Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
KOLUMNI: VARAUTUMINEN ON VIISAUTTA – MITÄ JUURI MINÄ VOIN TEHDÄ?
https://www.kokonaisturvallisuusmessut.fi/fi/kolumni/kolumni-varautuminen-on-viisautta-mita-juuri-mina-voin-tehda/
https://www.kokonaisturvallisuusmessut.fi/fi/program/kyberturvallisuus-taman-paivan-turvallisuuspolitiikassa-ja-ukrainan-sodassa/
Tomi Engdahl says:
How to Prevent the Internet from Tracking You
Follow these steps to completely disappear from the online world.
https://www.gearpatrol.com/tech/a569492/how-to-prevent-the-internet-from-tracking-you/
Tomi Engdahl says:
https://pentestmag.com/the-unique-challenges-of-securing-apis/
Tomi Engdahl says:
Microsoft: The deadline to get off Basic Auth is approaching
Exchange Online face Halloween deadline
https://www.theregister.com/2022/09/05/microsoft_basic_auth_deadline/
Tomi Engdahl says:
https://pentestmag.com/title-defence-vs-control-understanding-the-optimal-approach-to-your-cloud-security/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-tips-to-secure-the-software-supply-chain/
Tomi Engdahl says:
Tältä näyttää puhelinsovellus, jolla voi ensi vuonna todistaa henkilöllisyytensä – asiantuntijan mukaan tietosuojahuolet ovat turhia
Jatkossa henkilöllisyytensä voi todistaa suoraan puhelimesta. Uudistuksen myötä sähköinen tunnistautuminen myös ilman pankkitunnuksia on mahdollista. Digitaalinen henkilöllisyystodistus vahvistaa ihmisten valtaa omiin tietoihinsa.
https://yle.fi/uutiset/3-12584973
Tomi Engdahl says:
ETHERLED: Air-gapped systems leak data via network card LEDs
https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/
Tomi Engdahl says:
One last piece of advice: Buy a YubiKey
https://www.androidpolice.com/ryne-hager-goodbye/#Echobox=1660945751
Tomi Engdahl says:
https://timopertila.com/2018/08/20/joka-kodin-alylukko-yale-doorman/
Tomi Engdahl says:
NSA and CISA share tips to secure the software supply chain
https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-tips-to-secure-the-software-supply-chain/
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released tips today on securing the software supply chain.
This guidance is designed by the Enduring Security Framework (ESF)—a public-private partnership that works to address threats to U.S. critical infrastructure and national security systems—to serve as a collection of suggested practices for software developers.
“Securing the Software Supply Chain for Developers was created to help developers achieve security through industry and government-evaluated recommendations,” the Department of Defense’s intelligence agency said.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/
Tomi Engdahl says:
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
Tomi Engdahl says:
Common Attacks on SSL/TLS – and How to Protect Your System
https://www.freecodecamp.org/news/attacks-on-ssl-tls-and-how-to-protect-your-system/
Tomi Engdahl says:
Organizations are spending billions on malware defense that’s easy to bypass
Two of the simplest forms of evasion are surprisingly effective against EDRs.
https://arstechnica.com/information-technology/2022/08/newfangled-edr-malware-detection-generates-billions-but-is-easy-to-bypass/
Tomi Engdahl says:
https://www.cnbc.com/2022/07/16/most-common-password-mistakes-hackers-love-to-see-you-make-says-tech-security-expert.html#Echobox=1661734071
Tomi Engdahl says:
https://www.theregister.com/2022/08/30/microsoft_windows_server_compression/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2022/08/newfangled-edr-malware-detection-generates-billions-but-is-easy-to-bypass/
Tomi Engdahl says:
Here’s How Long Your Wireless Carrier Holds on to Your Location Data
AT&T keeps cell-site location information for up to five years; Verizon drops it after one.
https://uk.pcmag.com/old-wireless-carriers/142352/heres-how-long-your-wireless-carrier-holds-on-to-your-location-data
Tomi Engdahl says:
Google Play to ban Android VPN apps from interfering with ads
Developers say this is not the privacy protection it’s made out to be
https://www.theregister.com/2022/08/30/google_play_vpn_rules_changed/
Tomi Engdahl says:
Huoltovarmuuden tilannekuva: Huoltovarmuuden kannalta tilanne ennallaan https://www.huoltovarmuuskeskus.fi/a/huoltovarmuuden-tilannekuva-huoltovarmuuden-kannalta-tilanne-ennallaan
Tilannekuvassa ei ole tapahtunut suuria muutoksia kahden viikon takaiseen. Yleisesti korostuvat huoli kiihtyvästä inflaatiosta ja energian hinnasta. Sähköjärjestelmän tilanne on normaali, mutta tulevana talvena sähkön tuotantotilanne on aiempaa epävarmempi, mikä aiheuttaa huolta yrityksissä.
Tomi Engdahl says:
Pankkitilin tyhjentävä haittaohjelma palasi erittäin vaikea tunnistaa https://www.is.fi/digitoday/tietoturva/art-2000009052032.html
ALKUVUONNA havaittu pankkihaittaohjelma Sharkbot on taas leviämässä, kertoo tietoturvayhtiö Fox-IT. Se havaitsi Androidin virallisesta sovelluskaupasta Google Playsta kaksi sovellusta, jotka pyrkivät lataamaan puhelimeen varsinaisen Sharkbot-haitakkeen. Sovellukset tekeytyvät puhelimen putsaajaksi tai virustorjunnaksi. Sovelluksilla on kymmeniä tuhansia latauksia. Puhelimessa Sharkbot pystyy esittämään omaa kuvaansa aitojen sovelluksien päällä. Se tarkoittaa, että pankkisovelluksen ollessa käynnissä Sharkbot voi jäljitellä verkkopankin sisäänkirjautumisnäkymää, jota voi olla vaikea erottaa aidosta. Tällä tavalla uhri tulee syöttäneeksi kirjautumistietonsa rikollisille. Alkup.
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Tomi Engdahl says:
Viron ex-presidentti lyttää podcastissa Euroopan verkkopuolustuksen ja Venäjän: “He ovat hyviä ihmisten tappamisessa, eivät muussa”
https://www.is.fi/digitoday/tietoturva/art-2000009054102.html
VIRON entinen presidentti Toomas Hendrik Ilves suomii kovin sanoin Euroopan kyberpuolustusta, jonka hän sanoo perustuvan täysin väärään ajattelutapaan. Ilves vieraili tietoturva-asiantuntijoiden Mikko Hyppösen ja Tomi Tuomisen vieraana näiden Herrasmieshakkerit-podcastissa.
Tomi Engdahl says:
Kyberrikolliset hyödyntävät pelien suosiota näin pelaajat astuvat ansaan https://www.kauppalehti.fi/uutiset/kyberrikolliset-hyodyntavat-pelien-suosiota-nain-pelaajat-astuvat-ansaan/d9576a0f-e22e-44ac-ad11-25c09c0b74ce
Tietoturvayhtiö Kasperskyn tutkijat ovat havainneet, että kyberrikolliset käyttävät mielellään pelien suosiota levittäessään haittaohjelmia. Konnat saastuttavat peleihin tavalla tai toisella liittyviä paketteja, kuten modeja, huijaustyökaluja, apuohjelmia sekä piratoituja versioita, ja laittavat ne pelaajien löydettäväksi.
Bleeping Computer kertoo, että vuoden aikana, 7/20217/2022, haitakkeita levitettiin etenkin Minecraftiin liittyvien tiedostojen kautta. Minecraftiin liittyvien pakettien osuus haittaohjelmien leviämisessä oli 25 prosenttia.
Tomi Engdahl says:
Ransomware gangs switching to new intermittent encryption tactic https://www.bleepingcomputer.com/news/security/ransomware-gangs-switching-to-new-intermittent-encryption-tactic/
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a valid decryptor+key.
Tomi Engdahl says:
Ethical AI, Possibility or Pipe Dream?
https://www.securityweek.com/ethical-ai-possibility-or-pipe-dream
Coming to a global consensus on what makes for ethical AI will be difficult. Ethics is in the eye of the beholder.
Ethical artificial intelligence (ethical AI) is a somewhat nebulous term designed to indicate the inclusion of morality into the purpose and functioning of AI systems. It is a difficult but important concept that is the subject of governmental, academic and corporate study. SecurityWeek talked to IBM’s Christina Montgomery to seek a better understanding of the issues.
Montgomery is IBM’s chief privacy officer (CPO), and chair of the IBM AI ethics board. On privacy, she is also an advisory council member of the Center for Information Policy Leadership (a global privacy and data policy think tank), and an advisory board member of the Future of Privacy Forum. On AI, she is a member of the U.S. Chamber of Commerce AI Commission, and a member of the National AI Advisory Commission.
Privacy and AI are inextricably linked. Many AI systems are designed to pass ‘judgment’ on people and are trained on personal information. It is fundamental to a fair society that privacy is not abused in teaching AI algorithms, and that ultimate judgments are accurate, not misused, and free of bias. This is the purpose of ethical AI.
But ‘ethics’ is a difficult concept. It is akin to a ‘moral compass’ that fundamentally does not exist outside of the viewpoint of each individual person. It differs between cultures, nations, corporations and even neighbors, and cannot have an absolute definition. We asked Montgomery, if you cannot define ethics, how can you produce ethical AI?
“There are different perceptions and different moral compasses around the world,” she said. “IBM operates in 170 countries. Technology that is acceptable in one country is not necessarily acceptable in another country. So, that’s the base line – you must always conform to the laws of the jurisdiction in which you operate.”
Tomi Engdahl says:
Dead or Alive? An Emotet Story
https://thedfirreport.com/2022/09/12/dead-or-alive-an-emotet-story/
n this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started very soon after the initial compromise. The threat actors began enumerating the network once Emotet deployed a Cobalt Strike beacon on the beachhead host. After three days of discovery and lateral movement, the threat actors exfiltrated sensitive data using Rclone before leaving the network.
Tomi Engdahl says:
It-järjestelmien kehittämiseen tarvitaan uusia työkaluja “Pilvenpiirtäjää yritetään rakentaa vasaralla ja lapiolla”
https://www.tivi.fi/uutiset/tv/d7dccd09-32f2-4753-9679-de9db9d84c43
Ruotsissa kyberturvallisuuden avainhenkilöihin kuuluva Pontus Johnson peräänkuuluttaa uusia työkaluja, sillä turvallisten it-järjestelmien kehittäminen ei onnistu nykyisillä välineillä. Johnson toimii Tukholman Kuninkaallisen teknillisen korkeakoulun eli KTH:n (Kungliga Tekniska Högskolan) professorina. Tietojärjestelmät vuotavat hänen mukaansa kuin seula ennen kuin uusia välineitä on saatavilla. Ja joudumme elämään asian kanssa.
Tomi Engdahl says:
Kiero hyökkäys työpuhelimeen vei 37000 euroa vakuutus ei korvannut https://www.is.fi/digitoday/tietoturva/art-2000009063794.html
Kuka korvaa vahingon, kun työpuhelimen liittymä kaapataan ja pankkitilit tyhjennetään? Ainakin tuoreessa tapauksessa uhri itse.
Vakuutus- ja rahoitusneuvonta FINE käsitteli tapausta, jossa nimeämättömän yrityksen hallituksen puheenjohtaja kärsi niin sanotusta sim swapping -hyökkäyksestä. Siinä rikolliset hankkivat sim-kortin uhrin nimissä ja pääsevät tällä tavalla käsiksi uhrin pankkitileihin.
Puheenjohtaja katsoi, että hänen yrityksensä vastuuvakuutuksen tulisi kattaa maksuvälinepetoksen vahingot, kaikkiaan 37000 euroa. Perusteena on se, että vahinko on johtunut yrityksen omistamasta puhelimesta.
Vakuutusyhtiö puolestaan päätti vuosi sitten syyskuussa, että vahinkoa ei korvata vastuuvakuutuksesta. Vakuutuksen rajoitusehdon mukaan vakuutuksesta ei korvata rahallista menetystä, joka ei liity esine- tai henkilövahinkoon.
Tomi Engdahl says:
Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomo
In mid-2022, TA453 deployed a social engineering impersonation technique informally called Multi-Persona Impersonation in which the threat actor uses at least two actor-controlled personas on a single email thread to convince targets of the legitimacy of the campaign.
This is an intriguing technique because it requires more resources be used per targetpotentially burning more personasand a coordinated approach among the various personalities in use by TA453. This is the latest in TA453′s evolution of its techniques and can be mitigated in large part by potential targets, such as those specializing in Middle Eastern affairs or nuclear security, by being cautious when they receive outreach from unexpected sources, even those that appear legitimate.
Tomi Engdahl says:
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks https://thehackernews.com/2022/09/asian-governments-and-organizations.html
Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. “A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as DLL side-loading, ” the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. The campaign is said to be exclusively geared towards government institutions related to finance, aerospace, and defense, as well as state-owned media, IT, and telecom firms.
Tomi Engdahl says:
New PsExec spinoff lets hackers bypass network security defenses https://www.bleepingcomputer.com/news/security/new-psexec-spinoff-lets-hackers-bypass-network-security-defenses/
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135. PsExec is designed to help administrators execute processes remotely on machines in the network without the need to install a client. Threat actors have also adopted the tool and are frequently using it in post-exploitation stages of an attack to spread on the network, run commands on multiple systems, or deploy malware.
Tomi Engdahl says:
Letting off steam
https://blog.group-ib.com/steam
“I want to tell you the story of how I was scammed and lost my Steam account, including more than 100 games bought and donations totaling more than $200.” Or, “I spent hundreds of dollars on my Steam account and bought at least 20 games, some with add-ons.”. There are dozens if not hundreds of similar stories. In July alone, CERT-GIB specialists identified more than 150 fraudulent resources mimicking Steam, a major online gaming platform. To steal Steam credentials, hackers have been using a new phishing technique called browser-in-the-browser, which tricks users into thinking that a fake webpage is a legal resource.
Tomi Engdahl says:
Use-after-freedom: MiraclePtr
https://security.googleblog.com/2022/09/use-after-freedom-miracleptr.html
Memory safety bugs are the most numerous category of Chrome security issues and we’re continuing to investigate many solutions both in C++ and in new programming languages. The most common type of memory safety bug is the “use-after-free”. We recently posted about an exciting series of technologies designed to prevent these. Those technologies (collectively, *Scan, pronounced “star scan”) are very powerful but likely require hardware support for sufficient performance. Today we’re going to talk about a different approach to solving the same type of bugs.
Tomi Engdahl says:
OriginLogger: A Look at Agent Tesla’s Successor https://unit42.paloaltonetworks.com/originlogger/
On March 4, 2019, one of the most well-known keyloggers used by criminals, called Agent Tesla, closed up shop due to legal troubles.
In the announcement message posted on the Agent Tesla Discord server, the keylogger’s developers suggested people switch over to a new
keylogger: “If you want to see a powerful software like Agent Tesla, we would like to suggest you OriginLogger. OriginLogger is an AT-based software and has all the features.” OriginLogger is a variant of Agent Tesla. As such, the majority of tools and detections for Agent Tesla will still trigger on OriginLogger samples. In this blog, I will cover the OriginLogger keylogger malware, how it handles the string obfuscation for configuration variables and what I found when looking at the extracted configurations that allowed for better identification and further pivoting.
Tomi Engdahl says:
We’re Entering the Age of Unethical Voice Tech https://securityintelligence.com/articles/entering-age-unethical-voice-tech-deepfakes/
In 2019, Google released a synthetic speech database with a very specific goal: stopping audio deepfakes. “Malicious actors may synthesize speech to try to fool voice authentication systems, ” the Google News Initiative blog reported at the time. “Perhaps equally concerning, public awareness of “deep fakes” (audio or video clips generated by deep learning models) can be exploited to manipulate trust in media.”. Ironically, also in 2019, Google introduced the Translatotron artificial intelligence (AI) system to translate speech into another language. By 2021, it was clear that deepfake voice manipulation was a serious issue for anyone relying on AI to mimic speech. Google designed the Translatotron 2 to prevent voice spoofing.
Tomi Engdahl says:
3 Considerations When Aligning Organizational Structure to IT/OT Governance
https://www.securityweek.com/3-considerations-when-aligning-organizational-structure-itot-governance
Over the last few years, the majority of large enterprises have come a long way in defining their operational technology (OT) governance strategies and making meaningful advances in risk reduction. Technology innovations aside, the top success factors I’ve observed are the way in which governance programs are structured and executed. Most significant is the guiding principle that organizational structure drives strategy.
What do I mean by that?
In organizations with a significant cyber-physical systems (CPS) footprint (e.g., manufacturing, oil & gas, and pharmaceutical), CISOs and their security teams need to collaborate with OT engineering teams to define and execute the OT strategy. And while most organizations have centralized governance and responsibility for OT cybersecurity under the CISO, the devil is in the details with respect to how they define and implement it.
The details of implementation and how the organization is structured fall along a spectrum – from less to more “control” for the security team. I’ve seen multiple variations work well, and believe the key is having a clear understanding of the boundaries and responsibilities for each team. There are at least three main aspects to consider when redesigning the organization or just working with what you’ve inherited, to create a strategy that allows you to reduce risk effectively. These include budget, implementation, and ongoing reporting
Tomi Engdahl says:
Spyware, Ransomware, Cryptojacking Malware Increasingly Detected on ICS Devices
https://www.securityweek.com/spyware-ransomware-cryptojacking-malware-increasingly-detected-ics-devices
Spyware, ransomware and cryptojacking malware have been increasingly detected on industrial control system (ICS) computers, according to data collected in the first half of 2022 by cybersecurity firm Kaspersky.
The data comes from ICS-related Windows devices protected by Kaspersky products, including HMIs, SCADA systems, historians, data gateways, engineering workstations, computers used for the administration of industrial networks, and devices used to develop software for industrial systems.
In the first half of 2022, Kaspersky products blocked malicious objects on nearly 32% of protected ICS devices, which is roughly the same as in the two previous years.
However, the total number of malware families exceeded 7,200 — this number was at approximately 5,000 in the past two years.
The most significant increase, roughly 3 percentage points, was seen for malicious scripts and phishing pages, as well as malicious documents.
According to Kaspersky data, the percentage of devices on which spyware was blocked has been steadily increasing since the first half of 2020. Spyware in this case includes trojans, backdoors and keyloggers.
Tomi Engdahl says:
What is Cyber Threat Hunting?
https://www.crowdstrike.com/cybersecurity-101/threat-hunting/
What is Proactive Threat Hunting?
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.
After sneaking in, an attacker can stealthily remain in a network for months as they quietly collect data, look for confidential material, or obtain login credentials that will allow them to move laterally across the environment.
Once an adversary is successful in evading detection and an attack has penetrated an organization’s defenses, many organizations lack the advanced detection capabilities needed to stop the advanced persistent threats from remaining in the network. That’s why threat hunting is an essential component of any defense strategy.
Threat Hunting Methodologies
falcon overwatch icon
Threat hunters assume that adversaries are already in the system, and they initiate investigation to find unusual behavior that may indicate the presence of malicious activity. In proactive threat hunting, this initiation of investigation typically falls into three main categories:
1. Hypothesis-driven investigation
Hypothesis-driven investigations are often triggered by a new threat that’s been identified through a large pool of crowdsourced attack data, giving insights into attackers’ latest tactics, techniques, and procedures (TTP). Once a new TTP has been identified, threat hunters will then look to discover if the attacker’s specific behaviors are found in their own environment.
2. Investigation based on known Indicators of Compromise or Indicators of Attack
This approach to threat hunting involves leveraging tactical threat intelligence to catalog known IOCs and IOAs associated with new threats. These then become triggers that threat hunters use to uncover potential hidden attacks or ongoing malicious activity.
3. Advanced analytics and machine learning investigations
The third approach combines powerful data analysis and machine learning to sift through a massive amount of information in order to detect irregularities that may suggest potential malicious activity. These anomalies become hunting leads that are investigated by skilled analysts to identify stealthy threats.
All three approaches are a human-powered effort that combines threat intelligence resources with advanced security technology to proactively protect an organization’s systems and information.
Tomi Engdahl says:
https://www.devo.com/resources/the-sans-2022-threat-hunting-report/?utm_source=securityweek&utm_medium=email&utm_campaign=2022_sans_threat_hunting_report
Tomi Engdahl says:
Check Point haluaa ehkäistä kyberiskut ennalta
https://etn.fi/index.php/13-news/14000-check-point-haluaa-ehkaeistae-kyberiskut-ennalta
Check Point haluaa ehkäistä kyberiskut ennalta
Julkaistu: 14.09.2022
Software
Tietoturvayritys Check Point Software on esitellyt uuden ratkaisu- ja palvelukokonaisuuden, jonka lähtökohtana on tietoturvapoikkeamien ennaltaehkäisy. Kolmesta eri ratkaisuista koostuvan Horizon-alustan tavoitteena on estää hyökkäykset ennen kuin ne ehtivät aiheuttaa vahinkoa.
Tarvetta uudenlaisille suojauksille on, sillä kyberuhkien maisema ei ole koskaan näyttänyt synkemmältä. Check Pointin puolivuotisraportti paljasti hiljattain 42 prosentin kasvun kyberhyökkäysten määrässä globaalisti, ja kiristyshaittaohjelmat ovat tällä hetkellä yritysten tärkein tietoturvauhka. Hyökkäysmäärät kasvavat samaan aikaan, kun organisaatioiden tietoturvatiimit kamppailevat rajoittaakseen hyökkäysten aiheuttamia vaurioita.
Tomi Engdahl says:
Check Point haluaa ehkäistä kyberiskut ennalta
https://etn.fi/index.php/13-news/14000-check-point-haluaa-ehkaeistae-kyberiskut-ennalta
Tietoturvayritys Check Point Software on esitellyt uuden ratkaisu- ja palvelukokonaisuuden, jonka lähtökohtana on tietoturvapoikkeamien ennaltaehkäisy. Kolmesta eri ratkaisuista koostuvan Horizon-alustan tavoitteena on estää hyökkäykset ennen kuin ne ehtivät aiheuttaa vahinkoa.
Tarvetta uudenlaisille suojauksille on, sillä kyberuhkien maisema ei ole koskaan näyttänyt synkemmältä. Check Pointin puolivuotisraportti paljasti hiljattain 42 prosentin kasvun kyberhyökkäysten määrässä globaalisti, ja kiristyshaittaohjelmat ovat tällä hetkellä yritysten tärkein tietoturvauhka. Hyökkäysmäärät kasvavat samaan aikaan, kun organisaatioiden tietoturvatiimit kamppailevat rajoittaakseen hyökkäysten aiheuttamia vaurioita.
Erillisten, siiloutuneiden tietoturvaratkaisujen tekemät toistuvat ja väärät hälytykset sekä kapea näkyvyys hyökkäysten toteuttamistapaan häiritsevät tietoturvatiimien työtä. Osaajapula vaikeuttaa tilannetta entisestään.
Organisaatioilla on nyt kriittinen tarve perustaa keskitetty tietoturvavalvomo (SOC, Security Operations Center). Valvomolla tulee olla kyky monitoroida ja etsiä tietoturvan uhkia sekä vastata poikkeamiin 24/7. Monille yrityksille valvomon ylläpito on kuitenkin liian monimutkaista ja kallista. SOC-palvelutarjonta ei myöskään ole tähän asti vastannut tarkoitustaan, koska se on keskittynyt vain hyökkäysten havaitsemiseen ja niihin reagoimiseen ennaltaehkäisyn sijasta.
Tähän ongelmaan Check Point tuo Horizonin. Se sisältää hallitun hyökkäysten ehkäisemisen ja niihin vastaamisen MDR/MPR-ratkaisun (Managed Prevention and Response), uusimmat ja edistyneimmät hyökkäykset tunnistavan XDR/XPR-ratkaisun (Extended Prevention and Response) sekä Events-työkalun, joka antaa reaaliaikaisen näkyvyyden kaikkiin tietoturvatyökaluihin.
Tomi Engdahl says:
https://www.totem.tech/nsa-free-dns-filtering-for-dod-contractors/ via Gadi Evron
99% of the defense industrial base should be using this. I also have doubts for the 1% not securing their DNS.
Tomi Engdahl says:
How to Do Malware Analysis?
https://thehackernews.com/2022/09/how-to-do-malware-analysis.html
Based on the findings of Malwarebytes’ Threat Review for 2022, 40 million Windows business computers’ threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs’ investigation and how to do malware analysis with a sandbox.
Malware analysis is a process of studying a malicious sample. During the study, a researcher’s goal is to understand a malicious program’s type, functions, code, and potential dangers. Receive the information organization needs to respond to the intrusion.
Tomi Engdahl says:
3 Considerations When Aligning Organizational Structure to IT/OT Governance
https://www.securityweek.com/3-considerations-when-aligning-organizational-structure-itot-governance
Tomi Engdahl says:
Bishop Fox Releases Open Source Cloud Hacking Tool ‘CloudFox’
https://www.securityweek.com/bishop-fox-releases-open-source-cloud-hacking-tool-cloudfox
Cybersecurity firm Bishop Fox has announced the release of CloudFox, an open source tool designed to help find exploitable attack paths in cloud infrastructure.
The command line tool has been created for penetration testers and other offensive security professionals.
CloudFox provides a collection of enumeration commands that make it easy to use even for people who are relatively new to cloud pentesting.
As of now it only works with AWS, but Bishop Fox also plans on adding support for Microsoft Azure, Google Cloud Platform, and Kubernetes.
“CloudFox is designed to be executed by a principal with limited read-only permissions, but its purpose is to help you find attack paths that can be exploited in simulated compromise scenarios (aka, objective based penetration testing),” Bishop Fox explained.
The tool can identify the regions used by the AWS account and the number of resources in common services, secrets in EC2 user data, the principal’s permissions, exposed endpoints or IPs, and file systems that can be mounted from a compromised resource from within the VPC.
Tomi Engdahl says:
https://github.com/BishopFox/cloudfox
Introducing: CloudFox
https://bishopfox.com/blog/introducing-cloudfox
CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS, but support for Azure, GCP, and Kubernetes is on the roadmap. Watch our video for a quick demonstration of how we might use CloudFox on our cloud penetration tests.
Tomi Engdahl says:
The Hacker Who Tried To Free The Internet
https://www.youtube.com/watch?v=VFIlYy9GuH0
In this video I talk about the history of free software through the lenses of a few different hackers
0:00 rms
7:36 torvalds
10:58 competition
12:53 snowden
15:41 free?
Tomi Engdahl says:
8 Things You Should Do Before Returning Your Work PC
BY
SANDRA DAWES-CHATHA
PUBLISHED 2 DAYS AGO
Before leaving your current job and returning your work computer, take these steps to protect your personal information.
https://www.makeuseof.com/things-to-do-before-returning-work-pc/?utm_medium=Social-Distribution&utm_campaign=Echobox&utm_source=Facebook#Echobox=1663149983
Tomi Engdahl says:
Vahvan sähköisen tunnistuksen luotettavuudesta ja turvallisuudesta huolehditaan Suomessa monin tavoin https://www.epressi.com/tiedotteet/telekommunikaatio/vahvan-sahkoisen-tunnistuksen-luotettavuudesta-ja-turvallisuudesta-huolehditaan-suomessa-monin-tavoin.html
Sähköisen tunnistuksen luotettavuus ja turvallisuus ovat herättäneet paljon keskustelua S-Pankin kerrottua julkisuuteen häiriöstä, joka mahdollisti vahvan sähköisen tunnistuksen väärinkäytön huhtikuusta
2022 elokuun 2022 alkuun. Julkisuudessa on tämän johdosta esiintynyt huolta vahvan sähköisen tunnistuksen luottamuksen ja turvallisuuden tasosta. Yksikään tietojärjestelmä ei ole 100 % turvallinen, mutta vahva sähköinen tunnistaminen ja rekisteröidyt tunnistuspalvelut ovat kuitenkin tarkasti säänneltyjä ja valvottuja.