Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
AI Warfare: The Technological Landscape and Future Possibilities
https://onestopsystems.com/blogs/one-stop-systems-blog/ai-warfare-the-technological-landscape-and-future-possibilities
he integration of Artificial Intelligence (AI) into warfare has revolutionized the technological landscape of modern military operations. AI-driven systems are capable of autonomously processing data, making intelligent decisions, and executing complex tasks with precision. In this blog article, we provide a comprehensive overview of the current capabilities of AI in warfare, explore future possibilities, and examine the challenges faced by the underlying hardware.
Current Capabilities of AI Warfare
Intelligent surveillance: AI algorithms can analyze vast amounts of sensor data, including images, video streams, and signal intelligence, to identify potential threats, track targets, and provide real-time situational awareness. This capability allows military forces to make informed decisions and effectively respond to changing scenarios.
Autonomous weapons: AI-driven autonomous systems such as drones and unmanned ground vehicles can be deployed independently or in collaboration with human operators. These systems can perform missions, including reconnaissance, target acquisition, and even combat operations, while minimizing the risk to human personnel.
Data analysis and decision support: AI can process and analyze large volumes of data from various sources, extracting valuable insights, patterns, and correlations. This enables military commanders to make data-driven decisions, plan missions, and optimize resources.
Future Possibilities
Swarm intelligence: The use of swarms of AI-controlled autonomous systems working together in a coordinated manner offers immense possibilities for future warfare. Swarm intelligence can provide enhanced surveillance, efficient target acquisition, and increased resilience by leveraging the collective intelligence of multiple AI entities.
Cognitive battlefields: The ability of AI to learn and adapt could lead to the development of cognitive battlefields where AI systems continuously analyze the environment and respond to dynamic changes. These systems could autonomously allocate resources, adjust strategies, and react to emerging threats in real time.
Human-machine collaboration: Future AI warfare is likely to involve closer collaboration between humans and machines. AI systems could support human operators in decision-making, provide real-time information, and enable seamless communication between manned and unmanned platforms.
Tomi Engdahl says:
Industrial networks need better security as attacks gain scale
Critical infrastructures and operational technology systems will face increasing threats as they move toward common standards.
https://www.zdnet.com/article/industrial-networks-need-better-security-as-attacks-gain-scale/
Increased digitalization and connectivity have fuelled automation in OT sectors, such as power, oil and gas, water, and manufacturing. These industries also gain greater efficiency through adopting common protocols and operating systems.
However, as these sectors move from heterogeneous environments toward standardized software stacks, the homogeneity allows threat adversaries to achieve better scalability, said Robert M. Lee, CEO of US-based cybersecurity vendor Dragos, which specializes in OT and industrial controls systems.
This will lead to more repeatable and cross-industry OT attack toolkits, he noted. Coupled with a wider attack surface from increased connectivity, OT networks face greater odds of falling victim to an attack, cautioned Lee, who was speaking Tuesday via video link at the OT Cybersecurity Expert Panel Forum held in Singapore.
Even now, OT sectors are increasingly targeted. Just five years ago in 2018, Dragos identified six to seven state-actor groups that were explicitly focused on OT and industrial control systems. This number has since climbed to at least 22 groups and more state-actor networks are realizing the viability of targeting OT sectors, said Lee, who has testified at several US congressional briefings.
While the general IT threat landscape has seen higher frequency of attacks than OT, there are more costly consequences if OT systems are compromised, potentially impacting lives and economies, he said.
“The growing convergence between IT and OT systems expands the attack surface and introduces new risks that must be mitigated,” Koh said.
“We cannot rely on old answers to address new challenges we face. We need to look to innovation and creativity to come up with novel solutions to solve new and emerging cybersecurity challenges.”
“Threat actors have demonstrated persistence and improved capabilities to conduct malicious cyber activities against OT systems,” Koh said.
“Successful compromise of these systems, of which the delivery of essential services depends on, would jeopardize our national security, public and environmental safety, and the economy. The stakes are too high for us to ignore, and we need to do more.”
What works in IT may not work in OT
Noting that IT security best practices do not necessarily function as well in OT environments, Lee cautioned OT organizations against blindly “copying and pasting” IT security measures. Doing so is more likely to cause significant disruption and bring down OT systems than safeguard them against threat actors, he said.
Singapore’s Minister for Communications and Information Josephine Teo added that OT systems had been traditionally placed in air-gapped environments, managed, and monitored separately from internet-facing IT systems. This approach changed with the acceleration of digitalization in OT industries, with companies tapping IT products and services to streamline and enhance operational efficiencies.
Teo said at the forum: “Unfortunately, the same technologies that enable OT operators to readily control their systems via a web interface can also allow bad actors to hijack OT systems and manipulate them to cause damage and disruption.”
Teo added that Singapore also will need to beef up its skillsets in OT and IT security, as well as drive collaboration across government, industry, and academia. This focus is necessary to strengthen interdisciplinary expertise and partnership mechanisms to respond effectively to emerging threats, Teo said.
“Cybersecurity is, after all, an international team sport and we can only win if we’re playing as one against our common enemy,” she said.
Tomi Engdahl says:
Banks defending their right to security are missing the point about consumer trust
https://www.zdnet.com/article/banks-defending-their-right-to-security-are-missing-the-point-about-consumer-trust/
When businesses override a customer’s security decision, does it make them fully liable when a breach occurs? That’s a question banks like those in Singapore need to consider before they roll out their next security feature.
Tomi Engdahl says:
EU Digital Services Act: Challenges remain as enforcement begins https://www.euractiv.com/section/law-enforcement/news/eu-digital-services-act-challenges-remain-as-enforcement-begins/
>From Friday (25 August), large online platforms and search engines will
>have
to comply with the new EU Digital Services Act, a landmark law designed to combat hate speech and disinformation online. However, enforcing the new rules is likely to be challenging.
Tomi Engdahl says:
New Whiffy Recon malware uses WiFi to triangulate your location https://www.bleepingcomputer.com/news/security/new-whiffy-recon-malware-uses-wifi-to-triangulate-your-location/
Cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location of infected devices through WiFi scanning and Google’s geolocation API. In Whiffy Recon’s case, knowing the victim’s location could help carry out attacks that are better focused on specific regions or even urban areas, or help intimidate victims by showing tracking ability.
For Windows systems where that service is present, Whiffy Recon enters a WiFi scanning loop that runs every minute, abusing the Windows WLAN API to collect the required data and sending HTTPS POST requests containing WiFi access point information in JSON format to Google’s geolocation API.
Using the coordinates in Google’s response, the malware formulates a more complete report about the access points, now including their geographic position, encryption method, SSID, and sends it to the threat actor’s C2 as a JSON POST request.
Depending on the number of WiFi access points in the area, the triangulation accuracy via Google’s geolocation API ranges between 20-50 meters (65-165ft) or less, though that figure increases in less dense areas.
Tomi Engdahl says:
Ransomware ecosystem targeting individuals, small firms remains robust https://therecord.media/ransomware-targeting-small-business-individuals-remains-robust
Ransomware attacks on major companies and large government organizations have dominated the headlines in 2023 but researchers from several companies are warning that smaller-scale attacks on individuals and small businesses are causing significant harm and damage too.
Tomi Engdahl says:
Navigating Legacy Infrastructure: A CISO’s Actionable Strategy for Success https://thehackernews.com/2023/08/navigating-legacy-infrastructure-cisos.html
Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technologies age, they can leave your organization vulnerable to cyber threats.
Tomi Engdahl says:
ICO calls social media firms to protect people’s data from scraping https://www.bleepingcomputer.com/news/security/ico-calls-social-media-firms-to-protect-peoples-data-from-scraping/
UK’s Information Commissioner’s Office (ICO), together with eleven data protection and privacy authorities from around the world, have published a statement calling social media platforms to up their protections against data scrapers.
Data scraping is the process of extracting large amounts of publicly available data from websites using automated tools such as bots, collecting information that users have published on that platform.
Tomi Engdahl says:
CISA touts ‘tremendous growth’ in vulnerability disclosure platform https://therecord.media/cisa-vulnerability-disclosure-program-annual-report
The U.S. federal government’s internal clearinghouse for cybersecurity vulnerabilities took in more than 1,300 valid reports in its first 18 months and prompted decisive action on most of them, saving as much as $4.35 million in estimated response and recovery efforts, according to the program’s first annual report.
The Vulnerability Disclosure Policy (VDP) Platform has seen “tremendous growth” in onboarding 40 agency programs since its launch in July 2021, the Cybersecurity and Infrastructure Security Agency said Friday in a news release.
Tomi Engdahl says:
Näin haittaohjelma saadaan ohittamaan puhelimen suojaukset https://www.is.fi/digitoday/tietoturva/art-2000009797919.html
RIKOLLISILLA on keinonsa ohittaa suojauksia haitallisten sovellusten levittämiseksi Android-puhelimiin.
Tietoturvayhtiö Zimperiumin mukaan sovelluksia voidaan pakata tavalla, joka tekee niistä viattoman näköisiä virustutkien tarkastelussa.
Pakkaaminen on tapa mahduttaa esimerkiksi sovelluksen kaikki tiedot alkuperäistä pienempään kokoon, jotta sen jakaminen olisi jouhevampaa.
Rikollisten juonena on käyttää pakkaamisessa vahvasti muokattuja algoritmeja tai menetelmiä, joita ei yleisesti tueta.
Tomi Engdahl says:
Defying the Dark Arts: Strategies for Countering Cyber Threats https://www.hackread.com/defying-dark-arts-strategies-countering-cyber-threats/
The rise of cybercrime has been nothing short of astonishing, with malicious actors employing increasingly sophisticated techniques to breach security measures and compromise sensitive information.
As these threats continue to evolve, it’s imperative that we arm ourselves with strategies to counter them effectively. In this article, we will delve into the world of cyber threats, understand their nuances, and explore actionable strategies to defend against them.
Tomi Engdahl says:
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants.
Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure.
Ransomware remains an actively evolving ecosystem, witnessing frequent shifts in tactics and targeting to increasingly focus on Linux environments using families such as Trigona, Monti, and Akira, the latter of which shares links to Conti-affiliated threat actors.
The ransomware strain has since been adapted to target Linux, VMware ESXi, and Apple macOS systems, transforming it into an ever-evolving threat. The RaaS operation is also notable for paying people to get tattoos of its insignia and instituting the first-ever bug bounty program.
Tomi Engdahl says:
Volatility3 : Remote analysis on cloud object-storage.
https://www.forensicxlab.com/posts/vols3/
It is crucial to have the capability of examining memory images on storage platforms other than traditional file systems. With the emergence of cloud technologies, new forms of storage known as object storage have emerged.
Enabling memory analysis on object storage provides exciting opportunities for innovation and advancement.
In this article, we will go through the journey of making the volatility3 framework compatible with s3 object-storage to perform memory analysis over the network. Also, the reader will discover how this new capability can and will be applied to the VolWeb 2.0 project which is still in developpement.
Tomi Engdahl says:
Lockbit leak, research opportunities on tools leaked from TAs https://securelist.com/lockbit-ransomware-builder-analysis/110370/
Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted without paying the ransom. According to the Lockbit owners, the namesake cybercriminal group, there have been bounty payments of up to 50 thousand dollars. In addition to these features, Lockbit has offered a searchable portal to query leaked information from companies targeted by this ransomware family, and even offered payment to those who get tattooed with a Lockbit logo on their body
Tomi Engdahl says:
6 Ransomware Trends & Evolutions to Watch For https://www.trendmicro.com/en_us/ciso/23/b/ransomware-trends-evolutions-2023.html
More than any other industry, cybersecurity is constantly changing. But the number of major paradigm shifts that transformed the world of cybersecurity in the past few years has been unprecedented, especially when it comes to combating ransomware.
The costly and global threat of ransomware has evolved alongside changing technology in the past two decades. Just as threat researchers and engineers rethink their solutions when the currents of cybersecurity shift, their adversaries are always following the latest trends to successfully target their victims.
New developments like the success of law enforcement crackdowns on ransomware, changing government regulations, international sanctions, and the looming regulation of cryptocurrency will force adversaries to adapt—both to overcome new challenges and take advantage of new opportunities. For cybersecurity leaders, keeping ahead of these 6 changes will be crucial in defending against new exploits and attack vectors.
Tomi Engdahl says:
Lessons learned from the Microsoft Cloud breach https://securityintelligence.com/articles/lessons-learned-from-the-microsoft-cloud-breach/
In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S.
State Department officials and other organizations not yet publicly named.
Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident.
In the wake of the breach, the Department of Homeland Security released a report stating that the Cyber Safety Review Board (CSRB) will conduct its next review on the malicious targeting of cloud computing environments. What lessons can be learned from this latest cyber incident? And how might companies protect themselves?
Tomi Engdahl says:
A Bard’s Tale – how fake AI bots try to install malware https://www.welivesecurity.com/en/scams/a-bards-tale-how-fake-ai-bots-try-to-install-malware/
The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Hackers breached WebDetetive, an Android spyware app used mainly in Brazil, and deleted victims’ stolen data; Poland-based LetMeSpy was similarly hacked in June — The Portuguese-language app WebDetetive was used to compromise over 76,000 phones to date — A Portuguese-language spyware …
A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
The Portuguese-language app WebDetetive was used to compromise over 76,000 phones to date
https://techcrunch.com/2023/08/26/brazil-webdetetive-spyware-deleted/
Tomi Engdahl says:
Natasha Lomas / TechCrunch:
The EU’s DSA goes into effect, forcing platforms like Facebook, Instagram, YouTube, and TikTok to let users opt out of profiling-based content recommendations
All hail the new EU law that lets social media users quiet quit the algorithm
https://techcrunch.com/2023/08/25/quiet-qutting-ai/
Internet users in the European Union are logging on to a quiet revolution on mainstream social networks today: The ability to say ‘no thanks’ to being attention hacked by AI.
Thanks to the bloc’s Digital Services Act (DSA), users of Meta’s Facebook and Instagram, ByteDance’s TikTok and Snap’s Snapchat can easily decline “personalized” content feeds based on “relevance” (i.e. tracking) — and switch to a more humble kind of news feed that’s populated with posts from your friends displayed in chronological order. And this is just the tip of the regulatory iceberg. The changes apply to major platforms in the EU but some are being rolled out globally as tech giants opt to streamline elements of their compliance.
Facebook actually got out ahead of today’s DSA compliance deadline by launching a chronological new Feeds tab last month — doing so globally, seemingly, not just in the EU. But it’s a safe bet Meta wouldn’t have made the move without the bloc passing a law that mandates mainstream platforms give users a choice to see non-personalized content.
Notably the new chronological Facebook news feed does not show any “Suggested For You” posts at all.
Tomi Engdahl says:
Cyberattacks Targeting E-commerce Applications https://thehackernews.com/2023/08/cyberattacks-targeting-e-commerce.html
Cyberattacks on e-commerce websites occur frequently, and even platforms built by global businesses such as Honda have contained critical vulnerabilities that have been discovered in the last 12 months.
Security testing is required to assess the full attack surface of an e-commerce application, protecting both the business and its users from cyber attacks like phishing or e-skimming.
Penetration testing as a service is one of the best ways to protect platforms, performing regular scans to provide continuous vulnerability assessments so they can be mitigated as soon as possible.
Tomi Engdahl says:
HTML Smuggling Leads to Domain Wide Ransomware https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved the threat actor deploying the final ransomware only 12 hours after the initial compromise.
This threat actor delivered a password protected ZIP file via HTML smuggling to organizations back in November 2022. Within the password protected ZIP file, there was an ISO file that deployed IcedID which led to the use of Cobalt Strike and ultimately Nokoyawa ransomware. This intrusion also overlaps with the previous Nokoyawa ransomware case.
Tomi Engdahl says:
Four common password mistakes hackers love to exploit https://www.bleepingcomputer.com/news/security/four-common-password-mistakes-hackers-love-to-exploit/
Our brains are incredibly good at pattern completion – it’s why we see animals in the clouds and remember entire songs from a single lyric. So, when it comes to passwords, users have a natural affinity for systems and patterns that are satisfying and easy to remember.
Even if it means circumventing an organization’s password policy. Attackers are well aware of this and have strategies in place to exploit the mistakes end users make (and the password policies that let them get away with it).
Despite being armed with modern tools and techniques, cracking passwords still essentially comes down to guessing. Any clues as to what makes up the structure of a password is very helpful to hackers.
Tomi Engdahl says:
3 Malware Loaders Detected in 80% of Attacks: Security Firm
https://www.securityweek.com/only-3-malware-loaders-detected-in-80-of-attacks-security-firm/
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incident
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders among cybercriminals, accounting for 80% of the observed attacks, cybersecurity firm ReliaQuest reports.
From January 1 to July 31, 2023, QakBot was responsible for 30% of the observed incidents, SocGholish for 27% of them, and Raspberry Robin for 23%.
According to the company, not all observed incidents resulted in network compromise, as the loader was detected and stopped before it could cause problems.
Tomi Engdahl says:
Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
https://www.securityweek.com/nearly-1000-organizations-60-million-individuals-impacted-by-moveit-hack/
Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data.
Tomi Engdahl says:
The Reality of Cyberinsurance in 2023
https://www.securityweek.com/the-reality-of-cyberinsurance-in-2023/
If an organization decides to include cyberinsurance within its total cyber risk management posture, that cyberinsurance must be fully integrated with the organization’s cybersecurity posture.
The cyberinsurance industry is maturing. In its early days, it simply accepted cyber risk with few questions asked. It lost money. Insurers are asking more questions and have increased premiums, exclusions, and refusals.
This has created a gap between insurers and insureds – a gap between insurance wishes and insurance reality, and a gap between policy requests and policy delivery. A survey of more than 300 US organizations, conducted by Censuswide for Delinea, seeks to understand the nature and effect of this cyberinsurance gap, and how it may be closed.
The background is strong support and desire for cyberinsurance from the board. Businessmen understand the nature of insurance, the nature of risk transfer, and the ability of insurance to ameliorate catastrophic loss. Boards sometimes require their organizations to purchase cyberinsurance, sometimes are contractually required to have cyberinsurance, and are largely willing to fund it.
That said, board budget support has dropped by 13% from 94% to 81% since last year. This may partly be due to current economic uncertainty, but may also be due to the increased requirements of the cyberinsurance industry.
Tomi Engdahl says:
OpenAI Turns to Security to Sell ChatGPT Enterprise
https://www.securityweek.com/openai-turns-to-security-to-sell-chatgpt-enterprise/
ChatGPT Enterprise is a corporate edition of ChatGPT that promises “enterprise-grade security” and a commitment not to use prompts and company data to train AI models.
Looking to cash in on the gold rush for generative-AI computing, OpenAI has rolled out a business edition of its popular ChatGPT app promising “enterprise-grade security” and a commitment not to use client-specific prompts and data in the training of its models.
The security-centric features of the new ChatGPT Enterprise are meant to address ongoing business concerns about the protection of intellectual property and the integrity of sensitive corporate data when using LLM (large language model) algorithms.
“You own and control your business data in ChatGPT Enterprise,” OpenAI declared. “We do not train on your business data or conversations, and our models don’t learn from your usage.”
The company said customer prompts and company data are not used for training OpenAI models and all conversations flowing through ChatGPT Enterprise are encrypted in transit (TLS 1.2+) and at rest (AES 256).
Taking aim at large scale enterprise deployments, OpenAI said businesses will get a new admin console with tools to handle bulk member management, SSO (single sign-on) and domain verification.
Tomi Engdahl says:
Did Microsoft Just Upend the Enterprise Browser Market?
https://www.securityweek.com/did-microsoft-just-upend-the-enterprise-browser-market/
NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem.
NEWS ANALYSIS: Redmond plants its feet firmly in the enterprise browser space, sending major ripples through Silicon Valley’s bustling venture-backed startup ecosystem.
Without much fanfare last week, Microsoft planted both feet firmly in the enterprise browser space, releasing a product promising a native browsing experience tightly integrated with enterprise-grade security and manageability features.
This strategic play, automatically rolled out to billions of Microsoft customers signing in with Entra ID (formerly Azure Active Directory), is sure to disrupt Silicon Valley’s bustling venture-backed startup ecosystem where hundreds of millions have been wagered on companies in the enterprise browser category.
The new product — called “Microsoft Edge for Business” — natively separates work and personal browsing into dedicated browser windows with their own favorites, separate caches and storage locations.
Microsoft is pitching this browser separation as a business feature that blocks work-related content and data from intermingled with personal browsing, preventing end users from accidentally sharing sensitive information.
“Microsoft Edge for Business is going to be the standard browser experience for organizations,” Redmond boasted.
Microsoft Edge for Business is now available, helping organizations maximize productivity and security
https://blogs.windows.com/msedgedev/2023/08/22/microsoft-edge-for-business-now-available/
Microsoft Edge for Business, the new, dedicated work experience for Microsoft Edge announced at Build, is now available across all supported platforms, including mobile! With native enterprise grade security, productivity, manageability, and AI built in, Edge for Business is the next step in our journey to deliver the best browser for business. Edge for Business is an evolution of Microsoft Edge, created to enable organizations to maximize productivity and security, and designed to create separation between work and personal browsing.
Tomi Engdahl says:
Earth Estries Targets Government, Tech for Cyberespionage https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html
Earth Estries is a sophisticated hacker group that has been active since at least 2020 and that focuses on deploying cyberespionage campaigns. It targets government and technology organizations in various countries and is capable of implementing advanced techniques such as the use of multiple backdoors and hacking tools to gain access to its targets.
Tomi Engdahl says:
OpenAI Turns to Security to Sell ChatGPT Enterprise
https://www.securityweek.com/openai-turns-to-security-to-sell-chatgpt-enterprise/
ChatGPT Enterprise is a corporate edition of ChatGPT that promises “enterprise-grade security” and a commitment not to use prompts and company data to train AI models.
Tomi Engdahl says:
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
Roughly 78% of the healthcare organizations in North America, South America, the APAC region, and Europe experienced a cyberattack over the past year, according to a new report.
https://www.securityweek.com/healthcare-organizations-hit-by-cyberattacks-last-year-reported-big-impact-costs/
Tomi Engdahl says:
GitHub Enterprise Server Gets New Security Capabilities
https://www.securityweek.com/github-enterprise-server-gets-new-security-capabilities/
GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules.
Tomi Engdahl says:
Data Protection
How Quantum Computing Will Impact Cybersecurity
https://www.securityweek.com/how-quantum-computing-will-impact-cybersecurity/
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.
Quantum computers live in research universities, government offices, and leading scientific companies and, except in rare circumstances, find themselves out of reach of bad actors. That may not always be the case, though.
As research on quantum computers continues to move the technology forward, there is a growing concern that these computers might soon break modern cryptography. That would make all current data encryption methods obsolete and require new cryptography methods to protect against these powerful machines.
While the concept of quantum computers is not new, the discourse around them has increased in recent months thanks to continued federal action.
The Power of Quantum Computing
Even the fastest computers today struggle to break security keys thanks to complexity. It would take years for a system to break down the standard keys, even in the best-case scenarios. This is what makes encryption such a valuable security defense.
Quantum computing looks to dramatically change this time from years to a few hours. While it can quickly get complicated, experts believe many public-key encryption methods popular today, such as RSA, Diffie-Hellman, and elliptic curve could one day be relatively simple for quantum computers to solve.
The good news in this scenario is that commercial quantum computing remains in the distance. A study from the National Academies believes future code-breaking quantum computers would need 100,000 times more processing power and an error rate of 100 times better. These improvements could be more than a decade away, but they are something security leaders need to consider now.
It will be too late if we wait until those powerful quantum computers start breaking our encryption.
Leveraging Defense In-Depth
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works. Best practices include things like segmenting networks, leveraging 5G private networks, and leveraging Zero Trust architectures.
Organizations must also secure data at rest. Many databases feature encryption that could become moot in the future. Organizations may need to store certain data offline or have a practice of re-encrypting old files once newer encryption technologies become available.
Right now, everything from browser cache, to password managers, to local Outlook email files is encrypted. If that encryption becomes breakable, organizations may need to reduce the distribution overall to limit risk, at least until better quantum encryption is created.
Tomi Engdahl says:
Classiscam fraud-as-a-service expands, now targets banks and 251 brands https://www.bleepingcomputer.com/news/security/classiscam-fraud-as-a-service-expands-now-targets-banks-and-251-brands/
The “Classiscam” scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before.
Like a ransomware-as-a-service operation, this Telegram-based operation recruits affiliates who use the service’s phishing kits to create fake ads and pages to steal money, credit card information, and, more recently, banking credentials.
Group-IB’s analysts have seen 35 scam groups using phishing sites that mimic the login pages of 63 banks in 14 countries, including financial institutes in Belgium, Canada, Czech Republic, France, Germany, Poland, Singapore, and Spain.
Tomi Engdahl says:
Revisiting Traditional Security Advice for Modern Threats https://www.mandiant.com/resources/blog/traditional-advice-modern-threats
Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months. Some examples have been unique and interesting, including the 3CX software supply chain compromise linked to Trading Technologies software supply chain compromise, and the supply chain compromise of JumpCloud that was made possible by a sophisticated spear phishing campaign.
Other examples have been slightly more traditional, such as exploitation of vulnerabilities in security appliances such as Barracuda Email Security Gateway, network security devices, foundational IT platforms and application software. The modern day nuance is the frequency and widespread use of these techniques against a wide variety of targeted technologies, especially those used for security, with cascading impact that potentially allows access into numerous user networks.
Tomi Engdahl says:
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities
https://www.securityweek.com/energy-department-offering-9m-in-cybersecurity-competition-for-small-electric-utilities/
Small electric utilities in the US offered $9 million as part of a competition whose goal is to help them boost their cybersecurity posture.
The US Department of Energy on Wednesday announced a competition that can help smaller electric utilities obtain funding and technical assistance for improving their cybersecurity posture.
The competition, named the Advanced Cybersecurity Technology (ACT) 1 Prize Competition, is part of the Biden administration’s Rural and Municipal Utility Cybersecurity (RMUC) Program, which has set aside $250 million over a five-year period for enhancing cybersecurity at cooperative, municipal and small investor-owned electric utilities.
For the ACT 1 Prize Competition, which is the first in a series, the total budget is $8.96 million in cash and technical assistance.
The competition has three phases, focusing on commitment, planning and implementation.
Tomi Engdahl says:
Apple Preparing iPhone 14 Pro Phones for 2024 Security Research Device Program
https://www.securityweek.com/apple-preparing-iphone-14-pro-phones-for-2024-security-research-device-program/
Apple is inviting security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to receive hackable iPhones.
Tomi Engdahl says:
The End of “Groundhog Day” for the Security in the Boardroom Discussion?
https://www.securityweek.com/the-end-of-groundhog-day-for-the-security-in-the-boardroom-discussion/
As the SEC cyber incident disclosure rules come into effect, organizations will be forced to seriously consider giving security leaders a seat at the table.
It’s been eight and half years since I first wrote about the need for security leadership representation in the boardroom. I then revisited the topic last year, when the SEC initially proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting.
Now, as the SEC cyber incident disclosure rules come into effect, organizations will finally be forced to seriously consider giving security leaders a seat at the table. It’s the next logical step to be able to comply with the disclosure and oversight requirements as the new guidelines detail.
The positives of SEC involvement
Feedback from industry professionals highlights the pros and cons of the new SEC rules. But since the new rules are inevitable and disclosure reports are due beginning December 2023, the time has come to focus on the positives for the industry that the SEC is stepping-in.
Tomi Engdahl says:
Malware & Threats
3 Malware Loaders Detected in 80% of Attacks: Security Firm
https://www.securityweek.com/only-3-malware-loaders-detected-in-80-of-attacks-security-firm/
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/four-common-password-mistakes-hackers-love-to-exploit/
Tomi Engdahl says:
Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies
https://www.securityweek.com/lawmaker-wants-federal-contractors-to-have-vulnerability-disclosure-policies/
Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP).
Tomi Engdahl says:
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick?
https://www.securityweek.com/smart-cities-utopian-dream-security-nightmare-or-political-gimmick/
As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.
How much smart does a smart city need to be called smart? It’s not a trivial question. It goes to the heart of understanding the concept of connected cities: what is a smart city, what does it deliver, and is it worth the effort? And is it ultimately a utopian dream or a cybersecurity nightmare?
Tomi Engdahl says:
Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
https://www.securityweek.com/nearly-1000-organizations-60-million-individuals-impacted-by-moveit-hack/
Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data.
Nearly 1,000 organizations and 60 million individuals are reportedly impacted by the recent MOVEit campaign conducted by the Russian-speaking Cl0p ransomware group.
It’s worth noting that these numbers include both directly and indirectly impacted entities. For instance, several organizations and millions of people had their information compromised through PBI, which provides research services for the pension and financial sectors.
As of August 24, cybersecurity firm Emsisoft was aware of 988 victims and roughly 59,200,000 individuals.
Tomi Engdahl says:
Google Workspace Introduces New AI-Powered Security Controls
https://www.securityweek.com/google-workspace-introduces-new-ai-powered-security-controls/
Google has announced new AI-powered zero trust, digital sovereignty, and threat defense controls for Workspace customers.
Google on Thursday introduced new AI-powered security controls for its Workspace customers, targeting zero trust, digital sovereignty, and threat defense.
The new AI-powered zero trust capabilities, Google says, are meant to provide organizations with more granular control over how data is accessed and used.
To ensure data protection and prevent inappropriate sharing of data in Google Drive, Google AI can now be used to automatically and continuously classify and label new and existing files, and then apply necessary controls based on the organization’s security policies.
Context-aware DLP controls will allow administrators to set specific criteria to be met before a user can share sensitive content in Drive – the capability will become available in preview later this year.
Gmail will receive enhanced DLP controls too – also in preview later this year – to improve control over the sharing of sensitive information, both inside and outside the organization.
The internet giant also announced new digital sovereignty controls to help prevent unauthorized access to sensitive data, storing encryption keys, selecting where data is processed, and limiting Google support access.
Tomi Engdahl says:
Europe is Cracking Down on Big Tech. This Is What Will Change When You Sign On
https://www.securityweek.com/europe-is-cracking-down-on-big-tech-this-is-what-will-change-when-you-sign-on/
The Digital Services Act aims to protect European users when it comes to privacy, transparency and removal of harmful or illegal content.
Starting Friday, Europeans will see their online life change.
People in the 27-nation European Union can alter some of what shows up when they search, scroll and share on the biggest social media platforms like TikTok, Instagram and Facebook and other tech giants like Google and Amazon.
That’s because Big Tech companies, most headquartered in the U.S., are now subject to a pioneering new set of EU digital regulations. The Digital Services Act aims to protect European users when it comes to privacy, transparency and removal of harmful or illegal content.
Tomi Engdahl says:
A Bard’s Tale – how fake AI bots try to install malware
The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!
https://www.welivesecurity.com/en/scams/a-bards-tale-how-fake-ai-bots-try-to-install-malware/
Tomi Engdahl says:
LockBit Ransomware Extorts $91 Million from U.S. Companies
https://thehackernews.com/2023/06/lockbit-ransomware-extorts-91-million.html
Tomi Engdahl says:
https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html
Tomi Engdahl says:
Prompt injection could be the SQL injection of the future, warns NCSC https://www.malwarebytes.com/blog/news/2023/08/prompt-injection-could-be-the-sql-injection-of-the-future-warns-ncsc
The UK’s National Cyber Security Centre (NCSC) has issued a warning about the risks of integrating large language models (LLMs) like OpenAI’s ChatGPT into other services. One of the major risks is the possibility of prompt injection attacks.
The NCSC points out several dangers associated with integrating a technology that is very much in early stages of development into other services and platforms. Not only could we be investing in a LLM that no longer exists in a few years (anyone remember Betamax?), we could also get more than we bargained for and need to change anyway.
Tomi Engdahl says:
Revisiting 16shop Phishing Kit, Trend-Interpol Partnership https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html
Phishing has always been one of the most prevalent and relentless cyberthreats. It is the simplest form of attack and, just like malware as-a-service, some developers and builders of phishing kits lend their source codes for a fee. These kits are commonly known as phishing-as-a-service, which allows smaller-scale cybercriminals can avail to try to cash in from victims especially in the financial sector.
One prominent phishing kit, dubbed 16shop, has been active since 2018 to at least 2021. We highlight 2021 as the year when 16shop had the highest number of deployments worldwide and when one of the main administrators was arrested.
Since its documentation, the subsequent versions of these kits were most likely cracked versions of the original code.
Tomi Engdahl says:
Potential Weaponizing of Honeypot Logs [Guest Diary]
https://isc.sans.edu/diary/Potential+Weaponizing+of+Honeypot+Logs+Guest+Diary/30178
In today’s rapidly evolving cybersecurity landscape, vigilance is the key. But what if the very tools designed to detect and analyze threats could be turned against us? In this exploration, we dive into the world of honeypots, their valuable logs, and the potential vulnerabilities that lie within.
Understanding the use and application of honeypots and their associated dangers isn’t just a theoretical exercise; it’s a necessity. Cybersecurity professionals, threat analysts, and IT administrators stand at the forefront of this battlefield and should know the dangers that lurk in the logs.