Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    Suljetaanko Facebook ja Instagram pian suomalaisiltakin?
    Tietosuojavaltuutettu kommentoi kohuttua ratkaisua https://www.is.fi/digitoday/art-2000008932745.html
    Irlannin tietosuojaviranomainen ilmoitti torstaina päätöksen luonnoksesta, jonka mukaan mediayhtiö Meta ei voisi jatkossa lähettää eurooppalaisten käyttäjien tietoja Yhdysvaltoihin. Tämän seurauksena on riskinä, että Metan omistamat palvelut kuten Facebook ja Instagram saattavat sulkea palvelunsa Euroopassa ainakin tilapäisesti. Näin saattaa käydä jo kesän aikana. Keskiverron suomalaisen Facebook-käyttäjän ei kannata tässä tilanteessa kuitenkaan vielä panikoida, sanoo tietosuojavaltuutettu Anu Talus. Tärkeintä on rauhassa seurata, mihin tämä etenee ja kehittyy. Kyseessä on kuitenkin vasta luonnos. Sanoisin, että asian etenemisessä puhutaan useammasta viikosta tai kuukausista.

    Reply
  2. Tomi Engdahl says:

    Piratismikirjeiden lähettäjä käy töihin, tietopyynnöt heti vetämään:
    “Puhutaan päivistä, ei viikoista”
    https://www.is.fi/digitoday/art-2000008928951.html
    Korkeimman oikeuden (KKO) tällä viikolla tekemä päätös johtaa vertaisverkossa tapahtuvan elokuvien ja tv-sarjojen levittämisen valvonnan lisääntymiseen sekä maksuvaatimusten lähettämiseen materiaalia luvattomasti jakaville tahoille. Korkein oikeus päätti, että teleoperaattori DNA:n on luovutettava 34:n luvattomasta materiaalin jakamisesta epäillyn henkilön yhteystiedot elokuvalevittäjä Scanbox Entertainment A/S:lle. Aiemmin markkinaoikeus oli päätynyt määräämään vain 5 henkilön tiedot luovutettavaksi.
    Päätöksessä KKO punnitsi yksityisyyttä ja oikeudenomistajien etua päätyen siihen, että yhteystietojen luovuttaminen ei ole erityisen laaja puuttuminen yksityisyyden suojaan. Korkeimman oikeuden linjaus on ennakkopäätös, joka ohjaa alempien oikeusasteiden tuomioita jatkossa. KKO on myös Suomen ylin oikeusaste, eikä päätökseen voi hakea muutosta.

    Reply
  3. Tomi Engdahl says:

    Suomalaiset menettivät 47 miljoonaa euroa nettihuijauksissa viime vuonna
    https://yle.fi/uutiset/3-12528199
    Suomalaiset menettivät vuonna 2021 nettihuijareille noin 47 miljoonaa euroa. Asiasta kertoo Finanssiala ry tiedotteessaan. (siirryt toiseen
    palveluun) Finanssialan mukaan poliisille tehtiin viime vuonna kaikkiaan 2 500 rikosilmoitusta nettihuijauksista. Finanssialan mukaan huijattu summa olisi voinut olla suurempikin, mutta pankit ja viranomaiset onnistuivat viime vuonna estämään varojen siirtoja huijareille yli 25 miljoonan euron edestä. Viranomaisille ilmoitettujen huijausten rikoshyöty kasvoi vuodesta 2020 vuoteen 2021 lähes kolmanneksen, Finanssialan tiedotteessa kerrotaan.
    Tammi-maaliskuussa 2022 ilmoitusten ja rahallisen rikoshyödyn määrä kuitenkin pieneni yli 40 prosenttia viime vuoden vastaavaan jaksoon verrattuna.

    Reply
  4. Tomi Engdahl says:

    The Age of Collaborative Security: What Tens of Thousands of Machines Witness https://thehackernews.com/2022/07/the-age-of-collaborative-security-what.html
    Do you remember that scene in Batman – The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any given place?. It is an interesting analogy with what we do at CrowdSec. By aggregating intrusion signals from our community, we can offer a clear picture of what is going on in terms of illegal hacking in the world.
    After 2 years of activity and analyzing 1 million intrusion signals daily from tens of thousands of users in 160 countries, we start having an accurate “Batman sonar” global feed of cyber threats. And there are some interesting takeaways to outline. The report:
    https://global-uploads.webflow.com/623ac4fd38806b4967e7c808/62bda4acad9f2f711e822491_Majority_Report_Q42021%20(1)_compressed%20(1).pdf

    Reply
  5. Tomi Engdahl says:

    This Is the Code the FBI Used to Wiretap the World https://www.vice.com/en/article/v7veg8/anom-app-source-code-operation-trojan-shield-an0m
    The FBI operation in which the agency intercepted messages from thousands of encrypted phones around the world was powered by cobbled together code. Motherboard has obtained that code and is now publishing sections of it that show how the FBI was able to create its honeypot. The code shows that the messages were secretly duplicated and sent to a “ghost” contact that was hidden from the users’ contact lists. This ghost user, in a way, was the FBI and its law enforcement partners, reading over the shoulder of organized criminals as they talked to each other.

    Reply
  6. Tomi Engdahl says:

    This Is the Code the FBI Used to Wiretap the World
    Motherboard is publishing parts of the code for the Anom encrypted messaging app, which was secretly managed by the FBI in order to monitor organized crime on a global scale.
    https://www.vice.com/en/article/v7veg8/anom-app-source-code-operation-trojan-shield-an0m

    Reply
  7. Tomi Engdahl says:

    Hackers Using ‘Brute Ratel C4′ Red-Teaming Tool to Evade Detection
    https://www.securityweek.com/hackers-using-brute-ratel-c4-red-teaming-tool-evade-detection

    The Brute Ratel C4 (BRc4) red-teaming and adversarial attack simulation tool has been used by nation-state attackers to evade detection, according to security researchers at Palo Alto Networks.

    Released in December 2020, BRc4 provides a level of sophistication similar to that of Cobalt Strike and has been specifically designed to evade detection by security solutions. The tool is currently sold for $2,500 for a one-year, single user license.

    BRc4’s effectiveness in evading detection, the researchers say, was recently proven by the fact that a sample submitted to VirusTotal in May was not seen as malicious by any of the AV engines used by the malware scanning service.

    The sample was a self-contained ISO containing a shortcut (LNK) file, a malicious DLL, and a copy of the Microsoft OneDrive Updater. When the legitimate tool was executed, DLL order hijacking was employed to load the malicious payload.

    Reply
  8. Tomi Engdahl says:

    Teleyhtiöt kom­mentoivat: Näin tietosi voivat päätyä piratismi­kirjeiden lähet­täjille https://www.is.fi/digitoday/tietoturva/art-2000008932114.html

    Reply
  9. Tomi Engdahl says:

    Or is it too many people that are making money from it? This isn’t new, I just see it as a war on new wealth.. Or a war on “unplanned” wealth.

    TikTok is “unacceptable security risk” and should be removed from app stores, says FCC
    https://blog.malwarebytes.com/privacy-2/2022/07/tiktok-is-unacceptable-security-risk-and-should-be-removed-from-app-stores-says-fcc/

    Brendan Carr, the commissioner of the FCC (Federal Communications Commission), called on the CEOs of Apple and Google to remove TikTok from their app stores. In a letter dated June 24, 2022, Carr told Tim Cook and Sundar Pichai that “TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.”

    Reply
  10. Tomi Engdahl says:

    Pentester says he broke into datacenter via hidden route running behind toilets
    Lock down your ‘piss corridor’ – or even better, don’t have one at all
    https://www.theregister.com/2022/07/07/lock_down_your_piss_corridor/

    Many security breaches involve leaks, but not perhaps in the same way as one revealed by noted security consultant Andrew Tierney, who managed to gain unauthorized access to a datacenter via what he delightfully terms the “piss corridor.”

    Tierney, who works as a consultant for security services outfit Pen Test Partners, revealed in a Twitter thread how one of his more memorable exploits involved demonstrating that it was possible to gain physical access to the supposedly secure area of a datacenter via its toilets.

    Reply
  11. Tomi Engdahl says:

    Fuzzing: Crossing The Gap From Anomaly to Action
    https://www.brighttalk.com/webcast/13983/544472

    2022 Open Source Insights and Trends
    https://www.brighttalk.com/webcast/13983/545971

    Reply
  12. Tomi Engdahl says:

    The commercialization of chiplets is expected to increase the number and breadth of attack surfaces in electronic systems, making it harder to keep track of all the hardened IP jammed into a package and to verify its authenticity and robustness against hackers. https://semiengineering.com/security-risks-widen-with-commercial-chiplets/
    #chiplets

    Reply
  13. Tomi Engdahl says:

    Converting a Malware Dropper to x64 Assembly

    https://pentestmag.com/converting-a-malware-dropper-to-x64-assembly/

    #pentest #magazine #pentestmag #pentestblog #PTblog #malware #dropper #x64 #assembly #conversion #cybersecurity #infosecurity #infosec

    Reply
  14. Tomi Engdahl says:

    Vendors warned the insecurity of the clouds and offering a cloud based security solutions…

    Reply
  15. Tomi Engdahl says:

    Suljetaanko Facebook ja Instagram kesällä? – Tästä on kyse kuumassa keskustelussa
    https://www.helsinginuutiset.fi/paikalliset/4715136

    Suljetaanko Facebook ja Instagram Euroopassa? Tietosuojavaltuutettu perää malttia: “Ei syytä lähteä panikoimaan”
    Irlannin tietosuojaviranomaisen päätösluonnos estäisi Metaa lähettämästä käyttäjistä kerättyä tietoa Euroopasta Yhdysvaltoihin. Meta uhkaa vastatoimena sulkea Facebookin ja Instagramin Euroopassa.
    https://yle.fi/uutiset/3-12529606

    Reply
  16. Tomi Engdahl says:

    Microsoft: Windows Autopatch is now generally available
    https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-is-now-generally-available/

    Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting today.

    Windows Autopatch was first announced in April when Microsoft said it would be available for free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater starting July 2022 (it reached public preview in early June).

    Reply
  17. Tomi Engdahl says:

    Will Plummer’s Raspberry Pi-Powered “Warshipping” Gadget Highlights the Risk of “Phygital” Attacks
    Shipping a misaddressed parcel with a single-board computer inside can offer data-gathering gold, Plummer argues.
    https://www.hackster.io/news/will-plummer-s-raspberry-pi-powered-warshipping-gadget-highlights-the-risk-of-phygital-attacks-4e2ca70c9754

    Reply
  18. Tomi Engdahl says:

    Mergers and acquisitions put zero trust to the ultimate test
    Bypasses an arduous integration process with right security footing from the start
    https://www.theregister.com/2022/07/13/mergers-zero-trust-zscaler/

    he envisioned a number of use cases for the zero-trust platform, from security for a growing distributed, virtualized IT environment a nascent cloud computing environment to improved network visibility and identity governance.

    More recently, mergers, acquisitions, and divestitures have surfaced as key use case as companies increasingly look to add or pare down their businesses against the backdrop of a volatile global economic environment, according Chaudhry, Zscaler’s chairman and CEO.

    “I did not think of this use case when I started the company,” he told The Register. “But our customers realized that the zero-trust architecture that we bring to the table does not require companies to connect networks because we don’t connect people to the network… We use the network merely as transfer and plumbing.”

    Zero trust is getting a hard look by enterprises that are pushing more workloads into the cloud and edge amid more employees working remotely, all of which are beyond the boundaries datacenter security.

    Reply
  19. Tomi Engdahl says:

    Do you need to be a coding expert?
    https://theappsecteam.com/do-you-need-to-be-a-coding-expert/

    Today’s target is the ridiculous and unrealistic requirement of “Expertise with a programming language” in many AppSec job postings.

    This “requirement” is a concern and worry for people trying to break into the industry and can put some people off permanently. Who can blame them? Knowing and understanding the ever-changing landscape of application security is hard enough, let alone the expectation of being competent developers too.

    So do you need to dust off your “Foo’s” and “Bar’s” to get a job in AppSec?

    For an entry-level or general position, the answer is no. It’s not needed. I wouldn’t recommend that you delay or dismiss making a career move because of it.

    Reply
  20. Tomi Engdahl says:

    Is a master’s degree in cybersecurity worth it?
    https://fortune.com/education/business/articles/2022/07/13/is-a-masters-degree-in-cybersecurity-worth-it/

    The cybersecurity world is rapidly expanding as cyber intelligence and protection experts are needed across all industries. Right now, there are more than 714,000 jobs for cyber security professionals open in the U.S., according to Cyberseek. As Greg Simco, chair of the department of computing at Nova Southeastern University puts it—he’s never met a company that has enough computer science and cybersecurity talent.

    Master’s degree programs in cybersecurity are one way into this red-hot job market, but does that mean they are worth it?

    What makes a master’s degree in cybersecurity worth pursuing for both a seasoned professional like Gundert and a newcomer like Reibel?

    A master’s degree in cybersecurity gives you options
    Strategic time management is required to balance work, school, and family—but it’s possible, and it pays off, says Gundert, who is the senior vice president of global intelligence at Recorded Future, a cybersecurity company.

    “More than anything, I think the biggest advantage of the degree is optionality,” he says. “If you’re going to go work for a Fortune 500 enterprise, just getting through the gates typically requires you have a master’s degree.”

    Gundert has been aware of this requirement for a while.

    he figured if he ever does want to move up in the cybersecurity industry, he will have to earn a graduate degree in a related field.

    For top positions, the bar continues to move up, Gundert explains. “If you want to be a CIO, you not only need a master’s degree in something related to cybersecurity or risk management but also probably an MBA.”

    By the end of his master’s degree program, Gundert felt more equipped than ever to face future cybersecurity challenges and the shifting nature of his role. “Now businesses realize how important information security is to the long-term health and viability of the business—they don’t just see it as a drain on profitability,” Gundert says. “They actually see it as a business enabler.”

    A master’s degree in cybersecurity helps you keep up with a fast-moving industry

    “Our industry moves so fast and things change so quickly, that if you’re not constantly learning, you’re sort of falling behind,” Gundert says.

    Workers with a master’s degree in cybersecurity have more than just theoretical knowledge about computer science, they have the specific, applied skills that are in high demand.

    Despite the hundreds of thousands of job openings nationwide, getting a foot in the door can be difficult in the cybersecurity space. Still, a master’s degree can help show employers you have updated skills and experience.

    company does tend to hire professionals with degrees in cybersecurity or a related field.

    “A lot of the value in these programs is happening as schools realize they graduate people who just have a basic understanding of theory—they have to understand practically how things work in these businesses,” Gundert says. “I think the graduate degree helps organizations feel a little bit more comfortable when they’re hiring somebody.”

    Reply
  21. Tomi Engdahl says:

    Why Do Small Businesses Need Cyber Security Policies?
    https://www.vanticatrading.com/post/why-do-small-businesses-and-startups-need-cyber-security-policies

    Data theft, fraud, and security breaches can all harm a company’s systems, technical infrastructure, and reputation.

    Cyber security policies are often written down on paper and signed by the business owner; however, companies don’t back up these policies with enough information. In addition, business owners do not have to worry about cyber-related issues with their chosen insurance option, so they don’t think it’s essential to take the time to write a policy.

    Reply
  22. Tomi Engdahl says:

    China’s ‘mind-reading’ porn detection cap takes censorship to new levels
    https://www.pcgamer.com/chinas-mind-reading-porn-detection-cap-takes-censorship-to-new-levels/?utm_source=facebook.com&utm_campaign=socialflow&utm_medium=social

    The device is around 80% accurate in detecting illicit imagery through human brainwave activity.

    Researchers in China have come up with a new and elaborate way to detect porn for the purpose of censorship. The helmet-like device can detect spikes in human brainwave patters when the watcher is presented with pornographic imagery.

    Porn has been illegal in China since the People’s Republic was formed in 1949, so censorship is a pretty big player over there, if you weren’t aware already. AI bots have, for some time, been set loose on the web in a bid to detect and flag any indecent imagery found. ‘Porn appraisers,’ or jian huang shi, the majority of whom are women, are also in position to help catch what the AI misses, but a lot of things still slip through these barriers and filter out to the porn-starved general public.

    As such, China isn’t satisfied with its current censorship tactics.

    Researchers note that the technology worked almost every single time participants were presented with explicit imagery. However, it did trigger some false alarms. Researchers blame the 80% accuracy on inadequate levels of training material.

    Reply
  23. Tomi Engdahl says:

    In data: The types of payment fraud causing ‘epidemic’ losses
    https://sifted.eu/articles/payment-fraud-cybercrime-data-brnd/?utm_medium=paid-social&utm_source=facebook&utm_campaign=bc_inhouse&utm_content=truelayer_05072022&fbclid=IwAR2FiYFagV_56dBolINTwxYW4G5g_P3sNxjKSmo1buYLu9TCPHW4wQlAN00

    115m stolen debit and credit card details were posted on the dark web in 2020 — and that’s not the only way people’s money is at risk

    Sales from ecommerce are still surging from the pandemic — but where there’s payments, there’s payment fraud.

    While payment fraud used to involve riskier crimes like stealing a physical card or breaking into physical premises, cybercriminals can now take your account details from a computer on the other side of the world. According to a report by cybersecurity firm Gemini, 115m stolen debit and credit card details were posted on the dark web in 2020 — and that’s not the only way people’s money is at risk.

    New data from UK Finance found there is “an epidemic of fraud” in the UK and unauthorised fraud losses across payments, remote banking and cheques totalled more than £730m in 2021.

    But there are solutions, from tighter security measures to identify that customers are who they say they are to open banking, a potential solution for several key types of payment fraud.

    What are the types of payment fraud, and what can be done to prevent it?

    1. Card-not-present fraud is the most common type of card fraud

    Some payment fraud uses stolen bank details, e.g. card details. The most common type of card fraud in the UK is card-not-present fraud where fraudsters purchase products or services online by using stolen card details.

    In 2021, remote purchase fraud was valued at £412.5m — and caused immeasurable stress for customers.

    “By far the biggest problem in the UK with fraud is still unauthorised card transactions”

    “Every time there’s an unauthorised transaction, the customer is being worried about that transaction and it’s causing them distress,” says Wilson. “Even if they can ultimately get a refund from their bank for an unauthorised transaction, it’s still something they have to deal with.”

    As the cost of living bites, it couldn’t be more imperative that people are protected from their money being taken away. Regulators are looking at different ways that can be achieved.

    “It’s a big problem and it’s being tackled with a big solution,” says Wilson. “Regulators have introduced something called strong customer authentication (SCA), which means now that when you’re paying by card, you will often be asked to step up the security, by doing something like adding a one time password into a customer journey or using a fingerprint.”

    However, difficulties in the roll-out of these new rules have cost merchants £130m since they came into effect, according to one major card issuer. Retailers have also reported issues with UX and conversion.

    2. One third of chargebacks are estimated to be fraudulent

    Another type of fraud is confusingly called friendly fraud — or fake chargebacks — but it isn’t very friendly, it’s where fraudsters manipulate a system put in place for security.

    “In card payments you have this extra protection when you use a card to buy something online, which is that you can complain to the merchant if you don’t like what you’ve got, if there’s something defective with your product or the service you’ve received,” says Wilson. “If the merchant doesn’t resolve that for you and you still think the merchant is in the wrong, then you can escalate that to your card issuing bank, which is what is called the chargeback.”

    A study by YouGov and TrueLayer found chargebacks cost merchants (with an average transaction value of over £500) an average of £235k. It’s estimated for each £1 taken by someone committing fraud, merchants lose £1.70.

    “The bottom line is the chargeback regime is really punitive for merchants”

    3. Account takeover fraud is increasing
    Another kind of fraud is when fraudsters take over your account by using phishing techniques or bots to trick you into giving over your username and password before they change the details and lock you out.

    According to Experian, account takeover fraud has increased by more than a third over the past few years.

    More trickery includes authorised push payment fraud where people are tricked into making a bank transfer, often by someone posing as an existing supplier.

    “There’s also a problem in the UK with bank transfers, the type of payment that you make when you go to your online banking and manually input the details,” says Wilson. “That type of payment is susceptible to something called authorised payment push scam, which is APP for short.”

    4. More than 6m customers are now using open banking

    But not all is lost, there are a few ways to combat ecommerce fraud surrounding your bank details. One is confirmation of payee, where a bank will check the name, sort code and account number corresponds to your intended beneficiary and will warn you if they think it’s a scam. Another is open banking.

    “A stronger safeguard is open banking”

    “A stronger safeguard is open banking because when you pay somebody with open banking it uses the rails of an instant bank transfer, so the same rails that manual bank transfers use, but instead of the consumer inputting the account holder name, the account details, it will be the open banking provider who’s entering those details.”

    Not only does open banking pre-populate payment instructions, reducing the risk of human error and customers being tricked into sending the money to a fraudster, but open banking providers also onboard and carry out diligence with merchants.

    The Open Banking Implementation Entity (OBIE) recently announced that the UK has reached 6m users and 5m monthly open banking payments.

    “Open banking payments don’t involve sharing any kind of data that can be used to commit fraud,”

    Reply
  24. Tomi Engdahl says:

    20 Most Popular Cybersecurity Skills to Boost Your Career
    https://the-next-trends.com/security/20-most-popular-cybersecurity-skills-to-boost-your-career/

    Cybersecurity, the practice of protecting networks, devices, and data from unauthorized access or theft, has never been more important. The demand for cybersecurity professionals is growing faster than the supply. The number of cybersecurity jobs that are unfilled rose to 3.5 million in 2021 from 1 million in 2014. According to the Bureau of Labor Statistics, cybersecurity jobs will increase by 33% between 2020-2030. Vasu Jakkal, corporate vice president for Security, Compliance, and Identity, Microsoft, stated, “Cybersecurity requires you.”

    Reply
  25. Tomi Engdahl says:

    https://www.facebook.com/groups/2600net/permalink/3363414260548342/

    Cryptography and Security
    This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM) and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.
    https://arxiv.org/abs/2207.07413v1

    Reply
  26. Tomi Engdahl says:

    tproxy : A cli tool to proxy and analyze TCP connections.

    Reply
  27. Tomi Engdahl says:

    ‘Some staff work behind armoured glass’: a cybersecurity expert on The Undeclared War
    Saara (Hannah Khalique-Brown) and John (Mark Rylance) in the GCHQ canteen, in episode two of The Undeclared War.
    How realistic is Peter Kosminsky’s Channel 4 drama about an IT attack on the UK? Very, according to one of the UK’s top digital intelligence experts
    https://www.theguardian.com/tv-and-radio/2022/jul/07/some-staff-work-behind-armoured-glass-a-cybersecurity-expert-on-the-undeclared-war

    Reply
  28. Tomi Engdahl says:

    The US military wants to understand the most important software on Earth
    Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted
    https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*