’s AWS, Uber and Slack, mints each decentralized domain name as an NFT on the Ethereum blockchain to give the owner broader control and ownership.
Having a domain name allows users to not bother with sharing their meaninglessly long wallet addresses with friends and businesses.
Tomi Engdahl says:
https://techcrunch.com/2022/03/22/cloud-providers-default-retention-policies-are-not-enough-you-better-back-your-saas-up/
Tomi Engdahl says:
The top 5 things the 2022 Weak Password Report means for IT security
https://www.bleepingcomputer.com/news/security/the-top-5-things-the-2022-weak-password-report-means-for-it-security/
Tomi Engdahl says:
https://thenewstack.io/nsa-on-how-to-harden-kubernetes/
Tomi Engdahl says:
What does Go-written malware look like? Here’s a sample under the microscope
Arid Gopher sticks its head out from its burrow
https://www.theregister.com/2022/03/22/arid-gopher-malware-deep-instinct/
Tomi Engdahl says:
https://sudosecurity.org/blog/implementing-rsa-from-scratch-in-python/
Tomi Engdahl says:
https://semiengineering.com/key-recovery-for-content-protection-using-ternary-pufs-designed-with-pre-formed-reram/
Tomi Engdahl says:
New Phishing toolkit lets anyone create fake Chrome browser windows
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/
Tomi Engdahl says:
Never, Ever, Ever Use Pixelation for Redacting Text
https://bishopfox.com/blog/unredacter-tool-never-pixelation
Tomi Engdahl says:
https://lifehacker.com/stop-blurring-your-sensitive-information-in-screenshots-1848626457
Tomi Engdahl says:
https://www.trickster.dev/post/decrypting-your-own-https-traffic-with-wireshark/
Tomi Engdahl says:
https://blogs.microsoft.com/blog/2022/03/23/closing-the-cybersecurity-skills-gap-microsoft-expands-efforts-to-23-countries/
This is a global problem. By 2025, there will be 3.5 million cybersecurity jobs open globally, representing a 350% increase over an eight-year period. We recently announced a national skilling campaign in the United States, where for every two jobs in cybersecurity today, a third goes unfilled.
Tomi Engdahl says:
Closing the cybersecurity skills gap – Microsoft expands efforts to 23 countries
https://blogs.microsoft.com/blog/2022/03/23/closing-the-cybersecurity-skills-gap-microsoft-expands-efforts-to-23-countries/
Tomi Engdahl says:
Report: 89% of organizations say Kubernetes ransomware is a problem today
https://venturebeat.com/2022/03/21/report-89-of-orgs-have-been-attacked-by-kubernetes-ransomware/
New global research from Veritas Technologies reveals that the majority of organizations are under prepared to face threats against their Kubernetes environments. Despite 89% of the survey respondents saying that ransomware attacks on Kubernetes environments are an issue for their organizations today — only 33% of those that have deployed the technology have protection in place within these environments to help mitigate data loss incidents such as ransomware.
Tomi Engdahl says:
The Four V’s of Effective Cybersecurity Posture
https://hackernoon.com/the-four-vs-of-effective-cybersecurity-posture
1. Visibility
2. Verification
3. Vigilance
4. Validation
An Extended Security Posture Management (XSPM) approach covers all security validation aspects. Below is a comprehensive list of all the continuous security validation aspects and related most advanced technologies available today
Tomi Engdahl says:
A cybercriminal gang known as LAPSUS$ is targeting call centers used by major tech firms and it’s paying off, security experts warn.
Okta Hack Exposes A Huge Hole In Tech Giant Security: Their Call Centers
https://www.forbes.com/sites/thomasbrewster/2022/03/23/okta-hack-exposes-a-huge-hole-in-tech-giant-security/?sh=436a59d535a5&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB&utm_medium=social
Tomi Engdahl says:
NSA on How to Harden Kubernetes
https://thenewstack.io/nsa-on-how-to-harden-kubernetes/
Tomi Engdahl says:
https://hackersonlineclub.com/advanced-mobile-forensics-investigation-software/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13340-f-securen-yritystuotteet-uuden-nimen-alle-withsecure
Tomi Engdahl says:
IBM:n työkalu hallitsee kaikkia salausavaimia kaikkialla
https://etn.fi/index.php/13-news/13344-ibm-n-tyoekalu-hallitsee-kaikkia-salausavaimia-kaikkialla
Isot yritykset käyttävät keskimäärin 8-9 eri pilvipalvelua datansa tallennukseen. Nämä kaikki pitää suojata riittävän vahvasti ja tähän asti se on edellyttänyt erilaisten avaintenhallinnan menetelmien opiskelua. Nyt IBM on kehittänyt pilvityökalun, jolla voidaan hallita kaikkia yrityksen salausavaimia.
IBM Institute for Business Valuen (IBV) yhteistyössä Oxford Economicsin kanssa tekemän äskettäisen maailmanlaajuisessa tutkimuksessa 80 prosenttia vastaajista sanoi, että kyky hallita ja noudattaa useita pilvipalveluita on tärkeä tai erittäin tärkeä. Organisaatiot voivat kärsiä toiminnan monimutkaisuudesta, jos niillä ei ole kokonaisvaltaista näkemystä tietoturva-asennostaan. Tämä koskee erityisesti salausavaimia, jotka suojaavat monille alustoille jaettua kriittistä dataa. Yhdellä, suojatulla ja pilvipohjaisella ratkaisulla yritykset voivat osoittaa noudattamisensa helpommin ja nopeammin lähes reaaliajassa.
Tomi Engdahl says:
Valvomo näkee verkon ongelmat reaaliajassa
https://etn.fi/index.php/13-news/13351-valvomo-naekee-verkon-ongelmat-reaaliajassa
Myrskyn arvioidaan iskevän suureen osaan Suomea viikonloppuna. Tämä voi aiheuttaa sähkökatkoksia sekä ongelmia mobiiliverkoille. DNA on nyt avannut, miten operaattorin valvomo toimii ongelmatilanteissa.
DNA:n valtakunnallinen verkonhallintakeskus on toiminut yli 30 vuotta Lahdessa. Valvomoa ylläpiti aiemmin PHP omaa toimintaansa varten. Vuodesta 2000 PHP:n liiketoiminta on ollut osa DNA:ta. Vuonna2011DNA päätti keskittää verkonhallintansa Oulusta ja Lahdesta kokonaan Lahteen.
Tilanteessa, jossa esimerkiksi salama rikkoo tukiaseman tekniikkaa tai myrskytuuli kaataa puun sähkölinjoille, DNA saa tietää verkkohäiriöstä lähes reaaliajassa. Siitä hetkestä lähtee liikkeelle kriittinen selvitysketju: Miksi palvelu on pois käytöstä? Onko jokin hajonnut ja jos, niin mikä? Miten palvelu saadaan takaisin toimintaan mahdollisimman pian?
- Suurin osa häiriöistä on sellaisia, etteivät ne näy asiakkaalle millään lailla. Osan korjaa automatiikka saman tien tai ihminen jopa alle minuutissa etänä, esimerkiksi konfiguraatiomuutoksella tai siirtämällä palveluita varmentaville reiteille. Sähköverkon häiriötilanteessa jokainen tukiasema toimii akkujen varassa keskimäärin kolme tuntia tai jopa pidempään, minkä puitteissa valtaosa häiriöistä päästään korjaamaan, kertoo valvomon ryhmäpäällikkö Visa Urpelainen.
Tomi Engdahl says:
Verkkorikollisen uralle pääsee parilla kympillä
https://etn.fi/index.php/13-news/13352-verkkorikollisen-uralle-paeaesee-parilla-kympillae
Verkkorikollisuus kaikissa eri muodoissaan yleistyy edelleen kovaa vauhtia. Yksi merkittävä tekijä kasvussa on se, että pimeästä verkosta voi ostaa täysin valmiita haittaohjelmia mitättömillä summilla. Parilla kympillä saa kokonaisen haittaohjelmistopaketin, ransomware-ohjelman lähdekoodeineen 50 dollarilla.
AtlasVPN on tutkinut dark webin haittaohjelmatarjontaa ja teksti on kylmäävää luettavaa. Halvimmillaan etähallinnan mahdollista RAT-työkalu irtoaa viidellä dollarilla. Palvelunestohyökkäykseen voi siirtyä 10 dollarin investoinnilla. Hinnat ovat peräisin Sectrion tietoturvaraportista.
Tomi Engdahl says:
https://pentestmag.com/a-social-media-enumeration-correlation-tool-by-jacob-wilkin-greenwolf/
Tomi Engdahl says:
These attacks are gaining more and more traction now since everyone now is using DDoS Protection from CloudFlare or it being built into people’s hosting packages now so a new attack vector is showing it’s face since the pandemic has forced more people online instead of the office.
Application Layer Attacks can defeat DDoS Protection
https://sudosecurity.org/blog/app-layer-attacks-ddos-attacks/
Photo by Domenico Loia / Unsplash
Security Researchers have recent observed large application-layered distributed denial-of-service attacks using techniques that could end up foiling DDoS protection and defenses in the past few years. This could be yet another sign of things and change for web application operators.
This attack targeted a Chinese Lottery website that uses DDoS protection from Imperva. The attack peaked at 8.7Gbps. Now these days, attacks peak past 100Gbps, so this might seem really small compared to other attacks, but it’s actually scary for an attack that is operating on the application-layer.
These DDoS attacks will target either the network or application layers.
With the network-layer attacks, the attackers goal is to send malicious packets over different networking protocols. These attacks will consume all of the available bandwidth which will end up clogging the internet pipes.
However, this is slightly different with application-layer attacks, which are known as HTTP floods. The goal of these attacks is to consume computation resources — such as CPU and RAM — that a web server has to process the requests. When the limits of the server is reached, the server will stop answering new requests. This will end up resulting in denial-of-service condition for all clients.
Being able to protect against the application-layer attacks is often done through a special hardware appliance that will sit on the customer’s network in front of the web server.
The Researchers have reported that the attack was launched from a botnet make up of computers infected with the Nitol malware. They were sending legitimate POST requests mimicking the web crawler of the Baidu search engine. The requests, at only 163,000 per second, attempted to upload randomly-generated large files to the server, resulting in the attack’s extremely large bandwidth footprint.
Imperva Researchers said in a blog post:
Application layer traffic can only be filtered after the TCP connection has been established. Unless you are using an off-premise mitigation solution, this means that malicious requests are going to be allowed through your network pipe, which is a huge issue for multi-gig attacks.
For the organizations in industries like finance, there’s no easy answer to fighting off such high-bandwidth application-layer attacks at all. The custom web applications require the use of HTTPS to encrypt data in transit and they need to terminate those HTTPS connections inside their own infrastructure. This is to be in compliance with the regulatory requirements regarding the protection of financial and personal data.
Therefore, the application-layer DDoS protection that relies on inspecting the requests after they’ve been decrypted also needs to happen within their own infrastructure.
Tomi Engdahl says:
USA etsintäkuulutti venäläishakkerin 10 miljoonalla dollarilla – epäillään iskeneen energiantuotantoon https://www.is.fi/digitoday/tietoturva/art-2000008706983.html
Tomi Engdahl says:
How Microsoft plans to fill 3.5 million cybersecurity jobs
Microsoft is expanding its campaign to skill cybersecurity workers and diversify the workforce in 23 countries.
https://www.protocol.com/bulletins/microsofts-cybersecurity-skilling-initiative-is-going-global
Tomi Engdahl says:
From https://www.facebook.com/cybersec.prism/photos/a.2047976635522412/2865430090443725/?type=3
The question is… What is the difference? Don’t they all mean the same thing? The truth of the matter is that they don’t, and many times they are used incorrectly in reporting a breach or cybersecurity incident.
Threat Actor:
A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for a security incident that impacts – or has the potential to impact – an organization’s security.
Hacker:
In computing, a hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. While “hacker” can refer to any computer programmer, the term has become associated in popular culture with a “security hacker”, someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.
Attacker:
In computer and computer networks, an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.” Thus, an attacker is the individual or organization performing these malicious activities.
Why is there a Distinction?
A threat actor – compared to a hacker or attacker – does not necessarily have any technical skill sets. They are a person or organization with malicious intent and a mission to compromise an organization’s security or data. This could be anything from physical destruction to simply copying sensitive information. It is a broad term and is intentionally used because it can apply to external and insider threats, including missions like hacktivism.
The difference between an attacker and hacker is subtle however. Hackers traditionally use vulnerabilities and exploits to conduct their activities. Attackers can use any means to cause havoc. For example, an attacker may be a disgruntled insider that deletes sensitive files or disrupts the business by any means to achieve their goals.
A hacker might do the same thing but they use vulnerabilities, misconfigurations, and exploits to compromise a resource outside of their acceptable roles and privileges.
___________________________
You can watch all the videos of Cybersecurity Series here:
Facebook Page : Cybersecurity Prism https://www.facebook.com/cybersec.prism/
Hear My Podcast: https://anchor.fm/meena-r
Linkedin Page : Cybersecurity Prism https://www.linkedin.com/company/10117131/
Facebook Group : Cybersecurity Forever https://www.facebook.com/groups/cybersec.forever/
___________________________
#cloudsecurity #computers #Cyber #cyberattack #Cybersecurity #cybersecurityawareness #cybersecuritythreats #cybersecuritytraining #cyberthreats #datasecurity #EthicalHacking #hacked #Hackers #Hacking #infosec #iot #IT #itsecurity #KaliLinux #linux #malware #networking #pentesting #privacy #ransomeware #security #technology #computersecurity #computerscience #wifi
Tomi Engdahl says:
The Email Bait and Phish: Instagram Phishing Attack https://www.armorblox.com/blog/the-email-bait-and-phish-instagram-phishing-attack/
Mixing business with pleasure is seen as a negative for a few reasons that many people know well, but there is another important reason you may not be aware of two words: credential phishing. Take caution when using business credentials to login across multiple apps; especially social apps that cross over into personal use. The convenience is very tempting. However, it only takes one momentary lapse in reason for both sensitive personal and business data to be compromised. Today, we examine an attack impersonating Instagram, the most prominent photo, video sharing and social networking platform.