Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Overloaded memory chips generate truly random numbers for encryption
Random numbers – a vital part of encryption – are hard for computers to generate, but a new trick turns memory chips into a source of random noise
Read more: https://www.newscientist.com/article/2303984-overloaded-memory-chips-generate-truly-random-numbers-for-encryption/#ixzz7I9ykyC2c
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/01/12/log4j-haavoittuvuudesta-harmia-viela-pitkaan/
Tomi Engdahl says:
Building resilience is a skill and a team sport – two common myths around resilience
The psychological demands placed upon Formula 1 drivers are remarkable. In this article we discuss resilience on two levels – the individual and her environment.
https://technopolisglobal.com/insights/stories/building-resilience-is-a-skill/
Tomi Engdahl says:
https://pentestmag.com/increasing-enterprise-visibility-integrated-defense-with-mitre-attck/
Tomi Engdahl says:
Raspberry Pi Detects Malware Using Electromagnetic Waves
By Ash Hill published 7 days ago
Researchers take antivirus support to the next level with the Raspberry Pi.
https://www.tomshardware.com/news/raspberry-pi-detects-malware-with-em-waves
Tomi Engdahl says:
Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification
https://dl.acm.org/doi/abs/10.1145/3485832.3485894
Tomi Engdahl says:
Samy Kamkar’s Crash Course in How to Be a Hardware Hacker
https://m.youtube.com/watch?v=tlwXmNnXeSY
Tomi Engdahl says:
Raspberry Pi can now detect malware without any software
By Anthony Spadafora published 6 days ago
New detection system scans for malware using electromagnetic waves
https://www.techradar.com/news/raspberry-pi-can-now-detect-malware-without-any-software
Tomi Engdahl says:
URL parsing: A ticking time bomb of security exploits
https://www.techrepublic.com/article/url-parsing-a-ticking-time-bomb-of-security-exploits/
The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.
A team of security researchers has discovered serious flaws in the way the modern internet parses URLs: Specifically, that there are too many URL parsers with inconsistent rules, which has created a worldwide web easily exploited by savvy attackers.
Tomi Engdahl says:
New SysJoker backdoor targets Windows, macOS, and Linux
https://www.bleepingcomputer.com/news/security/new-sysjoker-backdoor-targets-windows-macos-and-linux/
Tomi Engdahl says:
The Cybersecurity Measures CTOs Are Actually Implementing
https://www.darkreading.com/tech-trends/the-cybersecurity-measures-ctos-are-actually-implementing
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
Tomi Engdahl says:
https://pentestmag.com/which-is-more-secure-voip-or-landline/
Tomi Engdahl says:
https://www.techradar.com/news/raspberry-pi-can-now-detect-malware-without-any-software
Tomi Engdahl says:
DOD Launches New University Consortium for Cybersecurity
https://www.defense.gov/News/News-Stories/Article/Article/2894347/dod-launches-new-university-consortium-for-cybersecurity/#.Ydy3KrsnzGs.facebook
Tomi Engdahl says:
Cybersecurity: Last year was a record year for attacks, and Log4j made it worse
Check Point Research said that among its customers, there was a 50% increase in overall attacks per week on corporate networks compared to 2020.
https://www.zdnet.com/article/report-increased-log4j-exploit-attempts-leads-to-all-time-peak-in-weekly-cyberattacks-per-org/
Tomi Engdahl says:
How to Make the Attack Lifecycle Actionable with Intelligence https://www.recordedfuture.com/attack-lifecycle-actionable-intelligence/
The Cyber Attack Lifecycle and Cyber Kill Chain are time and again used as the primary reference for understanding how a cyber attack happens from the perspective of an adversary. However, just leveraging them as educational reference documents doesnt tap into their true powerguides to enabling defensive and proactive action against attackers.
Tomi Engdahl says:
White House reminds tech giants open source is a national security issue https://www.bleepingcomputer.com/news/security/white-house-reminds-tech-giants-open-source-is-a-national-security-issue/
The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors’ attacks. Discussions on this topic took place during the Open Source Software Security Summit convened by the Biden administration on Thursday.
Tomi Engdahl says:
Use of Alternate Data Streams in Research Scans for index.jsp.
https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Our network of web application honeypots delivered some odd new URLs in the last 24 hrs. I am not 100% sure what these scans are after, but my best guess right now is that they are attempting to bypass filters using NTFS alternate data streams. The Windows NTFS file system includes the ability to connect to alternate data streams. This has been documented in the past as a technique to hide data or to bypass URL filters.
Tomi Engdahl says:
Cybersecurity for Industrial Control Systems: Part 1 https://www.trendmicro.com/en_us/research/22/a/cybersecurity-industrial-control-systems-ics-part-1.html
The ever-changing technological landscape has made it possible for the business process on the IT side of an enterprise to be interconnected with the physical process on the OT side. While this advancement has improved visibility, speed, and efficiency, it has exposed industrial control systems (ICSs) to threats affecting IT networks for years. Our expert team extensively looked into reported specific malware families in ICS endpoints to validate ICS security and establish a global baseline for examining threats that put these systems at risk.
Tomi Engdahl says:
Linux malware sees 35% growth during 2021 https://www.bleepingcomputer.com/news/security/linux-malware-sees-35-percent-growth-during-2021/
The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. IoTs are typically under-powered “smart”
devices running various Linux distributions and are limited to specific functionality. However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.
Tomi Engdahl says:
Real Big Phish: Mobile Phishing & Managing User Fallibility https://threatpost.com/mobile-phishing-zero-trust-security/177594/
According to a recent survey from Ivanti, nearly three-quarters (74
percent) of IT professionals reported that their organizations have fallen victim to a phishing attack and 40 percent of those happened in the last month alone. Increasingly, mobile phishing is the culprit.
Whats more, nearly half of these professionals cited a lack of the necessary IT talent as one of the core reasons for the increased risk of phishing attacks.
Tomi Engdahl says:
Meshed Cybersecurity Platforms Enable Complex Business Environments
https://www.securityweek.com/meshed-cybersecurity-platforms-enable-complex-business-environments
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13034-auton-kyberturva-ei-voi-olla-omistajan-vastuulla
Tomi Engdahl says:
James Ball / Rolling Stone:
The UK government hires ad agency M&C Saatchi to run a publicity campaign criticizing Meta’s plans to make Messenger end-to-end encrypted by default — The Home Office has hired a high-end ad agency to mobilize public opinion against encrypted c
https://www.rollingstone.com/culture/culture-news/revealed-uk-government-publicity-blitz-to-undermine-privacy-encryption-1285453/
Tomi Engdahl says:
https://pentestmag.com/is-your-ciso-really-c-level/
Tomi Engdahl says:
Kyberturvayhtiö: Hylkää Google!
https://etn.fi/index.php/13-news/13041-kyberturvayhtioe-hylkaeae-google
Kyberturvallisuusyritys NordVPN:n uusi tutkimus paljasti, että 80 prosenttia käyttäjistä on huolissaan verkkoseurannasta, ja 26 prosenttia ajattelee, että heitä seurataan lähes koko ajan. Lääkkeeksi yhtiö ehdottaa yhtenä keinona radikaalia toimenpidettä: Googlen hylkäämistä.
Yritysten yrityksiä seurata netin käyttäjiä voi vähentää monin konstein. NordVPN:n digitaalisen yksityisyyden asiantuntija Daniel Markuson suosittelee esimerkiksi VPNn käyttöä. – VPN:ää käyttäessäsi piilotat todellisen IP-osoitteesi ja sijaintisi kaikilta ulkopuolisilta tahoilta, mukaan lukien internet-palveluntarjoajat, verkkorikolliset, verkon hallinnoitsijat ja mainostajat, Markuson sanoo.
Tomi Engdahl says:
Hyökkäykset yritysverkkoihin kasvoivat 50 prosenttia
https://etn.fi/index.php/13-news/13043-hyoekkaeykset-yritysverkkoihin-kasvoivat-50-prosenttia
Kyberhyökkäysten määrä yritysverkkoihin on kasvanut tasaisesti vuoden 2020 puolivälistä lähtien. Viime vuonna hyökkäysten määrä kasvoi tietoturvayhtiö Check Point Researchin mukaan 50 prosenttia. Viikoittainen huippu saavutettiin vuoden viimeisellä neljänneksellä.
Tomi Engdahl says:
https://brand-studio.fortune.com/rapid7/Optimizing-kubernetes-for-business-security-scalability-growth/?prx_t=hCQHAAAAAAoPEQA&fbclid=IwAR1-MICt6NCxnOLM-hFLsa0sYFuTcP75lvY2spvhVwjbFFPVyz0k-hCgQW8
Tomi Engdahl says:
https://gist.github.com/oldkingcone/ad78153ce36025e8d80ce098ee3afcf7
Tomi Engdahl says:
Big Tech wants to make Open Source Software more Secure
https://coderoasis.com/open-source-to-be-more-secure/
The major technology companies of the United States – names such as Google, Microsoft, Apple, and Facebook – came together at an important White House Summit over the weekend to discuss the ways to make the open source software space more secure in light of recent disastrous vulnerabilities.
The new standards for open source software security – including important funding for developers in the space and public and private partnerships – to secure the ecosystem were some of the ideas floating around during the summit on the future of open source development.
Tomi Engdahl says:
The Cybersecurity Measures CTOs Are Actually Implementing
Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
https://www.darkreading.com/tech-trends/the-cybersecurity-measures-ctos-are-actually-implementing
Tomi Engdahl says:
Check Point Research issues Q4 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up personal data https://blog.checkpoint.com/2022/01/17/dhl-replaces-microsoft-as-most-imitated-brand-in-phishing-attempts-in-q4-2021/
Our latest Brand Phishing Report for Q4 2021 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals personal information or payment credentials during October, November and December 2021. In Q4, global logistics and distribution company DHL ended Microsofts long-standing reign as the brand most frequently imitated by cybercriminals in attempts to steal credentials or deploy malware via sophisticated phishing techniques.
Twenty-three percent of all brand phishing attempts were related to DHL, up from just 9% in the previous quarter.
Tomi Engdahl says:
Finding hidden cameras with your smartphones ToF sensor https://www.kaspersky.com/blog/finding-spy-cameras-with-smartphone/43391/
Spy cameras in rented apartments or hotel rooms: fact or fiction?
Fact, unfortunately. In a quite recent case, a family from New Zealand, having rented an apartment in Ireland, discovered a hidden camera livestreaming from the living room. To spot a camera with the naked eye often requires X-ray vision, as it will almost certainly be carefully camouflaged. For those of us who arent Superman, there are special devices to help detect spy devices by electromagnetic radiation or Wi-Fi signal, but they are not standard travel items. And to get the most out of them you will need special skills or expert assistance.
Tomi Engdahl says:
Actions to take when the cyber threat is heightened https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation.
This guidance explains in what circumstances the cyber threat might change, andoutlines the steps an organisation can take in response to a heightened cyber threat.
Tomi Engdahl says:
The State of Credential Stuffing Attacks https://securityintelligence.com/articles/credential-stuffing-attacks-2021/
Credential stuffing has become a preferred tactic among digital attackers over the past few years. As reported by Help Net Security, researchers detected 193 billion credential stuffing attacks globally in 2020. Financial services groups suffered 3.4 billion of those attacks. Thats an increase of more than 45% year over year in that sector. In H1 2021, fraudsters focused on digital accounts by breaking into existing user accounts or creating new accounts, per Business Wire. Nearly three in 10 of those attacks consisted of credential stuffing.
Tomi Engdahl says:
Yritykset harjoittelevat yhdessä kybervarautumista varten ehdotettu myös koodarien iskuryhmää https://www.tivi.fi/uutiset/tv/70e5b613-8218-4666-aa1a-51ccd5c0369d
Huoltovarmuuskeskuksen ylläpitämässä Digipoolissa yritykset harjoittelevat varautumista kyberhäiriötilanteisiin ja jakavat aiheesta tietoa keskenään. Digipooli on joukko vapaaehtoisesti mukana olevia huoltovarmuuskriittisiä yrityksiä, kuten Suomen suurimpia it-taloja sekä toimijoita esimerkiksi kaupan ja energiatuotannon alalta. Tällä hetkellä yrityksiä on poolissa noin 60.
Tomi Engdahl says:
2G’s security weaknesses are still a problem, even for modern phones https://www.zdnet.com/article/2gs-security-weaknesses-are-still-a-problem-even-for-modern-phones/
Google recently added an option to switch off insecure 2G connectivity in Android smartphone modems, a move that has been welcomed by digital civil liberties group the Electronic Frontier Foundation (EFF). It applauded Google for adding the new setting in Android 12 and has now called on Apple to implement the feature, too. 2G is an early digital cellular network standard that emerged in the early 1990s, when Nokia still ruled mobile. As EFF notes, 2G was developed when standards bodies didn’t account for threats like rogue cell towers or the need for strong encryption.
Tomi Engdahl says:
https://www.securityweek.com/securityweek-announces-virtual-cybersecurity-event-schedule-2022
Tomi Engdahl says:
https://www.nomoreransom.org/fi/index.html
Tomi Engdahl says:
For security alone, we could try paying open source projects properly
https://www.zdnet.com/article/for-security-alone-we-could-try-paying-open-source-projects-properly/
Instead of running around like headless chooks because a widely used piece of open source software is maintained by volunteers and has a massive hole in it, imagine paying someone to look after such software properly.
Tomi Engdahl says:
https://thehackernews.com/2022/01/dont-use-public-wi-fi-without-dns.html
Tomi Engdahl says:
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
https://threatpost.com/organizations-losing-battle-vulnerabilities/177696/
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.
After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from Bugcrowd.
Tomi Engdahl says:
In light of the crisis in Ukraine, Mandiant is making this guide on hardening against destructive attacks available to everyone. Please take a look. This is over 40 pages of concrete steps you can step to protect your org. No marketing filler.
Proactive Preparation and Hardening to Protect Against Destructive Attacks
https://www.mandiant.com/resources/protect-against-destructive-attacks
In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against our customers and community. Russia regularly uses its cyber capability to carry out intelligence collection and information operations, but we are particularly concerned that as tensions escalate, they may target organizations within and outside of Ukraine with disruptive and destructive cyber attacks.
Threat actors leverage destructive malware to destroy data, eliminate evidence of malicious activity, or manipulate systems in a way that renders them inoperable. Destructive cyber attacks can be a powerful means to achieve strategic or tactical objectives; however, the risk of reprisal is likely to limit the frequency of use to very select incidents. Destructive cyber attacks can include destructive malware, wipers, or modified ransomware.
Tomi Engdahl says:
Free check to see if your router has been hacked by criminals
https://www.komando.com/safety-security-reviews/see-if-your-router-has-been-hacked/312613/
Tomi Engdahl says:
UK Government to Launch PR Campaign Undermining End-to-End Encryption
https://www.schneier.com/blog/archives/2022/01/uk-government-to-launch-pr-campaign-undermining-end-to-end-encryption.html
Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.
Tomi Engdahl says:
TOP 10 PROGRAMMING LANGUAGES FOR SECURITY PROS ON 2022
https://www.analyticsinsight.net/top-10-programming-languages-for-security-experts-in-2022/
Tomi Engdahl says:
Your Digital Footprint Explained and Why It Matters https://www.pandasecurity.com/en/mediacenter/tips/digital-footprint/
Your digital footprint is the trail of data left behind from all your online activity. Anything you share or do online, from visiting a website to interacting on social media, contributes to your digital footprint. While much of the information stored in your digital footprint is a result of voluntary online activity like sending emails or submitting a contact form, it also involves less obvious information that you might not be aware of, such as a website that tracks and stores your personal data or installs cookies on your device without your knowledge.
Tomi Engdahl says:
2021 Adversary Infrastructure Report
https://www.recordedfuture.com/2021-adversary-infrastructure-report/
Recorded Future tracks the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware, and open-source remote access trojans (RATs). Since 2017, Insikt Group has created detections for 80 families, including RATs, advanced persistent threat (APT) malware, botnet families, and other commodity tools. Recorded Future observed over 10,000 unique command and control (C2) servers during 2021 across more than 80 families. Our collection in 2021 was dominated by Cobalt Strike Team Servers and botnet families, both of which applied more resiliency and stealth measures throughout the year. Report:
https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf
Tomi Engdahl says:
3 Cloud Security Trends to Watch in 2022 https://securityintelligence.com/articles/3-cloud-security-trends-2022/
Many organizations have cloud security on their minds going into 2022.
In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. Thats a growth of 30% over the previous two years. The forecasts discussed above raise an important question.
Where exactly will these businesses and agencies be committing their cloud security spending in 2022? There are three trends to watch over the next 12 months. Keep an eye on cybersecurity mesh, hybrid and multi-cloud environments and cloud-native tools and platforms.
Tomi Engdahl says:
Social media in the workplace: Cybersecurity dos and donts for employees https://www.welivesecurity.com/2022/01/17/social-media-workplace-cybersecurity-dos-donts/
For many of us, showcasing parts of our day-to-day on social media has become a staple of our everyday lives, and that includes our working lives. On one hand, it keeps our friends and acquaintances up to speed with what were doing without necessarily having to exchange messages; on the other hand, it introduces various risks that could affect our employers, colleagues or, indeed, ourselves. In the worst-case scenario, it could even jeopardize your employment should you breach company policies.