Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Australia sees rise in cybercrimes on back of ‘destructive’
ransomware, state actors
https://www.zdnet.com/article/australia-sees-rise-in-cybercrimes-on-back-of-destructive-ransomware-state-actors/
Australia Cyber Security Centre says the number of reported cybercrime cases climbed almost 13% in the past year, with state actors an ongoing threat and ransomware the “most destructive”.
Tomi Engdahl says:
Remcos Downloader with Unicode Obfuscation
https://isc.sans.edu/diary/rss/29220
Tomi Engdahl says:
Japan formally joins NATO cyber cooperation center https://therecord.media/japan-formally-joins-nato-cyber-cooperation-center/
Japan formally joined NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) on Friday, several years after former Prime Minister Shinzo Abe announced the nation’s intention to do so.
Tomi Engdahl says:
British govt is scanning all Internet devices hosted in UK https://www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/
The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. The goal is to assess UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture. “These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact, ” the agency said.
Tomi Engdahl says:
Kun kuolet, myös digitaalinen elämäsi tarvitsee kuolinsiivouksen – näin varmistat, että sivuhistoriasi tyhjennetään ilman kiusallisia hetkiä
https://yle.fi/uutiset/74-20003392
Omaan kuolemaansa voi varautua siivoamalla kotinsa tarpeettomasta omaisuudesta ja roinasta. Moni näin jo tekeekin, mutta nykyihminen jättää jälkeensä myös valtavan paljon digitaalista jäämistöä.
Tomi Engdahl says:
Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft
https://www.securityweek.com/nation-state-hacker-attacks-critical-infrastructure-soar-microsoft
According to Microsoft’s 2022 Digital Defense Report, nation-state hacker attacks on critical infrastructure have soared, largely due to Russian cyber operations targeting Ukraine and its allies.
Between June 2020 and June 2021, 20% of all nation-state attacks observed by Microsoft were aimed at critical infrastructure. That percentage increased to 40% in the period between July 2021 and June 2022.
Tomi Engdahl says:
How to download and install Metasploitable 2 and configure networking on Virtualbox
https://m.youtube.com/watch?v=v31d1sNQueg
Tomi Engdahl says:
TryHackMe! Metasploit for beginners – Post Exploitation
https://m.youtube.com/watch?v=GAOV71MmUTw
Tomi Engdahl says:
Metasploit Tutorial – How To Write Auxiliary Module?
https://hackersonlineclub.com/metasploit-tutorial-auxiliary-module/
Tomi Engdahl says:
A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission
https://ghidra-sre.org/
Tomi Engdahl says:
DDoS attacks in Q3 2022
https://securelist.com/ddos-report-q3-2022/107860/
In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter.
Tomi Engdahl says:
Finanssialan kyberharjoituksessa vaihdettiin oppeja ja parhaita käytäntöjä https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/finanssialan-kyberharjoituksessa-vaihdettiin-oppeja-ja-parhaita-kaytantoja
Toimialojen yhteiset työpöytäharjoitukset sopivat monenlaisille organisaatioille. Tällä kertaa finanssialan yhteisessä harjoituksessa treenattiin organisaatioiden välistä tiedonvaihtoa ja tutustuttiin viranomaisten rooleihin kyberhäiriössä. – Harjoittelu antaa aina mahdollisuuden koeponnistaa uusia prosesseja ja testata vanhojen toimivuutta uudenlaisissa skenaarioissa. ISAC-harjoituksessa tämä harjoittelu tehdään yhdessä, jolloin oppiminen tehostuu entisestään, kertoo Finanssi ISACin toimialavastaava Jussi Leskinen Kyberturvallisuuskeskuksesta.
Tomi Engdahl says:
Blue OLEx 2022 tests the Standard Operating Procedures of the EU CyCLONe https://www.enisa.europa.eu/news/blue-olex-2022-tests-the-standard-operating-procedures-of-the-eu-cyclone
Organised by the Lithuanian Ministry of National Defence (MoND) together with the European Union Agency for Cybersecurity (ENISA), this year’s edition of the Blue OLEx exercise tested the standard operating procedures of the EU Cyber Crisis Liaison Organisation Network Executives (CyCLONe).
Tomi Engdahl says:
Robin Banks still might be robbing your bank (part 2)
https://www.ironnet.com/blog/robin-banks-still-might-be-robbing-your-bank-part-2
In the first blog – Robin Banks might be robbing your bank – we introduced the Robin Banks platform, which sells ready-made phishing kits to cybercriminals aiming to gain access to the financial information of the customers of well-known banks and online services.
In this blog, we will be providing details on the actions taken by the Robin Banks administrators following our publication on the platform, as well as diving deeper into the infrastructure behind the phishing kit and what our findings may signify in relation to the overall cybercriminal threat landscape.
Tomi Engdahl says:
Water sector in the US and Israel still unprepared to defeat cyber attacks https://securityaffairs.co/wordpress/138185/hacking/water-sector-us-israel-cyberattacks.html
Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector.
Tomi Engdahl says:
DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace https://therecord.media/doj-says-it-seized-billions-in-bitcoin-stolen-by-hacker-from-silk-road-darknet-marketplace/
According to the Justice Department and Internal Revenue Service, the 32-year-old committed wire fraud in September 2012 when he stole more than 50, 000 Bitcoin from Silk Road. The stolen funds were seized during a raid on Zhong’s Gainesville, Georgia home in November 2021.
“For almost ten years, the whereabouts of this massive chunk of missing Bitcoin had ballooned into an over $3.3 billion mystery, ”
U.S. Attorney Damian Williams said.
Tomi Engdahl says:
Turkey’s New Disinformation Law Spells Trouble For Free Expression https://www.eff.org/deeplinks/2022/11/turkeys-new-disinformation-law-spells-trouble-free-expression
Turkey’s government recently passed a new law aimed at curbing disinformation that citizens have dubbed the “censorship law, ”
according to reports. The new law was met with condemnation from both inside the country and abroad.
Tomi Engdahl says:
Russian hackers to blame for approximately 75% of ransomware incidents in USA https://www.pandasecurity.com/en/mediacenter/security/russian-hackers-ransomware/
The U.S. Department of the Treasury (USDT) published a press release that includes the main findings of an analysis by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). The report confirms that the system supporting electronic filings of Bank Secrecy Act
(BSA) received approximately $1.2 billion worth of ransomware-related filings in 2021, and Russians are to blame for most ransomware incidents on U.S. soil.
Tomi Engdahl says:
SQL Injections are scary!! (hacking tutorial for beginners)
https://www.youtube.com/watch?v=2OPVViV-GQk
In this video, we’re learning one of the oldest, yet most dangerous Hacking Techniques out there, SQL Injection. Despite SQL Injections being over 20 years old, they still rank number 3 on the OWASP Top 10 List….why? Even fortune 500 companies are still vulnerable to these attacks!! So, in this video, NetworkChuck will show you how to run an SQL Injection attack. Running a basic SQL Injection attack is pretty easy but will often become more complex with trickier targets.
Tomi Engdahl says:
Yhdeksän kymmenestä ei suojaa Wi-Fiään salasanalla
https://etn.fi/index.php/13-news/14212-yhdeksaen-kymmenestae-ei-suojaa-wi-fiaeaen-salasanalla
Kukaan ei jättäne oveaan auki, kun poistuu kotoaan, mutta WiFi-verkkonsa suojaa silti vain murto-osa ihmisistä. AtlasVPN:n teettämä tutkimus kertoo, että 89 prosenttia amerikkalaisista ei suojaa omaa Wi-Fi-verkkoaan salasanalla. Wi-Fi-salasanan käyttäminen on yksi yksinkertaisimmista ja helpoimmista tavoista suojata langaton verkko. Ilman sitä kuka tahansa voi käyttää Internet-yhteyttä. Samalla verkon käyttäjien tiedot ovat alttiina varkauksille.
Tämän takia PC Maticin suorittaman kyselyn tulokset ovat vähintäänkin hälyttäviä. Sen mukaan 89 prosentilla yhdysvaltalaisista Internetin käyttäjistä ei ole salasanaa, joka suojaa Wi-Fi-yhteyttä. Lisäksi 7 prosenttia käyttäjistä ei ole varma, onko heillä Wi-Fi-salasana. Vain 3 prosenttia suojaa Wi-Fi-verkkonsa salasanalla.
Tomi Engdahl says:
https://www.securityweek.com/offense-gets-glory-defense-wins-game
Tomi Engdahl says:
https://www.securityweek.com/fbi-warns-hacktivist-ddos-attacks-says-impact-limited
Tomi Engdahl says:
Web Scraping – Is It Legal and Can It Be Prevented?
https://www.securityweek.com/web-scraping-it-legal-and-can-it-be-prevented
Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store information at scale from that website? What if that information includes personal data? What does the law say? Can it be prevented? This is what we’ll discuss.
What is web scraping?
Web scraping is the use of automation to collect data from websites. In effect, it is little different to a person visiting a website to see what can be discovered – except the use of bots makes it thousands of times quicker and more efficient across many more sites.
It is rarely, if ever, ad hoc. The organization conducting the scraping knows what information is being sought, and which sites should be visited. Examples include ecommerce sites seeking to learn competitive pricing and/or holiday season campaigns. Real Estate agencies might scrape other agencies to learn what properties are being sold, where and for what price.
“Web scraping is the extraction of website information,” explains Nick Rago, field CTO at Salt Security. “While web scraping has valid business purposes, such as research, analysis, and news distribution, it can also be used for malicious purposes, such as sensitive data mining.”
The scraped data is often in html format. This is sent to another application that converts it into a format suitable for analysis, such as a spreadsheet. A frequent purpose is to obtain information about competitors to allow the development of more competitive projects or offerings. There is, then, a clear business incentive to do so. But is it legal?
Legal or illegal
There is no clear statement on whether web scraping is legal or illegal – it is a sensitive issue that currently lacks comprehensive legal regulation or a clear industry consensus. Denas Grybauskas, head of legal at Oxylabs (a Lithuanian company providing proxies and specializing in web scraping) comments, “Web scraping is relatively new and thus shares the same problem with other new technologies – regulation is developing a lot slower than the technology itself.”
The media led with headlines such as ‘Web scraping is legal’. This is an over-simplification. What the court ruled is that it is not illegal under CFAA – and even this, frankly, could be overturned if the Supreme Court takes a different view. There may also be different regulations in different jurisdictions – both at state level within the US, and most certainly at the international level with regulations such as GDPR.
“From an EU data protection perspective, the collection and processing of photographs and related information has no legal basis. The data protection principles are not respected, and data subjects cannot exercise their rights. But with no physical presence in the EU, Clearview AI does not seem to be concerned by the unenforceable decisions of the DPAs.”
The French data protection agency, CNIL, announced a €20 million (approximately $19.5 million) fine on Clearview on Thursday, October 20, 2022. Last year, CNIL ordered Clearview to stop processing personal data, but has not had a response.
The legal/illegal balancing act
It isn’t possible to say whether web scraping is legal or illegal. It depends on the method of scraping, the data scraped, the purpose of the scraping, and the jurisdiction concerned.
Aleksandras Sulzenko, the product owner at Oxylabs, seeks to navigate the lack of clear regulations on two fronts – which he describes as infrastructure and usage. The ‘infrastructure’ is basically the proxies he uses to deliver the service. He uses residential proxies, but only where the owner knows and consents to the usage and is rewarded for it.
‘Usage’ is the actual scraping. His primary concern is to do no harm to the website being scraped. So, he has three priorities: “We limit the rate of the requests to avoid causing any traffic harm; we go through extensive KYC procedures to be confident that our solution is only being used for legitimate purposes; and we only scrape publicly accessible data.”
On the last, this means he doesn’t allow customers to scrape data that sits behind a login, and that means he effectively avoids any possible conflict with CFAA in the US because nothing can be construed as hacking.
Defending against web scraping
While ‘legal’ web scraping is widely used in business, it remains a sensitive issue. This is most obvious where personal data is scraped. LinkedIn, for example, is basically a professional CV showpiece – so users of LinkedIn are actively advertising their personal details. Having those details collected and collated en masse, and then sold to strangers is less appealing.
Clearview’s image scraping in the US is similar. Social media users post photos and selfies because they want to be known and recognized. But having those images scraped and sold on to third parties, including law enforcement, so that they can be recognized in realtime in different locations by image recognition camera systems is not so welcome.
Web scraping is widespread in many different industry sectors. It’s just an aspect of doing business. Where the scraping process is designed to be ‘low and slow’, the ‘victim’ may even be unaware of its occurrence. Some companies may simply assume that it happens, because they do it themselves, scraping competitor data.
Where scraping is unwanted, the Oxylabs legal type of scraping can be defeated by insisting visitors have an account that they must log into. “You can prevent scraping by placing all the data you want to hide behind login requirements that can be strengthened by MFA,” comments Sulzenko. “But it’s a trade-off because this creates more friction for the legitimate customers you want to allow in.”
This is the trap faced, for example, by content and news sites. Take SecurityWeek itself. SecurityWeek wants its content to be seen and read freely. This means not requiring visitors to have an account that must be logged into. But that, in turn, means the content is more easily scraped and perhaps republished elsewhere under a different name. It happens.
Illegal scraping – the type performed by hackers – can only be mitigated by better security. “To prevent malicious web scraping, site owners need visibility into every API endpoint and the data exposed,” explains Gerlach. “Testing web interfaces and APIs for vulnerabilities frequently and early on improves overall security posture and provides insight to act quickly if needed.”
Rago adds, “Organizations must be careful that they only expose the information that they want exposed.” A retailer may want to openly share product, pricing, and inventory information, but probably doesn’t want to share customer and payment data. “To reduce risk,” he continued, “organizations need good visibility and governance around their data exposure and maintain proper security around web interfaces and the underlying APIs that transport this sensitive data.”
Tomi Engdahl says:
SolarWinds Agrees to Pay $26 Million to Settle Shareholder Lawsuit Over Data Breach
https://www.securityweek.com/solarwinds-agrees-pay-26-million-settle-shareholder-lawsuit-over-data-breach
Tomi Engdahl says:
Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge
https://www.securityweek.com/microsoft-china-flaw-disclosure-law-part-zero-day-exploit-surge
The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks.
According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates around early vulnerability disclosure went into effect.
Microsoft made a direct connection between China’s vulnerability reporting regulation that went into effect September 2021 and a surge in zero-day attacks documented over the last two years.
“The increased use of zero days over the last year from China-based actors likely reflects the first full year of China’s vulnerability disclosure requirements for the Chinese security community and a major step in the use of zero-day exploits as a state priority,” Redmond said in the Microsoft Digital Defense Report 2022.
Tomi Engdahl says:
Yhden työntekijän huolimattomuus tietoturvassa voi johtaa yrityksen koko liiketoiminnan kaatumiseen – ”Esimerkkejä löytyy runsaasti”
https://mainos.sanoma.fi/telia-tietoturva/
Tietovuotojen ja -murtojen yleistyessä on digitaalinen turvaverkko nyt tärkeämpi kuin koskaan. Tietoturvan toteutuminen on silti paikoin hälyttävän huonoa.
TIETOTURVA- ja kyberhäiriöt ovat arkipäiväistyneet siinä määrin, että Suomen Kyberturvallisuuskeskus kutsuu niitä jo ”uudeksi normaaliksi”. Uhkaan tulee suhtautua vakavasti, sillä tietoturvan vaarantuessa seuraukset saattavat olla suorastaan katastrofaaliset.
Kyberhyökkäysten historiaa kirjoitettiin keväällä 2021, kun venäläinen hakkeriryhmä aiheutti Yhdysvaltain suurimman polttoainelinja Colonial Pipelinen sulkeutumisen kuudeksi päiväksi. Isku rampautti polttoainekuljetukset käytännössä koko itärannikolle ja aiheutti hätätilan 17 osavaltioon.
”Tietoturva tiivistyy oikeastaan kolmeen asiaan: suojaa data, suojaa laitteet ja suojaa käyttäjät”, sanoo Telian tietoturvapalveluiden johtaja TONI VARTIAINEN.
”Colonial Pipeline on hyvä esimerkki siitä, kuinka oikeastaan mikään näistä ei toteutunut.”
Colonial Pipelinen ja Suomessa muutama vuosi sitten kuohuttaneen Vastaamon tietomurron välillä Vartiainen näkee tiettyä yhtäläisyyttä.
”Vastaamon järjestelmässä oli ilmeisesti jo lähtökohtaisesti omat puutteensa, mutta molemmissa tapauksissa olisi varmasti auttanut, jos tietoturvan tilannekuva olisi ollut parempi”, hän sanoo.
TILANNEKUVALLA VARTIAINEN TARKOITTAA näkymää tietoturvan toteutumiseen. Colonial Pipelinen järjestelmään päässyt ryhmä ehti valmistella varsinaista iskua luultavasti kuukausia. Myös Vastaamon järjestelmään murtauduttiin useamman kerran. Yritykset olisivat voineet käyttää esimerkiksi automaattisia seurantatyökaluja, jotka havainnoivat epätyypillistä käytöstä verkossa tai kirjautumisia sen järjestelmiin.
”Näkymä tietoturvaan on monissa yrityksissä hälyttävän huono. Ei tiedetä mitä esimerkiksi palvelimilla tapahtuu ja koska ei tiedetä, tuudittaudutaan tunteeseen, että kaikki on kunnossa”, sanoo Vartiainen.
Kaksivaiheinen, vahva tunnistautuminen on tällä hetkellä varmin tapa tunnistaa käyttäjä.
TIETOISUUDEN MERKITYSTÄ osana tietoturvaa ei voi liikaa korostaa. Asianmukaiset virustorjuntaohjelmat, ajallaan suoritetut päivitykset, pelittävät palomuurit ja kaksivaiheiset todennukset ovat lopulta turhia ilman yhteisiä ja sisäistettyjä tietoturvakäytänteitä. Valistusta tarvitaan.
”Yksi mieleenpainuvimmista tapauksista urallani liittyy teknologiayritykseen, jossa yksittäisen työntekijän Google-tili oli murrettu, sitä kautta päästy hyödyntämään selaimeen tallennettuja tunnuksia ja salasanoja ja sieltä saatu myös työpaikan käyttäjätunnus sekä salasana”, Vartiainen kertoo.
Yrityksellä oli käytössään kaksivaiheinen todennus, mutta röyhkeä hyökkääjä oli työntekijänä esiintyen ottanut yhteyttä yrityksen IT-tukeen, sepittänyt tarinan tilanteesta, jossa ei pystynyt vastaanottamaan kirjautumiseen tarvittavaa koodia tavalliseen tapaan ja onnistunut näin kiertämään todennuksen.
Tomi Engdahl says:
Ainakin neljä EU-maata käytti hämärää vakoiluohjelmaa väärin https://www.is.fi/digitoday/tietoturva/art-2000009187526.html
Vakoiluohjelmia on käytetty poliittisin tarkoituksiin neljässä tai viidessä EU:n jäsenmaassa, mikä on uhka demokratialle, sanoo israelilaisesta Pegasus-vakoiluohjelmasta laaditun raporttiluonnoksen esittelijä Sophie in ‘t Veld tiedotteessa. In ‘t Veld on tänään julkaissut raporttiluonnoksensa pääasiassa Pegauksesta, mutta raportissa käsitellään myös muita vakoiluohjelmia. Raporttiin voidaan tehdä vielä muutoksia. Luonnoksen mukaan vakoiluohjelmien väärinkäytöksiä on ilmennyt Puolassa, Unkarissa, Kreikassa ja Espanjassa. Esimerkiksi Puolassa Pegasusta on käytetty maan opposition vakoiluun.
Tomi Engdahl says:
DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html
This report provides defenders and security operations center teams with the technical details they need to know should they encounter the
DeimosC2 C&C framework.
Tomi Engdahl says:
LockBit 3.0 Being Distributed via Amadey Bot https://asec.ahnlab.com/en/41450/ The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it is being sold in illegal forums and still being used by various attackers.
Tomi Engdahl says:
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns https://blog.talosintelligence.com/ipfs-abuse/
The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks. IPFS is often used for legitimate purposes, which makes it more difficult for security teams to differentiate between benign and malicious IPFS activity in their networks. Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks.
Organizations should become familiar with these new technologies and how they are being leveraged by threat actors to defend against new techniques that use them.
Tomi Engdahl says:
Cybersecurity threats: what awaits us in 2023?
https://securelist.com/cybersecurity-threats-2023/107888/
Knowing what the future holds can help with being prepared for emerging threats better. Every year, Kaspersky experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future. Those predictions form Kaspersky Security Bulletin (KSB), an annual project lead by Kaspersky experts.
Tomi Engdahl says:
Massive ois[.]is Black Hat Redirect Malware Campaign https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. In this post, we’ll be analysing what this infection does, how the malicious redirects work, and how to mitigate risk and clean up the malware.
Tomi Engdahl says:
Denial-of-Service in the Cyber Underground https://intel471.com/blog/denial-of-service-in-the-cyber-underground
One of the popular categories bought, sold and used by threat actors, Denial-of-Service (DoS), inflicts limited damage on organizations. It does, however, result in many inconveniences for users such as employees being unable to access networks and resources and impacts customers being able to access websites and purchases products. The cyber underground will almost certainly continue to provide a platform for users to buy and sell products, goods and services that enable DDoS attacks. It is a lucrative business, and the risks are minimal.
Tomi Engdahl says:
Worok hackers hide new malware in PNGs using steganography https://www.bleepingcomputer.com/news/security/worok-hackers-hide-new-malware-in-pngs-using-steganography/
A threat group tracked as Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity in early September 2022. ESET warned that Worok targeted high-profile victims, including government entities in the Middle East, Southeast Asia, and South Africa, but their visibility into the group’s attack chain was limited. Avast’s report is based on additional artifacts the company captured from Worok attacks, confirming ESET’s assumptions about the nature of the PNG files and adding new information on the type of malware payloads and the data exfiltration method.
Tomi Engdahl says:
Scammers pretend to be financial regulators https://www.kaspersky.com/blog/scam-for-scam-victims/46101/
Online fraud knows no bounds. Cybercriminals are adapting not always successfully their usual schemes for new countries. To wheedle out victims’ personal and banking data, they send e-mails purporting to be from, among others, online marketplaces, video streaming services and, of course, government agencies. Today we look at two separate scams in which cybercriminals impersonate financial regulators investigating, you guessed it, fraud. Under this pretext, they extract an array of personal information from their hapless victims.
Tomi Engdahl says:
Finland CERT reports record number of denial-of-service attacks https://therecord.media/finland-cert-reports-record-number-of-denial-of-service-attacks/
Finland’s Computer Emergency Response Team (CERT) received more notifications in October about denial-of-service attacks than it has ever received before equivalent to a quarter of what it normally is alerted to throughout an entire year. Such attacks “rarely succeed in causing real and long-lasting damage, ” the Kyberturvallisuuskeskus (Cyber Security Center) said in its cyber weather roundup for October.
The CERT an official authority that sits under Finland’s transport and communications agency had also received “a few notifications” about ransomware incidents, which have increased compared to last year as well.
Tomi Engdahl says:
Bringing Bots and Fraud to the Boardroom
https://www.securityweek.com/bringing-bots-and-fraud-boardroom
Security and fraud leaders need to speak the language of the board to translate security and fraud risks into monetary risks to the business
Most of us in the security and fraud fields understand the importance of working with key stakeholders within the business. What we might forget sometimes is that these people don’t necessarily speak our language. They are, however, intelligent and analytical in their own right. If we can learn to communicate in a way that they can understand, internalize, and act upon, it serves to benefit us tremendously.
Given this, learning how to speak the language of the business seems like a worthwhile investment of our time. For example, understanding what resonates with executives and the board can help us with a variety of things: obtaining the necessary budget, achieving the required buy-in, and showing our value as a team, among other things.
Once we decide to make an effort to communicate better with executives and the board, how can we effectively implement that change? For starters, it helps to remember that executives and the board are primarily monetarily motivated. I don’t mean that in a negative way – they need to ensure that the business makes a healthy profit and that the business does not incur unnecessary risk, expenses, and/or losses. As such, learning how to translate security and fraud concepts into monetary risk goes a long way towards effectively communicating with higher ups.
Let’s take a look at eight points that could impact the business and how to discuss that impact in the language of the business:
● Reputation damage: After Account Takeover (ATO), some customers may lose trust in an online application. This, as you might expect, results in lost revenue. But just how much lost revenue exactly? That is the question, of course. It requires some effort, but digging up the data required to understand how much money is being left on the table by lost confidence is a great way to communicate the risk of reputation damage to executives and the board.
● Fraud losses: Fraud can have serious economic consequences: online fraud losses are projected to exceed $48 billion per year by 2023, according to a report by Juniper Research. Getting a handle on just how much cost is being sunk into fraud losses can be a great way to justify the budget required to mitigate that risk. With objective metrics in hand, that discussion then becomes a simple Return on Investment (ROI) calculation.
● Data theft: In many jurisdictions, theft of customer and other PII data may come with disclosure costs and regulatory fines. This is in addition to the reputation damage these types of incidents cause, of course. Calculating these costs can help make the argument that steps need to be taken to mitigate the risk posed by data theft.
● Investigation costs: After a security incident, bot attack, or fraud event, enterprises incur serious investigation costs. In particular, when learning of an issue after the fact, the team needs to scramble to find the appropriate data sources, investigate what happened, and piece the puzzle together. If there is a lack of visibility, this challenge becomes even more time consuming and costly. While it is a complex undertaking, putting together gaps in visibility, translating those gaps to added investigative cost, and understanding the overall per incident cost to investigate and respond can go a long way towards justifying the budget to address these issues.
● Infrastructure costs: Some people might not realize that bots are responsible for up to 40% of all online traffic and are a leading cause of cyberattacks, according to a report from Aite-Novarica Group. Obviously, that means that a decent percentage of your infrastructure costs are being spent on serving traffic to automated requests that are not coming from your legitimate customers. Understanding how much this costs the business is a great way to communicate the risk of bot attacks to executives and the board.
● Performance costs: When bots attack, the performance of your online application will likely suffer. Keeping an eye on how many users abandon the site and thus how much potential revenue is lost is essential when looking to communicate performance costs upward.
● Manipulating inventory: Some attackers are particularly good at using bots to manipulate inventory. When attackers take your inventory away from your legitimate customers, there is a cost to that. Understanding this cost is something that will likely speak well to higher ups.
● Customer support costs: With Account Takeover (ATO) and other types of attacks, there is often a support cost incurred when users get locked out of their accounts. This cost is often, unfortunately, overlooked, but it is one that executives and the board will also likely want to understand.
Speaking the language of executives and the board is important. Security and fraud leaders that learn how to translate security and fraud risks into monetary risks to the business generally have more success obtaining budget, getting buy-in, and communicating value to higher ups. It does take some effort to be able to do this, though it is a worthwhile investment.
Tomi Engdahl says:
Balancing Security Automation and the Human Element
https://www.securityweek.com/balancing-security-automation-and-human-element
There are two recurring themes in security that we continue to discuss, debate and, quite frankly, struggle with—automation and the talent gap.
I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your people to make automation more effective. It requires a balanced approach where repetitive, low-risk, time-consuming tasks are prime candidates for automation, while human analysts take the lead on irregular, high-impact, time-sensitive investigations with automation simplifying some of the work.
The good news is that senior cybersecurity professionals at companies in the U.S., U.K. and Australia say they have become more confident in automation over the last year, with 84% reporting (PDF) some level of trust in outcomes versus 55% last year. However, challenges with implementing automation persist, including technology complexity (21%), skills shortages (17%) and a lack of management buy-in (17%).
Complexity: Most organizations have numerous security teams, each with their own set of security technologies from different vendors, and they bring in their own third-party data and intelligence sources. Overlaying automation on a heterogenous environment compromised of multiple legacy toolsets is a huge integration and management challenge. A fear of breaking something or being burned when machines quarantine a system or block a port on a firewall in error can be showstoppers for many teams considering security automation.
Skills shortages: Related to complexity is the skills shortage which, exacerbated by the pandemic, grew by 26.2% (report) over the past year. Organizations don’t necessarily have the expertise to identify where to apply automation and how to deploy and use it to accelerate and simplify certain tasks and processes. While intellectually we know that automation is a key component to enhance productivity, increase retention and reduce burnout of analysts, it’s hard to figure out how and where to start and find tools that simplify setup and use.
Lack of buy-in from management: There is a disconnect between CISOs and their teams in terms of organizational maturity and the ability to reap the full value of automation. Despite rolling up to the same person, teams typically have their own budgets, areas of responsibility and priorities. These silos make it extremely difficult to get the financial investments and make the structural and cultural changes needed to implement automation cross-functionally.
Here are three recommendations:
1. Simplify complexity and address skills shortages by adopting cybersecurity automation platforms with low- or no-code interfaces. Solutions that provide choice of no code through a simplistic playbook builder, as well as the option to code using standard formats like JSON or YAML to support more advanced requirements, can make automation accessible to a range of users with varying skill sets.
2. Remember that automation spans a spectrum from simple, atomic-level tasks to complex, multistep playbooks with built-in decision logic. It’s important to choose a cybersecurity automation platform that offers an easy entry point and at the same time accounts for the full range of use cases and requirements as your program matures.
3. Gain management support for automation by defining clear metrics for success and measuring progress along the way. Automating time-consuming tasks drives measurable security gains. Using spear phishing as an example, quantitative metrics may include time to triage, attribute and protect against spear phishing attacks. However, automation is arguably an equally important benefit for employee well-being. So, balance the quantitative impact with qualitative factors including employee satisfaction and retention to assess the ROI of automation programs. By allowing automation to shoulder the burden of manual monitoring, identification, triage, and prioritization, analysts can focus on more rewarding higher value activities. This reduces the prospect of burnout or boredom and eliminates the risk of errors resulting from either state. In an employment market where retaining employees is becoming a core challenge and the cost of churn in security teams is significant, using automation to make life more fulfilling is paramount.
When we start to consider the human element of the security automation equation, and its impact on the automation capabilities we select and how we measure progress, we can accelerate automation initiatives and the benefits we derive.
Tomi Engdahl says:
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
https://etn.fi/index.php/13-news/14232-nis2-hyvaeksyttiin-eu-maille-tiukemmat-kyberturvavaatimukset
EU-parlamentti on hyväksynyt ehdotuksen, joka asettaa EU-maille korkeammat standardit kyberturvallisuuden valvontaan ja toteutukseen sekä yhdenmukaiset sanktiot. Lakikokonaisuutta kutsutaan nimellä Network and Information Security 2 eli lyhyemmin NIS2.
Lakiehdotuksesta syntyi sopu parlamentin ja neuvoston välillä toukokuussa. Se kiristää kyberturvallisuusvaatimuksia riskienhallinnan, raportoinnin ja tiedonjaon osalta. Uusien vaatimuksien myötä tapauksiin on reagoitava ja toimitusketjujen turvallisuutta on lisättävä. Myös salaamiselle sekä haavoittuvuuksien raportoinnille tulee uusia vaatimuksia.
Uusien sääntöjen mukaan aiempaa useampien tahojen ja sektorien tulee suojautua kyberuhilta. Ehdotus kattaa olennaiset sektorit, mm. energian, liikenteen, pankkipalvelut, terveyspalvelut, digitaali-infrastruktuurin, julkishallinnon ja avaruusteknologian.
Uudet säännöt luovat myös vaatimuksia tärkeille sektoreille, joita ovat mm. postipalvelut, elektroniikka ja koneet, moottoriajoneuvot ja digitaalipalvelut. Kaikki suuret ja keskisuuret yritykset näillä sektoreilla ovat direktiivin piirissä. Lisäksi se luo kehykset paremmalle yhteistyölle ja tiedonjaolle viranomaisten ja jäsenmaiden välillä, ja uuden eurooppalaisen haavoittuvuustietokannan.
Edellinen kyberturvallisuusdirektiivi (NIS1) säädettiin vuonna 2017. EU-maat ovat kuitenkin toimeenpanneet sääntöjä vaihtelevasti, mikä on johtanut sisämarkkinoiden pirstaloitumiseen ja erilaisiin kyberturvallisuuden tasoihin.
Tomi Engdahl says:
https://theintercept.com/2022/10/31/social-media-disinformation-dhs/
DEPARTMENT OF HOMELAND SECURITY is quietly broadening its efforts to curb speech it considers dangerous, an investigation by The Intercept has found. Years of internal DHS memos, emails, and documents — obtained via leaks and an ongoing lawsuit, as well as public documents — illustrate an expansive effort by the agency to influence tech platforms.
Tomi Engdahl says:
Japan police give out pointers on how to foil Google Street View criminals
https://mainichi.jp/english/articles/20221028/p2a/00m/0na/018000c
Tomi Engdahl says:
https://fletch.ai/USE-CASE/Monitor-Emerging-Threats-and-How-They-Impact-Your-Environment?utm_campaign=search&utm_source=facebook&utm_medium=cpc&fbclid=IwAR2rfa3IYTMIoDYFpwUahWixKLT4-UDv5nRsLj3y8-tuJaFAATQUVGOUjrs
Tomi Engdahl says:
https://www.malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Tomi Engdahl says:
SS7 Vulnerability Attack BTS Enable GPRS Data & Binary SMS Wire shark
https://m.youtube.com/watch?v=guewqwpSkAg
Tomi Engdahl says:
Fingerprints make Bad Passwords — they’re not secret, they are irrevocable, and they’re unhashable making them difficult to store securely. https://hackaday.com/2015/11/10/your-unhashable-fingerprints-secure-nothing/
Tomi Engdahl says:
https://www.dailydot.com/debug/cyborg-unplug/
Tomi Engdahl says:
What Is Shadowbanning? How Do I Know If It Has Happened To Me, And What Can I Do About It?
Many platforms deny they do it but that’s not what the evidence suggests.
https://www.iflscience.com/what-is-shadowbanning-how-do-i-know-if-it-has-happened-to-me-and-what-can-i-do-about-it-66073
Tomi Engdahl says:
https://lakitieto.edita.fi/nain-laadit-gdprn-mukaisen-tietosuojaselosteen/
Tomi Engdahl says:
Security: as crucial as your network connection
https://www.namecheap.com/blog/security-as-crucial-as-your-network-connection/
Tomi Engdahl says:
Never pay the ransom — a cybersecurity CEO explains why
https://www.theverge.com/23410990/cybersecurity-ransomware-healthcare-data-hipaa-hospitals
Ransomware attacks still plague our healthcare system. Steve Cagle’s cybersecurity company is trying to prevent them.