Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Henkkari tulee kännykkään “voi olla käytössä jo ensi vuoden alkupuolella”
https://www.tivi.fi/uutiset/tv/dd87feb8-96a2-4dba-bf9d-8414ad18a6dc
Tarkoitus on luoda järjestelmä, jossa digilompakossa oleva henkilötodistus toimisi kaikkialla Euroopassa. Se voisi sisältää paljon muitakin varmennettuja faktoja kuten ajo-oikeuden, metsästysluvan, syntymäajan.
Tomi Engdahl says:
How to Use Windows Security to Keep Your PC Protected https://www.wired.com/story/how-to-use-windows-security/
FOR MANY YEARS, Windows users had to rely on a third-party security tool to keep viruses and malware at bay, but now Microsoft’s operating system comes with its own package, in the form of Windows Security.
Tomi Engdahl says:
‘Right to be Forgotten’: Israel Firm Promises to Purge Digital Footprint
https://www.securityweek.com/right-be-forgotten-israel-firm-promises-purge-digital-footprint
Three young Israelis formerly serving in military cyber units have figured out how to locate your digital footprint — and give you the tools to delete it.
The company Mine, co-founded by Gal Ringel, Gal Golan and Kobi Nissan, says it uses artificial intelligence to show users where their information is being stored — like whether an online shoe store kept your data after a sneaker purchase three years ago.
Ringel said Mine’s technology has already been used by one million people worldwide, with over 10 million “right to be forgotten” requests sent to companies using the firm’s platform.
Mine launched after the European Union’s General Data Protection Regulation (GDPR) — now an international reference point — set out key rights for users, including the deletion of personal data that was shared with a site for a limited purpose.
The company’s AI technology scans the subject lines of users’ emails and flags where data is being stored.
Individuals can then decide which information they want deleted and use Mine’s email template to execute their right to be forgotten.
It means they can delete their digital footprint “with a click of a button”, Ringel said.
“We’re not telling people to not use Facebook or Google. We say: go ahead, enjoy, use whatever you want,” he said.
“But as you enjoy using the internet, we’ll show you who knows what about you, what they know about you… what is the risk” and how to remove it, he added.
Google Adds Ways to Keep Personal Info Private in Searches
https://www.securityweek.com/google-adds-ways-keep-personal-info-private-searches
Google has expanded options for keeping personal information private from online searches.
The company said Friday it will let people request that more types of content such as personal contact information like phone numbers, email and physical addresses be removed from search results.
The new policy also allows the removal of other information that may pose a risk for identity theft, such as confidential log-in credentials.
The company said in a statement that open access to information is vital, “but so is empowering people with the tools they need to protect themselves and keep their sensitive, personally identifiable information private.”
“Privacy and online safety go hand in hand. And when you’re using the internet, it’s important to have control over how your sensitive, personally identifiable information can be found,” it said.
Tomi Engdahl says:
New OpenSSF Project Hunts for Malicious Packages in Open Source Repositories
https://www.securityweek.com/new-openssf-project-hunts-malicious-packages-open-source-repositories
The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories.
The Package Analysis project, OpenSSF says, aims to identify the behavior and capabilities of open source packages – including files they access, commands they support, and IPs they connect to – and track modifications that could reveal suspicious activities.
“This effort is meant to improve the security of open source software by detecting malicious behavior, informing consumers selecting packages, and providing researchers with data about the ecosystem,” OpenSSF says.
Under development for a while, the project went through extensive changes and only recently became useful, the Foundation says.
Package Analysis dynamically investigates packages in popular open source repositories and places the results in a BigQuery table. The project has already identified more than 200 malicious PyPI and npm packages, but most of these were dependency confusion and typosquatting attacks.
Introducing Package Analysis: Scanning open source packages for malicious behavior
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.
The Package Analysis project seeks to understand the behavior and capabilities of packages available on open source repositories: what files do they access, what addresses do they connect to, and what commands do they run? The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously. This effort is meant to improve the security of open source software by detecting malicious behavior, informing consumers selecting packages, and providing researchers with data about the ecosystem. Though the project has been in development for a while, it has only recently become useful following extensive modifications based on initial experiences.
Tomi Engdahl says:
The Package Analysis Project: Scalable detection of malicious open source packages
https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html
Google, a member of the Open Source Security Foundation (OpenSSF), is proud to support the OpenSSF’s Package Analysis project, which is a welcome step toward helping secure the open source packages we all depend on. The Package Analysis program performs dynamic analysis of all packages uploaded to popular open source repositories and catalogs the results in a BigQuery table. By detecting malicious activities and alerting consumers to suspicious behavior before they select packages, this program contributes to a more secure software supply chain and greater trust in open source software. The program also gives insight into the types of malicious packages that are most common at any given time, which can guide decisions about how to better protect the ecosystem.
Tomi Engdahl says:
Bad Actors Are Maximizing Remote Everything https://threatpost.com/bad-actors-remote-everything/179458/
The rise of remote work and learning opened new opportunities for many people as we’ve seen by the number of people who have moved to new places or adapted to “workcations.” Cybercriminals are taking advantage of the same opportunities just in a different way.
Tomi Engdahl says:
Deep Dive: Protecting Against Container Threats in the Cloud https://threatpost.com/container_threats_cloud_defend/179452/
A deep dive into securing containerized environments and understanding how they present unique security challenges.
Tomi Engdahl says:
Somepalvelu tekee pelottavan uudistuksen ainakin 570 miljoonan käyttäjän sijainnit paljastetaan
https://www.tivi.fi/uutiset/tv/41d5492e-a89e-460d-a51d-909a0caef522
Kiinan suuri palomuuri on luonut maan internetistä sensuurin ja valvonnan täyttämän ympäristön. Kiinan suosituimpiin sosiaalisen median sivustoihin kuuluva mikroblogipalvelu Weibo vie kuitenkin asiat askelta pidemmälle
Tomi Engdahl says:
DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors
https://www.securityweek.com/dod-announces-results-vulnerability-disclosure-program-defense-contractors
The US Department of Defense (DoD) on Monday announced the conclusion of a 12-month pilot Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) aimed at finding flaws in contractor networks.
The pilot initiative was established by the DoD Cyber Crime Center (DC3) in collaboration with the Defense Counterintelligence and Security Agency (DCSA) and DoD DIB Collaborative Information Sharing Environment (DCISE).
Run in collaboration with hacker-powered bug hunting platform HackerOne – DoD’s primary source of vulnerability reporting – the program focused on identifying security holes in publicly accessible assets of voluntary DIB participants and concluded with a total of 401 reported vulnerabilities being validated.
While it kicked off with 14 voluntary participants and 141 assets in scope, the DIB-VDP pilot expanded over the course of the year to a total of 41 companies and 348 assets.
A total of 288 HackerOne cybersecurity researchers hunted for bugs as part of the pilot and submitted 1,015 all-time reports, the DoD says.
Tomi Engdahl says:
Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol
https://www.securityweek.com/deepfakes-are-growing-threat-cybersecurity-and-society-europol
Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon
Deepfake technology uses artificial intelligence techniques to alter existing or create new audio or audio-visual content. It has some non-malign purposes — such as satire and gaming — but is increasingly used by bad actors for bad purposes. And yet, in 2019, research from iProove showed that 72% of people were still unaware of deepfakes.
Deepfakes are used to create a false narrative apparently originating from trusted sources. The two primary threats are against civil society (spreading disinformation to manipulate opinion towards a desired effect, such as a particular election outcome); and against individuals or companies to obtain a financial return. The threat to civil society is that, left unchecked, entire populations could have their views and opinions swayed by deepfake-delivered disinformation campaigns distorting the truth of events. People will no longer be able to determine truth from falsehood.
The cybersecurity threat to companies is that deepfakes could increase the effectiveness of phishing and BEC attacks, make identity fraud easier, and manipulate company reputations to cause an unjustified collapse in share value.
Tomi Engdahl says:
UNC3524: Eye Spy on Your Email
https://www.mandiant.com/resources/unc3524-eye-spy-email
Since December 2019, Mandiant has observed advanced threat actors increase their investment in tools to facilitate bulk email collection from victim environments, especially as it relates to their support of suspected espionage objectives.
Tomi Engdahl says:
Analysis on recent wiper attacks: examples and how wiper malware works https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works
This blog post looks to explain how wipers work, what makes them so effective and provides a short overview of the most recent samples that appeared in the eastern Europe geopolitical conflict.
Tomi Engdahl says:
Mozilla: Lack of Security Protections in Mental-Health Apps Is Creepy’
https://threatpost.com/mozilla-security-health-apps-creepy/179463/
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
Tomi Engdahl says:
GitHub will require all users who contribute code to enable two-factor authentication by the end of 2023
https://techcrunch.com/2022/05/04/github-will-require-all-users-who-contribute-code-to-enable-two-factor-authentication-by-the-end-of-2023/
Tomi Engdahl says:
US Cyber Command shored up nine nations’ defenses last year
‘Hunt forward’ operations push US capabilities across borders
https://www.theregister.com/2022/05/04/us_cyber_hunt_forward/
US Cyber Command chief General Paul Nakasone has revealed the agency he leads conducted nine “hunt forward” operations last year, sending teams to different counties to help them improve their defensive security posture and hunt for cyberthreats.
These missions provide “security for our nation in cyberspace,” said Nakasone, who is also director of the National Security Agency, during a Summit on Modern Conflict and Emerging Threats at Vanderbilt University. “It provides an inoculation of these threats, and it provides a partnership with a nation that has asked us for assistance.”
Tomi Engdahl says:
FBI says business email compromise is a $43 billion scam
https://www.bleepingcomputer.com/news/security/fbi-says-business-email-compromise-is-a-43-billion-scam/
The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021.
From June 2016 until July 2019, IC3 received victim complaints regarding 241,206 domestic and international incidents, with a total exposed dollar loss of $43,312,749,946.
“Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds,” the FBI said.
Tomi Engdahl says:
https://blog.malwarebytes.com/how-tos-2/2022/05/8-security-tips-for-small-businesses/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/github-to-require-2fa-from-active-developers-by-the-end-of-2023/
Tomi Engdahl says:
Internet scams are a daily reality for the UK
https://www.pandasecurity.com/en/mediacenter/security/internet-scams-uk/
Tomi Engdahl says:
End-To-End Encryption is Too Important to Be Proprietary
The EU’s Digital Markets Act is playing on the hardest setting (and it doesn’t need to).
https://doctorow.medium.com/end-to-end-encryption-is-too-important-to-be-proprietary-afdf5e97822
The EU’s Digital Markets Act (DMA) is set to become law; it will require the biggest tech companies in the world (Apple, Google and Facebook, and maybe a few others) to open up their instant messaging services (iMessage, Facebook Messenger, Whatsapp, and maybe a few others) so that smaller messaging services can plug into them. These smaller services might be run by startups, nonprofits, co-ops, or even individual tinkerers.
The logic behind this is sound. IM tools are the ultimate “network effects” products: once they have a critical mass of users, other users feel they have to join to talk to the people who are already there. The more users who sign up, the more users feel they must sign up.
Tomi Engdahl says:
Hackers used the Log4j flaw to gain access before moving across a company’s network, say security researchers
https://www.zdnet.com/article/heres-how-hackers-used-the-log4j-flaw-to-gain-access-before-moving-across-a-companys-network/
State-backed hacking groups are some of the most advanced cyberattack operations in the world – but criminals don’t need to rely on them if they can exploit unpatched cybersecurity flaws.
Tomi Engdahl says:
https://www.protocol.com/bulletins/facebook-leaked-data-privacy
Tomi Engdahl says:
DATA AS A WEAPON: PSYCHOLOGICAL OPERATIONS IN THE AGE OF IRREGULAR INFORMATION THREATS
https://mwi.usma.edu/data-as-a-weapon-psychological-operations-in-the-age-of-irregular-information-threats/
Tomi Engdahl says:
Log4j flaw: Thousands of applications are still vulnerable, warn security researchers
Cybersecurity researchers warn that insecure instances of Lo4j are still out there to be exploited – and are easy for attackers to discover.
https://www.zdnet.com/article/log4j-flaw-thousands-of-applications-are-still-vulnerable-warn-security-researchers/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13527-onko-sinunkin-salasanasi-123456
Tomi Engdahl says:
GitHub Announces Mandatory 2FA for Code Contributors
https://www.securityweek.com/github-announces-mandatory-2fa-code-contributors
Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023.
The Microsoft-owned platform has been supporting 2FA for years and is allowing users to use physical and virtual security keys, Time-based One-Time Password (TOTP) authenticator apps, and SMS as a second form of authentication. .
Tomi Engdahl says:
US Gov Issues Security Memo on Quantum Computing Risks
https://www.securityweek.com/us-gov-issues-security-memo-quantum-computing-risks
National security memo warns that quantum computing could jeopardize civilian and military communications, and defeat security protocols for most Internet-based financial transactions
The U.S. government is barreling ahead with plans to mitigate future threats from quantum computing with a new White House memo directing federal agencies to jumpstart an all-hands-on-deck approach to migrating to quantum-resistant technologies.
The security memo, released alongside a plan to promote U.S. leadership in quantum computing, directs specific actions for agencies to take during what is being described as a laborious, multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography.
“Research shows that at some point in the not-too-distant future, when quantum computers reach a sufficient size and level of sophistication, they will be capable of breaking much of the cryptography that currently secures our digital communications on the Internet,” the government warned.
Tomi Engdahl says:
For Smaller Enterprises Infrastructure Security Starts With Hygiene
https://www.securityweek.com/smaller-enterprises-infrastructure-security-starts-hygiene
The surge of cyber attacks in 2021 was a wake-up call for consumers, who felt the firsthand effects that can result from a breach. Lines at gas stations and the disruption of trucking, deliveries and related business activities that followed the breach of the Colonial Pipeline operators really drove home the fact that we’ve moved into a new era of cybercrime.
Criminal enterprises are targeting critical infrastructure in extortion schemes, thanks to cryptocurrency and prepaid cards that enable payoffs. The cyberthieves consider infrastructure low-hanging fruit, and defenders are playing catch-up because the definition of infrastructure is evolving fast. As more activities are digitized, IT infrastructure will become increasingly critical for business continuity much as traditional infrastructure components like the power grid are today.
We need to look at cyberattacks in a new way, focus on infrastructure threats, and get ahead of the curve. All it takes is clicking on one out of 100,000 phishing emails sent to open a back door to hackers which puts companies at a disadvantage. Businesses need to focus on the fundamentals, especially when it comes to network infrastructure, and small and mid-sized businesses (SMBs) in particular.
Organizations, especially SMBs, are outgunned and under-resourced. Many have security gaps because they can’t hire enough people for their security needs. Some estimates say more than 600,000 cyber security jobs open every year in the U.S., but there are 68 qualified prospects for each 100 open spots. Larger companies able to offer higher salaries and perks have the advantage in this job market. This leaves SMBs vulnerable; they may have automation and technology tools—even boosted with artificial intelligence and machine learning—but the talent shortage means they lack the human resources to make them work effectively.
Tomi Engdahl says:
Microsoft warns Exchange Online basic auth will be disabled
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-exchange-online-basic-auth-will-be-disabled/
Microsoft warned customers today that it will start disabling Basic Authentication in random tenants worldwide on October 1, 2022.
Tomi Engdahl says:
FBI says business email compromise is a $43 billion scam https://www.bleepingcomputer.com/news/security/fbi-says-business-email-compromise-is-a-43-billion-scam/
The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021.
Tomi Engdahl says:
Researchers uncover years-long espionage campaign targeting dozens of global companies https://therecord.media/operation-cuckoobees-apt41-cybereason-winnti-group/
Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department recently about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The organizations affected were not named in Cybereason’s report but allegedly include some of the largest companies in North America, Europe and Asia.
Cybereason tied the campaign to the prolific Winnti Group, also known as APT 41.
Tomi Engdahl says:
Nigerian Tesla: 419 scammer gone malware distributor unmasked https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked/
Agent Tesla is a well-known data stealer written in.NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call “Nigerian Tesla” that has been dabbling into phishing and other data theft activities for a number of years. Ironically, one of the main threat actors seemingly compromised his own computer with an Agent Tesla binary. In this blog, we expose some of the activities from a scammer who started off with classic advance-fee schemes and is now successfully running Agent Tesla campaigns. In the past two years, this threat actor was able to collect close to a million credentials from his victims.
Tomi Engdahl says:
Russian Invasion of Ukraine and Sanctions Portend Rise in Card Fraud https://www.recordedfuture.com/russian-invasion-of-ukraine-and-sanctions-portend-rise-in-card-fraud/
The Russian invasion of Ukraine has created a humanitarian crisis and caused immeasurable human suffering. In response, Western countries have imposed sanctions on Russia, and many global companies have chosen to cease or severely limit the scope of their operations in Russia. These measures have drastically limited the flow of financial transactions between Russia and the West. Unfortunately, from the perspective of card fraud one of the most pervasive forms of financially motivated cybercrime these measures do not prevent Russia-based threat actors from compromising payment cards or monetizing cards through cashout schemes.
Tomi Engdahl says:
Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative https://www.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/
The White House and U.S. Cybersecurity and Infrastructure Security Agency (CISA) have recently warned that Russia could launch disruptive cyberattacks against organizations in the U.S., NATO member countries and allies that support Ukraine. Unit 42 has documented related cyberattacks in Ukraine over the past month. Given that U.S. officials note that evolving intelligence points to potentially destructive cyberattacks, we feel it is essential to encourage all organizations, as soon as possible, to review your cybersecurity policies and incident response plans, as well as to enhance your security posture.
The article contains recommendations that organizations can quickly employ to put protections in place now, as well as some long-term ongoing cyber hygiene best practices.
Tomi Engdahl says:
Securing and Managing IoT and IoMT Devices in Healthcare https://www.paloaltonetworks.com/blog/2022/03/iot-iomt-devices-healthcare/
Unit 42 researchers at Palo Alto Networks recently analyzed crowdsourced data from security assessments of more than 200, 000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks. This topic is of critical concern for providers and patients because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data. The published findings show an alarming 75 percent of infusion pumps scanned had known security gaps that put them at heightened risk of being compromised by attackers. These shortcomings included exposure to one or more of some
40 known cybersecurity vulnerabilities, and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices.
Tomi Engdahl says:
Microsoft, Apple, and Google to support FIDO passwordless logins https://www.bleepingcomputer.com/news/security/microsoft-apple-and-google-to-support-fido-passwordless-logins/
Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. Once implemented, these new Web Authentication (WebAuthn) credentials (aka FIDO credentials) will allow the three tech giants’ users to log in to their accounts without using a password.
Tomi Engdahl says:
The VC View: The DevSecOps Evolution and Getting “Shift Left” Right
https://www.securityweek.com/vc-view-devsecops-evolution-and-getting-shift-left-right
As the world increasingly moves to the cloud and digital-everything, organizations’ risk postures have also changed. Embedding security into the business is the new, must-have approach and product security is the most seamless path to make it happen – led by the emergence of the engineering-centric CISO
Many top performers like Netflix, Github, Square have proven that integrating security into writing, building, and shipping code is one of the single most effective ways to improve overall security posture. That’s why mass adoption of DevSecOps is one of the biggest post-pandemic security trends.
Frankly, DevSecOps was already a hot topic pre-pandemic. As the quality and productivity benefits of DevOps have become well-established, layering in security and “shifting left” with DevSecOps followed as the next logical step.
However, even in 2022, many organizations are still in the early stages of their DevSecOps journey. Security is still often “the team of no”. Instead of being integrated into the SDLC from the start, security is tacked on post-deployment with vulnerability scanners and penetration tests.
Tomi Engdahl says:
https://content.netography.com/security-week-securing-the-atomized-network-video
Tomi Engdahl says:
https://www.fastcompany.com/90747119/video-doorbells-can-still-hear-us-even-when-we-cant-see-them
Tomi Engdahl says:
NIST updates guidance for defending against supply-chain attacks
https://www.bleepingcomputer.com/news/security/nist-updates-guidance-for-defending-against-supply-chain-attacks/
Tomi Engdahl says:
https://www.theregister.com/2022/05/03/aruba_avaya_critical_vulns/
Tomi Engdahl says:
https://blog.malwarebytes.com/cybercrime/2015/12/dns-hijacks-routers/
Tomi Engdahl says:
Alert (AA22-103A)
APT Cyber Tools Targeting ICS/SCADA Devices
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
Tomi Engdahl says:
A clearer lens on Zero Trust security strategy: Part 1
https://www.microsoft.com/security/blog/2022/04/14/a-clearer-lens-on-zero-trust-security-strategy-part-1/
Today’s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means.
This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the ground of reality.
Tomi Engdahl says:
Industroyer2: Industroyer reloaded
This ICS-capable malware targets a Ukrainian energy company
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
Critical infrastructure: Under cyberattack for longer than you might think
Lessons from history and recent attacks on critical infrastructure throw into sharp relief the need to better safeguard our essential systems and services
https://www.welivesecurity.com/2022/04/21/critical-infrastructure-cyberattack-longer-think/
Tomi Engdahl says:
https://go.kaspersky.com/rs/kaspersky1/images/Kaspersky_ICS_Security_Survey_2022.pdf
Tomi Engdahl says:
https://corellia.fi/ovatko-tiedostosi-viela-k-asemalla-hyvassa-tallessa-tai-hukassa/
Tomi Engdahl says:
Cloudflare Flags Largest HTTPS DDoS Attack It’s Ever Recorded
This scale of this month’s encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.
https://www.darkreading.com/attacks-breaches/cloudflare-flags-largest-https-ddos-attack-it-s-ever-recorded
Tomi Engdahl says:
https://securityintelligence.com/posts/electron-application-attacks/
Tomi Engdahl says:
https://hackersonlineclub.com/malware-analysis/