Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
The Evolution of Patch Management: How and When It Got So Complicated https://www.darkreading.com/vulnerabilities-threats/the-evolution-of-patch-management-how-and-when-it-got-so-complicated
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
Tomi Engdahl says:
U.S. Government Issues Warning Over Commercial Surveillance Tools
https://www.securityweek.com/us-government-issues-warning-over-commercial-surveillance-tools
The U.S. State Department and the National Counterintelligence and Security Center (NCSC) on Friday issued a warning over the use of commercial surveillance tools.
The one-page document says governments and other entities have been using spyware sold by companies and individuals. The spyware can typically be used to record audio, track a device’s location, and access all of the content stored on a phone.
“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections. In some cases, malign actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device,” the alert reads.
The alert also includes some general recommendations for mitigating “some risks” posed by surveillance tools. However, the government warned that “it’s always safest to behave as if the device is compromised.”
https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/FINAL_Jan-7-2022_Protect_Yourself_Commercial_Surveillance_Tools.pdf
Tomi Engdahl says:
SonicWall Patches Y2K22 Bug in Email Security, Firewall Products
https://www.securityweek.com/sonicwall-patches-y2k22-bug-email-security-firewall-products
Cybersecurity firm SonicWall says it has released patches for some of its email security and firewall products to address a bug that resulted in failed junk box and message log updates.
Referred to as Y2K22, the bug exists because some software stores dates in a 32-bit integer format, where the largest possible number is 2147483647. Because the dates are stored in the YYMMDDhhmm format, when the new year started the date was converted to 2201010001, which was larger than the maximum allowed, and it resulted in system errors.
As expected, SonicWall, a provider of email anti-spam, virtual private network (VPN), unified threat management (UTM), network firewall, and other security solutions, first observed the issue manifesting on January 1, 2022.
Because of the bug, admins and email users were unable to access the junk box or un-junk new emails, and they couldn’t trace the incoming/outgoing email messages through logs, the company says.
On January 2, SonicWall released patches for the North America and Europe instances of its hosted Email Security and fully addressed the bug without requiring any user interaction.
What is This Y2K22 Bug? What Problem is it Causing for Sysadmins?
The new year was not too happy for sysadmins with Microsoft Exchange servers to manage.
https://news.itsfoss.com/y2k22-bug/
Tomi Engdahl says:
SecurityWeek Cyber Insights 2022: Ransomware
https://www.securityweek.com/securityweek-cyber-insights-2022-ransomware
Ransomware has grown from humble beginnings as threat-based scams to a worldwide criminal phenomenon. It has been a continuous process of extortion refinement, with criminals adapting their behavior to maximize their financial return. This evolutionary process will continue.
Tomi Engdahl says:
Apache Foundation Calls Out Open-Source Leechers
https://www.securityweek.com/apache-foundation-calls-out-open-source-leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
“[The] community is defined by those who show up and do the work. Companies that build open source into their products rarely participate in their continued maintenance,” the ASF said in a position paper published ahead of a high-level White House meeting on open-source software security.
“Only a tiny percentage of downstream companies (reusing the same code within their own products) choose to participate [in maintaining the code],” the Foundation said, noting that any future directives must “avoid placing additional unfunded burdens on the few maintainers who are already doing the work.”
The foundation’s statement comes on the heels of the ongoing Apache Log4j incident where a remote code execution vulnerability in a little-known Java-based logging utility led to a global incident response crisis.
https://cwiki.apache.org/confluence/display/COMDEV/Position+Paper
Tomi Engdahl says:
Chance Miller / 9to5Mac:
Report: European carriers voice opposition to Apple’s Private Relay, as T-Mobile and others begin blocking the VPN-like service in the US and parts of Europe — Earlier today, a report indicated that some European carriers were blocking the Private Relay feature introduced by Apple with iOS 15.
T-Mobile begins blocking iPhone users from enabling iCloud Private Relay in the US [U]
https://9to5mac.com/2022/01/10/t-mobile-block-icloud-private-relay/
Tomi Engdahl says:
Javier Espinoza / Financial Times:
As EU finalizes the Digital Markets Act, Google is making a last-ditch lobbying effort with ads, emails, and social media posts targeted at politicians
https://www.ft.com/content/8c7527bc-7ab4-41cd-ba94-3145208da9c3
Tomi Engdahl says:
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure Alert (AA22-011A) https://www.cisa.gov/uscert/ncas/alerts/aa22-011a
This joint Cybersecurity Advisory (CSA)authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA)is part of our continuing cybersecurity mission to warn organizations of cyber threats and help the cybersecurity community reduce the risk presented by these threats. This CSA provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This overview is intended to help the cybersecurity community reduce the risk presented by these threats.
Tomi Engdahl says:
Offense will win some battles, but cyber defense will win the war
https://www.cyberscoop.com/offense-will-win-some-battles-but-cyber-defense-will-win-the-war/
Policymakers and security researchers are now using combative efforts to “impose cost” on hackers. Sanctions, hacking back, infrastructure disruption, indictments and other offensive activities all have a negative impact on cybercriminals. But to have real, long-term impact on these nefarious activities, organizations and governments need to more actively consider the ways that defense can impose costs too:
Robust, consistent and well-funded cyber defenses cost adversaries time, effort and the likelihood of success. Defense, and investment in mandatory cybersecurity requirements, is how we will solve the fundamental problems at the heart of the ransomware epidemic.
Tomi Engdahl says:
European Space Agency: Come on, hack our satellite if you think you’re hard enough https://www.theregister.com/2022/01/11/ops_sat_hack/
The European Space Agency (ESA) is inviting applications from attackers who fancy having a crack at its OPS-SAT spacecraft. It’s all in the name of ethical hacking, of course. The plan is to improve the resilience and security of space assets by understanding the threats dreamed up by security professionals and members of the public alike.
Tomi Engdahl says:
WordPress Vulnerabilities More Than Doubled in 2021 and 77% of Them Are Exploitable https://www.riskbasedsecurity.com/2022/1/11/wordpress-vulnerabilities-more-than-doubled-in-2021/
10, 359 vulnerabilities were reported to affect third-party WordPress plugins at the end of 2021. Of those, 2, 240 vulnerabilities were disclosed last year, which is a 142% increase compared to 2020.
Tomi Engdahl says:
Deepfakes The Good, The Bad, And The Ugly https://www.forbes.com/sites/bernardmarr/2022/01/11/deepfakes–the-good-the-bad-and-the-ugly/
The algorithms used to create “deepfakes” as artificial intelligence (AI)-generated imitations are known are widely considered by cyber security experts to be a major challenge society will face in coming years.
Tomi Engdahl says:
How the Pentagon enlisted ethical hackers amid the Log4j crisis
https://therecord.media/how-the-pentagon-enlisted-ethical-hackers-amid-the-log4j-crisis/
The Pentagon last month pivoted an ongoing bug bounty program to track down Log4j vulnerabilities on potentially thousands of public-facing military websites, the first time the Defense Department marshaled the ethical hacker community to tackle an emerging digital crisis.
Tomi Engdahl says:
With the ‘Great Resignation’ Comes the ‘Great Exfiltration’
https://www.securityweek.com/great-resignation-comes-great-exfiltration
Research shows the “Great Resignation” phenomenon is accompanied by a “Great Exfiltration” as people leave their jobs and take company data with them
As business has moved to the cloud, so has crime. Cloud apps are now the primary source of malware downloads. In 2020, 46% of malware came from the cloud. This rose to 66% in Q4 2021 (peaking at 73% during the year).
The reason is simple – it is cheap and easy to host malware in cloud apps, and users have an inherent trust in well-known names like Google Drive, Microsoft OneDrive and Box. The criminal simply opens an account, uploads a malicious document to the account, and then uses social engineering and phishing techniques to persuade potential victims to download the document.
In its Cloud and Threat Report, January 2022 (PDF download), Netskope notes that Google Drive has replaced OneDrive as the primary source for malware hosting. There is no apparent reason for this change beyond the cyclical nature of criminal behavior. “We don’t yet know which cloud app will prove most popular in 2022,” Ray Canzanese, Netskope’s threat research director told SecurityWeek, “but we can be almost certain it won’t still be Google Drive.” He noted that the number of cloud apps with malware downloads has increased from 91 to 230.
Tomi Engdahl says:
CISA Steps up Public and Private Sector Collaboration in 2021
https://www.securityweek.com/cisa-steps-public-and-private-sector-collaboration-2021
We just concluded a very eventful year for the cybersecurity industry. Starting with an unprecedented wave of ransomware attacks on critical infrastructure targets, 2021 finished with the infamous Log4j vulnerabilities, which present a severe and ongoing threat to organizations and governments around the world.
In such a transformational year, it was great to see the Cybersecurity and Infrastructure Security Agency (CISA), under the leadership of Jen Easterly, launch several key initiatives to significantly increase government collaboration among federal agencies as well as with the private sector.
The latest example is aimed at reducing the risk of ransomware attacks that have emerged following mass exploitation of the popular open-source logging tool Log4j and its Log4Shell vulnerability. It’s an extremely critical vulnerability with a maximum Common Vulnerability Scoring System (CVSS) severity rating, as millions of servers are potentially vulnerable to the exploit. CISA issued an emergency directive on December 17 requiring federal agencies to immediately patch or mitigate Apache Log4J vulnerabilities by December 23 and urged every organization to follow the federal government’s lead and take action. Then on December 22, CISA, along with the FBI, NSA, and security agencies that comprise the Five Eyes intelligence alliance from countries including Australia, Canada, New Zealand, and the United Kingdom, issued an advisory with concrete guidance to help defenders block Log4Shell attacks.
Tomi Engdahl says:
CISA Unaware of Any Significant Log4j Breaches in U.S.
https://www.securityweek.com/cisa-unaware-any-significant-log4j-breaches-us
CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.
In a briefing with reporters on Monday, CISA’s director, Jen Easterly, and Eric Goldstein, executive assistant director for cybersecurity at CISA, said they are not aware of any significant incident, which is likely due to the quick action taken by many organizations.
On the other hand, the CISA officials warned that malicious actors will likely continue to exploit the Log4j vulnerability known as Log4Shell. In addition, threat actors may have already exploited Log4Shell to gain access to the systems of major organizations, but they may be waiting for the right time to further leverage that access to achieve their goals.
Tomi Engdahl says:
Microsoft Introduces New Security Update Notifications
https://www.securityweek.com/microsoft-introduces-new-security-update-notifications
Microsoft this week announced updated notifications for the Security Update Guide, the page where the tech company informs users of vulnerabilities that affect Microsoft products.
The newly announced changes, Microsoft says, are designed to help receive Security Update Guide notifications easier, allowing users to sign up with any email address and receive alerts in their inbox (previously, only Live IDs were accepted).
Furthermore, the company is making notifications more automated and streamlined, and is also providing customers with the option to manage their settings from the Security Update Guide itself.
Tomi Engdahl says:
CISA Adds 15 Recent and Older Vulnerabilities to ‘Must-Patch’ List
https://www.securityweek.com/cisa-adds-15-recent-and-older-vulnerabilities-must-patch-list
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week added 15 more vulnerabilities to its list of security bugs known to be exploited in malicious attacks.
Initially announced in early November 2021, the list includes more than 300 vulnerabilities that are a frequent attack vector in malicious attacks, and which represent a significant risk to federal organizations.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Tomi Engdahl says:
U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount
https://www.securityweek.com/us-issues-fresh-warning-over-russian-cyber-threats-ukraine-tensions-mount
Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.
The latest advisory comes from CISA, the FBI and the NSA, and it provides TTPs, detection actions, incident response guidance, and mitigations for both IT and OT asset owners.
While the advisory does not seem to provide any new information, it has been described as a “good historical digest especially for those new to the topic” by Robert Lee, CEO and co-founder of industrial cybersecurity firm Dragos.
Alert (AA22-011A)
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
https://www.cisa.gov/uscert/ncas/alerts/aa22-011a
Tomi Engdahl says:
The Nightmare Before Christmas: Looking Back at Log4j Vulnerabilities https://blog.aquasec.com/log4j-vulnerabilities-overview
In this blog, we summarize what has happened, examine the implications of the Log4j vulnerabilities for the future, and outline how organizations can better protect their systems.
Tomi Engdahl says:
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure. These types of cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.
Organizations should be inspecting outgoing connections to cloud computing services for malicious traffic. The campaigns described in this post demonstrate increasing usage of popular cloud platforms for hosting malicious infrastructure.
Tomi Engdahl says:
Kybervitsausten kolme kovaa: Emotet, Trickbot ja Log4j “Todennäköisesti harmia vielä monen vuoden ajan”
https://www.epressi.com/tiedotteet/tietotekniikka/kybervitsausten-kolme-kovaa-emotet-trickbot-ja-log4j-todennakoisesti-harmia-viela-monen-vuoden-ajan.html
Check Point Research kertoo haittaohjelmakatsauksessaan, että Emotet on noussut jo Suomen ja koko maailman toiseksi yleisimmäksi haittaohjelmaksi. Suomessa listaykkösenä on yhä Netwalker, globaalisti Trickbot. Apache Log4j on eniten hyödynnetty haavoittuvuus.
Tomi Engdahl says:
Who is the Network Access Broker Wazawaka?’
https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/
In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by “Wazawaka, ” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene.
Tomi Engdahl says:
Signed kernel drivers Unguarded gateway to Windows’ core
https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/
ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation
Tomi Engdahl says:
SAP-järjestelmät loikkaavat pilveen “kiistattomia etuja myös tietoturvamielessä” [TILAAJILLE]
https://www.tivi.fi/uutiset/tv/99eba20a-b494-4ff7-b7dc-2317e2ffcd28
Pilvi-SAP:n tietoturva vaatii uudenlaista osaamista, mutta monoliittisen järjestelmän siirtäminen julkipilveen tarjoaa myös parempaa tietoturvaa, sanoo TietoEvryn Pete Nieminen.
Tomi Engdahl says:
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals https://www.darkreading.com/vulnerabilities-threats/patch-management-today-a-risk-based-strategy-to-defeat-cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
Tomi Engdahl says:
How to Analyze Malicious Microsoft Office Files
https://www.intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/
In this article, we will explain the different types of Microsoft Office file formats and how attackers abuse these documents to deliver malware. You will also be presented with tools and techniques that can help you better identify and classify malicious Microsoft Office files.
Tomi Engdahl says:
Dutch athletes warned to keep phones and laptops out of China -media
https://www.reuters.com/lifestyle/sports/dutch-athletes-warned-keep-phones-laptops-out-china-media-2022-01-11/
Dutch athletes competing in next month’s Beijing Winter Olympics will need to leave their phones and laptops at home in an unprecedented move to avoid Chinese espionage, Dutch newspaper De Volkskrant reported on Tuesday. The urgent advice to athletes and supporting staff to not bring any personal devices to China was part of a set of measures proposed by the Dutch Olympic Committee (NOCNSF) to deal with any possible interference by Chinese state agents, the paper said citing sources close to the matter.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13023-emotet-nousee-takaisin-kaerkeen
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/01/12/log4j-haavoittuvuudesta-harmia-viela-pitkaan/
Tietoturvayhtiö Check Point Research kertoo uusimmssa katsauksessaan, että Trickbot oli Apache Log4j -haavoittuvuuden rinnalla maailman yleisin haittaohjelmana. Lisäksi Apachen Log4j oli joulukuun eniten hyödynnetty haavoittuvuus ja siitä voi olla harmia vielä pitkään.
Tomi Engdahl says:
QR code scams are on the rise: How not to get duped
Cybercriminals are increasingly using malicious QR codes to trick consumers.
https://www.cnet.com/tech/services-and-software/qr-code-scams-on-the-rise-think-twice-before-you-scan/?ftag=CAD-03-10abf2b
You see QR codes just about everywhere these days. The square barcodes show up everywhere: real estate listings, TV ads and social media posts touting what look like great deals on must-have items.
The pandemic fueled a surge in the use of QR codes. Seeking to cut down on possible transmission, restaurants replaced physical menus available to all customers with online versions accessible on your own personal phone. Scan that little square and you’ll find out what the house special is.
Scammers are creating their own malicious QR codes designed to dupe unwitting consumers into handing over their banking or personal information.
“Anytime new technology comes out, cybercriminals try to find a way to exploit it,”
QR codes — the abbreviation stands for “quick response” — were invented in Japan in the 1990s. They were first used by the automotive industry to manage production but have spread everywhere. Websites and apps have cropped up that let you make your own.
Tomi Engdahl says:
How to control cookies: A real-world experiment
https://www.kaspersky.com/blog/how-to-control-your-cookies/43303/
These days, when you go to almost any website, youll immediately see a banner at the bottom of the screen asking you to accept all cookies.
Typically, users agree, to get rid of the annoying text box without delay. Lots of people dont know if they can decline these mysterious cookies or how to configure them. We decided to conduct an experiment and show you how to control cookies and what happens if you dont bother.
Tomi Engdahl says:
Learn about 4 approaches to comprehensive security that help leaders be fearless
https://www.microsoft.com/security/blog/2022/01/13/learn-about-4-approaches-to-comprehensive-security-that-help-leaders-be-fearless/
The last 18 months have put unprecedented pressure on organizations to speed up their digital transformation as remote and hybrid work continue to become the new normal. Yet even with all the change and uncertainty, having the right security support system in place means your organization can still move forward confidently to turn your vision into reality. Ive seen our customers demonstrate this fearlessness every day, and I love learning from them as we stand together against ongoing threats.
Tomi Engdahl says:
FIN7 Uses Flash Drives to Spread Remote Access Trojan
https://www.recordedfuture.com/fin7-flash-drives-spread-remote-access-trojan/
Recorded Future analysts continue to monitor the activities of the
FIN7 group as they adapt and expand their cybercrime operations.
Gemini has conducted a more in-depth investigation into these types of attack after a Gemini source provided analysts with a file sketch_jul31a.ino, which was linked to FIN7s BadUSB attacks. The file had the extension (.INO), indicating it contained the source code for an Arduino sketch (the Arduino term for a program). BleepingComputer also recently released a public report on FIN7s use of the BadUSB attack method, outlining the activity around this type of attack.
Tomi Engdahl says:
Cryptocurrency scams: What to know and how to protect yourself https://www.welivesecurity.com/2022/01/12/cryptocurrency-scams-what-know-how-protect-yourself/
The world seems to have gone crypto-mad. Digital currencies like bitcoin, Monero, Ethereum and Dogecoin are all over the internet.
Their soaring value promises big wins for investors (before the coins prices plunge, that is). And the fortunes to be made by mining for virtual money have echoes of gold rushes in the 1800s. Or at least, thats what many, including a long list of scammers, will have you believe.
Tomi Engdahl says:
GitLab shifts left to patch high-impact vulnerabilities
https://portswigger.net/daily-swig/gitlab-shifts-left-to-patch-high-impact-vulnerabilities
GitLab has pushed out a significant security release that addresses multiple flaws including an arbitrary file read issue rated as critical and two high-impact vulnerabilities. An update to the popular version control platform released this week tackles a vulnerability involving cross-site scripting (XSS) in Notes, along with a high-impact authentication-related flaw involving a lack of state parameter on GitHub import project OAuth.
Tomi Engdahl says:
Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys https://thehackernews.com/2022/01/researchers-decrypted-qakbot-banking.html
Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new functionality to deliver post-compromise attack platforms such as Cobalt Strike Beacon, with the final objective of loading ransomware on infected machines.
Tomi Engdahl says:
FCC proposes stricter data breach reporting rules https://therecord.media/fcc-proposes-stricter-data-breach-reporting-rules/
Following a series of hacks and data leaks at US telecom companies, the Federal Communications Commission has proposed today a series of changes to its data breach notification requirements. FCC Chairwoman Jessica Rosenworcel, who published the proposed rules earlier today, said that the agency needs to update its existing reporting rules to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers, which often learn of breaches long after they have occurred.
Tomi Engdahl says:
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a coordinated disclosure process. Microsoft has released a fix in the latest security update and the vulnerability is now identified as CVE-2022-21893.
Tomi Engdahl says:
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/
Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021. XorDDoS, Mirai and Mozi are the most prevalent Linux-based malware families observed in 2021, with Mozi registering a significant tenfold increase in the number of in-the-wild samples in 2021 compared to 2020.
Tomi Engdahl says:
https://www.securityweek.com/fcc-chair-proposes-new-policies-carrier-data-breach-reporting
Tomi Engdahl says:
Cyber Insights 2022: Adversarial AI
https://www.securityweek.com/cyber-insights-2022-adversarial-ai
Adversarial AI is a bit like quantum computing – we know it’s coming, and we know it will be dramatic. The difference is that Adversarial AI is already happening and will increase in quantity and quality over the next couple of years.
Adversarial AI – or the use of artificial intelligence and machine learning within offensive cyber activity – comes in two flavors: attacks that use AI and attacks against AI. Both are already in use, albeit so far only embryonic use.
An example of the former could be the use of deepfakes as part of a BEC scam. An example of the latter could be poisoning the data underlying AI decisions so that wrong conclusions are drawn. Neither will be as common as traditional software attacks – but when they occur, the effect will be severe.
“The biggest difference compared to attacks on software is that AI will be responsible for more advanced and expensive decisions just by its nature,” comments Alex Polyakov, CEO and founder of Adversa.AI. “In 2022, attacks on AI will be less common than traditional attacks on software – at least in the short term – but will definitely be responsible for higher losses. Every existing category of vulnerability in AI such as evasion, poisoning and extraction can lead to catastrophic effects. What if a self-driving car could be attacked by an evasion attack and cause death? Or what if financial models could be poisoned with the wrong data?”
Known Threats (Using AI)
Targeted malware
Deepfakes
Generative Adversarial Networks
Expected Threats (Abusing AI)
Cybersecurity disruption
National security disruption
Adversarial AI in 2022
Tomi Engdahl says:
Meshed Cybersecurity Platforms Enable Complex Business Environments
https://www.securityweek.com/meshed-cybersecurity-platforms-enable-complex-business-environments
ybercriminals are exploiting the confusion that results from organizations simply throwing money at their cybersecurity challenges
Cybersecurity deployments have become as complex as the networks they are trying to protect. And that’s not a good thing. The demands of digital acceleration have forced organizations to quickly adopt new technologies and expand their networks. And far too often, security is applied as an afterthought. As a result, according to IBM, enterprises have an average of 45 security products deployed in their networks. And few (if any) of them were designed to operate as a cohesive system, making centralized management and automation nearly impossible.
The resulting vendor sprawl has become a severe challenge for many IT teams. When visibility is fragmented across multiple consoles, detecting and responding to a security event becomes increasingly tricky. That’s because, according to that same report, responding to a cyber incident requires coordination across an average of 19 of those tools. And in addition to a lack of interoperability, organizations must also contend with feature overlap, which can create havoc on the back end when it comes to managing things like configurations.
Tomi Engdahl says:
ZDI Announces Rules and Prizes for Pwn2Own 2022
https://www.securityweek.com/zdi-announces-rules-and-prizes-pwn2own-2022
Tomi Engdahl says:
Rachel Pannett / Washington Post:
Privacy advocates criticize police in the German city of Mainz for using data from the Luca COVID-19 contact tracing app for an investigation into a man’s death
https://www.washingtonpost.com/world/2022/01/13/german-covid-contact-tracing-app-luca/
Tomi Engdahl says:
Android users can now disable 2G to block Stingray attacks
https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/
Tomi Engdahl says:
Experimental password store for Blackpill card utilizing usb serial and spi flash
https://github.com/sjm42/blackpill-usb-pwdstore
Tomi Engdahl says:
The Open Source Software Security Summit: securing the world’s code together
https://github.blog/2022-01-13-open-source-software-security-summit-securing-the-worlds-code-together/
Tomi Engdahl says:
Oikeuslaitosta käytetään verkkohäirinnän välikappaleena – Poliisin ja syyttäjien on laadittava yhteiset pelisäännöt
Poliisi ja syyttäjänvirastot tarvitsevat valtakunnallisen kriteeristön sekä koulutusta kunnianloukkausjuttujen käsittelemiseen. EU-tasolla suunnitellaan lainsäädäntöä, jolla torjuttaisiin oikeuslaitoksen manipulointia.
https://www.maailma.net/uutiset/oikeuslaitosta-kaytetaan-verkkohairinnan-valikappaleena-poliisin-ja-syyttajien-on
Tomi Engdahl says:
New Intel chips won’t play Blu-ray disks due to SGX deprecation
https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/
Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution.
This technical problem arises from the fact that Blu-ray disks require Digital Rights Management (DRM), which needs the presence of SGX to work.
This is a feature that Intel introduced in the Skylake generation back in 2016, enabling PCs to play protected Blu-ray disks for the first time.
As seen in Intel’s current datasheets for the 11th and 12th generation of its Core desktop processors, the SGX is listed as a deprecated technology, so it’s no longer available.
Why did Intel abandon SGX?
As a secure enclave technology, SGX was commonly targeted by security researchers who discovered numerous vulnerabilities and attack methods.
Examples of attacks targeting Intel SGX include:
the Prime+Probe attack discovered in 2017,
a Spectre-like attack disclosed in 2018,
an Enclave attack discovered by researchers in 2019,
a MicroScope replay attack,
the so-called “Plundervolt” injection attack,
a Load Value Injection (LVI), and
the SGAxe attack on the CPU cache resulting in the leak of the enclave’s content.