Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
Historically, risk management has consisted of the controls over risk, acceptance of risk, and transfer of risk. Cyber resilience overlays those concepts with cyber-related security, business continuity and cyber insurance.
how insurance fits into a cyber resilience program
small and medium sized businesses are affected in their ability to be cyber resilient.
The recent rash of ransomware attacks and evolving cyber security threats make cyber security insurance a necessity, both to protect the company and to reassure clients and investors of the safety of their data.
Tomi Engdahl says:
Hackers abuse Google Ads to spread malware in legit software https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-to-spread-malware-in-legit-software/
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products.. Among the products impersonated in these campaigns include Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.
Tomi Engdahl says:
Asiantuntijalta varoitus: Rikolliset ottavat uuden tekniikan käyttöönsä https://www.is.fi/digitoday/tietoturva/art-2000009304070.html
F-Securen Laura Kankaalan mukaan odotettavissa on tekoälyn kehittelemiä huijauksia.
Tomi Engdahl says:
https://hackaday.com/2023/01/03/the-problem-with-passwords/
Tomi Engdahl says:
“Encryption Faces an Existential Threat in Europe”
Encryption Faces an Existential Threat in Europe
https://www.wired.com/story/encryption-faces-an-existential-threat-in-europe/
The CEO of Proton says new competition laws have finally given him a voice in Brussels, even as he fights the EU’s anti-encryption campaign.
ANDY YEN IS positioning himself to be Europe’s answer to Google cofounder Larry Page. Like Google, Yen’s company Proton offers services including email, calendar, drive storage, and VPN, just with a privacy twist. All its products are encrypted. But unlike Google, nine-year-old Proton has had to try and grow its business in the shadow of the tech giants. That has been a huge disadvantage, says Yen, because companies like Google and Apple can exploit their dominance to nudge users to use their apps as well as their phones.
But 2022 was the year the European Union finally took action. In March, the bloc’s lawmakers agreed on new rules designed to release the grip Big Tech has on European consumers and to help homegrown internet companies compete with American giants for customers. The Digital Markets Act will obligate companies that run phone operating systems to offer “choice screens” so users have more control over which services they use. Technically, the DMA went into force in November, although it may not take full effect until March 2024. Proton is headquartered in Geneva, Switzerland, which is not an EU member. But Yen thinks this law will help European companies, like Proton, finally have a voice in Brussels.
Europe’s momentum in rewriting the rules of the internet, however, is not all good for Proton, which has grown to 70 million accounts. The company is warily watching a wave of proposals in the UK and the EU that privacy advocates warn will threaten encryption, such as the UK’s Online Safety Bill and the EU’s proposals to combat child sexual abuse material.
But is political will the same as having the resources to force big tech companies to comply?
That’s exactly the problem. The combined market cap of these big tech companies a couple months ago was $7 trillion, which is bigger than most European countries’ GDP.
That’s a lot of lawyers.
They [Big Tech] are throwing literally hundreds of millions of euros at this problem
What about other European regulation? I know there’s a lot of concern about the legislation drafted by EU Home Affairs commissioner Ylva Johansson which proposes forcing encrypted platforms to carry out automated searches for child sexual abuse material. Is that something you think could affect you?
Of course, it could potentially impact us. There’s also the Online Safety Bill here in the UK. It seems like it’s coming back from the dead.
But if these things go through, there’s the risk that encryption will be demonized at a time where you’re having breakthroughs in these other areas.
The problem with these legislations is they are written too broadly; they are trying to cover too many unrelated issues. I’ll give you an example from the UK’s online safety debate. Part of its focus is content moderation on social media. But there’s a difference between messaging on social media versus private messaging. The two things should be decoupled. So, no one is saying that there are no problems and that we shouldn’t try to fix them. But I think we need to define clearly what we’re trying to solve and how the remedy is geared toward the actual problem. Otherwise you come up with legislation which has a lot of unforeseen consequences.
Typically, the purpose of legislation is to step in when markets don’t create the right incentive structures to enforce an outcome that will be good for society, right? And if you look at the, let’s say, the child sexual abuse control debate, is there any company in the world that is incentivized not to tackle this problem? I would say no. It’s a huge problem from a PR standpoint, from a business standpoint. So Big Tech and small tech companies like Proton are already putting all the resources that we can into combating this issue. So given that is already the case, legislation perhaps isn’t necessary because the incentives to tackle the problem are already there.
The second aspect is the focus on encryption. But is breaking encryption the only way to tackle this problem? I can tell you, it’s not. There’s many other technological ways to do this—by looking at patterns of behavior, for example. We need to always find the right balance. And for me, mandating that we undermine or weaken or break encryption, that’s not the right balance. The way I tend to think about this is, for sure, privacy and encryption can be misused. This is unavoidable. But a world where privacy and encryption is forbidden already exists. Russia did this recently. China is doing this. North Korea does it. Iran does it. And I can tell you that people in those countries don’t feel more secure.
In a democratic society, we need to accept and defend privacy, even though there will be some negative externalities because the alternative, which is no privacy, is worse. We shouldn’t strive to say we have the perfect solution that will eliminate 100 percent CSAM [child sexual abuse material], as objectionable as it is. Because if we do that, we’re giving up so much more. This is the balance that needs to be struck.
It is a debate. The issue that I see here is that politicians feel pressure to confront the issue. They’re getting pressure, also from law enforcement, to tackle the issue. But I think law enforcement is using this as a Trojan horse, they really want to [break encryption] for other purposes. At the same time, when I talk to people in Brussels, they say, “We’re not trying to break encryption, we know encryption is very important.” And it’s the typical issue where they need to show that they’re doing something, they want to do something. But at the same time there is no easy, obvious solution to the problem. So they’re kind of stuck.
It’s much harder to get into the details, because lots of people don’t even want to debate this issue—it’s very upsetting.
You want to have a nuanced discussion about it, and then the response is “think of the children.” It’s difficult to have a proper discussion about it. I think it would be bad for democracy if we don’t have that debate.
Tomi Engdahl says:
Cybersecurity—More Important than Ever
May 18, 2022
The threat of cyberattacks seemingly becomes more ominous every passing day. Learn about the different types of vulnerabilities and methods of defeating such attacks in this TechXchange library.
https://www.electronicdesign.com/techxchange/editorial/whitepaper/21164543/electronic-design-cybersecuritymore-important-than-ever?utm_source=EG+ED+Auto+Electronics&utm_medium=email&utm_campaign=CPS221229030&o_eid=7211D2691390C9R&rdx.identpull=omeda|7211D2691390C9R&oly_enc_id=7211D2691390C9R
Ransomware attacks aren’t new, but the number and scope has been steadily expanding. Ways to prevent and mitigate these attacks are well-known. However, they require intervention that’s typically lacking. The excuse usually surrounds the extra cost of these preventive measures. It’s not as if the idea of holding a factory or pipeline ransom is new.
Likewise, adding external firewalls is just one way to help mitigate attacks. Regular backups also are critical to recovering from an attack.
For now, we will leave issues like backups, and whether to pay a ransom, mostly to other articles on this subject so we can concentrate on the technologies that can be employed, such as Transport Security Layer (TLS) and cryptography.
The attack surface continues to grow as devices become more connected. Attacks aren’t restricted to the communication links or gaps in how processors are implemented. Still, engineers can take advantage of features like secure boot as well as pre-boot security tools and use security frameworks like AppArmor or SELinux.
Tomi Engdahl says:
Tunnistatko petollisen verkkokaupan? Suomalaisilta masentava luku https://www.is.fi/digitoday/tietoturva/art-2000009303099.html
LÄHES puolet suomalaisista ei tiedä, miten varmistaa verkko-ostosten turvallisuus, selviää konsulttiyritys Deloitten joulukuussa teettämästä tutkimuksesta. 1824-vuotiaat ovat muita ikäryhmiä valveutuneempia, mutta heistäkin vain noin kaksi kolmasosaa sanoo tunnistavansa mahdolliset huijaustilanteet.
Tomi Engdahl says:
Asiantuntijalta varoitus: Rikolliset ottavat uuden tekniikan käyttöönsä https://www.is.fi/digitoday/tietoturva/art-2000009304070.html
Tietoturvayhtiö F-Securen uhkatutkimusjohtaja Laura Kankaalan mukaan tekoäly on liian hyvä mahdollisuus rikollisille jättää käyttämättä.
Siksi jatkossa on syytä odottaa tekoälypohjaisia huijauksia. Kaikkia tekoälyn kyberrikollisuudelle tuomia mahdollisuuksia ei ole vielä hyödynnetty. Tämä saattaa kuitenkin muuttua ChatGPT:n kaltaisten mallien myötä, sillä ne ovat hyviä luomaan tekstiä ja käymään keskustelua, Kankaala toteaa F-Securen FAlert-raportissa (pdf) Lähde:
https://www.f-secure.com/content/dam/f-secure/en/consumer/documents/F-Alert_December.pdf
Tomi Engdahl says:
Toimitusjohtaja varoittaa salauksen tulevaisuudesta Meidän on puolustettava yksityisyyttä https://www.tivi.fi/uutiset/tv/5f8dc0de-6527-4b29-b341-f3b4ff136dab
Yksityisyyttä korostavia sähköposti-, kalenteri- ja vpn-palveluita tarjoavan Protonin toimitusjohtaja Andy Yen on huolissaan salauksen tulevaisuudessa Euroopassa. Syynä ovat Euroopan unionin ja Ison-Britannian tekemät lakiehdotukset verkkoympäristöjen turvallisuuden parantamiseksi, Yen sanoo Wiredin haastattelussa..
Alkup
https://www.wired.com/story/encryption-faces-an-existential-threat-in-europe/
Tomi Engdahl says:
Breaking RSA with a Quantum Computer
https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
A group of Chinese researchers have just published a paper claiming that they canalthough they have not yet done sobreak 2048-bit RSA.
This is something to take seriously. It might not be correct, but its not obviously wrong. Alkup. https://arxiv.org/pdf/2212.12372.pdf
Tomi Engdahl says:
Ransomware gang cloned victims website to leak stolen data https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim’s site to publish stolen data on it. It appears that ALPHV, also known as BlackCat ransomware, is known for testing new extortion tactics as a way to pressure and shame their victims into paying.
Tomi Engdahl says:
ChatGPT For Cybersecurity
https://www.youtube.com/watch?v=6PrC4z4tPB0
In this video, I go over the process of how to use ChatGPT and cover various examples of how to use ChatGPT for Cybersecurity.
ChatGPT is an AI-driven chatbot launched by OpenAI in November 2022.
It is trained using Reinforcement Learning from Human Feedback (RLHF).
It is built on top of OpenAI’s GPT-3.5 family of large language models and is fine-tuned with both supervised and reinforcement learning techniques.
OpenAI ChatGPT: https://chat.openai.com/chat
Timestamps:
0:00 Introduction
7:50 ChatGPT usage
10:45 Pentesting examples
13:10 Generating shells
14:25 Fuzzing
17:15 Shellcode
18:00 Custom emails
19:34 Macros
20:56 Buffer overflow
22:15 Automation
25:00 Blue team examples
28:33 ChatGPT impact on cybersecurity
Tomi Engdahl says:
NIST Finalizes Cybersecurity Guidance for Ground Segment of Space Operations
https://www.securityweek.com/nist-finalizes-cybersecurity-guidance-ground-segment-space-operations
The National Institute of Standards and Technology (NIST) has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.
NIST’s widely used Cybersecurity Framework consists of standards, guidelines and practices for protecting critical infrastructure. This voluntary framework is designed to help organizations manage their cybersecurity risks.
The NIST Interagency Report (IR) 8401 aims to apply the Cybersecurity Framework to satellite command and control, creating a profile for the space sector’s ground segment in an effort to help stakeholders manage risk. The goal of the profile is to complement existing security measures in an organization.
Satellite Ground Segment: Applying the Cybersecurity Framework to Satellite Command and Control
https://csrc.nist.gov/publications/detail/nistir/8401/final
Tomi Engdahl says:
Virtual Insanity: Protecting the Immersive Online World
https://www.securityweek.com/virtual-insanity-protecting-immersive-online-world
As a result of the intersection of humans and technology, many social engineering attacks aimed at exploiting unsophisticated users will occur
The concept of a virtual world in which people live, work, and interact with others without leaving their living room in the physical world gained more momentum during the pandemic. In fact, Gartner predicts that by 2026, a quarter of the population will spend a minimum of an hour each day in some type of immersive virtual environment for work, shopping, education, social media and/or entertainment.
Cities are among the first to enter this new iteration of the internet powered by virtual reality (VR), augmented reality (AR) and mixed reality (MR) technology. These virtual cities—Dubai being the first—promise to replicate real-life experiences and places. Individuals create avatars that can then work, shop, play and more in a virtual space. While these new virtual spaces will provide untold opportunities, they also set the stage for an unparalleled rise in cybercrime.
Tomi Engdahl says:
The Impact of Geopolitics on CPS Security
https://www.securityweek.com/impact-geopolitics-cps-security
The world changed fundamentally during the pandemic. Businesses were affected profoundly as they were forced to undergo digital transformation quickly to survive. And for organizations that were able to truly excel at it, digital transformation became a differentiating advantage. Of course, shareholders clearly saw the cost and competitive advantages of digital transformation and there is no turning back.
Our physical world has become very dependent on its digital components so we can share data and take advantage of simplified and more efficient workflows. The challenge now is that we are in a position of playing catch-up because all that extra connectivity needs to be secured. While the need to secure cyber-physical systems (CPS) is nothing new, the pandemic has escalated it in ways none of us could have anticipated or prepared for out of the gate. For example, who could have imagined a 63-fold increase in telehealth utilization or that 80% of remote-capable workers would continue to work remotely at least part of the time?
Geopolitics up the ante
The explosive growth in CPS interconnectivity, coupled with the rapidly evolving geopolitical landscape and opportunistic criminals, makes for a dangerous situation.
We’re dealing with the usual suspects, mainly Russia and China with Iran emerging. But Russia is at the top of the list, as they have demonstrated they are both capable and, in the current climate, motivated to add cyberattacks to their arsenal. As we have seen in the past, Russia doesn’t hesitate to deploy destructive cyber weapons with the potential to paralyze vast portions of Operational Technology (OT) networks: they proved that in 2016 with the NotPetya attack, which paralyzed many organizations. Now, in the era of hybrid war, the increase in attacks on critical infrastructure and the impact of the geopolitical conflict on the world is significant.
As Russia loses more ground in the invasion of Ukraine and pressure from the U.S. and our allies continues to mount, we are likely to see cyberattacks increasingly used as a weapon. CPS and the networks they operate on are obviously attractive targets because of their criticality levels and potential for sabotage. We’ve already seen many examples this year.
Tomi Engdahl says:
https://pentestmag.com/the-biggest-risks-of-client-side-scanning/
Tomi Engdahl says:
KGB ei löytänyt puhelimesta mitään hakkerit kehittivät ovelan tavan suojata viestit https://www.is.fi/digitoday/tietoturva/art-2000009304836.html
VALKOVENÄLÄISET aktivistit ovat kehittäneet turvakeinon, jolla nämä voivat salata keskustelunsa viranomaisten laite-etsinnältä. Kyseessä on Itä-Euroopassa suurta suosiota nauttivan Telegram-pikaviestimen muokatusta versiosta, joka tunnetaan nimellä Partisan Telegram tai P-Telegram, kertoo The Record. Sovelluksen takana oleva Kyberpartisaanit (-) on valkovenäläinen aktivistihakkerien ryhmä, joka on muun muassa hankaloittanut Venäjän armeijan liikkeitä Valko-Venäjällä hakkeroimalla rautateiden tietojärjestelmiä.
Tomi Engdahl says:
These grim figures show that the ransomware problem isn’t going away https://www.zdnet.com/article/these-grim-figures-show-that-the-ransomware-problem-isnt-going-away/
Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, demonstrating how ransomware attacks remain a significant cyber threat to the public sector and civil society. The figures on the number of government, education and healthcare sector organizations hit by ransomware attacks have been detailed by cybersecurity researchers at security company Emsisoft, who analysed disclosure statements, press reports, and information posted to the dark web.
Tomi Engdahl says:
Matt Burgess / Wired:
The 2020 EncroChat hack led by French and Dutch police is facing growing legal challenges across Europe and the fallout could have global implications for E2EE
Cops Hacked Thousands of Phones. Was It Legal?
https://www.wired.com/story/encrochat-phone-police-hacking-encryption-drugs/
When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.
Tomi Engdahl says:
Innofactor Managed Detection and Response (MDR)
Saavuta reaaliaikainen näkyvyys, havaitse ja reagoi moderneihin kyberuhkiin maailmanluokan asiantuntijoiden ja Microsoftin johtavan tietoturvateknologian avulla
https://www.innofactor.com/fi/mita-teemme/tuotteet/innofactor-managed-detection-and-response/
Tomi Engdahl says:
Revolutionize Your Hacking Skills with ChatGPT: The AI Assistant That Will Take Your Cybersecurity to the Next Level
https://kreskn.medium.com/revolutionize-your-hacking-skills-with-chatgpt-the-ai-assistant-that-will-take-your-cybersecurity-6af85956efd1
Tomi Engdahl says:
Top 12 cyber crime trends to watch for in 2023
Proliferation of IoT devices, e-commerce platforms and cloud solutions will drive the growth of the cyber security market
https://www.thenationalnews.com/business/technology/2022/12/30/top-12-cyber-crime-trends-to-watch-for-in-2023/
Tomi Engdahl says:
Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo
Do Not Pay, which has automated a ton of menial tasks, says it plans to make the tool available to customers.
https://www.vice.com/en/article/pkg94v/deepfake-voice-do-not-pay-wells-fargo-refund
Tomi Engdahl says:
CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
https://infosecwriteups.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6
Tomi Engdahl says:
https://danialzahoor.blogspot.com/2022/11/24-essential-penetration-testing-tools.html
Tomi Engdahl says:
Cross-comparison of many streams of digital data provides a powerful tool for law enforcement—but also for the abuse of state power
HOW POLICE EXPLOITED THE CAPITOL RIOT’S DIGITAL RECORDS
Forensic technology is powerful, but is it worth the privacy trade-offs?
https://spectrum.ieee.org/capitol-riot?share_id=7387014&socialux=facebook&utm_campaign=RebelMouse&utm_content=IEEE+Spectrum&utm_medium=social&utm_source=facebook
Tomi Engdahl says:
https://www.weforum.org/agenda/2023/01/global-rules-crack-down-cybercrime/
Tomi Engdahl says:
https://web3antivirus.io/
Tomi Engdahl says:
The Hidden Cost of Cheap TVs
Screens have gotten inexpensive—and they’re watching you back.
https://www.theatlantic.com/technology/archive/2023/01/smart-tvs-sony-lg-cheap/672614/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ransomware-impacts-over-200-govt-edu-healthcare-orgs-in-2022/
Tomi Engdahl says:
https://pentestmag.com/why-hunting-for-lolbins-is-one-of-the-best-bets/
Tomi Engdahl says:
Here’s how OpenAI’s ChatGPT can be used to launch cyberattacks
Security researchers had the AI create a fake email from a hosting company and inject malware into an Excel file as part of a test.
https://techmonitor.ai/technology/ai-and-automation/chatgpt-cyberattacks-openai
Tomi Engdahl says:
Amazon slaps automatic encryption on S3 data
Ensures future security stuffups will take extra effort
https://www.theregister.com/2023/01/06/amazon_s3_encryption/
Tomi Engdahl says:
Inventions that are fighting the rise of facial recognition technology
From LED-equipped visors to transparent masks, these inventions aim to thwart facial recognition cameras.
https://bigthink.com/the-present/facial-recognition/#Echobox=1672934243
Tomi Engdahl says:
The cashless future is here. So is Big Brother.
Is getting rid of the dollar bill a good idea?
https://thehill.com/changing-america/enrichment/arts-culture/3799088-the-cashless-future-is-here-so-is-big-brother/
Two-fifths of Americans used no cash in 2022.
Paper currency and coins have downsides: they are unsanitary, inconvenient, costly to handle and easy to steal.
Credit and debit cards leave a valuable digital trace but that also means they are easy to track.
Tomi Engdahl says:
Unraveling the techniques of Mac ransomware https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware/
This blog provides details from our analysis of known ransomware families affecting macOS devices. [...] To perform these actions, malware creators abuse legitimate functionalities and devise various techniques to exploit vulnerabilities, evade defenses, or coerce users to infect their devices. We describe these techniques in detail below, based on our analysis of four Mac ransomware families: KeRanger, FileCoder, MacRansom, and EvilQuest. In particular, we take a deeper look at EvilQuest and one of its variants that had its ransomware component removed but was further improved with additional techniques and anti-analysis logic
Tomi Engdahl says:
PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/
Unit 42 researchers perform a deep dive into Automated Libra, the cloud threat actor group behind the freejacking campaign PurpleUrchin.
Automated Libra is a South African-based freejacking group that primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their cryptomining operations
Tomi Engdahl says:
Turla: A Galaxy of Opportunity
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
As Mandiant recently wrote about in our blog post, Always Another
Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia, USB spreading malware continues to be a useful vector to gain initial access into organizations. In this incident, a USB infected with several strains of older malware was inserted at a Ukrainian organization in December 2021. When the system’s user double clicked a malicious link file (LNK) disguised as a folder within the USB drive, a legacy ANDROMEDA sample was automatically installed and began to beacon out
Tomi Engdahl says:
Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/
Global volume of cyberattacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organization. Top 3 most attacked industries in 2022 were Education/Research, Government and Healthcare.
Geography of Africa experienced the highest volume of attacks with
1875 weekly attacks per organization, followed by APAC with 1691 weekly attacks per organization. North America (+52%), Latin America
(+29%) and Europe (+26%) showed largest increases in cyberattacks in 2022, compared to 2021. USA saw a 57% increase in overall cyberattacks in 2022, UK saw a 77% increase and Singapore saw a 26% increase
Tomi Engdahl says:
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API https://msrc-blog.microsoft.com/2023/01/06/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/
Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) API. CBL-Mariner is a Linux distribution built by Microsoft to power Azures cloud and edge products and services and is currently in preview as an AKS Container Host. Sharing CVEs regarding vulnerabilities that have been addressed CBL-Mariner upstream open-source projects will help security teams find the most up to date information to discover, assess, and patch systems quickly and consistently across cloud and edge scenarios
Tomi Engdahl says:
Amazon S3 will now encrypt all new data with AES-256 by default https://www.bleepingcomputer.com/news/security/amazon-s3-will-now-encrypt-all-new-data-with-aes-256-by-default/
Amazon Simple Storage Service (S3) will now automatically encrypt all new objects added on buckets on the server side, using AES-256 by default. “S3 buckets that do not use default encryption will now automatically apply SSE-S3 as the default setting. Existing buckets currently using S3 default encryption will not change.”
Tomi Engdahl says:
OPWNAI : CYBERCRIMINALS STARTING TO USE CHATGPT https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
CPRs analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools that we present in this report are pretty basic, its only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad
Tomi Engdahl says:
FCC wants telecom carriers to report data breaches faster https://www.bleepingcomputer.com/news/security/fcc-wants-telecom-carriers-to-report-data-breaches-faster/
The U.S. Federal Communications Commission wants to strengthen federal law enforcement and modernize breach notification requirements for telecommunications companies so that they notify customers of security breaches faster. FCC’s proposals (first circulated in January 2022) include the elimination of the current mandatory period of seven days that telecoms have to abide by before alerting consumers of a data breach. The Commission also wants telecommunications carriers to report all significant breaches to several federal agencies, including the FBI, Secret Service, and the FCC
Tomi Engdahl says:
2023 Will See Renewed Focus on Quantum Computing https://www.darkreading.com/tech-trends/2023-will-see-more-focus-on-quantum-computing
2022 was a big year for quantum computing. Over the summer, the National Institute of Standards and Technology (NIST) unveiled four quantum computing algorithms that eventually will be turned into a final quantum computing standard, and governments around the world boosted investments in quantum computing. 2023 may be the year when quantum finally steps into the limelight, with organizations preparing to begin the process of implementing quantum computing technologies into existing systems. It will also be the year to start paying attention to quantum computing-based attacks
Tomi Engdahl says:
The Cybercriminal Who Rose from the Dead https://blogs.blackberry.com/en/2023/01/cybercriminal-faked-death-found
When the U.S. government revealed charges against 26-year-old Mark Sokolovsky, it stunned more than a few cybersecurity researchers.
After all, they thought he was dead. Sokolovsky is now in a European jail, awaiting extradition to the United States, accused of being a key player in a massive international cybercrime operation that spawned a notorious Malware-as-a-Service (MaaS) known as Raccoon InfoStealer. The information-stealer targeted Windows® users, seeking out and swiping their stored credentials, which could then be sold on the dark web
Tomi Engdahl says:
Unveiling of a large resilient infrastructure distributing information stealers https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers/
SEKOIA.IO analysts unveiled a large and resilient infrastructure used to distribute Raccoon and Vidar stealers, likely since early 2020. The associated infection chain, leveraging this infrastructure of over 250 domains, uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub
Tomi Engdahl says:
US Regulators Warn Banks About Cryptocurrency Security Risks https://www.infosecurity-magazine.com/news/regulators-banks-cryptocurrency/
In a joint statement issued on January 3, 2022, the Board of Governors of the Federal Reserve [...] warned banking organizations of the key risks associated with crypto-assets and crypto-asset sector participants. [The report at https://www.occ.gov/news-issuances/news-releases/2023/nr-ia-2023-1a.pdf
mentions “vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance.”]
Tomi Engdahl says:
Cryptocurrency hacks shot up in 2022, amounting to almost $4 billion in losses https://www.cyberscoop.com/cryptocurrency-hacks-2022/
Losses of cryptocurrency assets due to hacks rose to $3.7 billion last year, a 58 percent increase over the $2.3 billion that cybercriminals stole from investors and exchanges in 2021, according to a report released Thursday by Immunefi, a web3 security testing platform. The firms analysis found that hacks accounted for more than 95 percent of all cryptocurrency theft. Frauds and scams made up the rest of the losses. Researchers at Immunefi tracked 134 specific hacking incidents in 2022, an increase from 104 hacks in 2021. Original at https://assets.ctfassets.net/t3wqy70tc3bv/1ObYJk9jzWS4ExHICslYep/e2b5cee51268e47ee164c4dffbd78ad4/Immunefi_Crypto_Losses_2022_Report.pdf
Tomi Engdahl says:
The State of Ransomware in the US: Report and Statistics 2022 https://www.emsisoft.com/en/blog/43258/the-state-of-ransomware-in-the-us-report-and-statistics-2022/
In 2022, we got to see how that would all play out and, unfortunately, it was a case of same old, same old. The number of government, education and healthcare sector organizations impacted by ransomware this year was very similar to the number impacted in previous years. 106 local governments, 44 universities and colleges,
45 school districts operating 1,981 schools, 25 healthcare providers operating 290 hospitals
Tomi Engdahl says:
How Infostealer Threat Actors Make a Profit https://asec.ahnlab.com/en/45150/ According to the ASEC report for Q3 2022, Infostealers make up more than half of malware types with executable formats reported by client companies or collected by AhnLab. As the downloader types also actually install Infostealers or backdoor-type malware, it can be said that most of the malware distributed to attack ordinary or corporate users are Infostealers. Report at https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.108_ENG.pdf