Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    Anticipation and Action: What’s Next in SOC Modernization
    https://www.securityweek.com/anticipation-and-action-whats-next-soc-modernization

    “Wisdom consists of the anticipation of consequences.” – Norman Cousins

    Reply
  2. Tomi Engdahl says:

    Are Cybersecurity Vendors Pushing Snake Oil?
    https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil

    Survey: 96 Percent of Cybersecurity Decision Makers Confused By Vendor Marketing

    The availability of new security products increases, the amount of budget spent on cybersecurity grows, and the number of security breaches seems to outpace both. This basic lack of correlation between increasing cybersecurity spend and any clear increase in cybersecurity effectiveness is the subject of a new analytical survey from Egress.

    With 52 million data breaches in Q2 2022 alone (Statista), Egress questioned 800 cybersecurity and IT leaders on why vendor claims and reality aren’t aligned. The headline response in the survey is that 91% of decision makers have difficulty in selecting cybersecurity vendors due to unclear marketing about their specific offerings.

    The financial investment cycle doesn’t help in this. For many investors, the strength of the management team is more important than the product. The argument is not whether this product is a cybersecurity silver bullet, but whether this management can take the company to a point where it can exit with serious profits.

    If investment is achieved, much of it will go into marketing. That marketing must compete against existing, established vendors – so it tends to be louder, more aggressive, and replete with hyperbole. Marketing noise can lead to increased valuation, which can lead to a successful and profitable exit by the investors.

    Of course, this is an oversimplification and doesn’t always happen. The point, however, is that it does happen and has no relevance to the real effectiveness of the product in question. Without any doubt, there are many products that have been over-hyped by marketing funds provided by profit-driven investors.

    An example of hype in practice can be seen in the early ‘wars’ between what was labeled as next-gen AI-based anti-malware products vs traditional signature-based anti-virus products. In reality, next-gens still needed to use signatures, while traditional products had already been using AI for almost a decade.

    However, the new aggressive marketing brought AI into the spotlight, and introduced a host of new problems: increased false positives, alert fatigue among staff and the need for more and very expensive threat analysts. But to what effect? More staffing, increased spending on the new products, greater complexity in the security stack – and no overall diminution of breaches.

    Security awareness training is another example of marketing hype leading to unrealistic expectations of improved security. Ninety-six percent of the respondents believe training can make long-term, positive changes to employees’ behavior – but reality suggests otherwise.

    no amount of spend on awareness training has had any serious effect on the number of breaches that start from phishing.

    There is another factor that should be considered – the effect of security regulations. Breaches and consequent regulatory fines occur. But GDPR fines, for example, are reduced if the breached company can demonstrate it took serious and realistic efforts to prevent theft of data. If this happens, security defenses do not protect companies from hackers, but do protect the company from the worst effects of non-compliance.

    Cyberinsurance is beginning to have a similar effect, where companies are required to install certain defenses, but are driven to do so not because they choose to, but because they are required to do this for insurance purposes. This demand from the insurance industry is likely to increase in future years.

    The implication is that increased use of the latest security products has a recognizable value that is not directly related to efficiency. It is this combination of not seeing through marketing hype, conformance to official recommendations and the need to tick regulatory and insurance boxes that leads to confusion in what is bought, why it is bought, what it can achieve, and how it fits into the overall security posture. The result is clearly delineated in the Egress survey.

    Forty-nine percent of respondents (report PDF) feel their security stack is overly complex, while 48% consider it difficult to manage. Forty-nine percent say they suffer from vendor sprawl leading to an increased attack surface. Security products suffer from bugs and vulnerabilities just like any other software.

    New technologies are difficult to understand and difficult to use efficiently. Seventy-seven percent of the IT leaders are using products that employ artificial intelligence; but only 66% claim to understand how this AI makes their security more effective.

    Tony Pepper, CEO and co-founder of Egress, believes the security vendors sometimes take advantage of the market conditions to sell what amounts to snake oil. “The industry is a crowded hotbed of start-ups and established players innovating in the same spaces, and constantly trying to both align and differentiate themselves from each other. In all the noise of category creation, product launches, buzz words, and acronyms, cyber security buyers continue to invest in mechanisms to reduce risk – but the reality of these investments is often very different from initial expectations.”

    Reply
  3. Tomi Engdahl says:

    How Wi-Fi spy drones snooped on financial firm
    https://www.theregister.com/2022/10/12/drone-roof-attack/
    Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place

    The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming Fist in 2017. And in 2013, security researcher Samy Kamkar demonstrated his SkyJack drone, which used a Raspberry Pi to take over other drones via Wi-Fi.

    Now these sort of attacks are actually taking place.

    Greg Linares, a security researcher, recently recounted an incident that he said occurred over the summer at a US East Coast financial firm focused on private investment.

    In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company’s network.
    The company’s security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user’s MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device.
    “This led the team to the roof, where a ‘modified DJI Matrice 600′ and a ‘modified DJI Phantom’ series were discovered,” Linares explained.

    The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building’s heating and ventilation system and appeared to be damaged but still operable.
    “During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker’s credentials and Wi-Fi,” Linares said. “This data was later hard coded into the tools that were deployed with the Matrice.”

    According to Linares, the tools on the drones were used to target the company’s internal Confluence page in order to reach other internal devices using the credentials stored there. The attack, he said, had limited success and is the third cyberattack involving a drone he’s seen over the past two years.

    “The attackers specifically targeted a limited access network, used by both a third-party and internally, that was not secure due to recent changes at the company
    “Now in 2022 we are seeing really amazing drone advancements in power, range, and capabilities (for instance, the amazing synchronized drone shows that China puts out are utterly fantastic).”
    “This paired with drone payload options getting smaller and more capable – e.g. Flipper Zero kit – … make viable attack packages that are reasonable to deploy,” said Linares. “Targets in fintech/crypto and supply chain or critical third-party software suppliers would make ideal targets for these attacks where an attacker can easily cover their initial operating costs with immediate financial gain or access to more lucrative targets.”
    Sophos senior threat researcher Sean Gallagher told The Register said the attack described is something people have done “warwalking” with Wi-Fi Pineapples or the equivalent.

    “You bounce a user off the real network and try to get them to connect to your fake network,” he explained. “Honestly, unless there’s a very specific bit of targeting going on, this is very low on the threat modeling priority list for most organizations, especially when there are so many other ways to get network access without having a physical presence.”

    Reply
  4. Tomi Engdahl says:

    Cyber Threat Detection: 5 Top Priorities for Critical Infrastructure Security Leaders
    Oct. 7, 2022
    A critical infrastructure leader shares industry insights on how to detect and prevent cyber threats.
    https://www.electronicdesign.com/industrial-automation/article/21251671/rockwell-automation-cyber-threat-detection-5-top-priorities-for-critical-infrastructure-security-leaders?utm_source=EG+ED+Connected+Solutions&utm_medium=email&utm_campaign=CPS221019085&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R

    What you’ll learn:

    How to assess the physical security and asset inventory of your OT/ICS infrastructure.
    How to strengthen access policies and develop continuous monitoring policies for cybersecurity.
    Leveraging Cyber Threat Intelligence (CTI) to get into a security state of mind.

    How do you know that a perfect storm is brewing? If your team is tasked with securing your organization’s operational technology and industrial control systems (OT/ICS), you may have a pretty good idea by now.

    In critical infrastructure industries, the warning signs have been hard to miss lately. They include the convergence of business IT and OT systems, now accelerated in the cloud; the proliferation of database-driven Ransomware-as-a-Service (RaaS) and phishing campaigns; and the large-scale targeting of remote workers and remote-access vulnerabilities in critical industries since the beginning of the COVID-19 pandemic.

    These signs were there before the DarkSide ransomware attack that shut down the Colonial Pipeline in May 2021. Yet it took this incident to reinvigorate industry and government efforts to start strengthening the nation’s critical infrastructure protections. Among other things, the TSA now requires pipeline owners and operators to report cybersecurity incidents.

    The heat is on for other critical infrastructure areas, too, such as public utilities (oil & gas, water/wastewater, electric) the healthcare sector, chemical manufacturing, or food-processing plants. How can your OT security mission benefit from this new momentum?

    Where to start with your OT/ICS security initiative?

    After all, it’s the IT/OT team that’s now expected to have a plan ready. You’re not alone in this. Many Rockwell Automation customers have the same question: “Where do we start?”

    Most experts agree that any critical infrastructure protection strategy depends on a robust cyber threat detection program. Below are five prioritized steps that will help expose hidden threats and help prevent cybersecurity incidents from impacting your OT/ICS environment.
    1. Assess the physical security and asset inventory of your OT/ICS infrastructure.
    2. Strengthen access policies.
    3. Monitor 24/7/365.
    4. Leverage Cyber Threat Intelligence (CTI).
    5. Develop a security state of mind.

    Any Step is a Good Step

    After the Colonial Pipeline attack, TV and social-media clips showed gas stations overrun by long lines of irate motorists in panic-buying mode. Talk about the power of images.

    With this fallout on public display, as well as the potential for serious operational damage and even litigation, the threat is taken seriously in the C-Suite. The cyber threat detection steps on this short list can make the hidden threats to your OT visible before they can harm your organization.

    Reply
  5. Tomi Engdahl says:

    Quantum Computing and Crypto Standards
    Oct. 19, 2022
    Rambus’s Security Technologies Fellow explains how new encryption standards will address the problem of quantum-computing attacks.
    https://www.electronicdesign.com/technologies/embedded-revolution/video/21252816/electronic-design-quantum-computing-and-crypto-standards

    Quantum computing is in its infancy, but hardware and software related to this technology are improving rapidly. It can address a wide range of problems, particularly the ability to crack some of the encryption systems we currently employ. This isn’t to say that our current security tools have been bypassed now, but they could be in the future.

    To address this issue, new encryption standards are in the works. These will require changes in applications in the future. However, it might be a good idea to start doing so soon.

    Reply
  6. Tomi Engdahl says:

    Google Launches GUAC Open Source Project to Secure Software Supply Chain https://thehackernews.com/2022/10/google-launches-guac-open-source.html
    Google on Thursday announced that it’s seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain.

    Reply
  7. Tomi Engdahl says:

    Forensic Value of Prefetch
    https://isc.sans.edu/diary/rss/29168
    When a program executes on a Windows system there are many artifacts that are generated which can assist digital forensic investigations.
    One of particular note is the Windows Prefetch file. Found in C:\Windows\Prefetch by default, prefetch files (.pf) contain a wealth of information that can prove vital to any investigation.

    Reply
  8. Tomi Engdahl says:

    New TSA Directive Aims to Further Enhance Railway Cybersecurity
    https://www.securityweek.com/new-tsa-directive-aims-further-enhance-railway-cybersecurity

    The Transportation Security Administration (TSA) has issued a new directive whose goal is to improve the cybersecurity of railroad operations in the United States.

    The new security directive is part of the White House’s efforts to strengthen critical infrastructure cybersecurity. The requirements outlined in the directive are aimed at passenger and freight railroad carriers designated by the TSA.

    The goal is to help operators further enhance cyber preparedness and resilience, requiring them to take steps to prevent disruption and infrastructure degradation.

    There are four major tasks that need to be completed by railway operators. This includes developing network segmentation policies and controls to ensure that operational technology (OT) systems are safe in case of an IT system compromise.

    Another task is creating access controls to prevent unauthorized access to critical systems. In addition, operators must ensure that these critical systems are covered by continuous monitoring and detection policies and procedures.

    Rail operators will need to establish and execute a cybersecurity implementation plan, and regularly audit the effectiveness of their cybersecurity measures and address any identified issues.

    https://www.tsa.gov/sites/default/files/sd-1580-82-2022-01.pdf

    Reply
  9. Tomi Engdahl says:

    Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH
    https://www.securityweek.com/password-report-honeypot-data-shows-bot-attack-trends-against-rdp-ssh

    An analysis of data collected by Rapid7’s RDP and SSH honeypots between September 10, 2021, and September 9, 2022, found tens of millions of connection attempts. The honeypots captured 215,894 unique IP source addresses and 512,002 unique passwords across RDP and SSH honeypots. Almost all the passwords (99.997%) can be found in rockyou2021.txt.

    In 2009, Rockyou was hacked. The attackers found and stole 32 million cleartext user accounts. A subsequently exposed list of 14,341,564 passwords became the original rockyou.txt widely used in dictionary attacks and included with Kali Linux to aid penetration testing.

    Over the following years additional password lists have been added to the original, culminating in the rockyou2021.txt collection now comprising about 8.4 billion passwords in a 92 GB text file. This is freely available on GitHub.

    “We use the rockyou set as a source of passwords that attackers can trivially generate and try, to see if there is some evolution beyond the use of a password list,”

    That 99.99% of the passwords used to attack the Rapid7 honeypots can be found in this password list is probably an understatement. Only 14 of the 497,848 passwords used in the SSH attacks are not included in rockyou2021 – and each one of these include the IP address of the attacked honeypot. Rapid7 suggests this may be a programming error in the scanner being used by the attacker.

    Only one password among those used to attack the RDP honeypots is not included in rockyou2021. This is ‘AuToLoG2019.09.25’, which was the thirteenth most used password. This is a little puzzling

    Apart from the SSH ‘errors’ and the single AuToLog RDP password, every other password used in the honeypot attacks can be found in rockyou2021. Honeypot attacks are, by their nature, automated opportunistic bot attacks.

    Rapid7’s analysis of the passwords used shows a heavy preference for the standard known commonly used passwords. The top five RDP password attempts were ‘ ‘ (the empty string), ‘123’, ‘password’, ‘123qwe’, and ‘admin’. The top five SSH password attempts were ‘123456’, ‘nproc’, ‘test’, ‘qwerty’, and ‘password’. These and every other password could have been sourced from rockyou2021.

    The overriding conclusion from Rapid7’s analysis is that the use of long, strong random strings such as those generated by password managers and not likely to be included in ‘dictionaries’ would provide a very strong defense against opportunistic bot-driven automated attacks.

    Tod Beardsley, Rapid 7’s director of research, points out that these automated attacks are low-cost, but not no-cost. “The concentration on lame and default passwords demonstrates that there are still enough in common use to make the attacks worthwhile for the attackers,” he told SecurityWeek. This in turn indicates that password managers are not yet the default method of generating and storing passwords.

    The problem with password managers is that they are not easy or necessarily intuitive to use. “The UX is poor, and they tend to be a bit clunky – and the additional friction stops people using them,” said Beardsley. “We’re failing to educate people on the use of password managers to generate and store a long, strong random password.”

    But he added, length is even more important than complexity. “Password length is the name of the game when it comes to having good passwords.” He even noted that in the age of remote working, the idea of the long-derided ‘password notebook’ kept securely at home becomes a realistic option.

    But the primary takeaway from this Rapid7 research is that if companies and people can condition themselves to generate passwords of sufficient length (Beardsley uses 14 characters) containing a few special characters, there is a strong likelihood that the current generation of automated opportunistic attacks against RDP and SSH will be defeated.

    Reply
  10. Tomi Engdahl says:

    Google’s GUAC Open Source Tool Centralizes Software Security Metadata
    https://www.securityweek.com/googles-guac-open-source-tool-centralizes-software-security-metadata

    Google today introduced Graph for Understanding Artifact Composition (GUAC), an open source tool for centralizing build, security, and dependency metadata.

    Developed in collaboration with Kusari, Purdue University, and Citi, the new project is meant to help organizations better understand software supply chains.

    GUAC aggregates metadata from different sources, including supply chain levels for software artifacts (SLSA) provenance, software bills of materials (SBOM), and vulnerabilities, to provide a more comprehensive view over them.

    “Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high-fidelity graph database—normalizing entity identities and mapping standard relationships between them,” Google says.

    By querying this graph, organizations can improve their audit processes and risk management, can better meet policy requirements, and even provide developer assistance.

    The open source project is in its early stages, with a proof of concept (PoC) now available on GitHub, offering support for the ingestion of SLSA, SBOM, and Scorecard documents and for simple queries for software metadata.
    https://github.com/guacsec/guac/blob/main/SETUP.md

    Reply
  11. Tomi Engdahl says:

    Biometrinen tunnistus voi tuoda ongelmia
    https://www.uusiteknologia.fi/2022/10/20/biometrinen-tunnistus-voi-tuoda-ongelmia/

    Tietoturvayhtiö Trend Micron uusin tutkimus varoittaa saumattoman kirjautumisen vaaroista, joiden takia biometrinen todentaminen saattaa olla tulevaisuuden metaversumin tietoturvan Akilleen kantapää. Jo ennen sitä kannattaa olla varuillaan oman biotunnisteensa kanssa. Tässä taustatietoa biotunnisteiden vaaratilanteista.

    Trend Micro varoittaa vuotaneen biometrisen datan aiheuttamasta vakavasta uhasta henkilöiden luotettavalle todentamiselle digitaalisessa maailmassa uudessa ’’Leaked Today, Exploited for Life – How Social Media Biometric Patterns Affect Your Future’’ -raportissaan.

    Ongelmana on että biometrisillä teknologioilla on tänään älykännyköiden takia paljon suurempi merkitys arkipäivässämme kuin vielä vuosikymmen sitten. Biotunnisteita käytetään myös passintarkastuksissa, pankkitilin käyttölukituksen avaaminen, käteisen nostaminen pankkiautomaatista tai julkisen liikenteen matkalipun maksaminen biometrisellä anturilla.

    ’’Biometrisiä ratkaisuja ylistetään joskus vanhempia menetelmiä turvallisemmaksi, perinteisten salasalojen helpommaksi vaihtoehdoksi, kertoo Trend Micron kyberturva-asiantuntija Kalle Salminen. Mutta toisin kuin salasanoja, emme voi muuttaa ulkomuotoamme ja -näköämme noin vain.

    Salmisen mukaan biometrisen datan vuotaminen esimerkiksi verkkorikollisille saattaa aiheuttaa kauaskantoisia seuraamuksia niiden käyttäjille. Esimerkiksi käyttäjän metaversumi-profiilin sieppaaminen saattaa pahimmillaan tarjota täyden pääsyn heidän tietokoneelleen ja sen sisältämiin tietoihin.

    Esimerkiksi Instagramissa on lähes 10 miljoonaa julkaisua, jotka käyttävät #EyeMakeup-hashtagia ja #EyeChallenge hashtagin sisältäviä videoita on katsottu TikTokissa yli kaksi miljardia kertaa. Molemmat hashtagit paljastavat kuvia ja videoita julkaisseiden henkilöiden silmien yksilölliset iiriskuviot, joita voidaan käyttää tämän tunnistamiseen.

    Sosiaalisesta mediasta kerättyä dataa voidaan käyttää myös identiteettivarkauksiin, valtiolliseen tiedusteluun tai deepfake-kuvien ja -videoiden luomiseen, erityisesti julkisuuden henkilöistä. Vaikka biometrisen datan rikollinen hyödyntäminen on ollut toistaiseksi vähäistä, niin kynnys siihen laskee jatkuvasti. Väärinkäytösten mahdollisuus ja laajuus kasvavat vääjäämättä ajan myötä.

    Jonain toisena henkilönä esiintyvät verkkorikolliset voivat Trend Micron mukaan onnistuessaan päästä käsiksi tämän kaikkiin verkkopalveluihin ja -järjestelmiin, käyttämään näiden verkkopankkitunnuksia, tekemään kryptovaluuttakauppoja ja hyödyntämään yrityksen verkosta löytyviä luottamuksellisia tietoja.

    Nyt varastetaan biometristä dataa
    https://etn.fi/index.php/13-news/14141-nyt-varastetaan-biometristae-dataa

    Tietoturvayritys Trend Micron uusi tutkimus varoittaa biometrisen datan varkauksista. Vääriin käsiin joutunut biometrisen tunnistamisen mahdollistava data aiheuttaa vakavan uhan henkilöiden luotettavalle todentamiselle digitaalisessa maailmassa. Ongelma koskee myös metaversum-ympäristöjä.

    Biometrisillä teknologioilla on tänään paljon suurempi merkitys arkipäivässämme kuin vielä vuosikymmen sitten. Nykyään biometriä tekniikoita käytetään mitä erilaisimmissa jokapäiväisissä tilanteissa. Näitä ovat esimerkiksi passintarkastus rajatarkastusautomaatissa, pankkitilin käyttölukituksen avaaminen, käteisen nostaminen pankkiautomaatista tai julkisen liikenteen matkalipun maksaminen biometrisellä anturilla.

    - Biometrisiä ratkaisuja ylistetään joskus vanhempia menetelmiä turvallisemmaksi, perinteisten salasalojen helpommaksi vaihtoehdoksi. Mutta toisin kuin salasanoja, emme voi muuttaa ulkomuotoamme ja -näköämme noin vain. Niinpä biometrisen datan vuotaminen verkkorikollisille saattaa aiheuttaa kauaskantoisia seuraamuksia niiden käyttäjille. Esimerkiksi käyttäjän metaversumi-profiilin sieppaaminen saattaa pahimmillaan tarjota täyden pääsyn heidän tietokoneelleen ja sen sisältämiin tietoihin, kertoo Trend Micron kyberturva-asiantuntija Kalle Salminen.

    Biometrinen data tuokin mukanaan aivan uudenlaisia haasteita. Salasana on helppo vaihtaa, mutta biometristä dataa ei muutetakaan noin vain, vaikka ne vuotaisivatkin verkkorikollisten haltuun. Joissakin tapauksissa ihmiset paljastavat biometristä dataansa tarkoituksellisesti, mutta sen tahaton julkaiseminen tai vuotaminen on paljon vaarallisempaa. Tällöin vääriin käsien joutuvaa dataa saatetaan hyödyntää paljon suuremman mittakaavan rikoksissa.

    Leaked Today, Exploited for Life
    How Social Media Biometric Patterns Affect Your Future
    https://www.trendmicro.com/vinfo/fi/security/news/internet-of-things/leaked-today-exploited-for-life-how-social-media-biometric-patterns-affect-your-future

    The photos, videos, and audio posts we put online expose sensitive biometric patterns that can be abused by cybercriminals. These patterns are virtually unchangeable and can be used now or in future attacks.

    Reply
  12. Tomi Engdahl says:

    ProPublica:
    A book excerpt details how the FBI failed to undertake fundamental reforms to combat cybercrime, including confronting escalating cyberthreats like ransomware

    How the FBI Stumbled in the War on Cybercrime
    https://www.propublica.org/article/fbi-ransomware-hunting-team-cybercrime

    In this excerpt from “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World From Cybercrime,” the authors reveal how unprepared the nation’s top federal law enforcement agency was to combat online crime.

    Investigating cybercrime was supposed to be the FBI’s third-highest priority, behind terrorism and counterintelligence. Yet, in 2015, FBI Director James Comey realized that his Cyber Division faced a brain drain that was hamstringing its investigations.

    Retention in the division had been a chronic problem, but in the spring of that year, it became acute. About a dozen young and midcareer cyber agents had given notice or were considering leaving, attracted by more lucrative jobs outside government. As the resignations piled up, Comey received an unsolicited email from Andre McGregor, one of the cyber agents who had quit. In his email, the young agent suggested ways to improve the Cyber Division.

    Comey took McGregor’s email and the other cyber agents’ departures seriously. “I want to meet these guys,” he said. He invited the agents to Washington from field offices nationwide for a private lunch.

    senior staff openly scorned the cyber agents, dubbing them “the 12 Angry Men,” “the Dirty Dozen” or just “these assholes.” To the old-schoolers — including some who had risked their lives in service to the bureau — the cyber agents were spoiled prima donnas, not real FBI.

    The cyber agents were as stunned as anyone to have an audience with Comey. Despite their extensive training in interrogation at the FBI Academy in Quantico, Virginia, many were anxious about what the director might ask them. “As an agent, you never meet the director,” said Milan Patel, an agent who attended the lunch. “You know the director, because he’s famous. But the director doesn’t know you.”

    You also rarely, if ever, go to the J. Edgar Hoover Building’s seventh floor, where the executive offices are. But that day, the cyber agents — all men, mostly in their mid-30s, in suits, ties and fresh haircuts — strode single file down the seventh-floor hall to Comey’s private conference room. Stiffly, nervously, they stood waiting. Then Comey came in, shirt sleeves rolled up and bag lunch in hand.

    “Have a seat, guys,” he told them. “Take off your coats. Get comfortable. Tell me who you are, where you live and why you’re leaving. I want to understand if you are happy and leaving, or disappointed and leaving.”

    Around the room, everyone took a turn answering. Each agent professed to be happy, describing his admiration for the bureau’s mission.

    “Well, that’s a good start,” Comey said.

    They told Comey that their skills were either disregarded or misunderstood by other agents and supervisors across the bureau. The FBI had cliques reminiscent of high school, and the cyber agents were derisively called the Geek Squad.

    At the meeting, the men also registered their opposition to some of the FBI’s ingrained cultural expectations, including the mantra that agents should be capable of doing “any job, anywhere.” Comey had embraced that credo, making it known during his tenure that he wanted everyone in the FBI to have computer skills. But the cyber agents believed this outlook was misguided. Although traditional skills, from source cultivation to undercover stings, were applicable to cybercrime cases, it was not feasible to turn someone with no interest or aptitude in computer science into a first-rate cyber investigator.

    “reeducation fatigue.” They were constantly forced to put their investigations on hold to train newcomers, both supervisors and other cyber agents, who arrived with little or no technical expertise.

    Other issues were personal. To be promoted, the FBI typically required agents to relocate. This transient lifestyle caused family heartache for agents across the bureau.

    The agents told Comey they didn’t have to deal with “the shuffle” around the country for professional advancement because their skills were immediately transferable to the private sector and in high demand. They had offers for high-profile jobs paying multiples of their FBI salaries. Unlike private employers worried about staying competitive, the FBI wasn’t about to disrupt its rigid pay scale to keep its top cyber agents. Feeling they had nothing to lose, the agents recommended changes. They told Comey that the FBI could improve retention by centralizing cyber agents in Washington instead of assigning them to the 56 field offices around the country.

    Most important, they wanted the bureau’s respect.

    Comey listened, asked questions and took notes. Then he led them to his private office.

    “Look, I know we’ve got a problem with leadership here,” Comey told the cyber agents as they studied the whiteboard, according to agents who were there. “I want to fix it, but I don’t have enough time to fix it. I’m only here for a limited amount of time; it’s going to take another generation to fix some of these cultural issues.”

    But the agents knew the FBI couldn’t afford to wait another generation to confront escalating cyberthreats like ransomware. Ransomware is the unholy marriage of hacking and cryptography.

    Although attacks were becoming more sophisticated, bureau officials told counterparts in the Department of Homeland Security and elsewhere in the federal government that ransomware wasn’t a priority because both the damages and the chances of catching suspects were too small. Instead of aggressively mobilizing against the threat, the FBI took the lead in compiling a “best practices” document that warned the public about ransomware, urged prevention and discouraged payments to hackers.

    To FBI leadership, ransomware was an “ankle-biter crime,” said an agent who attended the meeting with Comey.

    “They viewed it as a Geek Squad thing, and therefore they viewed it as not important,” he said.

    Stoll later spoke with an Air Force investigator who summed up the FBI’s position: “Computer crimes aren’t easy — not like kidnapping or bank robbery, where there’s witnesses and obvious losses. Don’t blame them for shying away from a tough case with no clear solution.”

    It wasn’t until almost a decade later that the federal government took its first significant step to organize against cyberthreats. After the 1995

    The group helped establish what became known as the National Infrastructure Protection Center in 1998. With representatives from the FBI, the Secret Service, intelligence agencies and other federal departments, the NIPC was tasked with preventing and investigating computer intrusions. The FBI was selected to oversee the NIPC because it had the broadest legal authority to investigate crime.

    Turf battles broke out immediately. The National Security Agency and the Pentagon were indignant about reporting to the FBI about sophisticated computer crimes that they believed the bureau was incapable of handling

    Following the Sept. 11, 2001, terrorist attacks, FBI Director Robert Mueller created the bureau’s Cyber Division to fight computer-based crime. The division took over the NIPC’s investigative work, while prevention efforts moved to the Department of Homeland Security, which was established in November 2002. The DHS, however, put the computer crime prevention mission on hold for years as it focused instead on deterring physical attacks.

    the FBI put a cyber squad in each field office and launched a training program

    The recruiter asked Ferrante what languages he knew.
    “HTML, JavaScript, C++, Business Basic,” he answered.
    “What are those?” the perplexed recruiter responded. “I mean, Russian, Spanish, French.”

    As time went on, Patel discovered how cumbersome it was to brief supervisors about cyber cases. Since many of them knew little about computers, he had to write reports that he considered “borderline childish.”

    “You had to try to relate computers to cars,” he said. “You’re speaking a foreign language to them, yet they’re in charge, making decisions over the health of what you do.”

    Some agents ended up in the Cyber Division because it had openings when they graduated from Quantico, or because it was a stop on the way to a promotion.

    “On a bureau cyber squad, you typically have one or two people, if you’re lucky, who can decrypt and do network traffic analysis and programming and the really hard work,” Patel said.

    “And you’ve got two or three people who know how to investigate cybercrime and have a computer science degree. And the rest — half of the team — are in the cyber program, but they don’t really know anything about cyber.” Some of those agents made successful cases anyway, but they were the exception.

    Despite the internal headwinds, Patel worked on some of the bureau’s marquee cybercrime cases. He led the investigation into Silk Road

    He kept tabs on the bureau’s public actions in fighting the crime. Despite occasional successes, he said in 2021 that he was disappointed by the small number of ransomware-related indictments in the years that followed Comey’s 2015 gathering.

    By 2012, FBI leadership recognized that most crimes involved some technical element: the use of email or cellphones, for example. So that year, it began to prioritize hiring non-agent computer scientists to help on cases. These civilian cyber experts, who worked in field offices around the country, did not carry weapons and were not required to pass regular physical fitness tests. But respect for the non-gun-carrying technical experts was lacking. This widespread condescension was reflected in a nickname that Stacy Arruda, the early NIPC agent who went on to a career as a supervisor in the Cyber Division, had for them: dolphins.

    “Someone who is highly intelligent and can’t communicate with humans,” said Arruda, who retired from the FBI in 2018.

    If agents like Patel and Ferrante had a hard time winning the institutional respect of the FBI, it seemed almost impossible for the dolphins to do so. They worked on technical aspects of all types of cases, not just cyber ones.

    these civilian computer scientists were often regarded as agents’ support staff and treated as second-class citizens.

    The first week of class, the instructor delivered another surprise.

    “OK, who are the IT nerds in here?” he asked.

    After Pargman and a classmate raised their hands, the instructor addressed them directly.

    “You’re not going to be working on cybercrimes. You’re going to be working on whatever the bureau needs you to do.”

    The other tech-savvy recruit later confided to Pargman that he was dropping out of the FBI Academy to return to private industry. “This is not what I thought it was going to be,” he said.

    Pargman was similarly torn. He believed in the FBI’s mission but wanted to work solely on cybercrime.

    It’s not easy to teach advanced computer skills to someone who has no technical background.

    In the FBI, investigations into specific ransomware strains were organized by field office.

    In the early days of ransomware, when hackers demanded no more than a few hundred dollars, the FBI was uninterested because the damages were small

    Later, once losses grew to hundreds of thousands or even millions of dollars, agents had other reasons to want to avoid investigating ransomware.

    ransomware cases, even with the enthusiastic support of a computer scientist like Pargman, were long and complex, with a low likelihood of arrest.

    The fact that most ransomware hackers were outside the United States made the investigative process challenging from the start.

    “If you spend all of your time chasing ransomware, and for years you never make a single arrest of anybody, you’re seen as a failure,” Pargman said. “Even if you’re doing a ton of good in the world, like sharing information and helping protect people, you’re still a failure as an investigator because you haven’t arrested anybody.”

    “You’d train someone. They’d do digital forensics for five years. They’d get really good at it. And then you’d send them off to do presidential detail.”

    The reality was that many people in the FBI had a deep distrust of private-sector researchers.

    “There’s this feeling among most agents that if they share even a little bit of information with somebody in the private sector, that information will get out, broadcast over the internet — and the bad guys will definitely read it, and it will destroy the whole case,” Pargman said.

    Patel, one of the agents who attended the 2015 meeting with Comey. “The bureau needs expertly trained technical programmers, cybersecurity engineers, that know how to write code, compile, dissect and investigate — and it has nothing to do with carrying a gun.”

    Reply
  13. Tomi Engdahl says:

    Oikeasta osoitteesta tullut sähkö­posti voi olla huijaus – Asiantuntija neuvoo, miten huiputuksen tunnistaa
    https://www.hs.fi/kotimaa/art-2000009145672.html

    Valtionhallinnon sähköpostiosoitteita on mahdollista ”kaapata” niin, että näyttää siltä, että viesti on lähetetty oikeasta osoitteesta. Valtion tieto- ja viestintätekniikkakeskus selvittänyt jo pitkään turvallisempaa asiointimahdollisuutta.

    Pienellä vaivalla taitava tietotekniikan osaaja pystyy rakentamaan ja lähettämään sähköpostiviestin, joka päättyy esimerkiksi poliisin viralliseen sähköpostitunnukseen poliisi.fi. Näin viestin siis saa näyttämään siltä, kuin se tulisi oikealta poliisilta.

    Toisin sanoen täydestä menee ja helposti.

    HS:n haastattelemalle tietotekniikan asiantuntija Petteri Järviselle asia ei tule yllätyksenä. Hän havainnollistaa HS:lle ongelmaa tekemällä itselleen hetkessä sähköpostiosoitteen [email protected]. Järvisen lähettämä viesti näyttää aivan tavalliselta, poliisilta tulleelta sähköpostiviestiltä.

    ”Ei se vaikeata ole. Suunnilleen minuutti siinä meni”, Järvinen sanoo.

    Teknisesti kyse on yksinkertaisimmillaan siitä, että lähettäjän sähköpostipalvelimessa ei ole niin sanottua DMARC-todennusprotokollaa, jolla pystyy suojaamaan sähköpostinsa huijaukselta.

    “SPF ja DKIM-tekniikat todentavat viestien alkuperän lähettäjän ja vastaanottajan välillä. DMARC täydentää tarkastusta hallinnan ja raportoinnin osalta. Täysi hyöty saadaan kuitenkin vain, mikäli vastaanottajan sähköposti todella tekee tarkistukset ja hylkää epäilyttävät viestit”, Järvinen kertoo.

    ”Poliisi ei paljon sähköpostilla asioi, ei sillä ole siksi niin suurta merkitystä. Mutta on se kauneusvirhe, jonka korjaaminen ei maksaisi mitään”, Järvinen pohtii.

    Hänestä DMARC on salaamattoman sähköpostin paras turvaamistekniikka, joten poliisikin voisi käyttää sitä ihan viran puolesta

    ”Sähköpostiketjun varmistaminen on aina lähettäjän ja vastaanottajan yhteispeliä. Valtaosa huijauksista on yksinkertaisia, kuten nyt liikkeellä olevat poliisin nimissä lähetetyt kiristyskirjeet, joissa annetaan yhteystietona Gmail-osoite”, hän kertoo.

    JÄRVISESTÄ tapaus on hyvä esimerkki siitä, että sähköpostilla asioidessa ei koskaan voi olla täysin varma siitä, kenen kanssa asioi.

    Tämän ”haavoittuvuuden” hyödyntäminen onnistuu vain kerran. Kun vastaanottaja lähettää huijausviestiin vastausviestin, se menee aina aidolle sähköpostin haltijalle, jolloin huijaus paljastuu helposti ja nopeasti.

    ”En näe tässä kovin suurta käytännön ongelmaa. Aina, jos epäilee sähköpostin aitoutta, siihen kannattaa vastata, sillä vastaus päätyy joka tapauksessa oikeaan osoitteeseen.”

    Viestiin vastaamista kannattaa hänen mukaansa hyödyntää kaikissa epäilyttävissä tapauksissa, koska se myös paljastaa esimerkiksi tilanteen, jossa jollain on jäänyt kone auki ja toinen käynyt lähettämässä viestin hänen nimissään.

    Monesti vastaanottajan sähköposti kuitenkin tunnistaa, ettei lähettäjä ole aito, ja usein siirtää tällaiset viestit suoraan roskapostiin. Jos DMARC-tietoa ei ole, viesti voi siis päätyä suoraan roskapostiin.

    ”Gmail ei ota väärennettyjä viestejä vastaan, ei laita niitä edes roskapostikansioon. Tällaisenakin, ilman DMARC-tietuetta, tekniikka antaa suojaa lähettäjätiedon väärentämiseltä, vaikka suojan toiminta viime kädessä riippuukin vastaanottajan sähköpostipalvelimesta.”

    Hän myös selvitteli monista muista valtion virastoista, käyttävätkö ne DMARCia ja ilmeni, että käytännöt vaihtelevat.

    ”Laajojen sähköpostiratkaisuiden muutosten toteuttaminen hallitusti sekä toimien vaikutusten arviointi muuhun ympäristöön ovat ajallisesti pitkäkestoisia projekteja”, kertoo Valtorin tietoturvapäällikkö Sonja Marjamäki-Ruuskanen.

    Reply
  14. Tomi Engdahl says:

    Defenders beware: A case for post-ransomware investigations https://www.microsoft.com/en-us/security/blog/2022/10/18/defenders-beware-a-case-for-post-ransomware-investigations/
    Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase.

    Reply
  15. Tomi Engdahl says:

    Trends in Web Threats: Old Web Skimmer Still Active Today https://unit42.paloaltonetworks.com/web-threat-trends-web-skimmer/
    Palo Alto Networks Advanced URL Filtering subscription collects data regarding two types of URLs; landing URLs and host URLs. We define a malicious landing URL as one that provides an opportunity for a user to click a malicious link. A malicious host URL is a web page that contains a malicious code snippet that could abuse someone’s computing power, steal sensitive information or perform other types of attacks.

    Reply
  16. Tomi Engdahl says:

    5 essential security tips for SMBs
    https://www.malwarebytes.com/blog/business/2022/10/5-essential-security-tips-for-smbs
    In any business, the security of each computer is intimately connected to the security of every other computer. Interconnectedness allows attackers to turn a breach, a fault, or an oversight on one machine into access on all the machines its connected to. That means any attack on any computer is a potential jumping off point for an attack on the entire business.

    Reply
  17. Tomi Engdahl says:

    Maritime Sector Sails through rough ‘Cybersecurity’ Seas https://www.enisa.europa.eu/news/maritime-sector-sails-through-rough-cybersecurity-seas
    Organised by the European Union Agency for Cybersecurity (ENISA), the 2nd Maritime Cybersecurity Conference hosted by the European Maritime Safety Agency (EMSA) sought to explore the dynamics behind the cyber threat landscape and the challenges faced by the sector.

    Reply
  18. Tomi Engdahl says:

    Socure Report Examines Rise Of Synthetic Identity Fraud https://www.forbes.com/sites/tonybradley/2022/10/20/socure-report-examines-rise-of-synthetic-identity-fraud/
    Fraud is one of the oldest and most pervasive crimes. It predates technology and, fundamentally, is not a cybersecurity issue. However, the advent of the internet enables synthetic identity fraud at scale and has blurred the line between traditional crime and cybercrime.

    Reply
  19. Tomi Engdahl says:

    Merenalainen internet sisältää haavoittuvuuksia myös Suomen osalta näin Venäjä voisi halutessaan eristää Yhdysvallat
    https://yle.fi/uutiset/74-20000693
    Itämeren Nord Stream -kaasuputkien räjäytykset ovat lisänneet huolta valtioiden kriittisiin infrastruktuureihin kohdistuvista tihutöistä.
    Suojelupoliisi varoitti syksyllä, että uhka on koholla myös Suomessa.
    Suomi on pitkälti digitalisoitunut ja kriittinen infra on teknistä.

    Reply
  20. Tomi Engdahl says:

    INTERPOL launches first global police Metaverse https://www.interpol.int/fr/Actualites-et-evenements/Actualites/2022/INTERPOL-launches-first-global-police-Metaverse
    Fully operational, the INTERPOL Metaverse allows registered users to tour a virtual facsimile of the INTERPOL General Secretariat headquarters in Lyon, France without any geographical or physical boundaries, interact with other officers via their avatars, and even take immersive training courses in forensic investigation and other policing capabilities.

    Reply
  21. Tomi Engdahl says:

    How Vice Society got away with a global ransomware spree https://arstechnica.com/information-technology/2022/10/how-vice-society-got-away-with-a-global-ransomware-spree/
    Vice Society has a superpower that’s allowed it to quietly thrive:
    Mediocrity.

    Reply
  22. Tomi Engdahl says:

    Thousands of GitHub repositories deliver fake PoC exploits with malware https://www.bleepingcomputer.com/news/security/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware/
    Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept
    (PoC) exploits for various vulnerabilities, some of them including malware.

    Reply
  23. Tomi Engdahl says:

    The only Windows 10 updates for the year are coming. Spoiler alert: It’s just security
    14 comment bubble on white
    What did you expect, HoloLens-ready Minesweeper and new skins for Calculator?
    https://www.theregister.com/2022/10/19/microsoft_updates_windows_10/?td=keepreading

    Microsoft is rolling out the only feature updates this year for Windows 10, with the IT giant describing it as a “scoped and streamlined” effort with a strong focus on security.

    The Windows 10 version 22H2 updates – the 13th feature update of the venerable operating system – came the same day Microsoft announced the availability of new features for Windows 11 that were outlined when version 22H2 of the OS was unveiled last month.

    Reply
  24. Tomi Engdahl says:

    Infosec still (mostly) a boys club
    Women who do join get paid and promoted less, leave faster. What can be done to stop that?
    https://www.theregister.com/2022/10/15/infosec_boys_club/?td=keepreading

    The infosec industry remains mostly a boys club. And while there are some indications that it’s becoming more diverse, bringing women into the room continues to move at a glacial pace.

    Globally, women make up about 25 percent of the cybersecurity workforce [PDF], according to International Information System Security Certification Consortium, or (ISC)2, an organization that trains and certifies IT security professionals.

    Granted, these 2021 numbers are an increase from 2017′s findings that showed only 11 percent were women. But in an industry facing a worker shortage of about three million amid growing threats from nation states and criminal gangs alike, a mere 25 percent of the workforce is still pretty dismal.

    “In some parts of the world, the percentages are much lower,” (ISC)² CEO Clar Rosso told The Register. “And women leave the cyber profession at higher rates than men, so organizations must take steps to increase the retention of female infosec professionals.”

    Rosso suggests organizations do this by paying women the same as their male counterparts, and also providing them with equal career advancement opportunities — both of which should be no-brainers, but, sadly, aren’t.

    Other processes, such as developing an inclusive culture, implementing zero-tolerance policies on harassment and discrimination, and providing access to mentors and advocates play a role in retention, as well. But by first focusing on eliminating pay and advancement inequalities, “you can take a giant leap forward on the retention front,” Rosso said.

    Before organizations can work on retaining female infosec professionals, the industry needs to bring more women into cybersecurity jobs in the first place, she opined.
    Where are the women?

    Microsoft Security earlier this year commissioned a survey that looked at the gender gap in cybersecurity and how to increase the number of women in these positions. It found more than half (54 percent) of women believe the industry has a gender-bias problem that results in unequal pay and support.

    Additionally, while 83 percent of respondents said they believe there is an opportunity for women in cybersecurity, only 44 percent of female respondents believe they’re sufficiently represented.

    “A lack of representation can perpetuate and reinforce the gender gap by dissuading women from entering the industry,” Vasu Jakkal, a Microsoft Security corporate vice-president, told The Register.

    Reply
  25. Tomi Engdahl says:

    Cybersecurity Awareness Month: 5 Actionable Tips
    https://www.securityweek.com/cybersecurity-awareness-month-5-actionable-tips

    Best practices for defeating against most attacks, hopefully making the need for future Cybersecurity Awareness Months obsolete

    Conclusion

    Organizations have to assume that bad actors are in their networks already. Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a resilient Zero Trust approach, powered by additional security measures such as Zero Trust Network Access and endpoint resilience. Furthermore, they should balance their focus between preventive and responsive measures to a potential breach. This will help them stay ahead of the security curve and ultimately remove the need for an awareness month after all.

    Reply
  26. Tomi Engdahl says:

    Navigating the Intersection of Safety and Security
    https://go.rambus.com/navigating-the-intersection-of-safety-and-security?utm_source=Endeavor&utm_medium=personifai&utm_campaign=2022+Endeavor+Personif.ai

    Vehicle systems and the semiconductors used within them are some of the most complex electronics seen today. In the past, electronics going into vehicle systems implemented flat architectures with isolated functions controlling various components of the power train and vehicle dynamics. However, to support the realization of Level 4 and Level 5 (L4/L5) autonomous driving, a massive restructure is underway. The software-defined vehicle, the automotive Ethernet, vehicle-to-everything (V2X) connectivity, and domain controller units are just some of the new technologies required to realize L4/L5 capabilities. Ensuring all these new systems are both functionally safe and secure from cyberattacks is mission critical.

    Reply
  27. Tomi Engdahl says:

    You Tossed Your Cookies But They’re Still Tracking You; Here’s How to Hide Your Browser Fingerprint
    Browser fingerprinting is a sneaky way advertisers and others track you online. We explain how this surveillance technique works and what you can do to protect your privacy.
    https://uk.pcmag.com/security/134656/you-tossed-your-cookies-but-theyre-still-tracking-you-heres-how-to-hide-your-browser-fingerprint

    Reply
  28. Tomi Engdahl says:

    OneRNG
    OneRNG is an entropy source / hardware random number generator (HWRNG), designed to be connected via USB to your computer.
    https://onerng.info/

    Reply
  29. Tomi Engdahl says:

    Kyberrikolliset pyörittävät miljardien rikostoimintaa moderneilla organisaatioilla yrityksissä ei aina tunnisteta omia haavoittuvuuksia
    https://yle.fi/uutiset/3-12663861
    Keskustelu kyberturvallisuudesta on lisääntynyt Suomessa erityisesti viime aikoina. Isojen organisaatioiden kohtaamat tietomurrot, sekä yksittäisille ihmisille lähetetyt epämääräiset tietopyyntökalastelut sähköposteissa ja tekstiviesteissä hermostuttavat monia.

    Reply
  30. Tomi Engdahl says:

    Attacking Very Weak RC4-Like Ciphers the Hard Way https://research.checkpoint.com/2022/attacking-very-weak-rc4-like-ciphers-the-hard-way/
    C4 is a popular encryption algorithm. The way it works is that a “Key Scheduling Algorithm” (KSA) takes your key and generates a 256-byte array, and then a “Pseudo-Random Generation Algorithm” (PRGA) uses that byte array to output an endless stream of bytes (the “key stream”), which look like random noise unless you know what the original byte array was.

    Reply
  31. Tomi Engdahl says:

    Online Shoppers Beware: Scammers Most Likely to Impersonate DHL https://blog.checkpoint.com/2022/10/24/online-shoppers-beware-scammers-most-likely-to-impersonate-dhl/
    Our latest Brand Phishing Report for Q3 2022 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September.

    Reply
  32. Tomi Engdahl says:

    from the 2022 Incident Responder Study
    https://securityintelligence.com/posts/key-findings-2022-incident-responder-study/
    Cyberattacks seldom happen when it’s convenient. In fact, it’s relatively common for them to occur on weekends or holidays threat actors capitalize on the fact that there is fewer staff on site, and those who are there are focused on the coming weekend or time off.

    Reply
  33. Tomi Engdahl says:

    Google Chrome to drop support for Windows 7 / 8.1 in Feb 2023 https://www.bleepingcomputer.com/news/google/google-chrome-to-drop-support-for-windows-7-81-in-feb-2023/
    Google announced today that the Google Chrome web browser will likely drop support for Windows 7 and 8.1 starting February 2023.

    Reply
  34. Tomi Engdahl says:

    Cybersecurity teams are reaching their breaking point. We should all be worried
    https://www.zdnet.com/article/cybersecurity-teams-are-reaching-their-breaking-point-we-should-all-be-worried/

    Stress and burnout are having a massive impact on cybersecurity teams, leaving people and businesses more vulnerable than ever.

    Cybersecurity professionals are “reaching their breaking point” as ransomware attacks increase and create new risks for people and businesses.

    A global study of 1,100 cybersecurity professionals by Mimecast found that one-third are considering leaving their role in the next two years due to stress and burnout.

    The report found that rising rates of cybercrime and mounting media attention around cyberattacks are placing intense pressure on cybersecurity teams, with many fearing their will lose their jobs as a result of a cyberattack and others struggling to cope with the growing strain.

    Mimecast said cybersecurity teams face “a pressure cooker of ongoing attacks, disruption, and burnout” that is making it even more difficult to attract and retain much-needed cybersecurity professionals to keep businesses secure.

    Speaking to ZDNET, Johan Dreyer, EMEA CTO at Mimecast, said the impact of under-staffed IT security teams would have a “domino effect” on IT teams “across the whole sector” unless action is taken to address the issues faced by the industry.

    Dreyer added that ransomware, payment fraud, corporate espionage, intellectual property theft, and disinformation campaigns had all increased “at an alarming rate” in the past few months alone, leaving businesses and consumers even more vulnerable to cyber criminals.

    “The demand for cyber skills is more significant than ever, and a shortage of workers with the required expertise has created a constantly increasing skills deficit within the workplace,” Dreyer told ZDNET.

    “This comes at a time when the demand for IT roles is soaring. This skills gap has a negative domino effect on IT teams across the whole sector [and] many professionals are reaching their breaking point.”

    Nearly two-thirds (64%) of cybersecurity leaders surveyed by Mimecast said they had experienced at least one ransomware attack in the past year, while 77% said the number of cyberattacks against their company had either increased or stayed the same since 2021.

    These attacks have “personal consequences” for the wellbeing of cybersecurity professionals, Mimecast found: more than half (54%) of respondents agreed that ransomware attacks had a negative impact on their mental health, while 56% reported that their role gets more stressful each year.

    More than half of leaders (53%) surveyed by Mimecast agreed that growing press coverage of ransomware attacks is causing increased pressure to prepare.

    Reply
  35. Tomi Engdahl says:

    A Pro-China Disinfo Campaign Is Targeting US ElectionsBadly https://nakedsecurity.sophos.com/2022/10/26/online-ticketing-company-see-pwned-for-2-5-years-by-attackers/
    The suspected Chinese influence operation had limited success. But it signals a growing threat from a new disinformation adversary.

    Reply
  36. Tomi Engdahl says:

    Trends in Web Threats in CY Q2 2022: Malicious JavaScript Downloaders Are Evolving https://unit42.paloaltonetworks.com/web-threats-malicious-javascript-downloader/
    Palo Alto Networks Advanced URL Filtering subscription collects data regarding two types of URLs; landing URLs and host URLs. We define a malicious landing URL as one that allows a user to click a malicious link. A malicious host URL is a page containing a malicious code snippet that could abuse someone’s computing power, steal sensitive information or perform other types of attacks.

    Reply
  37. Tomi Engdahl says:

    Hardware Hacking Live at S4x16
    https://www.youtube.com/watch?v=Tq5-7szmxLA

    Andrew Zonenberg of IOActive shows how to pull firmware from a chip using a microscope, nail polish, a hot plate and a few chemicals.

    We set this up to be like a cooking segment on a morning show. Andrew had chips in various states so he could show it all quickly. The bit that used hazardous chemicals was filmed in advance.

    Reply
  38. Tomi Engdahl says:

    Hack everything: re-purposing everyday devices – Matt Evans
    https://www.youtube.com/watch?v=VY9SBPo1Oy8

    Reply
  39. Tomi Engdahl says:

    Hacking Hardware With A $10 SDCard Reader
    https://www.youtube.com/watch?v=piILxlabFws

    Black Hat 2013 – UART THOU MAD?
    https://www.youtube.com/watch?v=76VTTvBWjSA

    Reply
  40. Tomi Engdahl says:

    Hardware Hacking – Extracting Information From Chips
    https://www.youtube.com/watch?v=dNfRUNPluxU

    2016 – Steve Lord – Building your own hardware for hardware hacking
    https://www.youtube.com/watch?v=oWWv8vKgmlA

    Reply
  41. Tomi Engdahl says:

    Luulitko, että pankkien tietoturva on kunnossa?
    https://etn.fi/index.php/13-news/14158-luulitko-ettae-pankkien-tietoturva-on-kunnossa

    Tietoturvayritys Trend Micron uusi tutkimus paljastaa, että rahoitusalan yritykset kuvittelevat olevansa muita toimialoja paremmin suojattuja kiristysohjelmahyökkäyksiltä. Silti ne ovat yhtä lailla alttiita toimitusketjuista kumpuaville vaaroille. Monien kyvykkyys hyökkäysten havaitsemiseen on suorastaan ala-arvoista.

    Trend Micro tilasi Sapio Researchilta tutkimuksen, jossa haastateltiin yli 355 rahoitusalan IT- ja yrityspäättäjää eri puolilta maailmaa osana laajempaa, useita eri toimialoja kattavaa kiristyshaittaohjelmaraporttia. Tutkimuksessa havaittiin, että 75 prosenttia näistä uskoo olevansa riittävän suojattuja kiristyshaittaohjelmahyökkäyksiltä. Tämä on huomattavasti enemmän kuin kaikkien muiden alojen 63 prosentin keskiarvo.

    Luottamus on osittain perusteltua: 99 % kertoo, että he asentavat säännöllisesti tietoturvapäivitykset palvelimilleen, 92 % käyttää suojattua RDP-etäkäyttöprotokollaa (Remote Desktop Protocol) ja 94 %:lla on tiukat säännöt sähköpostien liitetiedostojen aiheuttamisen riskien mitätöimiseksi.

    Kokonaiset 72 % vastaajista myöntää, että heidän organisaationsa on joutunut kiristysohjelmahyökkäysten kohteeksi. 79 % näkee oman alansa muita toimialoja houkuttelevampana kohteena uhkatoimijoille. Silti tietoisuus rahoitusalaan kohdistuvista uhista ei läheskään aina johda toimenpiteisiin.

    Noin kaksi viidesosaa ei käytä verkossaan NDR (Network Detection and Response) -työkaluja (40 %) saati EDR (Endpoint Detection and Response) -työkaluja päätelaitteissaan (39 %). Puolella (49 %) ei ole käytössä laajennetun havaitsemisen ja reagoinnin (XDR) työkaluja.

    Tämä voi selittää osaltaan kiristyshaittaohjelmien ja niihin liittyvän toiminnan heikon havaitsemisasteen. Vain kolmannes (33 %) kertoo kykenevänsä havaitsemaan ja seuraamaan verkossaan tapahtuvan lateraalisen liikehdinnän. Vain 44 % havaitsee luotettavasti järjestelmään tunkeutumiset.

    Reply
  42. Tomi Engdahl says:

    “Reversing Shorts” Demystify Phone Security
    https://hackaday.com/2022/10/24/reversing-shorts-demystify-phone-security/

    ver wonder what makes a cellphone’s operating system secure, or what that app you just installed is saying about you behind your back? In a brand new video series, [Jiska] gives us a peek into different topics in smartphone software reverse engineering.

    https://www.youtube.com/playlist?list=PLkOopkYm0fCV45i_n8z5LSUL3QBXNAP2G

    For instance, her latest video, embedded below takes us through some steps to poke at Apple’s RTKit OS, which is the realtime OS that runs inside most of their peripheral devices, including AirPods, but also on their bigger devices too. We don’t know much about RTKit OS, but [Jiska]’s trick in this video is to get a foothold by looking through two different RTKit OS versions and noting which symbols are common — these are probably OS function names. Now you’ve got something to look for.

    [0x08] Reversing Shorts :: Apple RTKit Firmware Analysis
    https://www.youtube.com/watch?v=lXMawXNtXrQ

    Reply
  43. Tomi Engdahl says:

    White House Adds Chemical Sector to ICS Cybersecurity Initiative
    https://www.securityweek.com/white-house-adds-chemical-sector-ics-cybersecurity-initiative

    The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

    The ICS Cybersecurity Initiative was first announced in July 2021 — after the disruptive attack on Colonial Pipeline — and its goal is to improve critical infrastructure security by encouraging and facilitating the deployment of threat detection technologies and systems.

    Chemical is the fourth sector added to the initiative, after electric, pipeline and water. Chemical organizations can analyze the best practices and lessons learned from these other sectors and create a cybersecurity action plan for the next 100 days.

    The plan needs to focus on high-risk chemical facilities, and it needs to drive information sharing between the government and the chemical sector.

    The government says it will not endorse or recommend any specific provider or technology. Instead, owners and operators are encouraged to deploy solutions based on their own risk assessment and cybersecurity posture.

    Reply
  44. Tomi Engdahl says:

    Leveraging Managed Services to Optimize Your Threat Intelligence Program During an Economic Downturn
    https://www.securityweek.com/leveraging-managed-services-optimize-your-threat-intelligence-program-during-economic-downturn

    With financial pressure falling on business leaders, cutting costs can be necessary for survival. Being understaffed and ignoring critical business operations is not an option, particularly with security and intelligence. With security and intelligence investments tied up in expensive technology and resources, leaders know they must evaluate alternatives to advance operations and mitigate risk. However, the “firehose of noise” delivered by intelligence products obscures intelligence’s value and overwhelms security teams with meaningless alerts. It’s time for security leaders to consider managed services for their threat intelligence needs.

    Reply
  45. Tomi Engdahl says:

    Valtio kiihdyttää siirtymää pilvipalveluihin tietosuojan riskeihin etsitään lääkkeitä
    https://www.tivi.fi/uutiset/tv/8336245c-7731-4b56-8eda-d8e8290c61e2
    Valtiovarainministeriössä on käynnistynyt julkisten pilvipalvelujen tietosuojan kehittämishanke Cirrus. Hankkeen tavoitteena on vähentää ja poistaa julkisen pilven globaalien alustojen tietosuojaan liittyviä riskejä. Suunnitelma on tarkoitus toteuttaa luomalla julkishallinnon vaatimuksiin yhteensovitetut tietosuojan toimintamallit.

    Reply
  46. Tomi Engdahl says:

    Japan to citizens: Get a digital ID or health insurance gets harder https://www.theregister.com/2022/10/27/japan_digital_id_push/
    Japan’s plan to phase out public health insurance cards in favor of linking the services to a digital ID card could compel those who oppose the digitization to sign up. Beginning in Autumn 2024, existing photo-less national health insurance cards will no longer be accepted, officially replaced by My Number Cards.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*