Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
Chrome extensions can steal plaintext passwords from websites https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website’s source code.
An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles of least privilege and complete mediation.
Additionally, the researchers found that numerous websites with millions of visitors, including some Google and Cloudflare portals, store passwords in plaintext within the HTML source code of their web pages, allowing extensions to retrieve them.
Tomi Engdahl says:
What is the origin of passwords submitted to honeypots?
https://isc.sans.edu/diary/What+is+the+origin+of+passwords+submitted+to+honeypots/30182
We use passwords just about everywhere in our daily lives. It’s difficult to think of an online service where we don’t have a need to enter some kind of credentials to access our content. DShield honeypots collect a variety of data, including passwords, that are submitted from SSH and telnet attacks.
Tomi Engdahl says:
Analysis of a Defective Phishing PDF
https://isc.sans.edu/diary/Analysis+of+a+Defective+Phishing+PDF/30184
A reader submitted a suspicious PDF file. TLDR: it’s a defective phishing PDF.
Taking a look with pdfid.py, I see nothing special, but it contains stream objects…
Tomi Engdahl says:
Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest
https://www.securityweek.com/over-1-million-offered-at-new-pwn2own-automotive-hacking-contest/
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.
The Zero Day Initiative (ZDI) this week announced that it will be offering more than $1 million in cash and prizes at Pwn2Own Automotive, the first Pwn2Own hacking contest focused on car systems.
The competition will be hosted at the Automotive World conference, which is scheduled for January 24 – 26, 2024, in Tokyo, Japan.
Interested security researchers have until January 18 to register for the contest and submit an entry, consisting of “a detailed whitepaper completely explaining your exploit chain and instructions on how to run the entry”, ZDI has announced.
The same as with other similar events, ZDI is allowing remote participation to Pwn2Own Automotive, on the basis that not all researchers will be able to attend the conference.
Tomi Engdahl says:
Creating a YARA Rule to Detect Obfuscated Strings
https://isc.sans.edu/diary/Creating+a+YARA+Rule+to+Detect+Obfuscated+Strings/30186
I wrote a blog post “Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs”
on how to analyse PDF/ActiveMime polyglot malicious document files and also developed a YARA rule to detect them.
These polyglot files are PDF files into which an Office document (for example, a Single File Web Page Word document) has been embedded (in various ways).
Tomi Engdahl says:
Management & Strategy
Security Team Huddle: Using the Full NIST Cybersecurity Framework for the Win
https://www.securityweek.com/security-team-huddle-using-the-full-nist-cybersecurity-framework-for-the-win/
Just as a professional football team needs coordination, strategy and adaptability to secure a win on the field, a well-rounded cybersecurity strategy must address specific challenges and threats.
Tomi Engdahl says:
Data Protection
How Quantum Computing Will Impact Cybersecurity
https://www.securityweek.com/how-quantum-computing-will-impact-cybersecurity/
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.
Tomi Engdahl says:
CISA, MITRE shore up operational tech networks with adversary emulation platform https://therecord.media/cisa-creates-adversary-emulation-platform
The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with the nonprofit MITRE to develop a cyberattack emulation platform specifically for operational technology (OT) networks.
The project is an extension of MITRE Caldera — an open-source tool designed to help cybersecurity officials reduce the amount of time and resources needed for routine cybersecurity testing. Caldera helps cybersecurity teams emulate adversaries, test how platforms respond to attacks, and more.
The platform for OT extensions was developed in partnership between the Homeland Security Systems Engineering and Development Institute (HSSEDI) — a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security (DHS) — and CISA in an effort to increase the resiliency of critical infrastructure. The tool is now publicly available as an extension of the original Caldera platform.
Tomi Engdahl says:
16-31 July 2023 Cyber Attacks Timeline
https://www.hackmageddon.com/2023/09/05/16-31-july-2023-cyber-attacks-timeline/
New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during the second half of July 2023 (the first timeline is here). For this reason the number of collected events soared to 217 (corresponding to 13.56 events/day).
A value never seen before that sets a new record.
Once again, the obvious consequence is that the attacks exploiting vulnerabilities were still on top of the attack techniques with the new record (yes each fortnight we set a new record) of 45.6% (99 out of 217 events).
Nearly ten points higher than the previous one (35.9%) of the first half of July. And once again, the other obvious consequence was the increase of the percentage of events directly or indirectly characterized by ransomware, soaring to 45.16%, slightly lower than 45.5% of the previous fortnight.
Tomi Engdahl says:
Uusi protokolla tulossa estämään ohjelmistopiratismia
https://etn.fi/index.php/13-news/15286-uusi-protokolla-tulossa-estaemaeaen-ohjelmistopiratismia
Luvattomien ohjelmistojen käyttö merkitsee elektroniikkayrityksille vuosittain miljardien dollarien tulonmenetyksiä. Nyt asiaan yritetään uutta ratkaisua lisensoitavalla palvelinten sertifiointiprotokollalla.
Kyse on puolijohdealan järjestö SEMI:n alaisesta ESD Alliancesta, jonka alla työstetään standardeja elektroniikan suunnitteluun. Uusi protokolla on SCP eli Server Certification Protocol. Sen kehitystyöhön osallistuivat kaikki kolme suurta ED-yritystä eli Cadence, Siemens ja Synopsys.
Idea on periaatteessa yksinkertainen: SCP-protokolla auttaa estämään luvattoman pääsyn lisensoituihin ohjelmistotuotteisiin määrittämällä jokaiselle asiakkaan lisenssipalvelimelle yksilöllisen tunnisteen. Näin ohjelmistoon pääsee käsiksi vain valtuutetuilla palvelimilla.
Protokollan on jo tarkastanut ja hyväksynyt riippumaton ryhmä puolijohdeyrityksiä, jotka käyttävät EDA-työkaluja omassa toiminnassaan.
Tomi Engdahl says:
CISA Hires ‘Mudge’ to Work on Security-by-Design Principles
https://www.securityweek.com/cisa-hires-mudge/
Peiter ‘Mudge’ Zatko joins the US government’s cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles.
The U.S. government’s cybersecurity agency CISA on Monday confirmed the addition of Peiter ‘Mudge’ Zatko to its roster of prominent voices preaching the gospel of security-by-design and secure-by-default development principles.
Zatko, most recently the CISO at Twitter who blew the whistle on the social media giant’s security shortcomings, is joining the agency in a part-time capacity to work on the “security and resilience by design” pillar of the Biden administration’s National Cybersecurity Strategy.
A statement from CISA boss Jen Easterly confirmed Mudge’s addition as Senior Technical Advisor to work on shaping a culture of security-by-design everywhere.
“Mudge joins us in a part-time capacity to help us collaboratively shape a culture of security by design that is foundational to every security team, every C-suite, and every board room in the country,” Easterly said. Zatko’s hiring was first reported by the Washington Post.
Zatko is a famous hacker from the L0pht/cDc collectives who is credited for some of the earliest research work around buffer overflow vulnerabilities. He previously served as a DARPA program manager and created the Cyber Fast Track program that provided resources to hackers and hacker spaces.
Tomi Engdahl says:
Disclaimer: This document is marked TLP:CLEAR. Disclosure is not limited. Sources may use TLP:CLEAR when information
carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
Subject to standard copyright rules, TLP:CLEAR information may be distributed without restriction. For more information on
the Traffic Light Protocol, see http://www.cisa.gov/tlp/.
TLP:CLEAR
TLP
Shifting the Balance of Cybersecurity Risk:
Principles and Approaches for Security-by-
Design and -Default
https://www.cisa.gov/sites/default/files/2023-04/principles_approaches_for_security-by-design-default_508_0.pdf
Tomi Engdahl says:
Kiristyshaittaohjelmia havainneita organisaatioita selvästi aiempaa vähemmän
https://etn.fi/index.php/13-news/15279-kiristyshaittaohjelmia-havainneita-organisaatioita-selvaesti-aiempaa-vaehemmaen
Kyberturvallisuusyhtiö Fortinet on julkaisut uusimman Global Threat Landscape Report -katsauksen. Raportista selviää muun muassa, että kiristyshaittaohjelmia havainneiden organisaatioiden määrä laski vuoden 2023 ensimmäisellä puoliskolla viiden vuoden takaisesta 22 prosentista 13 prosenttiin.
Samaan aikaan ohjelmavarianttien määrä on noussut huimasti, mikä johtuu pitkälti kiristyshaittaohjelmapalvelujen saatavuuden lisääntymisestä.
- Kiristyshaittaohjelmat ja muut hyökkäykset ovat viime vuosina muuttuneet yhä asiantuntevammiksi ja kohdistetummiksi. Koska kyberrikolliset ostavat kiristyshaittaohjelmat usein palveluna ja haluavat saada rahoilleen vastinetta, kunkin hyökkäyksen tehokkuuteen panostetaan voimakkaasti, sanoo Suomen Fortinetin Director Systems Engineering Jani Ekman.
- Organisaation, sen viestintäväylien ja haavoittuvuuksien kartoittamiseen käytetään paljon aikaa. Pyrkimyksenä on taata, että rikolliset pääsevät tekemään mahdollisimman paljon vahinkoa kenenkään estämättä.
Tomi Engdahl says:
EU ei enää anna kiinalaisten ostaa kriittistä teknologiaa
https://etn.fi/index.php/13-news/15281-eu-ei-enaeae-anna-kiinalaisten-ostaa-kriittistae-teknologiaa
Etlan tutkimuksen mukaan Suomessa on ainakin 1500 yritystä, jotka omistavat tai kehittävät kriittistä teknologiaa. Kriittistä teknologiaa yrityksissä edustavat esimerkiksi turvallisuus- ja mobiiliteknologiat. Suurin osa näistä yrityksistä on kotimaisessa omistuksessa.
EU:lla ja sen jäsenvaltioilla on monia keinoja puuttua yritys- ja teknologiakauppoihin. Ylivoimaisesti suurin toimiala on puolijohdeteollisuus, jossa suunniteltuja ulkomaisia yritysostoja on estetty muun muassa Yhdysvalloissa, Yhdistyneessä kuningaskunnassa ja Italiassa. Puolijohde- ja mikropiirivalmistajien lisäksi robotiikka, ohjelmistokehitys ja energiateknologia ovat keskeisiä yksittäisiä toimialoja.
Esimerkkejä Euroopassa on paljon.
Tomi Engdahl says:
W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/
W3LL’s cybercriminal career can be traced back to 2017, when they entered the market with W3LL SMTP Sender – a custom tool for bulk email spam. Later, W3LL developed and started selling their version of a phishing kit for targeting corporate Microsoft 365 accounts. The growing popularity of the convenient toolset prompted the threat actor to venture into opening a covert English-speaking underground marketplace. The W3LL store began operations in 2018. Over time, the platform evolved into a fully sufficient BEC ecosystem offering an entire spectrum of phishing services for cybercriminals of all levels, from custom phishing tools to supplementary items such as mailing lists and access to compromised servers.
Tomi Engdahl says:
Easterly: CISA wrapping up cyber incident reporting rule https://therecord.media/cyber-incident-reporting-regulation-cisa
The head of the Cybersecurity and Infrastructure Security Agency said Wednesday that the organization is “finishing” the long-awaited cyber incident reporting requirement for critical infrastructure companies.
“That should be out later this year or early next year,” CISA Director Jen Easterly said during the Billington Cybersecurity Summit in Washington, D.C.
Recorded Future, the parent company of The Record, is a sponsor for the event.
Congress tasked CISA with implementing the reporting mandate in the fiscal
2022 spending bill.
Tomi Engdahl says:
Puolustusvoimat antaa kybervarusmiehille yrittäjyyskoulutusta – Uusimaa:
innoitus löytyi Israelista
https://www.tivi.fi/uutiset/tv/316e8fab-c92b-41b1-abca-7c1596a8afa2
Puolustusvoimissa on käynnistynyt pilottihanke, jossa pienen joukon kybervarusmiesten koulutukseen lisätään yritys- ja innovaatiokoulutusta. Hanke toteutetaan Sitran ja Puolustusvoimien yhteistyössä. Sillä pyritään selvittämään, voiko tällaista koulutusta lisäämällä tuottaa maanpuolustukseen uusia mahdollisuuksia, kuten orastavaa yritystoimintaa, haasteiden ratkaisukykyä ja uusia innovatiivisia ideoita.
Innoitusta hankkeeseen on saatu Israelista, joka nähdään kyberteknologian ja startup-yritysten kehittämisen pioneerina, kertoo Uusimaa. Suomea ja Israelia yhdistävät kenraaliluutnantti Ilkka Korkiamäen mukaan asevelvollisuusjärjestelmä ja vahva startup-kulttuuri, vaikka mailla onkin keskenään paljon eroja. Korkiamäki koordinoi koulutusohjelmaa Sitran puolelta.
Tomi Engdahl says:
https://www.securityweek.com/hacker-conversations-alex-ionescu/
Tomi Engdahl says:
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy
https://www.securityweek.com/25-major-car-brands-get-failing-marks-from-mozilla-for-security-and-privacy/
Mozilla has analyzed the privacy and security of 25 major car brands and found that they collect a lot of data and can share it or sell it to third parties.
Tomi Engdahl says:
Active North Korean campaign targeting security researchers https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/
In January 2021, Threat Analysis Group (TAG) publicly disclosed a campaign from government backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. Over the past two and a half years, TAG has continued to track and disrupt campaigns from these actors, finding 0-days and protecting online users.
Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. TAG is aware of at least one actively exploited 0-day being used to target security researchers in the past several weeks. The vulnerability has been reported to the affected vendor and is in the process of being patched.
Tomi Engdahl says:
China, North Korea pursue new targets while honing cyber capabilities https://blogs.microsoft.com/on-the-issues/2023/09/07/digital-threats-cyberattacks-east-asia-china-north-korea/
In the past year, China has honed a new capability to automatically generate images it can use for influence operations meant to mimic U.S. voters across the political spectrum and create controversy along racial, economic, and ideological lines.
This new capability is powered by artificial intelligence that attempts to create high-quality content that could go viral across social networks in the U.S. and other democracies. These images are most likely created by something called diffusion-powered image generators that use AI to not only create compelling images but also learn to improve them over time.
Today, the Microsoft Threat Analysis Center (MTAC) is issuing Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness, as part of an ongoing series of reports on the threat posed by influence operations and cyber activity, identifying specific sectors and regions at heightened risk.
Tomi Engdahl says:
How an APT technique turns to be a public Red Team Project – Yoroi https://yoroi.company/research/how-an-apt-technique-turns-to-be-a-public-red-team-project/
DLL Sideloading (T1574.002) stands as a remarkably effective stratagem employed by adversaries to execute their own malicious code, while clandestinely leveraging the implicit trust placed in legitimate applications.
This report dissects the multifaceted nuances of DLL Sideloading, delving into its mechanics, the prevalence of victim applications, and its reverberating impact on the cybersecurity landscape.
At the core of DLL Sideloading lies the manipulation of trust. Adversaries artfully exploit the trust that users confer upon genuine applications to covertly introduce their malevolent payloads. This technique operates on the premise that antimalware engines are less likely to flag such activities as malicious, given the seemingly benign context of the attack. By infiltrating the trusted environment of legitimate software, attackers can operate incognito and evade the vigilant gaze of cybersecurity defenses.
Tomi Engdahl says:
The Team8 Foundry Method for Selecting Investable Startups
https://www.securityweek.com/the-team8-foundry-method-for-selecting-investable-startups/
Team8, a VC organization with added sauce, queried more than 130 CISOs from its own ‘CISO Village’ to discover the concerns of existing cybersecurity practitioners, and the technologies they are seeking for the future.
Team8 regularly consults with its CISO Village of around 350 enterprise CISOs over startup investments. AI security, 3rd party risk management, and the insider threat are today’s top CISO concerns.
Team8, a Tel Aviv venture capital (VC) organization with added sauce, queried more than 130 CISOs from its own ‘CISO Village’ to discover the concerns of existing cybersecurity practitioners, and the technologies they are seeking for the future.
The VC in the equation is capital investment in cybersecurity startups, with a focus on data science, AI and fintech. The added source is deep technical and managerial expertise that is applied together with the investment capital. The CISO Village is a group of around 350 enterprise CISOs – including from Fortune 500 companies – from which Team8 discovers the technologies currently or expected to be most in demand.
The result is that Team8 knows exactly what is needed, and then ‘builds’ relevant startup companies together with the technology to fill the known market gap. That market gap is based on genuine practitioners’ pain points rather than new vendor and media hype. Team8’s USP is that it builds new companies rather than simply injects capital – usually at the rate of one company per year.
Tomi Engdahl says:
Government
CISA Releases Guidance on Adopting DDoS Mitigations
https://www.securityweek.com/cisa-releases-guidance-on-adopting-ddos-mitigations/
CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations.
DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible.
Meant to help federal agencies prevent “large-scale volumetric attacks against web services”, CISA’s new guidance (PDF) shares details on prioritizing DDoS mitigations depending on mission and reputational impact, and describes various DDoS mitigation services to help agencies make informed procurement decisions.
The guide, however, only focuses on DDoS attacks targeting websites and related web services, which are meant to deny user access to them.
According to CISA, before deciding which type of DDoS mitigation to adopt, federal agencies should make an inventory of agency-owned or -operated web services, and then analyze the impact a DDoS attack would have against those services.
“Agencies that depend on public perception for the successful execution of their mission may choose to give more weight to scores in the reputational impact category, whereas agencies that are reliant on partnership with scientific or academic organizations may choose to weight the government and industry partnerships category more heavily,” CISA explains.
https://www.cisa.gov/sites/default/files/2023-09/TLP%20CLEAR%20-DDOS%20Mitigations%20Guidance_508c.pdf
Tomi Engdahl says:
MITRE and CISA Release Open Source Tool for OT Attack Emulation
https://www.securityweek.com/mitre-and-cisa-release-open-source-tool-for-ot-attack-emulation/
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
The MITRE Corporation and the US Cybersecurity and Infrastructure Security Agency (CISA) today announced a new extension for the open source Caldera platform that emulates adversarial attacks against operational technology (OT).
The new Caldera for OT extension is the result of a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA, to help improve the resilience of critical infrastructure.
The Caldera cybersecurity platform provides automated adversary emulation, security assessments, and red-, blue-, and purple-teaming, and uses the MITRE ATT&CK framework as its backbone.
Caldera for OT, which also enables Factory and Security Acceptance Testing (FAT/SAT), is now available for industrial control systems (ICS) defenders to benefit from the open source platform as well.
Tomi Engdahl says:
Google gets its way, bakes a user-tracking ad platform directly into Chrome
Chrome now directly tracks users, generates a “topic” list it shares with advertisers.
https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/
Tomi Engdahl says:
”Painajaisia pyörien päällä” – Kaikki suuret autovalmistajat reputtivat yksityisyydensuojatestin
https://tekniikanmaailma.fi/painajaisia-pyorien-paalla-kaikki-suuret-autovalmistajat-reputtivat-yksityisyydensuojatestin/
‘Modern cars are a privacy nightmare,’ the worst Mozilla’s seen / A new study from the Mozilla Foundation found that all 25 of the car brands it reviewed had glaring privacy concerns, even compared to the makers of sex toys and mental health apps.
https://www.theverge.com/2023/9/6/23861047/car-user-privacy-report-mozilla-foundation-data-collection
Tomi Engdahl says:
The International Criminal Court will now prosecute cyberwar crimes https://arstechnica.com/information-technology/2023/09/the-international-criminal-court-will-now-prosecute-cyberwar-crimes/
For years, some cybersecurity defenders and advocates have called for a kind of Geneva Convention for cyberwar, new international laws that would create clear consequences for anyone hacking civilian critical infrastructure, like power grids, banks, and hospitals. Now the lead prosecutor of the International Criminal Court at the Hague has made it clear that he intends to enforce those consequences—no new Geneva Convention required. Instead, he has explicitly stated for the first time that the Hague will investigate and prosecute any hacking crimes that violate existing international law, just as it does for war crimes committed in the physical world.
Tomi Engdahl says:
Polish Senate says use of government spyware is illegal in the country https://techcrunch.com/2023/09/08/polish-senate-says-use-of-government-spyware-is-illegal-in-the-country/
A special commission within Poland’s Senate concluded that the government’s use of spyware, like the one made by NSO Group, is illegal.
The commission announced on Thursday the conclusion of its 18-month investigation into allegations that the Polish government used NSO’s spyware, known as Pegasus, to spy on an opposition politician and other politicians around the time of the country’s 2019 elections.
“Pegasus cannot be used under Polish law,” the report read, according to a machine translation. “This is because the Polish legal system does not allow the use of programs in which acquired operational data is transferred through transmission channels uncontrolled by the relevant services, as this creates the risk of violating its integrity and does not ensure its confidentiality, as required by law.”
Tomi Engdahl says:
Probe reveals DHS relies on fake social media accounts to investigate targets https://therecord.media/dhs-uses-fake-social-media-accounts
The Department of Homeland Security (DHS) routinely relies on phony social media accounts to gather information about people, with little oversight, according to a years-long investigation by the Brennan Center for Justice (BCJ).
BCJ, a nonpartisan law and policy institute, began asking DHS for details of the program in 2018 under the Freedom of Information Act (FOIA). When the agency stonewalled, the institute retained a lawyer who sued for the documents.
They show, among other things, that Customs and Border Protection (CBP) uses “masked monitoring” of individuals by setting up fake social media accounts to research them — just one example of how at least 14 “social media operational use templates” are used to allow officers to obscure
Tomi Engdahl says:
Top US Spies Meet With Privacy Experts Over Surveillance ‘Crown Jewel’
https://www.wired.com/story/section-702-privacy-meeting/
Senior United States intelligence officials met privately in Virginia yesterday with over a dozen civil liberties groups to field concerns about domestic surveillance operations that have drawn intense scrutiny this summer among an unlikely coalition of Democratic and Republican lawmakers in the US Congress.
The meeting, organized by the director of national intelligence, Avril Haines, was attended by top officials from the National Security Agency (NSA), US Department of Justice (DOJ), and Central Intelligence Agency (CIA), among others. General Paul Nakasone, the NSA director, is believed to have attended, though neither the IC, nor any source at the meeting, would confirm or deny his presence.
Privacy and civil liberties advocates in attendance Thursday say one of their chief objectives was putting the intelligence community (IC) on notice:
Without significant privacy reforms, any effort to reauthorize the use of its most powerful surveillance weapon—Section 702 of the Foreign Intelligence Surveillance Act—will be a doomed undertaking. The 9/11-era program, occasionally referred to as the “crown jewel” of US intelligence, is set to expire at the end of the year.
Tomi Engdahl says:
Pariskunta luuli kirjautuvansa Omakantaan, menetti 44 900 euroa – oikeus määräsi pankin korvaamaan https://www.is.fi/digitoday/tietoturva/art-2000009841626.html
Satakunnan käräjäoikeus on määrännyt Honkajoen Osuuspankin maksamaan yksityishenkilölle noin 32 000 euroa korvauksia. Mies menetti Omakanta-verkkosivun jäljittelyyn perustuvassa huijauksessa 44 900 euroa, joista saatiin vain osa takaisin.
Oikeuden päätöksen mukaan pariskunta ei ollut törkeän huolimaton kirjautuessaan syyskuussa 2021 Kelan ylläpitämää Omakanta-sivua jäljittelevälle verkkosivulle tietokoneella miehen laboratoriotulokset saadakseen.
Sisäänkirjautumisen tehnyt vaimo oli päätynyt sivulle tehtyään ”omakanta”-sanalla haun Bing-hakukoneessa.
Tomi Engdahl says:
Microsoft ends printer driver installations and updates via Windows Update – gHacks Tech News
https://www.ghacks.net/2023/09/07/microsoft-ends-printer-driver-installations-and-updates-via-windows-update/
Tomi Engdahl says:
Google rolls out Privacy Sandbox to use Chrome browsing history for ads https://www.bleepingcomputer.com/news/google/google-rolls-out-privacy-sandbox-to-use-chrome-browsing-history-for-ads/
Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user’s interests from third-party cookies to the Chrome browser.
When starting the Google Chrome browser, users will now see an alert titled ‘Enhanced ad privacy in Chrome’ that briefly describes the new ad platform.
“We’re launching new privacy features that give you more choice over the ads you see,” reads the new Chrome alert.
“Chrome notes topics of interest based on your recent browsing history. Also, sites you visit can determine what you like. Later, sites can ask for this information to show you personalized ads. You can choose which topics and sites are used to show you ads.”
This alert offers two buttons, ‘Got it’ and ‘Settings,’ which many users complain are confusing and deceptive, as the new advertising platform will be enabled in Google Chrome regardless of the button you click.
Tomi Engdahl says:
The UK Government Knows How Extreme The Online Safety Bill Is https://www.eff.org/deeplinks/2023/09/uk-government-knows-how-extreme-online-safety-bill
The U.K.’s Online Safety Bill (OSB) has passed a critical final stage in the House of Lords, and envisions a potentially vast scheme to surveil internet users.
The bill would empower the U.K. government, in certain situations, to demand that online platforms use government-approved software to search through all users’ photos, files, and messages, scanning for illegal content. Online services that don’t comply can be subject to extreme penalties, including criminal penalties.
Such a backdoor scanning system can and will be exploited by bad actors. It will also produce false positives, leading to false accusations of child abuse that will have to be resolved. That’s why the OSB is incompatible with end-to-end encryption—and human rights. EFF has strongly opposed this bill from the start.
Tomi Engdahl says:
Tetoturva
On yksi asetus, jonka harva pyyhkii puhelimesta tai tietokoneesta luopuessaan – syytä olisi
https://www.is.fi/digitoday/tietoturva/art-2000009839085.html
Laitteesta luovuttaessa se kannattaa palauttaa tehdasasetuksiin. On olemassa myös muita keinoja.
Tietoturvayhtiö Kaspersky Labin mukaan laiteeseen jääneet wifi-verkon tiedot avaavat monenlaisia mahdollisuuksia tietomurtajille. Jos verkossa olevat laitteet, kuten tietokoneet ja mahdolliset verkkolevyt ovat näkyvissä, tunkeutuja voi varastaa niiltä tietoja päästessään vanhalla laitteella verkkoon käsiksi.
Disposing of a gadget? Remember to wipe this
What settings do you need to clear before getting rid of a gadget?
https://www.kaspersky.com/blog/wifi-protection-for-gadget-disposal/48774/
Tomi Engdahl says:
Insta patentoi tehokkaan VPN-salauksensa
https://etn.fi/index.php/13-news/15303-insta-patentoi-tehokkaan-vpn-salauksensa
Salainlaiteteknologian jatkuva kehitys ja innovaatiot ovat avainasemassa tietoturvan parantamisessa yhä monimutkaistuvassa digitaalisessa maailmassa. Tamperelainen Insta on kehittänyt turvallisuuskriittisen tietoliikenteen laitepohjaista salausta SafeLink-ratkaisuunsa. Nyt uudelle ratkaisulle on myönnetty Eurooppa- eli EPO-patentti.
Instan mukaan patentointi on osoitus yrityksen pitkäjänteisestä tuotekehityksestä ja teknologisesta huippuosaamisesta. Patentilla suojattu toiminnallisuus mahdollistaa käyttäjälle nopean salaamisen isoissakin korkean turvaluokan tietoverkoissa. Se parantaa laitteistopohjaisen salauksen turvallisuutta ja suorituskykyä ja on hyödyksi vaativissa ympäristöissä toimiville asiakkaille.
- Patentoitu keksintö liittyy käynnissä olevan SafeLink-tuoteperheen turvaluokan II salaimen tuotekehitykseemme.
Insta SafeLink on Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen turvaluokkaan III asti hyväksymä VPN-ratkaisu turvakriittisten organisaatioiden yksiköiden ja toimipisteiden välisen tietoliikenteen vahvaan suojaamiseen. Tuoteperhe täydentyy jatkossa turvaluokan II (TL II) salaimella. Ratkaisua käyttävät esimerkiksi puolustushallinto ja muut viranomaiset sekä yritykset, joilla on turvakriittisiä tietoliikenneyhteyksiä.
Patentoitu tekniikka liittyy salauksen ja verkkoliikenteen hajauttamiseen. Insta on kehittänyt VPN-ratkaisuunsa esiprosessorin, joka tekee tietokannasta IPsec-salauksen periaatteet eli salauksen, käytetyn algoritmin ja avaimen toimituksen.
Teknologiajohtaja Tatu Männistön mukaan tämän IPsec-policyn haun toteuttaminen FPGA-piirillä on hankalaa. – Se kuluttaa FPGA:lta resursseja, joita halutaan hyödyntää ja maksimoida muissa toiminnallisuuksissa, kuten yhtäaikaisten IPsec-yhteyksien määrässä.
Patentilla suojatussa ratkaisussa esiprosessori tekee lookup-haun siten, että salaiset avaimet eivät poistu FPGA:n turvatulta alueelta. – FPGA:n ei tarvitse luottaa esiprosessoriin (tietoturvan kannalta) ja FPGA pystyy verifioimaan esiprosessorin hakutuloksen oikeellisuuden helposti ja vakioajassa, Männistö kuvaa.
Ero muihin ratkaisuihin on Männistön mukaan SPD-haun (securoty policy database) hajauttaminen eri turvakonteksteihin turvallisesti. Vaikutus latenssiin ja suorituskykyyn riippuu esiprosessorista. – Käytännössä moniytiminen esiprosessori pystyy tekemään lookupin ja paketin välityksen linjanopeudella (10Gbps). FPGA suorituskykyyn tällä ei ole vaikutusta, käytännössä salaaminen tapahtuu myös linjanopeudella, Männistö kehuu.
Tomi Engdahl says:
We had to check the calendar on this one to make sure we hadn’t Rip van Winkle-d all the way to the next March-April interface before diving into this one: US spooks are spending $22 million to develop “smart underwear.” They’ve even got a cool acronym — “Smart Electrically Powered and Networked Textile Systems,” or Smart ePANTS. The popular press is all over the “surveillance undies” thing, and understandably so — who wants sensors built into a garment in such close contact with your most private areas? But if you read into it a bit, the idea starts to make sense, at least how IARPA — the intelligence community’s answer to DARPA — is pitching it. They’re saying that people on sensitive missions, like arms inspections, are often so laden with electronics that it’s hazardous for them to negotiate ladders and catwalks in industrial facilities where arms-control treaty violations are likely to occur. Putting all that electronic junk in with your junk might just make the job easier.
U.S. Spy Agency Dreams of Surveillance Underwear It’s Calling “SMART ePANTS”
https://theintercept.com/2023/09/02/smart-epants-wearable-technology/
The Office of the Director of National Intelligence is throwing $22 million in taxpayer money at developing clothing that records audio, video, and location data.
Tomi Engdahl says:
Record number of cyberattacks targeting critical IT infrastructure reported to UK gov’t this year https://therecord.media/uk-critical-it-infrastructure-attacks-reports-to-nis
Within just the first six months of 2023, organizations operating critical IT infrastructure services in the United Kingdom reported more incidents to government authorities in which cyberattacks had significantly disrupted their operations than in any year previously, according to data obtained under the Freedom of Information Act.
While the total count of attacks might seem low — just 13 that affected organizations operating critical technology services, such as national internet exchange points or backhaul operators — the number marks a significant increase from the four disruptions the sector recorded in each
2022 and 2021.
A government spokesperson told Recorded Future News: “As regulators and regulated organisations develop a clearer understanding of reporting requirements, we expect this to result in an increase in reported incidents.
There is no evidence that any current increase is linked to an increase in hostile activity and any suggestion otherwise is without basis whatsoever.”
But the data also reveals that a large number of regulated organizations attempted to submit reports that were not recorded as NIS incidents due to the thresholds set by the legislation for whether a cyberattack is actually reportable.
Tomi Engdahl says:
Council of Europe report calls use of Pegasus spyware by several countries potentially illegal https://therecord.media/council-of-europe-report-pegasus-spyware
Several European states known to have acquired or deployed powerful foreign commercial surveillance tools have potentially used them illegally, according to a report released Friday by the Parliamentary Assembly of the Council of Europe (PACE).
The PACE’s Committee on Legal Affairs and Human Rights, which produced the report, asked at least 14 European Union countries which have bought or used the tools, including the Netherlands, Germany, Belgium and Luxembourg, to “clarify the framework of its use and applicable oversight mechanisms” within three months.
Additionally, the report singles out Poland, Hungary, Spain, Greece and Azerbaijan, which have already weathered public scandals related to their use of the NSO Group’s Pegasus spyware and similar tools, to undertake “effective, independent and prompt investigations” on all confirmed and alleged cases of spyware abuse.
Tomi Engdahl says:
Ransomware and the cyber crime ecosystem https://www.ncsc.gov.uk/blog-post/ransomware-cyber-crime-ecosystem
Ransomware has been the biggest development in cyber crime since we published the NCSC’s 2017 report on online criminal activity.
Ransomware’s defining feature is that it encrypts data on victims’ systems until a payment is made. Since IT systems are now ubiquitous, ransomware attacks can be truly devastating for victims and their customers, which is why it remains the most acute cyber threat for UK businesses and organisations.
A new white paper, published by the NCSC and the National Crime Agency, examines how the tactics of organised criminal groups (OGCs) have evolved as ransomware and extortion attacks have grown in popularity. It’s particularly aimed at security professionals and resilience sector leads who need to be aware of changes in cyber criminal activity to better protect their systems and inform security policy.
Tomi Engdahl says:
>From Caribbean shores to your devices: analyzing Cuba ransomware
https://securelist.com/cuba-ransomware/110533/
Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics, techniques and procedures. We hope this article will help you to stay one step ahead of threats like this one.
Tomi Engdahl says:
What is digital domestic abuse?
https://www.pandasecurity.com/en/mediacenter/family-safety/what-is-digital-domestic-abuse/
Digital abuse uses technology like text, social media and built-in smartphone apps to ‘bully, harass, stalk or intimidate a partner’ – usually through control. This may manifest as one person limiting who their partner can connect and talk to online. They may also compulsively stalk their partner on social networks or using location sharing apps (like Apple’s Find My) so that they always know where that person is.
Extreme forms of digital domestic abuse may include installing spyware on their victim’s phone or stealing passwords to access online services to ‘check up’ on their activities. As such, digital abuse often accompanies other behaviors like physical or mental abuse.
Tomi Engdahl says:
Got A ‘Sex Video Uploaded’ YouPorn Email? Do These 3 Things Now https://www.forbes.com/sites/daveywinder/2023/09/11/got-a-sex-video-uploaded-youporn-email-do-these-3-things-now/
Have you got a disturbing email that appears to be from the YouPorn adult video platform, claiming that sexually explicit content of you has been uploaded and offering a premium service to take it down? Please don’t panic; I’ve got your back.
Similar to the Day of Hack emails circulating a year or two ago, this latest sex video scam feeds off the fear of intimate personal video footage being distributed online. Also, like all the Day of Hack sextortion scams I’ve seen, this YouPorn automated content removal plan one doesn’t pass my English language test.
At first glance, it is passable enough to believe that it could be from the site concerned, especially as the email address has been so convincingly spoofed to appear to have come from [email protected] itself. However, the opening statement is enough to get the red flags waving: “You have uploaded a sexually explicit content to our platform.” Not a video, not sexually explicit content, but “a sexually explicit content.”
Tomi Engdahl says:
Technical Analysis of HijackLoader
https://www.zscaler.com/blogs/security-research/technical-analysis-hijackloader
HijackLoader is a new malware loader, which has grown in popularity over the past few months. Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses a modular architecture, a feature that most loaders do not have.
Based on our telemetry, we have observed HijackLoader being used to load different malware families such as Danabot, SystemBC and RedLine Stealer.
In this blog, we examine the inner workings of HighjackLoader, from its initialization to modular design to anti-analysis techniques.
Tomi Engdahl says:
Cyberwarfare
Spies, Hackers, Informants: How China Snoops on the West
https://www.securityweek.com/spies-hackers-informants-how-china-snoops-on-the-west/
Some of the ways China has worked to spy on the West in recent years.
British authorities have arrested a man who reportedly spied for China at the heart of the government in London, sparking fresh fears over how Beijing gathers intelligence.
The incident follows allegations earlier this year that China flew a surveillance balloon over the United States, causing a diplomatic furore.
Here are some of the ways China has worked to spy on the West in recent years:
Cyber warfare
The United States warned in 2022 that the Asian giant represents “the broadest, most active, and persistent cyber espionage threat” to its government and private sector.
According to researchers and Western intelligence officials, China has become adept at hacking rival nations’ digital systems to gather trade secrets.
Tech fears
In the technology sector, there are concerns that China’s state-linked firms would be obliged to share intel with their government.
In 2019, the US Department of Justice charged tech giant Huawei with conspiring to steal US trade secrets, among other offences.
Washington has banned the firm from supplying US government systems and strongly discouraged the use of its equipment in the private sector over fears that it could be compromised.
Huawei denies the charges.
Industrial and military espionage
Beijing has leaned on Chinese citizens abroad to gather intelligence and steal sensitive technology, according to experts, US lawmakers and media reports.
Spying on politicians
Chinese operatives have allegedly courted political, social and business elites in Britain and the United States.
‘Police stations’
Another technique used by Chinese operatives is to tout insider knowledge about the Communist Party’s opaque inner workings and dangle access to top leaders to lure high-profile Western targets, researchers say.
The aim has been to “mislead world leaders about (Beijing’s) ambitions” and make them believe “China would rise peacefully — maybe even democratically”‘ author Alex Joske wrote in his book, “Spies and Lies: How China’s Greatest Covert Operations Fooled the World”.
Tomi Engdahl says:
https://hackaday.com/2023/09/12/your-car-is-a-privacy-nightmare-on-wheels/
Tomi Engdahl says:
New platform ‘to slash £6.6bn security testing costs’ as 77% in survey say it’s too expensive
https://www.iot-now.com/2019/01/11/91999-new-platform-slash-6-6bn-security-testing-costs-77-survey-say-expensive/
In a survey by Avord, provider of a new security testing platform, businesses have criticised the security testing industry for being too expensive. The report indicates that UK firms alone are spending more than £6.6 billion (US$8.41 billion {€7.30 billion}) annually protecting critical assets from cyber attacks.
Research from Avord – a revolutionary new security testing platform that launches today – puts the spotlight firmly on the security testing market, which is dominated by consultancies that provide services to businesses, sometimes at twice the daily rate of an independent tester. And with 77% of UK businesses claiming the cost of testing is too expensive, there is a clear demand for change, says Avord.
The challenges of security testing
Three in four businesses are currently initiating security testing to comply with organisational operating practices and standards, such as ISO27001, ITIL, ISF’s Standard of Good Practice for Information Security and public sector guidelines. However, most firms taking part in the study said that determining the risks associated with a sensitive data breach (72%) and cost (72%) were major challenges when it comes conducting tests.
The complexities and lack of security testing knowledge were also cited as key issues, with seven in 10 revealing ‘identifying when in the development process to test’ and ‘what kind of testing was required’ as further challenges. As a result, more than three quarters of businesses (82%) are now outsourcing security testing on their critical assets at considerable expense.
A surge in cyber crime
Worryingly, a third (33%) of UK businesses have battled an online security breach in the past 12 months, which have directly hit their bottom lines, lost them customers and damaged their brand reputations. Of those hit by a cyber-attack, 95% reported that the breach occurred partly or totally as a result of issues with the security testing process.
Tomi Engdahl says:
United Nations
Developments in the field of information and telecommunications in the context of international security
https://disarmament.unoda.org/ict-security/
International ICT-security at the United Nations
The issue of information security has been on the UN agenda since 1998, when the Russian Federation introduced a draft resolution on the subject in the First Committee of the UN General Assembly. It was then adopted without a vote by the General Assembly as resolution 53/70. Since then, several intergovernmental processes have been established to address the security of and use of ICTs in the context of international security.
Tomi Engdahl says:
UK businesses could escape data breach fines if they engage with NCSC over cyber incidents https://therecord.media/uk-memorandum-ncsc-ico-data-breach-fines
British organizations that suffer a data breach may face lower fines if — instead of attempting to conceal the incident — they proactively report and engage with the country’s cybersecurity agency, according to a new agreement between the agency and the data protection regulator.
The chief executives of the United Kingdom’s National Cyber Security Centre
(NCSC) — a part of GCHQ — and the Information Commissioner’s Office (ICO) signed the memorandum of understanding (MOU) on Tuesday.
Among the MOU’s provisions is a commitment from the ICO to explore “how it can transparently demonstrate that meaningful engagement with the NCSC will reduce regulatory penalties.”