Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
https://www.spiderfoot.net/uncovering-a-fake-recruiter-scam/
Tomi Engdahl says:
https://hackaday.com/2022/10/10/hacking-google-with-plasma/
Google recently made some videos to highlight cybersecurity. The video below is episode three, and it tells an interesting story about the first crash test dummy. However, the really interesting part is the story about a USB plasma globe built to hack into computers. One of the people who built that globe tells the story of its insides in a recent blog post that has a bit more technical detail.
https://lcamtuf.coredump.cx/plasma_globe/
Luckily, there is a simple back channel to talk to the keyboard once you have a shell on the machine: the OS can instruct the keyboard to toggle its standard LEDs (Num Lock, Scroll Lock, Caps Lock). So, our secret protocol involved the host toggling Scroll Lock five times within one second. On Linux, it was as simple as xset led named ‘Scroll Lock’; on Windows, you had ActiveXObject(“WScript.Shell”).SendKeys(“{scrolllock}”). Either way, upon the receipt of this confirmation code, the plasma globe would set a bit in its EEPROM and go dormant forever… well, OK – until reflashed.
It worked; the Google video tells the rest of the story (even though it gets some small details wrong). As for potential mitigations, see https://github.com/google/ukip
EP003: Red Team | HACKING GOOGLE
https://www.youtube.com/watch?v=TusQWn2TQxQ
Tomi Engdahl says:
Automotive Security Threats Are More Critical Than Ever
https://www.securityweek.com/automotive-security-threats-are-more-critical-ever
We’ve all marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast on our phone through our car’s speakers.
The automotive industry continues to innovate, bringing connectivity to vehicles in new ways from the cockpit to the engine. These new tools change the way people drive and view their cars. An automobile is no longer just for transportation from point A to point B, but cars are rolling data centers that transmit a wealth of actionable intelligence to the networks and systems around them. However, that same information is also a valuable commodity to hackers – who are looking to steal it at any cost.
According to Statista, it is projected that by 2025, there will be over 400 million connected cars in operation, up from some 237 million in 2021. That growth brings risk, and so it’s particularly important that we have the ability to secure connected cars from cybersecurity threats.
To ensure proper security, automotive OEMs and suppliers must:
• Establish an incident response plan. Every device company needs best practices to include protocols for recovering from cyber threats and patching vulnerabilities. They should be able to communicate with car owners, dealers, and other manufacturers to prepare, find, fix and close any issues that arise. These guidelines are largely covered by the adoption of a CSMS which is outlined in the International Standards Organization/Society of Automotive Engineering (ISO/SAE) 21434 standards and mandated by UN R155.
• Collaborate with appropriate parties. As with IT systems, no one technology product works in isolation. Connected car device manufacturers must have open lines with other providers to share security best practices and send alerts of potential vulnerabilities.
• Manage and assess risk. Not all cybersecurity threats pose the same threat level. Device makers need to be aware of all dangers and treat those that could lead to safety and data security issues. This process can help automakers identify and protect the most critical assets to ensure the vehicle’s integrity. This is also covered by the adoption of a CSMS as outlined by ISO/SAE 21434 and mandated by UN R155.
• Bake security into the design process and entire automotive ecosystem. With the risk of vulnerabilities now better understood, cybersecurity must be a top priority for the entire automotive ecosystem including the car, the network communications, the cloud services, and the connected apps on your phone.
Tomi Engdahl says:
How the US Government is Fighting Back Against Ransomware https://securityintelligence.com/articles/us-gov-fighting-ransomware/
As ransomware-related payments surged toward $600 million in the first half of 2021, the U.S. government knew it needed to do more to fight back against cyber criminals.
Tomi Engdahl says:
USA laittoi Kiinalle tiukat sirurajoitukset voi vaikuttaa myös puhelimiin https://www.is.fi/digitoday/art-2000009126800.html
YHDYSVALTAIN kauppaministeriö määräsi perjantaina merkittäviä rajoituksia puolijohteiden ja mikrosirujen valmistuksessa tarvittavan teknologian vientiin kiinalaisille asiakkaille.
Tomi Engdahl says:
Pankki syytti uhreja, kun pariskunta menetti huijarille 45 000 euroa
https://yle.fi/uutiset/74-20000848
Pankit ja huijatut riitelevät yhä useammin siitä, kuka maksaa vahingot. Satakuntalainen perhe sai tästä katkeran oppitunnin.
Tomi Engdahl says:
Kyberturvallisuus ei hetkauta nuoria aikuisia “nuorille sota on historiallisesti etäinen ajanjakso”
https://www.tivi.fi/uutiset/tv/7ab73d4f-0f92-471d-a78e-bdb6b4c96525
Deloitten teettämästä selvityksestä käy ilmi, että muuttunut maailmantilanne on saanut suomalaiset kiinnostumaan kyberturvallisuudesta.
Tomi Engdahl says:
Automotive Security Threats Are More Critical Than Ever
https://www.securityweek.com/automotive-security-threats-are-more-critical-ever
We’ve all marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast on our phone through our car’s speakers.
The automotive industry continues to innovate, bringing connectivity to vehicles in new ways from the cockpit to the engine. These new tools change the way people drive and view their cars. An automobile is no longer just for transportation from point A to point B, but cars are rolling data centers that transmit a wealth of actionable intelligence to the networks and systems around them. However, that same information is also a valuable commodity to hackers – who are looking to steal it at any cost.
According to Statista, it is projected that by 2025, there will be over 400 million connected cars in operation, up from some 237 million in 2021. That growth brings risk, and so it’s particularly important that we have the ability to secure connected cars from cybersecurity threats.
An Ongoing Threat
While there is a solid body of knowledge around securing automakers’ back-end networks, the actual car and the interconnected systems and components inside the vehicle are the least understood part of the automotive security equation. WiFi, Bluetooth, LTE and 5G, CAN bus, V2X and the entire infotainment system are all entry points that pose serious security risks for automotive manufacturers. New technologies such as Voice-as-an-Interface may further expand the attack surface from the vehicle to the consumer through connected ecosystems such as Amazon, Apple, and Google.
However, cybersecurity standards for cars are only emerging recently The United Nations Economic Commission for Europe (UNECE) issued UN R155 that will come into effect on July 1, 2022 for new vehicle types. These rules govern cybersecurity and cybersecurity management systems (CSMS) for all vehicles sold in major markets outside of the US, Canada and China.
Cybersecurity within the automotive industry has a long way to go to catch up to traditional enterprise cybersecurity standards and best practices. Automotive original equipment manufacturers (OEMs) and component manufacturers need to manage vehicle cybersecurity risks, mitigate risks along the supply chain by securing vehicles in the design stage, detect and respond to security incidents across a vehicle fleet, and provide safe, secure software updates that do not compromise vehicle security.
Tomi Engdahl says:
Kiristyshaitat aiheuttavat paljon ongelmia terveydenhuoltoalalla
https://etn.fi/index.php/13-news/14105-kiristyshaitat-aiheuttavat-paljon-ongelmia-terveydenhuoltoalalla
Trend Micron uusi tutkimus paljastaa, että 86 % maailmanlaajuisesti toimivista kiristyshaittaohjelmien uhreiksi joutuneista terveydenhuoltoalan toimijoista kärsii toimintakatkoksista. Tutkimuksen mukaan valtaosa (57 %) maailmanlaajuisista terveydenhuollon organisaatioista myöntää, että he ovat joutuneet viimeisen kolmen vuoden aikana kiristyshaittaohjelmien uhreiksi.
Joka neljäs eli 25 prosenttia kertoo joutuneensa keskeyttämään toimintansa täysin, kun taas 60 prosentin mukaan hyökkäys vaikutti jonkin verran heidän liiketoimintaansa. Vastaajilta kesti keskimäärin useita vuorokausia (56 %) tai jopa viikkoja (24 %) palauttaa toiminta entiselleen.
Kiristyshaittaohjelmat aiheuttavat terveydenhuoltoalalle muutakin kuin vain käytännön vaikeuksia. Kolme viidesosaa (60 %) vastanneista terveysviranomaisista kertoo, että hyökkääjät ovat saaneet käsiinsä myös arkaluontoisia tietoja. Lisäksi vuodot saattavat vaikeuttaa vaatimustenmukaisuuksien noudattamista ja heikentää yritysten mainetta, samoin kuin kasvattaa tutkinta-, korjaus- ja hyökkäysten jälkien siivouskustannuksia.
Tutkimukseen vastanneiden mukaan toimitusketjujen heikot lenkit ovat keskeinen haaste. 43 prosentin mukaan toimitusketjujen alihankkijat ovat tehneet myös heistä hyökkäysten kohteita.
Tomi Engdahl says:
Oulussa ryhdytään kouluttamaan kyberturvamaistereita
https://etn.fi/index.php/13-news/14108-oulussa-ryhdytaeaen-kouluttamaan-kyberturvamaistereita
Oulun yliopisto vahvistaa kyberturvallisuuden osaajien koulutusta. Heitä arvioidaan jo nyt puuttuvan työelämästä useita tuhansia. Koulutusta tarjotaan opiskelijoille ensi keväästä lähtien opintojen maisterivaiheen suuntautumisvaihtoehtona tietotekniikan tutkinto-ohjelmassa tieto- ja sähkötekniikan tiedekunnassa.
Koulutus tulee painottumaan tekniseen osaamiseen, jota tarvitaan kyberturvallisuuden takaamiseksi. Laajentuvan koulutuksen päätavoite on, että kyberturvallisuuteen erikoistuva osaa suunnitella, kehittää, testata ja arvioida kyberturvallisia järjestelmiä, ohjelmistoja ja laitteita jatkuvasti muuttuvassa digitaalisessa ympäristössä.
Koulutuksesta vastaava kyberturvallisuuden professori Kimmo Halusen mukaan tarve on suuri. – Muun muassa Jyväskylän yliopiston tuore tutkimus osoittaa, että alan koulutusta on liian vähän eikä se vastaa teollisuuden tarpeita. Sama on havaittu myös Oulun yliopistossa, ja nyt diplomi-insinööriopiskelijoille avataan mahdollisuus suuntautua siihen.
Tomi Engdahl says:
Sosiaalinen manipulointi on edelleen kyberrikollisten keinovalikoiman kärjessä Miten siltä voi puolustautua?
https://www.tivi.fi/kumppanisisallot/nixu/sosiaalinen-manipulointi-on-edelleen-kyberrikollisten-keinovalikoiman-karjessa-miten-silta-voi-puolustautua/
Tietoturvateknologiat, kuten palomuurit ja virustorjunta, antavat hyvän perustan organisaatioiden tietoturvalle. Todellisuudessa ihmisten asenne, tietoisuus ja toiminta sekä organisaation kokonaisvaltainen kyberturvakulttuuri ovat kuitenkin ratkaisevassa asemassa, kun organisaation kybersietoisuus joutuu koetukselle. Kun ihmiset tuntevat kyberrikollisten keinot, he paljon todennäköisemmin osaavat noudattaa yleistä varovaisuutta ja vahvistaa siten sekä omaa että organisaationsa tietoturvaa.
Tomi Engdahl says:
That thing to help protect internet traffic from hijacking? Here’s how to break it
comment bubble on black
RPKI is supposed to verify network routes. Cyber-researchers suggest ways to potentially defeat it
https://www.theregister.com/2022/10/09/internet_traffic_routing_defense/?td=keepreading
An internet security mechanism called Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, can be broken.
Or so the folks at Germany’s ATHENE, the National Research Center for Applied Cybersecurity, argue.
That means if you were hoping RPKI would prevent state spies and rogue operators from redirecting people’s connections to snoop on them or upend their connectivity, you may be disappointed: in the right circumstances, it can be circumvented.
For those who don’t know, the internet is a network of connected networks. These networks communicate using the Border Gateway Protocol (BGP) to ultimately build up a routing map of the internet, so that when you try to connect to something, your packets of data are sent along the right pipes to the right place. More specifically, the internet consists of networks called autonomous systems (ASes) that advertise their IP address prefixes via routers to neighboring networks using BGP, again to ultimately construct this routing map.
RPKI aspires to prevent prefix hijacking by binding IP addresses to ASes using digital signatures called ROAs (Route Origin Authorizations). Only about 40 percent of all IP address blocks have RPKI certificates and only about 27 percent verify them, according to ATHENE.
But where deployed, RPKI provides ASes with the ability to validate the IP prefix advertisements of other ASes.
This design choice – prioritizing network reachability over security – represents the source of the vulnerability, the ATHENE researchers argue.
In research [PDF] presented earlier this year at both the Usenix and Black Hat security conferences, Tomas Hlavacek, Philipp Jeitner, Donika Mirdita, Haya Shulman, and Michael Waidner describe an attack called “Stalloris.”
Tomi Engdahl says:
What’s Microsoft been up to? A quick tour of Windows 11 22H2′s security features
21 comment bubble on white
And some requirements to be aware of
https://www.theregister.com/2022/09/27/microsoft_windows_11_security_features/?td=keepreading
As it rolled out a laundry list of features in the latest version of Windows 11, namely version 22H2, this month, Microsoft has also detailed some of the added security mechanisms.
These changes touch on a range of areas, including hardware, drivers, and printers as well as protections against credential theft and account lookout.
Included among the features is Kernel Mode Hardware Enforced Stack Protection, with Rick Munck, cloud security solution architect at Microsoft, stressing its dependency on hypervisor-protected code integrity (HVCI). HVCI enables Kernel Mode Code Integrity (KMCI) – a feature introduced with Vista that ensures low-level, highly privileged code, such as drivers and parts of the OS, are suitably signed and trusted before they are run. This code integrity check happens in a virtualization-protected space in the system.
Munck wrote in a blog post – which handily summarizes 22H2′s security measures – that the hardware-enforced stack protection, which can be used with Windows 11 version 22H2 and above, provides additional security to kernel-level software, by hampering exploitation of certain code-execution vulnerabilities.
Windows 11, version 22H2 Security baseline
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520
Tomi Engdahl says:
Can IAM help save on cyber insurance?
Demonstrating a robust defense can help underwrite cyber risk for customers and providers, says One Identity
https://www.theregister.com/2022/10/11/can_iam_help_save_on/?td=keepreading
Underwriters are continuing to feel the pinch as cyber insurance claims mount. That means customers are hurting too, with policies becoming more costly and insurers demanding more proof of cybersecurity. So how do organizations make better use of identity and access management to demonstrate their competency in protecting people’s sensitive personal and financial data?
Darren Thomson is vice president of product marketing for identity security company One Identity, having previously held the role of EMEA CTO at Symantec before working at its cyber insurance analytics spin-off CyberCube. He explains that cyber insurance developed in the early 2000s as a way to hand off risk as cybersecurity concerns mounted.
“There comes a point where the simple choice between mitigating risks and ignoring them is not enough,” he says. “People want to share or transfer that risk.”
Transferring the risk to an insurance company helps to regulate a client’s investment in cybersecurity, which in turns aids the avoidance of over- or under-investing in protective measures proportional to the risk. But what happens when the risks become too volatile for the insurers too?
That’s what happened as ransomware evolved from attacks on individuals and small businesses into a mature criminal industry targeting bigger companies. Cyber crooks became more sophisticated, hitting larger organizations with deeper pockets. They also became more successful at it. The size of ransom demands rose accordingly from tens of thousands to millions. “Insurance companies didn’t see that coming,” says Thomson.
The other problem for insurers was complexity. Clients frequently add more tools and technologies to their sprawling infrastructures. The pandemic exacerbated the problem. As hybrid work became a necessity, the physical perimeter disappeared.
Companies supporting a hybrid workforce found themselves grappling with endpoints sitting on residential local area networks (LANS) used for both work and personal activities. Managing these devices’ access to corporate information became more difficult. The change in infrastructure and access methods created yet more layers of security risk, making cyber risk transfer even more problematic for underwriters.
The problem of valuing cyber risk
Fairly assessing and pricing this risk has been tough for insurers, especially given the lack of available data. Actuaries have decades of data on car accidents and health conditions, but not much about cyber risk for example. Assessing the risk of cyber attack is more art than science, and the industry demand for the skills to support that process is high.
Insurers that charged too little for covering cybersecurity risk have found themselves shouldering an array of costs. Ransomware payments are perhaps the simplest to understand, but they’re just one factor among many possible expenses. These include post-breach investigation and data recovery; loss of income from business disruption; breach notification costs; legal claims; and regulatory penalties. Supply chain attacks make third-party liability costs especially worrying for insurers, who face reimbursement costs for their clients’ downstream users.
In May, Fitch Ratings found that reported cyber insurance claims had risen 100 percent annually in the past three years. Claims closed with payment grew by 200 percent annually over the same period, with 8,100 claims paid in 2021. This eats into insurers’ profits. The direct loss plus defense and cost containment (DCC) ratio is the proportion of the earned premium paid out in claims expenses. Lower is better and in 2015-2019, the average figure was 42 percent. In 2021, it stood at 65 percent
Insurers naturally became obsessed with ransomware as payouts increased, recalls Thomson. This, along with other evolving security risks, transformed the still-nascent cyber insurance industry into a ‘hard market’.
“A hard market is one that is difficult to comply with,” he explains. One characteristic is the rising price of premiums.
“The policies are highly priced and the payout limits are very low,” continues Thomson. “So it’s actually pretty hard for many organizations to get good coverage on cyber now.”
The other reaction from insurers has been more scrutiny. Insurance companies are asking more detailed questions about their clients’ cybersecurity posture before assuming their risk. They are also building more cyber assessment capabilities, ranging from auditing through to penetration testing and IT security consulting.
“A better security posture means higher coverage and/or lower rates,” explains Thomson.
Insurance firms started establishing minimum requirements with checklists before verifying compliance. And clients which find themselves falling short must step up to address any issues if they want a reasonable cyber insurance policy.
The role of identity and access management
Thomson sees one of the most significant areas that companies can improve upon is identity and access management. Solutions that stop attackers from getting onto the company network and accessing information inappropriately are of particular interest.
“IAM teams historically always struggled to show concrete benefits to the business,” he says. “Now, with cyber insurance as a risk management requirement and potential savings on policies it’s a much easier argument to win. IAM can clearly demonstrate value for the business.”
Insurers are focusing on multi-factor authentication in their evaluations as they realize the growing importance of identity in cybersecurity posture. Harvesting some low-hanging fruits is mandatory, including multi-factor authentication (MFA) for the whole workforce.
“Most insurers now want to know that you have at least two factors of authentication in place for your users and your customers, if not multi-factor authentication,” Thomson continues.
But not all MFA solutions are equal, and this choice can affect clients’ cybersecurity protection. One common problem is the lack of support for on-prem devices. Many solutions will secure access to SaaS applications but can’t protect access to the workstation you’re sitting in front of. So the type of MFA you use affects issues on insurer checklists such as endpoint security management.
“One Identity managed to cover this capability gap by fusing together Defender (our on-prem 2FA) and OneLogin SaaS, creating a hybrid solution well suited to these hybrid needs,” Thomson adds.
Increasing the focus on identity infrastructure
Some insurers are also acknowledging the need to enforce complex passwords and avoid default passwords or default accounts, One Identity says. Companies should also look at other areas, such as structured processes for handling joiners, movers, and leavers.
Insurers are already asking more questions about the management of access credentials on their cyber insurance premium questionnaires. They are becoming more interested in techniques ranging from password management through to privileged access management, and are asking companies to attest to their capabilities here too.
AIG asks clients about their techniques for managing privileged access credentials, including the use of access logging tools and secure storage mechanisms, for example. It also makes explicit reference to the use of MFA for workers remotely accessing corporate resources.
Active Directory or equivalent directory systems are foundational technologies when managing identity data and access privileges, so it’s not surprising that this comes up in questionnaires. You’ll find insurers asking about the number and types of accounts used on that system, Thomson says.
As technology moves on, he expects insurers to embrace other facets of identity management, such as passwordless technology.
“They [insurers] are aware of the trend and they’re excited about the next phase,” he says. “They’re tracking the maturity of those solutions.”
As underwriters continue to turn up the pressure on cyber insurance clients, we’re seeing a traditionally conservative industry tackle the challenge of insuring against a dynamic, fast-moving set of risks.
Tomi Engdahl says:
Vahvinkin julkisen avaimen salaus murretaan 2035
https://etn.fi/index.php/13-news/14112-vahvinkin-julkisen-avaimen-salaus-murretaan-2035
RSA on tunnetuin ja käytetyin julkisen avaimen salausmenetelmä. Vahvin RSA-salaus on 2048-bittinen ja kvanttikoneilla sekin murretaan vuoteen 2035 mennessä. Näin ennustaa kvanttiturvallisia algoritmeja kehittävä NIST eli National Institute of Standards and Technology.
Tutkimuslaitos Tirias Research muistuttaa artikkelissaan, että kvanttiuhka on todellinen. Ikävä kyllä salausstandardien kehitys vie aikaa. Sen takia monen valtiollisen toimijan tiedetään tallentavan dataa nyt ajatuksenaan murtaa sen salaus myöhemmin. Kvanttitietokoneet voivat ratkaista useita yhtälöitä samanaikaisesti, ja Shorin algoritmin perusteella kryptoasiantuntijat arvioivat pystyvänsä murtamaan epäsymmetrisen salauksen. Asiantuntijoiden mukaan kysymys ei ole siitä, onnistuuko salausten murtaminen vaan siitä, milloin se tapahtuu.
Nykypäivän salausalgoritmit käyttävät matemaattisia ongelmia, kuten suurten lukujen tekijöiden jakamista tietojen suojaamiseksi. Vikasietoisilla kvanttitietokoneilla faktorointi voidaan ratkaista teoriassa vain muutamassa tunnissa Shorin algoritmilla. Tämä sama ominaisuus vaarantaa myös salausmenetelmät, jotka perustuvat diskreettien logaritmiongelmien ratkaisemisen vaikeuteen.
Uusia järeämpiä salausstandardeja kutsutaan “kvanttiturvallisiksi”. Haasteena on, ettemme tiedä tarkalleen, milloin vikasietoisilla kvanttitietokoneilla on valta rikkoa jatkuvasti olemassa olevia salausstandardeja, jotka ovat nyt laajasti käytössä. On myös huolestuttavaa, että jotkut osapuolet voivat ladata ja tallentaa salattua dataa salauksen purkamista varten myöhemmin, kun sopivasti kykeneviä kvanttitietokoneita on saatavilla. Vaikka tiedot ovat yli kymmenen vuotta vanhoja, tallennetuissa tiedoissa voi silti olla olennaista luottamuksellista tietoa, jopa valtiosalaisuuksia.
NIST uskoo, että on mahdollista, että RSA2048-salaus voidaan murtaa vuoteen 2035 mennessä. Muilla Yhdysvaltain valtion virastoilla ja muilla turvallisuudesta kiinnostuneilla tahoilla on samanlaiset käsitykset kehityksestä. Tämän takia instituutti aloitti kilpailun kvanttiturvallisen salauksen kehittämiseksi jo vuonna 2016. Useiden tarkistuskierrosten jälkeen NIST valitsi tämän vuoden heinäkuun 5. päivänä neljä algoritmia tarkistuksen viimeiseen vaiheeseen.
IBM:llä oli iso rooli kvanttisalauksen uusien algoritmien kehittämisessä. IBM kehitti neljästä ehdokkaasta kolme
NIST:n lopullisten valintojen odotetaan valmistuvan vuonna 2024
Tomi Engdahl says:
Asiantuntija: ”Emme tiedä, onko Venäjä saanut jalansijaa Suomen kriittiseen infrastruktuuriin”
Suomen tulee varautua erilaisiin kriittiseen infrastruktuuriin kohdistettuihin kyberhyökkäyksiin.
https://www.iltalehti.fi/digiuutiset/a/63e214ff-6e26-486e-8ea7-59927c0de599
Venäjän hyökättyä Ukrainaan ovat Suomessa hälytyskellot alkaneet soida myös kansalaisilla ja yrityksilläkin. Moni miettii, mitä maailmassa tapahtuu tällä hetkellä ja miten Euroopan turvallisuustilanne vaikuttaa meihin. Tämän lisäksi katse on myös tulevaisuudessa ja moni pohtii, mikä tilanne on puolen vuoden tai vuoden päästä.
Digi- ja väestötietoviraston Digiturvaviikon ohjelmassa kyberasiantuntija Catharina Candolin OP Ryhmästä piti puheenvuoron siitä, mihin Suomessa tulisi varautua ”sodan sumun keskellä”.
Candolin sanoi, että kyberuhat ja kyberhyökkäykset ovat osa nykyaikaista sodankäyntiä. Kyseessä on hänen mukaansa ensimmäinen kerta, kun kyberulottuvuus on tässä mittakaavassa osa sodankäyntiä.
Kyberulottuvuus onkin todella tärkeä pitää mielessä, kun puhutaan kriittisestä infrastruktuurista, mikä on äärimmäisen tärkeää yhteiskunnan toiminnan kannalta. Tämä pitää sisällään muun muassa sähkön tuotannon ja jakelun, tietoliikenteen, maksuliikenteen, vesi- ja ruokahuollon, viranomaistoiminnot ja terveydenhuollon.
– Nämä infrastruktuurit ovat riippuvaisia siitä, että tietoliikenne ja digitaaliset palvelut toimivat ja ovat turvallisia. Lisäksi infrastruktuurit ovat riippuvaisia toisistaan, Candolin sanoi.
– On syytä pitää mielessä vihamielisiä toimintoja ajatellen, että kriittinen infrastruktuuri on ensimmäinen kohde. Tätä olemme nähneet myös Ukrainassa, Candolin totesi viitaten Ukrainassa tapahtuneisiin kyberiskuihin aseohjaamisjärjestelmiin, energiapuolelle sekä finanssimaailmaan.
Suomessa tilanne on kuitenkin näiltä osin Candolinin mukaan hyvä.
Candolin viittaa Kyberturvallisuuskeskuksen arvioon siitä, että kyberturvallisuuden uhkataso on noussut Suomessa. Kyberhyökkäykset ovat lisääntyneet myös maailmalla ja ne ovat entistä räätälöidympiä ja tarkoituksella kohdistettuja tiettyihin organisaatioihin sekä kriittiseen infrastruktuuriin.
Candolin totesi kuitenkin, että suojelupoliisin arvioiden mukaan yhteiskunnan toimintaa lamauttavan kyberoperaation suunnittelu ja toteutus ei ole helppoa, minkä takia tämänkaltaiset operaatiot eivät ole todennäköisiä.
Tulevaisuuden osalta Candolin kertoi, että Suomi voi olettaa Venäjällä olevan kädet täynnä Ukrainassa.
– Suomessa tilanne tulee olemaan siksi suhteellisen rauhallinen. Emme kuitenkaan tiedä, onko Venäjä saanut jalansijaa Suomen kriittiseen infrastruktuuriin. Emme tiedä mitä Venäjä tekee seuraavaksi. Emme tiedä, miltä osin voidaan luottaa siihen tietoon, mitä meillä on. Meidän pitäisi kuitenkin päättää, mitä tehdään seuraavaksi, Candolin sanoi.
Mikä lasketaan hyökkäykseksi?
Candolinin mukaan Suomen pitäisi varautua siihen, että meihin kohdistuu merkittävä kyberisku, vaikka se ei olekaan tällä hetkellä todennäköistä. Tällaisessa tilanteessa tulisi myös miettiä, mitä voidaan rinnastaa aseelliseen hyökkäykseen.
– Jos ohjus tulisi niskaan, ymmärtäisimme, että kyseessä on aseellinen hyökkäys. Jos toiseen valtioon tehdään kyberisku, joka on vaikutuksiltaan vastaava, voidaan se rinnastaa aseelliseen hyökkäykseen. Jos tällainen tulkinta tehtäisiin, mitä sitten tapahtuisi?
Candolin toteaa, että tällaisessa tilanteessa tulisi osoittaa hyökkääjä. Hyökkäyksen kohteella tulisi olla teknistä kykyä sekä poliittista halua reagoida hyökkäykseen, jolloin myös vastuut tulisi olla selvillä. Lisäksi lainsäädäntö tulisi olla ajan tasalla ja vastatoimet mietittynä.
Tomi Engdahl says:
https://www.mediaserver.fi/live/digiturvaviikko
Tomi Engdahl says:
Cybersecurity—More Important than Ever
May 18, 2022
The threat of cyberattacks seemingly becomes more ominous every passing day. Learn about the different types of vulnerabilities and methods of defeating such attacks in this TechXchange library.
https://www.electronicdesign.com/techxchange/editorial/whitepaper/21164543/electronic-design-cybersecuritymore-important-than-ever?utm_source=EG+ED+Auto+Electronics&utm_medium=email&utm_campaign=CPS221012173&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R
Tomi Engdahl says:
Anticipation and Action: What’s Next in SOC Modernization
https://www.securityweek.com/anticipation-and-action-whats-next-soc-modernization
“Wisdom consists of the anticipation of consequences.” – Norman Cousins
In the cybersecurity industry, we’ve become a lot wiser in the face of relentless and increasingly crafty adversaries. It is now a widely held tenet that it is not a matter of if, but when and how we’ll be attacked. In anticipation of these consequences, security operations centers (SOCs) are transforming into detection and response organizations. How we measure the efficiency and value of detection and response is by the speed and effectiveness with which it is done. So, alongside this transformation, we’re now seeing security organizations put together anticipation teams to proactively drive down time to detect and respond and reduce exposure. What do those teams look like?
We see these anticipation teams focused on many use cases, but the two primary use cases are threat prevention and threat hunting.
1. Proactive threat prevention means that you can anticipate what may be happening within your environment so you can quickly contain it and prevent it from happening again by sending threat intelligence and data to different systems for a unified defense. This could be initiated by internal data that could reveal malicious behavior, or analysis of past incidents.
2. Proactive threat hunting starts from external information (report, news, other) without an internal alert being fired. Using the data and information from the report, you hunt for associated indicators within your environment in anticipation of an attack. For example, you may learn of malware currently being used to target your industry, so you go to any number of intelligence sources – government, industry, open source or commercial – and frameworks like MITRE ATT&CK, to learn about the technical details, potential indicators of compromise, and possible related system events that you can hunt for within your environment. Depending on the potential risk exposure for your organization, you may decide to take advantage of this intelligence to proactively block these indicators across your defensive infrastructure immediately. Either way, you then open an investigation, formulate a hypothesis about a specific campaign or adversary that may have infiltrated your network and pivot to test your hypothesis. Once you confirm or disprove malicious activity you take appropriate action to mitigate risk or prevent the attack.
In both use cases, it is extremely time consuming to sift through logs manually to determine which are relevant and to correlate logs with massive volumes of external threat intelligence and other internal data to identify malicious activity. Organizations can end up with a few high-value resources spending inordinate amounts of time potentially chasing ghosts.
With a platform that aggregates, normalizes and correlates internal and external data, you can tap into the richness of all available data to get a complete picture of what is going on. You can setup data-driven playbooks triggered either by new intelligence linked to past incidents for proactive prevention, or by intelligence about new threats you are proactively hunting.
data and findings are sent back to a central repository so that protections and your security posture continue to improve over time.
It is true that wisdom consists of the anticipation of consequences. For security teams, the next step is to proactively mitigate any negative consequences. That’s where today’s anticipation teams are focused, with a data-driven approach to help accelerate risk mitigation and strengthen security posture.
Tomi Engdahl says:
Google Brings Passkey Support to Android and Chrome
https://www.securityweek.com/google-brings-passkey-support-android-and-chrome
Google on Wednesday announced the introduction of passkey support in Android and Chrome, to protect users from credential leaks and phishing attacks.
Meant to replace passwords, passkeys rely on biometric verification for authentication. They can be synced on multiple devices, cannot be reused and, unlike passwords, cannot be leaked.
Passkeys can be used with both applications and websites, work across operating systems and browsers, and deliver an experience like password autofill.
“For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint. […] Additionally, users can use passkeys stored on their phone to sign in to apps and websites on other nearby devices,” Google explains.
According to the internet giant, Android owners can now create and use passkeys on their devices and have them synced via Google Password Manager.
“Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password,” Google says.
“Since passkeys are built on industry standards, this works across different platforms and browsers – including Windows, macOS and iOS, and ChromeOS, with a uniform user experience,” the internet giant explains.
Google’s announcement comes roughly one month after Apple released iOS 16 with support for passkeys. In May 2022, Apple, Google, and Microsoft pledged support for the new FIDO open authentication standard, to scrap passwords.
https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html
Tomi Engdahl says:
Pankki syytti uhreja, kun pariskunta menetti huijarille 45 000 euroa – ”Ei voi sanoin kuvata, miltä se tuntuu”
https://yle.fi/uutiset/74-20000848
Pankit ja huijatut riitelevät yhä useammin siitä, kuka maksaa vahingot. Satakuntalainen perhe sai tästä katkeran oppitunnin.
Rahat olivat menneet Omakanta-huijauksessa. Jarmo Sivula oli halunnut katsoa terveystietojaan, mutta olikin päätynyt kirjautumaan pankkitunnuksillaan valesivustolle.
Tapahtunut oli järkytys. Sivuloita kuitenkin lohdutti ajatus siitä, että ehkä rahat saataisiin kuitenkin takaisin. Ellei rikollista saataisi kiinni, täytyihän ainakin pankin korvata vahingot.
– Ajattelin että eihän se raha näin voi lähteä, Jarmo Sivula sanoo.
Hän oli kuitenkin väärässä.
Pankki vetoaa huolimattomuuteen joskus ilman aihetta
Sivuloiden yllätykseksi Honkajoen Osuuspankki ilmoitti, ettei se aio korvata verkkohuijauksessa menetettyjä rahoja. Pankin mukaan asiakas oli ollut törkeän huolimaton antaessaan tietonsa huijarille.
Tämänkaltaiset riidat ovat nykyään yhä yleisempiä. Esimerkiksi Vakuutus- ja vakuutusneuvonta FINEen on tullut tänä vuonna ratkaistavaksi moninkertaisesti enemmän riita-asioita verkkotunnusten oikeudettomasta käytöstä kuin aiempina vuosina.
FINEn pankkilautakunta antaa maksuttomia ratkaisusuosituksia pankkiriidoissa. Se toimii siis vaihtoehtona käräjäoikeudelle.
Maksupalvelulain mukaan vastuu kuuluu käyttäjälle, jos hän on toiminut ”tahallisesti tai törkeän huolimattomasti”.
FINEn ratkaisujen perusteella pankit vetoavat asiakkaan törkeään huolimattomuuteen silloinkin, kun sille ei ole aihetta. Lautakunta on ratkaissut asiakkaan hyväksi viime vuosina ainakin 19 tällaista tapausta.
Omakannan oikea osoite on kanta.fi. Huijarisivuston osoitteessa oli sama alku, mutta lisäksi siinä luki perässä tunnistautuminen.com. Verkkotunnus oli rekisteröity Espanjaan aiemmin samana päivänä.
sai vale-Kantaan kirjauduttuaan puhelimeensa pankin tekstiviestin. Siinä luki, että asiakas on aktivoimassa pankin mobiilisovellusta: ”Jos et ole tekemässä aktivointia itse, ota välittömästi yhteyttä [pankkiin] tai sulkupalveluumme. Tietosi voivat olla vaarassa.”
Sivula myöntää, ettei hän lukenut viestiä kunnolla. Hänen silmänsä osuivat lähinnä viestin lopussa olleeseen aktivointikoodiin, jonka hän syötti valesivustolle. Hän luuli vahvistavansa vain kirjautumisen Omakantaan.
Se oli kallis virhe.
Vahvistusviestin sanamuoto ratkaisi jutun
Pankkilautakunnan mukaan Jarmo Sivula oli toiminut tilanteessa törkeän huolimattomasti. Tärkeään asemaan nousi nimenomaan pankilta tullut vahvistusviesti.
Lautakunta on ratkaissut asiakkaan hyväksi useita vastaavia tapauksia, joissa käytännössä ainoa ero on ollut pankin vahvistusviestin sisältö.
Osa pankeista on lähettänyt asiakkailleen niin niukkasanaisia vahvistusviestejä, ettei asiakas ole ymmärtänyt epäillä huijausta. Honkajoen Osuuspankin viesti oli lautakunnan mukaan riittävän selkeä ja vastuu jäi siksi uhrille. Hetken huolimattomuus maksoi käytännössä kymmeniä tuhansia euroja.
Perheellä on yhä mahdollisuus viedä asia käräjäoikeuteen, mutta siellä heitä odottaisi mahdollisesti hidas ja kallis riita, jossa menestymisestä ei ole takeita. Yleensä pankit noudattavat FINEn suosituksia lähes sataprosenttisesti.
Poliisi ihmetteli turvatoimien puutetta
Jarmo Sivulan mielestä pankki olisi voinut tehdä enemmän huijauksen estämiseksi. Hänestä tuntuu väärältä, että lähes 45 000 euron tilisiirtoja epätavalliseen kohteeseen ei estetty.
Siirrot tehtiin verkkopankkitunnuksilla, joita oli siihen asti käytetty pelkästään tunnistautumiseen.
– En maksa niillä mitään enkä varsinkaan ulkomaille. Pankin olisi pitänyt sulkea se tili, Sivula sanoo.
– Miten on ollut mahdollista, että näin poikkeuksellisen suuria summia siirrettäessä ulkomailla oleville tileille, POP-pankin tietoturva ei ollut reagoinut millään tavalla, poliisin lausunnossa kysytään.
Pankin näkökulmasta siirroissa ei kuitenkaan ollut mitään epäilyttävää. Tätä pankki perusteli sillä, että Sivula oli ”luovuttanut maksusovelluksen ulkopuoliselle”, kun oli antanut huijarin asentaa mobiilisovelluksen omilla tunnuksillaan.
Pankkien automatiikka seuloo maksuliikenteestä epäilyttäviä siirtoja. Se olisi voinut jäädyttää siirrot tai lähettää niistä asiakkaalle ylimääräisen vahvistuspyynnön. Laki ei kuitenkaan sellaista edellytä.
Osa rahoista saatiin takaisin
Kun tilin tyhjeneminen selvisi Sivuloille syksyllä 2021, huijarilla oli kahden päivän etumatka. Rikos oli tapahtunut torstaina ja huomattu lauantaina.
Aika ei ollut Sivuloiden puolella. Pankista kerrottiin, ettei viikonloppuna voitu tehdä muuta kuin sulkea tilit; hätäkeskuksen päivystäjä ohjeisti menemään maanantaina poliisin luo.
Viivyttely tuntui uhreista pahalta. Ylen haastattelemien asiantuntijoiden mukaan pankki ei kuitenkaan toiminut väärin: vaikka Suomessa pankki olisi ryhtynyt toimiin heti, huijarin pankki Espanjassa tuskin ei.
Maanantaina pankki lähetti SWIFT-palautuspyynnön Espanjaan. Pankki peri siitä uhreilta 120 euron ja myöhemmin vielä 50 euron palvelumaksun.
Sivuloiden onneksi rikolliset eivät olleet ehtineet siirtää kaikkia varoja eteenpäin. Huijatusta 44 900 eurosta saatiin takaisin Suomeen noin 19 000 euroa. Loppuja rahoja perhe tuskin enää näkee.
– Olen jotenkin luottanut siihen, että jos töpeksin jollakin lailla, pankki pitää huolen.
Tomi Engdahl says:
uusi hanke jolla on hyvät tavoitteet https://poliisi.fi/blogi/-/blogs/huijari-haluaa-rahasi
Tomi Engdahl says:
Tässä taas uusi tapaus, ihan samanlainen. https://www.is.fi/digitoday/tietoturva/art-2000009131855.html
Tomi Engdahl says:
2FA is over. Long live 3FA!
https://www.helpnetsecurity.com/2022/10/11/2fa-is-over-long-live-3fa/
In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. The recent Uber breach is just one example, but we see many campaigns circumventing 2FA on various platforms.
Tomi Engdahl says:
Valkeakoskelaismies tuomittiin bottiverkon koodaamisesta – vetosi uteliaisuuteen https://www.is.fi/digitoday/tietoturva/art-2000009129680.html
Tomi Engdahl says:
Vantaalainen Mirja, 83, päätyi väärennettyyn nettipankkiin ja menetti 63 950 euroa – näin pankki kommentoi https://www.is.fi/digitoday/tietoturva/art-2000009131855.html
Tomi Engdahl says:
How Do You Prove a Secret?
By
SHEON HAN
October 11, 2022
https://www.quantamagazine.org/how-to-prove-you-know-a-secret-without-giving-it-away-20221011/
Zero-knowledge proofs allow researchers to prove their knowledge without divulging the knowledge itself.
Tomi Engdahl says:
https://www.karhuhelsinki.fi/blogi/privacy-shield-uudistuu-tuoko-se-helpotuksen-it-jattien-gdpr-ongelmiin/
Tomi Engdahl says:
GET AHEAD OF CYBER THREATS
Wouldn’t you like to be ahead of cyber threats before they become mainstream news? That’s just what Fletch does for you every day.
https://fletch.ai/USE-CASE/Monitor-Emerging-Threats-and-How-They-Impact-Your-Environment?utm_campaign=search&utm_source=facebook&utm_medium=cpc&fbclid=PAAaa1-sbrMtF94morGIfViZh6VGnaJZiOVqKwkkwtgRWqfD7aCbfJGQJuRdA
Tomi Engdahl says:
https://www.splunk.com/en_us/form/the-essential-guide-to-zero-trust.html
Tomi Engdahl says:
Your Router Is Collecting Data. Here’s What to Know, and How to Protect Your Privacy
Wi-Fi router companies say they don’t track the websites you visit, but all of them collect and share some user data.
https://www.cnet.com/home/internet/your-router-is-collecting-data-heres-what-to-know-and-how-to-protect-your-privacy/
Tomi Engdahl says:
SS7 Vulnerability Attack Running 4G LTE Network In Minutes
https://m.youtube.com/watch?v=DH7EkS4D9kg
Tomi Engdahl says:
Kuinka shakissa huijataan ”anaalihelmien” avulla? Amerikkalaisfirman ”Peppumatti” näyttää toimintaperiaatteen, mutta jättää myös avoimia kysymyksiä
https://tekniikanmaailma.fi/kuinka-shakissa-huijataan-anaalihelmien-avulla-amerikkalaisfirman-peppumatti-nayttaa-toimintaperiaatteen-mutta-jattaa-myos-avoimia-kysymyksia/#Echobox=1665146155
Build Your Own Undetectable Chess Cheating Vibrator
Want to take on the world’s greatest chess players and actually win? This could be the (s)tool for the job.
https://gizmodo.com/adafruit-chess-cheating-tool-vibrator-cheekmate-diy-1849624158
Tomi Engdahl says:
Python keylogger bypasses Windows 11 Defender // Convert WIFI py to EXE
https://morioh.com/
https://youtu.be/qaZ-IbssPDI
Learn how to convert your Python code to run as an EXE on Windows 11. The code will run on Windows without Python installed.
So, you think you need Python installed to run Python code on Windows 11? Well, think again. You also think that Windows 11 real time protection will protect you against malicious code? Well think again!
// SCRIPTS //
Python key: https://davidbombal.wiki/pythonkeys
Python WiFi: https://davidbombal.wiki/pythonwifi
// PDF Instructions//
Download here: https://davidbombal.wiki/pythoncompile
Tomi Engdahl says:
Security Engineering Lecture 1: Who is the Opponent? – Ross Anderson and Sam Ainsworth
https://m.youtube.com/watch?v=o1x_Oa0XiDI
Tomi Engdahl says:
https://hackaday.com/2022/09/26/so-how-do-you-make-a-self-destructing-flash-drive/
Tomi Engdahl says:
Google aloitti salasanoista luopumisen – tarkkaile Chromea ja Androidia
Google otti merkittävän askeleen kohti salasanatonta internetin käyttöä
https://www.is.fi/digitoday/mobiili/art-2000009134874.html
GOOGLE alkaa tukea salasanatonta verkkopalveluihin kirjautumista Chrome-selaimessaan ja Android-käyttöjärjestelmässä. Yhtiön mukaan ensimmäiset testaajat pääsevät nyt kokeilemaan toimintoa, ja se otettaneen laajemmin käyttöön vielä tämän vuoden aikana.
Kyse on Googlen ja muiden suurten teknologiayhtiöiden hankkeesta vaarallisiksi ja kehnoksi kirjautumistavaksi todettujen salasanojen tappamiseksi. Salasanojen tilalle ajetaan niin sanottua passkey-menetelmää.
https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html
Tomi Engdahl says:
Kuin Vastaamo pienemmässä mittakaavassa: Järkyttävä kiristys meneillään Australiassa https://www.is.fi/digitoday/tietoturva/art-2000009145732.html
Medibank hackers threaten to release stolen health data in ransom demand
https://www.smh.com.au/technology/medibank-hackers-threaten-to-release-stolen-health-data-in-ransom-demand-20221019-p5br2s.html
Hackers claiming to have stolen reams of data from Medibank Private have threatened to sell confidential customer information, including sensitive health conditions and credit card details, unless the insurer pays it a ransom.
In a message obtained by this masthead, the hacking group claims to have stolen 200 gigabytes of sensitive information from Medibank, and threatens to contact its 1000 most prominent customers with their own personal information as a warning shot. This masthead was unable to verify the authenticity of the claims but in a response to questions on Wednesday afternoon, Medibank acknowledged it had received a threat and was taking it seriously.
Telco giant Optus was recently hit by the biggest cyberattack in Australian history, and a string of other companies have been affected by the issue in recent weeks, including wine retailer Vinomofo and Woolworths’ MyDeal website.
Tomi Engdahl says:
The FBI Publishes Statement Unpatched and Outdated IoT Devices Increase Cyber Attack Opportunities https://blog.checkpoint.com/2022/10/14/the-fbi-publishes-statement-unpatched-and-outdated-iot-devices-increase-cyber-attack-opportunities/
The FBI recently issued an industry notification around unpatched and outdated devices, warning the public that cyber criminals are increasingly targeting internet-connected devices for the purpose ofexploiting their vulnerabilities. The FBI discovered multiple vulnerabilities, specifically in medical devices, through devices that run outdated software and devices lacking sufficient security features. According to FBI documentation, “these vulnerabilities negatively impact organization’s operational functions, overall safety, data confidentiality, and data integrity. In Medical, device vulnerabilities are inherent to the device itself, originating from device hardware design and device software management. Routine challenges include the use of standardized configurations, specialized configurations, including a substantial number of managed devices on the network, lack of device embedded security features, and the inability to upgrade those features.”1
Tomi Engdahl says:
Court rules webcam monitoring of remote employee was an invasion of privacy https://www.malwarebytes.com/blog/news/2022/10/court-rules-constant-webcam-monitoring-of-remote-employee-to-be-an-invasion-of-privacy
A Dutch court has ruled that the decision to fire a remote employee because he refused to keep his webcam on during working hours was unjustified. The employee worked remotely for a Florida-based software development company with a Dutch office. The court ruled that the request to keep the webcam on during all working hours did not constitute a reasonable request. The European court for human rights ruled in 2017 that video surveillance of an employee in the workplace, be it covert or not, interferes within the meaning of Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms. Article 8 of the convention provides a right to respect for one’s private and family life, their home and their correspondence, while subject to certain restrictions that are in accordance with law and necessary in a democratic society.
Tomi Engdahl says:
Valkeakoskelaismies tuomittiin bottiverkon koodaamisesta vetosi uteliaisuuteen https://www.is.fi/digitoday/tietoturva/art-2000009129680.html
PIRKANMAAN käräjäoikeus tuomitsi valkeakoskelaisen miehen niin sanotun bottiverkon eli haittaohjelmalla saastutetuista laitteista koostuvan verkon rakentamisesta vaaran aiheuttamiseksi tietojenkäsittelylle.
Tuomion mukaan mies tuomittiin 60 päivän ehdolliseen vankeuteen, mikä muutettiin 60 tunniksi yhdyskuntapalvelua. Tuomittu kiisti syytteen.
Hän myöntää kirjoittaneensa vuonna 2019 splwow64.exe-nimisen ohjelman ja testanneensa sitä kaverin kanssa. Tuomittu sanoo toimineensa uteliaisuudesta oppiakseen lisää ja kehittyäkseen tietotekniikan ammattilaisena. Haittaa tai vahinkoa hän ei katso aiheuttaneensa.
Tomi Engdahl says:
New “Prestige” ransomware impacts organizations in Ukraine and Poland https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in attacks occurring within an hour of each other across all victims. This campaign had several notable features that differentiate it from other Microsoft-tracked ransomware campaigns:. * The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks. * The Prestige ransomware had not been observed by Microsoft prior to this deployment. * The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper). Despite using similar deployment techniques, the campaign is distinct from recent destructive attacks leveraging AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper) that have impacted multiple critical infrastructure organizations in Ukraine over the last two weeks. MSTIC has not yet linked this ransomware campaign to a known threat group and is continuing investigations.
MSTIC is tracking this activity as DEV-0960.
Tomi Engdahl says:
FBI, CISA warn of disinformation ahead of midterms https://www.malwarebytes.com/blog/news/2022/10/fbi-and-cisa-urge-americans-to-be-critical-of-information-in-light-of-midterm-election
In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels.
With everyone preparing to cast their ballots, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have reminded people about the potential threat of disinformation.
Tomi Engdahl says:
Nämä ovat yritysten suurimpia prioriteetteja tietoturvan saralla
https://www.tivi.fi/uutiset/tv/1806bb5e-c5f3-4f21-bb86-2c6e420488c8
WithSecuren kyselystä käy ilmi, että organisaatiot painottavat tietoturvainvestoinneissaan tietomurtojen ehkäisyä ja etätyöntekijöiden suojaamista. Kyselyyn osallistui 3 000 eri organisaatiossa työskentelevää ihmistä 12 eri maasta. Yli kolmannes vastaajista asetti tärkeimpien teemojen joukkoon tietomurtojen estämisen. Se oli yleisin prioriteetti esimerkiksi Suomessa. Niistä ollaan huolissaan muiden muassa terveydenhuoltoalalla, it-alalla ja julkisella sektorilla. “Muita yleisiä prioriteetteja olivat haittaohjelmilta ja kiristysohjelmilta suojautumisen varmistaminen, kehittyneiden sähköpostipohjaisten uhkien kuten tietojenkalastelun ja yrityssähköpostien vaarantumisen estäminen”, WithSecuren tiedotteessa kerrotaan.
Tomi Engdahl says:
Android and iOS leak some data outside VPNs https://www.malwarebytes.com/blog/news/2022/10/android-and-ios-suffer-from-leaky-tunnels
Virtual Private Networks (VPNs) on Android and iOS are in the news.
It’s been discovered that in certain circumstances, some of your traffic is leaked so it ends up outside of the safety cordon created by the VPN. Mullvad, the discoverers of this Android “feature” say that it has the potential to cause someone to be de-anonymised (but only in rare cases as it requires a fair amount of skill on behalf of the snooper). At least one Google engineer claims that this isn’t a major concern, is intended functionality, and will continue as is for the time being.
Tomi Engdahl says:
Microsoft announces enterprise DDoS protection for SMBs https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-enterprise-ddos-protection-for-smbs/
Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model tailored to small and midsize businesses (SMBs). To a great extent, it provides the same capabilities as DDoS Network Protection (previously known as DDoS Protection Standard), which is designed to help large enterprises and organizations to defend significantly larger resource deployments. “With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses, ” Microsoft Senior Product Manager for Azure Networking Amir Dahan said. “SMB customers who have a few public IP addresses to protect will benefit from this cost-effective DDoS protection option.”
Tomi Engdahl says:
AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group
https://www.securityweek.com/ai-key-tackling-money-mules-and-disrupting-fraud-industry-group
Money mules are an important part of the criminal money laundering pipeline. They help channel the proceeds from fraud and other criminal activities to the criminals themselves while obfuscating the process. The UK’s Financial Conduct Authority has estimated that more than $40 billion is laundered every week, with only 1% intercepted and seized.
A new report (PDF) from the P20 group (a collaborative thought leadership ‘sandbox’ seeking cooperation and joint action in the non-competitive areas of the global payments industry) has published recommendations on how to tackle the money mule aspect of illicit money laundering.
https://static1.squarespace.com/static/5efcc6dae323db37b4d01d19/t/631b910675d7802746b383ca/1664146688470/P20+Report+-+Focus+on+Money+Mules%3A+A+Collaborative+Approach+to+Fighting+Financial+Crime.
Tomi Engdahl says:
Google Unveils KataOS ‘Verifiably-Secure’ Operating System for Embedded Devices
https://www.securityweek.com/google-unveils-kataos-verifiably-secure-operating-system-embedded-devices
Google last week unveiled a new project focused on building a secure embedded platform for machine learning (ML) applications.
The project’s goal is designing intelligent ambient ML systems that are secure and trustworthy.
The project is named Sparrow and it revolves around a new operating system named KataOS, for which several components have already been open sourced by Google.
“KataOS provides a verifiably-secure platform that protects the user’s privacy because it is logically impossible for applications to breach the kernel’s hardware security protections and the system components are verifiably secure,” Google explained.
The tech giant pointed out that KataOS is mostly developed in Rust, which makes it more secure because it eliminates buffer overflows and other classes of bugs.
Sparrow is the reference implementation for KataOS. It combines the new operating system, which provides a logically-secure kernel, with a secured hardware platform that provides a logically-secure root of trust leveraging the OpenTitan project on a RISC-V architecture.
“The KataOS components are based on an augmented version of seL4′s CAmkES framework. Critical system services are CAmkES components that are statically configured. Applications are developed using an AmbiML-focused SDK and dynamically loaded by the system services,” KataOS developers explained.
Google says its goal is to open source the entire Sparrow project
Announcing KataOS and Sparrow
https://opensource.googleblog.com/2022/10/announcing-kataos-and-sparrow.html
To begin collaborating with others, we’ve open sourced several components for our secure operating system, called KataOS, on GitHub, as well as partnered with Antmicro on their Renode simulator and related frameworks. As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability. Through the seL4 CAmkES framework, we’re also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user’s privacy because it is logically impossible for applications to breach the kernel’s hardware security protections and the system components are verifiably secure. KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security, since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.
The current GitHub release includes most of the KataOS core pieces, including the frameworks we use for Rust (such as the sel4-sys crate, which provides seL4 syscall APIs), an alternate rootserver written in Rust (needed for dynamic system-wide memory management), and the kernel modifications to seL4 that can reclaim the memory used by the rootserver. And we’ve collaborated with Antmicro to enable GDB debugging and simulation for our target hardware with Renode.
Tomi Engdahl says:
IDA Pro Owner Hex-Rays Acquired by European VC Firm
https://www.securityweek.com/ida-pro-owner-hex-rays-acquired-european-vc-firm
European venture capital and private equity firm Smartfin on Tuesday announced a deal to acquire Hex-Rays, the Belgian company behind the widely deployed IDA Pro software disassembler.
Financial terms of the acquisition were not released but Smartfin said IDA Pro creator Ilfak Guilfanov joined a consortium of investors putting cash back into the restructured company.
Hex-Rays, based in Liège, Belgium, was founded in 2005 by Guilfanov with reverse engineering power tool IDA Pro as its flagship product.
IDA Pro is used by cybersecurity professionals to effectively translate a software’s binary code (consisting of ones and zeros) into a human readable text (an approximation of the software’s actual source code), to reveal and understand its original design, architecture, and logic.
The company said the main software use cases are IT security audits, internal stress testing, bug bounty programs, investigating new virus samples and validating security concerns.
Following the acquisition, Hex-Rays plans to expand operations and speed up automation and simplification of its software products.
Tomi Engdahl says:
Cybersecurity Awareness Month: 5 Actionable Tips
https://www.securityweek.com/cybersecurity-awareness-month-5-actionable-tips
Best practices for defeating against most attacks, hopefully making the need for future Cybersecurity Awareness Months obsolete
Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month, is in its 19th year. Launched under the guidance of the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA), it aims to help Americans stay safe and secure online. This year’s campaign theme – See Yourself in Cyber – is focused on the “people” equation of cybersecurity, while promoting how to recognize and report phishing, the use of strong passwords, password managers and multi-factor authentication, and applying software updates. While these tactics are certainly a great place to start, organizations need to go beyond these fundamental steps to strengthen their cyber resilience.