Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
VPN:n aika pian ohi, tilalle ZTNA 2.0
https://etn.fi/index.php/13-news/13564-vpn-n-aika-pian-ohi-tilalle-ztna-2-0
Tietoturvayhtiö Palo Alto Networks kehottaa kyberturvallisuuden alaa siirtymään Zero Trust Network Access 2.0 (ZTNA 2.0) -tekniikkaan, joka takaa VPN-vaihtoehtoja paremman suojauksen. Yhtiö uskoo, että VPN-tekniikka on tullut tiensä päähän.
Yhtiön mukaan ensimmäisen sukupolven Zero Trust Network Access -tekniikka eli ZTNA 1.0 oli ominaisuuksiltaan liian luottavainen ja altisti näin käyttäjänsä turvallisuusriskeille. VPN-tekniikka ei puolestaan tarjoa kaivattua skaalattavuutta. Sen lisäksi myös VPN antaa turhan herkästi käyttöoikeuksia eri palveluihin.
ZTNA 2.0 korjaa edellä mainitut ongelmat ja näin suojaa organisaatiot entistä paremmin noudattaen alkuperäisen ajatuksen mukaisesti luottamattomuuden ajatusta eli zero trust -periaatetta. Zero Trust -tekniikan tulisi toimia lentokenttien turvallisuuden tapaan. Vaikka turvatarkastus on tehty, se ei tarkoita, että matkustaja voi vapaasti vaeltaa ja hypätä mihin tahansa lentokoneeseen tai kulkea missä tahansa lentokentän alueella. Lentolipun tapaan ZTNA 2.0 -tekniikka mahdollistaa kulun vain erikseen käyttäjäkohtaisesti sallituille alueille, minkä ansiosta tiedot ja palvelut on suojattu käyttöoikeuksien mukaan. Välitarkistuspisteillä varmistetaan käyttäjän käyttöoikeudet salasanoin, jolloin voidaan varmistaa, ettei kuka tahansa pääse käsiksi mihin tahansa.
ZTNA 1.0 antoi käyttäjille aivan liian suuret valtuudet ja kulkuoikeudet, jonka lisäksi nyt vanhaksi käynyt palvelu ei kyennyt tunnistamaan haittaohjelmia ja palveluiden sisällä tapahtuvaa liikennettä aliohjelmistosta toiseen. Tämä mahdollisti erilaisille ohjelmistoille ja käyttäjille suuremmat käyttöoikeudet, kuin mitä oli tarkoitettu. Tämän kaiken johdosta ZTNA 1.0 altisti sen avulla suojatut tiedot ja palvelut monenlaisille väärinkäytöksille.
Zero Trust Network Access 2.0 -pohjaiset palvelut, kuten Palo Alto Networks Prisma Access, auttavat organisaatioita tuomaan turvallisuusvaatimuksensa tämän päivän tasolle. Näin turvajärjestelmät ovat valmiita nykyaikaisten palveluiden, uhkien ja hybridityömallien osalta, mikä mahdollistaa yritys- ja yhteisöverkostojen paremman suojaamisen.
ZTNA 2.0 noudattaa monia keskeisiä periaatteita, joilla järjestelmiä voidaan suojata. Esimerkiksi käyttöoikeuksia annetaan paljon harkitummin käyttäjäkohtaisesti eikä enää pelkän IP-osoitteen perusteella. Käyttäjän tunnistuksia vaaditaan useammin, mikä vähentää palvelun sisällä toimimisen tai palvelusta toiseen siirtymisen riskejä. ZTNA 2.0 myös valvoo entistä tarkemmin sovelluksen sisäistä liikennettä, jonka ansiosta erilaisten haittaohjelmien liikkeet voidaan havaita entistä paremmin ja nopeammin. ZTNA 2.0 hallitsee tiedostoja entistä tarkemmin noudattaen tiedon häviämistä ehkäiseviä DLP-käytäntöjä. Lisäksi ZTNA 2.0 -tekniikkaa voidaan hyödyntää erilaisten palveluiden kanssa, olipa kyseessä sitten nykyaikaiset pilvinatiivipalvelut, vanhemmat yksityiset ohjelmistot tai monipuoliset SaaS-palvelut.
https://www.paloaltonetworks.com/sase/ztna
Tomi Engdahl says:
Needs Improvement: Scoring Biden’s Cyber Executive Order >
https://www.darkreading.com/risk/needs-improvement-scoring-biden-s-cyber-executive-order
Tomi Engdahl says:
Google Chrome adds virtual credit card numbers to keep your real ones safe
https://techcrunch.com/2022/05/11/google-chrome-adds-virtual-credit-card-numbers-to-keep-your-real-ones-safe/
Google today announced that its Chrome browser will now offer users the ability to use a virtual credit card number in online payment forms on the web. These virtual card numbers allow you to keep your “real” credit card number safe when you buy something online since they can be easily revoked if a merchant’s systems get hacked. A number of credit card issuers already offer these virtual credit card numbers, but they are probably far less mainstream than they should be.
Google says these virtual cards will roll out in the U.S. later this summer. Since Google is working with both card issuers like Capital One, which is the launch partner for this feature, but also the major networks like Visa and American Express, which will be supported at launch, with Mastercard support coming later this year. Having support from the networks is definitely a big deal here, because trying to get every individual card issuer on board would be a difficult task.
The new feature will be available on Chrome on desktop and Android first, with iOS support rolling out later.
From the user perspective, this new autofill option will simply enter the virtual card’s details for you, including the CVV that you can never remember for your physical cards, and then you can manage the virtual cards and see your transactions at pay.google.com.
Tomi Engdahl says:
https://blog.malwarebytes.com/privacy-2/2022/05/clearview-ai-banned-from-selling-facial-recognition-data-in-the-us/
Tomi Engdahl says:
How Can Your Business Defend Itself Against Fraud-as-a-Service?
https://www.darkreading.com/vulnerabilities-threats/how-can-your-business-defend-itself-against-fraud-as-a-service-
By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.
The pandemic pivot to digital banking, shopping, and other services was an important health measure, but it created opportunities for organized fraudsters to grow their “business” and expand their offerings to include fraud-as-a-service (FaaS). FaaS takes several forms, all with the goal of making it easier for both experienced and novice criminals to commit fraud. Here’s what merchants need to know about this trend and how to prevent FaaS attacks.
How Fraud-as-a-Service Works
There are two main components to FaaS: bots and brand impersonation. Neither tactic is entirely new. Fraudsters have been using bots for card-testing attacks for years, and brand impersonation is a classic scheme for phishing credentials and payment data.
Now, though, fraud “service providers” are going farther. Criminals can rent bot networks inexpensively to launch large-scale fraud campaigns against websites and to phish victims. However, two-factor authentication (2FA) can prevent thieves from breaking into accounts even with stolen data. SIM-swapping is one option for getting around 2FA, but it’s time consuming and requires planning. So, criminals now offer OTP (one-time password) bot services. Fraudsters can plug in victims’ names and financial institutions or favorite stores, and the bot handles the rest – phishing the victim for their one-time password so fraudsters can take over the related account – all for as little as 15 cents per bot call.
Tomi Engdahl says:
https://blog.malwarebytes.com/privacy-2/2022/05/virtual-credit-cards-coming-to-chrome-what-you-need-to-know/
Tomi Engdahl says:
- From WannaCry to Conti: A 5-Year Perspective https://blog.checkpoint.com/2022/05/11/how-the-evolution-of-ransomware-changed-the-threat-landscape/
Over the last five years, ransomware operations made a long way from random spray and pray emails to multi-million dollar businesses, conducting targeted and man-operated attacks affecting the organizations in almost any geographic location and within any industry. While western countries, after all these years, started to take this problem utterly seriously, the ransomware economy still thrives mainly due to the local law enforcement agencies turning a blind eye to ransomware gangs mostly based in Eastern Europe. With the current war between Russia and Ukraine, the future of law enforcement collaboration between Russia and western countries to stop the ransomware threat is not as bright as it seemed only a few months before.
Tomi Engdahl says:
Network Footprints of Gamaredon Group
https://blogs.cisco.com/security/network-footprints-of-gamaredon-group
Gamaredon group, also known as Primitive Bear, Shuckworm and ACTINIUM, is an advanced persistent threat (APT) based in Russia. Their activities can be traced back as early as 2013, prior to Russia’s annexation of the Crimean Peninsula. They are known to target state institutions of Ukraine and western government entities located in Ukraine. Ukrainian officials attribute them to Russian Federal Security Service, also known as FSB. We were able to collect network IoC’s related to Gamaredon infrastructure. During our initial analysis, most of the indicators were not attributed directly to any specific malware and they were rather listed as part of Gamaredon’s infrastructure. Therefore, we wanted to analyze their infrastructure to understand their arsenal and deployment in greater detail.
Tomi Engdahl says:
APT gang ‘Sidewinder’ goes on two-year attack spree across Asia https://www.theregister.com/2022/05/12/sidewinder_apt_attack_spree/
The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1, 000 raids and deploying increasingly sophisticated attack methods.
Tomi Engdahl says:
Relaunching the NCSC’s Cloud security guidance collection https://www.ncsc.gov.uk/blog-post/relaunching-the-ncscs-cloud-security-guidance-collection
This week we have launched the updated NCSC’s cloud security guidance.
It’s more evolution than revolution, as it collates and refreshes all of the NCSC’s existing cloud guidance (and blogs) into a single collection.
Tomi Engdahl says:
Yleisimmät haittaohjelmat ja haavoittuvuudet Suomessa ja maailmalla – turbulenssia top10:ssä, mutta Emotet yhä huipulla https://www.epressi.com/tiedotteet/tietotekniikka/yleisimmat-haittaohjelmat-ja-haavoittuvuudet-suomessa-ja-maailmalla-turbulenssia-top10ssa-mutta-emotet-yha-huipulla.html
Check Point Research kertoo huhtikuun haittaohjelmakatsauksessaan, että maailman yleisin haitake oli yhä Emotet. Suomen yleisimpänä kyberkiusana jatkoi kiristysohjelma Netwalker.
Tomi Engdahl says:
Everything We Learned From the LAPSUS$ Attacks https://thehackernews.com/2022/05/everything-we-learned-from-lapsus.html
There are two major takeaways from the LAPSUS$ attacks that organizations must pay attention to. First, the LAPSUS$ attacks clearly illustrate that gangs of cybercriminals are no longer content to perform run-of-the-mill ransomware attacks. Rather than just encrypting data as has so often been done in the past, LAPSUS$ seems far more focused on cyber extortion. LAPSUS$ gains access to an organization’s most valuable intellectual property and threatens to leak that information unless a ransom is paid. The other important takeaway from the LAPSUS$ attacks was that while there is no definitive information about how the attackers gained access to their victim’s networks, the list of leaked Nvidia credentials that was acquired by Specops clearly reveals that many employees were using extremely weak passwords.
Tomi Engdahl says:
Q4 2021 Lumen DDoS Quarterly Report
https://blog.lumen.com/q4-2021-lumen-ddos-quarterly-report/
Tomi Engdahl says:
I/O 2022: Android 13 security and privacy (and more!) https://security.googleblog.com/2022/05/io-2022-android-13-security-and-privacy.html
Every year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we’re making the latest release safer, and more private, while continuing to offer a seamless experience. So let’s dig into the tools we’re building to better secure your data, enhance your privacy and increase trust in the apps and experiences on your devices.
Tomi Engdahl says:
https://www.securityweek.com/maryland-governor-signs-bills-strengthen-cybersecurity
Tomi Engdahl says:
Size of Early Stage Cyber Deals Continues to Surge: DataTribe
https://www.securityweek.com/size-early-stage-cyber-deals-continues-surge-datatribe
Tomi Engdahl says:
Prepare for What You Wish For: More CISOs on Boards
https://www.securityweek.com/prepare-what-you-wish-more-cisos-boards
We have a long way to go to get adequate cybersecurity expertise on boards, but the time has come to make it happen
Recently, the Security Exchange Commission (SEC) made a welcome move for cybersecurity professionals. In proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting, the SEC outlined requirements for public companies to report any board member’s cybersecurity expertise. The change reflects a growing belief that disclosure of cybersecurity expertise on boards is important as potential investors consider investment opportunities and shareholders elect directors. In other words, the SEC is encouraging U.S. public companies to beef up cybersecurity expertise in the boardroom.
Cybersecurity is a business issue, particularly now as the attack surface continues to expand due to digital transformation and remote work, and cyber criminals and nation-state actors capitalize on events, planned or unplanned, for financial gain or to wreak havoc. The world in which public companies operate has changed, yet the makeup of boards doesn’t reflect that. According to a 2021 survey, only 4% of CISOs sit on corporate boards globally.
Tomi Engdahl says:
https://www.securityweek.com/prepare-what-you-wish-more-cisos-boards
Here are three challenges CISOs should prepare for as the ripple effects of the SEC amendments make their way through to board recruitment processes.
1. Education. Reporting to the board on a quarterly basis or when specifically invited is entirely different from having a regular seat at the table as the go-to expert for cyber risk. Discussions about strategic initiatives including digital transformation, merger and acquisition (M&A) activity, regional and global expansion, strategic partnerships and supply chain shifts happen every day. Cybersecurity is now widely viewed as a competitive advantage and integral to the success of corporate strategies.
2. Risk Communications. For some time now, boards have been maturing in their understanding of cybersecurity and asking more detailed questions about threats. They don’t just want to know if the latest threat pertains to the organization, but in what ways and how the security team knows that. The current situation in Ukraine, which introduces the dimension of cyberwarfare, has intensified these types of requests and spurred the need for frequent, richer conversations. CISOs must be able to assess the entire threat landscape, including the impact of geopolitical events to the organization, and recommend how to mitigate risk proactively. Data-driven security operations can reveal the motivations of attackers and their tactics, techniques and procedures (TTPs), to provide a clearer picture of risk exposure and how to strengthen detection and response should the company be in the crosshairs. Being able to discuss the threat landscape at a more strategic level is integral to effectively communicating risk and enabling boards to make more informed business decisions.
3. Metrics. Boards have a fiduciary responsibility to their shareholders. Research finds that digitally savvy boards outperformed others, including achieving 38% higher revenue growth over three years, 34% higher marketing capitalization growth and 17% higher profit margins. The financial, legal and reputational fallout from recent cyberattacks has shown corporate leaders that digital initiatives must be executed securely to preserve those benefits.
We have a long way to go to get adequate cybersecurity expertise on boards, but the time has come to make it happen.
Tomi Engdahl says:
The Importance of Wellness for Security Teams
https://www.securityweek.com/importance-wellness-security-teams
With the talent shortage in security, employers need to use a variety of tools to recruit and retain top talent
In recent years, many companies have begun looking much more closely at employee wellness. Companies are concerned about employee physical, mental, and emotional health, stress levels, burnout, and a number of other factors. In addition, since the labor market is quite competitive in most industries, employers are seeking creative ways to recruit and retain top talent.
Tomi Engdahl says:
Kännykkä ja some mullistivat sodankäynnin
https://etn.fi/index.php/13-news/13566-kaennykkae-ja-some-mullistivat-sodankaeynnin
Onnittelut tulevasta NATOon liittymisestä. Ikävä kyllä sillä ei ole niin isoa merkitystä enää, sanoi Viron entinen presidentti Toomas Hendrik Ilves eilen Helsingin messukeskuksessa Cyber Security Nordic -tapahtuman avainpuheessaan. Toki Ilves sen jälkeen perusteli laajasti, miksi NATOon liittyminen ei ole niin iso juttu kuin miksi se on meillä ymmärretty.
Syynä on sodankäynnin muuttuminen. – Sodasta on tullut digitaalista. Oikeastaan vuoteen 2000 asti sotateknologiassa oli kyse kineettisen voiman tai nopeuden kasvattamisesta. Tietokoneen käyttö aseena muutti sotia olennaisesti, Ilves perusteli.
Toki kineettinen vaikuttaa yhä, sen näemme Venäjän hyökkäyssodan uutiskuvissa. Mutta nykysodassa digitaalisuus on tullut yhä tärkeämmäksi. Se huomattiin Virossa vuonna 2007, kun he löysivät venäläisen madon sotilasjärjestelmistään. Virolaiset riensivät näyttämään löydöstään NATOlle, joka totesi vain ”Ai se on teilläkin”.
Tämä on länsimaisille liberaaleille valtioille iso ongelma. Data ei tunne valtioiden rajoja, palvelunestohyökkäykset eivät pysähdy tulleihin, joten tiedustelutiedonkaan ei pitäisi pysähtyä rajoille. Tämän Ilves näkee tulevaisuudessa isoksi kehitysalueeksi EU:n tasolla.
- Kuvaavaa on, että EU:n suurissa data-asetuksissa DMA ja DSA (Digital Markets Act ja Digital Services Act) ei puhuta sanallakaan kyberturvallisuudesta
Tomi Engdahl says:
Paresh Dave / Reuters:
US states and local governments are backing off banning facial recognition, amid rising crime and increased lobbying from facial recognition developers
U.S. cities are backing off banning facial recognition as crime rises
https://www.reuters.com/world/us/us-cities-are-backing-off-banning-facial-recognition-crime-rises-2022-05-12/
OAKLAND, Calif., May 12 (Reuters) – Facial recognition is making a comeback in the United States as bans to thwart the technology and curb racial bias in policing come under threat amid a surge in crime and increased lobbying from developers.
Virginia in July will eliminate its prohibition on local police use of facial recognition a year after approving it, and California and the city of New Orleans as soon as this month could be next to hit the undo button.
Homicide reports in New Orleans rose 67% over the last two years compared with the pair before, and police say they need every possible tool.
“Technology is needed to solve these crimes and to hold individuals accountable,” police Superintendent Shaun Ferguson told reporters as he called on the city council to repeal a ban that went into effect last year.
Efforts to get bans in place are meeting resistance in jurisdictions big and small from New York and Colorado to West Lafayette, Indiana. Even Vermont, the last state left with a near-100% ban against police facial-recognition use, chipped away at its law last year to allow for investigating child sex crimes.
ke Blake
Register now for FREE unlimited access to Reuters.com
OAKLAND, Calif., May 12 (Reuters) – Facial recognition is making a comeback in the United States as bans to thwart the technology and curb racial bias in policing come under threat amid a surge in crime and increased lobbying from developers.
Virginia in July will eliminate its prohibition on local police use of facial recognition a year after approving it, and California and the city of New Orleans as soon as this month could be next to hit the undo button.
Homicide reports in New Orleans rose 67% over the last two years compared with the pair before, and police say they need every possible tool.
“Technology is needed to solve these crimes and to hold individuals accountable,” police Superintendent Shaun Ferguson told reporters as he called on the city council to repeal a ban that went into effect last year.
Efforts to get bans in place are meeting resistance in jurisdictions big and small from New York and Colorado to West Lafayette, Indiana. Even Vermont, the last state left with a near-100% ban against police facial-recognition use, chipped away at its law last year to allow for investigating child sex crimes.
From 2019 through 2021, about two dozen U.S. state or local governments passed laws restricting facial recognition. Studies had found the technology less effective in identifying Black people, and the anti-police Black Lives Matter protests gave the arguments momentum.
“There is growing interest in policy approaches that address concerns about the technology while ensuring it is used in a bounded, accurate and nondiscriminatory way that benefits communities,” said Jake Parker, senior director of government relations at the lobbying group Security Industry Association.
Shifting sentiment could bring its members, including Clearview AI, Idemia and Motorola Solutions (MSI.N), a greater share of the $124 billion that state and local governments spend on policing annually. The portion dedicated to technology is not closely tracked.
Clearview, which helps police find matches in the social media data, said it welcomes “any regulation that helps society get the most benefit from facial recognition technology while limiting potential downsides.” Idemia and Motorola, which provide matches from government databases, declined to comment.
Tomi Engdahl says:
Riana Pfefferkorn / Stanford CIS Blog:
If Roe v. Wade is overturned, the enforcement of US laws should be seen as a strong argument for strengthening encryption, not weakening it
The End of Roe Will Bring About a Sea Change in the Encryption Debate
https://cyberlaw.stanford.edu/blog/2022/05/end-roe-will-bring-about-sea-change-encryption-debate
With the Supreme Court poised to rip away a constitutional right that’s been the law of the land for nearly half a century by overturning Roe v. Wade, it’s time for the gloves to come off in the encryption debate. For a quarter of a century, it has been an unspoken prerequisite for “serious” discussion that American laws and law enforcement must be given a default presumption of legitimacy, respect, and deference. That was always bullshit, the end of Roe confirms it, and I’m not playing that game anymore.
Weirdly, there are a lot of similarities between encryption and abortion. Encryption is a standard cybersecurity measure, just like abortion is a standard medical procedure. Encryption is just one component of a comprehensive data privacy and security program, just like abortion is just one component of reproductive health care. They both save lives. They both support human dignity. They’re both deeply bound up with the right to autonomy privacy, no matter what a hard-right Supreme Court says. (Ironically, the way things are going, the Supreme Court’s position will soon be that we have more privacy rights in our phones than in our own bodies.) And finally, both encryption and abortion keep being framed as something “controversial” rather than something that you and I have every damn right to – something that should be ubiquitously available without encumbrance.
It would be nice if both of these things were settled questions, but as we’ve seen in both cases, the opponents of each will never let them be.
We absolutely cannot afford for the opponents of encryption to prevail as well, whether in the U.S., the EU, its member states, or anywhere else.
The only reason there’s still any “debate” over encryption is because law enforcement refuses to let it drop. For over a quarter of a century, they’ve constantly insisted on the primacy of their interests. They demand to be centered in every discussion about encryption. They frame encryption as a danger to public safety and position themselves as having a monopoly on protecting public safety. They’ve insisted that all other considerations – cybersecurity, privacy, free expression, personal safety – must be made subordinate to their priorities. They expect everyone else to make trade-offs in the name of their interests but refuse to make trade-offs themselves. Nothing trumps the investigation of crime.
Why should law enforcement’s interests outweigh everything else? Because they’re “the good guys.” In debates about whether law enforcement should get “exceptional access” (i.e., a backdoor) to our encrypted communications and files, we pretend that American (and other Western democracies’) law enforcement are “the good guys,” positioned in contrast to “the bad guys”: criminals, hackers, foreign adversaries. When encryption advocates talk about how encryption is vital for protecting people from the threat posed by abusive, oppressive governments, we engage in the polite fiction that we’re talking about “that other country, over there.” It’s China, or Russia, or Ethiopia, not the U.S. If we talk about the threats posed by U.S.-based law enforcement at all, it’s the “a few bad apples” framing: we hypothesize about the occasional rogue cop who’d abuse an encryption backdoor in order to steal money or stalk his ex-wife.
We don’t confront the truth: that law enforcement in the U.S. is rife with institutional rot. Law enforcement does not have a monopoly on protecting public safety. In fact, they’re often its biggest threat. When encryption advocates play along with framing law enforcement as “the good guys,” we’re agreeing to avert our eyes from the fact that one-third of all Americans killed by strangers are killed by police, the fact that police kill three Americans a day, and the staggering rates of domestic violence by cops. When actual horrific crimes get reported to them – the very crimes they say they need encryption backdoors to investigate – they turn a blind eye and slander the victims. Law enforcement is a scourge on Americans’ personal safety. The same is true of our privacy as well: as a brand-new report from Georgetown underscores, law enforcement agencies don’t hesitate to flout the law with impunity in the pursuit of their perfect surveillance state.
U.S. law enforcement officers and agencies have shown us with their own actions that they don’t deserve any deference whatsoever in discussions about encryption policy. They aren’t entitled to any presumption of legitimacy. They are just another one of the threats that encryption protects people from.
Of course, this has always been the case. “Crimes” are whatever a group of lawmakers at some point in time decide they are, and “criminals” are whoever law enforcement selectively decides to enforce those laws against: Black and brown people, undocumented immigrants, homeless people, sex workers, parents of trans kids, drug users. Now that we’re rolling back the clock on social progress by half a century, “criminals” once again will include people who have abortions (which, don’t you ever forget, does not just mean cisgender women) and those who provide them. Already, some deeply conservative states are plotting for using contraception to make you a criminal again too. People in consensual same-sex relationships or interracial marriages may be next. All of these “crimes” are what should come to your mind whenever you hear somebody tout “fighting crime” as a reason to outlaw strong encryption.
If you’re an encryption advocate in the United States, it’s time to stop pretending that encryption’s protection against oppressive governments is only about Uighurs in Xinjiang or gay people in Uganda. Americans also need strong encryption to protect ourselves from our own domestic governments and their abominable laws.
Encryption advocates: It’s time to stop playing along with U.S. law enforcement’s poisonous expectation to exempt them from the threat model. The next time you’re at yet another fruitless roundtable event to “debate” encryption and some guy from the FBI complains that law enforcement must always be the star of the show, ask him to defend his position now that abortion will be against the law across much of the country. If he whines that that’s states’ laws, not federal, ask him what the FBI is going to do once a tide of investigators from those states start asking the FBI for help unlocking the phones of people being prosecuted for seeking, having, or performing an abortion
Tech companies: Do you want to help put your users behind bars by handing over the data you hold about them in response to legal demands by law enforcement? Do you not really care if they go to prison, but do care about the bad PR you’ll get if the public finds out about it? Then start planning now for what you’re going to do when – not if – those demands start coming in. Data minimization and end-to-end-encryption are more important than ever. And start worrying about internal access controls and insider threats, too: don’t assume that none of your employees would ever dream of quietly digging through users’ data looking for people they could dox to the police in anti-abortion jurisdictions. Protecting your users is already so hard, and it’s going to get a lot harder. Update your threat models.
Lawmakers: You can no longer be both pro-choice and anti-encryption. The treasure troves of Americans’ digital data are about to be weaponized against us by law enforcement to imprison people for having abortions, stillbirths, and miscarriages. If you believe that Americans are entitled to bodily autonomy and decisional privacy, if you believe that abortion is a right and not a crime, then I don’t want to hear you advocate ever again for giving law enforcement the ability to read everyone’s communications and unlock anyone’s phone. Whether or not you manage to codify Roe or to crack down on data brokers that sell information about abortion clinic visitors, you need to stop talking out of both sides of your mouth by claiming you care about privacy and abortion rights while also voting for bills like the EARN IT Act that would weaken encryption. The midterms are coming, and we are watching.
Tomi Engdahl says:
Ed Pilkington / The Guardian:
The US DOJ secretly subpoenaed a Guardian reporter’s phone info in 2020, as part of a leak investigation into stories about Trump’s child separation policy — Newspaper decries ‘egregious’ move by DoJ to obtain details of Stephanie Kirchgaessner as part of investigation into media leaks
US secretly issued subpoena to access Guardian reporter’s phone records
https://www.theguardian.com/us-news/2022/may/12/us-government-subpoena-guardian-reporter-phone-records
Newspaper decries ‘egregious’ move by DoJ to obtain details of Stephanie Kirchgaessner as part of investigation into media leaks
Tomi Engdahl says:
Suomi valmistautuu kyberhyökkäyksiin – meillä on ”supervoima”, jota muilla ei ole
https://www.is.fi/digitoday/tietoturva/art-2000008809079.html
Suomen verkoissa on paikkaamattomia haavoittuvuuksia, jotka avaavat oven verkkohyökkääjälle. Muualla maailmassa viranomaiset ja yrityskenttä eivät kuitenkaan kykene samanlaiseen yhteistyöhön kuin täällä.
Suomen Nato-prosessin edetessä Venäjän vaikuttamisyrityksiä odotetaan tapahtuvaksi koko ajan enemmän ja enemmän. Viranomaiset uskovat Suomeen kohdistuvan psykologista, teknistä ja jopa fyysistä vaikuttamista.
Viimeisin tarkoittaa konkreettista sabotaasia. Sitä todennäköisempää on kuitenkin tekninen vaikuttaminen, jota edustavat muun muassa häirintä ja kyberhyökkäykset.
Molempia on jo todennäköisesti nähty. Itärajalla maaliskuussa nähdyt gps-häiriöt saattoivat olla häirinnän tulosta.
Palvelunestohyökkäyksiä on nähty useampaan otteeseen. Niitä on kohdistettu niin pankkeihin kuin ministeriöiden verkkosivuihin.
Varsinaisia kyberaseita eli tietoja tuhoavia tai varastavia ohjelmia ei ole kuitenkaan ainakaan vielä Suomessa nähty. Ukrainassa ujutettiin verkkoon haittaohjelmia, jotka aktivoitiin Venäjän täysimääräisen maahyökkäyksen alettua. Venäjän kyberhyökkäykset ovat jatkuneet siitä asti. Vilkkaimmillaan niitä oli jopa 18 päivässä.
Sekä Traficomin Kyberturvallisuuskeskuksen että Telian mukaan Suomessa on ollut viime aikoina varsin rauhallista. Hyökkäyksiä on nähty, mutta niitä on normaalioloissakin.
Nyt voi kuitenkin olla tyyntä myrskyn edellä. Venäjä aloitti haittaohjelmien ujuttamisen Ukrainan verkkoihin viikkoja ennen hyökkäyksen alkua. Sama voisi tapahtua muuallakin.
Riski on todellinen. Telia Cygaten palveluliiketoiminnan johtaja Toni Vartiainen sanoo, että paikkaamattomat tietoturva-aukot ovat merkittävä uhka.
– On paljon päivittämättömiä aukkoja ja iso riskipinta-ala, esimerkiksi päivittämättä jätetyt Log4j-aukot, Vartiainen sanoo.
Toinen esimerkki on viime vuonna löydetty laaja Microsoft Exchange -haavoittuvuus, jota ei ole korjattu läheskään kaikkialla.
Vaikka iso yritys suojaisi järjestelmänsä huolellisesti, uhkaksi voivat muodostua huoltoketjut. Alihankkijoilla voi olla pääsy asiakkaidensa järjestelmiin. Näissä on usein pieniä ja keskisuuria yrityksiä, joilla ei ole mahdollisuuksia satsata tietoturvaan.
– Kumppanisi ei välttämättä tee yhtä hyvää työtä kuin sinä, sanoo tietoturvayhtiö Nixun hallinnoitujen palvelujen johtaja Jan Mickos.
Aina ei ole selvää, kenen vastuulla on tarttua tietoverkoissa havaittaviin uhkiin. 80-luvulta peräisin oleva lainsäädäntö antaa teleoperaattorille luvan poistaa viestintäverkosta viestintää vaarantava laite. Esimerkiksi botteina toimivien kaapattujen laitteiden tapauksessa prosessi on suoraviivainen. Hankalampaa on, kun asiallisen tietoliikenteen seassa on selkeitä poikkeamia.
Teleoperaattorilla on tekninen kyky skannata asiakkaidensa järjestelmiä, mutta se tai haavoittuvuuksiin puuttuminen lupaa kysymättä voi olla ongelma.
– Kun havaitsemme, ettei jossain ole päivitetty, pystymme auttamaan. Jos tulkitsemme, että kyseessä on merkittävä riski ja millä on vaikutuksia muihin, voimme tehdä äärimmäisiä toimenpiteitä, kuten blokata. Sitä ennen pitää kuitenkin olla käytetty muut keinot, Telian Vartiainen sanoo.
Liikenne- ja viestivirasto Traficomin Kyberturvallisuuskeskuksen poikkeamien hallinnan palvelukokonaisuuden johtaja Arttu Lehmuskallion mukaan teleoperaattorit ja muu elinkeinoelämä työskentelevät viranomaisten kanssa tavalla, joka on maailman mittakaavassa ainutlaatuinen.
Esimerkiksi Yhdysvalloissa presidentti Joe Biden on kannustanut yritysmaailmaa viranomaisten kanssa, sillä myös USA odottaa hyökkäyksiä. Maassa ei ole vakiintunutta toimintakulttuuria, jossa viranomaiset ja yksityinen sektori työskentelisivät saumatta yhdessä.
Lehmuskallio mainitsee suomalaisesta tavasta kolme esimerkkiä: suomalaisia riivanneen FluBot-haittaohjelman kahden ensimmäisen aallon taltuttaminen, Microsoft-huijauspuheluiden lopettaminen sekä vähän tunnettu, tietoturvahäiriötä havainnoiva sekä tietoa niistä elinkeinoelämälle välittävä Autoreporter-järjestelmä.
Samaa yhteistyötä tehdään, jos Suomeen kohdistuu hyökkäys. Yhteistyöorganisaatiot ja toimintatavat ovat olemassa ja huoltovarmuuskriittiset toimijat harjoittelevat poikkeustilanteita varten säännöllisesti.
– Olen ihmetellyt muualla käytettävää termiä public private partnership (julkisen ja yksityisen sektorin yhteistyö). Se on supervoima, joka meillä Suomessa jo on, Lehmuskallio sanoo.
Tomi Engdahl says:
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs
https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-warn-of-hackers-increasingly-targeting-msps/
Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks.
Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.
“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.
Tomi Engdahl says:
Google calls for urgent switch to quantum-safe encryption as US delays
A US body in charge of choosing new encryption algorithms that can withstand quantum computers has delayed announcing them due to undisclosed legal reasons, while a team at Google is calling for an immediate switch
Read more: https://www.newscientist.com/article/2319212-google-calls-for-urgent-switch-to-quantum-safe-encryption-as-us-delays/#ixzz7TH8lKRe9
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/bpfdoor-stealthy-linux-malware-bypasses-firewalls-for-remote-access/
Tomi Engdahl says:
Breaking Down the Strengthening American Cybersecurity Act
https://www.darkreading.com/vulnerabilities-threats/breaking-down-the-strengthening-american-cybersecurity-act
New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.
Tomi Engdahl says:
You’ve Been Flagged as a Threat: Predictive AI Technology Puts a Target on Your Back
https://www.activistpost.com/2022/05/youve-been-flagged-as-a-threat-predictive-ai-technology-puts-a-target-on-your-back.html
Tomi Engdahl says:
https://www.darkreading.com/dr-tech/google-will-use-mobile-devices-to-thwart-phishing-attacks
Tomi Engdahl says:
https://frendy.fi/tietoturvarikollisuus
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-top-exploited-vulnerabilities-of-2021/
Tomi Engdahl says:
https://hackersonlineclub.com/intelowl-open-source-cyber-threat-intelligence-project/
Tomi Engdahl says:
Ransomware in numbers: How 2,500 potential targets turns into one actual attack
Knowing what type of ransomware has hit you is only just the beginning, warns Microsoft.
https://www.zdnet.com/article/microsoft-the-ransomware-world-is-changing-heres-what-you-need-to-know/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/uk-cybersecurity-center-sent-33-million-alerts-to-companies/
Tomi Engdahl says:
https://uk.pcmag.com/security/140263/microsoft-to-businesses-you-can-now-hire-our-experts-for-cybersecurity
Tomi Engdahl says:
https://www.orion.fi/vastuullisuus/tarinoita-vastuullisuudesta/laakepakkauksen-tarkoin-saannellyt-merkinnat-torjuvat-vaarennoksia/
Tomi Engdahl says:
https://research.kudelskisecurity.com/2022/05/11/practical-bruteforce-of-aes-1024-military-grade-encryption/
Tomi Engdahl says:
L2TP vs SSL what is the difference?
https://forum.huawei.com/enterprise/en/huawei/m/ViewThread.html?tid=867429&lang=en
Tomi Engdahl says:
Just in time? Bosses are finally waking up to the cybersecurity threat
Cybersecurity chiefs say that boardrooms are asking better questions, but is the money there to back this up?
https://www.zdnet.com/article/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat/
Tomi Engdahl says:
Hackers Are Using SEO To Rank Malicious PDFs On Search Engines, Research Finds
https://it.slashdot.org/story/22/05/13/2155201/hackers-are-using-seo-to-rank-malicious-pdfs-on-search-engines-research-finds
Tomi Engdahl says:
SIEM = log ingestion.
SOAR = Automated response.
SIEM Solution cannot act on its own. It ingests data and makes correlations
While a SOAR takes data and can stop threats using automation
Security Orchestration, Automation and Response
Vs
SIEM
Security Information and Event Management?
Tomi Engdahl says:
https://www.zdnet.com/article/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat/
Tomi Engdahl says:
https://reconshell.com/red-team-powershell-scripts/
Tomi Engdahl says:
Eternity malware kit offers stealer, miner, worm, ransomware tools https://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/
Threat actors have launched the ‘Eternity Project, ‘ a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. The malware toolkit is modular and can include an info-stealer, a coin miner, a clipper, a ransomware program, a worm spreader, and soon, also a DDoS (distributed denial of service) bot, each being purchase seperately. also:
https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/
Tomi Engdahl says:
2021 Website Threat Research Report
https://sucuri.net/reports/2021-hacked-website-report/
Our Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. This is a collection of the observations made by Sucuri’s Research and Remediation experts of data collected on web-based malware, vulnerable software, and attacks during 2021.
Tomi Engdahl says:
Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/
This blog describes an attack that Unit 42 observed utilizing malicious compiled HTML help files for the initial delivery. We will show how to analyze the malicious compiled HTML help file. We will then follow the chain of attack through JavaScript and multiple stages of PowerShell and show how to analyze them up to the final payload.
Tomi Engdahl says:
Google to create security team for open source projects https://therecord.media/google-open-source-security-team-openssf/
Google announced on Thursday that it is creating a new “Open Source Maintenance Crew” tasked with improving the security of critical open source projects. Google also unveiled two other projects Google Cloud Dataset from Open Source Insights designed to help developers better understand the structure and security of the software they use. “This dataset provides access to critical software supply chain information for developers, maintainers and consumers of open-source software, ”
Google explained in a blog post. also:
https://blog.google/technology/safety-security/shared-success-in-building-a-safer-open-source-community/
Tomi Engdahl says:
NEW SYK CRYPTER DISTRIBUTED VIA DISCORD
https://blog.morphisec.com/syk-crypter-discord
In this threat research report, Morphisec reveals how threat actors are using Discord as part of an increasingly popular attack chain with a new SYK crypter designed to outwit signature and behavior-based security controls.
Tomi Engdahl says:
Sandstone CTO shares how to assess cyber risk in the cloud https://www.trendmicro.com/en_us/ciso/22/e/cyber-risk-assessment-sandstone-cto.html
Chaitanya Pinnamanemi discusses how visibility and prioritization are key to securing your digital attack surface and reducing cyber risk.
To better manage your cloud assets to ensure operational efficiency, Pinnamanemi says you need better tooling that provides comprehensive visibility across your attack surface. This allows security teams to quickly discover, assess, and respond to potential threats across your ever-expanding digital attack surface.