Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
Messenger billed as better than Signal is riddled with vulnerabilities
Threema comes with unusually strong claims. They crumble under new research findings.
https://arstechnica.com/information-technology/2023/01/messenger-billed-as-better-than-signal-is-riddled-with-vulnerabilities/
Tomi Engdahl says:
https://pentestmag.com/infrastructure-testing-with-msf/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/
Tomi Engdahl says:
Why Cybersecurity Consultants Are In High Demand
https://pentestmag.com/why-cybersecurity-consultants-are-in-high-demand/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/01/09/uusi-kyberturvallisuusdirektiivi-kayttoon-2024/
Tomi Engdahl says:
https://pentestmag.com/the-shades-of-tunneling/
Tomi Engdahl says:
https://www.f-secure.com/fi/home/free-tools/router-checker
Tomi Engdahl says:
https://www.analyticsinsight.net/top-10-programming-languages-for-cryptography-in-2023/
Tomi Engdahl says:
https://pentestmag.com/meaning-of-edr-and-its-importance-to-the-security-stack-in-2022/
Tomi Engdahl says:
Resilienssi jää helposti heikoksi, jos pilvisiirtymää ei tehdä kunnolla. Miksi resilienssillä on väliä?
Lue lisää aiheesta artikkelistamme
Resilienssi toteutuu parhaiten modernissa pilviympäristössä
https://www.knowit.fi/nakemyksiamme/resilienssi-toteutuu-parhaiten-modernissa-pilviymparistossa/?utm_source=facebook&utm_medium=paid_ads&utm_campaign=pilvi-resilienssi&utm_term=interests&utm_content=teaser&hsa_acc=1009266266588394&hsa_cam=23849154967820232&hsa_grp=23852436106160232&hsa_ad=23852436142960232&hsa_src=fb&hsa_net=facebook&hsa_ver=3&fbclid=IwAR1xkYIJmJov36ph0OT2rVOmfan1gqjIQYoaFRwGBvlJHirtUHvqLpTwEp0
Pilvisiirtymää markkinoidaan kustannussäästöillä, päästöjen pienenemisellä, innovaatiokyvykkyydellä sekä resilienssillä. Nämä hyödyt ovat täysin mahdollisia, mutta ne eivät realisoidu pelkästään siirtymällä konesalista pilviympäristöön. Työkuormien vienti pilveen on vasta matkan alku.
Suurimmat hyödyt saadaan usein siinä vaiheessa, kun työkuormia aletaan modernisoida esimerkiksi muuttamalla niitä pilvinatiiveiksi.
Liian usein organisaatio vain “menee pilveen”, eli siirtää työkuormat lähes sellaisenaan niin sanotulla lift & shift -metodilla. Jos pilvisiirtymä jää tähän, saattavat kustannukset pahimmillaan olla jopa suurempia kuin omassa konesalissa. Myös kestävyys- ja resilienssinäkökulmat jäävät silloin puolitiehen. Kun asioita aletaan tehdä pilvessä modernisti, aletaan saada myös todellisia hyötyjä.
Tomi Engdahl says:
Resilienssi syntyy palvelun tarjoajan ja käyttäjän yhteistyöllä
Tomi Engdahl says:
Introducing… Threader3000 by Matt Johnson
Offensive security as the red team, Defensive security as the blue team, or even a network administrator, you will undoubtably know the network mapper, or Nmap for short. I’m sure most know this tool but for the few that may not, Nmap is an open-source tool used by all sorts of professionals in the information technology field for network discovery and security auditing.
https://pentestmag.com/introducing-threader3000/
#pentest #magazine #pentestmag #pentestblog #PTblog #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Digia perusti kyberosaajien verkoston kilpailu asiantuntijoista käy kuumana [TILAAJILLE] https://www.tivi.fi/uutiset/tv/5c57800c-849e-4aa6-9321-d28929a6d16d
Kyberuhkien lisääntyessä ja muuttaessa muotoaan koko ajan myös kyberturvaosaamisen ja -palveluiden tarve kasvaa. Samalla myös kilpailu asiantuntevasta työvoimasta käy kuumana. Tähän ongelmaan vastatakseen Digia on perustanut Digia Cybersecurity Hub-verkoston. Se kokoaa yhteen yli 200 kyber- ja tietoturva-alan asiantuntijaa sekä yritystä
Tomi Engdahl says:
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. “Attackers now use the polyglot technique to confuse security solutions that don’t properly validate the JAR file format,” Deep Instinct security researcher Simon Kenin said in a report. also:
https://www.deepinstinct.com/blog/malicious-jars-and-polyglot-files-who-do-you-think-you-jar
Tomi Engdahl says:
Hakkerilegenda Harri Hursti varoittaa suomalaisia – Venäläiset ovat tällaisissa hyökkäyksissä erityisen taitavia” [TILAAJILLE]
https://www.tivi.fi/uutiset/tv/3b19a0cf-80c3-42f4-81e8-e4903e12cf91
Rikolliset maksavat pimeässä verkossa suomalaisten pankkitiedoista seitsenkertaista hintaa verrattuna monien muiden maiden kansalaisten tietoihin. Hintaero johtuu siitä, että suomalaisen henkilö- ja tilitiedot ovat rikollisille tuottoisampia kuin amerikkalaisen asiakkaan tiedot, koska suomalaisissa pankeissa on huomattavasti heikommat petosten estojärjestelmät kuin kansainvälisissä suurissa pankeissa
Tomi Engdahl says:
NSA asks Congress to let it get on with that warrantless data harvesting, again https://www.theregister.com/2023/01/14/in_brief_security/
A US intelligence boss has asked Congress to reauthorize a controversial set of powers that give snoops warrantless authorization to surveil electronic communications in the name of fighting terrorism and so forth
Tomi Engdahl says:
Yksityisverkolla voi varautua häiriötilanteisiin ja lisätä kyberturvaa
- – toimii 5g-verkon päällä ympäri Suomen
https://www.tivi.fi/uutiset/tv/33ab5f70-158c-4b17-afed-3fdf05ac6472
Privaattiverkko on mobiili yksityisverkko, eli esimerkiksi yrityksen tai yhteisön omassa käytössä olevaa suljettu mobiiliverkko. Sen avulla voi lisätä esimerkiksi yrityksen tai teollisuuden kyberturvallisuutta, sillä tietoturva on suljetussa verkossa helpompi varmistaa
Tomi Engdahl says:
Hackers prove it doesn’t take much to hijack a dead satellite
https://www.popsci.com/technology/hackers-dead-satellite/
The decommissioned satellite was used to broadcast movies and a conference.
With only a $300 piece of equipment and (legal) access to an uplink station, you, too, can broadcast WarGames from a decommissioned Canadian satellite—that’s what hacking enthusiast Karl Koscher showed everyone over the weekend at the annual Def Con hacker meetup in Las Vegas. As a new writeup from Motherboard details, after being granted access to an abandoned uplink facility, Koscher and friends used a software defined radio called a Hack RF to connect with Canada’s defunct Anik F1R satellite last year and “have some fun with it.”
Tomi Engdahl says:
The big risk in the most-popular, and aging, big tech default email programs
https://www.cnbc.com/2023/01/15/the-most-popular-big-tech-email-programs-are-old-and-vulnerable.html
KEY POINTS
Many individuals and businesses rely on email programs from Microsoft, Google and Apple.
Cybersecurity experts say email is such an old technology it relies on operating systems vulnerable to cyber attacks and default settings need to be updated more frequently.
Each month, Microsoft Defender for Office 365 detects and blocks close to 40 million emails containing Business Email Compromise, or BEC, and blocks 100 million emails with malicious credential phishing links.
There are privacy risks for users in pushing big technology companies to monitor email more closely, and some changes made by the biggest tech companies for security reasons have led to user backlash.
Tomi Engdahl says:
https://www.popsci.com/technology/hackers-dead-satellite/
Tomi Engdahl says:
Small business owners warned not to rely on Gen Z to handle cyber security
https://www.abc.net.au/news/2023-01-16/gen-z-are-least-aware-of-cyber-risks-cosboa-cyberwardens/101856932
Small business owners could be putting their businesses at risk by relying on younger family members or employees to manage their cybersecurity.
Key points:
The survey found Gen Xers and older Millennials took cyber security the most seriously
Only one in five small business owners and employees were confident in their ability to prepare for a cyber threat
Gen Z is among the least cyber safe, despite being social media savvy
Tomi Engdahl says:
6 Types Of Business Data Security Controls You Should Use To Keep Your Business Safe
https://pentestmag.com/6-types-of-business-data-security-controls-you-should-use-to-keep-your-business-safe/
Tomi Engdahl says:
World leaders unprepared for rise in cyberwarfare in the ’90s, author says
Several nations caught off guard by cyberattacks, Matt Potter says.
https://abcnews.go.com/Technology/world-leaders-unprepared-rise-cyberwarfare-90s-author/story?id=96419401
Tomi Engdahl says:
https://www.knowit.fi/nakemyksiamme/resilienssi-toteutuu-parhaiten-modernissa-pilviymparistossa/
Tomi Engdahl says:
The Unique Challenges of Securing APIs
https://pentestmag.com/the-unique-challenges-of-securing-apis/
APIs are responsible for a huge amount of data flowing around on the internet. With more and more software and technology using APIs to interact with one another, they’re also becoming a bigger target for hackers who abuse them to find business logic gaps they can exploit and steal sensitive information.
Recent research from Gartner highlights how API attacks have become the most common attack vector now for enterprises’ online applications. As the use of APIs continues to grow, organizations must contend with the need to secure their APIs from attacks.
Tomi Engdahl says:
Huoltovarmuuden tilannekuva: Kyberuhat ja sähkön riittävyys herättävät kysymyksiä https://www.huoltovarmuuskeskus.fi/a/huoltovarmuuden-tilannekuva-kyberuhat-ja-sahkon-riittavyys-herattavat-kysymyksia
Huoltovarmuuden yleistilannekuvassa on huomattavissa, että valtionhallintoon ja kriittisen infrastruktuurin yrityksiin kohdistuu tavanomaista enemmän kyberhyökkäyksiä. Kyberuhat ovat myös yksi yritysten keskeinen huolenaihe
Suomalaisia yrittäjiä varoitetaan taas sähkökatkoista Olemme huolissamme https://www.tivi.fi/uutiset/tv/e77a56ea-4b24-4852-b970-0b20e45fd38c
Pohjolan Vakuutuksen mukaan sähkökatko voi aiheuttaa kohonneen murtovarkauden riskin, jos hälytys- ja valvontajärjestelmät eivät ole varavirtalähteiden piirissä. Oksanen kehottaa kääntymään laitetoimittajan puoleen, jos sähkökatkon vaikutus hälytysjärjestelmän tai ovien lukituksen toimivuuteen on epäselvä
Tomi Engdahl says:
China aims to grow local infosec industry by 30 percent a year, to $22 billion by 2025 https://www.theregister.com/2023/01/16/china_infsec_industry_growth_plan/
A document with the catchy title of “Guiding Opinions of Sixteen Departments Including the Ministry of Industry and Information Technology on Promoting the Development of the Data Security Industry”
was issued last week,. setting out an ambitious program to scale the industry at 30 percent compound annual growth rate, so it reaches ¥15 billion ($22B) of annual revenue by 2025
Tomi Engdahl says:
The Dangers of Default Cloud Configurations https://www.darkreading.com/cloud/the-dangers-of-default-cloud-configurations
When you hear “default settings” in the context of the cloud, a few things can come to mind: default admin passwords when setting up a new application, a public AWS S3 bucket, or default user access. Often, vendors and providers consider customer usability and ease more important than security, resulting in default settings. One thing needs to be clear: Just because a setting or control is default doesn’t mean it’s recommended or secure
Tomi Engdahl says:
Open-Source Intelligence (OSINT) in 5 Hours – Full Course – Learn OSINT!
https://www.youtube.com/watch?v=qwA6MmbeGNo
0:00 – Introduction/whoami
5:13 – Important Disclaimer
7:37 – OSINT Overview
12:06 – Taking Effective Notes
20:09 – Introduction to Sock Puppets
22:52 – Creating Sock Puppets
37:19 – Search Engine Operators
1:00:39 – Reverse Image Searching
1:07:58 – Viewing EXIF Data
1:14:27 – Physical Location OSINT
1:23:43 – Identifying Geographical Locations
1:34:16 – Where in the World, Part 1
1:35:34 – Where in the World, Part 2
1:46:58 – Creepy OSINT
1:47:49 – Discovering Email Addresses
2:03:42 – Password OSINT – Introduction
2:07:25 – Hunting Breached Passwords Part 1
2:19:25 – Hunting Breached Passwords Part 2
2:29:23 – Hunting Usernames & Accounts
2:38:07 – Searching for People
2:47:54 – Voter Records
2:51:46 – Hunting Phone Numbers
3:03:04 – Discovering Birthdates
3:06:42 – Searching for Resumes
3:11:51 – Twitter OSINT Part 1
3:26:46 – Twitter OSINT Part 2
3:41:57 – Twitter OSINT Part 3
3:47:22 – Facebook OSINT
4:00:33 – Instagram OSINT
4:09:07 – Snapchat OSINT
4:11:37 – Reddit OSINT
4:17:32 – LinkedIn OSINT
4:25:41 – TikTok OSINT
4:29:05 – Conclusion
Tomi Engdahl says:
The Creepiest OSINT Tool to Date
https://www.youtube.com/watch?v=uBynB50liTw
Tomi Engdahl says:
UK schools build cyber resilience
https://www.ncsc.gov.uk/blog-post/uk-schools-build-cyber-resilience
Despite an increase in the number of ransomware attacks, a new cyber security survey reveals that schools across the UK are better prepared for cyber attacks. Research by London Grid for Learning (LGfL) – in collaboration with the NCSC – shows that over half the schools in the research (53%) felt prepared for a cyber attack
Tomi Engdahl says:
Teknologia-alan kulisseissa käydään kiihkeää taistelua – näin Kiinan vakoojat varastavat länsimaiden liikesalaisuuksia
https://www.tivi.fi/uutiset/tv/b1655852-401d-410e-9686-862d071272b7
Teollisuusvakoilu on merkittävässä asemassa Yhdysvaltojen ja Kiinan välisessä kamppailussa taloudellisesta ja geopoliittisesta vallasta
Tomi Engdahl says:
Small business owners warned not to rely on Gen Z to handle cyber security
https://www.abc.net.au/news/2023-01-16/gen-z-are-least-aware-of-cyber-risks-cosboa-cyberwardens/101856932
A new survey has found two-thirds of Australia’s small business owners believe tech-savviness equates to cyber-safety skills. But our first generation of digital natives, Gen Z (born between 1997 and 2010), are among the least cyber safe in the country
Tomi Engdahl says:
Pääkaupunkiseudun kirjastoista livahti asiakkaiden tietoja laittomasti Yhdysvaltoihin
https://yle.fi/a/74-20013223
Apulaistietosuojavaltuutettu antoi pääkaupunkiseudun kaupungeille huomautuksen tietosuojalainsäädännön vastaisesta henkilötietojen käsittelystä
Tomi Engdahl says:
Annual Payment Fraud Intelligence Report: 2022
https://www.recordedfuture.com/annual-payment-fraud-intelligence-report-2022
This report provides trends and metrics for the payment card fraud landscape in 2022 and identifies the merchants most frequently compromised or abused as tester merchants. The target audience of this report is fraud and cyber threat intelligence (CTI) teams at financial institutions and merchant services companies
Tomi Engdahl says:
Check Point Research flags a 48% growth in cloud-based networks attacks in 2022, compared to 2021 https://blog.checkpoint.com/2023/01/17/check-point-research-flags-a-48-growth-in-cloud-based-networks-attacks-in-2022-compared-to-2021/
When examining the past two years of Cloud-based networks landscape, we see a significant growth of 48% in the number of attacks per organization experienced in 2022, compared to 2021. When examining the growth in number of attacks per organization, according to geographical regions we see that Asia sees the largest increase, Year of year, with 60% growth, followed by Europe that has seen a substantial growth of 50% and North America with 28%
Tomi Engdahl says:
Helen Thomas / Financial Times:
The UK failed to avoid making a complex and confusing Online Safety Bill, leaving social media companies grappling with implementing rules like age verification
Where the UK’s ‘world-leading’ online rules lost their way
https://www.ft.com/content/70c36e06-9727-471b-8fe9-b7fef7e7e47d
Tomi Engdahl says:
Wall Street Journal:
Investigation: 600+ US law enforcement agencies can access a database of 150M+ money transfers between the US and 20+ countries via Western Union and others
Little-Known Surveillance Program Captures Money Transfers Between U.S. and More Than 20 Countries
https://www.wsj.com/articles/little-known-surveillance-program-captures-money-transfers-between-u-s-and-more-than-20-countries-11674019904?mod=djemalertNEWS
Law-enforcement agencies across the U.S. have direct access to over 150 million transactions housed at an Arizona nonprofit
Hundreds of federal, state and local U.S. law-enforcement agencies have access without court oversight to a database of more than 150 million money transfers between people in the U.S. and in more than 20 countries, according to internal program documents and an investigation by Sen. Ron Wyden.
The database, housed at a little-known nonprofit called the Transaction Record Analysis Center, or TRAC, was set up by the Arizona state attorney general’s office in 2014 as part of a settlement reached with Western Union to combat cross-border trafficking of drugs and people from Mexico. It has since expanded to allow officials of more than 600 law-enforcement entities—from federal agencies such as the Federal Bureau of Investigation, the Drug Enforcement Administration, and Immigration and Customs Enforcement to small-town police departments in nearly every state—to monitor the flow of funds through money services between the U.S. and countries around the world.
Tomi Engdahl says:
Yksi tietoturvan pettämisen syy voi olla yllättävä: it-ammattilaisten työuupumus
https://www.talouselama.fi/uutiset/yksi-tietoturvan-pettamisen-syy-voi-olla-yllattava-it-ammattilaisten-tyouupumus/6324dcdd-56a7-4c9a-a7e6-106c245d04da?utm_source=uusisuomifi&utm_medium=almainternal&utm_campaign=kiintea_uusisuomi_ohjausboksi&utm_content=etusivu
Jos organisaation it-osasto ja etenkin tietoturvaosaajat uupuvat ja stressaantuvat, hakkereiden työ voi käydä helpommaksi.
It-alan ammattilaiset kantavat harteillaan suurta vastuuta organisaatioihin kohdistuvien kyberhyökkäysten torjumisesta.
Tietoturvayhtiö Mimecastin tekemän kyselyn mukaan jopa 56 prosenttia tietoturvaosaajista kokeekin stressitasonsa kasvavan vuosittain, eikä tilanteelle näy loppua.
Bleeping Computer muistuttaa, että ammattilaisten kasvava uupumus ja stressi vaikuttavat työhyvinvoinnin lisäksi organisaatioiden tietoturvan tasoon. Mikäli kyber- ja tietoturvaosaajat palavat loppuun, kyberhyökkäysten onnistumisen riski lisääntyy.
Turvajärjestelmät eivät toimi ilman työntekijöiden ammattitaitoa esimerkiksi konfiguraatioiden ja ylläpidon saralla. Myös työn sisältö itsessään voi turhauttaa työntekijöitä, mikäli tehtävät sisältävät paljon manuaalista ja itseään toistavaa tekemistä.
Turhautumista voi aiheuttaa muun muassa järjestelmien tarkkailu, poikkeamien havainnointi ja raportointi, jotka ovat yleensä jatkuvasti toistuvia ja samanlaisia toimenpiteitä. Jos ammattilainen on stressaantunut ja turhautunut, hän voi esimerkiksi jättää huomaamatta epämääräisen toiminnan organisaation järjestelmissä.
Myös erilaiset viestit ja huomautukset poikkeavuuksista saattavat jäädä huomaamatta.
IT Burnout may be Putting Your Organization at Risk
https://www.bleepingcomputer.com/news/security/it-burnout-may-be-putting-your-organization-at-risk/
The heavy responsibility of securing organizations against cyber-attacks is overwhelming and weighs heavier on security professionals, recent data shows. In fact, fifty-six percent of team members say their work stress grows yearly and there are no signs of slowing for 2023.
Obviously, this growing trend of work-related stress in IT security is not only a concern for employee well-being but for the health of the security infrastructure they’re responsible for.
Cybersecurity burnout makes businesses vulnerable to attacks. Security infrastructure doesn’t work without IT staff expertise and requires proper configuration and routine maintenance for optimal performance.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/01/19/varo-naita-haittaohjelmia-naamioituvat-laillisiksi/
Tomi Engdahl says:
Pääesikunnan tiedustelupäällikkö: Näitä asioita vieraat valtiot yrittävät tiedustella Suomesta
https://www.iltalehti.fi/kotimaa/a/520eddae-a9cf-441f-a2d9-2833a5a7ceeb
Sotilastiedustelulaki ja sen antamat toimivaltuudet ovat toimivia ja oikeasuhtaisia, Puolustusvoimat arvioi sotilastiedustelun julkisessa katsauksessa.
Näistä asioista ulkomaiset tiedustelupalvelut yrittivät saada tietoa:
– Puolustus- ja turvallisuuspoliittinen päätöksenteko.
– Keskeinen infrastruktuuri.
– Puolustusvoimien toiminta.
– Käynnissä olevat suorituskykyhankkeet.
– Vielä julkaisemattomat ratkaisut ja muu ei-julkinen materiaali.
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
PayPal says hackers accessed the sensitive data of ~35K users, including addresses and social security numbers, in a December 2022 credential stuffing attack — PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
PayPal accounts breached in large-scale credential stuffing attack
https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
This type of attack relies on an automated approach with bots running lists of credentials to “stuff” into login portals for various services.
Tomi Engdahl says:
Wall Street Journal:
The FAA says a contractor unintentionally deleted files used in a pilot-alert system while trying to sync a database and its backup, causing last week’s outage
FAA Says Contractor Unintentionally Caused Outage That Disrupted Flights
The federal air-safety regulator said no evidence of cyberattack or malicious intent was found
https://www.wsj.com/articles/contractor-unintentionally-caused-pilot-alert-system-outage-that-disrupted-flights-faa-says-11674175850?mod=djemalertNEWS
The Federal Aviation Administration said Thursday that a contractor working for the air-safety regulator had unintentionally deleted computer files used in a pilot-alert system, leading to an outage that disrupted U.S. air traffic last week.
The agency, which declined to identify the contractor, said its personnel were working to correctly synchronize two databases—a main one and a backup—used for the alert system when the files were unintentionally deleted.
The FAA said it had taken steps to prevent a recurrence of the outage in the system used for collecting and distributing the alerts, known as Notice to Air Missions, or Notams.
“The agency has so far found no evidence of a cyberattack or malicious intent,” the FAA said late Thursday in a statement outlining preliminary findings in its continuing investigation. The FAA said that it had made necessary repairs to the system and has taken steps to make it more resilient.
Last week, a breakdown with the Notam system that began Jan. 10 prompted the agency to halt domestic departures for nearly two hours the following day, leading to delays and contributing to cancellations across the country.
Notams provide pilots with information and alerts about potential hazards or restrictions in the air or on the ground at airports. Dispatchers working from airlines’ operations centers review them for important information that could affect flights. Pilots are required to review the alerts before taking off.
FAA staff and former agency leaders, as well as some elected officials and air safety advocates, have for years warned about older technology the agency relies on to manage operations in U.S. airspace. The FAA has worked to update the Notam system, but it contains legacy technology, including what the Transportation Department described as “failing vintage hardware” in a recent budget document.
Tomi Engdahl says:
Chainalysis:
Analysis: ransomware attackers received at least $456.8M in 2022, falling ~40% from $765.6M in 2021 and $765M in 2020, as victims increasingly refuse to pay
Ransomware Revenue Down As More Victims Refuse to Pay
https://blog.chainalysis.com/reports/crypto-ransomware-revenue-down-as-victims-refuse-to-pay/
2022 was an impactful year in the fight against ransomware. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.
As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data. When we published last year’s version of this report, for example, we had only identified $602 million in ransomware payments in 2021. Still, the trend is clear: Ransomware payments are significantly down.
However, that doesn’t mean attacks are down, or at least not as much as the drastic dropoff in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers. We’ll discuss this phenomenon more below, but first, let’s look more at general ransomware trends in 2022.
Tomi Engdahl says:
Chainguard Trains Spotlight on SBOM Quality Problem
https://www.securityweek.com/chainguard-trains-spotlight-sbom-quality-problem
Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.
According to new data from software supply chain security startup Chainguard, SBOMs being generated by existing tools fail to meet the minimum data fields needed inside an SBOM to enable the management of software vulnerabilities, licenses, and inventory tracking.
“Only one percent of SBOMs were entirely conformant with the minimum elements. The minimum elements appear to be a high bar for SBOMs. Further research will need to address whether the standard is too high, whether SBOM generation tools must evolve, or whether the underlying software artifacts lack necessary package metadata,” Chainguard security data scientist John Speed Meyers explained.
Chainguard’s researchers collected about 3,000 SBOMs for analysis using four SBOM creation tools from a list of popular Docker Hub containers and used an NTIA conformance checker tool to measure SBOM conformance with minimum elements.
The team said the minimum element data fields include information about each software component (supplier, name, version, unique ID, relationships) and also metadata about the SBOM itself, including the author and the time of creation.
After parsing the data, the Chainguard team found the majority of SBOMs lacked specified suppliers for their components while about 1,000 SBOMs failed to specify a name or version for all components.
Tomi Engdahl says:
Credential Leakage Fueling Rise in API Breaches
https://www.securityweek.com/credential-leakage-fueling-rise-api-breaches
There is a problem with API security – it isn’t working very well, and it’s largely down to credential leakage. Most security professionals are confident in their own API credential management; but at the same time, most of the same professionals admit to having experienced a breach effected through compromised API credentials.
In a survey of more than 400 US-based professionals (more than 90% of whom were developers or security people), 53% claimed to have suffered an API breach, while 77% claimed their company was very or extremely effective in managing their tokens. Only 3% believed they are not effective in protecting the credentials – and yet API breaches continue to rise.
The cause of this apparent contradiction is probably threefold: a lack of visibility into existing APIs, the sheer volume of APIs that are in use, and the amount of time already being spent on managing the credentials for those APIs. The survey conducted by Corsha discovered that 64% of companies are managing more than 250 API credentials across their network (with 3% managing more than 1,000).
This volume, and the company effort, is reflected in the amount of time spent on protecting them. Eighty-six percent of the respondents spend up to 15 hours every week provisioning, managing, and dealing with API secrets. That is time taken away from app development – making API secrets a costly and expensive exercise that still doesn’t work. Corsha costed this on an average developer’s salary of about $120,000 per year: “That means each respondent could be spending up to $44,460 per year on secrets management.”
Tomi Engdahl says:
Linux-haittaohjelmia on enemmän kuin koskaan aiemmin
https://etn.fi/index.php/13-news/14490-linux-haittaohjelmia-on-enemmaen-kuin-koskaan-aiemmin
Huolimatta Linuxin maineesta turvallisimpana käyttöjärjestelmänä, se ei ole immuuni haittaohjelmille. Itse asiassa Linux-haittaohjelmat ovat yleistyneet viime vuosina, kun yhä useammat laitteet ja palvelimet toimivat Linux-käyttöjärjestelmissä.
Atlas VPN:n analysoimien tietojen mukaan viime vuonna koodattiin yli 1,9 miljoonaa uutta Linux-haittaohjelmaa. Määrä on 50 prosenttia suurempi kuin edellisvuonna. Luvut perustuvat saksalaisen AV-TEST Gmb:n haittaohjelmauhkatilastoihin.
Tomi Engdahl says:
Ransomware revenue fell by $300 million in 2022 as more victims refuse to pay: report https://therecord.media/ransomware-revenue-fell-by-300-million-in-2022-as-more-victims-refuse-to-pay-report/
Revenues brought in from ransomware attacks fell from $765.6 million in 2021 to $456.8 million in 2022, according to a new report. Experts from blockchain research firm Chainalysis attributed the drop to a variety of factors, most notably that more victims are simply refusing to pay up when threatened by criminal groups. The company tracks the data based on cryptocurrency addresses known to be controlled by ransomware actors, but they noted that the totals are likely far greater because there are many addresses that they . As an example, when they released their 2021 report, they had only identified $602 million in ransomware payments before revising that figure throughout
2022 as more addresses were discovered. However, that doesnt mean attacks are down, or at least not as much as the drastic dropoff in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers. The report:
https://blog.chainalysis.com/reports/crypto-ransomware-revenue-down-as-victims-refuse-to-pay/
Tomi Engdahl says:
Cybersecurity Awareness Raising: Peek Into the ENISA-Do-It-Yourself Toolbox https://www.enisa.europa.eu/news/cybersecurity-awareness-raising-peek-into-the-enisa-do-it-yourself-toolbox
The European Union Agency for Cybersecurity (ENISA) launches today the Awareness Raising in a Box (AR-in-a-BOX) package designed to help organisations build their own awareness raising programmes. Awareness raising programmes form an indispensable part of an organisations cybersecurity strategy and are used to promote good practices and induce change in the cybersecurity culture of employees and ultimately the society at large. AR-in-a-Box is offered by ENISA to public bodies, operators of essential services, large private companies as well as small and medium ones (SMEs). With AR-in-a-BOX, ENISA provides theoretical and practical knowledge on how to design and implement cybersecurity awareness activities.
Tomi Engdahl says:
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022 https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actors activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. This was newly implemented in the known Android malware Wroba.o/Agent.eq (a.k.a Moqhao, XLoader), which was the main malware used in this campaign.