Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Threat Assessment: BlackByte Ransomware
https://unit42.paloaltonetworks.com/blackbyte-ransomware/
BlackByte is ransomware as a service (RaaS) that first emerged in July 2021. Operators have exploited ProxyShell vulnerabilities to gain a foothold in the victim’s environment. BlackByte has similarities to other ransomware variants such as Lockbit 2.0 that avoid systems that use Russian and a number of Eastern European languages, including many written with Cyrillic alphabets.
Tomi Engdahl says:
What Is a Smurf Attack?
https://www.pandasecurity.com/en/mediacenter/malware/smurf-attack/
A Smurf attack is a distributed denial-of-service (DDoS) attack in which an attacker floods a victims server with spoofed Internet Protocol (IP) and Internet Control Message Protocol (ICMP) packets. As a result, the targets system is rendered inoperable.
Tomi Engdahl says:
Disaster Recovery Plan Template: 8 Key Steps for Businesses https://securityintelligence.com/articles/disaster-recovery-plan-template-eight-critical-elements/
The recent pandemic has shown that disruptions in daily business can happen quickly and without warning. Whether as a result of a pandemic, natural disaster or network disruptions due to cybersecurity incidents, you need to ensure that your business can keep running through operational difficulties. One way to help your business keep going is by developing a disaster recovery plan.
Tomi Engdahl says:
Russian hackers are seeking alternative money-laundering options https://www.bleepingcomputer.com/news/security/russian-hackers-are-seeking-alternative-money-laundering-options/
The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets.. see also https://www.flashpoint-intel.com/blog/russias-ukraine-war-is-complicating-cybercriminal-money-laundering/
Tomi Engdahl says:
Building the CASE for the Vehicle Security Operations Center https://securityintelligence.com/posts/case-vehicle-security-operations-center/
Tomi Engdahl says:
Rikolliset tehtailevat väärennettyjä somepalveluita huijaussivuilla kalastellaan tietoja https://www.kauppalehti.fi/uutiset/rikolliset-tehtailevat-vaarennettyja-somepalveluita-huijaussivuilla-kalastellaan-tietoja/fed0a494-5f96-4edf-80a6-7e7a60e5715c
LinkedIn ja WhatsApp ovat brändiväärennöksiä hyödyntävien kyberroistojen suosiossa.
Tomi Engdahl says:
Analyzing a Phishing Word Document
https://isc.sans.edu/diary/rss/28562
Tomi Engdahl says:
RF Exploitation: IoT and OT Hacking with Software-Defined Radio
https://m.youtube.com/watch?v=88RfClJvPRQ&feature=youtu.be
Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. SDR is changing the game for both offense and defense.Learning Objectives:1: Become familiar with common security concerns and attack surfaces in a wireless communication system.2: Understand the ease and prevalence of wireless exploitation, with sophisticated examples.3: Learn to view IoT devices, security and privacy collectively
Tomi Engdahl says:
https://www.facebook.com/groups/shahidzafar/permalink/5329622177056866/
Jok3r is a Python3 CLI application that is aimed at helping penetration testers for network infrastructure and web black-box security tests.
The goal is to save as much time as possible during network/web pentests by automating as many security tests as possible to quickly identify low-hanging fruits vulnerabilities, and then spend more time on more interesting and tricky stuff!
It is based upon the observation that there are many hacking open-source tools/scripts (from various sources) targeting common network services available out there, that allow performing various tasks from fingerprinting to exploitation. Therefore, the idea of Jok3r is to combine those open-source tools in a smart way to get more relevant results.
Disclaimer: This tool should be used for educational purposes only, we will not be responsible for your illegal activities
#kalilinux #nethunter #mactrack #wifi #jok3r #wireless #macaddress #tracking #pentesting #ethicalhacker #cybersecurityawareness #hackingtools #metasploit #termuxhacking #ethicalhacking #infosec #hackers #hacker #linux #hack #hacked #coders #androiddeveloper #github #datasecurity #cyberattack #itsecurity #termux #blackhat #anonymous
https://www.jok3r-framework.com/
Tomi Engdahl says:
THE INTERSECTION OF CLOUD AND RANSOMWARE CALLS FOR PUBLIC SECTOR TO REMAIN MORE DILIGENT
https://www.analyticsinsight.net/the-intersection-of-cloud-and-ransomware-calls-for-public-sector-to-remain-more-diligent/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/technology/animated-qr-codes-how-do-they-work-and-how-to-create-your-own/
Tomi Engdahl says:
It’s Pretty Easy to Hack the Program That Runs Our Power Grids, It Turns Out
Getting inside a program that runs most of the world’s industrial control systems? The easiest thing you’ll do all weekend, two white hat hackers said.
https://gizmodo.com/hackers-breach-power-grid-opc-ua-pwn2own-2022-1848825967
Tomi Engdahl says:
Ukraine War Prompts Europe’s New Emergency Rules for the Internet https://www.wired.com/story/europe-digital-services-act/
The Digital Services Act has granted the European Commission unprecedented power over tech companies in times of war.
Tomi Engdahl says:
Malware analysis report on SparrowDoor malware https://www.ncsc.gov.uk/report/mar-sparrowdoor
Tomi Engdahl says:
DDoS attacks in Q1 2022
https://securelist.com/ddos-attacks-in-q1-2022/106358/
Tomi Engdahl says:
VMware’s Head of Cybersecurity Strategy Discusses Modern Bank Heists
https://www.securityweek.com/vmwares-head-cybersecurity-strategy-discusses-modern-bank-heists
The financial sector is in the crosshairs of criminal cartels and nation-state actors. Criminals seek a lucrative market, and nation-states treat profit as a form of sanctions-busting.
With the high volume of Russian-speaking gangs and the current sanctions against the Russian state, this makes Russia a major threat to financial institutions – albeit not the only one.
Modern Bank Heists 5.0 (PDF) is the fifth iteration of an annual report on security in the finance sector written by Tom Kellermann, head of cybersecurity strategy at VMware. Kellermann has a keen interest in the subject since writing the first book on finance and security, Electronic Safety and Soundness, Securing Finance in a New Age, back in 2005. This report focuses on the current opinions and experience of the industry’s top CISOs and security leaders.
There are six primary takeaways from the respondents to the report: increasing destructive attacks (up 14 points to 63%); attacks targeting market strategies (66%); a high level of ransomware attacks (74% – 63% of which were paid); concern over the security of cryptocurrency exchanges (83%); a large increase in island hopping attacks (60%, up from 2% last year): and a planned 20% to 30% increase in security spending.
Explaining the takeaways
Tom Kellermann, VMWareThe reason that financial institutions are under constant attack is simple: that’s where the money is today. The attackers comprise advanced criminal gangs (often part of a larger cartel) and nation states. The nation state attackers are particularly North Korean or Russian, where the proceeds are used to offset sanctions. “According to the World Economic Forum” Kellermann told SecurityWeek, “the proceeds associated with the dark web are more than $1 trillion per year – and I would estimate that more than 50% of that goes right back into the Russian economy.”
Modern Bank Heists 5.0
The escalation: From heist to hijack,
from dwell to destruction
https://www.vmware.com/content/dam/learn/en/pdf/carbonblack/Modern%20Bank%20Heists%205.0%20Report.pdf
Tomi Engdahl says:
Motorola Launches Cyber Threat Information Sharing Hub for Public Safety
https://www.securityweek.com/motorola-launches-cyber-threat-information-sharing-hub-public-safety
Motorola Solutions announced this week the creation of the Public Safety Threat Alliance, a cyber threat intelligence sharing hub for the public safety community.
Motorola described the Public Safety Threat Alliance (PSTA) as an information sharing and analysis organization (ISAO) and noted that it’s recognized by the US Cybersecurity and Infrastructure Security Agency (CISA), which serves as its National Coordinator for Critical Infrastructure Security and Resilience.
The PSTA is open to all public safety agencies. Its role is to help members share and analyze information from multiple sources with the goal of improving the cybersecurity posture of public safety organizations. It aims to help agencies improve their defenses and resilience.
Information is collected from various sources, including law enforcement, EMS, mobile communications systems, commercial security products, and ISAO partners. The information is used to create actionable intelligence, including reports, APIs, threat lists, dark web intel, SOC intel, and MDR data.
Public Safety Threat Alliance
https://www.motorolasolutions.com/en_us/public-safety-threat-alliance.html
Recognized by the Cybersecurity and Infrastructure Security Agency (CISA)
Motorola Solutions has established a cyber threat Information Sharing and Analysis Organization (ISAO) to provide public safety agencies the capabilities they need to defend against attacks.
The Public Safety Threat Alliance (PSTA) serves as a cyber threat intelligence sharing, collaboration and information hub for the evolving cyber security challenges faced by the global public safety community. The PSTA strives to improve the cyber security posture, defense and resilience of our members.
Tomi Engdahl says:
EU asetti somejäteille tiukat säännöt
https://etn.fi/index.php/13-news/13474-eu-asetti-somejaeteille-tiukat-saeaennoet
Parlamentin ja neuvoston tiimit pääsivät lauantaina alustavasti sopuun digipalvelusäädöksestä (Digital Services Act, DSA). Yhdessä digimarkkinasäädöksen kanssa (Digital Markets Act, DMA) kanssa DSA asettaa pelisäännöt, joilla käyttäjät saavat turvallisemman ja avoimemman digitaaliympäristön, ja yrityksille taataan reilu kilpailutilanne.
DSA:n tärkein osa koskee esimerkiksi somealustojen ja verkon markkinapaikkojen uusia sääntöjä. Uusien sääntöjen mukaan niiden on suojeltava käyttäjiään laittomilta sisällöiltä, tavaroilta ja palveluilta. Jatkossa esimerkiksi alustojen algoritmit ovat avoimia: Euroopan komissio ja jäsenmaat saavat pyynnöstä tietoa erittäin suurten verkkoalustojen algoritmeista.
Jatkossa alustojen on poistettava laiton sisältö verkosta nopeasti. Käyttäjät voivat tehdä ilmoituksia niistä uudella menettelyllä, ja alustojen on reagoitava näihin nopeasti. Verkossa täytyy myös suojata kansalaisten perusoikeuksia, joten ilmoitukset käsitellään ilman syrjintää tai mielivaltaisuutta ja niin, että perusoikeudet kuten ilmaisunvapaus ja tietosuoja toteutuvat.
Myös verkkomainonta muuttuu. Jatkossa käyttäjät voivat paremmin päättää, miten heidän henkilökohtaisia tietojaan käytetään. Mainosten kohdentaminen arkaluontoisten tietojen (seksuaalisuus, uskonto, etninen tausta) perusteella kielletään kokonaan. Kohdennettua mainonta on kokonaan kielletty, jos alusta on lasten käytettävissä.
Tomi Engdahl says:
Eurooppa tiukentaa otetta nettialustoista
https://www.uusiteknologia.fi/2022/04/26/eurooppa-tiukentaa-otetta-nettialustoista/
Euroopan unioni ottaa tiukempaa otetta pääosin amerikkalaisista some- ja nettijäteistä uuden asteuksen kautta. Uusien säädösten kautta halutaan valvoa tarkemmin digitaalisilla alustoilla tapahtuvaa toimintaa ja markkinointia.
Viime viikon perjantain ja lauantain välisenä yönä Euroopan parlamentti ja neuvosto saivat päätökseen neuvottelut digipalvelusäädöksestä (Digital Services Act). Tuleva asetus säätelee digitaalisilla alustoilla tapahtuvaa toimintaa. Ennen voimaantuloa se on vielä hyväksyttävä virallisesti sekä EU parlamentissa että neuvostossa.
Uusia keinoja tarvitaan sillä halki internetin käyttäjiä jatkuvasti seuraava ja profiloiva mainonta, valheelliset ja laittomat sisällöt sekä käyttäjiä koukuttavat algoritmit ovat joitakin esimerkkejä alustoihin liittyvistä haasteista. Verkkoalustojen on poistettava myös nopeasti laittomat sisällöt, tuotteet ja palvelut.
Uusi digipalvelusäädökset (Digital Services Act, DSA) toimii yhteen digimarkkinasäädöksen kanssa (Digital Markets Act, DMA) kanssa, jossa DSA-säädökset asettavat pelisäännöt, joilla käyttäjät saavat turvallisemman ja avoimemman digitaaliympäristön, ja yrityksille taataan reilu kilpailutilanne.
Säädöksen avulla kielletään esimerkiksi internetin alustoilla tapahtuva kohdennettu mainonta henkilökohtaiseen tai herkkään dataan perustuen. Lisäksi lapsille kohdennettu mainonta kielletään täysin. Suuret alustajätit ovat perustaneet liiketoimintaansa käyttäjiä jatkuvasti seuraavan kohdennetun mainonnan varaan.
Tomi Engdahl says:
cider-security-research/cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
https://github.com/cider-security-research/cicd-goat
Tomi Engdahl says:
https://blog.malwarebytes.com/podcast/2022/04/why-our-software-has-so-many-vulnerabilities-with-tanya-janca-lock-and-code-s03e09/
Tomi Engdahl says:
Google Play Store now forces apps to disclose what data is collected https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
Google is rolling out a new Data Safety section on the Play Store, Android’s official app repository, where developers must declare what data their software collects from users of their apps.
Tomi Engdahl says:
Inside a ransomware incident: How a single mistake left a door open for attackers https://www.zdnet.com/article/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers/
There are many things you can do to protect yourself against cyberattacks – but if you still don’t do the basics, then it’s easy pickings for cyber criminals.
Tomi Engdahl says:
Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default https://thehackernews.com/2022/04/emotet-testing-new-delivery-ideas-after.html
The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products.
Tomi Engdahl says:
Supo ja Säpo: Suomi ja Ruotsi varautuneet Venäjän vaikutusyrityksiin, mutta toistaiseksi ollut rauhallista
https://yle.fi/uutiset/3-12419643
Venäjällä arvioidaan olevan juuri nyt suuri tarve tiedustelutiedolle Nato-prosesseista. Ruotsin ja Norjan turvallisuuspalveluiden johtajat vierailevat Suomessa.. Venäjällä arvioidaan olevan juuri nyt suuri tarve tiedustelutiedolle Nato-prosesseihin liittyen, minkä takia Supo varoittaa kybervakoilusta.. Myös palvelunestohyökkäysten arvioidaan jatkuvan.
Tomi Engdahl says:
APT trends report Q1 2022
https://securelist.com/apt-trends-report-q1-2022/106351/
For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.
Tomi Engdahl says:
Suomi +178 % – raakoja lukuja kiristyshyökkäyksistä https://www.is.fi/digitoday/tietoturva/art-2000008780115.html
Tomi Engdahl says:
Näin moni yritys Suomessa joutuu kiristyshaitakkeen uhriksi: vahingot kohoavat merkittäviksi
https://www.tivi.fi/uutiset/tv/4afdfb3c-ec82-421d-9e0a-04f1abaf5c15
Tietoturvayhtiö Check Point Software arvioi, että Suomessa joka viikko yksi 33 yrityksestä joutuu tänä vuonna kiristysiskun kohteeksi. Vielä
2021 vastaava luku oli yksi 93:sta.
Tomi Engdahl says:
How to Attack Your Own Company’s Service Desk to spot risks https://www.bleepingcomputer.com/news/security/how-to-attack-your-own-companys-service-desk-to-spot-risks/
While a cybercriminal can conceivably launch a social engineering attack against any part of an organization, such attacks often target the helpdesk. Attackers know that if they are successful at fooling the helpdesk staff, then they can easily gain access to privileged accounts.
Tomi Engdahl says:
IETF Publishes RFC 9116 for security.txt’ File https://www.securityweek.com/ietf-publishes-rfc-9116-securitytxt-file
The Internet Engineering Task Force (IETF) has published RFC 9116 for the security.txt file, whose goal is to make it easier for researchers to responsibly disclose the vulnerabilities they find.
Tomi Engdahl says:
1.2 Million Bad Apps Blocked From Reaching Google Play in 2021
https://www.securityweek.com/12-million-bad-apps-blocked-reaching-google-play-2021
Google claims that it prevented 1.2 million bad applications from reaching Google Play in 2021, but cybercriminals are still finding ways to deliver malware through the official Android app store.
According to data shared by Google on Wednesday, its automated systems helped block 1.2 million “policy violating apps” from being published on Google Play, thus preventing billions of “harmful installations.”
In addition, the internet giant blocked 190,000 accounts belonging to bad developers, and it closed half a million developer accounts that were abandoned or inactive.
The company said it has also taken various other steps to improve Android security and privacy, including by providing new compliance tools for developers, improving the safety of SDKs, limiting access to sensitive APIs and data, and new malware detection capabilities for Pixel phones.
But despite these improvements, malware and scam apps continue making their way to Google Play, and some of them are installed by hundreds of thousands and even millions of users.
Tomi Engdahl says:
How Linux Became the New Bullseye for Bad Guys
https://www.securityweek.com/how-linux-became-new-bullseye-bad-guys
Organizations need to secure, monitor and manage Linux just like any other endpoint in the network
Cybercriminals haven’t historically paid much attention to Linux systems. In fact, Linux was formerly one of the least attacked platforms in IT, but that’s quickly changed. Today we’re seeing malware designed to attack Linux systems, frequently in the form of executable and linkable format (ELF). Linux is becoming a more popular target for attackers as it operates the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications.
This is not something CISOs can afford to ignore any longer. Let’s look at current threats and how to address them.
Linux in the crosshairs
Today, attacks on Linux operating systems and the programs that run on them are almost as common as attacks on Windows operating systems.
Many firms are used to guarding against Windows-based attacks, but they aren’t used to keeping up with Linux in terms of defense and malware analysis. Worse still, Linux installations frequently contain sensitive information such as certificates, Secure Socket Shell (SSH) credentials, application usernames and passwords. The Linux-based Mirai botnet remains a top threat, as operators often pounce at the opportunity to add newly disclosed vulnerabilities to their exploit toolset.
Looking at specific Linux threats
In the fourth quarter of 2021, our FortiGuard Labs researchers found that the rate of new Linux malware signatures quadrupled that of the first quarter. In 2021, malware detections of ELF files doubled, indicating that Linux malware is becoming more prevalent in cybercrime.
Botnet malware is increasingly being created on Linux computers. The current Log4J vulnerability is another example of a recent assault in which Linux binaries have taken advantage of this opportunity.
Tackling the problem
It’s clear that organizations need to secure, monitor and manage Linux just like any other endpoint in the network. Organizations should have advanced and automated endpoint protection, detection and response as well as integrated zero trust network access. It’s important to fight fire with fire – you’ve got to use the same kinds of tools that bad actors are using.
That means having a security operations center (SOC) perspective and using solution like threat intelligence, SIEM, SOAR, deception technology – these are all tools that help so you don’t have to hire 40 or 50 more people for your SOC. It’s about how you can work together with tools and technology, and to have incident response planning in place.
Education and awareness a key part of this strategy. Security hygiene should become a primary focus to provide active threat protection for systems that may be affected by low-lying threats.
Covering all the bases
Organizations should make hardening Linux and Windows-based systems a top priority in 2022. And businesses should always prioritize security as they adopt new technology. That means making sure new connections, such as satellite-based communication, are secure before proceeding.
However, you must remember that malicious actors will continue to use tactics that work. You can’t forget about the threats that are currently lurking while preparing for future threats.
Tomi Engdahl says:
National Cybersecurity Agencies List Most Exploited Vulnerabilities of 2021
https://www.securityweek.com/national-cybersecurity-agencies-list-most-exploited-vulnerabilities-2021
Tomi Engdahl says:
When Attacks Surge, Turn to Data to Strengthen Detection and Response
https://www.securityweek.com/when-attacks-surge-turn-data-strengthen-detection-and-response
News of cyber criminals and nation-state actors capitalizing on events, planned or unplanned, for financial gain or to wreak havoc have dominated the headlines over the past few years. From COVID to elections to devastating weather events, and now the tragic conflict in Ukraine. We’ve seen threat actors launch ransomware, supply chain attacks and other sophisticated tactics to compromise organizations and the services they deliver. But the human spirit is strong. We are wired to persevere, so time and again we rise to difficult situations.
When it comes to cyber threats, the security industry has two important mechanisms in place to help organizations understand the motivations of attackers and their tactics, techniques, and procedures (TTPs) so they can strengthen detection and response: intelligence sources and information sharing. Let’s look at how to get the most value from each.
Intelligence sources – When attacks happen, there’s an immediate uptick in threat information often available for free and open to the public from disparate sources, including commercial threat intelligence providers, governments, your existing security vendors, open-source feeds and frameworks like MITRE ATT&CK. With the current situation in Ukraine, which brings an added dimension of cyberwarfare, the U.S. federal government has issued an unprecedented series of alerts and plans with technical details and mitigation recommendations. Valuable information and preventative measures are also available from hundreds of news outlets, research blogs, commercial reports and GitHub repositories. Between the variety of sources and formats of intelligence, how do you make it all usable within your infrastructure?
Information sharing – Thus far we’ve focused on data coming in, but we all know there is strength in numbers, so sharing data out is equally important. Information Sharing and Analysis Centers (ISACs), initiatives from the U.S. federal government, and platforms that enable internal sharing across an organization’s previously siloed tools and teams, all help to make sharing more efficient and effective.
Most organizations are members of an ISAC focused on threats to their sector. ISACs provide the culture, technology and processes by which organizations can share information with other organizations.
As threat actors continue to evolve their TTPs to take advantage of crises and outbreaks, the intelligence sources and information sharing mechanisms available to help will become even more important. Security professionals can rise to the occasion by ensuring their security operations is data-driven, so they can get the most value from each.
Tomi Engdahl says:
Why Ransomware Response Matters More Than Protection
https://www.securityweek.com/why-ransomware-response-matters-more-protection
As high-profile attacks of the Albuquerque Public School District, Kronos, CS Energy, Kaseya, JBS USA, and Colonial Pipeline have illustrated, ransomware is one of the most significant threats to businesses worldwide. It can cause a lot of damage for a company, beyond the financial cost of paying ransom. Downtime, lost opportunities, as well as ransomware removal and recovery expenses can quickly add up. According to the 2021 Threat Landscape report by the European Union Agency for Cybersecurity, the average cost of remediating a ransomware attack in 2021 was $1.85 million, which is almost twice what it was the previous year. And things won’t get better any time soon. This raises the question, “What can organizations do to minimize the impact of falling victim to a ransomware attack”?
A ransomware attack can cripple an organization in a matter of minutes, leaving it incapable of accessing critical data and unable to do business. But that’s not all – more recently threat actors have shifted from just infecting systems with ransomware to multi-faceted extortion where they also publicly name (and shame) victims, steal data, and threaten to release it to the public or sell it.
In response, organizations should consider the following steps to mitigate the risk of ransomware attacks:
• Strategic Readiness: Covers everything from cyber risk assessment, tabletop exercises, security awareness training, and secure data backups to penetration testing.
• Prevention: Includes applying security measures such as patch management, application whitelisting, spam filters, least privilege, as well as deploying anti-malware and endpoint security software.
• Incident Response: Organizations should invest in services and forensic tools to address:
• investigation of the ransomware attack, allowing them to determine how the incident occurred, and securing evidence for litigation preparedness;
• remediation by hardening the environment so that attackers no longer have access and to avoid further spread of the ransomware;
• eradication efforts, aimed at removing the attacker from the environment, for example by disabling accounts, resetting passwords, (re)establishing multi-factor authentication, and ultimately getting rid of the ransomware;
•recovery efforts, focusing on the restoration of the business, whereby the main objection is to achieve this in a secure fashion without risking reinfection of the infrastructure.
Tomi Engdahl says:
Defending Your Business Against Russian Cyberwarfare
https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare
We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine
The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyberattacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place.
The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organizations to prepare and implement more robust defenses. These defenses include actions both inside and outside an enterprise’s perimeter.
Common Types of Cyber Attacks
Russia-led cyberattacks have increased since the Russian invasion of Ukraine, and Russian cyber threat actors will likely use one or more of the following means to retaliate against companies and people on opposing sides of the war:
● Ransomware – The most used type of cyber threat to attack private industry since 2021
● Email Phishing – A commonly used technique to gain access to privileged information and networks
● Credential Stuffing – Another commonly used technique, which largely targets C-Suite executives and gamers for access to their accounts to gain access to privileged information and for financial gain
While these attacks are not new, they are increasingly concerning.
Objectives of High Profile Cyber Attacks By Russian Cyber Actors
The Russian government and Russian cyber criminals targeted private industry in multiple incidents over the past year. Historically, these APT actors have used common but effective tactics—including spear phishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks. We believe there are three primary objectives that will drive Russian cyber actors, both criminal and government, to target those networks:
● Influence – This involves preparing a target for military or economic combat and creating a social media environment where non-Russian companies and entities look weak so that the Russian economic environment and Russian companies can look comparatively strong.
● Retribution – In response to the support of the Ukrainian resistance, ransomware could increase, and in some cases, it is possible that ransom will no longer be a means of resolution. Businesses that have withdrawn operations from Russia may be threatened with an attack unless they agree to resume Russian operations.
● Gain – As sanctions increase and expand, Russian corporations may choose to ignore global intellectual property laws and pay cyber threat actors to target non-Russian corporate IP, in a style similar to that seen with Chinese threat actors.”
Russia will try to inflict economic damage similar to the GRU-backed 2017 NotPetya attacks that resulted in worldwide revenue losses greater than $10 billion. Although Russia has not yet escalated cyberattacks– likely due to their focus on Ukrainian operations – we are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine.
Tomi Engdahl says:
Achieving Sustainable Cybersecurity Through Proper Care and Feeding
https://www.securityweek.com/achieving-sustainable-cybersecurity-through-proper-care-and-feeding
Climate change is probably the greatest threat our planet faces today, but this challenge also presents an opportunity to do the right thing. It’s time to step back and look at the role of the IT industry in developing, deploying, maintaining, growing and eventually, sustainably retiring technology and solutions.
It is understood that for a garden to produce fresh vegetables and fruit, it needs more than just water. The soil needs the proper nutrients to ensure that any harvest is not just today but is repeatable and provides food for generations to come.
You may wonder how garden sustainability can compare with IT and cybersecurity, but it does. Digital transformation, online shopping, binge-watching television and video calls depend on data centers that consume power and create waste from burning fuel.
So, why is it important to have sustainable cybersecurity? The benefits of sustainable security and IT are akin to the benefits we get at home from installing smart-heating controls at home – aka – saving money. Still, sustainability is also a key driver in some regulatory decisions and helps develop and maintain a positive corporate profile for businesses today.
There are many benefits and considerations to sustainable security; these include:
Controlling IT Costs
Cybersecurity has sometimes been seen as a spent-cost investment to keep investors happy and is often rolled out as a knee-jerk response to an attack. This has never been a sustainable approach, and fortunately, most organizations now see this and recognize the need for change.
The best security specialists will set priorities at the start of a financial year based on where risks are seen – or on vulnerable business areas. A detailed understanding of these areas means that security expenses can be built into budgeting as forward-looking investments.
• Ensure an incident response plan is in place and review it regularly. The initial design of the program takes the longest, annual updates are then more manageable – and should there be a breach, you will be well prepared to respond in the fastest and most effective way possible.
• Implement Endpoint Detection and Response (EDR), which combines continuous real-time monitoring with automated response or analysis rules. This will help analyze threats and also automate responses to quarantine threats and notify staff when necessary.
Improving Staff Awareness
Over the years, most of us will have viewed an ‘annual security update’ video or been asked to complete a survey on what they feel about IT systems. The problem here is that reusing the same, mildly updated content continuously carries a diminishing return – people take less and less notice. They become blasé about the importance of any security message.
Effective security training needs to keep up with developments in cybersecurity.
Making ESG a Priority
Everyone is becoming socially aware, seeing the importance of purchasing, using, or investing in products and solutions which look to improve their environmental footprint by implementing ESG best practices (environmental, social and governance). This could include:
• Prioritizing workforce well-being in hiring and retention, and providing a flexible work environment which makes it easier to hire the best cybersecurity talent, without being tied to a specific location.
• Updating manufacturing processes to take advantage of low-carbon emission options and sustainable power. In addition, new products can be designed to be dismantled for repair, upgrade, and eventual recycling.
• Offering refurbishment options for used equipment helps customers extend the life of their investments and reduces electronic waste in landfills, which reduces carbon emissions.
ESG is certainly on the radar of the CIO. They will be watching what other organizations are doing – but in this case, learning best practices and developing sustainable and ethical processes for equipment and data. Making cybersecurity part of this conversation is essential. It can address issues on the protection of business and employee data and assist in regulatory compliance, such as CCPA and the GDPR.
It is vital to build sustainable cybersecurity best practices that mitigate risk and improve resilience whilst at the same time, making it easier to develop and report key risk metrics to stakeholders, which show transparency and enhance trust in the business.
Where to Go Next?
Many large organizations have public commitment statements of corporate responsibility. This is a great place to start, whether you just want to know more or need to understand how to begin developing sustainability options in your own business.
Tomi Engdahl says:
Overcoming Cybersecurity Recruiting Challenges
https://www.securityweek.com/overcoming-cybersecurity-recruiting-challenges
Recruiting the best cybersecurity talent is an especially difficult task. Good people are very hard to find in a tight labor market where demand effortlessly outstrips supply.
Recruiting Challenges
The challenges are many, but here are the toughest ones:
Finding the right people for the right jobs — within time and money constraints.
Some companies make the mistake of asking too much from candidates — in the hope that one of them will match their needs. For example, when seeking an entry-level person, they ask for years of work experience and specific security qualifications. On the other side of the table, candidates may overstate their capabilities.
Falling into the trap of only selecting candidates with deep resumes.
This is so easy to do, given the slew of responses to certain advertised positions. Faced with possibly hundreds of resumes to shift through, hiring managers tend to cherry-pick the applicants with the best academic and work qualifications — which may result in overlooking those who have superior hands-on skills.
Ignoring talented people who perform poorly in interviews
For many companies, the first face-to-face interview is the acid test for assessing a candidate’s suitability for a position. Not surprisingly, some very talented people get rejected at this stage because they perform poorly due to nervousness, shyness or even neurodiversity. Indeed, a lot of high-tech people are introverted and may not excel in interviews.
Writing job descriptions that precisely define roles and positions.
Imprecision costs time and money, for companies and candidates. Companies need to be precise in terms of the skills they need for a specific role rather than vaguely listing capabilities that may or may not be useful. Each job description should accurately reflect what the job entails today — not what it entailed in the past.
There is a Better Way of Recruiting
As the demand for cybersecurity talent explodes and the supply dwindles, recruiters are realizing that the old ways of filling technical roles are limited, slow, and sometimes expensive. What is needed is a new way of recruiting — one that is precise, inexpensive, and, best of all, highly effective.
The core idea is that recruiters should use a virtual testing environment that enables them to validate and assess candidates’ cybersecurity skills as they perform hands-on exercises. For each position, this approach should allow a recruiter to create a specific evaluation module, choose challenges and assessments that match the job’s skills, and view key performance metrics and completion time. In this way, candidates’ performances can be quickly measured.
Ideally, this new recruiting solution should enable recruiters to assess a variety of skills and functions mapped to frameworks such as NIST/NICE and MITRE ATT&CK. In addition, NICE job descriptions should be incorporated into the solution — solving the challenge of writing precise job descriptions for most positions.
Challenges and assessments should include a wide range of threats, enterprise security products used by the hiring company, and emulated IT infrastructure that mirror real-world environments.
For maximum efficiency, this approach should cover the common topics and functions including .log analysis, addressing CVEs, IoT security, common TTPs, and the ever-changing threat landscape
The benefits of the virtual testing approach to recruiting are clear. Recruiters can quickly and cost-effectively find the best people for the right roles, uncover high-potential talent and expand their pool of qualified candidates.
Tomi Engdahl says:
Kiristyslunnaat tulevat paljon luultua kalliimmiksi
https://etn.fi/index.php?option=com_content&view=article&id=13495&via=n&datum=2022-04-28_15:02:32&mottagare=30929
Tietoturvayhtiö Check Point Softwaren tutkijat kertovat uudessa blogissaan, että maksetut lunnaat ovat vain osa kiristyslunnaiden uhrille aiheutuvista todellisista kuluista. Yhtiöt tutkijat arvioivat, että kokonaiskustannukset ovat jopa 7 kertaa korkeammat. Suomessa kiristyshyökkäyksen todennäköisuus on tänä vuonna kasvanut kolminkertaiseksi viime vuoteen verrattuna.
Vuonna 2021 yksi joka 93 suomalaisorganisaatiosta joutui kiristyshyökkäyksen kohteeksi. Tänä vuonna luku on yksi jokaista 33 organisaatiota kohti. Vuoden ensimmäisellä neljänneksellä kasvu oli siis 178 prosenttia.
Kyberrikolliset vaativat yleensä lunnaita, jotka ovat 0,7-5 prosenttia organisaation vuosiliikevaihdosta. Kiristysohjelmahyökkäyksen kesto lyheni viime vuonna merkittävästi, 15 päivästä 9 päivään.
7-kertaisia ransomware-kustannuksia CPR perustelee niin, että summa koostuu reagointi- ja ennallistamiskustannuksista, oikeudenkäyntikuluista ja seurantakustannuksista.
Tomi Engdahl says:
Watch: The Four Stages of Zero Trust Maturity
https://www.securityweek.com/watch-four-stages-zero-trust-maturity
Stage Zero: Identify where you are and where to start your Zero Trust journey
Stage One: Put basic Zero Trust principles in place to show immediate value
Stage Two: Leverage context and risk to enhance security posture
Stage Three: Unlock the potential of adaptive Zero Trust
Tomi Engdahl says:
IETF Publishes RFC 9116 for ‘security.txt’ File
https://www.securityweek.com/ietf-publishes-rfc-9116-securitytxt-file
The Internet Engineering Task Force (IETF) has published RFC 9116 for the security.txt file, whose goal is to make it easier for researchers to responsibly disclose the vulnerabilities they find.
Edwin “EdOverflow” Foudil and Yakov Shafranovich of Nightwatch Cybersecurity are the authors of the security.txt standard, for which a draft was submitted in 2017. However, IETF noted that RFC 9116 has an “Informational” status and it will not become an actual internet standard.
The file must include an email address where security flaws can be reported, and a date when the information in the file should be considered “expired.”
It can also include the encryption key that can be used by the reporter to securely transmit the information, a link to the organization’s security policy, the URL of the security.txt file, a vulnerability acknowledgements page, and it can even link to security-related job openings within the organization.
A security.txt file has been implemented by major organizations such as Google, Facebook and GitHub, as well as many government agencies.
An analysis conducted in late 2020 showed that nearly 3,000 of the 666,000 most popular websites on the Alexa list had a security.txt file. Separate research showed that, as of April 2021, roughly 1% of the Alexa Top 100K, 3% of the Top 10K, and 15% of Top 100 websites had a security.txt file.
Tomi Engdahl says:
Over 300,000 Internet-Exposed Databases Identified in 2021
https://www.securityweek.com/over-300000-internet-exposed-databases-identified-2021-study
Cybersecurity firm Group-IB identified more than 91,000 publicly-exposed databases in the first quarter of 2022, significantly more than in the previous year.
In 2021, the firm discovered a total of 308,000 exposed databases, with more than 165,000 of them found in the second half of the year. Most of the exposed databases use the Redis database management system (37.5%), followed by MongoDB (31%) and Elastic (29%).
Netenrich principal threat hunter John Bambenek pointed out to SecurityWeek that Group-IB’s report documents databases that can be accessed from the internet, rather than instances that have already been breached.
“However, this does not mean you can simply dump the contents without credentials or a vulnerability. While it is best practice not to ever have databases accepting connections from the Internet, it also does not mean immediate data loss,” Bambenek said.
Improperly inventoried internet-facing assets such as databases could be exploited in cyberattacks, leading to costly data breaches, Group-IB notes.
Last year, IBM found that the average cost of a data breach exceeded $4.2 million during the COVID-19 pandemic, up 10% from the previous year. The average time to identify and address a breach had increased as well, to 287 days.
Tomi Engdahl says:
Google Adds Ways to Keep Personal Info Private in Searches
https://www.securityweek.com/google-adds-ways-keep-personal-info-private-searches
Google has expanded options for keeping personal information private from online searches.
The company said Friday it will let people request that more types of content such as personal contact information like phone numbers, email and physical addresses be removed from search results.
The new policy also allows the removal of other information that may pose a risk for identity theft, such as confidential log-in credentials.
The company said in a statement that open access to information is vital, “but so is empowering people with the tools they need to protect themselves and keep their sensitive, personally identifiable information private.”
“Privacy and online safety go hand in hand. And when you’re using the internet, it’s important to have control over how your sensitive, personally identifiable information can be found,” it said.
Google Search earlier had permitted people to request that highly personal content that could cause direct harm be removed. That includes information removed due to doxxing and personal details like bank account or credit card numbers that could be used for fraud.
Tomi Engdahl says:
Disaster Recovery Plan Template: 8 Key Steps for Businesses
https://securityintelligence.com/articles/disaster-recovery-plan-template-eight-critical-elements/
The recent pandemic has shown that disruptions in daily business can happen quickly and without warning. Whether as a result of a pandemic, natural disaster or network disruptions due to cybersecurity incidents, you need to ensure that your business can keep running through operational difficulties. One way to help your business keep going is by developing a disaster recovery plan.
What is a disaster recovery plan?
A disaster recovery plan, also known as a DRP, is a formal business document that outlines in detail the actions and assets needed in the event of a disaster. It includes the required processes, assets, employees and services.
DRPs have become a staple in modern business. They can play a vital role in keeping a business going long term when they are designed and used correctly. Every business is unique, but there is a basic template. Here are the critical elements of a disaster recovery plan template and why they’re essential.’
Tomi Engdahl says:
Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In https://thehackernews.com/2022/04/indian-govt-orders-organisations-to.html
India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours.
Tomi Engdahl says:
Internetin tulevaisuudesta tehtiin tärkeä sopimus Venäjä ja Kiina jättäytyivät pois https://www.tivi.fi/uutiset/tv/157d2ba9-8181-435a-b815-db43793e5a4c
EU, Iso-Britannia, Yhdysvallat ja 32 muuta valtiota ympäri maailman ovat sitoutuneet yhteiseen sopimukseen, joka kieltää vaaleihin kohdistuvat misinformaatiokampanjat ja ihmisten laittoman vakoilun.
Yhdysvaltain Valkoinen talo tiedotti Julistus internetin tulevaisuudesta -nimisestä sopimuksesta torstaina.
Tomi Engdahl says:
The Week in Ransomware – April 29th 2022 – New operations emerge https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-29th-2022-new-operations-emerge/
This week we have discovered numerous new ransomware operations that have begun operating, with one appearing to be a rebrand of previous operations
Tomi Engdahl says:
You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/
Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address.
Tomi Engdahl says:
Onko dokumenttiin piiloutunut haittaohjelma? Googlen turvaominaisuus laajenee
https://www.tivi.fi/uutiset/tv/1678fb5c-1aac-4bf6-9f92-4e65942d9441
Googlen online-toimistopalveluiden käyttäjät ovat yhtiön mukaan tulevaisuudessa paremmassa turvassa haittaohjelmilta, sillä yhtiön oma turvaskanneri käy läpi avattavan dokumentin, Neowin kirjoittaa.
Tomi Engdahl says:
Open source Package Analysis’ tool finds malicious npm, PyPI packages https://www.bleepingcomputer.com/news/security/open-source-package-analysis-tool-finds-malicious-npm-pypi-packages/
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries.