Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    Huoltovarmuuden tilannekuva: Toimitusajat pidentyvät ja kustannukset nousevat https://www.huoltovarmuuskeskus.fi/a/huoltovarmuuden-tilannekuva-toimitusajat-pidentyvat-ja-kustannukset-nousevat
    Huoltovarmuuden tilannekuvassa risteää nyt monta asiaa. Ukrainan sodalla, koronapandemialla ja Suomessa käynnissä olevilla lakoilla on kaikilla omat vaikutuksensa, jotka näkyvät mm. toimitusajoissa, kustannuksissa ja saatavuudessa.

    Suomessa tieto- ja kyberturvallisuuden varautumisella on pitkät ja toimivat perinteet https://impulssilvm.fi/2022/04/08/suomessa-tieto-ja-kyberturvallisuuden-varautumisella-on-pitkat-ja-toimivat-perinteet/
    Julkisessa keskustelussa voi syntyä epätietoisuutta Suomen kybersuojauksen toimivuudesta ja siksi on syytä tarkentaa, mitä on jo tehty ja mitä ollaan tekemässä.

    Reply
  2. Tomi Engdahl says:

    Cyber insurance risk in 2022
    https://blackkite.com/wp-content/uploads/2022/04/Black_Kite_CyberInsurance_Report_2022.pdf
    In addition to performing research on the emerging threats for underwriters and the cyber insurance. market as a whole, Black Kite Research analyzed the top 99 insurance companies by net premiums in.
    2019 to better understand their cyber posture and the impact of increasing risk levels.. More than half of the largest insurance carriers are 3x more likely to experience a cyber breach than those with top ratings

    Reply
  3. Tomi Engdahl says:

    Accounts Deceivable: Email Scam Costliest Type of Cybercrime
    https://www.securityweek.com/accounts-deceivable-email-scam-costliest-type-cybercrime

    A shopping spree in Beverly Hills, a luxury vacation in Mexico, a bank account that jumped from $299.77 to $1.4 million overnight.

    From the outside, it looked like Moe and Kateryna Abourched had won the lottery.

    But this big payday didn’t come from lucky numbers. Rather, a public school district in Michigan was tricked into wiring its monthly health insurance payment to the bank account of a California nail salon the Abourcheds owned, according to a search warrant application filed by a Secret Service agent in federal court.

    Reply
  4. Tomi Engdahl says:

    Google Updates Target API Level Requirements for Android Apps
    https://www.securityweek.com/google-updates-target-api-level-requirements-android-apps

    Google this week announced updated target level API requirements for Android applications in an attempt to improve the overall security of the ecosystem.

    Per the updated requirements, all applications will have to target “an API level within two years of the latest major Android release” to remain discoverable for new users with devices running newer Android versions.

    Basically, once the change enters into effect, users on the newest Android iterations will not be able to install older applications, which may lack some of the latest protections the mobile platform offers.

    “Users with the latest devices or those who are fully caught up on Android updates expect to realize the full potential of all the privacy and security protections Android has to offer,” Google says.

    Expanding Play’s Target Level API Requirements to Strengthen User Security
    https://android-developers.googleblog.com/2022/04/expanding-plays-target-level-api-requirements-to-strengthen-user-security.html

    Reply
  5. Tomi Engdahl says:

    Windows Autopatch Aims to Make Patch Tuesday ‘Just Another Tuesday’ for Enterprises
    https://www.securityweek.com/windows-autopatch-aims-make-patch-tuesday-just-another-tuesday-enterprises

    Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.

    The new feature ensures that Windows and Office products on enrolled endpoints are automatically updated, at no additional cost, helping admins more easily manage the security updates rolled out on the second Tuesday of every month.

    “The second Tuesday of every month will be ‘just another Tuesday’,” said Microsoft’s Lior Bela.

    Windows Autopatch rolls out updates gradually, to evaluate the deployment and ensure that no issues arise. Thus, all registered devices should be kept updated without disrupting business operations.

    “The development of Autopatch is a response to the evolving nature of technology. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end,” Microsoft notes.

    Reply
  6. Tomi Engdahl says:

    SEC Breach Disclosure Rule Makes CISOs Assess Damage Sooner
    https://www.bankinfosecurity.com/sec-breach-disclosure-rule-makes-cisos-assess-damage-sooner-a-18875
    A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of cyberattacks sooner.. The SEC proposal is being celebrated by some CISOs. Equifax’s Jamil Farshchi calls it “too good to be true” and says on LinkedIn that it will give CISOs “a permanent seat at the table.” Farshchi’s post says the new mandates will make cyber risk and strategy a standard board-level topic and turn enterprise security investment into strategic priority. Farshchi wasn’t immediately available for comment to ISMG.

    Reply
  7. Tomi Engdahl says:

    DOJ’s Sandworm operation raises questions about how far feds can go to disarm botnets https://www.cyberscoop.com/dojs-sandworm-operation-raises-questions-about-how-far-the-feds-can-go-to-disarm-botnets/
    There is some debate in legal circles around how far law enforcement can go when using remote access technology and how appropriate it is to leverage the tool to disrupt cybercrimes as opposed to investigate them, according to Christopher Painter, a former federal prosecutor who prosecuted several high-profile cybercrimes before becoming the top cyber diplomat at the State Department.

    Reply
  8. Tomi Engdahl says:

    OpenSSH now defaults to protecting against quantum computer attacks https://www.zdnet.com/article/openssh-now-defaults-to-protecting-against-quantum-computer-attacks/
    “The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo,”
    the release notes said.

    Reply
  9. Tomi Engdahl says:

    Organizations must be doing something good: Payment fraud activity is declining https://www.helpnetsecurity.com/2022/04/11/payments-fraud-activity/
    Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014.

    Reply
  10. Tomi Engdahl says:

    Lähes joka kymmenes suomalainen identiteettivarkauden kohteena – riskinä rahojen menetys
    https://www.iltalehti.fi/tietoturva/a/a4133b7d-aeae-44d8-8c18-7007f5f7a746
    IROResearchin toteuttaman kyselytutkimuksen mukaan jopa 87 prosenttia suomalaisista on saanut kalasteluviestejä tai kalastelusoittoja.
    Huijausten määrät ovat olleet tutkimuksen mukaan kasvussa, sillä viime vuonna vastaajista vain 40 prosenttia kertoi saaneensa huijausviestin tai -soiton. Prosentti kertoi menettäneensä henkilötietonsa kalastelun yhteydessä.

    Reply
  11. Tomi Engdahl says:

    Double-Your-Crypto Scams Share Crypto Scam Host https://krebsonsecurity.com/2022/04/double-your-crypto-scams-share-crypto-scam-host/
    Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here’s a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.

    Reply
  12. Tomi Engdahl says:

    Fraudsters Steal PS58m in 2021 Via Remote Access Tools https://www.infosecurity-magazine.com/news/fraudster-steal-58m-2021-via/
    Scammers who tricked victims into handing them control of their PCs managed to steal nearly PS58m last year, according to official UK police figures.. Some 20,144 individuals fell victim to such “remote access tool” (RAT) scams in 2021, according to Action Fraud, the country’s national reporting centre for fraud and cybercrime.

    Reply
  13. Tomi Engdahl says:

    The Curious Case of Coulus Coelib
    https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
    The technique we invented to uncover the active exploitation of side and covert channels continues to work. One such side channel comes from an obscure, purportedly-Panamanian company. A look at their code makes for an interesting case study in obfuscation (and provides a few examples of an app feeling far too much at home when collecting user data). Let’s begin with the app WiFi Mouse(remote control PC), which we see transmitting our router’s MAC address to the domain mobile.measurelib.com [...]. Also
    https://www.wsj.com/articles/apps-with-hidden-data-harvesting-software-are-banned-by-google-11649261181

    Reply
  14. Tomi Engdahl says:

    Global Supply Chain Attacks Surge 51% in H2 2021 https://www.infosecurity-magazine.com/news/global-supply-chain-attacks-surge/
    Supply chain attacks on global organizations increased by 51% between July and December 2021, with third-party risk emerging as a key priority, according to new research from the NCC Group.. The UK-based information assurance firm polled 1400 security decision-makers at organizations with over 500 employees in 11 countries to better understand supply chain risk.

    Reply
  15. Tomi Engdahl says:

    Exclusive: Senior EU officials were targeted with Israeli spyware https://www.reuters.com/technology/exclusive-senior-eu-officials-were-targeted-with-israeli-spyware-sources-2022-04-11/
    Senior officials at the European Commission were targeted last year with spy software designed by an Israeli surveillance firm, according to two EU officials and documentation reviewed by Reuters.

    Reply
  16. Tomi Engdahl says:

    Andi Ortiz / The Wrap:
    Last Week Tonight’s John Oliver weighed in on data brokers, showing how easy it was to target members of Congress with ads after obtaining their personal info — John Oliver escalated his typical shenanigans on Sunday night’s episode of “Last Week Tonight,” going from poking fun at politicians to outright blackmailing them.

    John Oliver Threatens to Blackmail Congress by Gathering Their Online Data With ‘Perfectly Legal Bits of F–ery’ (Video)
    https://www.thewrap.com/john-oliver-congress-online-data-breach-video/

    ”If you’re terrified about what I might do with it, you might want to channel that worry into making sure that I can’t do anything,“ Oliver threatened

    John Oliver escalated his typical shenanigans on Sunday night’s episode of “Last Week Tonight,” going from poking fun at politicians to outright blackmailing them.

    The HBO host used his main segment to educate his audience on “data brokers,” and how they obtain people’s information and online preferences to target them. Oliver spoke about how invasive it can be, and how the only time anything has ever been done about it was back in the 1980s, when a member of Congress was targeted.

    When Robert Bork was nominated to the Supreme Court, a reporter was able to obtain Bork’s video rental history from a local store. According to Oliver, Congress “freaked the f–k out” and quickly passed the Video Privacy Protection Act.

    “So it seems when Congress’s own privacy is at risk, they somehow find a way to act,” Oliver said. “And it also seems like they’re not entirely aware just how easy it is for anyone, and I do mean anyone, to get their personal information.”

    At that point, it became clear that Oliver and his team were the “anyone” he was referring to, as they exploited the ease of targeting people online today. As Oliver pointed out, everything he did was technically above board.

    “In researching this story, we realized that there is any number of perfectly legal bits of f–kery that we could engage in,” he explained. “We could, for example, use data brokers to go phishing for members of congress, by creating a demographic group consisting of men, age 45 and up, in a 5-mile radius of the U.S. Capitol, who had previously visited sites regarding or searched for terms including divorce, massage, hair loss and mid-life crisis.”

    Oliver’s team then named that group “Congress and Cabe

    According to Oliver, the first ad that got clicked on was actually the Cruz-related ad. It came from a man “around the Embassy Row area,” who clicked on it from his Android phone. The host then revealed that among the many men in the demographic they created, three clicked on each of the targeted ads respectively, and each man “may have been inside the Capitol building itself.”

    “If you’re thinking, ‘How on Earth is any of this legal?’ I totally agree with you. It shouldn’t be,” Oliver said. “And if you happen to be a legislator who is feeling a little nervous right now about whether your information is in this envelope, and if you’re terrified about what I might do with it, you might want to channel that worry into making sure that I can’t do anything. Anyway, sleep well!”

    Reply
  17. Tomi Engdahl says:

    Greg McArthur / Globe and Mail:
    Filing: Ontario Securities Commission is probing two GlobeNewswire programmers for insider trading on info obtained by allegedly looking at draft press releases — Two Toronto-area programmers for GlobeNewswire, one of the largest wire services in the world, are under investigation as part …

    Newswire employees accused of insider trading
    https://www.theglobeandmail.com/business/article-newswire-employees-accused-of-insider-trading/

    Two Toronto-area programmers for GlobeNewswire, one of the largest wire services in the world, are under investigation as part of an insider-trading probe launched by the Ontario Securities Commission, The Globe and Mail has learned.

    The regulator alleges that two software developers for Intrado Corporation, the U.S.-based telecommunications company that owns GlobeNewswire, regularly texted each other about draft corporate press releases scheduled to be issued, and executed trades on that material, non-public information.

    The allegations are contained in an application filed in court in March by the OSC. The regulator is asking a judge to extend a freezing order on the TD trading accounts of one of the GlobeNewswire programmers, Harpreet Saini.

    GlobeNewswire is one of several wire services contracted to disseminate information on behalf of businesses around the world. Such disclosures are a key condition of operating as a public company in most jurisdictions. The wire service boasts of its worldwide reach, which extends to 92 countries in 35 languages.

    The total proceeds from the alleged insider trading, however, is not clear.

    Reply
  18. Tomi Engdahl says:

    Think Like a Criminal: Knowing Popular Attack Techniques to Stop Bad Actors Faster
    https://www.securityweek.com/think-criminal-knowing-popular-attack-techniques-stop-bad-actors-faster

    Analyzing the attack goals of adversaries is important to be able to better align defenses against the speed of changing attack techniques. By focusing on a handful of techniques, you can effectively shut down malware’s methods of choice for getting in and making itself at home. To achieve this, you need to know which key areas to be focusing on in the coming months.

    Reply
  19. Tomi Engdahl says:

    Accounts Deceivable: Email Scam Costliest Type of Cybercrime
    https://www.securityweek.com/accounts-deceivable-email-scam-costliest-type-cybercrime

    A shopping spree in Beverly Hills, a luxury vacation in Mexico, a bank account that jumped from $299.77 to $1.4 million overnight.

    From the outside, it looked like Moe and Kateryna Abourched had won the lottery.

    But this big payday didn’t come from lucky numbers. Rather, a public school district in Michigan was tricked into wiring its monthly health insurance payment to the bank account of a California nail salon the Abourcheds owned, according to a search warrant application filed by a Secret Service agent in federal court.

    The district — and taxpayers — fell victim to an online scam called Business Email Compromise, or BEC for short, police say. The couple deny any wrongdoing and have not been charged with any crimes.

    BEC scams are a type of crime where criminals hack into email accounts, pretend to be someone they’re not and fool victims into sending money where it doesn’t belong. These crimes get far less attention than the massive ransomware attacks that have triggered a powerful government response, but BEC scams have been by far the costliest type of cybercrime in the U.S. for years, according to the FBI — siphoning untold billions from the economy as authorities struggle to keep up.

    The huge payoffs and low risks associated with BEC scams have attracted criminals worldwide. Some flaunt their ill-gotten riches on social media, posing in pictures next to Ferraris, Bentleys and stacks of cash.

    Reply
  20. Tomi Engdahl says:

    Police under review for blasting Disney songs in alleged attempt to keep videos off social media
    YouTube and other social media sites can remove content with unauthorized copyrighted materials
    https://www.washingtonpost.com/nation/2022/04/12/santa-ana-police-disney-music/

    Seconds after the music appears to abruptly turn off, a Santa Ana city councilman, Johnathan Hernandez, also asked: “What’s going on with the music here?”

    The officer replied it had to do with “copyright infringement” as he pointed toward the man filming the video. Hernandez took that to mean the officer was trying to keep the video off social media.

    Eventually, the officer apologized.

    Santa Ana Chief of Police David Valentin said in a statement that the department is investigating the incident. “My expectation is that all police department employees perform their duties with dignity and respect in the community we are hired to serve,” he said.

    Police in other cities have been recorded playing copyrighted music in an effort to prevent videos of them from hitting YouTube and other social media sites, which can remove content containing unauthorized materials. In June, a sheriff’s deputy in Oakland, Calif., played Taylor Swift’s 2014 single “Blank Space” as activists filmed him in an attempt to keep it from being uploaded to YouTube. Instead, the clip remained online and went viral.

    Reply
  21. Tomi Engdahl says:

    Kybervarusmies uskaltaa venyttää ja rikkoa rajoja, sanoo eliittijoukkoon kuuluva Antti – hänen kaltaisiaan Suomi etsii nyt palvelukseen
    Puolustusvoimat on uudistanut kybervarusmiesten koulutuksen. Nyt eliittijoukkoon haetaan suoraan erikoisjoukkohaussa jo ennen varusmiespalvelukseen astumista.

    Reply
  22. Tomi Engdahl says:

    Kybervarusmies uskaltaa venyttää ja rikkoa rajoja, sanoo eliittijoukkoon kuuluva Antti – hänen kaltaisiaan Suomi etsii nyt palvelukseen
    https://yle.fi/uutiset/3-12394261?origin=rss

    Puolustusvoimat on uudistanut kybervarusmiesten koulutuksen. Nyt eliittijoukkoon haetaan suoraan erikoisjoukkohaussa jo ennen varusmiespalvelukseen astumista.

    Puolustusvoimat on jo vuodesta 2015 lähtien kouluttanut varusmiehiä kyberpuolustuksen erityistehtäviin. Käytännössä se tarkoittaa muun muassa Puolustusvoimien omien tietoverkkojen suojaamista ulkopuolisilta uhilta.

    Hakkerimentaliteetilla varustettu eliittijoukko
    Puolustusvoimien kybervarusmieskoulutus on uudistunut tänä vuonna. Jatkossa tehtävään haetaan jo ennen palveluksen alkua erikoisjoukkohaussa.

    Kyberosaajista voidaan puhua eliittijoukkona, sanoo Johtamisjärjestelmäkoulun johtaja everstiluutnantti Tuomas Arajuuri.

    – Näitä oppisisältöjä ei tule vastaan muissa varusmiestehtävissä, vaan kyse on erittäin rajatusta joukosta.

    Tänä keväänä uudistuneeseen koulutukseen hakijoita oli 130, joista valittiin 30. He jakaantuvat kahteen eri saapumiserään.

    – Olemme todella tyytyväisiä hakija-ainekseen. Meillä on nuorissa kansalaisissa erittäin osaavia kyberasiantuntijoita, Arajuuri sanoo.

    Hakijoilta on edellytetty kokemusta esimerkiksi ohjelmoinnista, käyttöjärjestelmistä tai palvelimien ylläpidosta.

    Eduksi katsotaan, jos hakijalla on “hakkerimentaliteetti”.

    – Tällä haetaan ennakkoluulotonta asennetta kybertoimintaa kohtaan: osaa soveltaa ja olla aktiivinen eri tilanteissa, Arajuuri kertoo.

    Kybervarusmies Antin mielestä on hyvä, että Puolustusvoimat sanoo tämän ääneen jo hakutiedoissa.

    – Ihminen, jolla on hakkerimentaliteetti, uskaltaa venyttää ja rikkoa rajoja tarpeen mukaan, hän tiivistää.

    Ensimmäiset uudistetun koulutuksen kybervarusmiehet astuvat palvelukseen heinäkuussa 2022.

    Heidät koulutetaan tämän vuoden alussa aloittaneessa Johtamisjärjestelmäkoulussa Riihimäellä. Sinne on koottu johtamisjärjestelmän, kyberpuolustuksen ja informaatiopuolustuksen opetus.

    Kyberpuolustus on keskeinen osa maanpuolustusta
    Maailma on muuttunut Antin varusmiespalveluksen aikana.

    Euroopassa soditaan, ja Suomessa käytävän Nato-keskustelun uskotaan lisäävän kyber- ja informaatiovaikuttamista myös meillä.

    – Täytyy sanoa, että tämä on erikoista aikaa olla suorittamassa asepalvelusta.

    Mutta kybervaikuttamista tapahtuu jatkuvasti, oli sotia käynnissä tai ei, hän lisää.

    Antti itse pitää kyberpuolustusta keskeisenä osana maanpuolustusta: päätehtävänä on huolehtia, että edellytykset toimivalle yhteiskunnalle ovat olemassa.

    Kybervarusmiespalvelus on alkusysäys tietoverkoissa tapahtuvalle maanpuolustukselle.

    Kuka suojaa koko yhteiskuntaa informaatiosodassa?
    Puolustusvoimat suojaa ainoastaan omat verkkonsa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus puolestaan valvoo viestintäverkkojen ja -palveluiden toimintavarmuutta.

    Iso kysymys on, kuka suojaa tätä valtakuntaa kyberympäristössä, sanoo eversti evp Martti J. Kari.

    – Niin, ei kukaan tällä hetkellä, Kari vastaa omaan kysymykseensä.

    Kari on pääesikunnan sotilastiedustelun entinen apulaispäällikkö. Nykyään hän opettaa Jyväskylän yliopistossa turvallisuus ja strateginen analyysi -maisteriohjelmassa tiedusteluanalyysiä.

    Kari on pääesikunnan sotilastiedustelun entinen apulaispäällikkö. Nykyään hän opettaa Jyväskylän yliopistossa turvallisuus ja strateginen analyysi -maisteriohjelmassa tiedusteluanalyysiä.

    Karin mielestä ongelma on, ettei informaatioturvallisuutta nähdä Suomessa kokonaisuutena, joka sisältäisi sekä kyberturvallisuuden että informaatiopsykologisen puolen.

    – Teknologinen puoli eli kyber meillä on jollain tavalla pidossa, mutta informaatiopsykologinen puoli on retuperällä.

    Suomessa pitäisi nyt ratkaista, miten yhdistämme informaatioteknologisen ja -psykologisen puolustuksen ja kuka niitä koordinoisi, Kari alleviivaa.

    Esimerkiksi Nato-keskustelussa olisi hänen mukaansa tunnistettava, miten Venäjä pyrkii vaikuttamaan keskusteluun – olisi siis tunnistettava disinformaatio ja mietittävä, miten siihen vastataan.

    – Venäjä hyvin taitavasti yhdistää sekä lavetin, jolla sanomaa liikutetaan, että itse sanoman, Kari sanoo.

    It-osaaminen kannattaa päivittää Puolustusvoimille

    Koska Antin kaltaisia osaajia ei ole liikaa, everstiluutnantti Tuomas Arajuuri toivoo, että myös sellaiset reserviläiset, joille on siviilielämässä kertynyt it-osaamista, päivittäisivät tietojaan aluetoimistoihin.

    – Reserviläisillä saattaa olla jopa huippuammattitaitoa, josta meillä ei ole mitään tietoa. Reserviläisillä on myös vastuu pitää meidät ajan tasalla.

    Molempia osapuolia hyödyttää, että ihminen pääsee kertausharjoituksissa käyttämään itselleen tutumpia taitoja, sen sijaan, että hän olisi tehtävässä, jota on viimeksi tehnyt armeijassa kymmenen vuotta sitten, Arajuuri lisää.

    Reply
  23. Tomi Engdahl says:

    Kybervarusmies uskaltaa venyttää ja rikkoa rajoja, sanoo eliittijoukkoon kuuluva Antti – hänen kaltaisiaan Suomi etsii nyt palvelukseen https://yle.fi/uutiset/3-12394261?origin=rss
    Puolustusvoimat on jo vuodesta 2015 lähtien kouluttanut varusmiehiä kyberpuolustuksen erityistehtäviin. Käytännössä se tarkoittaa muun muassa Puolustusvoimien omien tietoverkkojen suojaamista ulkopuolisilta uhilta.

    Reply
  24. Tomi Engdahl says:

    Apulaistietosuojavaltuutetulta huomautus ulkoministeriölle tietoturvaloukkausilmoitusten määräaikojen noudattamatta jättämisestä https://tietosuoja.fi/-/apulaistietosuojavaltuutetulta-huomautus-ulkoministeriolle-tietoturvaloukkausilmoitusten-maaraaikojen-noudattamatta-jattamisesta
    Lainsäädännössä voidaan rajoittaa tiettyjä tietosuoja-asetuksen mukaisia oikeuksia kansallisen turvallisuuden takaamiseksi. Jotta tietoturvaloukkauksesta ilmoittamista kohteeksi joutuneille henkilöille voidaan lykätä kansallisen turvallisuuden nimissä, on rajoitusmahdollisuudesta säädettävä erikseen laissa.
    Apulaistietosuojavaltuutettu toteaa, ettei ulkoministeriötä koskevassa erityislainsäädännössä ole säädetty rajoituksia ilmoitusvelvollisuuteen rekisteröidylle kansallisen turvallisuuden takaamiseksi.. Asia on saatettu myös ulkoministeriön ja oikeusministeriön tietoon mahdollisten lainsäädännön muutostarpeiden arvioimista varten.

    Reply
  25. Tomi Engdahl says:

    DDoS Attack Trends for 2022 Q1
    https://blog.cloudflare.com/ddos-attack-trends-for-2022-q1/
    The first quarter of 2022 saw a massive spike in application-layer DDoS attacks, but a decrease in the total number of network-layer DDoS attacks. Despite the decrease, we’ve seen volumetric DDoS attacks surge by up to 645% QoQ, and we mitigated a new zero-day reflection attack with an amplification factor of 220 billion percent.. In the last quarter, 2021 Q4, we observed a record-breaking level of reported ransom DDoS attacks (one out of every five customers). This quarter, we’ve witnessed a drop in ransom DDoS attacks with only one out of 10 respondents reporting a ransom DDoS attack; a 28% decrease YoY and 52% decrease QoQ.

    Reply
  26. Tomi Engdahl says:

    Kansallinen huoltovarmuus on myös jokaisen pk-yrityksen asia
    https://www.kauppalehti.fi/uutiset/kansallinen-huoltovarmuus-on-myos-jokaisen-pk-yrityksen-asia/239ddd09-9462-4aaf-b6fa-8bcfdcdc3852
    Suomen Yrittäjien ennen Ukrainan sotaa teettämän ja viime viikolla julkaiseman Yrittäjägallupin mukaan 61 prosenttia yrityksistä kokee esteitä tietoturvan toteutumisessa. Suurimmat syyt liittyvät osaamisvajeeseen sekä tietoturvan kustannuksiin.. On jokseenkin vaikea ymmärtää, miksi samaa osaamattomuuden selitystä tarjotaan vuodesta toiseen. Varsinkin kun samassa Yrittäjägallupissa 58 prosenttia yrityksistä pitää tietoturvasta huolehtimista erittäin tärkeänä.

    Reply
  27. Tomi Engdahl says:

    The State of Stalkerware in 2021
    https://securelist.com/the-state-of-stalkerware-in-2021/106193/
    In 2021, Kaspersky’s data shows that 32,694 unique users were affected by stalkerware globally. This is a decrease from our 2020 numbers and a historic low since we first started gathering data on stalkerware in 2018. While this could be seen as a reason for celebration, it is not.. Cyber-violence is on the rise, especially since the beginning of the pandemic. Based on data obtained from the Kaspersky Security Network, the most affected countries remain Russia, Brazil and the United States. This is in line with statistics from the past two years.. Cerberus and Reptilicus were the most used stalkerware applications, with 5,575 and 4,417 affected users, respectively, globally.

    Reply
  28. Tomi Engdahl says:

    Yli puolet pilvipalveluista sallii heikot salasanat
    https://etn.fi/index.php/13-news/13431-yli-puolet-pilvipalveluista-sallii-heikot-salasanat

    Tietoturvayhtiö Palo Alto Networksin tutkimusyksikkö Unit 42 julkisti kattavan raportin pilvipalveluiden käytöstä ja niiden yleisimmistä heikkouksista. Tulokset ovat hälyttäviä. Analyysin mukaan suurin osa pilvi-identiteeteistä ovat asetuksiltaan aivan liian sallivia ja monet näistä antavat käyttöoikeuden asioihin, joita ei koskaan käytetä.

    IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research
    https://unit42.paloaltonetworks.com/iam-cloud-threat-research/

    The ongoing transition to cloud platforms has meant that more sensitive data is stored in the cloud, making it more tempting for adversaries to exploit. When it comes to securing the cloud, identity is the first line of defense. Without proper identity and access management (IAM) policies in place, an organization can pay for any number of security tools – but comprehensive security will never be possible.

    To understand how IAM policies affect organizations’ cloud security posture, we analyzed 680,000+ identities across 18,000 cloud accounts from 200 different organizations to understand their configuration and usage patterns. The results of our research were shocking.

    Nearly all organizations we analyzed lack the proper IAM management policy controls to remain secure.

    These misconfigured IAM policies open the door for what Unit 42 defines as a new type of threat: Cloud Threat Actors. We define a cloud threat actor as “an individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.”

    Key Findings From Unit 42’s Cloud Threat Report: IAM The First Line of Defense
    Why IAM Is a Target

    Let’s address the “why” first by explaining some of the key statistics we uncovered:

    Password reuse: 44% of organizations allow IAM password reuse.
    Weak passwords (<14 characters): 53% of cloud accounts allow weak password usage.
    Cloud identities are too permissive: 99% of cloud users, roles, services, and resources were granted excessive permissions which were ultimately left unused (we consider permissions excessive when they go unused for 60 days or more).
    Built-in cloud service provider (CSP) policies are not managed properly by users: CSP-managed policies are granted 2.5 times more permissions than customer-managed policies, and most cloud users prefer to use built-in policies. Users are able to reduce the permissions given, but often don’t.

    How Cloud Threat Actors Target Cloud Identities

    Most organizations are unprepared for an attack through the exploitation of weak IAM policies. Adversaries know this as well; they target cloud IAM credentials and are ultimately able to collect these credentials as part of their standard operating procedures. Case in point, they’re leveraging new TTPs unique to cloud platforms that organizations need to be aware of in order to implement a strategy to protect themselves.

    Top 5 Cloud Threat Actors

    TeamTNT: The most well-known and sophisticated credential targeting group.
    WatchDog: Considered to be an opportunistic threat group that targets exposed cloud instances and applications.
    Kinsing: Financially motivated and opportunistic cloud threat actor with heavy potential for cloud credential collection.
    Rocke: Specializes in ransomware and cryptojacking operations within cloud environments.
    8220: Monero mining group, purportedly elevated their mining operations by exploiting Log4j in December 2021.

    Top Advanced Persistent Threats Utilizing and Targeting Cloud Infrastructure

    APT 28 (Fancy Bear).
    APT 29 (Cozy Bear).
    APT 41 (Gadolinium).

    Recommendations

    Proper IAM configuration can block unintended access, provide visibility into cloud activities and reduce the impact when security incidents occur.
    Defense Against Cloud Threats

    In particular, we recommend that organizations defend against threats that target the cloud in the following ways:

    Cloud Native Application Protection Platform (CNAPP) suite integration.
    Harden IAM permissions.
    Increase security automation.

    In our report we provide details on each of these recommendations, including an eight-step best practices guide to hardening IAM permissions.

    Reply
  29. Tomi Engdahl says:

    SystemBC Being Used by Various Attackers https://asec.ahnlab.com/en/33600/ SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious intent, the system can be used as a passage if the infected system utilizes SystemBC, which acts as a Proxy Bot. Because it can also act as a downloader to install additional malware externally, attackers can also use it to install additional payloads.

    Reply
  30. Tomi Engdahl says:

    IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research https://unit42.paloaltonetworks.com/iam-cloud-threat-research/
    To understand how IAM policies affect organizations’ cloud security posture, we analyzed 680,000+ identities across 18,000 cloud accounts from 200 different organizations to understand their configuration and usage patterns. The results of our research were shocking. Nearly all organizations we analyzed lack the proper IAM management policy controls to remain secure.. [Report at https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/unit42_cloud-threat-report-vol6.pdf

    Reply
  31. Tomi Engdahl says:

    Russia’s FSB malign activity: factsheet
    https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet
    Russia is one of the world’s most prolific cyber actors and dedicate significant resource into conducting cyber operations around the globe. The UK government has publicly attributed malign cyber activity to parts of three Russian Intelligence services: the FSB, SVR and GRU, with each having their own remits.

    Reply
  32. Tomi Engdahl says:

    https://www.facebook.com/100001279452047/posts/5196254330427164/

    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, and HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

    Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

    Not every check is a security problem, though most are. Some items are “info only” type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

    .
    .
    .
    .

    #kalilinux #nethunter #mactrack #wifi #wifihacking #wireless #macaddress #tracking #pentesting #ethicalhacker #cybersecurityawareness #hackingtools #metasploit #thinkpad #ethicalhacking #infosec #hackers #hacker #linux #hack #hacked #coders #androiddeveloper #github #datasecurity #cyberattack #itsecurity #lenovo #lenovothinkpad #googlepixel

    Reply
  33. Tomi Engdahl says:

    Haavoittuvuudet Applen koodissa kasvoivat räjähdysmäisesti
    https://etn.fi/index.php/13-news/13432-haavoittuvuudet-applen-koodissa-kasvoivat-raejaehdysmaeisesti

    Entisaikaan oli tapana ajatella, että Windows ja Android ovat virusten jakoalustoja, eivätkä ongelmat kosketa Linuxia tai Applen käyttöjärjestelmiä tai sovelluksia. Tämä ajatus on vanhentunut. Atlas VPN:n mukaan haavoittuvuudet Applen koodissa lisääntyivät moninkertaisiksi viime vuoden jälkimmäisellä puoliskolla.

    Atlas VPN:n havaintojen mukaan Applen tuotteiden haavoittuvuudet kasvoivat 467 prosenttia vuoden 2021 toisella puoliskolla. Lisäksi Googlen ja Microsoftin tuotteet keräsivät eniten haavoittuvuuksia vuoden 2021 toisella puoliskolla. Tiedot perustuvat Telefonica Tech Cybersecurity -raporttiin.

    Googlen kontolle listattiin 511 haavoittuvuutta vuoden 2021 toisella puoliskolla. Huolimatta lievästä laskusta ensimmäisestä puoliskosta Google on edelleen listan kärjessä. Googlen tuotteita, kuten Android-käyttöjärjestelmää ja Chrome-selainta, käyttävät miljardit ihmiset ympäri maailmaa. Kyberrikolliset käyttävät hyväkseen tällaisten tuotteiden haavoittuvuuksia, jotta se vaikuttaisi useampaan käyttäjään.

    Microsoftin tuotteista löytyi toiseksi eniten haavoittuvuuksia, kaikkiaan 428. Suurin osa haavoittuvuuksista löytyy Windows-käyttöjärjestelmän versioista, Office-työkaluista ja Microsoft Edge -selaimesta. Lisäksi hakkerit käyttivät Microsoft Exchange Serverin hyväksikäyttöjä suorittaakseen kiristysohjelmahyökkäyksiä Yhdysvaltain yrityksiä vastaan ​​vuoden alussa.

    Reply
  34. Tomi Engdahl says:

    Apple products’ vulnerabilities surge by over 450%
    https://atlasvpn.com/blog/apple-products-vulnerabilities-surge-by-over-450

    To maximize their financial opportunities, cybercriminals are continuously striving to exploit vulnerabilities that affect as many individuals as possible. Consumers who fail to install the most recent software update may become ideal targets for hackers.

    According to the findings by the Atlas VPN team, Apple product’s vulnerabilities surged by 467% in 2021 H2. Furthermore, Google and Microsoft products accumulated the most vulnerabilities in the second half of 2021.

    Reply
  35. Tomi Engdahl says:

    Google Bans Apps With Hidden Data-Harvesting Software
    https://www.wsj.com/articles/apps-with-hidden-data-harvesting-software-are-banned-by-google-11649261181

    Code placed in consumer-facing apps is tied to U.S. national-security contractors, documents show

    Despite new initiatives from Google and Facebook, messing with privacy controls is like playing a carnival game. Knock out one way for advertisers to track you, and they quickly find another way to do it.

    Google has yanked dozens of apps from its Google Play store after determining that they include a software element that surreptitiously harvests data.

    The Panamanian company that wrote the code, Measurement Systems S. de R.L., is linked through corporate records and web registrations to a Virginia defense contractor that does cyberintelligence, network-defense and intelligence-intercept work for U.S. national-security agencies.

    Reply
  36. Tomi Engdahl says:

    Ransomware Claims Trending Downward, Insurance Firm Says
    https://www.securityweek.com/ransomware-claims-trending-downward-insurance-firm-says

    “Ransomware attacks are down from recent peaks, as costs and frequency of claims trend downward,” is the headline introduction to a new Risk Insights Index. This would appear to be welcome news to an embattled industry.

    The claim is made by the Corvus cyber insurance firm based on a rather dramatic reduction in ransomware insurance claims in the last quarter of 2021. “Based on Corvus’s claims data, after all of the dire headlines throughout 2021 the end of the year presented signs of improvement: In Q4, the rate of ransomware claims reached just half of the peak seen in Q1 2021 — decreasing from 0.6% to 0.3%.”

    The idea that this is a downward ‘trend’ is given further weight by an early look at results from Q1, 2022. Corvus observed a 30% reduction in ransomware claims frequency from Q4 2021 to Q1 2022 (through March 15), highlighting the fractured ransomware threat ecosystem during a time of war. The full effect of the Russia/Ukraine war on the ransomware ecosystem, however, will only be understood through the lens of history in the future.

    Reply
  37. Tomi Engdahl says:

    DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
    https://www.cyberscoop.com/undersea-cable-operator-hacked-hawaii/

    Federal agents in Honolulu last week “disrupted” an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region, the agency said in a statement Tuesday.

    Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts that led to the disruption of a “significant breach involving a private company’s servers associated with an undersea cable.” The investigation revealed that “an international hacking group” was behind the attack, and “HSI agents and international law enforcement partners in several countries were able to make an arrest.”

    The statement did not identify the type of cyberattack alleged to have occurred, the hacking group responsible, the other law enforcement agencies or where any arrests took place. No damage or disruption occurred, and there is no immediate threat, the statement said.

    As much as 95% of intercontinental internet data flows via hundreds of “submarine” internet cables, according to the National Oceanic and Atmospheric Administration. The cables are owned and operated by combinations of private and state-owned entities, and are facing increasing risks to their security and resilience, according to an Atlantic Council report published in September 2021.

    That report’s author, Justin Sherman, outlines concerns such as authoritarian governments’ desire to control internet access, in part, by manipulating physical infrastructure such as the submarine lines. The lines are also attractive targets for surreptitious monitoring by government or criminal groups looking to steal sensitive data.

    But another threat, Sherman wrote in a blog post summarizing his report, is that more cable operators are using remote management systems for cable networks. “Many of these systems have poor security, which exposes cables to new levels of cybersecurity risk,” he wrote. “Hackers could break into these internet-connected systems from anywhere in the world and physically manipulate cable signals, causing them to drop off entirely — undermining the flow of internet data to specific parts of the world.”

    Sherman added that the ever-present ransomware threat is acute with respect to these lines: “One can even imagine a threat actor (state or non-state) hacking into a cable management system and trying to hold the infrastructure hostage.”

    Reply
  38. Tomi Engdahl says:

    Linux Systems Are Becoming Bigger Targets
    https://www.darkreading.com/vulnerabilities-threats/linux-systems-are-becoming-bigger-targets
    To prevent Linux exploits, organizations should establish an integrated security approach that extends to the network edge.
    When it comes to security, there are some low-lying threats that can cause big problems. One important example is malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. And, as the Linux footprint continues to expand, so, too, will attacks against it.
    Researchers from FortiGuard Labs noted a doubling in the occurrence of ELF and other Linux malware detections during 2021 and a quadrupling of the rate of new Linux malware signatures from the first quarter of last year to the fourth quarter. That’s not exactly a meteoric rise, but it’s not something to ignore, either.
    The Growing Threat to Linux
    This kind of growth and spread in variants suggests that Linux malware is gaining prominence in cyber adversaries’ arsenal. The most common ELF variant is tied to Muhstik, malware that turns infected machines into bots and is known to exploit vulnerabilities for propagation. One notable Muhstik exploit involved Atlassian Confluence, a popular Web-based corporate team workspace. FortiGuard Labs researchers noted multiple malicious actors targeting this vulnerability, with the goal of downloading a malicious payload that would install a backdoor or miner in a user’s network.

    Reply
  39. Tomi Engdahl says:

    Creating a Security Culture Where People Can Admit Mistakes
    https://www.darkreading.com/remote-workforce/creating-a-security-culture-where-people-can-admit-mistakes

    In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.

    Andy Ellis, advisory CISO for Orca Security and a longtime Akamai veteran, likes to tell a story about a potentially serious security incident. One of his team members was testing the email integration of a new incident tracking system. Unfortunately, the test email, titled “[TEST] Meteor strike destroys the headquarters,” went to everyone in the company and created a loop that crashed the mail servers.

    As Ellis recounts, “The next day the responsible employee tweeted a picture of themselves training for a 5K run, and I replied, ‘Preparing to outrun the meteor?’”

    The serious lesson from that is to acknowledge but forgive errors. “He’s said, many times, that he knew at that moment it was going to be OK,” Ellis says. “Creating a safe culture requires a lot of practices, and one of them is closure. Humor is a great way to provide closure because you rarely laugh about something that is still creating tension.”

    There isn’t a lot to laugh about in cybersecurity, with security teams fighting off a growing number of cyberattacks and deploying protective measures for a fast-evolving environment. But security shouldn’t be about browbeating people into doing the right thing or scaring them with the prospect of punishment. For security to be a team sport, you need to make people want to play.

    It’s vitally important to your business to create a security culture — that is, an atmosphere in which someone who messes up and breaks something feels they can report it without getting blasted for their actions. This idea isn’t new, but considering recent analysis about how some companies aren’t backing up their source code, sometimes stories need to be repeated. Here’s how to build an organization that encourages people to admit their mistakes.

    According to user experience shop Nielsen Norman Group, there are two types of errors: slips and mistakes. A slip is like a typo, where the error occurs because of user inattention. This is what happens when, for example, a person types the wrong command into a shell script and deletes instead of reads a file. Some level of slips are unavoidable, but you can reduce them by addressing interface issues: making it easier to generate and manage secure passwords or setting the OK button further away from the reset button, for example.

    Mistakes are what happen when the user misunderstands the goal and how to accomplish it — you might go through the correct steps, but you won’t reach your goal because you’re on the wrong path. A classic, and particularly high-stakes, example is a medical error, where someone gives a patient the wrong medication because the labels are too similar or the vial is stored in the wrong spot. This is usually what people mean when they say “user error.”

    But we can look at this type of error as a design error, rather than a user error, and start to learn how to head them off.

    “Practice saying that ‘human error is a symptom of a system in need of redesign,’ which I learned from [MIT professor] Nancy Leveson,” says Ellis. “Once you accept the truth of the statement, you can start to see deeper problems and really start to learn from incidents. An employee got phished? You can realize that the broken system is how dangerous email clients, browsers, and network authentication are.”

    What Is Security Culture?

    The idea that human error is the symptom, not the disease, is prominent in Leveson’s work. She’s a professor of aeronautics and astronautics, where small mistakes can cost millions of dollars — and human lives. Her work as director of the MIT Partnership for Systems Approaches to Safety and Security ripples outside of aeronautics and into less physical fields like cybersecurity, as Ellis’ remarks show.

    “For far too long, cybersecurity has been perceived as purely a technical challenge. Organizations and leaders are now realizing that we also have to address the human side of cybersecurity management,” says Lance Spitzner, director of research and community at SANS, in the introduction to his course “Leading Cybersecurity Change: Building a Security-Based Culture.”

    Dr. Jessica Barker, co-CEO of Cygenta and author of the book “Confident Cyber Security,” cites Sidney Dekker’s work on “just culture” as foundational to tech’s implementation of human-focused security. Within cybersecurity, for example, just culture might involve putting strong identity and access management (IAM) and multifactor authentication (MFA) in place rather than dinging workers for compromised passwords or authentication failures.

    “When a culture is retributive, there is a focus on individuals seeking to place blame and administer punishment. People often become a scapegoat for systemic problems,” says Barker. “A restorative just culture, on the other hand, looks at the deeper conditions that facilitated the incident and is more forward-looking while still holding people to account as appropriate.

    “A restorative just culture recognizes that emphasizing individual blame and punishment does not reduce the likelihood of incidents, it simply reduces the likelihood of people reporting incidents and therefore undermines opportunities to identify systemic issues and learn from them.”

    How to Start Building a Security Culture

    To borrow from the life-or-death medical world, the University of Utah’s School of Health shares three principles for building a safety culture:

    Stuff happens. Acknowledge and report errors — we all make mistakes.
    No-blame. Support a no-blame culture by speaking up and encouraging others to raise concerns.
    Continuously improve. Commit to process-driven learning and prevention.

    Brian Wrozek, CISO at Optiv Security, says the greatest roadblock to building a security culture is “time and effort.”

    “Organizations that are serious about it make building that culture a priority. It doesn’t happen by accident,” he adds. “Far too often security and IT professionals assume employees know better or that they’ll know how to act on or report suspicious behavior. It’s important to clearly state why certain procedures are in place, in addition to the how to follow them.”

    Training in security practices is a vital part of building a security culture, according to Wrozek.

    “Awareness and training sessions need to happen often,” he says. “Organizations can institutionalize a healthier security culture by conducting tabletop exercises to ensure employees receive hands-on practice in responding to different scenarios.”

    Security Culture in Action

    Optiv Security’s Wrozek shares his own positive experience with security culture early in his career. He was screening people at a shareholders meeting, checking to make sure they had the card that granted them permission to enter. But one member of corporate leadership approached without their card.

    “I was torn. Do I ask them for their card and risk getting fired … or do I just let them in assuming they’re allowed?” Wrozek says. “Well, I politely asked the person for their card and was pleasantly surprised when the person said, ‘I don’t have it because I left it on my desk. You’re right, though. I’ll go back and get it. Good work.’ When leadership follows the rules in view of others and praises those for following proper procedures even when it might be uncomfortable, it sends a powerful message to the rest of the company.”

    That resonates with me. Back in 1996, I accidentally deleted the splash page for The Site, the website for the MSNBC television show of the same name. Visiting the main site URL would produce a 404 error. I had a Unix server at home, so I was just playing around at my new job and exploring the folder system — and I hit the wrong key. I jumped up and ran to the webmaster, who restored it in moments from a backup. Somehow she didn’t panic, and I never heard any blowback about the incident. It was a case study both in things done right (good backups, good working atmosphere) and wrong (overly permissive role permissions, me being a dope).

    “Security teams and security businesses frequently operate by appealing to fear, uncertainty, and doubt (FUD). This creates alarm, fosters distrust, and ultimately undermines the goal of empowering people,”

    Stuff Happens: Reporting

    One of the most important functions for a security culture to implement is a system for people to report incidents. According to the National Societies of Sciences, Engineering, and Medicine, there are two types of reporting systems: mandatory and voluntary.

    “How a company reacts to someone reporting an issue or incident is really telling: If there is an emphasis on punishment over identifying and addressing the root causes, then other people won’t feel safe reporting issues in future,” Cygenta’s Barker warns. “But if people are treated with fairness and compassion when they report an incident, this helps build a culture of trust and psychological safety in which individuals are going to feel more comfortable speaking up.”

    Optiv Security’s Wrozek shares his list of elements for a good reporting system:

    Documented and transparent: “It’s important to have documented and transparent processes on how internal investigations and incident responses are handled. These are potentially serious events, and it’s good to know they will be handled professionally and in a fair, repeatable manner.”
    Widely based: “Include others in the process [security, HR, legal, ethics] to offer different perspectives and avoid any appearance of randomness, favoritism, or retaliation when determining consequences.”
    Confidential: “Be sure to protect the confidentiality of the person.”
    Timely: “Share internal use cases and success stories highlighting how the reporting prevented the damage from being worse.”
    Convenient: “Lastly, make it easy to report incidents and offer multiple avenues [email, voice, anonymous].”

    “We address reporting quite a bit in Mimecast’s awareness training modules. The sooner security professionals become aware of a potential problem, the sooner they can start mitigating it,”

    No Blame: Encourage Communication

    Cygenta’s Barker cites a client who encouraged reporting of even serious mistakes by switching how they reacted to participants’ errors in a phishing exercise.

    “Instead of issuing people warnings for clicking simulated phishes, they now reward and celebrate those who report the most and who report the quickest,” she says. “By focusing on positive reinforcement of the desired behavior, this organization has seen a huge rise in their report rate.”

    “A key element of a safety culture is thanking people who do report their own ‘errors’ and not saddling them with more work,” he says. “Many organizations respond to these moments, unfortunately, by adding onerous processes that don’t increase safety but do increase effort. These are often viewed as punitive measures, which make your people less likely to identify and report problems.”

    Organizations should instead take the opposite approach, he advises.

    “Leaders need to vocally and visibly refuse to punish people for mistakes, thank them for identifying problems in the system, and seek to understand the complex hazards that lead to safety and incidents, avoiding simple ‘blame the user’ analysis,” Ellis says.

    Continuously Improve: Learn From Mistakes

    Incorporating learnings from error reporting is vital, says Optiv Security’s Wrozek.

    “Everyone makes mistakes, but a company never wants to compound it by trying to cover it up,” he says. “By reporting it quickly, you give security and IT and, depending on the incident, legal an opportunity to minimize the impact. In some cases, it may be a reportable event [industry regulation or law], and failing to take timely action or report it makes the situation worse for the entire company.”

    Cygenta’s Barker notes that trust is built when employees see that a company identifies and addresses the root cause of an error.

    “The person involved recognized that they had made a mistake and learned from it, but most importantly the organization learned from it,” she says. “A broken process was identified and fixed, and people also learned that they can and should report incidents without fear. “It is vital that this is led from the top, from those who are most influential and those who direct the priorities of an organization. The behavior modeled by leadership is the behavior that others in an organization will follow.”

    Reply
  40. Tomi Engdahl says:

    Cyber news sources from
    https://www.facebook.com/groups/shahidzafar/permalink/5304186596267091/

    What are some good and not well known/under-rated cyber blogs you follow?

    The Register and Bleeping Computer are good for general security news on a day to day basis.

    Malwaretips is a good one.

    Simply Cyber YouTube mon-fri latest daily threat analysis.

    Citizen lab report
    Hackread
    Hacker news
    Vice
    Intercept
    There is alot

    Darknet diaries

    https://cybernews.com/

    https://thehackernews.com/?m=1

    https://secfraudops.substack.com/

    https://www.cyberweaponslab.com

    http://news.thinking-forensics.co.uk/

    Darkreading.com

    Reply
  41. Tomi Engdahl says:

    Five Security “Must Haves” and the World Economic Forum
    March 28, 2022
    Secure Thingz’s CEO, Haydn Povey, talks about the World Economic Forum’s Council on the Connected World announcement.
    https://www.electronicdesign.com/technologies/embedded-revolution/video/21236230/electronic-design-iar-security?utm_source=EG+ED+Auto+Electronics&utm_medium=email&utm_campaign=CPS220405124&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    The World Economic Council on the Connected World recently announced a joint statement of support on consumer IoT device security. It included a list of five security “must haves” as a minimum requirement for consumer-facing IoT devices:

    Must not have universal default passwords.
    Must keep software updated.
    Must have secure communication.
    Must ensure that personal data is secure.
    Must implement a vulnerability disclosure policy.

    The first four are ones that most developers would take for granted, but whether it’s part of a corporate policy is another matter. Getting companies to pay attention to security concerns tends to be an ongoing struggle. Still, pronouncements like this can help elevate those efforts. The ETSI standard 303-645, announced in 2020, also is part of the discussion.

    Reply
  42. Tomi Engdahl says:

    Singapore begins licensing cybersecurity vendors
    https://www.zdnet.com/article/singapore-begins-licensing-cybersecurity-vendors/

    Vendors providing penetration testing as well as managed SOC monitoring services have up to six months until October to apply for a licence from Singapore’s Cyber Security Authority, or cease the provision of such services.

    Reply
  43. Tomi Engdahl says:

    Singapore to license pentesters and managed infosec operators
    Outfits that can rummage around inside customer systems need to prove they’re up to the job – and accountable
    https://www.theregister.com/2022/04/12/singapore_infosec_licensing/

    Reply
  44. Tomi Engdahl says:

    Luulitko, ettei tietomurto voi iskeä omaan yritykseen?
    https://www.yrittajat.fi/uutiset/luulitko-ettei-tietomurto-voi-iskea-omaan-yritykseen-tietoturvaguru-tunnistaa-ilmion-kiinasta-kasin-ei-voi/

    Tietoturvaguru tunnistaa ilmiön: ”Kiinasta käsin ei voi murtautua varastoon mutta laskutusjärjestelmään voi”
    Yli 10 henkilön yrityksistä ja teollisuusyrityksistä joka viides kertoo joutuneensa tietomurron tai sen yrityksen kohteeksi.

    Reply
  45. Tomi Engdahl says:

    Terrible cloud security is leaving the door open for hackers. Here’s what you’re doing wrong
    A rise in hybrid work and a shift to cloud platforms has changed how businesses operate – but it’s also leaving them vulnerable to cyberattacks.
    https://www.zdnet.com/article/terrible-cloud-security-is-leaving-the-door-open-for-hackers-heres-what-youre-doing-wrong/

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*