The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. Here are some cybersecurity predictions for 2024 to help security professionals. It is crucial to anticipate the key themes likely to dominate the cybersecurity space in 2024.
Cybersecurity is an ever-evolving process that can never be ‘complete’ in the exact sense. The cybersecurity field evolves constantly as technology advances, global events create uncertainty, and threat actors refine and improve their malicious tactics. It is expected that 2024 again emphasizes the critical need to strike a balance between cybersecurity and cyber resilience. Safeguarding mission-critical assets and developing the capacity to anticipate, withstand, recover from, and adapt to cyberattacks remain central to organizational cybersecurity strategies. While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns.
Five Cybersecurity Predictions for 2024
https://www.securityweek.com/five-cybersecurity-predictions-for-2024/
A Never-Ending Story: Compromised Credentials
Ransomware Attacks Continue to Wreak Havoc
Global Conflicts and Elections Lead to a Rise in Hacktivism
White House Cybersecurity Strategy Triggers Revival of Vulnerability Management
The Emergence of Next-Gen Security Awareness Programs
10 Global Cybersecurity Predictions for 2024
https://www.fticonsulting.com/insights/articles/10-global-cybersecurity-predictions-2024
Election Security Making Headlines
A Two-Sided Approach to Artificial Intelligence
Widespread Adoption of Zero-Trust Architecture
Cities Integrating IoT into Critical Infrastructure
Increasing Cybersecurity Supply Chain Risks
Third Party Scrutiny Taking Priority for Compliance Officers
The Start of Significant Fines From Australian Regulators
Corporate Responsibility Shifting to Individuals
Organizational Transparency Surrounding Cybersecurity
Emergence of Incentivized Cybersecurity
Experts Talk: Predicting the Cybersecurity Landscape in 2024
Spiceworks News & Insights brings you expert insights on what to expect in cybersecurity in 2024.
https://www.spiceworks.com/it-security/security-general/articles/cybersecurity-predictions-2024/
By investing in AI governance tools and developing complimentary guardrails, companies can avoid what may end up being the biggest misconception in 2024: the assumption that you can control the adoption of AI.
“In 2024, we can expect a surge in malicious AI-generated content.”
“Organizations’ inability to identify the lineage of AI will lead to an increase in software supply chain attacks in 2024,”
The integration of AI into the development process, particularly in the CI/CD pipeline, is crucial.
“Cyberattacks overall are expected to increase; ransomware groups are targeting vendors, government agencies, and critical infrastructure in the United States.”
How can AI help threat actors: “With the assistance of AI, particularly generative AI (GenAI) technology, attackers will be able to refine their techniques, increasing their speed and effectiveness. GenAI will allow criminal cyber groups to quickly fabricate convincing phishing emails and messages to gain initial access into an organization.”
“If cyber leaders want to take on this responsibility (and burden), they will have to be reasonably informed of cyber risks faced by the organization and able to communicate those risks to investors,”
“Third-party risk management is no longer an experiment; it’s an expectation,”
“We will see breaches related to Kubernetes in high-profile companies,”
API Security Trends and Projections for 2024
https://www.spiceworks.com/it-security/application-security/guest-article/api-security-trends-and-projections/
1. The pervasiveness of API vulnerabilities – These vulnerabilities in AAA, if exploited, can lead to major security breaches.
2. Limitations of standard frameworks – While foundational, traditional frameworks like the OWASP API Security Top-10 have limitations in addressing the dynamic nature of API threats.
3. Leak protection – The report highlighted the critical need for enhanced API leak protection, especially considering significant breaches at companies like Netflix and VMware.
4. Rising threats and strategic recommendations – The Wallarm report identified injections as the most pressing API threat, underscoring their likelihood of significant damage.
Gartner’s 8 Cybersecurity Predictions for 2023-2025
https://krontech.com/gartners-8-cybersecurity-predictions-for-2023-2025
By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships. Investors, especially venture capitalists, use cybersecurity risk as an important factor in evaluating opportunities.
1. By the end of 2023, modern data privacy laws will cover the personal information of 75% of the world’s population.
2. By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), sourced from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
5. The percentage of states that enact laws regulating ransomware payments, fines and negotiations will increase from less than 1% in 2021 to 30% by the end of 2025.
6. By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.
7. By 2025, 70% of CEOs will build a culture of corporate resilience to protect themselves from threats from cybercrime, severe weather events, social events, and political instability.
8. By 2025, cyber-attackers will be able to use operational technology environments as weapons successfully enough to cause human casualties.
Top 10 Cyber Security Trends And Predictions For 2024
https://www.splashtop.com/blog/cybersecurity-trends-and-predictions-2024
Trend 1: Increased Focus on AI and Machine Learning in Cybersecurity
Trend 2: Growing Importance of IoT Security
Trend 3: Expansion of Remote Work and Cybersecurity Implications
Trend 4: The Rise of Quantum Computing and Its Impact on Cybersecurity
Trend 5: Evolution of Phishing Attacks
Trend 6: Enhanced Focus on Mobile Security
Trend 7: Zero Trust Security
Trend 8: Cybersecurity Skills Gap and Education
Trend 9: Blockchain and Cybersecurity
Trend 10: Cybersecurity Insurance Becoming Mainstream
6 Predictions About Cybersecurity Challenges In 2024
https://www.forbes.com/sites/edwardsegal/2023/12/09/6-predictions-about-cybersecurity-challenges-in-2024/?sh=172726819433
‘Uptick in Disruptive Hacktivism’
Election Interference
More Targeted Attacks
Fooling Users
Leveraging AI Tools
‘New Avenues For Cybercrime’
5 cybersecurity predictions for 2024
https://www.fastcompany.com/90997838/5-cybersecurity-predictions-for-2024
1. Advanced phishing
2. AI-powered scams
3. Increase in supply chain attacks
4. Deployment of malicious browser extensions
5. Changing demographics brings more threats
Top cybersecurity predictions of 2024
https://www.securitymagazine.com/articles/100271-top-cybersecurity-predictions-of-2024
Adoption of passwordless authentication
Multi-Factor Authentication (MFA) will become a standard requirement for most online services and applications. Traditional methods like SMS-based MFA will decline in favor of more secure options, such as time-based one-time passwords (TOTP) generated by authenticator apps.
Both enterprises and consumers are increasingly adopting passwordless solutions across various sectors. Transitioning to a passwordless mindset may appear unconventional, as it requires users to change their habits. However, the enhanced security and the seamless experience it offers reduce the learning curve, making the transition more user-friendly.
Cybersecurity will be a higher priority for law firms
For nearly any law firm, part of the ‘big picture’ approach to cybersecurity includes an ability to scale detection and response capabilities.
Artificial intelligence and large language models
Phishing and BEC attacks are becoming more sophisticated because attackers are using personal information pulled from the Dark Web (stolen financial information, social security numbers, addresses, etc.), LinkedIn and other internet sources to create targeted personal profiles that are highly detailed and convincing. They also use trusted services such as Outlook.com or Gmail for greater credibility and legitimacy.
We should also expect the rise of 3D attacks, meaning not just text but also voice and video. This will be the new frontier of phishing. We are already seeing highly realistic deep fakes or video impersonations of celebrities and executive leadership.
I expect to see a major breach of an AI company’s training data exposing the dark side of large language models (LLM) and the personal data they hold that were scraped from open sources.
One of the big trends we expect to see in 2024 is a surge in use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites — such as LinkedIn — to pull information on targets and create highly-personalized social engineering attacks en masse.
Simultaneously, we will see a rise in ‘AI PC’s’, which will revolutionize how people interact with their endpoint devices. With advanced compute power, AI PCs will enable the use of “local Large Language Models (LLMs)”
With the increase in regulatory and security requirements, GRC data volumes continue to grow at what will eventually be an unmanageable rate. Because of this, AI and ML will increasingly be used to identify real-time trends, automate compliance processes, and predict risks.
Prioritize training
Insider threats are a leading problem for IT/security teams — many attacks stem from internal stakeholders stealing and/or exploiting sensitive data, which succeed because they use accepted services to do so. In 2024, IT leaders will need to help teams understand their responsibilities and how they can prevent credential and data exploitation.
On the developer side, management will need to assess their identity management strategies to secure credentials from theft, either from a code repository hosted publicly or within internal applications and systems that have those credentials coded in. On the other hand, end users need to understand how to protect themselves from common targeted methods of attack, such as business email compromise, social engineering and phishing attacks.
Security teams need to prioritize collaboration with other departments within their organization to make internal security training more effective and impactful.
Humans Are Notoriously Bad at Assessing Risk
https://www.epanorama.net/newepa/2022/12/31/cyber-trends-for-2023/
We as humans, with our emotions, can sometimes be irrational and subjective. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality.
Threat Intel: To Share or Not to Share is Not the Question
https://www.securityweek.com/threat-intel-to-share-or-not-to-share-is-not-the-question/
To share or not to share isn’t the question. It’s how to share, what to share, where and with whom. The sooner we arrive at answers, the safer we’ll be collectively and individually.
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
https://www.securityweek.com/addressing-the-state-of-ais-impact-on-cyber-disinformation-misinformation/
The recent rapid rise of artificial intelligence continues to be a game-changer in many positive ways. Yet, within this revolution, a shadow looms. By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects.
290 Comments
Tomi Engdahl says:
https://www.zdnet.com/article/are-all-linux-vendor-kernels-insecure-a-new-study-says-yes-but-theres-a-fix/
Tomi Engdahl says:
https://louhosdigital.fi/louhoksen-maksuton-wordpress-analyysi?utm_source=meta&utm_medium=paid%20social&utm_campaign=wp-analyysi&hsa_acc=1199843640121417&hsa_cam=120209209567050181&hsa_grp=120209209567390181&hsa_ad=120209209567540181&hsa_src=fb&hsa_net=facebook&hsa_ver=3&fbclid=IwAR2nZhdE4hEmVn47_mSb7XpG1NrkyNYuig95yaldHk3O1AftVeA49Qjc-aU_aem_AaEg9sGKBsiTxh5263pUfEAe-oQpp97eFmALhtgcnQDudCf5jtEQG0JX78qmhWvOnzP4OcqADh_57IDRXugra77Y
Tomi Engdahl says:
https://www.tivi.fi/blogit/tietokoneesi-on-taynna-takaportteja/cc1b8e2b-6c3e-4a2b-9086-d2887283677a
Tietokoneesi on täynnä takaportteja
Kenneth Falck17.5.202407:06AVOIN LÄHDEKOODITIETOTURVALINUX
Avoimen koodin xz-kirjastosta hiljattain löytynyt tietoturva-aukko muistutti siitä, että mihin tahansa ohjelmistoon voi piilottaa takaportteja.
Kaikkia takaportteja on mahdotonta löytää, joten on parempi olettaa, että jokainen tietokone ja puhelin on lähtökohtaisesti turvaton. Tällä kertaa
Tomi Engdahl says:
https://www.duocircle.com/data-privacy/kevin-mitnick-the-greatest-showmen-in-the-cyber-world
Tomi Engdahl says:
https://bluegoatcyber.com/blog/a-guide-to-hacker-hat-colors/
Tomi Engdahl says:
Hello, for clarity and accessibility in your presentation, you might want to start with ‘cybersecurity’ to address the preventive measures and then introduce ‘cyber resilience’ to cover the broader strategy of recovery and adaptation post-incident. This approach ensures a comprehensive understanding of safeguarding against cyber threats. I hope this works for you:)
Tomi Engdahl says:
“If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.”
-Stephane Nappo
Tomi Engdahl says:
Supply Chain Security
Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report
Attackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7’s 2024 Attack Intelligence Report suggests that this will change.
https://www.securityweek.com/zero-day-attacks-and-supply-chain-compromises-surge-mfa-remains-underutilized-rapid7-report/
Tomi Engdahl says:
Beware – Your Customer Chatbot is Almost Certainly Insecure: Report
As chatbots become more adventurous, the dangers will increase.
https://www.securityweek.com/beware-your-customer-chatbot-is-almost-certainly-insecure-report/
Tomi Engdahl says:
Artificial Intelligence
US Intelligence Agencies’ Embrace of Generative AI Is at Once Wary and Urgent
U.S. intelligence agencies are scrambling to embrace the AI revolution, believing they’ll be smothered by exponential data growth as sensor-generated surveillance tech further blankets the planet.
https://www.securityweek.com/us-intelligence-agencies-embrace-of-generative-ai-is-at-once-wary-and-urgent/
Tomi Engdahl says:
IoT Security
Cybersecurity Labeling for Smart Devices Aims to Help People Choose Items Less Likely to be Hacked
Under the new U.S. Cyber Trust Mark Initiative, manufacturers can affix the label on their products if they meet federal cybersecurity standards
https://www.securityweek.com/cybersecurity-labeling-for-smart-devices-aims-to-help-people-choose-items-less-likely-to-be-hacked/
Consumer labels designed to help Americans pick smart devices that are less vulnerable to hacking could begin appearing on products before the holiday shopping season, federal officials said Wednesday.
Under the new U.S. Cyber Trust Mark Initiative, manufacturers can affix the label on their products if they meet federal cybersecurity standards. The types of devices eligible for labels include baby monitors, home security cameras, fitness trackers, refrigerators and other internet-connected appliances.
The White House first announced the “Cyber Trust” labels last year and the Federal Communications Commission finalized the details in March, clearing the way for the labels to start showing up in several months.
https://www.fcc.gov/cybersecurity-certification-mark
Tomi Engdahl says:
Artificial Intelligence
Why We Need to Get a Handle on AI
It will be interesting to see how AI continues to evolve and how it is used by defenders as they attempt to leapfrog attackers and protect the organization against new forms of AI attacks.
https://www.securityweek.com/why-we-need-to-get-a-handle-on-ai/
There has been a lot of talk about AI recently debating its opportunities and potential risks. Today AI can be trained on images and videos of real customers or executives, to produce audio and video clips impersonating them. These have the potential to fool security systems, and according to a report by identity verification platform Sumsub (PDF), the number of “deepfake” incidents in the financial technology sector alone increased by 700% in 2023, year on year.
https://www.airisksummit.com/
Tomi Engdahl says:
Tietomurtoon on reagoitava nopeasti!
https://www.asiakastieto.fi/omatieto/fi/artikkelit/20240513152900
Tomi Engdahl says:
Expert tips: What to do in the event of a data breach
https://www.hel.fi/en/news/expert-tips-what-to-do-in-the-event-of-a-data-breach
Tomi Engdahl says:
Artificial Intelligence
Why We Need to Get a Handle on AI
It will be interesting to see how AI continues to evolve and how it is used by defenders as they attempt to leapfrog attackers and protect the organization against new forms of AI attacks
https://www.securityweek.com/why-we-need-to-get-a-handle-on-ai/
Artificial Intelligence
Attempts to Regulate AI’s Hidden Hand in Americans’ Lives Flounder in US Statehouses
Only one of seven bills aimed at preventing AI’s penchant to discriminate when making consequential decisions — including who gets hired, money for a home or medical care — has passed.
https://www.securityweek.com/attempts-to-regulate-ais-hidden-hand-in-americans-lives-flounder-in-us-statehouses/
Tomi Engdahl says:
Artificial Intelligence
Social Distortion: The Threat of Fear, Uncertainty and Deception in Creating Security Risk
While Red Teams can expose and root out organization specific weaknesses, there is another growing class of vulnerability at an industry level.
https://www.securityweek.com/social-distortion-the-threat-of-fear-uncertainty-and-deception-in-creating-security-risk/
In offensive security, there are a range of organization specific vulnerabilities that create risk, from software/hardware vulnerabilities, to processes and people. Attackers target and prey on any weakness they can identify. While Red Teams can expose and root out organization specific weaknesses, there is another growing class of vulnerability at an industry level. It’s not a single actor, vulnerability or intentionally malicious campaign. It manifests from governmental requirements and policy interference, to overblown, sometimes false alarms about technology safety, to active efforts to undermining research or authoritative industry voices. It’s a culture of disinformation, misinformation and misrepresentation that erodes trust, confuses employees, and overloads security teams chasing ghosts. Let’s examine the traditional pillars of security community culture and how they are being weakened and compromised, and even peek at where this all could go in a world of deepfakes and AI-fueled bias and hallucination.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16279-genai-on-jo-laajasti-kaeytoessae-kyberturvassa
Tomi Engdahl says:
Why embracing Endpoint Security and Identity Protection could be the most important security decision you take in 2024 and beyond
Features
By ITPro published May 28, 2024
Leaders can use EPP and IDP to combine disparate security solutions in the cloud and shore up the most common routes for attack
https://www.itpro.com/security/why-embracing-endpoint-security-and-identity-protection-could-be-the-most-important-security-decision-you-take-in-2024-and-beyond?utm_source=facebook&utm_campaign=commercial&fbclid=IwAR19Yeupvb8NWGZ7jbLZgRFfJGYrtcggVPCqH4m6R-yvgoCd3Ky9yo8ijEI_aem_pPIjsxjlJ6vLGZEb2LhyhA
Tomi Engdahl says:
Why CVEs Are an Incentives Problem
It’s time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions.
https://www.darkreading.com/vulnerabilities-threats/why-cves-are-an-incentives-problem
Tomi Engdahl says:
NIST expects to clear backlog in vulnerabilities database by end of fiscal year
https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024
The National Institute of Standards and Technology (NIST) said it has awarded a new contract to an outside vendor that will help the federal government process software and hardware bugs added to the National Vulnerability Database (NVD).
Government officials, cybersecurity experts and defenders have repeatedly raised alarms about the backlog of new vulnerabilities that have not been analyzed or enriched since the agency announced cutbacks in February. Enrichment involves adding contextual data to an entry about a vulnerability.
A spokesperson for NIST contacted Recorded Future News to say the new contract will see an unspecified company provide “additional processing support for incoming Common Vulnerabilities and Exposures (CVEs)” that will be added to the NVD.
“We are confident that this additional support will allow us to return to the processing rates we maintained prior to February 2024 within the next few months,” NIST said on Wednesday. The agency is working with the Cybersecurity and Infrastructure Agency on adding unprocessed CVEs to the database.
Tomi Engdahl says:
https://absoluuttinen.fi/mita-tietoturvasuunnitelman-tulisi-sisaltaa/
Tomi Engdahl says:
https://www.businessopas.fi/logistiikka/toimitusketjujen-on-oltava-alykkaita-ja-dataohjattuja-lieventaakseen-riskeja/
Tomi Engdahl says:
Parempaa tietoturvaa jatkuvan kehittämisen mentaliteetilla
https://www.telia.fi/telia-yrityksena/toissa-telialla/tarinat/artikkeli/pilvi-insinoori-mike-gu
Tomi Engdahl says:
https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/
Tomi Engdahl says:
https://www.dna.fi/yrityksille/blogi/-/blogs/uhkakentta-muuttuu-teknologian-kehittyessa-miten-yrityksen-kyberresilienssia-voi-vahvistaa
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/
Tomi Engdahl says:
Visualizing the 5 Most Common Cybersecurity Mistakes
https://www.visualcapitalist.com/the-5-most-common-cybersecurity-mistakes/
Using work device for personal activities 29%
Reusing or sharing password 26%
Connecting without using a VPN at a public place 26%
Responding to a message from someone they don’t know 24%
Accessing inappropriate websites 20%
Tomi Engdahl says:
Google: Stop Trying to Trick Employees With Fake Phishing Emails
According to a Google security manager, simulated phishing tests are outdated and more likely to cause resentment among employees than improve their security practices.
https://uk.pcmag.com/security/152453/google-stop-trying-to-trick-employees-with-fake-phishing-emails
Tomi Engdahl says:
Jopa kotiosoitteesi voi selvitä yllättävän helposti – Asiantuntija: Tarkasta nämä asiat
Tietoturva-asiantuntija Petteri Järvinen neuvoo, miten kannattaa toimia, jos epäilee tietojensa joutuneen vääriin käsiin ja kuinka tietoja voi suojata ennaltaehkäisevästi.
https://www.iltalehti.fi/digiuutiset/a/cd1a275f-554b-481c-af49-62eaa8db3de3
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/rockwell-automation-warns-admins-to-take-ics-devices-offline/
Tomi Engdahl says:
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
https://thehackernews.com/2024/05/new-tricks-in-phishing-playbook.html
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users’ credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail.
The attack method, called transparent phishing or adversary-in-the-middle (AitM) phishing, “uses Cloudflare Workers to act as a reverse proxy server for a legitimate login page, intercepting traffic between the victim and the login page to capture credentials, cookies, and tokens,” Netskope researcher Jan Michael Alcantara said in a report.
A majority of phishing campaigns hosted on Cloudflare Workers over the past 30 days have targeted victims in Asia, North America, and Southern Europe, spanning technology, financial services, and banking sectors.
Tomi Engdahl says:
Free malware scanner for #Linux systems released by Kaspersky. Would you use it on Linux server o lr desktop?
More here https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Tomi Engdahl says:
True. But a malware scanner needs to access all your files (maybe even write access; to protect you, of course) and needs to connect to the internet. That’s all most malware ever needed
Tomi Engdahl says:
From https://www.facebook.com/share/bQYSorickFFAASRb/
Kaspersky is the best malware I’ve ever seen. Everybody should use it!
True. But a malware scanner needs to access all your files (maybe even write access; to protect you, of course) and needs to connect to the internet. That’s all most malware ever needed
I’m using Kaspersky in Windows, and ClamAV w/ on-access scanning + rkhunter in Linux when needed (not needed in all context).
Tomi Engdahl says:
Network Security
8 Degrees of Secure Access Service Edge
Assembling a diverse team, outlining clear objectives, and meticulously assessing your network landscape can enable organizations to successfully navigate SASE migration without hiccups and pitfalls.
https://www.securityweek.com/8-degrees-of-secure-access-service-edge/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2024/06/06/kvanttisalaus-vaatii-jo-ensimmaisia-toimia/
Tomi Engdahl says:
Why Hackers Love Logs
Log tampering is an almost inevitable part of a compromise. Why and how do cybercriminals target logs, and what can be done to protect them?
https://www.securityweek.com/why-hackers-love-logs/
Computer log tampering is an almost inevitable part of a system compromise. Why and how do cybercriminals target logs, and what can be done to protect them?
A computer log file is a record of actions taken on or by an application within a computer. They are important to see what is happening within the system, whether it be a design malfunction or malicious activity. Initially, these logs were manually (and inefficiently) analyzed. Today the process is automated by other applications, especially security software watching for anomalous activity that might indicate an attack commencing or in progress.
While important to the operation of enterprise IT, logs are not directly relevant to the business of the enterprise. As a result, their value is often overlooked. They are not automatically considered part of the company’s ‘crown jewels’ that must be protected, and are often simple read/write text files with little security.
This is a mistake since the totality of the logs contain – albeit in a fragmented manner – a complete record of the IT infrastructure and its use. This reality is not lost to criminal attackers.
Content and attraction
Log file content may contain numerous attractions or capabilities for attackers, including: an aid to reconnaissance, PII and other regulated data, a means to stealth and covering tracks, and a method for disruption and extortion.
Tomi Engdahl says:
Google, Microsoft: Russian Threat Actors Pose High Risk to 2024 Paris Olympics
Google and Microsoft warn of elevated risks of cyber threats facing the 2024 Paris Olympics, especially from Russian threat actors.
https://www.securityweek.com/google-microsoft-russian-threat-actors-pose-high-risk-to-2024-paris-olympics/
The 2024 Paris Olympics is facing elevated risks of cyber threats, especially from Russian threat actors, Google and Microsoft warn.
According to Google Cloud’s Mandiant cybersecurity team, the 2024 Paris Olympics is facing cyber threats ranging from espionage, disruption, destruction, hacktivism, influence, and financially motivated activities.
“Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event,” Mandiant notes.
Russian threat groups, Mandiant warns, represent a major threat to the Olympics, while state-sponsored threat actors from China, Iran, and North Korea pose a moderate to low risk.
The large number of government officials and decision makers attending the 2024 Olympics may attract the attention of cyberespionage groups, while threat actors focused on destruction and disruption may launch distributed denial-of-service (DDoS), defacement, wiper malware, or OT attacks to cause negative psychological effects and reputational damage.
Tomi Engdahl says:
Upleveling the State of SMB Cybersecurity
Gone are the days when cyberattacks were deemed concerns solely by corporate giants
https://www.securityweek.com/upleveling-the-state-of-smb-cybersecurity/
Tomi Engdahl says:
Terveydenhuollon kyberturvassa on merkittäviä puutteita
https://etn.fi/index.php/13-news/16307-terveydenhuollon-kyberturvassa-on-merkittaeviae-puutteita
Kyberturvallisuuden johtamisessa terveydenhuollossa on merkittäviä puutteita, todetaan Tero Haukilehdon tuoreessa, Vaasan yliopistoon tehdyssä väitöskirjassa. Puutteet liittyvät ennen kaikkea digitalisaation yleistymiseen alalla.
Terveydenhuollon toimivuus on entistä riippuvaisempi sähköisistä ja verkottuneista palveluista. Alan nopea digitalisoituminen on tehostanut terveydenhuollon toimintaa, mahdollistanut uusia palvelumuotoja ja tuonut asioinnin myös kotisohville.
- Samalla digitalisaatio on tuonut kuitenkin uusia uhkakuvia, kuten kyberhyökkäykset, jotka pahimmillaan ovat lamauttaneet terveydenhuolto-organisaatioiden toimintaa, aiheuttaneet -miljoonien eurojen vahinkoja sekä vaarantaneet potilasturvallisuuden, Tero Haukilehto muistuttaa.
Terveydenhuollossa käsitellään valtavia määriä arkaluonteisia asiakas- ja potilastietoja. Koko sote-sektorin tiedetäänkin kiinnostavan rikollisia. Esimerkiksi Irlannissa kyberhyökkäys vaikutti vakavasti koko julkisen terveydenhuollon toimivuuteen kuukausien ajan, saastutti kymmeniä tuhansia tietokoneita ja johti arkaluonteisten potilastietojen päätymiseen hyökkääjien käsiin. Arviot lopullisista kustannuksista nousivat jopa satoihin miljooniin euroihin.
Tomi Engdahl says:
Upleveling the State of SMB Cybersecurity
Gone are the days when cyberattacks were deemed concerns solely by corporate giants.
https://www.securityweek.com/upleveling-the-state-of-smb-cybersecurity/
Tomi Engdahl says:
Distributed Denial of Service is when a malicious person targets your IP address or infrastructure with the intention of causing an outage or loss of internet connectivity. The distributed in DDoS means that the malicious person is using multiple systems sometimes hundreds or thousands of systems at the same time to flood your IP address with specially crafted packets or ICMP requests to cause an outage. The way you can protect against it is to use a firewall that has IDS/IPS that will identify a DDoS attack and will block the IP address. Another method is to use a WAF behind a firewall which is a web application firewall that is a second layer of security and basically does the same thing as the firewall. It checks incoming connections to identify malicious behavior and blocks or rejects the connection if deemed malicious. Oh there are also ISP’s that which have services to detect and block DDoS attacks. Check with your ISP to see if they provide such services.
https://www.cisa.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf
A denial-of-service is a network attack targeting a service on a single system. Essentially, think about a website you know if there, but access to it is denied by someone else. Even a bad database can cause a DoS, as it may deny access to the webserver
In a distributed denial of service (DDoS), a threat actor utilizes several, even thousands, to prevent access to a service/system.
Protecting from DDoS is challenging, especially web servers, etc. Many vendors use several methods to defend against it.
Check out https://www.cyber.gc.ca/en/guidance/defending-against-distributed-denial-service-ddos-attacks-itsm80110
for a good overview.
Tomi Engdahl says:
WAF can protect against some of DoS attacks but not all. How well it protects depends on location where the WAF is located and how it is configured affects what it can do.
I currently use Cloudflare for protecting one of my web sites.
Services I have worked with have been target of DoS and DDoS attacks. I have also caused DoS situation unintentionally and intentionally (for cyber resilience testing purposes).
Tomi Engdahl says:
It’s best to leverage an upstream provider to mitigate ddos. At scale you will be eaten up by anything with sheer size. Upstream providers are backbone isp’s and some cdns.
Distributed Denial of Service is when a malicious person targets your IP address or infrastructure with the intention of causing an outage or loss of internet connectivity. The distributed in DDoS means that the malicious person is using multiple systems sometimes hundreds or thousands of systems at the same time to flood your IP address with specially crafted packets or ICMP requests to cause an outage. The way you can protect against it is to use a firewall that has IDS/IPS that will identify a DDoS attack and will block the IP address. Another method is to use a WAF behind a firewall which is a web application firewall that is a second layer of security and basically does the same thing as the firewall. It checks incoming connections to identify malicious behavior and blocks or rejects the connection if deemed malicious. Oh there are also ISP’s that which have services to detect and block DDoS attacks. Check with your ISP to see if they provide such services.
Todd Backer those ISP or cloud service level services are needed in fighting against big DDoS attacks that can have much higher attack bandwidth than your Internet connection pipe can handle. If you have Gigabit connection, but you are hit with multiple Gigabit DDoS flood, no firewall or WAF on your end of pipe will help you much when attack flood fills up all your incoming bandwidth.
Tomi Engdahl says:
What are the best practices for adapting to cyberattack and malware behavior?
https://www.facebook.com/share/p/TAE4siPPmQkNKwMe/
These are two separate incident types with differeig SOPS. Worth splitting them apart as you would get different answers for both. Generally though best practise to prevent incident is strong passwords, MFA, least privilege on all account including admin, network segmentation, consider disabling admin accounts that are currently used and enabling them as needed with just enough access to do their task or job, have MFA on applications as well as account for deeper protection, establish network baselines for user and network behaviour, monitor logins, user education, run regular phishing campaigns etc.
Tomi Engdahl says:
WithSecure tutki: nyt hyökätään verkon reunalla oleviin laitteisiin
https://etn.fi/index.php/13-news/16320-withsecure-tutki-nyt-hyoekaetaeaen-verkon-reunalla-oleviin-laitteisiin
WithSecure Intelligence tutkii uudessa raportissaan edge-palvelujen ja -infrastruktuurin hyödyntämistä tietoturvahyökkäyksissä. – Massahyväksikäyttämiseen vaaditaan vain yksi asia, ja se on haavoittuva edge-palvelu. Siis ohjelmisto, johon pääsee internetistä, sanoo yhtiön vanhempi tietoturva-analyytikko Stephen Robinson.
Vuosien 2023 ja 2024 kyberuhkamaisemaa on hallinnut haavoittuvuuksien massahyväksikäyttäminen. Aiemmassa WithSecuren raportissa kyberrikollisuuden ammattimaistumisesta jo todettiin suuntauksen kasvu, mutta nyt sen yleisyys ja vakavuus ovat todella räjähtäneet.
Vuonna 2024 tunnettujen hyödynnettyjen haavoittuvuuksien luetteloon (Known Exploited Vulnerability Catalogue, KEV) kuukausittain lisättyjen edge-palveluiden ja -infrastruktuurien yleisten haavoittuvuuksien (Common Vulnerabilities and Exposures, CVE) määrä on 22 prosenttia suurempi kuin vuonna 2023, kun taas muiden luetteloon kuukausittain lisättyjen haavoittuvuuksien määrä on pudonnut 56 prosenttia vuoteen 2023 verrattuna.
Kahden viime vuoden aikana lisätyt edge-palveluiden ja -infrastruktuurin haavoittuvuudet ovat keskimäärin 11 prosenttia vakavampia kuin muut.
Haavoittuvien ohjelmistojen, kuten MOVEit, CitrixBleed, Cisco XE, Fortiguardin FortiOS, Ivanti ConnectSecure, Palo Alton PAN-OS, Juniperin Junos ja ConnectWise ScreenConnect, hyväksikäyttämisen aiheuttamia tietoturvahäiriöitä on ollut tiheään tahtiin.
Verkon reunalla sijaitsevat edge-palvelut ovat erittäin houkuttelevia kohteita hyökkääjille, sillä ne ovat yhteydessä internetiin ja niiden tarkoituksena on tarjota kriittisiä palveluja etäkäyttäjille.
- Monille hyökkäyksissä hyödynnetyille palveluille on yhteistä se, että ne ovat osa infrastruktuuria, kuten palomuureja, VPN- tai sähköpostiyhdyskäytäviä, jotka ovat yleensä lukittuja mustan laatikon kaltaisia laitteita. Näillä laitteilla on usein tarkoitus tehdä verkosta turvallisempi, mutta kerta toisensa jälkeen niistä on löydetty haavoittuvuuksia, joita hyökkääjät ovat hyödyntäneet saadakseen jalansijan kohdeverkossa, Stephen Robinson kuvailee.
- On todennäköistä, että haavoittuvuuksien massahyväksikäyttämisestä on tulossa ensisijainen hyökkäystapa joko siksi, että haavoittuvia edge-palveluita on niin paljon, tai siksi, että hyökkääjät ja puolustajat ovat nyt tietoisempia haavoittuvista edge-palveluista massahyväksikäyttämisen yleistymisen vuoksi, Robinson päättää.
Mass exploitation: The vulnerable edge of enterprise security
https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security
Tomi Engdahl says:
Cyber crime is a major threat in our digital age, encompassing activities like phishing, ransomware, identity theft, hacking, and cyberstalking. These crimes can lead to severe financial losses, identity theft, and compromised privacy. Protect yourself by using strong passwords, enabling two-factor authentication, staying informed about threats, installing antivirus software, and backing up data. Governments and organizations must also strengthen cybersecurity measures to combat this growing menace. Stay vigilant and safeguard your digital life.
Tomi Engdahl says:
Developing a Plan to Respond to Critical CVEs in Open Source Software
Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response.
https://www.darkreading.com/vulnerabilities-threats/developing-plan-to-respond-to-critical-cves-open-source-software
Tomi Engdahl says:
https://yrityksille.elisa.fi/ideat/nain-torjut-tietojen-kalastelua-mobiiliverkossa/
Tomi Engdahl says:
Understanding Security’s New Blind Spot: Shadow Engineering
In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it.
https://www.darkreading.com/vulnerabilities-threats/understanding-security-new-blind-spot-shadow-engineering