Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Exploring Prompt Injection Attacks
https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/
Have you ever heard about Prompt Injection Attacks[1]? Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning. This vulnerability was initially reported to OpenAI by Jon Cefalu (May 2022)[2] but it was kept in a responsible disclosure status until it was publicly released by Riley Goodside (September 2022)[3]. In his tweet, Riley showed how it was possible to create a malicious input that made a language model change its expected behaviour.
Tomi Engdahl says:
Tractors vs. threat actors: How to hack a farm https://www.welivesecurity.com/2022/12/05/tractors-threat-actors-how-hack-farm/
While I was in the UK police force and part of the National Cyber Crime Unit in 2018, I was asked to give a talk on cybersecurity at a National Farmers Union (NFU) meeting in southern England. Right after I started my talk, one farmer immediately raised his hand and told me that his cows had recently been hacked. Baffled and amused, I was instantly hooked and wanted to know more about his story.
Tomi Engdahl says:
Iran: State-Backed Hacking of Activists, Journalists, Politicians https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians
Hackers backed by the Iranian government have targeted two Human Rights Watch staff members and at least 18 other high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign, Human Rights Watch said today. An investigation by Human Rights Watch attributed the phishing attack to an entity affiliated with the Iranian government known as
APT42 and sometimes referred to as Charming Kitten.
Tomi Engdahl says:
Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers
https://isc.sans.edu/diary/Mirai+Botnet+and+Gafgyt+DDoS+Team+Up+Against+SOHO+Routers/29304
Since 2014, self-replicating variants of DDoS attacks against routers and Linux-based IoT devices have been rampant. Gafgyt botnets target vulnerable IoT devices and use them to launch large-scale distributed denial-of-service attacks. SOHO and IoT devices are ubiquitous, less likely to have secure configurations or routine patches, and more likely to be at the internet edge. Attacks against these devices are less likely to be identified by enterprise monitoring techniques, and compromise may go unnoticed. Unwitting users then become part of attack propagation.
Tomi Engdahl says:
Cyber-Terror In The Skies
https://www.forbes.com/sites/emilsayegh/2022/12/06/cyber-terror-in-the-skies/
Before 9/11, airplane hijackings were seen as something out of a Hollywood screenwriters imagination. Major movie plots tend to echo the societal themes of the day, in character scenarios and in some cases, technology. There is quite a plethora of cyber-crime themed movies that accurately predicted our future. If we take a moment to stop and notice, nearly everything around us is becoming more digitized than ever – from the navigation and control systems on cars, or the Wi-Fi-enabled temperature sensor in backyard grills. You cant escape it, so it is little surprise to discover how much technology goes into a modern aircraft.
Tomi Engdahl says:
The Surreal Case of a C.I.A. Hacker’s Revenge
A hot-headed coder is accused of exposing the agency’s hacking arsenal. Did he betray his country because he was pissed off at his colleagues?
https://www.newyorker.com/magazine/2022/06/13/the-surreal-case-of-a-cia-hackers-revenge
Tomi Engdahl says:
Syyllistytkö sinäkin tähän yleiseen salasanamokaan?
https://etn.fi/index.php/13-news/14346-syyllistyitkoe-sinaekin-taehaen-yleiseen-salasanamokaan
Me kaikki käytämme niin monia webin palveluja, että lienee liikaa olettaa, että muistaisimme aina kaikki käyttämämme salasanat. Mutta tiesitkö, että neljä viidestä on unohtanut vähintään yhden salasanan viimeisten kolmen kuukauden aikana.
Verkon markkinointipalveluja tarjoava Reboot SEO Company halusi tietää lisää salasanatottumuksistamme ja analysoi 10 eniten käytettyä verkkosovellusta päätelläkseen, mitkä salasanat käyttäjät unohtavat eniten. Jo viiden unohdetuimman salasanan joukosta löytyy palveluista, joita kaikki käytämme.
Tomi Engdahl says:
Yli 95 prosenttia haittaohjelmista kohdistuu Windowsiin
https://etn.fi/index.php/13-news/14340-yli-95-prosenttia-haittaohjelmista-kohdistuu-windowsiin
Windows on suosituin käyttöjärjestelmä pöytätietokoneiden ja kannettavien tietokoneiden käyttäjien keskuudessa. Sillä on noin 30 % OS-markkinaosuudesta maailmanlaajuisesti. Tämä voi olla yksi syistä, miksi sille koodataan eniten haittaohjelmia. Luvut osoittavat asian selvästi.
Atlas VPN:n mukaan vuoden 2022 kolmen ensimmäisen vuosineljänneksen aikana havaittiin 59,58 miljoonaa uutta Windows-haittaohjelmanäytettä. Ne muodostavat peräti 95,6 prosenttia kaikista tänä vuonna löydetyistä uusista haittaohjelmista.
Tomi Engdahl says:
Tutkimus: 39 prosenttia yrityksistä on heikkoja kyberturvallisuudessa
https://etn.fi/index.php/13-news/14335-tutkimus-39-prosenttia-yrityksistae-on-heikkoja-kyberturvallisuudessa
Kyberturvayhtiö Nixun julkaiseman tutkimuksen mukaan 39 prosenttia pohjoiseurooppalaisista organisaatioista on kyberturvallisuudessaan heikolla tai välttävällä tasolla. Tutkimus paljastaa myös, että toimitusketjujen turvallisuudesta on tulossa seuraava suuri huolenaihe, ja että riskienhallintaan keskitytään yllättävän vähän.
Nixu Cybersecurity Index mittaa pohjoiseurooppalaisten organisaatioiden kyberturvallisuuden tasoa arvioimalla neljää kyberturvallisuuden osa-aluetta: nykytilaa, johtamista, taloudellisia investointeja ja tulevaisuuden kehityssuunnitelmia. Tässä ensi kertaa toteutetussa tutkimuksessa organisaatiot saivat keskimäärin 67 pistettä, mikä on hädin tuskin tyydyttävä tulos asteikolla 10–100. Pisteet perustuvat itsearviointiin.
Tutkimuksen mukaan tietoturvatietoisuus nähdään kriittisimpänä kyberturvallisuuskykynä, ja organisaatiot aikovat vahvistaa sitä seuraavien 12 kuukauden aikana. Toisaalta kyberturvallisuuspäättäjät painottivat riskienhallinnan merkitystä yllättävän vähän. Vain 24 prosenttia sanoi, että riskienhallinta on yksi kriittisimmistä valmiuksista, ja vain 21 prosenttia aikoo vahvistaa sitä seuraavan vuoden aikana. Silti yli kolmannes vastaajista (38 %) sanoi, ettei riskienhallinta ole heidän organisaatiossaan hyvällä tolalla.
Tomi Engdahl says:
Wipers Are Widening: Here’s Why That Matters
https://www.securityweek.com/wipers-are-widening-heres-why-matters
In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally, which underscores the fact that cybercrime knows no borders.
It’s not just the numbers that are growing; we’re also seeing a rise in variety and sophistication. These wiper varieties are also increasingly targeting critical infrastructure.
Awash with wipers
The war in Ukraine has undoubtedly fueled a major uptick in the use of wiper malware; FortiGuard Labs research identified at least seven new wiper variants in the first half of 2022 that were used in campaigns targeting government, military and private organizations. That’s almost as many wiper variants that have been publicly detected in total since 2012, when bad actors used the Shamoon wiper to attack a Saudi Arabian oil company.
These variants include the following variants:
• CaddyWiper: Bad actors used this variant to wiper data and partition information from drives on systems belonging to a select number of Ukrainian organizations shortly after the war began.
• WhisperGate: Discovered by Microsoft in mid-January being used to target organizations in Ukraine.
• HermeticWiper: Noted in February by SentinelLabs, this tool for triggering boot failures was also found targeting Ukrainian organizations
• IsaacWiper: A malware tool for overwriting data in disk drives and attached storage to render them inoperable.
We also observed three other variants targeting Ukrainian companies and organizations: WhisperKill, Double Zero and AcidRain.
Wipers without borders
The wiper ware action isn’t limited to Ukraine. We’ve detected more wiper malware outside Ukraine than within the country since the war began in February. We’ve detected wiper activity in 24 counties other than Ukraine.
Tomi Engdahl says:
Three Ways to Improve Defense Readiness Using MITRE D3FEND
https://www.securityweek.com/three-ways-improve-defense-readiness-using-mitre-d3fend
Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations improve their defensive cybersecurity posture.
MITRE D3FEND is complementary to the MITRE ATT&CK framework, which is a library of cybercriminal tactics, techniques, and procedures (TTP). D3FEND maps relationships between ATT&CK’s TTP and defensive countermeasures for developing strategies to known attacker behavior.
Using D3FEND To Bolster Defensive Readiness
D3FEND gives organizations a defensive cybersecurity language and classification hierarchy, enabling them to create a new cybersecurity program or to improve an existing one. Organizations can use the framework to assess and compare the security posture of software products and services, and to make informed acquisitions and investments.
At its core, D3FEND provides security teams with the taxonomy of skills they need to achieve defensive readiness. This taxonomy provides a highly formal and organized insight into defensive countermeasures that security teams can take to mitigate attacks, while laying the groundwork for a long-term strategy to monitor, detect, and respond to cyberattacks.
https://d3fend.mitre.org/
Tomi Engdahl says:
Apple Faces Critics Over Its Privacy Policies
https://www.securityweek.com/apple-faces-critics-over-its-privacy-policies
Apple presents itself as a white knight on the subject of privacy, but critics say its own advertising ambitions are built on anti-competitive practices.
Two developers going by the name ‘Mysk’ claimed last month that Apple was tracking users’ every tap on the App Store, with no way of disabling the function.
A class action lawsuit was subsequently filed in California, claiming that Apple’s “promises regarding privacy are utterly false”.
Tomi Engdahl says:
Selvitys paljasti ikävän totuuden 62 % suomalaisista käyttää vanhentunutta salasanaa
https://www.tivi.fi/uutiset/tv/50857c5a-72cf-440e-b180-60ce41751d01
Valtaosa prosenttia suomalaisista pitää viranomaisia luotettavina henkilötietojen käsittelijöinä. Lisäksi viranomaisten datankeruu herättää vähemmän vastustusta kuin aiemmin. Sen sijaan vain puolet pitää yrityksiä luotettavina henkilötietojen käsittelijöinä. Vastuut koskien kyberturvallisuutta näyttäytyvät monelle epäselvänä.
Kuluttajat eivät aina tunnista omaa tärkeää rooliaan digimaailman turvallisuuden ylläpitämisessä, vaikka digitaalisista palveluista on tullut yhä suurempi osa arkea. Nämä selviävät Tietoevryn tekemästä Tietoturvabarometrista, joka toteutettiin nyt kolmannen kerran.
Tietoevry selvitti kuluttajien näkemyksiä tietoturvasta Suomessa, Ruotsissa ja Norjassa.
Tomi Engdahl says:
The Long Road to Safe RAM Handling
https://www.kaspersky.com/blog/the-long-road-to-memory-safety/46511/
In November 2022, the U.S. National Security Agency issued a bulletin on RAM handling security. If you look at other NSA bulletins on the topic, youll notice that they mostly focus on either data encryption, or production loop protection and other organizational issues.
Addressing software developers directly is quite an unusual move for the agency. But since its been done, its clearly about something particularly important. Basically, the NSA is urging software developers to switch to programming languages whose architecture implies increased safety when working with memory.
Tomi Engdahl says:
Determining your hacking targets with recon and automation https://labs.detectify.com/2022/12/07/determining-your-hacking-targets-with-recon-and-automation/
Many ethical hackers struggle because they are hacking the wrong types of targets for them. This is especially true for independent researchers or bug bounty hunters. These endeavors only pay for results and findings, not the time invested. Ethical hackers with a good return on their time ensure that their efforts are focused on hacking targets they are comfortable with. A target that is right for you as an ethical hacker could be any of the following…
Tomi Engdahl says:
OpenSSL punycode with hindsight
https://blog.checkpoint.com/2022/12/07/openssl-punycode-with-hindsight/
November 1st, 2022. Everyone in the cybersecurity world was sitting at the edge of his or her seat, waiting for the update from OpenSSL. The tension was palpable. The next Heartbleeds were about to be announced, two critical vulnerabilities that affect everyone and everything, everywhere. And then they were released. And everyone was let down.
Ever since the recent OpenSSL CVEs were released (CVE-2022-3602 and CVE-2022-3786), weve had many posts pop up all across the internet discussing them.
Tomi Engdahl says:
Final defense policy bill chock full of cybersecurity provisions https://therecord.media/final-defense-policy-bill-chock-full-of-cybersecurity-provisions/
Lawmakers filed a compromise version of their annual defense policy bill on Tuesday that includes several major provisions for U.S. Cyber Command. The House will vote on the fiscal 2023 National Defense Authorization Act that would okay a total of $858 billion in funding this week. The Senate is expected to quickly follow. Heres a rundown of what did (and didnt) make it into the must-pass policy blueprint…
Tomi Engdahl says:
Apple Adding End-to-End Encryption to iCloud Backup
https://www.securityweek.com/apple-adding-end-end-encryption-icloud-backup
Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.
The security-themed upgrades, scheduled to ship in 2023, includes a new feature called Advanced Data Protection for iCloud offering end-to-end encryption to protect iCloud backups even in the case of a data breach.
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices,” apple security engineering chief Ivan Krstic said in note describing the coming upgrades.
https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
Tomi Engdahl says:
Big Tech Vendors Object to US Gov SBOM Mandate
https://www.securityweek.com/big-tech-vendors-object-us-gov-sbom-mandate
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.
A lobbying outfit representing big tech is calling on the federal government’s Office of Management and Budget (OMB) to “discourage agencies” from requiring SBOMs, arguing that “it is premature and of limited utility” for vendors to accurately provide a nested inventory of the ingredients that make up software components.
The trade group, called ITI (Information Technology Industry Council), counts Amazon, Microsoft, Intel, AMD, Lenovo, IBM, Cisco, Samsung, TSMC, Qualcomm, Zoom and Palo Alto Networks among its prominent members.
Tomi Engdahl says:
Balancing Security Automation and the Human Element
https://www.securityweek.com/balancing-security-automation-and-human-element
There are two recurring themes in security that we continue to discuss, debate and, quite frankly, struggle with—automation and the talent gap.
I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your people to make automation more effective. It requires a balanced approach where repetitive, low-risk, time-consuming tasks are prime candidates for automation, while human analysts take the lead on irregular, high-impact, time-sensitive investigations with automation simplifying some of the work.
The good news is that senior cybersecurity professionals at companies in the U.S., U.K. and Australia say they have become more confident in automation over the last year, with 84% reporting (PDF) some level of trust in outcomes versus 55% last year. However, challenges with implementing automation persist, including technology complexity (21%), skills shortages (17%) and a lack of management buy-in (17%).
Tomi Engdahl says:
Kritiikkivyöry sai Applen luopumaan kohua herättäneestä kehityshankkeesta yhtiön pilvipalvelu on jatkossa täysin salattu
https://www.kauppalehti.fi/uutiset/kritiikkivyory-sai-applen-luopumaan-kohua-herattaneesta-kehityshankkeesta-yhtion-pilvipalvelu-on-jatkossa-taysin-salattu/ef7c08c5-b227-442d-9aea-b32b42a60ea2
Apple on ilmoittanut Wiredin haastattelussa luopuvansa paljon kohua herättäneen “lapsipornoskannerin” kehityksestä. Vuoden 2021 elokuussa yhtiö kertoi suunnittelevansa työkalua, joka olisi tarkistanut käyttäjien iCloud-kuvat lapsipornon varalta.
Tomi Engdahl says:
Explorations in the spam folderHoliday Edition https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition
The spam folder: that dark and disregarded corner of every email account, full of too-good-to-be-true offers, unexpected shipments, and supposedly free giveaways. You’re right to ignore this folder; few good things come from exploring it. But every once in a while one of these misleading, and sometimes malicious, emails manages to evade the filters that normally siphon them off, landing them in your inbox instead.
Tomi Engdahl says:
https://www.securityweek.com/removing-barriers-security-automation-implementation
Tomi Engdahl says:
Apple Scraps CSAM Detection Tool for iCloud Photos
https://www.securityweek.com/apple-scraps-csam-detection-tool-icloud-photos
Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.
Instead, the Cupertino, California device maker said it would expand investments into different tooling and features to warn children if they receive or attempt to send photos that may contain nudity.
Instead of the proposed CSAM detection tool for iCloud Photos, Apple said it will focus engineering efforts on a feature called Communication safety in Messages that protects children from viewing or sharing photos that contain nudity in the Messages app.
The feature, which is off by default, uses on-device machine learning to analyze image attachments and determine if a photo appears to contain nudity, according to Apple’s documentation.
“If Messages detects that a child receives or is attempting to send this type of photo, Messages blurs the photo before it’s viewed on your child’s device and provides guidance and age-appropriate resources to help them make a safe choice, including contacting someone they trust if they choose,” the company said.
Tomi Engdahl says:
Sami Fathi / MacRumors:
A look at the reaction to Apple’s E2EE news: the FBI is “deeply concerned” and says the change “hinders” its work while the EFF and others applaud the feature
FBI Calls End-to-End Encryption ‘Deeply Concerning’ as Privacy Groups Hail Apple’s Advanced Data Protection as a Victory for Users
https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/
Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy.
iCloud end-to-end encryption, or what Apple calls “Advanced Data Protection,” encrypts users’ data stored in iCloud, meaning only a trusted device can decrypt and read the data. iCloud data in accounts with Advanced Data Protection can only be read by a trusted device, not Apple, law enforcement, or government entities.
Following its announcements, the EFF or Electronic Frontier Foundation, a group that has long-called for Apple to enable end-to-end encryption and take more steps to safeguard user privacy, put out a statement applauding the new feature and Apple’s renewed commitment to privacy.
Tomi Engdahl says:
Washington Post:
With Republicans set to take over the House in 2023, a look at the odds of passing the bipartisan American Data Privacy and Protection Act in a divided Congress
Opinion
Democrats and Republicans agree on this tech privacy bill. But can it pass?
https://www.washingtonpost.com/opinions/2022/12/08/tech-privacy-bill-bipartisan-congress/
With Republicans poised to take over the House next year, a divided Congress looms. The result could be two years of partisan strife and gridlock. But between the GOP investigations and other legislative fireworks to come, there might be room to get a few things done — if lawmakers are willing to accept success.
Members of Congress have spent years devising a federal tech privacy law that finally seemed close to passage this session, when Reps. Frank Pallone Jr. (D-N.J.) and Cathy McMorris Rodgers (R-Wash.), as well as Sen. Roger Wicker (R-Miss.), presented a bipartisan compromise. The good news: The American Data Privacy and Protection Act (ADPPA) flew through committee 53-2 in the House. The bad: That’s where it stopped, and its chances appear slim in this Congress’s final weeks. That would mean it will be on the next Congress to pick up where its predecessor left off. If next year’s congressional leaders want to do more than just oversee partisan bickering, taking up this bill would be a place to start.
The ADPPA departs from the notice-and-consent paradigm, in which the burden lies with consumers to understand what is being done with their personal information and object if they would like. Few people take the time to read through and fully comprehend privacy policies when they are just trying to use a new app or set up their phone. The ADPPA introduces a novel approach: The companies handling data would themselves have obligations to handle it responsibly. They would be required to limit data collection, use and sharing to what is “reasonably necessary and proportionate” to provide their products or services.
Many lawmakers agree on this policy, and for the most part they also agree on two questions that previously seemed likely to spell doom for the ADPPA: whether individuals should have the right to sue tech companies under the law and whether federal privacy rules should override existing state privacy regulations. In both these areas, legislators managed to push aside politics and make smart compromises — a rare accomplishment that shouldn’t go to waste.
Lingering concerns over whether individuals can sue tech firms, especially from Senate Commerce Committee Chair Maria Cantwell (D-Wash.), could cause some final hiccups.
Tomi Engdahl says:
Googlelle uusi määräys: hakutuloksista poistettava vääriksi todistettavat tiedot https://www.tivi.fi/uutiset/tv/86432e54-f6f5-4254-b373-b7bcfd48496b
Googlen tulee jatkossa poistaa väärät tiedot hakutuloksistaan, mikäli käyttäjät asiasta yhtiölle todisteiden kanssa valittavat. Euroopan unionin tuomioistuin päätti asiasta torstaina, uutistoimisto Reuters kirjoittaa.
Tomi Engdahl says:
Poliisi iskee 300 miljoonan euron rahapeliongelmaan lista julki tammikuussa https://www.is.fi/digitoday/art-2000009255491.html
RAHAPELAAMISEN maksuliikennettä aletaan rajoittaa vuodenvaihteessa, Poliisihallitus tiedotti perjantaina. Maksuliikenne-estoilla pyritään torjumaan Suomen rahapelimonopolin ulkopuolista rahapelaamista. Estot koskevat ulkomaisia peliyhtiöitä, jotka suuntaavat Manner-Suomeen arpajaislain vastaista markkinointia ja joiden lainvastaisuuden Poliisihallitus toteaa.
Tomi Engdahl says:
New Ransom Payment Schemes Target Executives, Telemedicine https://krebsonsecurity.com/2022/12/new-ransom-payment-schemes-target-executives-telemedicine/
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious.
Tomi Engdahl says:
Air-gapped PCs vulnerable to data theft via power supply radiation https://www.bleepingcomputer.com/news/security/air-gapped-pcs-vulnerable-to-data-theft-via-power-supply-radiation/
A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems isolated from the internet over a distance of at least two meters (6.5 ft), where its captured by a receiver.
Tomi Engdahl says:
Removing the Barriers to Security Automation Implementation
https://www.securityweek.com/removing-barriers-security-automation-implementation
Tomi Engdahl says:
EU Court: Google Must Delete Inaccurate Search Info If Asked
https://www.securityweek.com/eu-court-google-must-delete-inaccurate-search-info-if-asked
Tomi Engdahl says:
Kuka vastaa kyberturvallisuudesta? Tulevassa hallitusohjelmassa pitäisi olla selkeä kirjaus
https://www.tivi.fi/uutiset/tv/05618ac2-f3f4-4426-88ce-0544658f1f85
Julkisoikeuden professori Tomi Voutilainen kehottaa tulevaa hallitusta ottamaan kantaa kyberturvallisuushallinnon järjestämiseen.
Tomi Engdahl says:
Salasanojen syrjäyttäminen etenee Google Chrome tarjoaa turvallisemman tavan kirjautumiseen
https://www.tivi.fi/uutiset/tv/04bb789c-e769-4073-aaac-c3882820fa18
Tietovuodot ja tietojenkalastelu ovat salasanoihin liittyviä riskejä, joista voidaan päästä uuden kirjautumistavan myötä eroon.
Tomi Engdahl says:
China bans deepfakes created without permission or for evil https://www.theregister.com/2022/12/12/china_deep_synthesis_deepfake_regulation/
China’s Cyberspace Administration has issued guidelines on how to do deepfakes the right way. Deepfakes use artificial intelligence to create realistic depictions usually videos of humans saying and/or doing things they didn’t say and/or do. They’re controversial outside China for their potential to mislead audiences and create trouble for the people depicted.
Tomi Engdahl says:
Japan to amend laws to allow for offensive cyber operations against foreign hackers https://therecord.media/japan-to-amend-laws-to-allow-for-offensive-cyber-operations-against-foreign-hackers/
The Japanese government is planning to introduce new laws that will allow it to engage in offensive cyber operations for the purposes of defending itself. The Nikkei reported that the government will make legislative changes so it can begin monitoring potential attackers and hack their systems as soon as signs of a potential risk are established.
Tomi Engdahl says:
Tekoäly muuttaa kyberhyökkäyksiä – uusia vaaratilanteita
https://www.uusiteknologia.fi/2022/12/13/tekoaly-muuttaa-kyberhyokkayksia-uusia-vaaratilanteita/
Millaisia uhkia tekoäly tulee muodostamaan kyberturvallisuudelle lähivuosien aikana ja miten uhkiin pitäisi varautua? Niihin pyrkii vastaamaan Traficomin Kyberturvallisuuskeskuksen ja Huoltovarmuuskeskuksen uusin selvitys, jonka on tuottanut aiemmin F-Securena tunnettu suomalaistoimija WithSecure. Mukana on linkki uusimpaan tietoturvaselvitykseen.
Tekoäly tuo uusia tapoja hyökkäyksiin ja se kiinnostaa uusia toimijoita laajalla rintamalla. Samalla tekoäly ja erilaiset koneoppimismallit voivat parantaa kyberturvallisuuden valvontaa, mutta myös mahdollistaa tapoja toteuttaa hyökkäyksiä.
Tuore selvitys on osa Traficomin ja Huoltovarmuuskeskuksen tekoälyn kyberturvallisuutta koskevaa kokonaisuutta, joka rahoitetaan Huoltovarmuuskeskuksen Digitaalinen turvallisuus 2030 -ohjelmasta. Selvityksen ensimmäinen osa julkaistiin vuosi sitten. Voit tutustua molempiin raportteihin uutisen lopun linkkien kautta.
Tekoälyn mahdollistamat kyberhyökkäykset ovat nousseet esille jo muutamia vuosia sitten. Lisäksi tekoälyn tukemia sosiaalisen manipuloinnin ja imitaatioon perustuvia hyökkäyksiä on myös jo tapahtunut. Tällaisia ovat muun muassa erilaiset deepfake syväväärennykset, jotka pyrkivät tuottamaan uskottavia syväoppimisen kehittämiä videoita tai ääniä.
Tomi Engdahl says:
Naton kyberjohtaja varoittaa suomalaisia kyberhyökkäysten
tulevaisuudesta: Käy helposti kuin sammakolle kuumassa vedessä
https://www.kauppalehti.fi/uutiset/naton-kyberjohtaja-varoittaa-suomalaisia-kyberhyokkaysten-tulevaisuudesta-kay-helposti-kuin-sammakolle-kuumassa-vedessa/aa47fa4d-836b-4a27-a2cb-201d129fe108
Kyberhyökkäyksissä on vielä pahin näkemättä, ennustaa Naton Christian-Marc Lifländer.
Tomi Engdahl says:
The Potential and Pitfalls of a Federal Privacy Law
https://www.securityweek.com/potential-and-pitfalls-federal-privacy-law
Congress is considering a US federal privacy law. It’s been brewing for the last ten years and is getting closer. On July 20, 2022, the House Energy and Commerce Committee overwhelmingly voted (53-2) to advance the American Data Privacy and Protection Act (ADPPA), H.R. 8152, to the full House of Representatives. But there are still problems to navigate.
Tomi Engdahl says:
As Wiretap Claims Rattle Government, Greece Bans Spyware
https://www.securityweek.com/wiretap-claims-rattle-government-greece-bans-spyware
Lawmakers in Greece on Friday approved legislation banning commercial spyware and reforming rules for legally-sanctioned wiretaps following allegations that senior government officials and journalists had been targeted by shadowy surveillance software. The 156-142 vote in parliament followed two days of debate, during which opposition lawmakers accused the government of attempting to cover up the illegal surveillance. They demanded that the date of a general election — due before next summer — be brought forward. Under the new law, the use, sale or distribution of spyware in Greece will carry a penalty of a two-year minimum prison sentence. Additional safeguards were also planned for legal wiretaps as well as for hiring the director and deputy directors of the National Intelligence Service, or NIS. Critics, including human rights groups and an independent transparency authority, argue that the changes followed a poorly-planned consultation process and lack sufficient oversight. Opposition lawmakers all voted against the bill Friday.
Tomi Engdahl says:
Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework
https://www.securityweek.com/video-deep-dive-pipedreamincontroller-ics-attack-framework
In this session from SecurityWeek’s 2022 ICS Cybersecurity Conference, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation.
Tomi Engdahl says:
Romanssihuijaus on julma tapa varastaa toisen ihmisen rahat osa kyberrikollisista joutuu pettämään myös itseään
https://yle.fi/a/74-20007515
Suomalaiset menettävät romanssihuijareille miljoonia euroja vuodessa.
Tutkijat ovat selvittäneet huijausten kaavaa ja taustoja.
Tomi Engdahl says:
Kansanedustaja meinasi haksahtaa WhatsApp-huijaukseen ja varoittaa muita: ”Täsmällisen uskottavasti jäljitteli lastani”
Varo WhatsAppissa tehtävää ”hei äiti!” -huijausta!
https://www.is.fi/digitoday/tietoturva/art-2000009264009.html
Kososen saama ”hei äiti!” -viesti on osa marraskuun lopussa alkanutta huijauskampanjaa. Siinä tulee WhatsApp-viesti tuntemattomasta numerosta, ja lähettäjä väittää olevansa vastaanottajan lapsi ja puhelimen olevan rikki.
Huijauksen edetessä ”lapsi” alkaa pyytää rahaa.
Huijausta alettiin nähdä ensimmäisen kerran viime vuoden kesällä. Silloin ”lapsi” väitti kännykkänsä joutuneen pesukoneeseen ja viestin tulevan siksi tuntemattomasta numerosta. Seuraava huijausaalto nähtiin viime vuoden syksyllä.
Puhelinnumeroita hyödyntäviä huijauksia helpottavat könttinä myytävät tietokannat eri lähteistä kaavituista puhelinnumeroista. 1 381 569 suomalaisen numerot sisältävää pakettia kaupitellaan parhaillaan verkon hakkerifoorumeilla.
Saadessasi huijausviestin WhatsAppissa kannattaa se raportoida huijaukseksi heti viestin saatuasi. Tämä auttaa laittamaan rikollisten käyttämät puhelinnumerot mustalle listalle.
Tomi Engdahl says:
Jopa 100 000 euroa tietoturvan parantamiseen suosio löi ällikällä https://www.tivi.fi/uutiset/tv/ffd737f3-b7a3-4997-89b4-8be86d88986c
Traficom kertoo julkaisemassaan tiedotteessa, että siltä on haettu 1.
joulukuuta alkaen tietoturvaseteleitä jo niin paljon, että haettu rahoitus on ylittänyt myönnettävissä olevan rahoituksen.
Tomi Engdahl says:
Tekoälyn soveltamisen kyberturvallisuus ja riskienhallinta https://www.traficom.fi/fi/julkaisut/tekoalyn-soveltamisen-kyberturvallisuus-ja-riskienhallinta
Tekoäly on entistä useammin osa tietojärjestelmiä sen tarjoamien uusien mahdollisuuksien vuoksi. Tekoälyyn ja koneoppimiseen liittyvien tietoturvariskien tunnistaminen ja hallitseminen on tärkeää, jotta tekoälyjärjestelmiä voidaan hyödyntää mahdollisimman turvallisesti ja myös saada näiden järjestelmien tuoma mahdollinen hyöty nykyistäkin laajempaan käyttöön.
Tomi Engdahl says:
Is the EU Healthcare Sector Cyber Healthy? The Conclusions of Cyber Europe 2022
https://www.enisa.europa.eu/news/is-the-eu-healthcare-sector-cyber-healthy-the-conclusions-of-cyber-europe-2022
The European Union Agency for Cybersecurity (ENISA) releases the after action report of the 2022 edition of Cyber Europe, the cybersecurity exercise testing the resilience of the European Healthcare sector.
Tomi Engdahl says:
Naomi Nix / Washington Post:
The son of a murdered Ethiopian professor files a lawsuit against Meta in Kenya, alleging Meta’s algorithms promote hateful and violent content for engagement
https://www.washingtonpost.com/technology/2022/12/13/ethiopia-slain-professor-lawsuit-meta-kenya/
Tomi Engdahl says:
Passkeys Now Fully Supported in Google Chrome
https://www.securityweek.com/passkeys-now-fully-supported-google-chrome
Google has made passkey support available in the stable version of Chrome after initially rolling it out to Chrome Canary in October.
Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised.
Usable with both applications and websites, passkeys can be synced between devices but cannot be reused and cannot be leaked. Passkeys work cross-platform.
Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication, eliminating the risks associated with phishing or the use of poor passwords.
“Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks,” Google notes.
The latest version of Chrome comes with support for passkeys on Windows 11, macOS, and Android, the internet giant announced.
Tomi Engdahl says:
Mapping Threat Intelligence to the NIST Compliance Framework
https://www.securityweek.com/mapping-threat-intelligence-nist-compliance-framework
Threat intelligence is critical for compliance personnel to justify budgets for governance, risk and compliance (GRC)
It is estimated that compliance drives 50% of the spend in the cybersecurity industry. Recently, some of our customer, defender-side colleagues indicated that threat intelligence was not typically considered within compliance frameworks. The main reason for this was noisy data feeds, a lack of identifiable metrics, and the lack of actionable intelligence related to the customer’s pain points.
Using the NIST Framework, organizations assess their current security posture, agree to organizational goals, understand their gaps and develop plans to optimize their security posture. We used this framework to show how threat intelligence is critical for compliance personnel to justify budgets for governance, risk and compliance (GRC) and how it is also important for CISOs and security practitioners responsible for incident response, security operations, and third-party risk. This column is the first in a two part series and will focus on the NIST frameworks for “identify”.
Tomi Engdahl says:
Zero trust tekee tuloaan – tällainen on tilanne yrityksissä
TIVI14.12.2022 11:44|päivitetty14.12.2022 11:44Tietoturva
Zero trustin kaltaisten hypetermien kohdalla on tavallista, että asioista puhutaan paljon, mutta todellisuudessa vain harva vielä tekee aidosti kyseistä asiaa.
https://www.tivi.fi/uutiset/zero-trust-tekee-tuloaan-tallainen-on-tilanne-yrityksissa/3b2dfaab-9d2f-4571-ad9f-0839b131899a
Yhdysvaltalaisen MIT-korkeakoulun tekemässä kyselyssä 40 prosenttia vastaajista sanoi käyttävänsä zero trust -mallia. 18 prosenttia oli parhaillaan käyttöönottovaiheessa ja 17 prosentilla oli zero trust -suunnitelmia.
Tunnistuspalveluja tarjoava Okta-yritys puolestaan kertoo tuoreessa selvityksessään, että 55 prosenttia yrityksistä on määritellyt zero trust -käytäntöjä, ja 42 prosenttia suunnittelee aloittavansa toimenpiteitä seuraavien puolentoista vuoden aikana.
Suosion nousu on ollut nopeaa. Vuonna 2021 vasta 24 prosenttia oli tehnyt toimia zero trustin käyttöön ottamiseksi. Vuonna 2019 ainoastaan 19 prosenttia Oktan kyselyyn vastanneista yrityksistä oli edennyt zero trustissa edes suunnitelmien tasolle.