Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Valtion it-keskus kävi läpi tietoturvamankelin
https://www.tivi.fi/uutiset/tv/882fbca4-a8a1-45b8-b910-d568522f8e84
ISO 27001 -tietoturvasertifikaatti on voimassa kolme vuotta.
Tomi Engdahl says:
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful against victims that did not implement multifactor authentication (MFA), an essential pillar of identity security. Without additional protective measures such as MFA, the attack takes advantage of the concept of bring-your-own-device (BYOD) via the ability to register a device using freshly stolen credentials.
Tomi Engdahl says:
White House wants US govt to use a Zero Trust security model https://www.bleepingcomputer.com/news/security/white-house-wants-us-govt-to-use-a-zero-trust-security-model/
A newly released Federal strategy wants the US government to adopt a “zero trust” security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. The strategy was released today by the White House’s Office of Management and Budget (OMB), which supervises the implementation of the President’s vision across the US Executive Branch.
Tomi Engdahl says:
New FluBot and TeaBot campaigns target Android devices worldwide https://www.bleepingcomputer.com/news/security/new-flubot-and-teabot-campaigns-target-android-devices-worldwide/
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. The SMS topics used for spreading the FluBot malware include fake courier messages, “Is this you in this video?” coaxes, phony browser updates, and fake voicemail notifications.
Tomi Engdahl says:
German govt warns of APT27 hackers backdooring business networks https://www.bleepingcomputer.com/news/security/german-govt-warns-of-apt27-hackers-backdooring-business-networks/
The BfV German domestic intelligence services (short for Bundesamt fr Verfassungsschutz) warn of ongoing attacks coordinated by the
APT27 Chinese-backed hacking group. This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) to backdoor their networks.
Tomi Engdahl says:
Mirai splinter botnets dominate IoT attack scene | ZDNet
https://www.zdnet.com/article/mirai-splinter-botnets-dominate-iot-attack-scene/
One of the most well-known botnets ever to exist continues to plague PCs and connected devices.
Botnets built from the Mirai codebase continue to wreak havoc in the technology arena, with cyberattackers taking advantage of lax Internet of Things (IoT) security in widespread attacks.
On Tuesday, Intel 471 published a new report on Mirai’s fracturing into new forms and a reported surge in attacks during 2020 and 2021 against IoT devices using these botnet variations.
“Threat actors seized the opportunity to not only create large botnets, but also steal confidential data from IoT devices linked to compromised organizations, and potentially sell it on underground marketplaces,” the researchers say.
As IoT device numbers are expected to reach approximately 30.9 billion by 2025, the team expects the threat – and overall power – of botnets to only continue to expand.
https://intel471.com/blog/iot-cybersecurity-threats-mirai-botnet
Tomi Engdahl says:
Detect and Remediate Log4j2 Vulnerabilities with this Free Developer Tool
https://www.logic.nl/detect-and-remediate-log4j-vulnerabilities-with-this-free-developer-tool/?utm_medium=email
This free developer tool, which is hosted on Github and is now available for use, quickly scans projects to find vulnerable Log4j versions and provides the exact path — both to direct or indirect dependencies — along with the fixed version for speedy remediation. As a standalone tool, developers can download the utility that matches their platform, run it within the terminal, and run the scan command on the root folder of the project.
https://github.com/whitesource/log4j-detect-distribution
Tomi Engdahl says:
Have UK Police Gone Too Far With Facial Recognition Technology?
https://www.pandasecurity.com/en/mediacenter/panda-security/uk-police-facial-recognition/
London’s Metropolitan Police has recently completed the roll-out of a new system called Retrospective Facial Recognition (RFR). RFR uses artificial intelligence technology to analyze video footage, automatically identifying suspects and persons of interest for detectives.
Tomi Engdahl says:
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/
Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.
Tomi Engdahl says:
Ransomware gangs increase efforts to enlist insiders for attacks https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/
A recent survey of 100 large (over 5, 000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.
Tomi Engdahl says:
EU to fund bug bounty programs for LibreOffice, Mastodon, three others https://therecord.media/eu-to-fund-bug-bounty-programs-for-libreoffice-mastodon-three-others/
[..] The five programs include LibreOffice, a document editing app and a free alternative to Microsoft Office; Mastodon, a web-based utility for hosting your private social network; Odoo, an enterprise resource planning (ERP) application; Cryptopad, an app exchanging encrypted messages; and LEOS, a software designed to help with drafting legislation.
Tomi Engdahl says:
Exposing the Internet-Connected Infrastructure of the REvil Ransomware Gang – An In-Depth OSINT Analysis https://ddanchev.blogspot.com/2022/01/exposing-internet-connected_24.html
In this post I’ve decided to do an in-depth OSINT analysis on the recently busted REvil ransomware gang and decided to elaborate more and emphasize on the key fact in specific how come that a single ransomware group with several publicly accessible and easy to shut down C&C (command and control) server domains. including several randomly generated Dark Web Onion URLs could easily result in millions of damage…
Tomi Engdahl says:
Cobalt Strike, a Defender’s Guide Part 2 https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy wins defenders can be on the look out for to detect beaconing activity. We cover topics such as domain fronting, SOCKS proxy, C2 traffic, Sigma rules, JARM, JA3/S, RITA & more.
Tomi Engdahl says:
Shipment-Delivery Scams Become the Favored Way to Spread Malware
https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
Tomi Engdahl says:
Scary Fraud Ensues When ID Theft & Usury Collide https://krebsonsecurity.com/2022/01/scary-fraud-ensues-when-id-theft-usury-collide/
Whats worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One readers nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.
Tomi Engdahl says:
https://blog.malwarebytes.com/ransomware/2022/01/ransomware-gangs-are-recruiting-breached-individuals-to-persuade-companies-to-pay-up/
Ransomware groups are using these direct contact tactics as extra leverage for victims to pay up. They contact staff or customers whose data was exfiltrated in the attack and get them to persuade the victim to pay up, threatening with the release of their personal information if they dont.
Tomi Engdahl says:
Gemini Annual Report 2021: Magecart Thrives in the Payment Card Fraud Landscape https://geminiadvisory.io/gemini-annual-report-2021-magecart-thrives-in-the-payment-card-fraud-landscape/
The underground payment card economy in 2021 saw new tactics enable new attack vectors, raising certain fraud schemes to higher prominence, such as attacks leveraging Google Tag Manager (GTM) and WebSockets, the Skimmer-as-a-Service model, and card checker innovations. . Cybercriminals have demonstrated the efficiency of compromising multiple merchants with a single attack by targeting ordering platforms that service dozens of merchants.
Tomi Engdahl says:
F-Secure tutki: Lähes joka neljäs työntekijä klikkaa huijausviestiä
https://etn.fi/index.php?option=com_content&view=article&id=13094&via=n&datum=2022-01-27_15:00:24&mottagare=30929
Vanhan totuuden mukaan ihminen on tietoruvan heikoin lenkki. F-Securen laaja tutkimus todistaa väitteen kiistatta todeksi. 22 prosenttia työntekijöistä joutui HR-aiheisten sähköpostien uhriksi tietojenkalastelututkimuksessa, johon osallistui yli 80 000 henkilöä.
To Click or Not to Click: What we Learned from Phishing 80 000 People -tutkimuksessa testattiin, kuinka neljän eri organisaation työntekijät vastasivat sähköposteihin, jotka simuloivat yhtä yleisesti käytettyä tietojenkalastelutaktiikkaa. Tutkimukseen osallistui 82 402 henkilöä.
Vastaanottajista 22 prosenttia klikkasi sähköpostin linkkiä, joka simuloi loma-aikaa koskevaa henkilöstöilmoitusta. HR:n lähettämiä sähköpostiviestejä jäljittelevät sähköpostit olivat tutkimuksen yleisin klikkauslähde.
Sähköposti, jossa vastaanottajaa pyydettiin auttamaan laskun kanssa (raportissa tähän viitataan nimellä CEO Fraud), oli toiseksi yleisin harhautustapa joka sai klikkauksia 16 prosentilta vastaanottajista. Document Share (ilmoitukset asiakirjan jakopalvelusta) ja Service Issue Notification (viestit verkkopalvelusta) sähköpostit saivat klikkauksia 7 ja 6 prosentilta vastaanottajista, joten ne olivat tutkimuksen mukaan vähiten klikattuja sähköposteja.
F-Securen palvelupäällikön ja raportin kirjoittajan Matthew Connorin mukaan tutkimuksen merkittävin havainto oli kuitenkin, että “teknisissä” rooleissa työskentelevät ihmiset näyttivät olevan yhtä alttiita tai jopa alttiimpia tietojenkalasteluyrityksille kuin muut ihmiset.
- Teknisen henkilöstön etuoikeutettu pääsy organisaation infrastruktuuriin voi johtaa siihen, että he joutuvat aktiivisen khalastelun kohteeksi, joten tutkimuksen osoittama alttius tietojenkalastelulle on huolenaihe
Tomi Engdahl says:
How Optical Wireless Communications for Enterprises Can Prevent Cyberattacks
Jan. 20, 2022
This article explores an alternative technology—OWC—to secure private 5G networks.
https://www.mwrf.com/technologies/systems/article/21214638/bridgecomm-inc-how-optical-wireless-communications-for-enterprises-can-prevent-cyberattacks?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS220121059&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R
What you’ll learn:
5G spectrum and security concerns.
Turning to optical wireless communication technology as a security solution.
As 5G becomes more ubiquitous, so too will vulnerabilities. Germany-based Rohde & Schwarz, for example, installed a private 5G network at its plant in Teisnach, Germany, to test new industrial applications and uncover how it could optimize 5G for smart factories. Likewise, the Belgian Port of Zeebrugge deployed a private 5G network to track, analyze and manage connected devices, such as autonomous vehicles, augmented reality and drones, across multiple port-based applications in real-time.
5G Spectrum
When configuring a private 5G network, spectrum typical comes from three principal ranges:
Low-frequency bands under 1 GHz
Mid-frequency bands in the core 3.3 GHz to 3.8 GHz range
High-frequency mmWave bands in the 26 GHz, 28 GHz and 40 GHz range
While each spectrum brings specific advantages, they also come with inherent risks, given that they are easily hackable radio-frequency (RF) signals. As 5G becomes more ubiquitous, so too will vulnerabilities. This is primarily due to 5G’s heavy reliance on RF, as well as application programming interfaces (APIs) and other supporting service functions.
These APIs expose enterprises to API-enabled hacks like the one used to target SolarWinds. With the cleanup from this cyberattack alone potentially costing more than $100 billion in the months ahead, the stakes are extremely high for both economic stability and national security.
Inarguably, current security methods are falling short. Meanwhile, threats to our nation extend to vital areas such as utilities, food, water, oil and gas. Colonial Pipeline may be just the first of what is to come, which is why National Guard simulations are underway to prepare government agencies and industries.
Optical Wireless Communication
With the critical need to address security and satisfy latency, bandwidth, licensing and cost, companies have explored options, including optical wireless communication (OWC). For decades, NASA used a license-free wireless technology in its Laser Communications Relay Demonstration and the Orion Exploration Mission 2 Optical Communications program; the process uses low-power, eye-safe, infrared lasers in the terahertz spectrum. Ultimately, this OWC technology provides rapid data transmission via beams of light connecting from one telescope to another or point-to-point.
Many military applications have relied on OWC for decades to communicate securely over unknown and hostile terrain. Over the years, OWC has benefited from improvements in lasers, amplifiers, and detectors, along with commercial investment from more traditional defense and aerospace companies in the U.S., Japan, and Europe.
It’s true that while OWC, also known as free-space optical communication, is still relatively new in the commercial space, it offers significant benefits over RF. In addition to delivering massive volumes of data at super-fast speeds—20 to 50 Gb per user—OWC provides built-in security. Lasers are extremely directional and more precise by nature, allowing for a very low beam divergence—the chance for data interception is very low compared to traditional RF communications, which broadcasts signals to a large field.
When compared to radio photons, the individual photons of an OWC laser beam have much more energy and are so tightly focused that they require much less power than traditional RF to transmit signals, yet deliver significantly higher throughputs. The low power transmission enables OWC signals to remain “unseen” from potential threats of detection, thus increasing confidence in securing the wireless transmission.
OWC also offers data encoding in polarization, wavelength-division multiplexing (WDM), and quadrature amplitude modulation (QAM), along with other methods. In some systems, such as Multimedia over Coax Alliance (MoCA), outgoing beams are right-hand circular polarized (RHCP) while incoming beams are left-hand circular polarized (LHCP). This allows for full bidirectional transmission of data. However, adaptation to this architecture could also enable either higher data throughputs (double the data rate) or the encoding of information (i.e., security keys) into the relationship between the beams to ensure the transmission stream has not been compromised.
In particular, external environments have shown just how effective OWC is at secure data transmission, which is why Starlink uses laser crosslinks to transfer communications from one satellite to another. Now, studies are underway to discover the effectiveness of OWC systems indoors. Barriers to adoption undoubtedly include cost
Tomi Engdahl says:
US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers
https://www.securityweek.com/us-says-national-water-supply-absolutely-vulnerable-hackers
Cyber defenses for US drinking water supplies are “absolutely inadequate” and vulnerable to large-scale disruption by hackers, a senior official said Thursday.
“There’s inadequate resilience to even a criminal sector,” the official said. “The threshold of resilience is not what it needs to be.”
President Joe Biden has attempted to address infrastructure cybersecurity but is limited by the fact that the vast majority of services are provided by private, not government, companies.
The scale of the challenge became clear in May last year when a ransomware attack temporarily crippled the Colonial Pipeline, a major oil pipeline network. A similar attack was carried out on JBS, one of the world’s biggest meat-processing companies.
These systems are increasingly automated, with computers managing treatment, storage and distribution. “These processes — I want to underscore this point — could all be vulnerable to cyberattacks, which could disable or manipulate monitoring control systems,” the official said.
“We’re particularly concerned that a cyberattack could be carried out, for example, to manipulate treatment processes to produce unsafe water. Also to damage water infrastructure or even to stop the flow of water,” the official said.
Tomi Engdahl says:
White House Publishes Federal Zero Trust Strategy
https://www.securityweek.com/white-house-publishes-federal-zero-trust-strategy
The White House on Wednesday released its federal zero trust strategy, requiring agencies to meet certain cybersecurity standards and objectives by the end of fiscal year 2024.
The strategy builds upon the executive order signed by President Joe Biden in May 2021 to improve the United States’ cyber defenses. The executive order was signed in response to the SolarWinds, Colonial Pipeline and other significant attacks carried out by foreign threat actors.
When a zero trust model is implemented, no user, system, network or service operating inside or outside the security perimeter is trusted, and every access attempt is verified.
The latest memorandum from the Office of Management and Budget (OMB) requires agencies to achieve certain goals by the end of 2024. These goals focus on identity, devices, networks, applications and workloads, and data — these are the five pillars described by the zero trust model of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA).
Tomi Engdahl says:
Sarah Perez / TechCrunch:
FTC: US consumers lost $770M to social media scams in 2021, about 25% of all fraud losses for the year and up 18x from the $42M in losses reported in 2017 — A growing number of U.S. consumers are getting scammed on social media according to a new report by the Federal Trade Commission …
FTC: US consumers lost $770 million in social media scams in 2021, up 18x from 2017
https://techcrunch.com/2022/01/27/ftc-u-s-consumers-lost-770-million-in-social-media-scams-in-2021-up-18x-from-2017/
Tomi Engdahl says:
Reuters:
The FCC revokes China Unicom’s authorization to operate in the US, granted ~20 years ago, citing national security; Unicom can still offer data center services — The U.S. Federal Communications Commission (FCC) on Thursday voted to revoke the authorization for China Unicom’s (0762.HK) U.S. unit to operate in the United States.
FCC revokes China Unicom’s authorization to operate in U.S.
https://www.reuters.com/business/media-telecom/us-regulator-revokes-china-unicoms-authorization-operate-us-2022-01-27/
Tomi Engdahl says:
Politico:
The European Commission unveils Digital Decade Principles to define the EU’s vision of the global digital economy embracing values such as democracy and privacy
Europe pitches tech ‘principles’ to rule the internet
In global race for technology, Europe bets on digital rights as key selling point.
https://www.politico.eu/article/europe-tech-principles-internet-rules-digital-rights/
As geopolitical tensions over the control of technology rise, Europe is putting its foot down on how it wants the internet to run.
The European Commission presented on Wednesday its so-called Digital Decade Principles aimed at defining the 27-country bloc’s vision of how the digital economy should abide by values such as democracy, privacy, solidarity, freedom of choice and security.
It’s Europe’s attempt at turning its approach to internet governance into the global standard.
“We aim to be in the forefront of this global momentum and create something that allows us to take action on [the] ground and to take action together if we can inspire like-minded partners,” said Executive Vice President Margrethe Vestager in a press conference on Wednesday.
Internal Market Commissioner Thierry Breton said the EU’s digital “constitutional basis” would help promote democratic digital principles on the global stage.
U.S. tech giants Google, Amazon, Facebook, Apple and Microsoft now dominate the online world, and Chinese firms like Alibaba and Huawei — boosted by their strong domestic positions — have emerged as strong challengers in recent years. As these power dynamics have shifted, so too has the global diplomatic discussion about how to govern technology. Washington and Beijing are exerting more and more influence over international standards organizations and diplomatic bodies like the United Nations.
The Commission’s declaration, which could be signed alongside the presidents of the Council and the Parliament before the summer, is part of the bloc’s Digital Decade strategy to reach important common tech milestones by 2030, including doubling Europe’s microchip manufacturing capacity, ramping up 5G coverage and building tens of thousands of data storage and processing centers known as edge nodes.
The strategy will guide Europe as it responds to other global players’ efforts to frame the digital-governance conversation.
Tomi Engdahl says:
Daren Fonda / Barron’s Online:
Source: White House is readying an executive action to task federal agencies with regulating Bitcoin and other cryptocurrencies as a matter of national security — The Biden administration is preparing to release an executive action that will task federal agencies with regulating digital assets …
White House Wants Crypto Rules as a Matter of National Security
By Daren Fonda
Jan. 27, 2022 3:00 pm ET
https://www.barrons.com/articles/white-house-executive-action-regulate-cryptos-national-security-51643312454
The Biden administration is preparing to release an executive action that will task federal agencies with regulating digital assets such as Bitcoin and other cryptocurrencies as a matter of national security, a person familiar with the White House’s plan tells Barron’s.
The national security memorandum, expected to come in the next few weeks, would task parts of the government with analyzing digital assets and assembling a regulatory framework that covers cryptos, stablecoins, and NFTs, or non-fungible tokens, this person…
Tomi Engdahl says:
Cyber-security expert warns of disruption to undersea telecommunications cables by Russians
https://www.breakingnews.ie/ireland/cyber-security-expert-warns-of-disruption-to-undersea-telecommunications-cables-by-russians-1249574.html
Tomi Engdahl says:
https://pentestmag.com/artificial-intelligence-and-cybersecurity/
Tomi Engdahl says:
Web-Tracking ‘Cookies’ Meant to Protect Privacy: Inventor
https://www.securityweek.com/web-tracking-cookies-meant-protect-privacy-inventor
The data-tracking “cookies” at the heart of concerns over online privacy were meant to shield people, rather than serve as cyber snoops, their inventor told AFP.
California-based engineer and entrepreneur Lou Montulli said the original “cookie” he created decades ago was intended to make life online easier by letting websites remember visitors.
Yet the technology has become a lightning rod, attacked for helping tech companies collect data on consumers’ habits key to the targeted web ad business that makes many billions of dollars per year.
“My invention is at the technological heart of many of the advertising schemes, but it was not intended to be so,” said Montulli, who created them in 1994 while an engineer at Netscape.
“It is simply a core technology to enable the web to function,” he said.
Google joined a growing list of tech companies this week by announcing a new plan to block certain types of cookies, after the online ad giant’s previous proposals were roundly criticized.
Tomi Engdahl says:
In the Hacker’s Crosshairs: K-12 Schools
https://www.securityweek.com/hackers-crosshairs-k-12-schools
In education, cybersecurity is rarely top-of-mind — until a major incident occurs. Yet, according to the Federal Bureau of Investigation (FBI), schools are top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning. Earlier this month, the Albuquerque public schools were forced to cancel classes due to a cyberattack that locked district staff out of the information database they use to record student attendance, determine who is permitted to pick students up from school, and store student emergency contacts. Weeks prior, a ransomware attack on software provider Finalsite, a vendor providing services to the education market, affected the accessibility of 5,000 school websites. Cyberattacks are particularly challenging for K-12 schools, as they often face resource limitations and cannot attract the necessary talent to implement enterprise-grade defense strategies. Therefore, K-12 institutions will need to find ways to address these growing threats.
And growing, they’re. Last March, the Buffalo, N.Y., district canceled classes for two days in response to a ransomware attack. Since the start of the pandemic, cyberattacks have also prompted school closures in districts including Broward County, FL; Hartford, Conn.; and Clark County, NV. So, what is driving the uptick in these security incidents?
The flurry of new technologies needed to support the shift to remote learning as a response to the ongoing health crisis has left schools increasingly vulnerable to security risks and potential attacks. New applications, delays in patching, and failing security controls added complexity and vulnerabilities to environments where security had often been an afterthought. When exploited, these vulnerabilities pose significant risk.
Tomi Engdahl says:
Merirosvot iskevät nyt laivojen ja satamien sähköisiin järjestelmiin kyberpiraatit pystyvät sekoittamaan koko maailmankaupan
https://yle.fi/uutiset/3-12292088
Kyberhyökkäykset ovat kasvava uhka kansainväliselle merenkululle.
Asialla on perinteisiä merirosvoja ja muita rikollisia, mutta myös valtioita, joilla on poliittisia tavoitteita.
Tomi Engdahl says:
The Battle for the Worlds Most Powerful Cyberweapon https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html
A Times investigation reveals how Israel reaped diplomatic gains around the world from NSOs Pegasus spyware a tool America itself purchased but is now trying to ban.
Tomi Engdahl says:
Insight from a large-scale phishing study https://blog.f-secure.com/insight-from-a-large-scale-phishing-study/
Our insights from this study are as follows: Humans will remain susceptible to phishing attacks, no matter their role. Support those who are more likely to spot a phishing attack with a single simple to use reporting method ideally a button in their email client. Speed is of the essence, so arrange your security center to be able to triage and respond to the highest threat emails quickly.
Tomi Engdahl says:
How to Talk to the C-Suite and Board About OT Security https://www.dragos.com/blog/how-to-talk-to-the-c-suite-and-board-about-ot-security/
A successful OT security program starts from the top which means cybersecurity professionals must know how to communicate effectively with executives and board members. In such a technical space, however, achieving understanding and alignment can be tough. How can OT teams get the buy-in they need to successfully protect the business?
Tomi Engdahl says:
What’s the Deal With Anti-Cheat Software in Online Games?
https://www.wired.com/story/kernel-anti-cheat-online-gaming-vulnerabilities/
[A]n increasingly vocal subset of gamers is concerned that the software meant to detect and ban cheaters has become overly broad and invasive, posing a considerable threat to their privacy and system integrity.. A kernel driver could certainly introduce some sort of vulnerability. in 2016, when Capcom pushed out a kernel driver for the PC version of Street Fighter V. It had a vulnerability that let anyone load kernel code arbitrarily. So you could take the Capcom driver and then sideload your own code,. It might seem like this is even more evidence that kernel-level anti-cheats are huge vulnerabilities, and on one level they are, but most kernel drivers have similar vulnerabilities, and exploiting them requires technical skill and physical access to the computer with the driver installed.
Tomi Engdahl says:
Can Data Breaches Be GOOD For Some Corporate Brands?
https://www.forbes.com/sites/zengernews/2022/01/30/can-data-breaches-be-good-for-some-corporate-brands/
If a data breach is relatively minor and only receives limited negative media attention, it might end up having a positive effect as more people learn about the company and its products and dismiss the breach as bad luck. Honda partnered with an email marketing firm that experienced a breach in 2010, but according to the study, the automakers reputation grew as it received media attention.
Tomi Engdahl says:
Suomalaiset luottavat tietoturva-asioissa enemmän urheiluseuroihin kuin ulkomaisiin verkkokauppoihin
https://yle.fi/uutiset/3-12293723
Eniten suomalaisten luottamusta tietoturva-asioissa nauttivat pankit ja vakuutusyhtiöt sekä virastot ja muut julkishallinnon toimijat.
Tomi Engdahl says:
Lähes jokainen suomalainen altistui kyberhuijaukselle
https://etn.fi/index.php/13-news/13104-laehes-jokainen-suomalainen-altistui-kyberhuijaukselle
Elisan kyselytutkimuksessa on selvitetty suomalaisten kyberturvallisuuden tilaa. Tutkimuksen mukaan yli 90 prosenttia suomalaisista altistui vuonna 2021 verkko- tai puhelinhuijaukselle. Joka kymmenes vastaaja kertoi tulleensa varmasti huijatuksi.
Viime vuonna huijauskampanjat tulivat suomalaisten iholle ennätyksellisen laajasti.
Suomalaisista yli 70 prosenttia on saanut huijausviestejä sähköpostin välityksellä, ja 57 prosenttia on altistunut huijaukselle puhelimen kautta. Huomattavaa on, että kaksi kolmesta vastaajasta ei usko tunnistavansa kaikkia häneen kohdistuneita verkkohuijauksia.
- Yli puolet suomalaisesta altistui huijauksille puhelimen välityksellä. Tähän vaikuttivat muun muassa kahdesti aktivoitunut Flubot-tekstiviestihuijaus sekä erilaiset huijauspuhelut.
- Monelle voi olla epäselvää, mikä ero on hyökkäyksen kohteeksi joutumisella sekä huijatuksi tulemisella. Huijausviestin saapuminen puhelimeen ei automaattisesti saastuta puhelinta. Viestin avaaminenkaan ei tätä vielä tee, mutta viestissä olevien linkkien klikkaaminen ja sovellusten lataaminen lisää riskiä huomattavasti, Mäkelä jatkaa.
Teemu Mäkelän mukaan suojaamattomat laitteet ovat alttiita muun maussa palvelunestohyökkäyksille, joiden määrä on ollut tasaisessa kasvussa viime vuosien aikana. Koronaepidemian alussa Elisalla nähtiin selvä piikki palvelunestohyökkäysten volyymissa. – Jos laitteiden tietoturva ei ole tarpeellisella tasolla, voi se päätyä hyökkäyksen kohteeksi ja osaksi hyökkäyksiin käytettäviä bottiverkostoja, Mäkelä avaa.
Tomi Engdahl says:
Ransomware: Over half of attacks are targeting these three industries https://www.zdnet.com/article/ransomware-over-half-of-attacks-are-targeting-these-three-industries/
Three sectors [banking and finance, utility and retail] have been the most common target for ransomware attacks [according to Trellix], but researchers warn “no business or industry is safe”.
Tomi Engdahl says:
1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information https://www.mandiant.com/resources/ransomware-extortion-ot-docs
Based on our analysis, one out of every seven leaks from industrial organizations posted in ransomware extortion sites is likely to expose sensitive OT documentation. Access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber physical attacks. On top of this, other data also included in the leaks about . employees, processes, projects, etc. can provide an actor with a very accurate picture of the target’s culture, plans, and operations.
Tomi Engdahl says:
First law proposed that specifically targets misuse of AirTag by stalkers https://appleinsider.com/articles/22/01/26/pennsylvania-legislation-to-make-stalking-with-airtag-illegal
The legislation proposed by House member John Galloway is a direct reaction to all of the reports surrounding abuse and stalking related to AirTag. Even though Apple didn’t invent stalking, the effectiveness of the Find My network and the popularity of Apple have shined a spotlight on technology abuse.
Tomi Engdahl says:
Ranskalaisviranomainen lätkäisi Googlelle 100 miljoonan euron sakot https://www.kauppalehti.fi/uutiset/ranskalaisviranomainen-latkaisi-googlelle-100-miljoonan-euron-sakot/a757057e-fd28-4a79-afe4-2f5a6ca5752c
Ranskan tietosuojaviranomainen on kurittanut Googlea jo kahdella jättisakolla.
Tomi Engdahl says:
EU to create pan-European cyber incident coordination framework https://www.bleepingcomputer.com/news/security/eu-to-create-pan-european-cyber-incident-coordination-framework/
The European Systemic Risk Board (ESRB) proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to coordinate better when responding to major cross-border cyber incidents impacting the Union’s financial sector.
Tomi Engdahl says:
Cyber Insights 2022: Improving Criminal Sophistication
https://www.securityweek.com/cyber-insights-2022-improving-criminal-sophistication
When SecurityWeek asked Steve Katz, the world’s first CISO, what future threats concerned him most, he replied, “The biggest threat is the ever-increasing expertise of the hackers.”
This is a result of basic mechanics: “When one object exerts a force on a second object, the second one exerts a force on the first that is equal in magnitude and opposite in direction.” In cyber, it means that when defenses get stronger, attackers get more sophisticated; and when attackers get more sophisticated, defenses get stronger. It is action versus reaction ad infinitum – with cybercriminals currently holding the ascendancy.
(We are excluding adversarial nation-state activity from this discussion. See Cyber Insights 2022: Nation-States for information on the nation threat. It is worth noting, however, that the demarcation between cybercriminal and nation state actors is not always simple, with some actors having a foot in both camps.)
Throughout 2021, the attackers have been dominant. This will continue for at least the first half of 2022. The primary reasons are better, more professional organization, and vastly more resources. Criminal gangs have, quite simply, become very rich.
“It is now a reality that cybercrime gangs are as valuable as unicorn companies,” says Mikko Hyppönen, researcher at F-Secure. “Our enemy is becoming more powerful and wealthier.”
Tomi Engdahl says:
OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks
https://www.securityweek.com/ot-data-stolen-ransomware-gangs-can-facilitate-cyber-physical-attacks
Many of the ransomware attacks on industrial and critical infrastructure organizations result in the exposure of operational technology (OT) data that could be useful to threat actors, including to conduct cyber-physical attacks, according to Mandiant.
The company’s researchers have analyzed the roughly 2,600 data leaks that resulted from ransomware attacks in 2021 and determined that approximately 1,300 of them impacted critical infrastructure and industrial organizations.
An investigation of 70 of these leaks showed that ten of them contained technically sensitive OT information. Mandiant’s analysis included manually browsing through file listings and files, and forensic analysis using public and custom tools.
Exposed data, which at one point had been available — or still is available — to anyone with the knowledge to access websites on the Tor anonymity network, included IT and OT admin credentials, PLC project files, process documentation, engineering documentation for customer projects, and source code and other information for a proprietary platform.
Impacted organizations included renewable and hydroelectric energy producers, a train manufacturer, oil and gas organizations, control systems integrators, and a satellite vehicle tracking service.
Tomi Engdahl says:
The Third Building Block for the SOC of the Future: Balanced Automation
https://www.securityweek.com/third-building-block-soc-future-balanced-automation
When automation is balanced between humans and machines, we can ensure teams always have the best tool for the job
As Security Operations Centers (SOCs) narrow the focus of their mission to become detection and response organizations, they need three main capabilities in place to prepare their SOC of the future. I’ve talked about the first two already – a data-driven approach to security and an open integration architecture. When security is data-driven, teams have the context to focus on relevant, high-priority issues, make the best decisions and take the right actions. Data-driven security also provides a continuous feedback loop so that teams can capture and use data to improve future analysis. An open integration architecture enables data to flow throughout the infrastructure and ensures systems and tools can work together.
The third building block for the SOC is automation. Some people talk about automating everything within a SOC. However, that can lead to many challenges. A balanced approach to automation is needed because SOCs are nothing without the expert analysts that run them. Balancing automation with human intelligence and analysis allows teams to always have the best tool for the job. Repetitive, low-risk, time-consuming tasks are prime candidates for automation, while human analysts take the lead on irregular, high-impact, time-sensitive investigations with automation simplifying some of the work.
The benefits of balanced automation are many, and include retention and better utilization of scarce, highly skilled human resources and better outcomes because you can work faster and smarter. A balance between human and machine can also alleviate the fear of being burned when machines quarantine a system or block a port on a firewall in error. In turn, this builds confidence to move forward with more automation and strike the right balance for your organization, which results in another benefit – cost savings. The Cost of a Data Breach Report 2021 looked at the average cost of a data breach by security automation deployment level and the findings were eye opening. The average cost of a data breach dropped from $6.71 million for organizations with no security automation, to $3.85 million for organizations with some level of security automation.
Tomi Engdahl says:
CISA’s ‘Must Patch’ List Puts Spotlight on Vulnerability Management Processes
https://www.securityweek.com/cisas-must-patch-list-puts-spotlight-vulnerability-management-processes
The U.S. Cybersecurity and Infrastructure Security Agency’s catalog of known exploited vulnerabilities can be useful not only for helping organizations patch high-risk vulnerabilities in their systems, but also to help them build or improve vulnerability management processes.
When CISA announced the Known Exploited Vulnerabilities Catalog in November, it listed roughly 300 security holes. Another 50 vulnerabilities have been added to the list since its launch.
CISA has confirmed for SecurityWeek that all vulnerabilities included in the catalog have been exploited in real world attacks, even if in some cases there do not appear to be any public reports of malicious exploitation.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Tomi Engdahl says:
OpenSSFs Alpha-Omega Project to target vulnerabilities from beginning to end https://www.scmagazine.com/analysis/application-security/openssfs-alpha-omega-project-to-target-vulnerabilities-from-beginning-to-end
The effort, backed by a $5 million grant from Microsoft and Google, will be known as the Alpha-Omega Project. The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open source, running automated .
testing on the top 10,000.
Tomi Engdahl says:
Domain Escalation Machine Accounts
https://pentestlab.blog/2022/02/01/machine-accounts/
[P]erforming pass the hash with machine accounts instead of local administrators accounts is not very common even though it has been described in an article by Adam Chester years ago and could be used in scenarios where the host is part of an elevated group such as the domain admins.
Tomi Engdahl says:
Outdated IoT healthcare devices pose major security threats https://www.csoonline.com/article/3648592/outdated-iot-healthcare-devices-pose-major-security-threats.html
More than half (53%) of the IoT (internet of things) and internet of medical things (IoMT) devices used in healthcare contain critical cybersecurity risks, according to The State of IoMT Device Security report by Cynerio, which analyzed devices from more than 300 hospitals in the US.
Tomi Engdahl says:
OpenSSF Alpha-Omega Project Tackles Supply Chain Security
https://www.securityweek.com/openssf-alpha-omega-project-tackles-supply-chain-security
Microsoft and Google are throwing their weight behind a new Linux Foundation OpenSSF initiative to address major security gaps in the open-source software ecosystem.
The two tech giants have invested $5 million into the Alpha-Omega Project, an ambitious effort that tackles open source software security through direct engagement of software security experts and automated security testing.
The Alpha-Omega Project is the first major announcement following a meeting between the U.S. government and private sector security leaders in response to the Log4j incident and promises help for at least 10,000 important and widely deployed open-source projects.