Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    As cybersecurity threats rain down on the USA and across the globe, the #CISA has created the Shields Up website that provides a series of threat alerts and guidelines to protect organizations.
    https://www.titanhq.com/blog/new-cisa-cybersecurity-guidelines-for-companies/

    Reply
  2. Tomi Engdahl says:

    In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement
    With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections.
    https://www.darkreading.com/endpoint/post-macro-world-container-files-distribute-malware-replacement

    Reply
  3. Tomi Engdahl says:

    Google delays blocking third-party cookies again, now targeting late 2024
    The Privacy Sandbox API testing will expand starting in August
    https://www.theverge.com/2022/7/27/23280905/google-chrome-cookies-privacy-sandbox-advertising

    Reply
  4. Tomi Engdahl says:

    Cryptographers Achieve Perfect Secrecy With Imperfect Devices
    By
    MORDECHAI RORVIG
    February 25, 2022
    https://www.quantamagazine.org/cryptographers-achieve-perfect-secrecy-with-imperfect-devices-20220225/

    For the first time, experiments demonstrate the possibility of sharing secrets with perfect privacy — even when the devices used to share them cannot be trusted.

    Reply
  5. Tomi Engdahl says:

    17 Best Security Penetration Testing Tools The Pros Use
    https://phoenixnap.com/blog/best-penetration-testing-tools

    Are you seeking the best penetration testing tool for your needs? We have you covered.

    Penetration testing tools are software applications used to check for network security threats.

    Each application on this list provides unique benefits. Easy comparison helps you determine whether the software is the right choice for your business. Let’s dive in and discover the latest security software options on the market.

    Reply
  6. Tomi Engdahl says:

    30 Ways to Validate Configuration Files or Scripts in Linux
    https://www.tecmint.com/check-configuration-files-linux/

    Reply
  7. Tomi Engdahl says:

    Hackers scan for vulnerabilities within 15 minutes of disclosure
    https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/

    System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.

    According to Palo Alto’s 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.

    Reply
  8. Tomi Engdahl says:

    Decentralized IPFS networks forming the ‘hotbed of phishing’
    P2P file system makes it more difficult to detect and take down malicious content
    https://www.theregister.com/2022/07/29/ipfs_phishing_trustwave/

    Reply
  9. Tomi Engdahl says:

    Pretender – Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing
    https://www.kitploit.com/2022/07/pretender-your-mitm-sidekick-for.html?m=1

    Reply
  10. Tomi Engdahl says:

    It really does take a village to keep you secure in the cloud
    https://techcrunch.com/2022/07/30/it-really-does-take-a-village-to-keep-you-secure-in-the-cloud/

    I spoke to a number of vendors, and one theme was clear: Cloud security really is a shared responsibility.

    That idea has been around for some time, but it particularly hit home this week as I listened to various AWS security executives talk about it at the event keynote and through the ensuing conversations I had during the week.

    At a very high level, the cloud vendor has the first level of responsibility for security. It has to make sure that the data centers it runs are secure to the extent that it is within its control. Yet at some point, there is a gray area between the company and the customer. Sure, the vendor can secure the data center, but it can’t save the customer from leaving an S3 bucket exposed, whatever the reason.

    Security is such a complex undertaking that no one entity can be responsible for keeping a system safe, especially when user error at any level can leave a system vulnerable to clever hackers. There have to be communication channels across every level of the organization, with customers and with concerned third parties.

    When an external event like the Log4J vulnerability or the Solarwinds exploit impacts the entire community, it’s not one single vendor’s problem. It’s everyone’s problem.

    The idea is that everyone has to communicate when problems pop up, share the best practices and pull together as a community to the extent possible to prevent or mitigate security events.

    Reply
  11. Tomi Engdahl says:

    Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
    Turns out they’re not all that rare. We just don’t know how to find them.
    https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/

    Reply
  12. Tomi Engdahl says:

    AI Could Become Bigger Threat Than Nuclear Weapons, Warns Ex-Google CEO
    “We’re not ready for the negotiations we need,” Schmidt argues.
    https://www.iflscience.com/ai-could-become-bigger-threat-than-nuclear-weapons-warns-ex-google-ceo-64601

    Reply
  13. Tomi Engdahl says:

    Why Companies Should Not Count On All Employees To Guard Against Cyberattacks
    https://www.forbes.com/sites/edwardsegal/2022/07/26/why-companies-should-not-count-on-all-employees-to-guard-against-cyberattacks/

    As if business leaders don’t have enough to worry about when it comes to guarding their organizations against cyberattacks, today comes word that a third of surveyed employees don’t understand why information security is important—or that they have a role to play in protecting their organizations against those attacks.

    That’s according to the results of a survey from Tessian, a cloud-based email security platform.

    “These stats are alarming because they show people lack clarity in how their role keeps their coworkers and company secure, and they don’t feel empowered to protect the business, nor do they feel like security is part of their normal work,”

    “These findings also highlighted the overall disconnect between security leaders and employees when it comes to security culture,” she observed via email.

    “Virtually all IT and security leaders surveyed (99%) agreed that a strong security culture is important in maintaining a strong security posture. Yet, despite rating their organization’s security eight out of 10, on average, three-quarters of organizations experienced a security incident in the last 12 months.

    “It makes sense then that the majority of organizations have experienced a security incident if employees don’t understand why security is important,” according to Burton.

    Reply
  14. Tomi Engdahl says:

    “Everyone in an organization needs to understand how their work helps keep their coworkers and company secure,” Burton said in a Tessian press release.

    “To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work. It is the security team’s responsibility to create a culture of empathy and care, and they should back up their education with tools and procedures that make secure practices easy to integrate into people’s everyday workflows.

    “Secure practices should be seen as part of productivity. When people can trust security teams have their best interest at heart, they can create true partnerships that strengthen security culture,” she concluded.

    https://www.forbes.com/sites/forbes-personal-shopper/2022/07/31/nordstrom-anniversary-sale-2022/

    Overall, 57% of respondents reported that they or their employees were offered cash or Bitcoins worth less than $500,000. Ransomware attackers primarily contacted executives and employees through email (59%).
    Of the 65% who said they had been approached to assist in a ransomware attack, 49% ended up a victim of ransomware attack.
    Although many (55%) consider themselves moderately or very prepared to defend against ransomware, more than half (51%) rely mostly or exclusively on perimeter defense.

    Reply
  15. Tomi Engdahl says:

    Did you know? You can generate and validate OATH one-time passwords on Linux CLI. Read how to get verification codes free from the oathtool Linux command https://www.cyberciti.biz/faq/use-oathtool-linux-command-line-for-2-step-verification-2fa/

    Reply
  16. Tomi Engdahl says:

    Microsoft announces new external attack surface audit tool
    https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-external-attack-surface-audit-tool/

    Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization’s environment that attackers could use to breach their networks.

    The focus is on unmanaged or unknown assets added to the environment after mergers or acquisitions, created by shadow IT, missing from inventory due to incomplete cataloging, or left out due to rapid business growth.

    Dubbed Microsoft Defender External Attack Surface Management, this new product provides customers with an overview of their businesses’ attack surface, making it simpler to discover vulnerabilities and block potential attack vectors.

    https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-external-attack-surface-management

    Reply
  17. Tomi Engdahl says:

    How cybercrims embrace messaging apps to spread malware, communicate
    Underground forums are so last year. Telegram, Discord offer better privacy, functionality to criminals, says Intel 471
    https://www.theregister.com/2022/08/02/threat_groups_discord_telegram/

    Reply
  18. Tomi Engdahl says:

    Bot army risk as 3,000+ apps found spilling Twitter API keys
    Please stop leaving credentials where miscreants can find them
    https://www.theregister.com/2022/08/02/cloudsek_twitter_api/

    Reply
  19. Tomi Engdahl says:

    The era of rampant self-checkout theft may be coming to an end. Retailers are fighting back, equipping their clunky machines with slick new tech, or reasonable facsimiles, capable of catching shoppers in a lie — and calling them out on it. https://trib.al/B9KikxM

    Reply
  20. Tomi Engdahl says:

    Henkilöllisyys muuttuu digitaaliseksi Suomella merkittävä asema valtavan harppauksen valmistelussa https://www.tivi.fi/uutiset/tv/23cf8da0-039b-49d5-a35f-fb3e84c9628b
    Suomi on ottamassa merkittävää askelta kohti henkilöllisyyden digitalisaatioita. Lompakoissa kannettavien henkilökorttien rinnalle halutaan tarjota henkilöllisyyden todistaminen valtion rakentamalla mobiilisovelluksella. Tietohallintaneuvos Maria Nikkilä valtiovarainministeriöstä kertoo, että digihenkilöllisyyden taustalla on Euroopan unionin ajama eIDAS-asetuksen uudistaminen. Vuonna 2024 uudistuva asetus säätelee sähköisten luottamuspalveluiden, kuten sähköisen allekirjoituksen tai tunnistautumisen toimintaa.

    Reply
  21. Tomi Engdahl says:

    A Deep Dive Into the Residential Proxy Service 911′
    https://krebsonsecurity.com/2022/07/a-deep-dive-into-the-residential-proxy-service-911/
    For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe but predominantly in the United States. 911 says its network is made up entirely of users who voluntarily install its “free VPN” software. But new research shows the proxy service has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which
    911 operated on its own. Researchers at the University of Sherbrooke in Canada recently published an analysis of 911, and found there were roughly 120, 000 PCs for rent via the service, with the largest number of them located in the United States. “The 911[.]re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer, ” the researchers wrote. “During the research we identified two free VPN services that [use] a subterfuge to lure users to install software that looks legitimate but makes them part of the network.
    These two software are currently unknown to most if not all antivirus companies.”

    Reply
  22. Tomi Engdahl says:

    British businesses are under constant cyberattack https://www.pandasecurity.com/en/mediacenter/security/british-businesses/
    New research suggests that one-third of UK organizations come under cyberattack at least once every week. That’s the shocking headline finding in the British government’s annual Cyber Breaches Survey. Of the businesses surveyed, 39% said that they had identified at least one attack in the previous twelve months. Most of the incidents reported 89% were related to phishing attacks where criminals attempted to steal confidential information like passwords from victims. Other common problems included ransomware, malware and denial of service attacks. Because of the potentially devastating nature of the technique, businesses were most concerned about how ransomware could take their operations offline and cause significant damage to finances and corporate reputation. In fact, 20% of respondents reported that cyberattacks had had a negative impact on their operations.

    Reply
  23. Tomi Engdahl says:

    Huonosti kirjoitetut nigerialaiskirjeet ovat historiaa huijausviestit käyvät nyt pelottavan henkilökohtaisiksi https://www.kauppalehti.fi/uutiset/huonosti-kirjoitetut-nigerialaiskirjeet-ovat-historiaa-huijausviestit-kayvat-nyt-pelottavan-henkilokohtaisiksi/afb55920-1bd5-4ffa-95ff-ba390f040dbb
    Takavuosien nigerialaiskirjeet eivät enää ole muodissa. Sen sijaan huijarit tonkivat ihmisten someprofiileja ja etsivät kohteita, joille räätälöidä viestejä. Työelämään liittyvä somepalvelu LinkedIn on erityisen otollinen ympäristö ja maailmanlaajuisesti yli puolet kalasteluhuijauksista liittyvätkin juuri LinkedIniin.

    Reply
  24. Tomi Engdahl says:

    How One Company Survived a Ransomware Attack Without Paying the Ransom https://www.esecurityplanet.com/threats/how-one-company-survived-ransomware/
    Mondoza advises others that disk snapshots and offsite tape with an air gap are the best way to provide a sound recovery pathway after an attack. In his organization’s case, read-only immutable ZFS-based snapshots were stored on an HPE NAS system. Spectra Logic’s own systems were used for onsite and offsite tape storage. Tape storage can take time to recover, but given Spectra Logic’s backup failures, tape media was a good additional backup measure to have. “It took us almost a month to fully recover and get over the ransomware pain, ”
    said Mendoza. He agrees that threat protection is the first line of defense. But a breach is likely to happen eventually. Threat protection technology must be supported by immutability at the data level via snapshots as well as a tape air gap, he said.

    Reply
  25. Tomi Engdahl says:

    Suojelupoliisin päällikkö Antti Pelttari toivoo suomalaisilta järkevää käyttäytymistä verkossa: “Omat tiedot ovat arvokasta kauppatavaraa”
    https://yle.fi/uutiset/3-12534365?origin=rss
    Pelttari korostaa, että Venäjän vaikuttamisyrityksiin tulee edelleen varautua. Suomessa tietoturva on hyvällä tasolla, mutta alati uusiutuvien järjestelmien myötä syntyy myös uusia haavoittuvuuksia.

    Reply
  26. Tomi Engdahl says:

    “Tätä on viety väkisin eteenpäin”: Ficom-pomolta suorat sanat digihenkilöllisyydestä https://www.tivi.fi/uutiset/tv/7e5571c6-ad9b-4a4e-ba02-808139c731cc
    Ict-alan yritysten keskusliitto Ficomin toimitusjohtaja Elina Ussa on huolissaan valtiovarainministeriön valmisteleman digitaalisen henkilöllisyystodistuksen vaikutuksista markkinoille. Tähän mennessä vahvaa sähköistä tunnistautumista ovat hoitaneet pankit ja operaattorit, joista jälkimmäisiä Ficom myös edustaa. “Markkinat muuttuvat aika paljon, kun valtio tulee oman tunnistusvälineensä kanssa tähän rinnalle. Pitää olla tarkkana siitä, että kilpailutilanne säilyy tasavertaisena markkinoilla toimivien ja niille asetettujen ehtojen suhteen”, Ussa sanoo.

    Reply
  27. Tomi Engdahl says:

    Meet Mantis the tiny shrimp that launched 3, 000 DDoS attacks https://www.theregister.com/2022/07/15/mantis_botnet_ddos_attack/
    The botnet behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack has been named after a tiny shrimp. Likewise, the Mantis botnet operates a small fleet of bots (a little over 5, 000), but uses them to cause massive damage specifically, a record-breaking attack.

    Reply
  28. Tomi Engdahl says:

    Tanska kieltää Chromebookit ja Googlen pilvipalvelut maan kouluissa
    https://www.tivi.fi/uutiset/tv/ef7146c4-9ff2-4883-8f9d-73d2c85338d1
    Tanska on kieltänyt Googlen Workspace-pilvipalveluiden käyttämisen maan kouluissa. Päätös tehtiin Helsingörin kunnassa toteutetun selvityksen päätteeksi, jossa tarkasteltiin Googlen keräämään käyttäjädataan liittyviä riskejä. Maan tietosuojaviranomainen Datatilsynet on todennut, että Googlen palvelut eivät vastaa Euroopan tiukkaa gdpr-säädöstä. Sen mukaan Googlen käyttäjäehdoissa yhtiölle annetaan lupa käsitellä kerättyä dataa muissa maissa siitä huolimatta, että data itsessään säilytetään eurooppalaisissa palvelinkeskuksissa.

    Reply
  29. Tomi Engdahl says:

    New ransomware: a cross-platform future
    https://www.kaspersky.com/blog/luna-blackbasta-ransomware/44900/
    Ransomware groups are of late increasingly targeting not only Windows computers, but Linux devices and ESXi virtual machines. We’ve already spotlighted the BlackCat gang, which distributes malware written in the cross-platform language Rust and is capable of encrypting such systems. Our experts analyzed two more malware families that recently appeared on the dark web with similar functionality: Black Basta and Luna.

    Reply
  30. Tomi Engdahl says:

    EU warns of Russian cyberattack spillover, escalation risks https://www.bleepingcomputer.com/news/security/eu-warns-of-russian-cyberattack-spillover-escalation-risks/
    The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking “essential” organizations worldwide could lead to spillover risks and potential escalation.
    “This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation, ” the High Representative on behalf of the EU said Tuesday. “The latest distributed denial-of-service (DDoS) attacks against several EU Member States and partners claimed by pro-Russian hacker groups are yet another example of the heightened and tense cyber threat landscape that EU and its Member States have observed.”

    Reply
  31. Tomi Engdahl says:

    Saitko viestin joltain näistä yrityksistä? Ole varuillasi https://www.iltalehti.fi/tietoturva/a/20d8b021-59bc-47de-bfb7-411cf4a26c4d
    Huijarit eivät pidä kesälomia. Kesäkaudella huijausten kohteena ovat yksityishenkilöiden lisäksi työntekijät, tietoturvayhtiö Check Pointin toisen vuosineljänneksen brändiväärennösraportti osoittaa. Raportti paljastaa, mitä tuotemerkkejä nettirikolliset hyödyntävät eniten kalastellessaan henkilö- ja pankkitietoja. Listan kärjessä on LinkedIn, joka on ollut jo koko alkuvuoden maailman jäljitellyin brändi. Selvityksen mukaan suurin nousu näkyi Microsoftin nimissä lähetetyissä viesteistä, joita oli 13 prosenttia kaikista huijaussähköposteista. Rikolliset ovat imitoineet ahkerasti Microsoftia jo usean vuoden ajan. Suomessa on liikkunut paljon huijausviestejä, mutta myös huijauspuheluita, joissa on esitetty teknistä tukea.

    Reply
  32. Tomi Engdahl says:

    North Korean hackers attack EU targets with Konni RAT malware https://www.bleepingcomputer.com/news/security/north-korean-hackers-attack-eu-targets-with-konni-rat-malware/
    Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan (RAT) capable of establishing persistence and performing privilege escalation on the host. Konni has been associated with North Korean cyberattacks since 2014, and most recently, it was seen in a spear-phishing campaign targeting the Russian Ministry of Foreign Affairs.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*