Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
https://www.analyticsinsight.net/predictive-analytics-could-very-well-be-the-future-of-cybersecurity/
Tomi Engdahl says:
https://portswigger.net/daily-swig/socket-new-tool-takes-a-proactive-approach-to-prevent-oss-supply-chain-attacks
Tomi Engdahl says:
https://www.ctrl.blog/entry/selinux-unmanageable.html
Tomi Engdahl says:
https://www.usatoday.com/story/tech/columnist/komando/2022/04/28/how-check-if-someone-spying-your-pc-mac/7425278001/
Tomi Engdahl says:
Everything you need to know to create a Vulnerability Assessment Report
https://thehackernews.com/2022/04/everything-you-need-to-know-to-create.html
Tomi Engdahl says:
Something has to be done about the quantum computer security threat
By Chris Szewczyk published 9 days ago
Remember Y2K? It’s time to prepare for Y2Q
https://www.pcgamer.com/something-has-to-be-done-about-the-quantum-computer-security-threat/
Tomi Engdahl says:
https://thehackernews.com/2022/04/us-cybersecurity-agency-lists-2021s-top.html
Tomi Engdahl says:
https://unredactedmagazine.com/contribute.html
Tomi Engdahl says:
https://www.analyticsinsight.net/is-it-the-right-time-to-choose-a-career-in-ethical-hacking/
Tomi Engdahl says:
Security-as-Code Gains More Support, but Still Nascent
https://www.darkreading.com/cloud/security-as-code-gains-more-support-but-still-nascent
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.
Tomi Engdahl says:
Hackers stole data undetected from US, European orgs since 2019
https://www.bleepingcomputer.com/news/security/hackers-stole-data-undetected-from-us-european-orgs-since-2019/
The Chinese hacking group known as ‘Winnti’ has been stealthily stealing intellectual property assets like patents, copyrights, trademarks, and other corporate data – all while remaining undetected by researchers and targets since 2019.
Winnti, also tracked as APT41, is an advanced and elusive cyber-espionage group that is believed to be backed by the Chinese state and operates on behalf of its national interests.
Operation CuckooBees
This criminal operation is known as ‘Operation CuckooBees’ and was discovered by analysts at Cybereason, who revealed new malware deployed by the notorious group of hackers, the mechanisms they leverage for intrusion, and the intricate payload delivery methods they use.
A stealthy operation
The infection chain observed in Operation CuckooBees begins with exploiting known and zero-day vulnerabilities in ERP platforms used by the targets.
Winnti establishes persistence via an encoded WebShell, by abusing the WinRM protocol for remote access, the IKEEXT and PrintNotify Windows services for DLL side-loading, or by loading a signed kernel rootkit.
Once they gain a foothold on networks, the hackers perform reconnaissance using built-in Windows commands like ‘systeminfo’, ‘net start’,’ net user’, and ‘dir c:\’, that are unlikely to trigger any alerts for suspicious activity, even when run in batch files via a Scheduled Task.
For credential dumping, Winnti uses either the ‘reg save’ command to save the stolen passwords in a safe place or a variant of a previously undocumented tool named ‘MFSDLL.exe.’
For lateral movement, the hackers continue to abuse the Windows Scheduled Tasks along with a set of special batch files.
Finally, for the data collection and exfiltration, the threat actors deploy a portable command-line WinRAR app that features a valid digital signature and uses “rundll32.exe” for its executable.
What stands out in Cybereason’s report is a new Winnti malware dubbed “DEPLOYLOG” and the method of abuse of the Windows CLFS (Common Log File System) mechanism for payload concealing.
CLFS is an internal logging system for Windows OSes, which uses a proprietary file format that’s only accessible through the system’s API functions. As such, its log files are skipped by AV scanners while human inspectors don’t have a tool that can parse them.
Tomi Engdahl says:
BPFDoor an active Chinese global surveillance tool
https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen, a Chinese threat actor group. BPFDoor is interesting. It allows a threat actor to backdoor a system for remote code execution, without opening any new network ports or firewall rules. For example, if a webapp exists on port 443, it can listen and react on the existing port 443, and the implant can be reached over the webapp port (even with the webapp running). This is because it uses a BPF packet filter.
Operators have access to a tool which allows communication to the implants, using a password, which allows features such as remotely executing commands. This works over internal and internet networks.
Because BPFDoor doesn’t open any inbound network ports, doesn’t use an outbound C2, and it renames its own process in Linux (so ps aux, for example, will show a friendly name) it is highly evasive.
Tomi Engdahl says:
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/
In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
Tomi Engdahl says:
Former Estonian president on defending against Russian cyberattacks https://therecord.media/former-estonian-president-on-defending-against-russian-cyberattacks/
The former president of Estonia is sounding the alarm that, even if after Russia’s war on Ukraine comes to end, the U.S. and the rest of the world cannot ignore the threat posed by Moscow. “We cannot let our attention wane just when the fighting ends. Neither in cyber, nor in conventional, ” Kersti Kaljulaid told The Record on Thursday after her fireside chat at the Vanderbilt University Summit on Modern Conflict and Emerging Threats. Kaljulaid, whose country was the victim of landmark digital assault by Russia in 2007 that rocked the former Soviet satellite state for weeks, came to the conference with two recent examples of the danger:. Estonia’s government services experienced increased cyberattacks during the recent “Locked Shields”
digital exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence. A wall of the Tallinn-based hub was also defaced with graffiti.
Tomi Engdahl says:
Ransomware: April 2022 review
https://blog.malwarebytes.com/threat-intelligence/2022/05/ransomware-april-2022-review/
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022 was most notable for the emergence of three new ransomware-as-a-service (RaaS) groupsOnyx, Mindware, and Black Bastaas well as the unwelcome return of REvil, one of the world’s most notorious and dangerous ransomware operations.
Tomi Engdahl says:
Steer clear of fake premium mobile app unlockers https://blog.malwarebytes.com/scams/2022/05/steer-clear-of-fake-premium-mobile-app-unlockers/
A site has been bouncing around YouTube comments for the past couple of weeks. The site sometimes changes, the messages alter slightly, but the essence remains the same: In all cases, people acting in suspiciously automated fashion ask if everyone is using this “glitch”
or generator without ever clarifying what, exactly, either of them are, or do. The site offers “tweaked apps”, apparently available with a single click and requiring “no jailbreak, no root.” That’s what they claim, anyway. There’s an OnlyFans Premium, Netflix Premium, a Pokemon Go Spoofer Injector, Robux Generator, and many more.
Threat report on application stores – the risks associated with the use of official and third party app stores https://www.ncsc.gov.uk/report/threat-report-on-application-stores
Over the last decade there has been an enormous increase in the availability and use of smartphones and smart devices. Many of these devices feature application stores (‘app stores’), which allow users to download additional applications and content. The vast majority of users, particularly on mobile platforms, download apps via these app stores. Since there is a great variety of devices (and supporting app stores), there are a number of disparate and complex security issues that that can expose consumers and enterprises to online threats. This report summarises the risks associated with the use of official and third party app stores. It includes links to detailed guidance that describe how to mitigate the main threats.
Tomi Engdahl says:
Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/
Cobalt Strike is commercial threat emulation software that emulates a quiet, long-term embedded actor in a network. This actor, known as Beacon, communicates with an external team server to emulate command and control (C2) traffic. Due to its versatility, Cobalt Strike is commonly used as a legitimate tool by red teams but is also widely used by threat actors for real-world attacks. Different elements of Cobalt Strike contribute to that versatility, including the encoding algorithm that obfuscates metadata sent to the C2 server. In this blog post, we will go through the encoding algorithm, describe definitions and differences of encoding types used in the Cobalt Strike framework, and cover some malicious attacks seen in the wild. In doing so, we demonstrate how the encoding and decoding algorithm works during the
C2 traffic communication, and why this versatility makes Cobalt Strike an effective emulator for which it is difficult to design traditional firewall defenses.
Tomi Engdahl says:
US State Department offering $10 million reward for information about Conti members https://therecord.media/us-state-department-offering-10-million-reward-for-information-about-conti-members/
The U.S. State Department is offering $10 million for any information that leads to the identification or location of people connected to the notorious Conti ransomware gang. An additional $5 million reward is also being offered for any information that leads to the arrest or conviction of a Conti member.
Tomi Engdahl says:
macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis https://www.crowdstrike.com/blog/how-crowdstrike-analyzes-macos-malware-to-optimize-automated-detection-capabilities/
Understanding the threat landscape and how threats behave is the first step CrowdStrike researchers take toward strengthening customer protection. They based the following threat landscape analysis on internal and open source data, which revealed that in 2021 the most commonly encountered macOS malware types were ransomware (43%), backdoors (35%) and trojans (17%). Each category is powered by a different motive: ransomware by money, backdoors by remote access and trojans by data theft.
Tomi Engdahl says:
China Not Happy With South Korea Joining NATO Cyber Defense Center
https://www.securityweek.com/china-not-happy-south-korea-joining-nato-cyber-defense-center
NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) announced on Thursday that South Korea, Canada and Luxembourg have become members.
South Korea is the first Asian country to join the Tallinn, Estonia-based cyber defense unit. While South Korea is not a NATO member, the two have been collaborating in several areas, including cyber defense.
Following the announcement that South Korea joined the CCDCOE, Hu Xijin, former editor-in-chief at China’s Global Times, warned South Korea in a message posted on Twitter.
“If South Korea takes a path of turning hostile against its neighbors, the end of this path could be a Ukraine,” said Xijin, whose account is flagged by Twitter as “China state-affiliated media.”
Tomi Engdahl says:
Amazon’s Shuttering of Alexa Ranking Service Hits Cybersecurity Industry
https://www.securityweek.com/impact-alexa-ranking-service-shutdown-cybersecurity-industry
Amazon has shut down Alexa.com. While it may not be immediately obvious, the decision to kill off the popular web traffic analysis and website ranking service does have some impact on the cybersecurity industry.
When accessing alexa.com, users are now greeted by an end of service notice that says the site was retired on May 1, 2022.
Alexa was founded in 1996 and it was acquired by Amazon in 1999. Amazon announced its decision to retire the service in December 2021. The Alexa Top Sites and Web Information Service APIs will be retired on December 15, 2022. Amazon did not share any details on why it shut down Alexa, only saying that it was a “difficult decision.”
One of the most popular Alexa services was “Top Sites,” which provided free lists of websites ordered by Alexa traffic rank.
The Alexa Top 1 Million list has been used by many in the cybersecurity industry, including to analyze the security practices and posture of the world’s most popular websites, and to create lists of sites that can be trusted.
Tomi Engdahl says:
Tech Giants Unite in Effort to Scrap Passwords
https://www.securityweek.com/tech-giants-unite-effort-scrap-passwords
Tech Giants Unite in Effort to Scrap Passwords
https://www.securityweek.com/tech-giants-unite-effort-scrap-passwords
Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard
In celebration of 2022 Word Password Day, Apple, Google and Microsoft announced plans to expand support for a sign-in standard from the FIDO alliance and the World Wide Web Consortium (W3C) that aims to eliminate passwords altogether.
The passwordless sign-in involves the use of a FIDO credential called passkey, which is stored on a phone. When signing into a website, users would need to have their phone nearby, as they will have to unlock it for access.
“Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google explains.
Tomi Engdahl says:
One step closer to a passwordless future
https://blog.google/technology/safety-security/one-step-closer-to-a-passwordless-future/
Today passwords are essential to online safety, but threats like phishing, scams, and poor password hygiene continue to pose a risk to users. Google has long recognized these issues, which is why we have created defenses like 2-Step Verification and Google Password Manager.
However, to really address password problems, we need to move beyond passwords altogether, which is why we’ve been setting the stage for a passwordless future for over a decade.
Today, in honor of World Password Day, we’re announcing a major milestone in this journey: We plan to implement passwordless support for FIDO Sign-in standards in Android & Chrome. Apple and Microsoft have also announced that they will offer support for their platforms. This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password. These capabilities will be available over the course of the coming year.
How will a passwordless future work?
When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore.
Instead, your phone will store a FIDO credential called a passkey which is used to unlock your online account. The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone.
To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.
Tomi Engdahl says:
By end of 2023, GitHub to force code contributors to use two-factor authentication
https://therecord.media/github-two-factor-authentication-2023/
GitHub said Wednesday that it plans to require any user who contributes code on the platform to enroll in two-factor authentication by the end of 2023.
The Microsoft-owned company has about 83 million developers on its platform, and GitHub Chief Security Officer Mike Hanley said they can be “frequent targets for social engineering and account takeover.”
Tomi Engdahl says:
Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus
https://www.recordedfuture.com/ghostwriter-in-the-shell/?__hstc=156209188.c8ff4f77b79eecac2dec4077778e3ab4.1649913118632.1649913118632.1652076867062.2&__hssc=156209188.1.1652076867062&__hsfp=2577339389
This research expands on Mandiant’s public attribution of UNC1151 and Ghostwriter activity to entities in Belarus and describes Russian military organizational influence in Minsk, substantiating a likely nexus to Russian interests. The time frame for our research spans between March 2017 through the present and employs data from the Recorded Future Platform with open source enrichment.
Tomi Engdahl says:
https://therecord.media/former-estonian-president-on-defending-against-russian-cyberattacks/
Tomi Engdahl says:
Mark Gurman / Bloomberg:
Opinion: Apple has the technical chops to safely open up its NFC chip for third party payments apps, and the main reason it is not doing it is the revenue
Apple Keeps Its Tap-to-Pay Feature to Itself to Protect Revenue
https://www.bloomberg.com/news/newsletters/2022-05-08/can-third-party-banks-and-apps-use-apple-aapl-iphone-nfc-for-tap-to-pay-l2xckg5e
Apple’s latest antitrust battle is all about Apple Pay and how the company reserves the tap-to-pay feature for its own service. Also: Apple hires a big name from Ford for its car project, and employees continue to push back on an office return.
After facing mounting antitrust scrutiny in recent years—from both App Store developers and government regulators—Apple Inc. has started to loosen up.
Two years ago, the company began letting users choose third-party web browser or email apps as their system default. That means when you click a link in Messages, you can have those launch in Chrome instead of Safari. Or when you want to click an email address, you can have the new message window open up in Microsoft Outlook instead of Apple Mail.
The key thing about these changes, though, is that most of them were forced on Apple. The U.S. government and others questioned why users couldn’t switch default apps. Spotify Technology SA attacked Apple left and right over its practices. And the change to subscription app payments was part of a settlement with Japan’s trade commission. The ruling in Apple’s case with Epic Games Inc. also helped push the company in this direction.
Apple’s next antitrust battle is over payments. More specifically, its control of the iPhone chip that handles NFC, or near field communications. For now, iPhone users must use Apple Pay if they want to buy something via phone tap, and that’s been increasingly frustrating to rival financial apps.
Apple’s policy means PayPal and Square—as well as financial institutions like Chase, Citi and American Express—can’t launch tap-to-pay iPhone apps with their own features and interface. It also means if they want to access the iPhone user base, they must pay an up-to-0.15% fee for every Apple Pay credit card transaction.
This issue isn’t new (I first covered it more than two years ago), but the European Union is now throwing its weight into the fight by making a formal antitrust complaint.
There’s a reason Apple doesn’t want to open up its tap-to-pay feature to third-party apps, and that’s revenue.
Today, sales from Apple Pay and other financial services are a small slice of the company’s services business. I’ve seen estimates of Apple Pay bringing in north of $1 billion per year on fees, compared with the nearly $20 billion a quarter Apple now makes from services overall.
While $1 billion per year may seem small for Apple, that could be the difference between reaching or not reaching annual growth targets in the services segment.
The bigger concern is future revenue. Visa Inc. said earlier this year that 20% of its U.S. transactions are contactless. Imagine what that ratio will be in three, five or 10 years. If Apple gives the tap-to-pay option to third-party apps today, the current impact might just be a couple of hundred million dollars. In the future, though? It might be many billions.
Apple says its insistence on reserving tap-to-pay capabilities for Apple Pay isn’t about money, but rather about privacy and security. The company says that opening up NFC could harm its system and pointed to a report from 2016 that said NFC access on Android has been compromised by hackers.
It’s hard to believe that the user experience and security are the only elements being considered here, though. Chief Executive Officer Tim Cook said during the Epic Games trial that even if Apple were to open up its payment system, the company would still ask developers to pay a commission retroactively.
Apple has the technical chops to figure out a safe way to free up its NFC capabilities to outside services.
After all, the company is already planning to do just that for merchants, which will be able to use the tap-to-pay feature to accept certain credit cards and smartphones via third-party apps. In other words, Apple will let users take payments via NFC but not make them. The company also has opened up NFC for scanning physical items and unlocking doors.
While I do agree that Apple Pay is probably far more convenient than anything third-party banks may come up with, I don’t see the harm for consumers to at least have the option.
With the European Commission threatening fines, Apple may ultimately be forced yet again to make a change.
Tomi Engdahl says:
Ina Fried / Axios:
If Roe v. Wade gets overturned, any location and search data about users collected by tech companies might be used in abortion-related criminal prosecutions — The treasure troves of data tech companies have spent decades accumulating could put them right in the middle of efforts …
Without Roe, data will become a company headache and a user nightmare
https://www.axios.com/2022/05/06/data-company-headache-user-nightmare-abortion-roe
The treasure troves of data tech companies have spent decades accumulating could put them right in the middle of efforts to prosecute people if the Supreme Court eliminates federal guarantees of abortion rights.
Why it matters: If Monday’s leaked draft opinion becomes law, court orders could soon arrive at tech firm offices seeking info about individuals searching for emergency contraception, those seen near a suspected abortion clinic and more.
The big picture: Mass data collection and the potential for a surveillance state has been a growing, if largely abstract concern. But the seemingly imminent end to guaranteed legal access to abortion spotlights a specific risk such data can pose right now.
Tech companies generally say they will protect user data but comply with data demands required by local laws in countries where they operate.
What they’re saying: While tech companies were loath to talk on the record about how they might address such legal requests in post-Roe v. Wade abortion cases, lawyers and other executives at several companies are definitely having these discussions.
And privately, many tech employees said they were glad the topic was finally being discussed.
etween the lines: Law enforcement and prosecutors have multiple ways to get many different kinds of data, including location data, search requests and purchase history.
Bulk vs. individual: Law enforcement requests could come in the form of seeking data for a specific person or seeking, say, all people who were near a particular clinic, or maybe all out-of-state residents near a particular clinic.
Tech companies have a track record of fighting bulk collection efforts more forcefully, for example, than do cellular providers, says Jennifer Granick, the ACLU’s surveillance and cybersecurity counsel.
Lawful order vs. buying data: Right now there are no rules requiring law enforcement to obtain a court order for data they can purchase, and there’s a lot of very personal information being sold by data brokers.
A bill called the Fourth Amendment is Not For Sale Act has been introduced in Congress to bar this practice. For now, though, plenty of data is on the market, including some specifically related to abortion.
Medical data: In addition to non-medical information such as location, shopping and search data, medical records themselves could be targeted. And those records are far more digitized than they were in the pre-Roe era.
While HIPAA restricts how providers share medical information, it doesn’t prevent them from sharing it with law enforcement. “I don’t think people can rely on HIPAA as being a defense in these cases if there were a criminal prosecution,” Granick said.
Be smart: It’s not just people who have abortions who may find themselves the subject of investigations.
Tomi Engdahl says:
Brenda Goh / Reuters:
China orders internet services to tighten controls to stop under-18s from tipping live streamers or becoming live streamers themselves without guardian consent
China orders livestreaming platforms to step up oversight of underage users
https://www.reuters.com/world/china/china-bar-minors-tipping-livestreamers-2022-05-07/
SHANGHAI, May 7 (Reuters) – China on Saturday ordered internet platforms to step up governance of how under-18s use their livestreaming services as part of an ongoing regulatory crackdown on the booming sector.
The platforms need to step up controls to stop underage users from tipping livestreamers or becoming livestreamers themselves without guardian consent, the National Radio and Television Administration said in a statement.
They will also need to strengthen the management of peak hours for such shows and shows will need to be “forcibily” turned off by 10 p.m. local time for users of their parental control “youth mode” functions, it aded.
The orders come after China last month launched a two-month special campaign to clean up “chaos” in online livestreaming and short video businesses, part of a broader plan to promote what is deemed as appropriate and legal content.
Tomi Engdahl says:
Regulator Proposes $1 Million Fine for Colonial Pipeline One Year After Cyberattack
https://www.securityweek.com/regulator-proposes-1-million-fine-colonial-pipeline-one-year-after-cyberattack
One year after Colonial Pipeline was hit by a highly disruptive cyberattack, the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) wants the company to pay a fine of nearly $1 million over failures that allegedly worsened the impact of the hack.
The PHMSA has proposed civil penalties of $986,000 for the operator of the largest fuel pipeline in the US for what it has described as control room management failures.
In May 2021, Colonial Pipeline was forced to shut down operations after its systems became infected with ransomware. The attack involved the Russia-linked Darkside ransomware and it had significant implications, including states declaring a state of emergency, temporary gas shortages caused by panicked motorists stocking up, and gas price hikes.
The pipeline was restarted five days after the attack was discovered. The company confirmed that it paid the cybercriminals for a tool designed to help it recover files encrypted by the ransomware, but that tool was ultimately not enough to immediately restore systems.
Tomi Engdahl says:
Nokia avaa kyberturvalaboratorion Dallasiin
https://etn.fi/index.php/13-news/13545-nokia-avaa-kyberturvalaboratorion-dallasiin
Nokia kertoo avaavansa Advanced Security Testing and Research (ASTaR) -laboratorion Teksasin Dallasiin. Yksikkö on ensimmäinen päästä päähän -tyyppinen 5G-testauslaboratorio Yhdysvalloissa, joka keskittyy yksinomaan kyberturvallisuuteen.
ASTaR-laboratorion kokonaisvaltainen lähestymistapa turvallisten ratkaisujen ja mahdollisten verkkouhkien lieventämiskeinojen tutkimiseen ja testaamiseen ylittää yksittäisten verkkoelementtien tarkastelun ja keskittyy myös laajempaan verkon käyttö- ja väärinkäyttöskenaarioihin.
Nokia muistuttaa, että 5G-aikakaudella turvallisuusuhkien laajuus muuttuu verkkojen ylettäessä kaikkialle. Hakkereille, valtion toimijoille ja yritysten vakoilulle on tarjolla lisää hyökkäysväyliä monentyyppisten yhteentoimivien päätepisteiden, avoimen lähdekoodin ohjelmistojen laajan käytön ja 5G:n laajamittaisen käytön vuoksi useilla eri aloilla. Verkon tietoturvan joustavuus on säilytettävä, koska hyökkäysskenaariot muuttuvat jatkuvasti.
Tomi Engdahl says:
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
The cybercriminal economy is a continuously evolving connected ecosystem of many players with different techniques, goals, and skillsets. In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves. This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks.
Tomi Engdahl says:
Security researcher uses exploits in ransomware to block encryption https://www.techspot.com/news/94464-security-researcher-uses-exploits-ransomware-block-encryption.html
Malware works by exploiting vulnerabilities in software and hardware.
However, malware itself is also software, and inevitably has its own vulnerabilities. One security researcher has started taking advantage of this by publishing exploits using vulnerabilities in multiple strains of ransomware.
Tomi Engdahl says:
SEO Poisoning A Gootloader Story
https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initial access vector. The intrusion lasted two days and comprised discovery, persistence, lateral movement, collection, defense evasion, credential access and command and control activity. During the post-exploitation phase, the threat actors used RDP, WMI, Mimikatz, Lazagne, WMIExec, and SharpHound. The threat actors then used this access to review sensitive documents.
Tomi Engdahl says:
Microsoft Flexes Security Vendor Muscles With Managed Services
https://www.securityweek.com/microsoft-flexes-security-vendor-muscles-managed-services
News Analysis: As organizations struggle with staff shortages and a surge in dangerous malware attacks on Windows, Redmond is positioning itself as an end-to-end managed services security vendor. Can Microsoft overcome its own security problems?
A little more than a year after raising eyebrows with a public boast that annual cybersecurity-related revenues had hit the $10 billion mark, Microsoft is making a new set of moves to capture a larger slice of the security spending pie.
The Redmond, Wash. software giant on Monday rolled out a new suite of new managed services — called Microsoft Security Experts — aimed at the mid-market, betting that short-staffed organizations will need outside help to reduce bloating attack surfaces and mitigate an ongoing surge in dangerous malware attacks.
Tomi Engdahl says:
Worried that quantum computers will supercharge hacking, White House calls for encryption shift
National security memo envisions new cryptographic approach starting in 2024
https://www.science.org/content/article/worried-quantum-computers-will-supercharge-hacking-white-house-calls-encryption-shift
Tomi Engdahl says:
Client side scanning may cost more than it delivers https://blog.malwarebytes.com/privacy-2/2022/05/client-side-scanning-may-cost-more-than-it-delivers/
On May 11, 2022, the EU will publicize a proposal for a law on mandatory chat control. The European Commission wants all providers of email, chat and messaging services to search for suspicious messages in a fully automated way and forward them to the police in the fight against child pornography.
Tomi Engdahl says:
YL Ventures Closes $400 Million Cybersecurity Investment Fund
https://www.securityweek.com/yl-ventures-closes-400-million-cybersecurity-investment-fund
Israeli venture capital outfit plans to invest in seed-stage rounds of approximately 10 cybersecurity startups at a pace of 3 startups per year
YL Ventures, an active venture capital firm that focuses on early-stage cybersecurity startups, has closed a new $400 million fund and announced plans to ramp up investments in Israel’s security technology sector.
The Tel Aviv-based firm, which counts red-hot companies like Axonius and Orca Security among its portfolio, said the closing of its fifth fund brings the total capital under management to $800 million.
Tomi Engdahl says:
7 Steps to Start Reducing Risk to Your Critical Infrastructure Quickly
https://www.securityweek.com/7-steps-start-reducing-risk-your-critical-infrastructure-quickly
Protecting critical infrastructure is an ongoing process and it is never too late to get started. Fortunately, there are seven immediate steps you can take to put your organization on the path toward better situational awareness and risk reduction.
1. Capitalize on your strengths. Executives and boards have internalized the lessons learned from high-profile cyberattacks. According to a global survey conducted by Pollfish in September 2021, more than 50% of organizations report executives and boards becoming very involved in cybersecurity decision-making and oversight and more than 80% report an increase in IT and operational technology (OT) security budgets over the past two years. This increased attention can lead to more productive budget discussions as all stakeholders are aligned on the risk. It’s a good time to seek more funding because cybersecurity is no longer considered an expense, but a competitive advantage.
Defenders can use this position of strength to move quickly to leverage the greatest advantage they have, knowing their networks better than the adversary. Having visibility into all assets is an excellent first step to prepare proactively and focus on addressing likely paths of attack. Consider all systems and devices including the Extended IoT (XIoT), which includes OT/Industrial IoT (IIoT), Internet of Medical Things (IoMT), and enterprise IoT. This can take time so prioritize the most critical processes, machines, and devices for the greatest payoff.
2. Coalesce the team. Instead of starting down the path of creating a separate OT governance process and Security Operations Center (SOC), which introduces risk and delays, common best practice is to centralize responsibility and accountability for securing the OT environment under the CISO. IT and OT teams can work together, leveraging existing best practices and technology used in IT environments and only adding incremental OT-specific capabilities to cover the totality of the network. Approaching risk management and governance processes holistically allows the CISO to execute an enterprise-wide risk management strategy more efficiently and effectively.
3. Assess and improve your security posture. With visibility into assets, you can understand security gaps and mitigate risks such as vulnerabilities and misconfigurations. As the joint CSA suggests, prioritize patching known exploited vulnerabilities. In instances where patching isn’t possible or practical, such as with legacy systems, identify and implement compensating controls such as firewall rules and access control lists. Understanding your level of exposure will help you decide where to focus your resources and budget to prioritize crown jewels protection.
4. Revisit the basics. If you haven’t provided end-user awareness and training in the last few months, now is the time for an update. With an ever-expanding attack surface due to hybrid work models and increased inter-connectivity, many attacks are leveraging smart social engineering techniques to gain a foothold in organizations. Make sure your team stays up to date on those. The strength of your technology defense stack is irrelevant if an employee gets spearphished.
Also, ensure that your cyber hygiene extends to XIoT devices. This includes the use of strong passwords (and not sharing passwords amongst different users, a practice that is common in industrial operations), a password vault, and multi-factor authentication. The Cybersecurity and Infrastructure Security Agency (CISA) has a number of no-cost hygiene tools, including scanning and testing to help reduce exposure to threats.
5. Control access and communications. Audit your network segmentation to ensure you have IT/OT segmentation, which reduces the chance of an attack on the IT network spreading to the OT network. In addition, virtual segmentation within the OT environment is a cost-effective and efficient way to establish what “normal” looks like and be alerted to lateral movement as malicious actors try to establish a presence, jump zones, and move across the environment. And if remote operations need direct access to the OT networks, make sure this is done through a secure remote access connection with strict controls over users, devices, and sessions.
6. Monitor systems. Sophisticated attacks require extensive preparation by adversaries and usually take a significant amount of time to carry out, with lots of lateral movement. Agentless solutions that are purpose-built for continuous threat monitoring across the OT network can be implemented quickly and can provide early warning indicators of compromise, so you can get ahead of threats and take the necessary steps to mitigate risk.
7. Build Preparedness. Tabletop exercises of likely scenarios are an effective way to gain a deeper understanding of organizational and technical preparedness. Use the learnings to create an improved incident response plan. If not already in place, formalize partnerships with incident response and legal firms. In the face of an attack, you’ll receive better, faster counsel if firms already know your key internal stakeholders and teams, have visibility into existing IT and OT infrastructure and controls, and understand your business and risk profile.
Tomi Engdahl says:
Cybersecurity—More Important than Ever
May 18, 2021
The threat of cyberattacks seemingly becomes more ominous every passing day. Learn about the different types of vulnerabilities and methods of defeating such attacks in this TechXchange library.
https://www.electronicdesign.com/techxchange/editorial/whitepaper/21164543/electronic-design-cybersecuritymore-important-than-ever?utm_source=EG+ED+Auto+Electronics&utm_medium=email&utm_campaign=CPS220502084&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
Tomi Engdahl says:
Seitsemän kymmenestä jakaisi henkilökohtaisia tietojaan, jos saisi alennusta
https://etn.fi/index.php/13-news/13556-seitsemaen-kymmenestae-jakaisi-henkiloekohtaisia-tietojaan-jos-saisi-alennusta
Data on kultaakin kalliimpaa ja henkilökohtaisen datan suojaamisesta meidän kaikkien pitäisi olla hyvin tarkka. Atlas VPN:n mukaan totuus on lähes päinvastainen. Seitsemän kymmenestä olisi valmis luovuttamaan henkilökohtaisia tietojaan alennuskoodia vastaan.
Atlas VPN:n havaintojen mukaan 73 prosenttia kuluttajista antaisi vähintään yhden henkilökohtaisen tiedon sovellukselle tai verkkosivustolle vastineeksi 20 dollarin alennuskoodista. Lisäksi 52 prosenttia ihmisistä uskoo, että online-yksityisyyttä ei ole olemassa.
Tomi Engdahl says:
Alert (AA22-131A) – Protecting Against Cyber Threats to Managed Service Providers and their Customers https://www.cisa.gov/uscert/ncas/alerts/aa22-131a
This joint Cybersecurity Advisory (CSA) provides actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.
Tomi Engdahl says:
New ransomware trends in 2022
https://securelist.com/new-ransomware-trends-in-2022/106457/
Tomi Engdahl says:
Aaron Gordon / VICE:
A San Francisco Police department training document notes that video footage from continuously recording autonomous vehicles can be obtained as evidence
San Francisco Police Are Using Driverless Cars as Mobile Surveillance Cameras
https://www.vice.com/en/article/v7dw8x/san-francisco-police-are-using-driverless-cars-as-mobile-surveillance-cameras
“Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads,” an internal training document states.
For the last five years, driverless car companies have been testing their vehicles on public roads. These vehicles constantly roam neighborhoods while laden with a variety of sensors including video cameras capturing everything going on around them in order to operate safely and analyze instances where they don’t.
While the companies themselves, such as Alphabet’s Waymo and General Motors’ Cruise, tout the potential transportation benefits their services may one day offer, they don’t publicize another use case, one that is far less hypothetical: Mobile surveillance cameras for police departments.
“Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads,” says a San Francisco Police department training document obtained by Motherboard via a public records request. “Investigations has already done this several times.”
The document released to Motherboard is a three-page guide for how officers should interact with autonomous vehicles (AVs), especially ones that have no human driver inside. It outlines basic procedures such as how to interact with the vehicles (”Do not open the vehicle for non-emergency issues” and ”Do not pull vehicles over unless a legitimate law enforcement action exists”) as well as whether to issue a citation for a moving violation for a car with no human driver (”No citation can be issued at this time if the vehicle has no one in the driver’s seat” but an incident report should be written instead). And the section titled “Investigations” has two bullet points advising officers of their usefulness in collecting footage.
Privacy advocates say the revelation that police are actively using AV footage is cause for alarm.
“This is very concerning,” Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard. He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data from capturing the details of the world around them. “So when we see any police department identify AVs as a new source of evidence, that’s very concerning.”
Waymo and Cruise are the two AV companies mentioned in the training document, although more have permits to test driverless cars in California (the state grants permission through the DMV, not the city). A Waymo spokesperson told Motherboard the company “requires law enforcement agencies who seek information and data from Waymo to follow valid legal processes in making such requests (e.g. secure and present a valid warrant, etc.). Our policy is to challenge, limit or reject requests that do not have a valid legal basis or are overly broad.”
Privacy advocates and researchers have long warned about the implications of increasingly sophisticated cars, but many of these warnings are essentially extensions of the privacy concerns of smartphones, where consumer technology tracks your movements and behavior, anonymizes it, and sells it to third parties in a manner that can be reverse-engineered to identify individuals. They rarely imagine a scenario where cars on the road are constantly recording the world around them for later use by police departments.
It is the combination of using fixed location camera networks with rolling networks of autonomous vehicle cameras and data that scares privacy advocates most. “The holistic outcome of these combined moving and fixed networks is a threat that is greater than the sum of its parts,” Schwartz said. “Working together, [they can] more effectively turn our lives into open books.”
Tomi Engdahl says:
Email Security Vendors Score Billion-Dollar Valuations
https://www.securityweek.com/email-security-vendors-score-billion-dollar-valuations
Material Security, a startup jostling for space in the crowded email security market, has banked $100 million in new venture capital funding as investors continue to attach billion-dollar valuations to early stage cybersecurity vendors.
The brainchild of ex-Dropbox engineers Ryan Noon, Abhishek Agrawal and Chris Park, Material said the Series C financing values the company at $1.1 billion just two years after rolling out its first product.
Material’s funding round comes just 24 hours after direct competitor Abnormal Security announced the closing of a $210 million funding round (valuation $4 billion) and signals a continued willingness of venture capital firms to make big bets on startups addressing the email security problem.
Material and Abnormal are among a slew of well-heeled startups looking to shave market share away from incumbents like Proofpoint, Mimecast and Forcepoint and find profits in adding an extra layer of protection to cloud email infrastructure.
Tomi Engdahl says:
The Importance of Wellness for Security Teams
https://www.securityweek.com/importance-wellness-security-teams
With the talent shortage in security, employers need to use a variety of tools to recruit and retain top talent
In recent years, many companies have begun looking much more closely at employee wellness. Companies are concerned about employee physical, mental, and emotional health, stress levels, burnout, and a number of other factors. In addition, since the labor market is quite competitive in most industries, employers are seeking creative ways to recruit and retain top talent.
There are perhaps few fields where the talent shortage is felt more acutely than in the security field. In addition to helping security teams recruit and retain the talent they need, employee wellness brings other benefits.
Tomi Engdahl says:
https://www.securityweek.com/7-steps-start-reducing-risk-your-critical-infrastructure-quickly
Tomi Engdahl says:
https://www.securityweek.com/overcoming-cybersecurity-recruiting-challenges
Tomi Engdahl says:
The list of the top 15 most exploited security flaws is available below, with links to National Vulnerability Database entries and associated malware.
Cybersecurity agencies reveal top exploited vulnerabilities of 2021
https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-top-exploited-vulnerabilities-of-2021/
Globally, malicious actors have been observed focusing their attacks on internet-facing systems, including email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities.
Tomi Engdahl says:
Ben Schoon / 9to5Google:
Google confirms that Messages for Android will get end-to-end encryption for RCS group chats, rolling out “later this year” in open beta — While it wasn’t mentioned on stage during Google I/O 2022 today, the company did announce a big new feature coming to Google Messages.
Google Messages will get end-to-end encryption for RCS group chats ‘later this year’ in beta
https://9to5google.com/2022/05/11/google-messages-rcs-group-encryption/
While it wasn’t mentioned on stage during Google I/O 2022 today, the company did announce a big new feature coming to Google Messages. Later this year, Google Messages will add end-to-end encryption for RCS group chats.
Google Messages first added support for end-to-end encryption on RCS messages in late 2020, as the new messaging standard became available to all Android users around the globe. At that point, the company also confirmed that group chats would eventually add encryption, as it was limited only to 1:1 chats at first.