Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    Opinion A shadow war in space is heating up fast
    https://www.washingtonpost.com/opinions/2021/11/30/space-race-china-david-thompson/

    When Russia blows up a satellite in space with a missile (as it did this month), or when China tests a new hypersonic missile (as it did last month), the ongoing arms race in space leaps into the news. But in between these “Sputnik”-like moments, outside the public’s view, the United States and its adversaries are battling in space every day.

    While Washington officials and experts warn of the risks of an arms race in space, the United States’ adversaries are constantly conducting operations against U.S. satellites that skirt the line between intelligence operations and acts of war. The pace of conflict is intensifying, according to a top Space Force general, who told me that China could overtake the United States to become the number one power in space by the end of the decade.

    Reply
  2. Tomi Engdahl says:

    Snort 3 (IPS) – Installation, Configuration and creating Local Rules
    https://m.youtube.com/watch?v=5eB4SnT7dtg

    Reply
  3. Tomi Engdahl says:

    Bring Your Own Key — A Placebo?
    BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies.
    https://www.darkreading.com/cloud/bring-your-own-key-a-placebo-

    Reply
  4. Tomi Engdahl says:

    US bans sales of Huawei, Hikvision, ZTE, and Dahua equipment
    https://www.bleepingcomputer.com/news/security/us-bans-sales-of-huawei-hikvision-zte-and-dahua-equipment/

    The United States government, through the Federal Communications Commission (FCC), has banned the sale of equipment from Chinese telecommunications and video surveillance vendor Huawei, ZTE, Hytera, Hikvision, and Dahua due “unacceptable risks to national security”.

    “The Federal Communications Commission adopted new rules prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States,” reads the press release from the FCC.

    Reply
  5. Tomi Engdahl says:

    DevSecOps: 5 tips for seeding a culture transformation
    Creating a DevSecOps culture starts with changing your organization’s thinking and empowering teams to integrate security throughout the IT lifecycle.
    https://www.redhat.com/architect/devsecops-culture

    Reply
  6. Tomi Engdahl says:

    Jammer! He Just Wanted Privacy, But This Little Device Caused Big Trouble
    https://m.youtube.com/watch?v=bn3MZp1qKmw&feature=share

    Gary Bojczak drove a truck for a construction company that was constantly tracking his vehicle. Plugging a little dongle into the cigarette lighter could block that surveillance, but ended up causing way more problems than it solved.

    Truck driver has GPS jammer, accidentally jams Newark airport
    https://www.cnet.com/culture/truck-driver-has-gps-jammer-accidentally-jams-newark-airport/

    An engineering firm worker in New Jersey p a GPS jammer so his bosses don’t know where he is all the time. However, his route takes him close to Newark airport, and his jammer affects its satellite systems.

    Reply
  7. Tomi Engdahl says:

    ECONOMICS DRIVES RAY-GUN RESURGENCE
    Laser weapons, cheaper by the shot, should work well against drones and cruise missiles
    https://spectrum.ieee.org/ray-gun

    Reply
  8. Tomi Engdahl says:

    The Linux Kernel Key Retention Service and why you should use it in your next application
    https://www.techspot.com/news/96852-new-intel-research-charts-course-trillion-transistor-chip.html

    We want our digital data to be safe. We want to visit websites, send bank details, type passwords, sign documents online, login into remote computers, encrypt data before storing it in databases and be sure that nobody can tamper with it. Cryptography can provide a high degree of data security, but we need to protect cryptographic keys.

    Reply
  9. Tomi Engdahl says:

    “Users are idiots.” “Users don’t belong on the web if they’re not security savvy.” In my long and distinguished career covering cybercrime as an author and analyst, I’ve heard it ALL – mostly from technically savvy users who, by the way, cannot completely secure their own environments. I always asked them, “If you can’t, how do you expect them to?” So I got to write this story for CSO. The gist: Blaming users and putting security onus on users never works! It takes a combination of tech and training, not one or the other, to reduce risk. Thank you for the interviews,
    #cyberdefense #userexperience #securityawareness
    https://www.csoonline.com/article/3681328/when-blaming-the-user-for-a-security-breach-is-unfair-or-just-wrong.html

    Reply
  10. Tomi Engdahl says:

    It’s absolutely everywhere, but what is TLS and where did it come from? How does it work? Can it be hacked? What are the benefits and challenges? In this video I explain the background behind this ubiquitous Internet security protocol along with many of the common questions about it. #security #cybersecurity #ssl #sslcertificate #transparentlayersecurity #infomationsecurity
    Video Link: https://youtu.be/HHWVTv2VTrk

    Reply
  11. Tomi Engdahl says:

    Purpose Built Criminal Proxy Services and the Malicious Activity They Enable https://www.domaintools.com/resources/blog/purpose-built-criminal-proxy-services-and-the-malicious-activity-they-enable/
    It is both natural and expected that industries grow, evolve, and increase their sophistication, and cybercriminal activity is unfortunately no exception. As defender techniques change, so must a bad actors, and the services that support them become an important subject of consideration and understanding. Whether it is crypter services that help obfuscate malicious code or so called bulletproof hosting services that allow actors to host their command-and-control
    (C2) infrastructure with the explicit benefit of not having it taken down. Or services catering to various criminal marketplaces needs have kept pace and chosen specialization in providing these services to a host of actors looking to conduct a broad gambit of criminal activities.

    Reply
  12. Tomi Engdahl says:

    Industry 4.0: CNC Machine Security Risks Part 2 https://www.trendmicro.com/en_us/research/22/l/cnc-machine-security-risks-part-2.html
    In part one, we discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. We also laid out how we evaluated the chosen vendors for our research. For this blog, we will continue discussing our evaluated vendors and highlighting findings that we discovered during our research.

    Reply
  13. Tomi Engdahl says:

    Cyber Safety Review Board to Conduct Second Review on Lapsus$ https://www.dhs.gov/news/2022/12/02/cyber-safety-review-board-conduct-second-review-lapsus
    Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group.
    Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks. Once concluded, the report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly.

    Reply
  14. Tomi Engdahl says:

    Who Carries the Weight of a Cyberattack?
    https://securityintelligence.com/articles/who-carries-weight-cyberattack/
    Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused by employees: weak passwords, phishing emails and social engineering attacks.

    Reply
  15. Tomi Engdahl says:

    Indicators of compromise (IOCs): how we collect and use them https://securelist.com/how-to-collect-and-use-indicators-of-compromise/108184/
    It would hardly be an exaggeration to say that the phrase indicators of compromise (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes, IP addresses and other technical data that should help information security specialists to counter a specific threat. But how exactly can indicators of compromise help them in their everyday work? To find the answer we asked three Kaspersky experts: Pierre Delcher, Senior Security Researcher in GReAT, Roman Nazarov, Head of SOC Consulting Services, and Konstantin Sapronov, Head of Global Emergency Response Team, to share their experience.

    Reply
  16. Tomi Engdahl says:

    What the CISA Reporting Rule Means for Your IT Security Protocol https://thehackernews.com/2022/12/what-cisa-reporting-rule-means-for-your.html
    The new Cyber Incident Reporting for Critical Infrastructure Act of
    2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March. The sessions and NPRM are steps toward creating the new rule.

    Reply
  17. Tomi Engdahl says:

    Mozilla, Microsoft drop TrustCor as root certificate authority https://www.theregister.com/2022/12/02/mozilla_microsoft_trustcor/
    Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps. The CA, TrustCor, denies this, but has not responded to direct questions at time of publication. After a lengthy discussion between staff at Mozilla and Apple, security researchers and the CA itself, Mozilla program manager Kathleen Wilson said the org’s concerns were “substantiated” enough to set a distrust date of November 30 for TrustCor’s root certificates.

    Reply
  18. Tomi Engdahl says:

    Darknet markets generate millions in revenue selling stolen personal data https://arstechnica.com/tech-policy/2022/12/darknet-markets-generate-millions-in-revenue-selling-stolen-personal-data/
    It is common to hear news reports about large data breaches, but what happens once your personal data is stolen? Our research shows that, like most legal commodities, stolen data products flow through a supply chain consisting of producers, wholesalers, and consumers. But this supply chain involves the interconnection of multiple criminal organizations operating in illicit underground marketplaces. The stolen data supply chain begins with producershackers who exploit vulnerable systems and steal sensitive information such as credit card numbers, bank account information, and Social Security numbers.

    Reply
  19. Tomi Engdahl says:

    Open source software host Fosshost shutting down as CEO unreachable https://www.bleepingcomputer.com/news/technology/open-source-software-host-fosshost-shutting-down-as-ceo-unreachable/
    Open source software hosting and cloud computing provider Fosshost will no longer be providing services as it reaches end of life.
    Fosshost project volunteers announced the development this weekend following months of difficulties in reaching the leadership including the CEO. Users are being urged to immediately backup their data and migrate to alternative hosting platforms. UK-based non-profit Fosshost has been providing services to several high profile open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe (FSFE) completely free of charge. But that will soon change as the project reaches end of life.

    Reply
  20. Tomi Engdahl says:

    EU:lta penätään vastatoimia vakoiluohjelmille Sääntelyä hidastaa poliittisen tahdon puute
    https://www.kauppalehti.fi/uutiset/eulta-penataan-vastatoimia-vakoiluohjelmille-saantelya-hidastaa-poliittisen-tahdon-puute/5dad6190-cbc5-46fd-ac73-4e8287006e39
    Tehokkaat ja salakavalat vakoiluohjelmat ovat nousseet viime vuosina otsikoihin, kun niitä on käytetty poliitikkojen, aktivistien ja toimittajien tarkkailuun. Ohjelmat mahdollistavat puhelimien murtamisen ja esimerkiksi puheluiden, tekstiviestien ja muun toiminnan seuraamisen, kirjoittaa Euractiv. Pegasuksen ja muiden vakoiluohjelmien käyttöä tutkivan Euroopan parlamentin PEGA-komitean puheenjohtaja Jeroen Lenaers sanoo, että Pegasuksen puhelimista onkima tietomäärä on melko pelottavaa.

    Reply
  21. Tomi Engdahl says:

    Governments seek ways to avert quantum’s encryption apocalypse https://www.axios.com/2022/12/02/quantum-computing-encryption-apocalypse-cybersecurity
    The U.S. is barreling toward a quantum computing future, but until its here, it’s unknown if all the investments and time spent preparing the countrys cybersecurity will pay off. The big picture: Experts have long feared quantum computing would allow foreign adversaries and hackers to crack the otherwise unbreakable encryption standards that protect most online data leaving everything from online payment systems to government secrets vulnerable.

    Reply
  22. Tomi Engdahl says:

    Preparing for a Russian cyber offensive against Ukraine this winter https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/
    As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyivs military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
    In recent months, cyberthreat actors affiliated with Russian military intelligence have launched destructive wiper attacks against energy, water and other critical infrastructure organizations networks in Ukraine as missile strikes knocked out power and water supplies to civilians across the country.

    Reply
  23. Tomi Engdahl says:

    Crimeware trends: self-propagation and driver exploitation https://securelist.com/crimeware-report-ransomware-tactics-vulnerable-drivers/108197/
    If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, we highlighted an increase in the popularity of platform-independent languages and ESXi support, and recently, we wrote about ransomware borrowing these propagation methods. Last month, we wrote in our crimeware reporting service about further ransomware variants that now had their own methods for copying and executing malware on other machines within the network. We also wrote about a case of abusing vulnerable drivers, something that might become popular in the future as well. In this blog post, we provide excerpts from these reports.

    Reply
  24. Tomi Engdahl says:

    Did Brazil DSL Modem Attacks Change Device Security?
    https://securityintelligence.com/articles/brazil-dsl-modem-attacks-changed-security/
    - From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazils Computer Emergency Response Team, the attack ultimately infected more than 4.5 million DSL modems.

    Reply
  25. Tomi Engdahl says:

    Enhanced Protection – The strongest level of Safe Browsing protection Google Chrome has to offer https://security.googleblog.com/2022/12/enhanced-protection-strongest-level-of.html
    As a follow-up to a previous blog post about How Hash-Based Safe Browsing Works in Google Chrome, we wanted to provide more details about Safe Browsings Enhanced Protection mode in Chrome. Specifically, how it came about, the protections that are offered and what it means for your data. Security and privacy have always been top of mind for Chrome. Our goal is to make security effortless for you while browsing the web, so that you can go about your day without having to worry about the links that you click on or the files that you download.

    Reply
  26. Tomi Engdahl says:

    Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
    Since June 2022, CrowdStrike Services, CrowdStrike Falcon OverWatch and CrowdStrike Intelligence teams have observed an increase in the targeting of Telco and BPO industries. These investigations appear to be tied to a financially-motivated campaign with links to an adversary CrowdStrike tracks as SCATTERED SPIDER. This blog will discuss the ongoing campaign in greater detail, highlighting the various techniques used by the adversary to gain and maintain access, and evade detection and response, as well as what organizations should be aware of to best defend and respond to this campaign.

    Reply
  27. Tomi Engdahl says:

    Vice Society: Profiling a Persistent Threat to the Education Sector https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/
    Vice Society is a ransomware gang that has been involved in high-profile activity against schools this year. Unlike many other ransomware groups such as LockBit that follow a typical ransomware-as-a-service (RaaS) model, Vice Societys operations are different in that theyve been known for using forks of pre-existing ransomware families in their attack chain that are sold on DarkWeb marketplaces. These include the HelloKitty (aka FiveHands) and Zeppelin strains of ransomware as opposed to Vice Society developing their own custom payload.

    Reply
  28. Tomi Engdahl says:

    Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks https://thehackernews.com/2022/12/chinese-hackers-target-middle-east.html
    A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries vulnerable to side-loading techniques, followed by using a mix of legitimate and bespoke tools to conduct reconnaissance, harvest data, move laterally across the environment, and evade detection.

    Reply
  29. Tomi Engdahl says:

    The Story of a Ransomware Turning into an Accidental Wiper https://www.fortinet.com/blog/threat-research/The-story-of-a-ransomware-turning-into-an-accidental-wiper
    In the last issue of our Ransomware Roundup series, we discussed a publicly available open-source ransomware toolkit called Cryptonite.
    As part of that investigation, we also discovered a Cryptonite sample in the wild that never offers the decryption window, instead acting as a wiper. We recently saw an increase in ransomware intentionally turned into wiper malware, primarily as part of a political campaign.
    So in this post, we take a closer look at the Cryptonite wiper sample.

    Reply
  30. Tomi Engdahl says:

    Exposing TAG-53s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations
    Beginning in July 2022, Recorded Futures Insikt Group observed the recurring use of similar infrastructure by the threat activity group TAG-53. This newly discovered infrastructure likely overlaps with other infrastructure tactics, techniques, and procedures (TTPs) previously attributed to Callisto Group, COLDRIVER, and SEABORGIUM, who have been linked to activity aligning with Russian state interests. Insikt Group has observed the recurring use of common traits by TAG-53 when curating its infrastructure, including the use of domain names employing a specific pattern construct along with Lets Encrypt TLS certificates, the use of a specific cluster of hosting providers, and the use of a small cluster of autonomous systems.

    Reply
  31. Tomi Engdahl says:

    Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google https://krebsonsecurity.com/2022/12/judge-orders-u-s-lawyer-in-russian-botnet-case-to-pay-google/
    In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internets largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Googles legal fees.

    Reply
  32. Tomi Engdahl says:

    Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says
    https://www.nbcnews.com/tech/security/chinese-hackers-covid-fraud-millions-rcna59636
    Hackers linked to the Chinese government stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states, according to the Secret Service. The theft of taxpayer funds by the Chengdu-based hacking group known as APT41 is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly, but may just be the tip of the iceberg, according to U.S. law enforcement officials and cybersecurity experts.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*