The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. Here are some cybersecurity predictions for 2024 to help security professionals. It is crucial to anticipate the key themes likely to dominate the cybersecurity space in 2024.
Cybersecurity is an ever-evolving process that can never be ‘complete’ in the exact sense. The cybersecurity field evolves constantly as technology advances, global events create uncertainty, and threat actors refine and improve their malicious tactics. It is expected that 2024 again emphasizes the critical need to strike a balance between cybersecurity and cyber resilience. Safeguarding mission-critical assets and developing the capacity to anticipate, withstand, recover from, and adapt to cyberattacks remain central to organizational cybersecurity strategies. While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns.
Five Cybersecurity Predictions for 2024
https://www.securityweek.com/five-cybersecurity-predictions-for-2024/
A Never-Ending Story: Compromised Credentials
Ransomware Attacks Continue to Wreak Havoc
Global Conflicts and Elections Lead to a Rise in Hacktivism
White House Cybersecurity Strategy Triggers Revival of Vulnerability Management
The Emergence of Next-Gen Security Awareness Programs
10 Global Cybersecurity Predictions for 2024
https://www.fticonsulting.com/insights/articles/10-global-cybersecurity-predictions-2024
Election Security Making Headlines
A Two-Sided Approach to Artificial Intelligence
Widespread Adoption of Zero-Trust Architecture
Cities Integrating IoT into Critical Infrastructure
Increasing Cybersecurity Supply Chain Risks
Third Party Scrutiny Taking Priority for Compliance Officers
The Start of Significant Fines From Australian Regulators
Corporate Responsibility Shifting to Individuals
Organizational Transparency Surrounding Cybersecurity
Emergence of Incentivized Cybersecurity
Experts Talk: Predicting the Cybersecurity Landscape in 2024
Spiceworks News & Insights brings you expert insights on what to expect in cybersecurity in 2024.
https://www.spiceworks.com/it-security/security-general/articles/cybersecurity-predictions-2024/
By investing in AI governance tools and developing complimentary guardrails, companies can avoid what may end up being the biggest misconception in 2024: the assumption that you can control the adoption of AI.
“In 2024, we can expect a surge in malicious AI-generated content.”
“Organizations’ inability to identify the lineage of AI will lead to an increase in software supply chain attacks in 2024,”
The integration of AI into the development process, particularly in the CI/CD pipeline, is crucial.
“Cyberattacks overall are expected to increase; ransomware groups are targeting vendors, government agencies, and critical infrastructure in the United States.”
How can AI help threat actors: “With the assistance of AI, particularly generative AI (GenAI) technology, attackers will be able to refine their techniques, increasing their speed and effectiveness. GenAI will allow criminal cyber groups to quickly fabricate convincing phishing emails and messages to gain initial access into an organization.”
“If cyber leaders want to take on this responsibility (and burden), they will have to be reasonably informed of cyber risks faced by the organization and able to communicate those risks to investors,”
“Third-party risk management is no longer an experiment; it’s an expectation,”
“We will see breaches related to Kubernetes in high-profile companies,”
API Security Trends and Projections for 2024
https://www.spiceworks.com/it-security/application-security/guest-article/api-security-trends-and-projections/
1. The pervasiveness of API vulnerabilities – These vulnerabilities in AAA, if exploited, can lead to major security breaches.
2. Limitations of standard frameworks – While foundational, traditional frameworks like the OWASP API Security Top-10 have limitations in addressing the dynamic nature of API threats.
3. Leak protection – The report highlighted the critical need for enhanced API leak protection, especially considering significant breaches at companies like Netflix and VMware.
4. Rising threats and strategic recommendations – The Wallarm report identified injections as the most pressing API threat, underscoring their likelihood of significant damage.
Gartner’s 8 Cybersecurity Predictions for 2023-2025
https://krontech.com/gartners-8-cybersecurity-predictions-for-2023-2025
By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships. Investors, especially venture capitalists, use cybersecurity risk as an important factor in evaluating opportunities.
1. By the end of 2023, modern data privacy laws will cover the personal information of 75% of the world’s population.
2. By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), sourced from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
5. The percentage of states that enact laws regulating ransomware payments, fines and negotiations will increase from less than 1% in 2021 to 30% by the end of 2025.
6. By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.
7. By 2025, 70% of CEOs will build a culture of corporate resilience to protect themselves from threats from cybercrime, severe weather events, social events, and political instability.
8. By 2025, cyber-attackers will be able to use operational technology environments as weapons successfully enough to cause human casualties.
Top 10 Cyber Security Trends And Predictions For 2024
https://www.splashtop.com/blog/cybersecurity-trends-and-predictions-2024
Trend 1: Increased Focus on AI and Machine Learning in Cybersecurity
Trend 2: Growing Importance of IoT Security
Trend 3: Expansion of Remote Work and Cybersecurity Implications
Trend 4: The Rise of Quantum Computing and Its Impact on Cybersecurity
Trend 5: Evolution of Phishing Attacks
Trend 6: Enhanced Focus on Mobile Security
Trend 7: Zero Trust Security
Trend 8: Cybersecurity Skills Gap and Education
Trend 9: Blockchain and Cybersecurity
Trend 10: Cybersecurity Insurance Becoming Mainstream
6 Predictions About Cybersecurity Challenges In 2024
https://www.forbes.com/sites/edwardsegal/2023/12/09/6-predictions-about-cybersecurity-challenges-in-2024/?sh=172726819433
‘Uptick in Disruptive Hacktivism’
Election Interference
More Targeted Attacks
Fooling Users
Leveraging AI Tools
‘New Avenues For Cybercrime’
5 cybersecurity predictions for 2024
https://www.fastcompany.com/90997838/5-cybersecurity-predictions-for-2024
1. Advanced phishing
2. AI-powered scams
3. Increase in supply chain attacks
4. Deployment of malicious browser extensions
5. Changing demographics brings more threats
Top cybersecurity predictions of 2024
https://www.securitymagazine.com/articles/100271-top-cybersecurity-predictions-of-2024
Adoption of passwordless authentication
Multi-Factor Authentication (MFA) will become a standard requirement for most online services and applications. Traditional methods like SMS-based MFA will decline in favor of more secure options, such as time-based one-time passwords (TOTP) generated by authenticator apps.
Both enterprises and consumers are increasingly adopting passwordless solutions across various sectors. Transitioning to a passwordless mindset may appear unconventional, as it requires users to change their habits. However, the enhanced security and the seamless experience it offers reduce the learning curve, making the transition more user-friendly.
Cybersecurity will be a higher priority for law firms
For nearly any law firm, part of the ‘big picture’ approach to cybersecurity includes an ability to scale detection and response capabilities.
Artificial intelligence and large language models
Phishing and BEC attacks are becoming more sophisticated because attackers are using personal information pulled from the Dark Web (stolen financial information, social security numbers, addresses, etc.), LinkedIn and other internet sources to create targeted personal profiles that are highly detailed and convincing. They also use trusted services such as Outlook.com or Gmail for greater credibility and legitimacy.
We should also expect the rise of 3D attacks, meaning not just text but also voice and video. This will be the new frontier of phishing. We are already seeing highly realistic deep fakes or video impersonations of celebrities and executive leadership.
I expect to see a major breach of an AI company’s training data exposing the dark side of large language models (LLM) and the personal data they hold that were scraped from open sources.
One of the big trends we expect to see in 2024 is a surge in use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites — such as LinkedIn — to pull information on targets and create highly-personalized social engineering attacks en masse.
Simultaneously, we will see a rise in ‘AI PC’s’, which will revolutionize how people interact with their endpoint devices. With advanced compute power, AI PCs will enable the use of “local Large Language Models (LLMs)”
With the increase in regulatory and security requirements, GRC data volumes continue to grow at what will eventually be an unmanageable rate. Because of this, AI and ML will increasingly be used to identify real-time trends, automate compliance processes, and predict risks.
Prioritize training
Insider threats are a leading problem for IT/security teams — many attacks stem from internal stakeholders stealing and/or exploiting sensitive data, which succeed because they use accepted services to do so. In 2024, IT leaders will need to help teams understand their responsibilities and how they can prevent credential and data exploitation.
On the developer side, management will need to assess their identity management strategies to secure credentials from theft, either from a code repository hosted publicly or within internal applications and systems that have those credentials coded in. On the other hand, end users need to understand how to protect themselves from common targeted methods of attack, such as business email compromise, social engineering and phishing attacks.
Security teams need to prioritize collaboration with other departments within their organization to make internal security training more effective and impactful.
Humans Are Notoriously Bad at Assessing Risk
https://www.epanorama.net/newepa/2022/12/31/cyber-trends-for-2023/
We as humans, with our emotions, can sometimes be irrational and subjective. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality.
Threat Intel: To Share or Not to Share is Not the Question
https://www.securityweek.com/threat-intel-to-share-or-not-to-share-is-not-the-question/
To share or not to share isn’t the question. It’s how to share, what to share, where and with whom. The sooner we arrive at answers, the safer we’ll be collectively and individually.
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
https://www.securityweek.com/addressing-the-state-of-ais-impact-on-cyber-disinformation-misinformation/
The recent rapid rise of artificial intelligence continues to be a game-changer in many positive ways. Yet, within this revolution, a shadow looms. By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects.
350 Comments
Tomi Engdahl says:
https://cybersecuritynews.com/24-7-threat-monitoring-response-for-small-it-security-teams/#google_vignette
Tomi Engdahl says:
Some cyber stuff already uses “AI”.
Darktrace’s antigena email uses AI already as well as a bunch of SOAR stuff.
However, some people are still needed sometimes
Tomi Engdahl says:
The truth? No,
But you will be replaced by guys using AI.
Short story: No clue about AI? Bad chance for a job in cyber.
Future is about orchestration and autonomization of AI driven devices.
Tomi Engdahl says:
while AI will continue to transform the cybersecurity landscape by augmenting various tasks and improving operational efficiency, it will not fully replace the need for skilled cybersecurity professionals. The synergy between AI and human expertise will be key to effective cybersecurity in the future.
Tomi Engdahl says:
Keir Starmer says facial recognition tech is the answer to far-right riots
The technology remains highly controversial despite widespread rollout
https://www.theregister.com/2024/08/05/keir_starmer_facial_recognition/
Responding to the riots across England over the past week, Prime Minister Keir Starmer says he’s backing a wider rollout of facial recognition technology to track and prevent “thugs” from traveling to areas where they plan to cause unrest.
Following the abhorrent stabbings of multiple children at a Taylor Swift-themed summer holiday club, violence broke out in Southport, the location of the attack, and in other towns and cities across the UK.
Tomi Engdahl says:
Why You Should Keep USB Debugging Enabled on Your Android Phone
https://www.howtogeek.com/why-you-should-keep-usb-debugging-enabled-on-your-android-phone/
Key Takeaways
USB debugging in Android isn’t just for developers – it can be used to recover data and control your phone from a computer.
Remember to keep USB debugging enabled to access files or control your phone even if the screen is broken.
Be cautious – enabling USB debugging can allow unwanted access to your data, but Android’s security can prevent this.
Tomi Engdahl says:
Cloudflare Introduces Advanced Load Balancing to Eliminate Hardware Dependency
https://www.theverge.com/2024/8/2/24211842/ai-music-riaa-copyright-lawsuit-suno-udio-fair-use
Tomi Engdahl says:
Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses
Modern ransomware attacks are multi-staged and highly targeted. First, attackers research the target organization and its employees.
https://www.securityweek.com/fighting-back-against-multi-staged-ransomware-attacks-crippling-businesses/
Traditional ransomware attacks were fairly straightforward. Attackers lured indiscriminate victims using social engineering and phishing tactics. Once victims were tricked into visiting a malicious website or opening a malicious link or attachment, they would execute malware that would spread rapidly and encrypt valuable files and folders. Hackers would then demand a ransom in return for decryption keys.
Enter the Modern Ransomware Attacker Workflow
Modern ransomware attacks are quite different today because they are multi-staged and highly targeted. First, attackers research the target organization and its employees. Next, using custom phishing attacks, stolen credentials or unpatched vulnerabilities, attackers install a trojan or a stager in the victim’s machine. This trojan then modifies the victim’s machine, downloads updates and instructions from command and control [C&C or C2] servers and notifies hackers about the intrusion. While the program awaits instructions, it collects information about the victim’s environment, including passwords stored in a computer’s cache or a user’s browser.
Tomi Engdahl says:
AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains
AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains.
https://www.securityweek.com/aws-deploying-mithra-neural-network-to-predict-and-block-malicious-domains/
Tomi Engdahl says:
It’s Time to Reassess Your Cybersecurity Priorities
A cyber resilience strategy is vital for business continuity and can provide a range of benefits before, during, and after a cyberattack.
https://www.securityweek.com/its-time-to-reassess-your-cybersecurity-priorities/
This article marks my 100th column for SecurityWeek over a ten-year span. This milestone has prompted reflection on my initial goal of educating the market about the essentials of cybersecurity.
Unfortunately, not much has changed. Cyber breaches are now bigger and worse than ever. Hardly a week goes by without headlines about a new devastating cyberattack. In fact, the International Monetary Fund reports that the number of cyberattacks has more than doubled since the pandemic.
And, when it comes to breaches, the shift to work-from-anywhere hasn’t helped either. Many companies had to adopt a “move first, plan later” approach and leave their network-centric security bubble behind that allowed IT teams to own and control most of the network. Ultimately, punching holes in existing security controls in the name of business continuity created vulnerabilities and exposed many organizations to increased risks. Cyber adversaries capitalized on the rapidly changing environment by intensifying their attacks and targeting the weakest link in the attack chain – the remote worker.
Despite the advancements in technologies, strategies, and artificial intelligence employed by security experts and threat actors alike, one thing remains constant: the human element. Humans are fallible—a fact that threat actors frequently exploit through phishing and social engineering campaigns to establish a foothold in their victim’s IT environment. Ultimately, hackers don’t hack in anymore—they log in using weak, default, stolen, or otherwise compromised credentials.
Tomi Engdahl says:
https://www.securityweek.com/crowdstrike-releases-root-cause-analysis-of-falcon-sensor-bsod-crash/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16441-kyberhyoekkaeykset-hurjassa-kasvussa
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16435-tietoturva-voi-vaatia-erillistae-laitetta-myoes-aelypuhelimissa
Tomi Engdahl says:
https://betanews.com/2024/08/07/the-c-suite-conundrum-are-senior-executives-the-achilles-heel-of-cybersecurity/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16452-onko-generatiivinen-tekoaely-uhka-turvallisuudelle
Tomi Engdahl says:
https://www.pandasecurity.com/en/mediacenter/google-dark-web-monitoring-goes-free/
Google has announced plans to make their dark web monitoring tool free for all registered users. Previously this scanning service was restricted to paying Google One subscribers.
Why should you care?
For most of us, the dark web doesn’t matter at all – until we become the victim of a hacking. When cybercriminals compromise a corporate network and steal information, they will often target usernames, passwords and other sensitive information related to the user’s account.
Once that data has been stolen, it is frequently sold on the dark web for profits. Sometimes the hackers simply publish the information so any other dark web user can use it. This is exactly what happened when 7.6 million user account details were stolen during the AT&T hacking earlier this year.
The trouble is, you don’t know your information has been leaked until another criminal uses it. And this can have serious consequences, such as identity theft and devastating financial fraud.
Why you need a dark web scanner service
Once you have become a victim of a dark web data leak, it’s too late to stop it. But if you cannot access the dark web, how can you tell if your accounts are in danger?
This is where dark web scanning services can help. Tools like Panda Dark Web Scanner automatically check whether your email addresses or passwords have been leaked. These tools do all the hard work for you too, constantly scanning for new leaks – and whether your details have been compromised.
As soon as an issue is detected, you receive an alert explaining what has been leaked – and how it affects you. You can then change your passwords before cybercriminals are able to exploit your compromised account. Acting fast will limit the damage and better protect you against becoming a victim.
Don’t wait for Google
Google’s free dark web scanning service is a welcome announcement – but the price drop will not happen until the end of this year. Waiting for the release will leave your personal information exposed for another four months (at least) – more than long enough for hackers to exploit and rob you.
Instead, you must take action now. Panda Dark Web Scanner is included as part of every Panda Dome Premium subscription. Sign up for a free trial today to protect yourself against malware – and dark web data leaks.
Tomi Engdahl says:
https://darknetdiaries.com/
Tomi Engdahl says:
https://www.theguardian.com/technology/article/2024/jun/18/encryption-is-deeply-threatening-to-power-meredith-whittaker-of-messaging-app-signal
Tomi Engdahl says:
https://www.howtogeek.com/easy-tasks-to-improve-the-security-of-your-linux-computer/
Tomi Engdahl says:
Android Users Should Disable 2G Connectivity, Says Google
https://www.howtogeek.com/google-encourages-users-to-disable-2g-connectivity/
We regularly criticize carriers and regulators for failing to block SMS scams. And while this criticism may be somewhat warranted, Google is keen to note that the world’s most potent SMS attacks are not transmitted through legitimate cellular networks. Such attacks are completely beyond your carrier’s control—they must be blocked at a device level by disabling 2G connectivity and implementing next-gen security features.
Modern smartphones operate on LTE and 5G networks and rarely, if ever, fall back to 2G. This isn’t just a question of speed; the 2G protocol is outdated and contains some major security flaws. Most major carriers have shut down their 2G networks, but your phone is still capable of connecting to 2G, and this capability can be exploited through cell-site simulation.
Imagine if a criminal built their own miniature “cell tower.” They could install it in the back of a car (or place it in a backpack), roll up to a crowd of people, and impersonate a carrier’s 5G signal.
Imagine if a criminal built their own miniature “cell tower.” They could install it in the back of a car (or place it in a backpack), roll up to a crowd of people, and impersonate a carrier’s 5G signal. This fake cell network would bypass anti-spam protections and forcibly downgrade nearby devices to a 2G signal. Then, the criminal could send out phishing links and malware over SMS. They could even spoof the phone number of a bank or some other trusted institution, as 2G lacks mutual authentication technology.
This technique, called SMS blasting, doesn’t need to be imagined. It’s real. Criminals can buy cell-site simulators online (or build them at home) and set up fake “cell towers.” And cell-site simulation isn’t exclusive to criminals. It’s regularly used by law enforcement to track individuals, identify protestors, or perform other investigative tasks that would normally require a warrant or other forms of judicial oversight.
An option to disable 2G connectivity debuted on Android some years ago. Google is now encouraging users to go into “Settings,” navigate to “Network & Internet,” select “SIMs,” and manually disable 2G. This option is supported on most Android phones
Also, Android’s 2G-blocking option will soon be accompanied by an anti-cell-site simulation feature that notifies users when a connection is untrustworthy. Pixel users will get anti-cell-site simulation in Android 15, though it may take some time for other Android OEMs to catch up.
Tomi Engdahl says:
https://zeltser.com/automated-malware-analysis/
Tomi Engdahl says:
Tietoturvalla on paha uskottavuusongelma!
Se joka sanoo ”Tuleva tietoympäristö on sellainen, ettei hakkerointi ole enää mahdollista” valehtelee varmasti.
Jos lupaa vähemmän, niin tietoturvan taso alkaa epäilyttää potentiaalisia käyttäjiä.
Tomi Engdahl says:
Suuret yritykset alttiimpia sähköpostihyökkäyksille
https://etn.fi/index.php/13-news/16500-suuret-yritykset-alttiimpia-saehkoepostihyoekkaeyksille
Yhtiön koko määrittää monelta osin sitä, millaisten tietoturvahyökkäysten kohteeksi se joutuu. Tietoturvaratkaisuja toimittavan Barracuda Networksin tutkimus kertoo esimerkiksi, että pienillä yhtiöillä suurimman uhan muodostavat tietojenkalastelu- ja kiristysviestit, kun isoja yrityksiä uhkaa organisaation sisäiset kalasteluviestit.
Vaikka nämä ns. BEC-hyökkäykset (Business Email Compromise) ja keskustelujen kaappaukset ovat lähes yhtä yleisiä pienissä ja suurissa yrityksissä, muiden kohdennettujen sähköpostiuhkien osalta yhtiön koko määrittää sen kohtaamien tietoturvahyökkäysten luonteen. Esimerkiksi kalastelu- ja kiristysviestit kohdistuvat todennäköisimmin pieniin yrityksiin.
Barracuda Networksin tuotemarkkinoinnista vastaavan Olesia Klevchukin mukaan suuret yritykset tarjoavat hyökkääjille enemmän potentiaalisia sisäänpääsypisteitä. Sähköpostilaatikoita on yksinkertaisesti enemmän. – Lisäksi suurissa yrityksissä on useita viestintäkanavia haitallisten viestien levittämiseksi koko yritykseen. Toisaalta pienemmillä yrityksillä on harvemmin käytössä monitasoinen tietoturva ja myös yrityksen sisäinen valmius sekä resurssit voivat olla vähäisempiä kuin isoissa yrityksissä.
Tomi Engdahl says:
https://hackaday.com/2024/08/22/wardriving-tools-in-the-modern-era/
Tomi Engdahl says:
https://etn.fi/index.php/tekniset-artikkelit/16507-ferrissd-tehokkain-suoja-kyberhyoekkaeyksiae-vastaan
Verkon, infrastruktuurin ja verkon arkkitehtuurin monimutkaistuminen lisää sellaisten yhteyksien määrää ja monimuotoisuutta, jotka voivat olla verkkohyökkäysten kohteena. Elegantti tapa suojautua uhkilta on käyttää Silicon Motionin FerriSSD-asemia datan tallennukseen.
Uhkien kehittyminen ja uhkien heikko havaitseminen vaikeuttavat tietoturvakontrollien, -vaatimusten ja -uhkien kasvavan määrän seuraamista. Tietoturva on selvästi suuri huolenaihe tietoturvayhtiöille. Tarvitaan varotoimia, jotta laitteisto pysyy haavoittumattomana hakkerointia vastaan tai muulle luvattomalle käytölle varkauden tai väärinkäytön estämiseksi.
Silicon Motion FerriSSD -asemissa yhdistyvät uusimpien teollisuusstandardien mukainen laitteistopohjainen tietoturva ja useat lisäsuojatoimenpiteet. Näihin kuuluvat digitaalisesti allekirjoitettu laiteohjelmisto ja peukalointivasteet, jotka vaihtelevat hälytyksen antamisesta koko levyn sisällön poistamiseen.
Tomi Engdahl says:
Yli kolmasosa nettiliikenteestä on bottien aiheuttamaa
https://etn.fi/index.php/13-news/16509-yli-kolmasosa-nettiliikenteestae-on-bottien-aiheuttamaa
Tuoreen Fastly Threat Insights Report -raportin mukaan noin 36 prosenttia kaikesta internetliikenteestä on bottien aiheuttamaa. Raportti, joka keskittyy verkkosovellusten ja API-turvallisuuden trendeihin, paljastaa, että vaikka suurin osa tästä liikenteestä koostuu ei-toivotuista boteista, neljännes bottiliikenteestä on kuitenkin tunnistettu ja toivottua.
Raportin mukaan bottiliikenne jakautuu kahteen pääryhmään: toivottuihin ja ei-toivottuihin botteihin. Ei-toivotut botit ovat yleensä haitallisia ja liittyvät esimerkiksi tilikaappauksiin, mainoshuijauksiin ja tietojen kalasteluun. Toivottuja botteja ovat puolestaan esimerkiksi hakukoneiden indeksoijat ja verkkosivustojen toimintaa valvovat työkalut, joiden pääsyä sivustoille pyritään varmistamaan.
Erityisesti finanssialan verkkopalvelut ovat raportin mukaan suurin ei-toivotun bottiliikenteen kohde, mikä johtuu näiden palveluiden käsittelemän datan arkaluonteisuudesta. Tämä tekee niistä houkuttelevia kohteita erilaisille automaattisille hyökkäyksille.
Tomi Engdahl says:
https://www.xda-developers.com/make-your-own-security-tools-raspberry-pi/
Tomi Engdahl says:
https://www.howtogeek.com/when-should-you-use-ztna-instead-of-a-vpn/
Tomi Engdahl says:
https://cyberscoop.com/open-source-security-trust-xz-utils/
Tomi Engdahl says:
Why LinkedIn Developed Its Own AI-Powered Security Platform
An inside look at how LinkedIn developed an internal AI-assisted vulnerability management system to protect its massive infrastructure and user base.
https://www.securityweek.com/why-linkedin-developed-its-own-ai-powered-security-platform/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16516-tikku-tai-mokkula-voi-edelleen-olla-paras-turva
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16515-withsecure-ransomware-hyoekkaeyksiae-yhae-useammin-pienyrityksiin
Tomi Engdahl says:
10+1 essential tips to strengthen your company’s cyber resilience
https://www.dna.fi/dnabusiness/blogi/-/blogs/10-essential-tips-to-strengthen-your-companys-cyber-resilience?utm_source=facebook&utm_medium=social&utm_content=LAA-artikkeli-10-essential-tips-to-strengthen-your-companys-cyber-resilience&utm_campaign=P_LAA_24-31-35_artikkelikampanja_ENKKU_&fbclid=IwZXh0bgNhZW0BMAABHW1CSI52sIQZORT8DJmzlAD3GD6SRd4wC6Pk_A_cOB87VJW5jn9iFfn43w_aem_yM9DIsvPHXGpd795gL2JWQ
Tomi Engdahl says:
https://cybersecuritynews.com/best-practices-for-event-logging-threat-detection/#google_vignette
Tomi Engdahl says:
MagSpoof – “wireless” credit card/magstripe spoofer
https://samy.pl/magspoof/?fbclid=IwY2xjawE3olBleHRuA2FlbQIxMQABHbliCKkuWpO_SHYVC7XPTFw0nWzvEcPsAfSiKe3bWmfFIp6UjKN3eFJdvw_aem_d7SjPUdIE9jcTJ44UqqnSg
Tomi Engdahl says:
Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident
Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit.
https://www.securityweek.com/microsoft-convenes-endpoint-security-firms-following-crowdstrike-incident/
Tomi Engdahl says:
When Convenience Costs: CISOs Struggle With SaaS Security Oversight
SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to, nor oversight from, the security team.
https://www.securityweek.com/when-convenience-costs-cisos-struggle-with-saas-security-oversight/
SaaS deployments sometimes exemplify a common CISO lament: they have accountability without responsibility.
Software-as-a-service (SaaS) is easy to deploy. So easy, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to, nor oversight from, the security team. And precious little visibility into the SaaS platforms.
A survey (PDF) of 644 SaaS-using organizations undertaken by AppOmni reveals that in 50% of organizations, responsibility for securing SaaS rests entirely on the business owner or stakeholder. For 34%, it is co-owned by business and the cybersecurity team, and for only 15% of organizations is the cybersecurity of SaaS implementations wholly owned by the cybersecurity team.
This lack of consistent central control inevitably leads to a lack of clarity. Thirty-four percent of organizations don’t know how many SaaS applications have been deployed in their organization. Forty-nine percent of Microsoft 365 users thought they had less than 10 applications connected to the platform – yet AppOmni’s own telemetry reveals the true number is more likely close to 1,000 connected apps.
Tomi Engdahl says:
Unlocking the Power of AI in Cybersecurity
As adversaries increasingly exploit AI, security practitioners must not fall behind. What does it take to unlock the full potential of AI in cybersecurity?
https://www.securityweek.com/unlocking-the-power-of-ai-in-cybersecurity/
Generative AI platforms like ChatGPT are revolutionizing how we access information, answer questions, and even develop software code. It’s no surprise that according to the KPMG Cybersecurity Survey: Security Operations Center (SOC) Leaders Perspective (PDF), two-thirds (66%) of security leaders consider AI-based automation to be very important, both now and in the future, for staying ahead of new threats and increasing the agility and responsiveness of their SOCs. While AI-based automation offers numerous benefits, the reliability of AI-generated recommendations remains a top concern for cybersecurity leaders. This raises the question: What does it take to unlock the full potential of AI in cybersecurity?
Anyone who has explored generative AI platforms can see that AI has the potential to significantly enhance cybersecurity—particularly in querying large datasets, identifying abnormalities, and triggering event-based actions like triaging tickets, alerting teams, or reducing false positives. However, like any technology, AI also introduces new risks and challenges that must be carefully managed. Some key risks include:
Weaponized AI: Cyber adversaries can leverage AI to develop sophisticated attack methods, including introducing malicious data into training datasets to corrupt AI models, leading to incorrect or dangerous outputs.
Overreliance on AI: Organizations might become overly dependent on AI systems, believing them to be infallible, which can lead to complacency in human oversight and manual security checks.
Lack of Transparency: AI systems, particularly those based on deep learning, can be opaque, making it difficult to understand how decisions are made. This lack of transparency can negatively impact incident response and root cause analysis.
Data Privacy Concerns: AI requires vast amounts of data for training, raising concerns about data privacy and compliance, especially when sensitive information is involved. Furthermore, AI systems may store or process large datasets, making them attractive targets for cybercriminals who seek to steal or manipulate this data.
Resource Intensity: Implementing and maintaining AI-driven cybersecurity systems can be expensive, requiring significant computational resources and skilled personnel.
Tomi Engdahl says:
Currently, most AI strategies are focused narrowly on assisting with specific tasks, and organizations are still evaluating the risks posed by this emerging technology.
Tomi Engdahl says:
Nuclei: Open-source vulnerability scanner
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates.
https://www.helpnetsecurity.com/2024/08/26/nuclei-open-source-vulnerability-scanner/
Tomi Engdahl says:
How Exceptional CISOs Are Igniting the Security Fire in Their Development Team
For years, many CISOs have struggled to influence their development cohort on the importance of putting security first.
https://www.securityweek.com/how-exceptional-cisos-are-igniting-the-security-fire-in-their-development-team/
Tomi Engdahl says:
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.
https://www.securityweek.com/us-gov-removing-four-year-degree-requirements-for-cyber-jobs/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16604-nokia-torjuu-palvelunestohyoekkaeykset-sekunneissa
DDoS eli palvelunestohyökkäys on kyberisku, jossa käytetään suurta määrää laitteita lähettämään valtava määrä pyyntöjä verkkopalvelulla. Nokia on nyt esitellyt tekniikan, jolla näitä hyökkäyksiä voidaan torjua keskitetysti verkossa muutamassa sekunnissa.
Nokia Deepfield Defender on verkkoturvallisuusratkaisu, joka on suunniteltu suojaamaan palveluntarjoajien ja yritysten verkkoja erilaisilta kyberuhkilta, erityisesti hajautetuilta palvelunestohyökkäyksiltä (DDoS). Sen päätavoitteena on tarjota reaaliaikainen analyysi ja suojaus verkkoliikenteelle.
Tomi Engdahl says:
Cybersecurity Awareness: Reflecting on 20 Years of Defense Evolution and Preparing for Future Threats
Threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.
https://www.securityweek.com/cybersecurity-awareness-reflecting-on-20-years-of-defense-evolution-and-preparing-for-future-threats/
Tomi Engdahl says:
Henkilötunnuksen merkitys tunnistautumisessa vähenee, mutta rikolliselle se on yhä vahva työkalu
Tietosuoja|Virossa henkilötunnus ei ole arkaluontoinen henkilötieto. Suomessakaan se ei virallisesti ole arkaluontoista tietoa eikä riitä esimerkiksi luotonottoon. HS kysyi, miksi sitä silti pitää varjella.
https://www.hs.fi/alueet/art-2000010695365.html
Suomalaisten henkilötunnuksia on julkisilla verkkosivuilla Virossa. Viron viranomaiset edellyttävät yrityksen johtoon kuuluvia julkaisemaan henkilötunnuksensa yritysrekisterissä. Sieltä ne ovat levinneet kaupalliselle verkkosivulle yhden klikkauksen päähän. HS kertoi asiasta viime viikolla.
Suomalaisia virolainen käytäntö voi kauhistuttaa, vaikka Suomessakin henkilötunnuksen käyttötapa on muutoksessa. Väärinkäyttömahdollisuuksia vähentävät hiljattain voimaan tulleet kuluttajansuojalain ja tietosuojalain muutokset. Virallisesti se ei ole arkaluontoinen henkilötieto.
Eri verkkosivuille tai hyökkääjille on Kyberturvallisuuskeskuksen tietoturva-asiantuntija Matias Mesiän mukaan vuotanut jo kuusinumeroinen määrä suomalaisten henkilötunnuksia viime vuosien aikana.
Nykyään ilmoituksia henkilötunnusten väärinkäytöksistä tulee harvoin Kyberturvallisuuskeskukseen. Ne ohjataan keskusrikospoliisiin.
Osa yrityksistä on voinut jäädä kiinni vanhaan, helppoon tapaan tunnistaa henkilö pääosin henkilötunnuksen avulla. Yrityksen asiakaspalvelu saattaa puhelimessa kysyä ensimmäisenä henkilötunnusta tai sen loppuosaa.
”Se on muinaisjäänne”, Mesiä sanoo.
Henkilötunnuksen ei myöskään tarvitsisi hänen mukaansa olla ihmisten väärinkäytön pelossa varjelema salaisuus.
”Unelmatilanteessa kaikilla olisi universaali tunnistautuminen esimerkiksi suomi.fi-palvelussa”, Mesiä sanoo.
Tämä kuulostaa Viron-mallilta.
Mesiän kiittelemä digitaalinen henkilökortti muuttui Virossa kaikille pakolliseksi vuosituhannen alussa. Suomessakin sen voi hankkia vapaaehtoisesti, mutta se ei ole kovin suosittu.
Suomi ei ole kyennyt reagoimaan kaikkiin 2000-luvun digitaalisiin muutoksiin yhtä nopeasti kuin Viro, sanoo Mesiä.
”On tultu jälkijunassa. Olimme pitkään henkilötunnus-painotteisia”, Mesiä sanoo.
Uudesta sääntelystä huolimatta suomalaisilla on viranomaisten mukaan syytä edelleen varjella henkilötunnustaan.
”Henkilötunnus on vahva työkalu rikollisen hallussa”
”Viime vuonna kuluttajansuojalakia uudistettiin niin, että luoton myöntämiseen vaaditaan vahvaa tunnistautumista”, sanoo Siirilä.
Siirilän mukaan henkilötunnuksen käyttötapa on Suomessa murrosvaiheessa.
”Itse katsoisin tarkkaan, mihin jaan”, sanoo Siirilä.
Pelkkä nimi ja henkilötunnus eivät Suomen tietosuojalain mukaan riitä henkilön tunnistamiseen. Kun oheen liittää muita tietoja, vaikkapa osoitteen, tilanne muuttuu epämääräisemmäksi.
Henkilötunnuksella on tarkoitus yksilöidä henkilöt toisistaan, mutta esimerkiksi puhelimessa tapahtuvaa tunnistautumista ei saa rakentaa henkilötunnuksen varaan. Tunnistautumisessa muuttujia on oltava riittävän paljon, sanoo Pihamaa.
Tietosuojavaltuutetun toimisto ei ole antanut yhtä kaikkiin tilanteisiin sopivaa linjausta sitä, mitkä konkreettiset tiedot tunnistautumiseen riittävät nimen ja henkilötunnuksen lisäksi.
Henkilötunnuksen, nimen ja osoitteen avulla voi tehdä muuttoilmoituksen, lehtitilauksen tai varata terveydenhoitoajan. Tämä ei ole laitonta. Henkilötunnusta saa kysyä muiden tietojen lisäksi.
Viranomaiset ovat laatineet toimintaohjeen niille, jotka epäilevät henkilötunnuksensa päätyneen vääriin käsiin.
Ohje sisältää yhä kehotuksen harkita luottokieltoa, rajata muuttoilmoituksen tekomahdollisuutta ja mahdollisuutta rekisteröinti-ilmoitukseen kauppa-, yhdistys- ja säätiörekistereihin.
https://www.suomi.fi/oppaat/tietovuoto/muistilista
Tomi Engdahl says:
Ellison declares Oracle all-in on AI mass surveillance, says it’ll keep everyone in line
Cops to citizens will be ‘on their best behavior because we’re constantly recording and reporting’
https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/
AI is on the verge of ushering in a new era of mass surveillance, says Oracle cofounder Larry Ellison, adding that his juggernaut is ready to serve as the technological backbone for such applications.
Those applications including keeping everyone “on their best behavior” through the use of constant real-time machine-learning-powered monitoring.
Ellison made the comments near the end of an hour-long chat at the Oracle financial analyst meeting last week during a question and answer session in which he unsurprisingly painted Oracle – a long-time US government contractor that has done various IT deals lately with AWS and Microsoft – as the AI infrastructure player.
Tomi Engdahl says:
White House’s new fix for cyber job gaps: Serve the nation in infosec
Now do your patriotic duty and fill one of those 500k open roles, please?
https://www.theregister.com/2024/09/05/white_house_cyber_jobs/
Tomi Engdahl says:
Security boom is over, with over a third of CISOs reporting flat or falling budgets
Good news? Security is still getting a growing part of IT budget
https://www.theregister.com/2024/09/05/security_spending_boom_slowing/
Tomi Engdahl says:
Tekoälystä tulee avaintekijä kyberuhkien torjunnassa
https://etn.fi/index.php/13-news/16647-tekoaelystae-tulee-avaintekijae-kyberuhkien-torjunnassa
Kriittisen infrastruktuurin suojelu on siirtymässä uuteen aikakauteen, kun tekoälystä (AI) tulee avaintekijä kyberuhkien torjunnassa. Check Point Researchin mukaan vuosina 2024 tammi–elokuussa energia- ja vesilaitoksiin kohdistui viikossa keskimäärin 1514 kyberhyökkäystä, mikä on peräti 37 % enemmän kuin edellisvuonna.
Tämä kasvu korostaa tekoälyyn perustuvien ratkaisujen merkitystä infrastruktuurin puolustuksessa. AI:n kyky käsitellä valtavia datavirtoja reaaliajassa mahdollistaa poikkeavuuksien ja uhkien havaitsemisen nopeammin ja tarkemmin kuin koskaan ennen.
Koneoppiminen mahdollistaa järjestelmien jatkuvan kehittymisen ja kyvyn pysyä kyberrikollisten edellä. Voimaverkkojen, vesihuollon ja liikenneverkkojen operaattoreille AI tarjoaa tehokkaan suojan, joka voi estää vakavia häiriöitä. Lisäksi tekoäly vapauttaa ihmisen asiantuntijat rutiinitehtävistä ja antaa heille enemmän aikaa keskittyä monimutkaisiin uhkien analysointiin ja ratkaisuihin. Vaikka tekoälyyn liittyy myös riskejä, kuten tekoälypohjaiset hyökkäykset, sen tarjoamat hyödyt infrastruktuurin suojelussa ovat merkittäviä.
Tekoäly ei pelkästään paranna uhkien havaitsemista, vaan se tehostaa myös automaatiota kriittisissä järjestelmissä. AI voi itsenäisesti analysoida hälytyksiä, yhdistää tietoja eri lähteistä ja aloittaa tarvittavat vastatoimet. Tämä nopeuttaa reaktiota kyberhyökkäyksiin ja vapauttaa ihmistiimit strategiseen suunnitteluun. Tällainen automaatio lisää kriittisen infrastruktuurin joustavuutta ja varmistaa, että järjestelmät pysyvät toimintakykyisinä myös kyberhyökkäysten aikana.
Energiasektori on yksi esimerkki siitä, miten tekoäly voi tehostaa infrastruktuuria. Älykkäissä sähköverkoissa AI ennustaa energiantarpeen vaihtelut ja optimoi energian jakelun, mikä parantaa energiatehokkuutta ja varmistaa vakaat toimitukset. Lisäksi tekoäly auttaa ennakoivassa huollossa, ennustamalla laitteistojen vikoja ja vähentäen näin käyttökatkoksia sekä ylläpitokustannuksia.
Tomi Engdahl says:
Management & Strategy
Cyber Founder Recipe for Success: Clear Vision and Trusted Experts
A clear, consistent vision, along with reliable experts, are the two essential ingredients for startup founders to achieve success—both in cyber and beyond.
https://www.securityweek.com/cyber-founder-recipe-for-success-clear-vision-and-trusted-experts/