Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Chris Gilliard / Wired:
Machine learning-powered surveillance systems will never eliminate the risk of US school shootings, no matter how expansive and intricate the systems become
School Surveillance Will Never Protect Kids From Shootings
The failure is not only in the spurious systems, but in the belief that more data can improve them.
https://www.wired.com/story/school-surveillance-never-protect-kids-shootings/
Tomi Engdahl says:
How to Present Cloud Risk to the Board
https://www.trendmicro.com/en_us/ciso/22/f/cloud-risk-management-assessment-plan.html
Quantifying and qualifying cyber risk is a longstanding challenge for CISOs. It was already a challenge for on-premise infrastructure when you knew what assets you had and where all the data lived. Cloud migration raises the bar, making it even more challenging to pinpoint cyber risk with a growing digital attack surface composed of distributed infrastructure and independently managed cloud resources used across the company. To help empower CISOs to more succinctly present their cloud risk and security posture to their board, we asked ourselves, “If a CISO has 15 minutes and one slide to present to the board, how could they communicate their company’s cloud risk?”
Reply
Tomi Engdahl says:
What to do about inherent security flaws in critical infrastructure?
Industrial systems’ security got 99 problems and CVEs are one. Or more
https://www.theregister.com/2022/07/03/inherent_security_flaws_ics/
Tomi Engdahl says:
The hacking industry faces the end of an era
But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.
https://www.technologyreview.com/2022/06/27/1054884/the-hacking-industry-faces-the-end-of-an-era/
Tomi Engdahl says:
https://www.howtogeek.com/667423/how-to-share-wi-fi-passwords-from-android-to-any-smartphone/
Tomi Engdahl says:
https://thehackernews.com/2022/07/some-worms-use-their-powers-for-good.html
Tomi Engdahl says:
Norjan yleisradioyhtiön selvitys: Venäläistroolarit olivat paikalla, kun Norjan merikaapelit mystisesti vaurioituivat
https://yle.fi/uutiset/3-12519942
Norjan yleisradion mukaan sekä Vesterålenin merentutkimuskaapelin katoamisen että Huippuvuorten satelliittikaapelin katkeamisen aikaan paikalla liikkui useampi venäläinen kalastusalus.
Tomi Engdahl says:
Pentagon Warns Of Serious Threat To Global Economy From Blockchain Vulnerabilities
https://www.benzinga.com/markets/cryptocurrency/22/06/27901337/pentagons-latest-report-reveals-susceptibilities-on-blockchain
ZINGER KEY POINTS
The Pentagon’s report reveals vulnerabilities existing in the blockchain, focusing on Ethereum and Bitcoin.
The research highlights the threat posed to large-scale institutions intertwined with blockchain technologies.
Tomi Engdahl says:
Why Cloud Networking is a must for Flexibility, Scalability, and Visibility
https://pentestmag.com/why-cloud-networking-is-a-must-for-flexibility-scalability-and-visibility/
Tomi Engdahl says:
https://futurism.com/the-byte/crypto-ceo-exchanges-secretly-insolvent
Tomi Engdahl says:
https://www.securityweek.com/elusive-goal-network-security
Tomi Engdahl says:
Protecting GNSS Against Intentional Interference
24 Mar 2022, Helsinki, Finland
https://blogs.helsinki.fi/gnss-24mar2022/
Tomi Engdahl says:
https://go.recordedfuture.com/book-4?utm_campaign=threat-intelligence-handbook-ebook&utm_source=securityweek&utm_medium=cpc&utm_content=20220510&utm_term=dedicated
Tomi Engdahl says:
Näin sinä voit varautua mahdollisen Nato-jäsenyyden aiheuttamiin kyberuhkiin – listaamme kuusi tapaa
https://yle.fi/uutiset/3-12440524
Tavallisen ihmisen kannattaa varautua mahdollisiin kyberhyökkäyksiin huolehtimalla riittävästä kotivarasta. Yle keräsi asiantuntijoilta vinkkejä mahdollisiin uhkiin varautumiseen.
Tomi Engdahl says:
Sandstone CTO shares how to assess cyber risk in the cloud
https://www.trendmicro.com/en_us/ciso/22/e/cyber-risk-assessment-sandstone-cto.html
Tomi Engdahl says:
Anatomy of a campaign to inject JavaScript into compromised WordPress sites
Reverse-engineered code redirects visitors to dodgy corners of the internet
https://www.theregister.com/2022/05/13/wordpress-redirect-hack/
Tomi Engdahl says:
ICEAPPLE:
A NOVEL INTERNET
INFORMATION
SERVICES (IIS)
POST-EXPLOITATION
FRAMEWORKUnderstanding the threat to your IIS servers
https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf
Tomi Engdahl says:
https://www.cybersecuritydive.com/signup/?utm_source=Techmeme&utm_medium=site&utm_campaign=Techmeme-042022
Tomi Engdahl says:
Turvallisuuskriittisen teknologian trendit 2022 -katsaus
Erillisverkkojen toisessa teknologiatrendit -katsauksessa aiheena on erityisesti Ukrainan sota tietoliikenteen ja mobiiliverkkojen näkökulmasta. Tarkastelemme myös erilaisia kehittyviä avaruuspalveluja ja niiden mahdollisuuksia viranomaisille ja turvallisuustoimijoille.
https://www.erillisverkot.fi/turvallisuuskriittisen-teknologian-trendit/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13597-electronica-keskittyy-aelykkaeaeseen-energiaan
Tomi Engdahl says:
https://cisofy.com/lynis/
Tomi Engdahl says:
https://yle.fi/aihe/artikkeli/2017/02/01/digitreenit-17-salasanakone-testaa-kuinka-nopeasti-salasana-murretaan
Tomi Engdahl says:
https://etn.fi/index.php/13-news/13652-yksi-johdin-paljastaa-vaeaerennoekset
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/05/30/mobiilimaksaminen-yleistyy-kateisella-rahalla-edelleen-kayttoa/
Tomi Engdahl says:
7 Security Risks and Hacking Stories for Web Developers
https://www.youtube.com/watch?v=4YOpILi9Oxs
Tomi Engdahl says:
https://www.huoltovarmuuskeskus.fi/a/kyberturvallisuus-vaatii-jatkuvaa-tyota
Tomi Engdahl says:
https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF
Tomi Engdahl says:
https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2021/106001/
Tomi Engdahl says:
https://www.dragos.com/blog/the-value-of-penetration-testing-ics-ot-environments/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/03/01/maksuton-kyberturvallisuuskurssi-tarjolla/
Tomi Engdahl says:
https://www.avoin.jyu.fi/fi/opintotarjonta/informaatioteknologia/kyberturvallisuus
Tomi Engdahl says:
ENISA and CERT-EU publish set of cybersecurity best practices for public and private organizations
The European Union Agency for Cybersecurity (ENISA) and CERT-EU published a joint set of cybersecurity best practices for public and private organizations in the EU.
https://www.helpnetsecurity.com/2022/02/21/eu-cybersecurity-best-practices/
Tomi Engdahl says:
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it.
Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging. The sample contained a malicious payload associated with Brute Ratel C4 (BRc4), the newest red-teaming and adversarial attack simulation tool to hit the market. While this capability has managed to stay out of the spotlight and remains less commonly known than its Cobalt Strike brethren, it is no less sophisticated. Instead, this tool is uniquely dangerous in that it was specifically designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. Its effectiveness at doing so can clearly be witnessed by the aforementioned lack of detection across vendors on VirusTotal.
Tomi Engdahl says:
Hive ransomware gets upgrades in Rust
https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/
Hive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service (RaaS) ecosystem.
With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem. The upgrades in the latest variant are effectively an overhaul: the most notable changes include a full code migration to another programming language and the use of a more complex encryption method.
Tomi Engdahl says:
Preparing for the long haul: the cyber threat from Russia https://www.ncsc.gov.uk/blog-post/preparing-the-long-haul-the-cyber-threat-from-russia
Although the UK has not experienced severe cyber attacks in relation to Russia’s invasion of Ukraine, now is not the time for complacency.
In the five months since that guidance was published, we have seen significant cyber activity in Ukraine, with sustained intent from Russia to destroy or disrupt Ukrainian government and military systems. This has had effects beyond Ukraine’s borders; the UK government stated Russia was behind a cyber attack on a global communications company, on the eve of the invasion, which affected windfarms and internet users in central Europe.
Tomi Engdahl says:
Google allowed sanctioned Russian ad company to harvest user data for months https://arstechnica.com/information-technology/2022/07/google-allowed-sanctioned-russian-ad-company-to-harvest-user-data-for-months/
The day after Russia’s February invasion of Ukraine, Senate Intelligence Committee Chairman Mark Warner sent a letter to Google warning it to be on alert for “exploitation of your platform by Russia and Russian-linked entities, ” and calling on the company to audit its advertising business’s compliance with economic sanctions. But as recently as June 23, Google was sharing potentially sensitive user data with a sanctioned Russian ad tech company owned by Russia’s largest state bank.
Tomi Engdahl says:
New Innovation Agenda launched to boost EU startup ecosystem https://www.euractiv.com/section/digital/news/new-innovation-agenda-launched-to-boost-eu-startup-ecosystem/
The Commission on Tuesday (5 June) released its new European Innovation Agenda, setting out five core channels through which it will seek to boost deep tech investment and innovation within the EU.
Tomi Engdahl says:
KKO: Nettipiratismista epäiltyjen tiedot saa luovuttaa https://www.is.fi/digitoday/art-2000008927051.html
Korkein oikeus (KKO) on päätynyt tuoreessa ratkaisussaan siihen, että teleoperaattoreita voidaan velvoittaa luovuttamaan piratismista epäiltyjen internet-käyttäjien yhteystietoja. KKO:n tulkinta on päinvastainen kuin markkinaoikeuden kanta vuonna 2017. Markkinaoikeus linjasi tuolloin, ettei teleoperaattorin tarvinnut luovuttaa elokuvaa jakaneen internet-käyttäjän tunnistetietoja.
Tomi Engdahl says:
Derek B. Johnson / SC Media:
NIST selects four encryption algorithms designed to withstand future quantum computing hacking threats to be part of its post-quantum cryptographic standard — For years, the National Institute for Standards and Technology have been working on a project to identify and vet a handful
NIST unveils four algorithms that will underpin new ‘quantum-proof’ cryptography standards
https://www.scmagazine.com/analysis/emerging-technology/nist-unveils-four-algorithms-that-will-underpin-new-quantum-proof-cryptography-standards
For years, the National Institute for Standards and Technology have been working on a project to identify and vet a handful of new encryption algorithms that can help protect federal computers and systems from hacking threats powered by quantum computing.
On Tuesday, the agency announced four new algorithms that will underpin its future cryptography standards by 2024. They include one algorithm for general encryption purposes (CRYSTALS-Kyber) and another three for digital signatures and identity verification (CRYSTALS-Dilithium, Falcon and Sphincs+).
NIST mathematician and project lead Dustin Moody told SC Media that at this stage, all the finalists had met baseline standards and the choice came down to small but measurable differences in things like speed and ease of use.
NIST and others have consistently promoted the concept of “crypto-agility,” or building encryption protocols that can switch out different algorithms with as little impact to performance and reliability as possible. While many experts believe the algorithms that have made it to this stage have proven they can defend against hacks from a cryptographically-relevant quantum computer, the fact that such a thing does not currently exist means there are some assumptions built in.
“It is currently not clear if they can be broken, but it is clear that after looking very carefully we did not find a trivial way,”
While mathematicians and cryptographers have done all the due diligence they can, quantum computers are meant to solve problems innumerably more complex than humans are capable of, and thus it wise not to base the safety of the world’s data on any one approach that could represent a single point of failure.
It’s not just federal agencies that will likely end up using these standards. Multiple companies and experts in post-quantum cryptography have told SC Media that NIST standards will likely end up being adopted by large swaths of the private sector as well as international standards bodies.
Tomi Engdahl says:
Foo Yun Chee / Reuters:
EU lawmakers pass the Digital Services Act and the Digital Markets Act, seeking to regulate US tech giants, but limited resources could hamstring enforcement — EU lawmakers gave the thumbs up on Tuesday to landmark rules to rein in the power of tech giants such as Alphabet (GOOGL.O) …
EU lawmakers pass landmark tech rules, but enforcement a worry
https://www.reuters.com/technology/eu-lawmakers-pass-landmark-tech-rules-enforcement-worry-2022-07-05/
Tomi Engdahl says:
https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Lokitusohje.pdf
Tomi Engdahl says:
Forrester Checklist: Business Case for Cybersecurity Risk Ratings in TPRM
https://www.riskrecon.com/forrester-business-case-for-cybersecurity-risk-ratings
Tomi Engdahl says:
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel https://www.bleepingcomputer.com/news/security/ransomware-hacking-groups-move-from-cobalt-strike-to-brute-ratel/
Hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. Corporate cybersecurity teams commonly consist of employees who attempt to breach corporate networks (red team) and those who actively defend against them (blue team). Both teams then share notes after engagements to strengthen the cybersecurity defenses of a network.
Tomi Engdahl says:
Hacking wind turbines – Explained
https://harmvandenbrink.medium.com/hacking-wind-turbines-explained-230997db62f6
In Europe we see a tremendous rise of wind farms. Which is good, because it’s a sustainable source of energy. What worries me, is how well it is secured. Or let me rephrase that, what worries me is that we use ancient and outdated technology and software in the systems that provide our daily energy. In april 2022 it hit the news that a large wind turbine manufacturer was hacked and they switched off their IT systems in multiple locations. Ransomware hit the manufacturer and brought it to a stand still. In November 2021 another manufacturer was compromised by a ransomware attack. They were able to recover within 3 weeks from the hack.
Tomi Engdahl says:
NIST Announces Post Quantum Encryption Competition Winners
https://www.securityweek.com/nist-announces-post-quantum-encryption-competition-winners
The National Institute of Standards and Technology (NIST) announced July 5, 2022, the first group of four encryption tools designed to tackle the looming threat of quantum computer crypto cracking capabilities. Four more are still being evaluated, and finalists from these will be announced in the future.
The intention has always been to have more than one quantum resistant standard option for each category. The four announced on July 5, 2022, are CRYSTALS-Kyber (for general encryption), and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (for digital signatures).
Tomi Engdahl says:
DoD Launches ‘Hack US’ Bounties for Major Flaws in Publicly Exposed Assets
https://www.securityweek.com/dod-launches-hack-us-bounties-major-flaws-publicly-exposed-assets
Tomi Engdahl says:
Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks
https://www.securityweek.com/researchers-flag-significant-escalation-software-supply-chain-attacks
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages siphoning user data from mobile and desktop applications.
The latest attack, dubbed Iconburst, is described as a widespread and coordinated campaign to install malicious Javascript packages offered via the open source NPM package manager.
“Upon closer inspection, we discovered evidence of a coordinated supply chain attack, with a large number of NPM packages containing jQuery scripts designed to steal form data from deployed applications that include them,” the company said in a research note published this week.
“While the full extent of this attack isn’t yet known, the malicious packages we discovered are likely used by hundreds, if not thousands of downstream mobile and desktop applications as well as websites. In one case, a malicious package had been downloaded more than 17,000 times,” ReversingLabs added.
Tomi Engdahl says:
US, UK Leaders Raise Fresh Alarms About Chinese Espionage
https://www.securityweek.com/us-uk-leaders-raise-fresh-alarms-about-chinese-espionage
The head of the FBI and the leader of Britain’s domestic intelligence agency raised alarms Wednesday about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
FBI Director Christopher Wray reaffirmed previous concerns in denouncing economic espionage and hacking operations by China as well as the Chinese government’s efforts to stifle dissent abroad. But his speech was notable because it took place at MI5’s London headquarters and alongside the agency’s director general, Ken McCallum, in an intended show of Western solidarity.
Tomi Engdahl says:
Is an Infrastructure War on the Horizon?
https://www.securityweek.com/infrastructure-war-horizon
On February 24, Russia launched its full-scale assault on Ukraine. The invader’s weapons included tanks, heavy artillery… and software. On April 8, attackers armed with Industroyer2, a species of malware designed to incapacitate power stations and plunge whole cities into darkness, managed to briefly penetrate Ukrainian defenses, putting two million homes at risk. The attack was successfully repelled, but it communicated a chilling message to the world: The era of cyberwarfare has begun.
As newscaster Ted Koppel detailed in his 2016 best-seller, Lights Out, America’s infrastructure is all too vulnerable. Since then, things have only gotten worse. According to a recent IBM report, the manufacturing sector is now the number one target for ransomware, accounting for 23 percent of all attacks. The top vectors for these attacks were vulnerabilities that organizations hadn’t or couldn’t patch (47%) and, no surprise, phishing (43%).
The typical targets of attack within a manufacturing organization are the Industrial Control Systems (ICS), which control the operation of everything from turbines and values to robotic welding stations. Because an ICS manages physical machinery, successful exploits by bad actors can have extremely serious consequences, including enormous economic damage and even loss of human life. And because the same types of systems manage municipal water supplies and regional power generation, the potential for a real catastrophe exists. The problem of defending critical infrastructure has both technical and governmental aspects.
The Technical Perspective: Defend the Perimeters
On the technical side, the rapid growth of IoT technology, for all its promise, has clearly increased the possibilities of successful exploits. The leading ICS systems at the turn of the century were SCADA systems (Supervisory Control and Data Acquisition), which combined hardware and software to automate industrial processes. Importantly, SCADA systems were not connected to the internet. In fact, they were often “air-gapped,” with no connection to the outside world whatsoever.
IoT technology became a factor in the manufacturing sector around 2010 and has quickly gained serious traction. Its total world market was roughly $389 billion in 2020 and is forecast to reach $1 trillion by 2030. IoT applications are often implemented on top of existing SCADA systems but may slowly replace them over time. The adoption of IoT technology used to connect SCADA systems to the internet either directly or indirectly dramatically increases the risk of a successful exploit.
It has become extremely important for manufacturers, utilities and other infrastructure targets to make sure that their core systems such as ERP are appropriately updated. Intrusion and prevention systems should be in place to detect and respond to anomalies so that the damage that intrusions cause is minimized.
The second technical takeaway here is that perimeter defense is more important than ever. Since phishing continues to be a top attack vector, organizations need to focus on preventing malicious URLs from reaching the network, even when employees make the mistake of clicking on an unknown link – which they do. Fortunately, endpoint technology is now available that can evaluate mouse click events and block malicious URLs before malware ever reaches the network, at which point it’s often too late.
The Government’s Role: Partnering for Protection
Tomi Engdahl says:
US And UK Security Services Warn Of China Risks https://www.forbes.com/sites/emmawoollacott/2022/07/07/us-and-uk-security-services-warn-of-china-risks/
The heads of the FBI and MI5 have warned that China is carrying out cyber espionage on a massive scale, carrying out more hacking than every other major country combined. In their first ever joint address,
MI5 director general Ken McCallum and FBI director Chris Wray warned that China represents the biggest long-term threat to economic and national security. “If you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the CCP, ” said McCallum.