Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Ict-johtajalta suorat sanat ministeriön digihenkilöllisyyshankkeesta:
“Sotkee markkinaa, viety väkisin eteenpäin”
https://www.kauppalehti.fi/uutiset/ict-johtajalta-suorat-sanat-ministerion-digihenkilollisyyshankkeesta-sotkee-markkinaa-viety-vakisin-eteenpain/397083de-1d7a-413b-a6a7-04024b8650d3
Ict-alan yritysten keskusliitto Ficomin toimitusjohtaja Elina Ussa on huolissaan valtiovarainministeriön valmisteleman digitaalisen henkilöllisyystodistuksen vaikutuksista markkinoille. Tähän mennessä vahvaa sähköistä tunnistautumista ovat hoitaneet pankit ja operaattorit, joista jälkimmäisiä Ficom myös edustaa. “Markkinat muuttuvat aika paljon, kun valtio tulee oman tunnistusvälineensä kanssa tähän rinnalle. Pitää olla tarkkana siitä, että kilpailutilanne säilyy tasavertaisena markkinoilla toimivien ja niille asetettujen ehtojen suhteen”, Ussa sanoo. Hallituksen esityksessä korostetaan digihenkilöllisyyshankkeen liittyvän enemmän julkisen vallan käyttöön kuin taloudelliseen toimintaan. Esityksessä kuitenkin arvioidaan, että hankkeella voi olla vaikutuksia sähköisen tunnistautumisen yleiseen hintatasoon ja sitä myötä liiketoiminnan kannattamiseen.
Tomi Engdahl says:
Huolettaako Android-sovelluksen turvallisuus? Google peruu kiistellyn päätöksensä https://www.tivi.fi/uutiset/tv/5d7704db-f3ff-4bb3-80b0-2e516d2f6cda
Googlen päätös piilottaa sovellusten oikeusvaatimukset ja korvata ne erillisellä Data Safety -näkymällä Play Storessa on aiheuttanut kovaa kritiikkiä. Data Safety -osion kautta saattoi seurata, mitä tietoja sovellukset käyttäjästään keräävät ja miten dataa käytetään. Ongelmana oli kuitenkin se, että näkymän tiedot olivat peräisin kehittäjiltä.
Sen sijaan Play Storessa aiemmin ollut näkymä sovellusten vaatimista oikeuksista on peräisin suoraan Googlelta. Se on omiaan vähentämään kehittäjien mahdollisia huijaushaluja. Googlen mukaan yhtiö palauttaa sovelluksen oikeusnäkymän käyttäjäpalautteen seurauksena. Sovellusten vaatimat oikeudet tulevat näkyville Data Safety -näkymän lisäksi, eivät sen tilalle.
Tomi Engdahl says:
Viranomaiset huolissaan halutut muutokset potilastietojen käsittelyyn voivat “paljastaa erityisen arkaluonteisia tietoja”
https://www.is.fi/digitoday/tietoturva/art-2000008964957.html
EUROOPAN unionin suunnitelmat kansalaisten terveystietojen, kuten potilastietojen, varalle uhkaavat vaarantaa ihmisten yksityisyyden, Euroopan tietosuojaneuvosto ja Euroopan tietosuojavaltuutettu arvioivat.
Tomi Engdahl says:
Microsoft reminder: Windows Server 20H2 reaches EOS next month https://www.bleepingcomputer.com/news/microsoft/microsoft-reminder-windows-server-20h2-reaches-eos-next-month/
Microsoft has reminded customers once again that Windows Server, version 20H2, will be reaching its End of Service (EOS) in less than a month, on August 9.
Tomi Engdahl says:
Asiakirjat paljastavat: Googlen toimittama salainen teknologia mahdollistaa ihmisten valvonnan https://www.tivi.fi/uutiset/tv/28573d35-2c48-48ec-abd4-c6d85ba1c43c
Teknologiajätti Google myy Israelin hallitukselle useita kehittyneitä
tekoäly- ja koneoppimisen kyvykkyyksiä kiistanalaisen Project Nimbus
- -sopimuksensa kautta. Israelin valtiovarainministeriö julkisti Amazonin ja Googlen kanssa tehdyn pilvilaskentasopimuksen huhtikuussa 2021. Sopimukseen liittyvistä harjoitusasiakirjoista selviää, että Google tarjoaa Israelin hallitukselle täyden sarjan koneoppimis- ja tekoälytyökaluja Google Cloud Platformin kautta. Asiakirjat eivät tuo ilmi tarkkaa teknologian käyttötarkoitusta. Ne antavat kuitenkin ymmärtää, että Googlen palvelut antavat Israelille kyvykkyyksiä kasvojentunnistukseen, automaattiseen kuvien luokittelun, kohteiden seuraamiseen ja jopa tunteiden analysointiin kuvista, kirjoituksesta tai puheesta.
Tomi Engdahl says:
UK Spy Agency MI5 Breached Surveillance Laws For More Than A Decade’
https://www.forbes.com/sites/emmawoollacott/2022/07/26/uk-spy-agency-mi5-breached-surveillance-laws-for-more-than-a-decade/?sh=4c63a82c1ea9
A UK tribunal has been told that security service MI5 has been breaching surveillance laws since 2010, and unlawfully obtaining bulk surveillance warrants against the public. Human rights groups Liberty and Privacy International have told the Investigatory Powers Tribunal that MI5 has stored data on members of the public without the legal right to do so, and failed to disclose this to the Home Office and oversight bodies. It breached safeguards around how long data was retained, who had access to it, and how legally privileged material such as private correspondence between lawyers and clients was protected, they say.
Tomi Engdahl says:
Data breach costs record $4.3M with firms passing buck to customers
https://www.zdnet.com/article/data-breach-costs-record-4-3m-with-firms-passing-buck-to-customers/#ftag=RSSbaffb68
Organisations in the US saw the highest average cost of a breach, which climbed 4.3% to $9.44 million, followed by the Middle East region where the average cost clocked at $7.46 million this year, up from $6.93 million in 2021. Canada, the UK, and Germany rounded up the top five pack, chalking at average losses of $5.64 million, $5.05 million, and $4.85 million per breach, respectively.
Tomi Engdahl says:
As Microsoft blocks Office macros, hackers find new attack vectors https://www.bleepingcomputer.com/news/security/as-microsoft-blocks-office-macros-hackers-find-new-attack-vectors/
Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments.
Tomi Engdahl says:
Mökkihuijaus levisi hurjaa vauhtia ethän osallistunut tähän “arvontaan” Facebookissa?
https://www.is.fi/digitoday/tietoturva/art-2000008971954.html
VIIME vuonna Facebookissa keräsi hurjaa suosiota huijaus, jonka tarkoituksena oli kerätä suomalaisten käyttäjien tietoja. Tuolloin Pieneksi-niminen sivu lupaili arpoa pienen mökin kommentoivien kesken ja kehotti jakamaan sekä tykkäämään julkaisusta.
Tomi Engdahl says:
Senators Introduce Quantum Encryption Preparedness Law https://www.infosecurity-magazine.com/news/senators-quantum-encryption-law/
A bill to help secure US government cryptographic systems against attack from quantum computers has passed the House and has now advanced to the Senate. The Quantum Computing Cybersecurity Preparedness Act introduces requirements for federal agencies to identify systems using cryptography and prioritize them for migration.
Tomi Engdahl says:
Synkkä tieto: hakkerit iskevät paljastuneeseen haavaan 15 minuutissa
https://www.tivi.fi/uutiset/tv/1233ee2d-3fd8-4b39-a4b5-7874659d9896
Tietoturvayhtiö Palo Alto Networksin Unit 42 -yksikön mukaan aikaikkuna haavoittuvuuden löytymisen ja mahdollisen iskun välillä on kaventumassa.
Tomi Engdahl says:
APT trends report Q2 2022
https://securelist.com/apt-trends-report-q2-2022/106995/
For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
Tomi Engdahl says:
US govt warns Americans of escalating SMS phishing attacks https://www.bleepingcomputer.com/news/security/us-govt-warns-americans-of-escalating-sms-phishing-attacks/
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money.
Tomi Engdahl says:
US Federal Communications Commission (FCC) warns of the rise of smishing attacks https://securityaffairs.co/wordpress/133865/cyber-crime/fcc-warns-smishing-attacks.html
The Federal Communications Commission (FCC) issued an alert to warn Americans of the rising threat of smishing (robotexts) attacks aimed at stealing their personal information or for financial scams.
Tomi Engdahl says:
Steam, PayPal blocked as Indonesia enforces new Internet regulation https://www.bleepingcomputer.com/news/security/steam-paypal-blocked-as-indonesia-enforces-new-internet-regulation/
The Indonesian Ministry of Communication and Information Technology, Kominfo, is now blocking access to internet service and content providers who had not registered on the country’s new licensing platform by July 27th, 2022, as the country begins to restrict access to online content providers and services
Tomi Engdahl says:
Wolf in sheep’s clothing: how malware tricks users and antivirus https://www.bleepingcomputer.com/news/security/wolf-in-sheep-s-clothing-how-malware-tricks-users-and-antivirus/
One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks.
Tomi Engdahl says:
35, 000 code repos not hackedbut clones flood GitHub to serve malware https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
Thousands of GitHub repositories were forked (copied) with their clones altered to include malware, a software engineer discovered today.
Tomi Engdahl says:
Kiristyshyökkäyksistä yllättävä luku rikollisten ahneus ylitti kipurajan https://www.is.fi/digitoday/tietoturva/art-2000008974295.html
KIRISTYSOHJELMIEN levittäjillä on kasvava ongelma: Uhrit, jotka eivät suostu tai edes pysty maksamaan vaadittuja lunnaita. Tämä käy ilmi tietoturvayhtiö Covewaren toista vuosineljännestä koskevasta katsauksesta.
Tomi Engdahl says:
TLP 2.0 is here
https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Earlier this week, the global Forum of Incident Response and Security Teams or FIRST, as it is commonly known published a new version of its Traffic Light Protocol standard. he Traffic Light Protocol (TLP) is commonly used in the incident response community, as well as in the wider security space, to quickly and in a standardized way indicate any limitations on further sharing of any transferred information. The new version of the standard brings several important changes, the most visible one having to do with the classification labels.
Tomi Engdahl says:
Top of the Pops: Three common ransomware entry techniques https://research.nccgroup.com/2022/08/04/top-of-the-pops-three-common-ransomware-entry-techniques/
Ransomware has been a concern for everyone over the past several years because of its impact to organisations with the added pressure of extortion and regulatory involvement. However, the question always arises as to how we prevent it. Prevention is better than cure and hindsight is a virtue. This blog post aims to cover some high-level topics around ransomware groups, affiliates and their initial entry tactics.
Tomi Engdahl says:
GitHub blighted by researcher who created thousands of malicious projects https://nakedsecurity.sophos.com/2022/08/04/github-blighted-by-researcher-who-created-thousands-of-malicious-projects/
Just over a year ago, we wrote about a cybersecurity researcher who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI. This person went by the curious nickname of Remind Supply Chain Risks, and the packages had project names that were generally similar to well-known projects, presumably in the hope that some of them would get installed by mistake, thanks to users using slightly incorrect search terms or making minor typing mistakes when typing in PyPI URLs.
Tomi Engdahl says:
The evolution of security: the story of Code Red https://www.kaspersky.com/blog/history-lessons-code-red/45082/
Code Red was a worm that targeted Windows-based systems with Microsoft IIS (Internet Information Services for Windows Server) installed. Its story has a happy beginning at least: the spread of the malware was detected right at the start of the outbreak. Code Red discoverers were researchers at eEye Security, who at the time of detection (July 13,
2001) just so happened to be developing a system for finding Microsoft IIS vulnerabilities. All of a sudden, their test server stopped responding. This was followed by a sleepless night, which they spent poring over the system logs looking for the traces of infection. They named the malware after the first object that caught their blurry eye:
a can of Mountain Dew Code Red soda.
Tomi Engdahl says:
FEMA issues warning to emergency alert system managers that devices could be hacked https://therecord.media/fema-issues-warning-to-emergency-alert-system-managers-that-devices-could-be-hacked/
The Federal Emergency Management Agency (FEMA) issued a warning this week to participants in the emergency alert system (EAS) that vulnerabilities can be used to allow threat actors to issue alerts over TV, radio, and cable networks. EAS allows the federal government, the president or state-level officials to send out emergency warnings about potential weather issues or AMBER alerts for missing children.
The alerts are typically sent over broadcast, cable, and satellite TV as well as radio channels and other outlets.
Tomi Engdahl says:
Fishy Business: What Are Spear Phishing, Whaling and Barrel Phishing?
https://securityintelligence.com/articles/what-is-spear-phishing-whaling-barrel-phishing/
For threat actors, phishing embodies the holy trinity of goals: easy, effective and profitable. Its no wonder that the 2022 X-Force Threat Intelligence Index reports that phishing was the top method used by attackers to breach an organization. Of all the attacks that X-Force remediated in 2021, attackers used phishing in 41% of them. Because phishing is so successful, it has taken on a life of its own with numerous variants. Take a look at three trending types and how to prevent them.
Tomi Engdahl says:
FCC warns of steep rise in phishing over SMS https://blog.malwarebytes.com/social-engineering/2022/08/fcc-warns-of-steep-rise-in-phishing-over-sms/
After the FCC (Federal Communications Commission) made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or robotexts (FCCs own terminology), is a form of phishing that attempts to trick people into handing over their personally identifiable information (PII) and/or money using SMS instead of email, which standard phishing usually starts.
Tomi Engdahl says:
How To Hack Web Applications in 2022: Part 2 https://labs.detectify.com/2022/08/05/how-to-hack-web-applications-in-2022/
TL/DR: Web applications have both authentication and authorization as key concepts and if bypassed by an attacker, it can compromise sensitive data. With threats such as SSRF, business logic vulnerabilities, CSRFs and directory traversals etc, its important for security teams to stay ahead of the curve. Ethical hacker Luke Hakluke Stephens details on how you can hijack web applications before attackers do.
Tomi Engdahl says:
A Journey to Network Protocol Fuzzing Dissecting Microsoft IMAP Client Protocol https://www.fortinet.com/blog/threat-research/analyzing-microsoft-imap-client-protocol
In networking, a protocol is a set of rules that defines standard formats and processes for interpreting raw data sent by computers.
Network protocols are like a common language for computers. The computers within a network may use vastly different software and hardware; however, protocols enable them to communicate with each other regardless. Many network protocols on the Internet serve different purposes, some of which can be complex and sophisticated.
Because of their inherent complexity, security vulnerabilities in network applications are inevitable. ecurity holes in network applications often yield a more significant security impact as compared to other attack vectors, as adversaries may be able to leverage those vulnerabilities to gain remote code execution status on vulnerable computers without any user interactions.
Tomi Engdahl says:
Hi, I’ll be your ransomware negotiator today but don’t tell the crooks that https://www.theregister.com/2022/08/06/interview_ransomware_negotiator/
The first rule of being a ransomware negotiator is that you don’t admit you’re a ransomware negotiator at least not to LockBit or another cybercrime gang. Instead, these negotiators portray themselves as simply company representatives, said Drew Schmitt, a professional ransomware negotiator and principal threat analyst at cybersecurity firm GuidePoint Security. “The biggest reason is because most ransomware groups specifically and explicitly say: ‘We don’t want to work with a negotiator. If you do bring a negotiator to the table, we’re just going to post your stuff anyway,’” Schmitt told The Register. Hence the need to masquerade as a regular employee.
Tomi Engdahl says:
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem https://www.darkreading.com/risk/ransomware-explosion-thriving-dark-web-ecosystem
The underground economy is booming fomented by a surging and evolving ransomware sector. The Dark Web now has hundreds of thriving marketplaces where a wide variety of professional ransomware products and services can be had at a variety of price points. Researchers from Venafi and Forensic Pathways analyzed some 35 million Dark Web URLs including forums and marketplaces between November 2021 and March
2022 and uncovered 475 webpages filled with listings for ransomware strains, ransomware source code, build and custom-development services, and full-fledged ransomware-as-a-service (RaaS) offerings.
Tomi Engdahl says:
Resolving Availability vs. Security, a Constant Conflict in IT https://thehackernews.com/2022/08/resolving-availability-vs-security.html
Conflicting business requirements is a common problem and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn’t always easy though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure systems that are harder to breach. However, security can come at the expense of availability and vice versa. In this article, we’ll look at the availability vs. security conflict, and a solution that helps to resolve that conflict.
Tomi Engdahl says:
Reitittimissä ennätysmäärä reikiä
https://etn.fi/index.php?option=com_content&view=article&id=13816&via=n&datum=2022-08-02_15:52:32&mottagare=30929
Atlas VPN:n esittämät tiedot paljastavat, että reitittimen haavoittuvuudet ovat nousseet ennätyskorkeuksille muutaman viime vuoden aikana. Reitittimen tietoturvapuutteet ovat vaarallisia, koska ne voivat altistaa yksilöt ja yritysverkot kyberturvallisuusvaaroille, kuten hakkeroinnille, tietomurroille, taloudellisille petoksille, teollisuusvakoilulle ja muille.
Tomi Engdahl says:
Bye bye! It’s Finally the End of Life of Java 7
https://coderoasis.com/java-7-end-of-life/
Tomi Engdahl says:
30 Ways to Validate Configuration Files or Scripts in Linux
https://www.tecmint.com/check-configuration-files-linux/
17 Powerful Penetration Testing Tools The Pros Use
https://phoenixnap.com/blog/best-penetration-testing-tools
Tomi Engdahl says:
Linux-viruksia enemmän kuin koskaan aikaisemmin
https://etn.fi/index.php?option=com_content&view=article&id=13804&via=n&datum=2022-07-29_13:10:40&mottagare=31202
Tietoturvassa on aina ollut vallalla kaksi myyttiä, joiden mukaan Linuxilla ja macOS:llä ei ole haittaohjelmia. Kumpikaan ei pidä paikkaansa. Linuxin osalta AtlasVPN:n uusi tilasto osoittaa, että haittaohjelmien määrä on alustalla selvässä kasvussa.
Atlas VPN:n lukujen mukaan uusien Linux-haittaohjelmien määrä nousi ennätyskorkeaksi vuoden 2022 ensimmäisellä puoliskolla. Uusia Linux-haittojen näytteitä löydettiin lähes 1,7 miljoonaa. Viime vuonna löydettiin samaan aikaan 226 324 näytettä, joten määrä kasvoi lähes 650 prosenttia.
Jos tarkastellaan uusien Linux-haittaohjelmien löydöksiä vuosineljänneksittäin, tämän vuoden ensimmäisellä neljänneksellä ne putosivat 2 prosenttia vuoden 2021 viimeisen neljänneksen luvuista. Silti uusien Linux-haittaohjelmanäytteiden kumulatiivinen määrä vuoden 2022 ensimmäisellä puoliskolla oli 31 prosenttia suurempi kuin tällaisten näytteiden määrä koko vuonna 2021.
Itse asiassa pelkästään tämän vuoden ensimmäisellä puoliskolla löydettiin enemmän uusia Linux-haittaohjelmia kuin koskaan. Esimerkiksi huhtikuussa Linuxille löytyi 400 931 uutta haittaa.
Tomi Engdahl says:
Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants: Cybersecurity professionals from Google’s threat hunting unit and the University of Toronto’s Citizen Lab are upping the pressure on mercenary hacking firms selling high-end surveillance spyware with fresh calls for the U.S. government to urgently clamp down on these businesses
https://www.securityweek.com/cybersecurity-growth-investment-flat-ma-activity-strong-2022
Tomi Engdahl says:
Cybersecurity Growth Investment Flat, M&A Activity Strong for 2022: Global markets have suffered following the first Covid-19 pandemic and the Russian invasion of Ukraine – but sales of cybersecurity software have remained strong. VC investment in cybersecurity has adapted to the world economy rather than stalled. Read More
https://www.securityweek.com/cybersecurity-growth-investment-flat-ma-activity-strong-2022
Tomi Engdahl says:
House Passes Cybersecurity Bills Focusing on Energy Sector, Information Sharing: The House has passed two cybersecurity bills: the Energy Cybersecurity University Leadership Act and the RANSOMWARE Act. Read More
https://www.securityweek.com/house-passes-cybersecurity-bills-focusing-energy-sector-information-sharing
Tomi Engdahl says:
Microsoft: Attackers Increasingly Using IIS Extensions as Server Backdoors: Microsoft warns organizations of an uptick in malicious IIS extensions deployed as covert backdoors on Exchange servers. Read More
https://www.securityweek.com/microsoft-attackers-increasingly-using-iis-extensions-server-backdoors
Tomi Engdahl says:
Suomeen kohdistuvien kyberhyökkäysten määrä ei noussutkaan kevään aikana, mutta Nato-jäsenyys voi lisätä uhkaa
https://yle.fi/uutiset/3-12525317
Suomeen kohdistuvien kyberhyökkäysten määrä pysyi normaalina kuluneen kevään aikana. Ukrainan sodan ja Suomen Nato-jäsenyyshakemuksen ennakoitiin lisäävän Suomeen kohdistuvaa kybervaikuttamista, mutta kyberhyökkäysten määrä ei lisääntynytkään odotetulla tavalla.
Suojelupoliisin mukaan Suomen Nato-prosessin nopeus saattoi yllättää Venäjän, mikä voi selittää vaikuttamisyritysten niukkuutta.
Kyberturvallisuuskeskuksen yksikön päällikön Janne Allosen mukaan kyberhyökkäysten määrän kasvuun varauduttiin muuttuneen maailmantilanteen vuoksi. Mekin varauduimme jonkinlaiseen muutokseen Ukrainan sodan ja Nato-jäsenyysprosessin myötä, mutta tilanne on itse asiassa kybermaailmassa hyvinkin normaali tällä hetkellä. Siellä ei näyttäisi olevan mitään isompaa poikkeavuutta, Allonen sanoo.
Tomi Engdahl says:
Teleyhtiöt kommentoivat: Näin tietosi voivat päätyä piratismikirjeiden lähettäjille https://www.is.fi/digitoday/tietoturva/art-2000008932114.html
Korkein oikeus (KKO) päätyi tällä viikolla antamassaan ratkaisussa siihen, että teleoperaattoreita voidaan velvoittaa luovuttamaan piratismista epäiltyjen internet-käyttäjien yhteystietoja. KKO:n tulkinta on päinvastainen kuin markkinaoikeuden kanta vuonna 2017.
Markkinaoikeus linjasi tuolloin, ettei teleoperaattorin tarvinnut luovuttaa elokuvaa jakaneen internet-käyttäjän tunnistetietoja.
Käytännössä KKO:n päätös tarkoittaa vertaisverkoissa tehtävän valvonnan lisääntymistä, tietopyyntöjä teleoperaattoreille ja korvauksia vaativien tekijänoikeuskirjeiden lähettämistä. Sekä DNA, Elisa että Telia painottavat kuitenkin, että mitään tietoja ei luovuteta ilman oikeuden päätöstä.
Tomi Engdahl says:
Cybercriminals are targeting law enforcement agencies worldwide https://resecurity.com/blog/article/cybercriminals-are-targeting-law-enforcement-agencies-worldwide
Resecurity registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking e-mail accounts belonging to law enforcement officers, their aim is to leverage the accounts for further malicious purposes.
Typically, they leverage social engineering tactics, however one of the recent trends is to address fake subpoenas and so called EDR’s (Emergency Data Requests) to major technology companies and online-services such as Apple, Facebook (Meta), Snapchat, Discord to maliciously collect sensitive information about their targets. Threat actors are looking for billing history, geographical location, phone calls, text history, and other sensitive details which could be used to leverage extortion or cyberespionage purposes. Such incidents have become especially notable in cybercriminal group activities such as LAPSUS$ and Recursion Group.
Tomi Engdahl says:
Apache “Commons Configuration” patches Log4Shell-style bug what you need to know https://nakedsecurity.sophos.com/2022/07/08/apache-commons-configuration-toolkit-patches-log4shell-like-bug/
Remember the Log4Shell bug that showed up in Apache Log4j late in 2021? Logfiles are a vital part of development, debugging, record keeping, program monitoring, and, in many industry sectors, of regulatory compliance. Unfortunately, not all text you logged even if it was sent in by an external user, for example as a username in a login form was treated literally. Recently, we saw a similar sort of bug called Follina, which affected Microsoft Windows. Well, the bug CVE-2022-33980, which doesn’t have a catchy name yet, is a very similar sort of blunder in the Apache Commons Configuration toolkit.
Tomi Engdahl says:
GraphQL vs gRPC: Which One Creates More Secure APIs?
https://www.trendmicro.com/en_us/devops/22/g/graphql-vs-grpc.html
An application programming interface (API), the intermediary that allows applications to communicate with each other, has become a standard component in the development process. As there are several frameworks that can be used to build APIs, GraphQL and gRPC have emerged as the two most prevalent solutions. As alternatives to the nearly ubiquitous representational state transfer (REST) framework, GraphQL and gRPC both provide enhanced capabilities over older frameworks, handling thousands of requests easily due to their batching and scaling capabilities. But with these new, more efficient methods of building APIs comes a level of cyber risk. This article compares the security capabilities of GraphQL and gRPC. You’ll obtain expert insight into how each performs authentication and authorization while exploring both solutions’ common attack vectors and potential vulnerabilities. You’ll also obtain suggestions for mitigating risks, helping you determine which solution provides the most robust security.
Tomi Engdahl says:
PyPI mandates 2FA for critical projects, developer pushes back https://www.bleepingcomputer.com/news/security/pypi-mandates-2fa-for-critical-projects-developer-pushes-back/
On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of “critical”
projects. Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the “critical” status assigned to his project.
Tomi Engdahl says:
Practical Approach on Securing Web Sessions https://quercialabs.com/blog/securing-web-sessions/
One student sent us an email and asked “why most of websites implements a session id that seems to be a content hashed?”. Well, it’s important to discuss at this time why protecting session id must be done, and how it is evolved. The obligatory disclaimer: like any security advice from someone who does not know the specifics of your own system, this is for educational purposes only. Information security is a complex and very specific area and if you are concerned about the security of your system you should hire an expert that can review your system along with a threat analysis and provide the appropriate advice.
Tomi Engdahl says:
How Shady Code Commits Compromise the Security of the Open-Source Ecosystem https://www.trendmicro.com/en_us/research/22/g/how-shady-code-commits-compromise-the-security-of-the-open-sourc.html
In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community. Traditionally, concerns over open-source code security have revolved around whether or not open-source code could contain vulnerabilities, backdoors, or hidden malicious code. In recent months, however, we have observed a growth in a particular trend: Open-source code is being subjected to modifications to its functionality to express political protest. While this activity is not new and has been seen in the past, the recent geopolitical situation has divided the open-source community: Some support the trend, while others prefer that the open-source ecosystem remain apolitical, as protestware could jeopardize the trustworthiness of open-source software as a whole.
Tomi Engdahl says:
Text-based fraud: from 419 scams to vishing https://securelist.com/mail-text-scam/106926/
E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are talking about text-based fraud. Attackers of this kind do not carefully imitate the appearance of e-mails from major companies, do not redirect the victim to a fake site, do not obfuscate links and do not even use them. Their main tool and method of persuasion is old-fashioned text. And it works surprisingly often.
Tomi Engdahl says:
Top Threats You Need to Know to Defend Your Cloud Environment https://www.crowdstrike.com/blog/adversaries-increasingly-target-cloud-environments/
As organizations move critical applications and data to the cloud, these resources have come under increasing attack. Adversaries view cloud environments as soft targets and continue to refine tactics and tradecraft to exploit the vulnerabilities and misconfigurations within them. In “Protectors of the Cloud: Combating the Rise in Threats to Cloud Environments, ” we outline common attack vectors adversaries use to breach cloud environments, including credential theft, vulnerability exploitation, abuse of cloud service providers, exploitation of misconfigured image containers, and use of cloud services for hosting malware and command and control.
Tomi Engdahl says:
Microsoft: Windows Autopatch is now generally available https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-is-now-generally-available/
Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting today. Windows Autopatch was first announced in April when Microsoft said it would be available for free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater starting July 2022 (it reached public preview in early June).
This new service automatically manages the deployment of Windows 10 and Windows 11 quality and feature updates, as well as driver, firmware, and Microsoft 365 Apps for enterprise updates. On enrolled tenants, Windows Autopatch moves the update orchestration from organizations to Microsoft, with the burden of planning the entire Update process (including rollout and sequencing) no longer on the IT teams.
Tomi Engdahl says:
Ransomware gang now lets you search their stolen data https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/
Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data. The new tactic consists in adding a search function on the leak site to make it easier to find victims or even specific details. At least two ransomware operations and a data extortion gang have adopted the strategy recently and more threat actors are likely to do the same. Last week, the ALPHV/BlackCat ransomware operation announced that they created a searchable database with leaks from non-paying victims. Towards the end of last week, BleepingComputer noticed that LockBit offered a redesigned version of their data leak site that allowed searching for listed victim companies.
5 Essential Steps for Every Ransomware Response Plan https://securityintelligence.com/posts/5-essential-steps-every-ransomware-response-plan/
Ransomware is a severe threat, no matter the season. For over three years, ransomware has been the most prevalent cybersecurity attack type, as the IBM Security X-Force Threat Intelligence Index 2022 notes. The average cost of a ransomware breach is $4.62 million, including lost revenue and response expenses, according to the Cost of a Data Breach Report. That sum excludes the ransom itself, which can run into the millions. While it’s critical to focus on prevention, companies also need to strategize in advance for a possible attack.