Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
Hunting Cyber Evil Ratels: From the targeted attacks to the widespread usage of Brute Ratel https://yoroi.company/research/hunting-cyber-evil-ratels-from-the-targeted-attacks-to-the-widespread-usage-of-brute-ratel/
Red team operations are fundamental for achieving an adequate cybersecurity maturity level. So, many different C2 commercial frameworks were born to provide help in managing security tests.
However, these technologies can be used at the same time even by attackers to make cyber intrusions. One of the most emblematic examples of this phenomenon is Brute Ratel, a commercial Red Team Operations framework developed by Chetan Nayak, an expert red teamer, formerly both in Mandiant and Crowdstrike, which, starting from the past year, has been used by attackers both in cybercrime and APT operations
Tomi Engdahl says:
Rustproofing Linux (Part 3/4 Integer Overflows) https://research.nccgroup.com/2023/02/14/rustproofing-linux-part-3-4-integer-overflows/
In the C programming language, integer types can be a bit confusing.
Portability issues can arise when the same code is used in multiple hardware architectures or operating systems. For example, int is usually 32-bit, but could also be 16-bit; long is 64-bit on 64-bit architectures, well, except on Windows; and char is normally a signed char, unless youre on ARM, then its an unsigned char. There are also quite a few integer type promotion rules that define what happens when operations occur on differing types of integers. These nuanced rules can lead to confusion, which is demonstrated by vulnerabilities that were incorrectly fixed and need to be fixed again (CVE-2015-6575 is one such example)
Tomi Engdahl says:
IoT-datan salaus sai kauan odotetun standardin
https://etn.fi/index.php/13-news/14599-iot-datan-salaus-sai-kauan-odotetun-standardin
Kuinka suojata pienten laitteiden kuten IoT-laitteiden generoima data, kun se pitää siirtää verkon yli prosessoitavaksi. NIST eli National Institute of Standards and Technology on saanut valmiiksi kilpailunsa, jossa etsittiin ratkaisua alueen standardiksi. Voittajaksi ylsi Ascon-niminen salausalgoritmien ryhmä, joka julkaistaan NIST:n kevyenä salausstandardina myöhemmin tänä vuonna.
Ascon-algoritmit valikoituivat voittajaksi 10 finalistin joukosta. Valinta perustui useisiin kriteereihin. – Kyky tarjota tietoturva oli ensiarvoisen tärkeää, mutta meidän piti ottaa huomioon myös sellaisia tekijöitä kuin ehdokasalgoritmin suorituskyky ja joustavuus nopeuden, koon ja energiankäytön suhteen, McKay selittää.
Asconin kehitti vuonna 2014 Grazin teknillisen yliopiston, Infineon Technologiesin, Lamarr Security Researchin ja Radboudin yliopiston kryptografien ryhmä. Se valittiin vuonna 2019 ensisijaiseksi valinnaksi kevyelle autentikoidulle salaukselle CAESAR-kilpailun lopullisessa salkussa, mikä on merkki siitä, että Ascon oli kestänyt kryptografien murtoyritykset vuosien ajan.
Ascon-perheeseen kuuluu tällä hetkellä seitsemän jäsentä, joista osa tai kaikki voivat tulla osaksi NISTin julkaistua kevyttä kryptografiastandardia. Koko perheenä versiot tarjoavat erilaisia toimintoja, jotka tarjoavat suunnittelijoille vaihtoehtoja erilaisiin tehtäviin. Kaksi näistä tehtävistä ovat tärkeimpiä kevyessä kryptografiassa: todennettu salaus liittyvillä tiedoilla (AEAD) ja hajautus.
AEAD suojaa viestin luottamuksellisuutta, mutta se mahdollistaa myös lisätietojen – kuten viestin otsikon tai laitteen IP-osoitteen – sisällyttämisen salaamatta. Algoritmi varmistaa, että kaikki suojatut tiedot ovat aitoja ja että ne eivät ole muuttuneet siirron aikana. AEAD:tä voidaan käyttää ajoneuvojen välisessä viestinnässä, ja se voi myös auttaa estämään sellaisten viestien väärennöksiä, jotka on vaihdettu radiotaajuustunnistustunnisteilla (RFID), jotka usein auttavat jäljittämään varastoissa olevia paketteja.
Kannattaa panna merkille, ettei IoT-datan salaus on ns. kvanttisalaus. Yksi Asconin versioista tarjoaa vastustuskyvyn sellaisille hyökkäyksille, joita tehokas kvanttitietokone saattaa yrittää. Tällainen PQC-salaus eli kvanttikoneenkestävä salaus on tärkeä pitkäaikaisille salaisuuksille, joita on suojattava vuosia. Yleensä kevyttä kryptografiaa käytetään lyhytaikaiseen datan salaamiseen.
Tomi Engdahl says:
Näin kyberhyökkäys vaikutti Uponorin tulokseen
https://www.tivi.fi/uutiset/tv/cb996069-a8e3-4376-a553-b834d9dded59
Rakennustekniikkaratkaisuja valmistavan ja toimittavan Uponorin viime vuosi sujui hyvin vielä kolmannen kvartaalin lopulle, mutta marraskuussa yhtiö joutui kyberhyökkäyksen kohteeksi. Sen takia myös tuloskehitys käytännössä pysähtyi loppuvuonna.
Tomi Engdahl says:
Mapping your supply chain
https://www.ncsc.gov.uk/guidance/mapping-your-supply-chain
How organisations can map their supply chain dependencies, so that risks in the supply chain can be better understood and managed. This guidance is aimed at medium to large organisations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers.
Tomi Engdahl says:
Myytävänä vaaleihin vaikuttamista ja sabotaasia Hämärässä toimivan ryhmän palveluilla on hurja hintalappu
https://www.kauppalehti.fi/uutiset/myytavana-vaaleihin-vaikuttamista-ja-sabotaasia-hamarassa-toimivan-ryhman-palveluilla-on-hurja-hintalappu/78950ec6-b3ab-48db-bba6-96ac195669b5
Israelilainen Team Jorge myy vaalivaikuttamista ja aktiivista sabotaasia kaikille halukkaille valtioille ja yhtiöille. Tehtävän skaalasta riippuen hintalappu on 615 miljoonaa dollaria. Omien sanojensa mukaan Jorge-ryhmä on peukaloinut 33:a presidentinvaaleja, joista 27 päätyi haluttuun lopputulokseen. Team Jorgen kykyjä on käytetty niin Afrikassa, Etelä-Amerikassa, Väli-Amerikassa, Yhdysvalloissa kuin Euroopassakin.
Tomi Engdahl says:
Tällaista on WhatsAppin rinnakkaiskäyttö, johon Lintilä vetoaa https://www.is.fi/digitoday/art-2000009397781.html
WhatsAppin rinnakkaiskäytöllä tarkoitetaan mahdollisuutta käyttää pikaviestisovellusta puhelimen osaksi myös tietokoneella. Tämä tapahtuu joko verkkoselaimella WhatsApp for Web -toiminnolla tai WhatsApp-työpötäsovelluksella. Ominaisuus on ollut olemassa vuodesta 2015.
Tomi Engdahl says:
Hackers start using Havoc post-exploitation framework in attacks https://www.bleepingcomputer.com/news/security/hackers-start-using-havoc-post-exploitation-framework-in-attacks/
Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel.
Among its most interesting capabilities, Havoc is cross-platform and it bypasses Microsoft Defender on up-to-date Windows 11 devices using sleep obfuscation, return address stack spoofing, and indirect syscalls.
Tomi Engdahl says:
10 signs that scammers have you in their sights https://www.welivesecurity.com/2023/02/15/10-signs-scammers-sights/
By learning what typical tactics the bad guys use, we can stay safer online and keep our personal data and money under lock and key. Weve rounded up 10 of the most common warning signs.
Tomi Engdahl says:
The Intelligence Handbook, Fourth Edition
A Roadmap for Building an Intelligence-Led Security Program
https://go.recordedfuture.com/book-4?utm_campaign=ransomware-webinar&utm_source=securityweek&utm_medium=cpc&utm_content=20230202&utm_term=dedicated
Protect Your Organization With Intelligence
Use Recorded Future for Free
https://go.recordedfuture.com/express?utm_campaign=express&utm_source=securityweek&utm_medium=cpc&utm_content=20220607&utm_term=dedicated
Accelerate alert triage, detect phishing links, prioritize vulnerabilities, and research emerging threats with access to real-time security intelligence.
Recorded Future Express is a free browser extension that delivers real-time intelligence via risk scores and context on IP addresses, domains, hashes, URLs, and CVEs.
With Recorded Future Express, you can instantly:
Prioritize SIEM alerts
Detect and prevent phishing
Enrich IOCs anywhere
Jumpstart your investigations
Tomi Engdahl says:
Disinfo black ops
‘Aims’: the software for hire that can control 30,000 fake online profiles
Exclusive: Team Jorge disinformation unit controls vast army of avatars with fake profiles on Twitter, Facebook, Gmail, Instagram, Amazon and Airbnb
https://www.theguardian.com/world/2023/feb/15/aims-software-avatars-team-jorge-disinformation-fake-profiles
Tomi Engdahl says:
7 things to do after a hacker breaks into your computer
https://www.komando.com/tech-tips/been-hacked/875407/
Tomi Engdahl says:
https://pentestmag.com/crack-ssh-private-key-with-john-the-ripper/
Tomi Engdahl says:
Using the blockchain to prevent data breaches
https://venturebeat.com/security/using-the-blockchain-to-prevent-data-breaches/
Data breaches have, unfortunately, become an all-too-common reality. The Varonis 2021 Data Risk Report indicates that most corporations have poor cybersecurity practices and unprotected data, making them vulnerable to cyberattacks and data loss.
With a single data breach costing a company an average of $3.86 million and eroding a brand’s reputation and its consumers’ trust, mitigating the risks is no longer a luxury. However, as cyberattacks get more pervasive and sophisticated, merely patching up traditional cybersecurity measures may not be enough to fend off future data breaches.
Tomi Engdahl says:
China Telecom and Conflux Network to pilot Blockchain enabled SIM card in Hong Kong
https://www.crypto-news-flash.com/china-telecom-and-conflux-network-to-pilot-blockchain-enabled-sim-card-in-hong-kong/
Today China Telecom and Conflux Network announce a partnership to bring Blockchain SIM cards (BSIM) to market. The entry-level Web3 product will be the largest blockchain hardware product ever seen globally, involving the most users and applications. China Telecom will launch the first BSIM pilot program in Hong Kong later this year. This will likely be followed by pilots in key mainland China locations such as Shanghai.
BSIM will dramatically lower the barrier to entry to Web3 for China Telecom’s 390+ million mobile phone subscribers, while making transactions faster and more secure. By making telecom users’ personal digital assets more secure, the goal is to make mobile phones more secure.
The BSIM card integrates Conflux’s Tree-graph, dual proof of stake and proof of work technology
The BSIM card will manage and store the user’s public and private keys in the card, and carry out digital signatures in a way that the private key does not exit the card. The BSIM card can also allow encrypted storage, key retrieval and other operations. The built-in Bluetooth module will be responsible for the signature and transfer of assets, to ensure the security of personal digital assets. This reduces the risk of the user being attacked by viruses and other malicious software on the mobile phone.
Tomi Engdahl says:
1 in 4 CISOs Wants to Say Sayonara to Security
https://www.darkreading.com/risk/1-in-4-cisos-will-leave-cybersecurity-by-2025
Thanks to burnout and stress, Gartner predicts churn and even departure from profession among half of today’s security leaders by 2025.
Tomi Engdahl says:
According to Deepti Gopal, director analyst for Gartner, cybersecurity professionals are generally facing “unsustainable levels of stress.” For CISOs and other security managers, the mental and emotional fallout from occupying the scapegoat role is not only spurring many them to look outside of their current jobs or their professions, it’s also impacting their effectiveness when they stay.
“CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do,” Gopal says. “The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.”
https://www.darkreading.com/risk/1-in-4-cisos-will-leave-cybersecurity-by-2025
Tomi Engdahl says:
Often, the discussion of cybersecurity burnout revolves around topics like alert fatigue and workload imbalances, particularly among security operations center (SOC) workers. For example, the Magnet report showed that 64% of those workers cited alert fatigue as playing a role in their burnout. However, the news that one in four CISOs will leave their profession altogether hints at even deeper issues.
https://www.darkreading.com/risk/1-in-4-cisos-will-leave-cybersecurity-by-2025
Tomi Engdahl says:
YOUTUBE AS INFINITE FILE STORAGE
https://hackaday.com/2023/02/21/youtube-as-infinite-file-storage/
The proof of concept code from [DvorakDwarf] works by encoding binary files into video files which can then be uploaded to the video sharing service. It’s hardly a new idea as there were clever boxes back in the 16-bit era that would do the same with a VHS video recorder, but it seems that for the moment it does what it says, and turns YouTube into an infinite cloud file store.
https://github.com/DvorakDwarf/Infinite-Storage-Glitch
Tomi Engdahl says:
https://hackaday.com/2022/07/01/unraveling-the-hackaday-podcast-hidden-message/
Tomi Engdahl says:
Tietoturvasta tullut liian monimutkaista
https://www.uusiteknologia.fi/2023/02/20/tietoturvasta-tullut-liian-monimutkaista/
Verkon tietoturvariskit kasvavat ja tietoturvasta on tullut suomalaisen F-Securen selvityksen mukaan tavallisille kuluttajille liian monimutkaista. Varsinkin kun verkossa vietetään keskimäärin jopa kahdeksan tuntia päivässä. Selvityksen vastaajista kolme neljästä tuntee olonsa turvattomaksi netin pyörteissä.
Nykyisin arkielämän yhä vahvempi digitalisoituminen aiheuttaa huolta entistä laajemmin , miten paljon päivittäisiä askareita luotetaan erilaisten laitteiden ja netin varaan. F-Securen seitsemässä maassa toteutetun tutkimuksen mukaan nettikäyttäjät kuluttavat kolmanneksen elämästään verkossa.
Selvityksen mukaan lähes seitsemän kymmenestä (69 %) globaaliin kyselyyn vastanneista kertoo, etteivät tiedä keneen luottaa verkossa. Vastaajat eivät olleet kovinkaan luottavaisia myöskään sen suhteen, että verkkoturvallisuus paranisi tulevaisuudessa. Noin 64 % vastaajista arvioi, että tietoturvariskit kasvavat seuraavan 12 kuukauden aikana.
Tomi Engdahl says:
Nettikäyttäjät tuntevat itsensä kaikista haavoittuvaisemmiksi nettideittailumaailmassa.
Yli kolmanneksella internetin käyttäjistä (36 %) on matkapuhelimessa yli 1000 kuvaa.
Viestintä on 18–34-vuotiaille internetin käyttäjille kaikista tärkein toiminta; tämä ikäryhmä viettää internetissä jopa 11 tuntia päivässä.
Lasten keskuudessa pelaaminen on huomattavasti suositumpaa kuin sosiaalisen median käyttö.
Tulokset olivat suurelta osin yhdenmukaisia seitsemässä tutkitussa maassa.
https://www.uusiteknologia.fi/2023/02/20/tietoturvasta-tullut-liian-monimutkaista/
https://www.f-secure.com/en/articles/living-secure
Tomi Engdahl says:
That pretty much goes on to show how much a piece of software can undermine the security of banking, especially with voice cloning (which would be enough to fool the bank into thinking it’s you). This is potentially dangerous especially in the wrong but smart hands.
JOURNALIST CLONES HIS VOICE AND USES IT TO BREAK INTO HIS OWN BANK ACCOUNT
https://futurism.com/the-byte/journalist-clones-voice-break-into-bank
If you’re not already worried about AI voice cloning, you probably should be.
Testing the technology’s limits, journalist Joseph Cox at Vice broke into his own bank account by using an AI-synthesized clone of his voice to prove his identity — highlighting both the technology’s dangerous potential as well as the shortcomings of voice biometrics.
Tomi Engdahl says:
Kate Lindsay / The Verge:
As AI tools and CGI creations get better at pretending to be human, some creators say they are often being asked to prove that they’re human
On the internet, nobody knows you’re a human
https://www.theverge.com/2023/2/24/23608961/tiktok-creator-bot-accusation-prove-theyre-human
/ As bots, avatars, and AI get more and more human, how do creators prove they’re the real deal?
Last April, 27-year-old Nicole posted a TikTok video about feeling burned out in her career. When she checked the comments the next day, however, a different conversation was going down.
“Jeez, this is not a real human,” one commenter wrote. “I’m scared.”
“No legit she’s AI,” another said.
Over the past few years, AI tools and CGI creations have gotten better and better at pretending to be human. Bing’s new chatbot is falling in love, and influencers like CodeMiko and Lil Miquela ask us to treat a spectrum of digital characters like real people. But as the tools to impersonate humanity get ever more lifelike, human creators online are sometimes finding themselves in an unusual spot: being asked to prove that they’re real.
Almost every day, a person is asked to prove their own humanity to a computer.
CAPTCHAs are employed to prevent bots from doing things like signing up for email addresses en masse, invading commerce websites, or infiltrating online polls. They require every user to identify a series of obscured letters or sometimes simply check a box: “I am not a robot.”
This relatively benign practice takes on a new significance in 2023 when the rise of OpenAI tools like DALL-E and ChatGPT amazed and spooked their users. These tools can produce complex visual art and churn out legible essays with the help of just a few human-supplied keywords. ChatGPT boasts 30 million users and roughly 5 million visits a day, according to The New York Times. Companies like Microsoft and Google scrambled to announce their own competitors.
It’s no wonder, then, that AI paranoia from humans is at an all-time high. Those accounts that just DM you “hi” on Twitter? Bots. That person who liked every Instagram picture you posted in the last two years? A bot. A profile you keep running into on every dating app no matter how many times yous swipe left? Probably also a bot.
More so than ever before, we’re not sure if we can trust what we see on the internet
The accusation that someone is a “bot” has become something of a witch hunt among social media users, used to discredit those they disagree with by insisting their viewpoint or behavior is not legitimate enough to have real support. For instance, supporters on both sides of the Johnny Depp and Amber Heard trial claimed that online support for the other was at least somewhat made up of bot accounts. More so than ever before, we’re not sure if we can trust what we see on the internet — and real people are bearing the brunt.
The more people use computers to prove they’re human, the smarter computers get at mimicking them
“People would come with whole theories in the comments, [they] would say, ‘Hey, check out this second of this. You can totally see the video glitching,” she says. “Or ‘you can see her glitching.’ And it was so funny because I would go there and watch it and be like, ‘What the hell are you talking about?’ Because I know I’m real.”
But there’s no way for Nicole to prove it because how does one prove their own humanity? While AI tools have accelerated exponentially, our best method for proving someone is who they say they are is still something rudimentary, like when a celebrity posts a photo with a handwritten sign for a Reddit AMA — or, wait, is that them, or is it just a deepfake?
While developers like OpenAI itself have released “classifier” tools for detecting if a piece of text was written by an AI, any advance in CAPTCHA tools has a fatal flaw: the more people use computers to prove they’re human, the smarter computers get at mimicking them. Every time a person takes a CAPTCHA test, they’re contributing a piece of data the computer can use to teach itself to do the same thing. By 2014, Google found that an AI could solve the most complicated CAPTCHAs with 99 percent accuracy. Humans? Just 33 percent.
So engineers threw out text in favor of images, instead asking humans to identify real-world objects in a series of pictures. You might be able to guess what happened next: computers learned how to identify real-world objects in a series of pictures.
We’re now in an era of omnipresent CAPTCHA called “No CAPTCHA reCAPTCHA” that’s instead an invisible test that runs in the background of participating websites and determines our humanity based on our own behavior — something, eventually, computers will outsmart, too.
Melanie Mitchell, a scientist, professor, and author of Artificial Intelligence: A Guide for Thinking Humans, characterizes the relationship between CAPTCHA and AI as a never-ending “arms race.” Rather than hope for one be-all, end-all online Turing test, Mitchell says this push-and-pull is just going to be a fact of life. False bot accusations against humans will become commonplace — more than just a peculiar online predicament but a real-life problem.
“Imagine if you’re a high school student and you turn in your paper and the teacher says, ‘The AI detector said this was written by an AI system. Fail,’” Mitchell says. “It’s almost an insolvable problem just using technology alone. So I think there’s gonna have to be some kind of legal, social regulation of these [AI tools].”
“It’s really important that people are looking at profiles like mine and saying, ‘Is this real?’” she says. “‘If this isn’t real, who’s coding it? Who’s making it? What incentives do they have?’”
Or maybe that’s just what the AI called Danisha wants you to think.
Tomi Engdahl says:
Belgium institutes nationwide vulnerability disclosure policy https://therecord.media/belgium-institutes-nationwide-vulnerability-disclosure-policy/
New vulnerability reporting frameworks are now in place in Belgium, making it the fourth European country to give cybersecurity researchers a way to legally report software and hardware bugs to organizations and the government. The Netherlands, France and Lithuania all have similar policies in place. Last year, the United States updated its own rules around vulnerability reporting in an effort to protect researchers who look for bugs with no plan to exploit them maliciously
Tomi Engdahl says:
Multiple Chinese APTs are attacking European targets, EU cyber agency warns https://therecord.media/multiple-chinese-apts-are-attacking-european-targets-eu-cyber-agency-warns/
Several Chinese military hacking groups are targeting European businesses and organizations, the European Unions cybersecurity agency warned this week. The groups include APT27, APT30, APT31, Ke3chang, GALLIUM and Mustang Panda all of which have previously been tied to various arms of Chinas Peoples Liberation Army or government
Tomi Engdahl says:
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Trend Micro discovered a new backdoor which they attributed to the advanced persistent threat actor known as Earth Kitsune. At the end of 2022, Trend Micro discovered that the website of a pro-North Korean organization was compromised and modified to distribute malware. When a targeted visitor tries to watch videos on the website, a malicious script injected by the attacker displays a message prompt notifying the victims with a video codec error to entice them to download and install a trojanized codec installer. The installer was patched to load a previously unseen backdoor, that TM dubbed WhiskerSpy. In addition, the threat actor was also found adopting an interesting persistence technique that abuses Google Chromes native messaging host
Tomi Engdahl says:
If you’re struggling to secure email forwarding, it’s not you, it’s … the protocols https://www.theregister.com/2023/02/19/forwarding_email_security/
Over the past two decades, efforts have been made to make email more secure. Alas, defensive protocols implemented during this period, such as SPF, DKIM, and DMARC, remain unable to deal with the complexity of email forwarding and differing standards, a study has concluded
Tomi Engdahl says:
What Is Anonymous Sudan?
https://www.truesec.com/hub/blog/what-is-anonymous-sudan
Since January 23, 2023, a threat actor identifying as “Anonymous Sudan” has been conducting denial of service (DDoS) attacks against multiple organizations in Sweden. This group claims to be “hacktivists,” politically motivated hackers from Sudan.. Truesec’s Threat Intelligence unit has investigated the threat actor group to shed light on its activities and help identify its true motives.
Tomi Engdahl says:
Facebook Verified – What You Need To Know https://www.forbes.com/sites/kateoflahertyuk/2023/02/20/facebook-verified-what-you-need-to-know/
“Facebook owner Meta is rolling out a verified subscription bundle as it looks to claw back revenue. The Meta Verified subscription will be available for Facebook and Instagram, with a monthly charge for those who want to take advantage of a number of premium features.”. “Meta Verified includes a verified badge that authenticates your account with government ID, proactive account protection, access to account support, and increased visibility and reach.”
(https://about.fb.com/news/2023/02/testing-meta-verified-to-help-creators/)
Tomi Engdahl says:
Rumat luvut poliisilta: Verkkohuijarit veivät Suomesta hurjan rahasumman https://www.is.fi/digitoday/tietoturva/art-2000009407494.html
Suomalaiset menettävät digihuijauksiin vuosittain kymmeniä miljoonia euroja. Poliisin mukaan todellinen rikoshyöty on tilastoitua suurempi, koska kaikki uhrit eivät tee rikosilmoitusta. Tyypillisimpiä petosmuotoja ovat niin sanotut pankki- ja rakkaushuijaukset.
Tomi Engdahl says:
Tutkimus: Yhä useampi suomalainen uskoo tunnistavansa kyberhuijauksen, mutta entistä harvempi ryhtyy toimiin huijatuksi tultuaan https://www.epressi.com/tiedotteet/kotimaa/tutkimus-yha-useampi-suomalainen-uskoo-tunnistavansa-kyberhuijauksen-mutta-entista-harvempi-ryhtyy-toimiin-huijatuksi-tultuaan.html
Vuoden 2022 lopulla 42 prosenttia suomalaisista uskoi tunnistavansa kaikki huijausyritykset, kun edeltävänä vuonna samaan uskoi pystyvänsä vain joka kolmas suomalainen. Itsevarmimpia ovat 1824-vuotiaat, jotka käyttävät kyselyn mukaan myös vähiten tietoturvapalveluita.
Tomi Engdahl says:
Tietoturvapolitiikka menee helposti metsään – yritysten ajattelutavassa on yksi suuri ongelma https://www.tivi.fi/uutiset/tv/df8adfa3-ce1f-48f3-b0a3-454cb57ea34f
Tietoturvaongelmien taustalla on usein työntekijä, joka ei seuraa yrityksen antamia ohjeita. Syyttävä sormi osuu helposti työntekijään itseensä, vaikka syynä voi olla myös huonosti toteutettu tietoturvapolitiikka. Näin arvioi Hanna Paananen Jyväskylän yliopistossa tekemässä väitöskirjassaan.
Tomi Engdahl says:
CVSS system criticized for failure to address real-world impact https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through new research, with existing metrics deemed responsible for overhyping some vulnerabilities.. So-called overinflated ratings are potentially eating up the limited time of cybersecurity teams who may then not be focused on the bugs most likely to impact their organizations in favor of issues deemed critical across the board.
Tomi Engdahl says:
Brussels sets out to fix the GDPR
https://www.politico.eu/article/brussels-plans-new-privacy-enforcement-law-by-summer/
New law to solve enforcement flaws of the GDPR could open a Pandora’s box of lobbying and regulators’ infighting.
Tomi Engdahl says:
WHISTLEBLOWERS TAKE NOTE: DONT TRUST CROPPING TOOLS https://theintercept.com/2023/02/14/whistleblower-image-crop-document/
Being able to uncrop images and documents poses risks for sources who may be under the impression that cropped materials dont contain the original uncropped content. One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the files creators or editors.. Official instruction manuals, help pages, and promotional materials may mention that cropping is reversible, but this documentation at times fails to note that these operations are reversible by any viewers of a given image or document.
Tomi Engdahl says:
Accidental WhatsApp account takeovers? It’s a thing https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/
A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn’t delete the WhatsApp account linked to it.
Tomi Engdahl says:
Africa’s internet registry has sometimes needed financial assistance to keep operating, could fail, warns ARIN head https://www.theregister.com/2023/02/22/afrinic_failure_warning_apnic_link/
The African Network Information Centre (AFRINIC) has no board, no CEO, has sometimes been close to not being able to pay its staff, could fail, and other regional internet registries have therefore expressed interest in funding its ongoing activities, according to John Curran, president and CEO of the American Registry for Internet Numbers (ARIN).
Tomi Engdahl says:
Hydrochasma hackers target medical research labs, shipping firms https://www.bleepingcomputer.com/news/security/hydrochasma-hackers-target-medical-research-labs-shipping-firms/
A previously unknown threat actor named Hydrochasma has been targeting shipping and medical laboratories involved in COVID-19 vaccine development and treatments. The hackers’s goal appears to be stealing intelligence and their activity has been tracked since last October by threat hunters at Symantec, a Broadcom company.. A characteristic of Hydrochasma attacks is that they rely only on open-source tools and “living off the land” (LotL) tactics, leaving no traces that could lead to attribution.
Tomi Engdahl says:
Can YouTube be held liable for pushing terror vids? Asking for a Supreme Court…
https://www.theregister.com/2023/02/22/us_supreme_court_section_230/
The US Supreme Court on Tuesday heard arguments in Gonzales et al. v.
Google, a case likely to reshape the internet if it goes against the search ad giant. Spoiler alert: This looks unlikely, based on the oral arguments, according to several legal experts. But further legal challenges await and the case is far from over.
Tomi Engdahl says:
Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023 https://securityintelligence.com/posts/2023-x-force-threat-intelligence-index-report/
Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index – a comprehensive analysis of our research data collected throughout the year.. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data.
Tomi Engdahl says:
Euroopan komissio kielsi TikTokin käytön https://www.is.fi/digitoday/art-2000009413276.html
Euroopan komissio on kieltänyt henkilökuntaansa käyttämästä TikTok-sovellusta virallisissa laitteissa. Kielto perustuu tietosuojaa koskeviin huolenaiheisiin, kertoi komission tiedottaja uutistoimisto AFP:lle torstaina.
Tomi Engdahl says:
Whos Behind the Botnet-Based Service BHProxies?
https://krebsonsecurity.com/2023/02/whos-behind-the-botnet-based-service-bhproxies/
A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Heres a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.
Tomi Engdahl says:
Varo ovelia ChatGPT-ansoja – tarjolla vain haittaohjelmia ja pahaa mieltä
https://www.tivi.fi/uutiset/tv/d45dd7b2-6d29-4f41-bc97-cc33813e0392
Kun tietty teknologia nousee yhtä suureen suosioon kuin OpenAI:n kehittämä tekoälybotti ChatGPT, voi olla varma, että haaskalle pyrkivät pian myös rikolliset. Niin tälläkin kertaa.
Tietoturvatutkijat varoittavat lukuisista ChatGPT:n nimeä ja suosiota hyödyntävistä huijaus- ja haittaohjelmasivustoista. Käyttäjälle tarjotaan esimerkiksi mahdollisuutta päästä jonon ohi tai jatkaa keskustelua ilman keskeytyksiä. Tämän tarvitsee ainoastaan ladata sovellus, ja homma on sitä myöten selvä. Välillä valitettavasti kirjaimellisesti, sillä huijaussovelluksen ajamisen jälkeen käyttäjä huomaa tiedostojensa olevan lukossa.
Tomi Engdahl says:
Recent iPhone thefts highlight the danger of using passcodes in public https://9to5mac.com/2023/02/24/iphone-passcode-in-public-dangers/
A new report from The Wall Street Journal looks at a recent trend of iPhone thefts that have happened across the US. Instead of just looking to snatch devices, these thieves are watching for passcodes so they can immediately get into iPhones, change Apple ID passwords, access financial accounts, and more. Heres a look at the risks of using an iPhone passcode in public, how much power the passcode wields, and some steps to keep yourself safer
Tomi Engdahl says:
Microsoft: For better security, scan more Exchange server objects https://www.theregister.com/2023/02/26/microsoft_exchange_server_exclusion/
Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded. In particular, the software giant said this week that sysadmins should now include the Temporary ASP.NET files, Inetsrv folders, and the PowerShell and w3wp processes on the list of files and folders to be run through antivirus systems
Tomi Engdahl says:
Cybersecurity VC Funding Topped $18 Billion in 2022: Report
https://www.securityweek.com/cybersecurity-vc-funding-topped-18-billion-in-2022-report/
Over 1,000 cybersecurity funding announcements were made in 2022, and startups raised $79 billion across more than 4,200 deals since 2018.
Tomi Engdahl says:
Tekoäly suojaamaan tuotantoa – myös 5G-laitteita
https://www.uusiteknologia.fi/2023/02/27/tekoaly-suojaamaan-tuotantoa-myos-5g-laitteita/
Amerikkalainen tietoturvatalo Palo Alto Networks on esitellyt teollisuuteen suunnatun Zero Trust OT Security -järjestelmän, jonka luvataan turvaavan tekoälyn avulla teollisuuden laitteiden myös 5G-tekniikkaa käyttävät laitteet.
Amerikkalainen Palo Alto Networks on verkon uhkatilanteisiin ja niiden aiheuttamaan haasteisiin kehittämällä nollaluottamustekniikkaan perustuvan OT-suojauksen. Zero Trust OT Security -suojausjärjestelmän avulla teollisuus- ja tuotantopalvelut voidaan turvata entistä tehokkaammin erilaisilta kyberhyökkäyksiltä.
Monet teollisuusjärjestelmät ja tuotantoratkaisut muodostavat niin merkittävän osan tuotantoketjujen toimintaa, että niiden vaarantuminen voi asettaa ihmiset ja näiden hyvinvoinnin vaakalaudalle. Myös infrastruktuurin joutuminen uhkille alttiiksi voi johtaa katastrofaalisiin seurauksiin.
Uhkakuvat ovat todellisia, sillä esimerkiksi Gartner-tutkimuslaitoksen mukaan teollisuuden OT-laitteiden valmistusmäärissä ennakoidaan jopa 400 prosentin kasvua vuoteen 2030 mennessä. Kasvavan laitekannan myötä myös hyökkäysmäärät kasvavat. NTT-yhtiön mukaan valmistus- ja tuotantosektoriin kohdistuvat hyökkäykset lisääntyivät peräti 300 prosentilla vuonna 2021.
Osana yrityksen Zero Trust OT Security -suojausjärjestelmää se julkisti Industrial OT Security -turvallisuuspalvelun, joka on suunniteltu tuotantolaitteiden suojaukseen. Palvelu käyttää tekoälypohjaista ML-teknologiaa tunnistamaan yli 340 erilaista OT-laiteprofiilia ja yli 1070 erilaista OT/ICS-sovellusta sekä suojaamaan järjestelmän yli 650 erilaiselta OT-uhkatekijältä.
Palo Alton Zero Trust OT Security -suojausjärjestelmää voidaan käyttää kolmella eri yhdistelmällä, joita ovat yhdistäminen uuden sukupolven palomuureihin, yhteiskäyttö Prisma SASE -järjestelmän kanssa ja integrointi osaksi Palo Alto Networks 5G-Native Security -palvelua. Haluttaessa Zero Trust OT Security voidaan yhdistää myös monien muiden Palo Alto Networks -turvapalveluiden kanssa.
https://www.paloaltonetworks.com/network-security/zero-trust-ot-security
Tomi Engdahl says:
11 Countries Take Part in Military Cyberwarfare Exercise
https://www.securityweek.com/11-countries-take-part-in-military-cyberwarfare-exercise/
750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.
The biggest military cyberwarfare exercise in Western Europe took place recently in Estonia. A total of 34 teams from 11 countries took part in a live-fire cyber battle.
Countries such as the US, UK, Japan, India, Italy, Estonia, Ukraine, Ghana, Kenya and Oman were represented by 750 experts at the Defence Cyber Marvel 2 (DCM2) exercise. Many of them participated remotely.
The seven-day event, led by the British Army, tested the response of participants to common and complex cyber scenarios, including attacks on networks and industrial control systems (ICS).
Tomi Engdahl says:
Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve
https://www.securityweek.com/enterprise-blind-spots-and-obsolete-tools-security-teams-must-evolve/
The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them.
As I discussed previously, corporate networks have become atomized, meaning they’re dispersed, ephemeral, encrypted, and diverse (DEED). These DEED environments and the conventional tools we rely on to defend them are creating gaps in network visibility and in our capabilities to secure them. Blind spots are rampant for three primary reasons.
Deep packet inspection (DPI) is losing effectiveness. Driven by privacy and security concerns, encryption of network traffic is becoming pervasive, blinding many of the network visibility and security tools we have traditionally used, such as next-generation firewalls (NGFW), intrusion prevention systems (IPS), and network detection and response (NDR) systems. Companies that go down the decryption path, especially companies in heavily regulated industries, soon discover that decryption at the level required to do ongoing detection is problematic because exposed traffic can potentially be seen or captured. Not to mention the additional overhead and performance tradeoffs.
DPI is also hard to scale. In DEED environments, trying to find entry points to deploy span ports is difficult.
Cloud flow logs are disparate. Individual cloud service providers (CSPs) can provide good visibility mechanisms for their specific cloud environments. But according to the Flexera 2022 State of the Cloud Report (PDF), 89% of organizations report having a multi-cloud strategy, and different CSPs offer different capabilities and all have gaps.
Endpoints are everywhere and not all can support agents. Endpoint detection and response (EDR) is the new hot tool for a reason; it solves a lot of problems. However, customers and prospects tell us their percentage of EDR coverage on endpoints is in the range of 60-70%, not accounting for network gear like routers and switches. There are plenty of other devices that connect to their corporate network that also don’t support agents or are out of their control. Think about Point-of-Sale (POS) systems, HVAC systems, IoT devices, and smart TVs. Additionally, there are myriad devices they aren’t even aware of because of the bring-your-own-device (BYOD) environment and the work-from-anywhere-model which introduces additional rogue devices connecting through home and wifi networks. If you can’t account for the full mix of endpoints, you have gaps.
Evolving our approach to network visibility and security
To close the gaps DEED environments and conventional tools are creating, we need a different approach that enables us to visualize network traffic at a higher level, across the number and types of environments and devices in use today, without having to capture and decrypt packets. It turns out metadata and context are the keys.
Metadata in the form of flow data provides a passive and agentless approach to network traffic visibility across multi-cloud, on-premises, and hybrid environments, including every IP address, and every device. And because metadata provides information about network traffic without including sensitive or private data, you can collect and store it with fewer compliance or regulatory concerns.
Bringing all that streaming metadata into a single platform, normalizing it, and enriching it in real time with both open-source data and organizational-specific context data gives diverse teams one place to go and one common language to use to gain a complete picture of what’s happening.
It’s a less is more approach that closes gaps for real-time detection, real-time investigation, and real-time remediation and enables security teams to evolve to defend their atomized network.
How the Atomized Network Changed Enterprise Protection
https://www.securityweek.com/how-the-atomized-network-changed-enterprise-protection/
Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud, and edge.