Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Nine Investors Instantly Make $16 Billion On GameStop Stock ‘Squeeze’
https://www.investors.com/etfs-and-funds/sectors/gme-stock-gamestop-investors-instantly-make-16-billion-gamestop-stock-squeeze/
Here’s a game many people would like to play: How to make a billion bucks in a month. And nine investors just pulled it off with GameStop (GME) stock.
The rally in GameStop is breathtaking. Shares of the struggling mall-based video game seller are up more than 1,600% — just this year. GameStop, by far, is the top stock in the S&P 1500 index this month. The stock is rallying as individual investors pour into the stock. Big investors heavily shorting the stock are now forced to buy it to close out their positions.
GameStop’s financial future isn’t all that bright. But it’s still a member of the S&P Small Cap 600 index and Russell 2000. As a result, large index small-cap funds and ETFs are forced to own it. That’s looking smart now.
Tomi Engdahl says:
Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers https://www.scmagazine.com/home/security-news/vulnerabilities/flaws-in-open-source-library-used-by-dod-ic-for-satellite-imagery-could-lead-to-system-takeovers/ via @grimmcyber
Tomi Engdahl says:
WallStreetBets’ founder on GameStop: ‘I didn’t think it would go this far’
The Reddit forum is at the center of a war between Wall Street and an army of small investors over the store – and Jaime Rogozinski is still getting to grips with it
https://www.theguardian.com/business/2021/jan/29/wallstreetbets-founder-jaime-rogozinski-gamestop-shares-reddit
Tomi Engdahl says:
Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords
https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/
British Mensa, the society for people with high IQs, failed to properly secure the passwords on its website, prompting a hack on its website that has resulted in the theft of members’ personal data.
Eugene Hopkinson, a former director and technology officer at British Mensa, stood down this week, claiming that the organization had failed to secure the data of its 18,000 members properly, according to a report in the FT.
Hopkinson claimed that the stored passwords of Mensa members were not hashed, potentially allowing hackers to unscramble them.
Mensa held an emergency directors’ meeting today in which a source tells me it was confirmed that the Mensa site had been hacked this morning, using the credentials of one of the organization’s directors. It was also confirmed at the meeting that there were logs of Mensa members’ passwords stored in plain text. A Mensa member told the FT that the society had sent him his password in plain text within the past year.
Several stashes of Mensa personal data have been posted onto the Pastebin website, although some have subsequently been removed from the site.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/
Tomi Engdahl says:
Google Deletes 100,000 Negative Reviews of Robinhood App From Angry Users
https://www.theaegisalliance.com/2021/01/29/google-deletes-negative-reviews-robinhood/
Google deleted no less than 100,000 unfavorable reviews of the stock buying and selling app Robinhood from the Google Play app store after angry customers left a flood of critical reviews that prompted the app’s rating to plummet on Thursday. The app’s rating went from roughly 4 stars out of 5 on Wednesday to only one star on Thursday. Robinhood customers have been understandably upset after the company halted purchases of GameStop’s stock and different shares promoted by Reddit’s WallStreetBets group.
A Google spokesperson confirmed the tech giant has deleted the reviews and defended the move in a single day, saying it has guidelines in opposition to “coordinated or inorganic reviews.”
Google said the reviews are deemed “inorganic” when individuals appear understandably upset about Robinhood’s actions over the last few days.
There are nonetheless questions on what really led Robinhood to halt purchases of stock shares picked by Reddit’s WallStreetBets on Thursday, shares that include not only GameStop however, but also Nokia, Blackberry, and AMC Theaters, amongst others. An early theory was that hedge funds that had shorted the stocks had leaned on Robinhood to halt buying and selling, however an alternate idea emerged that Robinhood merely didn’t have the money stream to continue processing that amount of stock share purchases.
The latter idea appears to have been bolstered by a brand new report early Friday from the New York Times that claims Robinhood has raised roughly $1 billion from existing traders like Sequoia Capital and Ribbit Capital. Robinhood CEO Vlad Tenev denied the business was having liquidity issues on CNBC yesterday, however that doesn’t imply it wasn’t anticipating liquidity issues within the near future.
Robinhood customers upset with the business’ choice to halt purchases of GameStop filed a class-action lawsuit on Thursday, a suit that would appear to provide credence to the concept that a damaging app rating on Google Play isn’t essentially “inorganic.”
The majority of Americans know in their heart that the game is rigged. But this week’s actions by activist traders on Reddit have actually made the rules plain for the whole world to see. The rich are not going to tolerate average individuals earning profits while they suffer.
The question is how far hedge fund managers and different rich individuals are prepared to take this to defend their class interests.
Tomi Engdahl says:
Drone Swarms Are Getting Too Fast For Humans To Fight, U.S. General Warns
https://www.forbes.com/sites/davidhambling/2021/01/27/drone-swarms-are-getting-too-fast-for-humans-too-fight-us-general-warns/
General John Murray, head of Army Futures Command, told a webinar audience at the Center for Strategic & International Studies that humans may not be able to fight swarms of enemy drones, and that the rules governing human control over artificial intelligence might need to be relaxed.
“When you are defending against a drone swarm, a human may be required to make that first decision, but I am just not sure any human can keep up,” said Murray. “How much human involvement do you actually need when you are [making] nonlethal decisions from a human standpoint?”
Tomi Engdahl says:
Daniel Howley / Yahoo Finance:
Microsoft says revenue from its various cybersecurity offerings crossed $10B over the past 12 months, up 40% YoY and ~7% of its total revenue for the year
Yahoo Finance
Microsoft CEO Satya Nadella: There is ‘a big crisis right now’ for cybersecurity
https://finance.yahoo.com/news/microsoft-ceo-satya-nadella-there-is-a-big-crisis-right-now-for-cybersecurity-192533356.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAAGUhTHmwc0ufziS6JcEONdC5ReUdVPk7PnisRXg7cQDRuymJ8QyOaR9wkSYktBPOHMOxrcyR7mSK9im_nD_Izw7JmQKCBhtASNs8KVg2UbP2Tiav5V8Lo1nCkmeZWKzkWEe28IETR3FDNFIa3wCspy0o1JN10XScbQ09uQ9RF78o
Microsoft (MSFT) is officially a cybersecurity giant. For the first time on Tuesday, Microsoft disclosed revenue from its various security offerings as part of its quarterly earnings — $10 billion over the last 12 months.
That amounts to a 40% year-over-year jump in the growing security business, making up roughly 7% of the company’s total revenue for the previous year.
“We waited in some sense [until] this milestone to show the depth, the breadth, the span of what we are doing,” Microsoft CEO Satya Nadella told Yahoo Finance in an interview on Wednesday, a day after the company released its quarterly earnings report.
“And, you know, [there’s] a lot of work ahead, but we are investing very heavily because guess what? You know 10 years from now we’ll still be talking about it as technology becomes even [a deeper part] of our lives in our society in all critical industries.”
The $10 billion figure comes from the security-related revenue generated by services including Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection.
Tomi Engdahl says:
The ransomware industry has come a long way. Now, a new ransomware technique is exploding in light of the pandemic. It’s called “double extortion,” where cartels not only lock companies’ files but also force them to pay ransoms or else have their data leaked publicly.
These ransomware cartels will leak your data until you pay
https://cybernews.com/security/these-ransomware-cartels-will-leak-your-data-until-you-pay/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=cartels_leak&fbclid=IwAR0avcyPd-LionvsFcKZ5AiICznYw8cRBBRs9ZVkMQkXdtnzrr6kZliCUFU
This ransomware evolution puts companies, and the consumers who use those companies, in a difficult position, as ransomware attacks appear to be ramping up. And, looking at the numbers, it’s pretty easy to see why:
70% of enterprise ransomware victims have paid their ransoms, with sums between $20,000-$40,000
Consumer ransomware victims are paying out $500-$1,000 ransoms
Ransomware is expected to net cybercriminals $20 billion in 2021
Cybercrime could cost companies $5.2 trillion over 2019-2023 in additional costs and lost revenue
To make matters even worse, the cybercriminal gangs are targeting organizations of all sizes: 62% of cybercrime victims in 2019 were small and medium-sized businesses.
Tomi Engdahl says:
The Powerful GrayKey iPhone Hacking Tool Can Now Break Into Samsung Androids
https://www.forbes.com/sites/thomasbrewster/2021/02/01/the-powerful-graykey-iphone-hacking-tool-can-now-break-into-samsung-androids/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Grayshift, an Atlanta-based startup that made its name with the GrayKey hacking tool that breaks Apple’s iPhone defenses, now officially does the same for Google’s Android operating system. Forbes first reported Grayshift was to try cracking Google’s OS back in 2019. The company confirmed it Monday.
Tomi Engdahl says:
Ransomware: Average Ransom Payment Declines to $154,108
As Gangs Fail to Honor Data Deletion Promises, Fewer Victims Paying, Coveware Finds
https://www.govinfosecurity.com/blogs/ransomware-average-ransom-payment-declines-to-154108-p-2986
Tomi Engdahl says:
The Positive Impact of the Pandemic on SecOps Collaboration
https://www.securityweek.com/positive-impact-pandemic-secops-collaboration
Collaboration is a Hallmark of Successful Security Teams
The COVID-19 pandemic has changed forever how we work. Nearly three quarters (72%) of global knowledge workers prefer to continue working in a hybrid remote-office model moving forward, with only 12% wanting to return to the office full time and the remaining 16% wanting to work from home exclusively. Despite some rocky transitions and glitches, most organizations managed to make the switch surprisingly quickly and maintain, if not improve, productivity levels.
As we shift our mindsets and embrace a distributed workforce, we also have to rethink how to collaborate effectively. Security Operations Center (SOC) analysts and Incident Response (IR) team members can’t lean across the desk to compare data and analysis or walk down the hall to check in with a threat intel analyst. And managers of security teams can’t tap an analyst on the shoulder to assign them a task or get an update on an investigation.
Tomi Engdahl says:
In 1998 the Electronic Frontier Foundation built the EFF DES Cracker. It cost around $250,000 and involved making 1,856 custom chips and 29 circuit boards, all housed in 6 chassis, and took around 9 days to exhaust the keyspace. Today, with the advent of Field Programmable Gate Arrays (FPGAs), we’ve built a system with 48 Virtex-6 LX240Ts which can exhaust the keyspace in around 26 hours, and have provided it for the research community to use. Our hope is that this will better demonstrate the insecurity of DES and move people to adopt more secure modern encryption standards.
https://crack.sh/
Tomi Engdahl says:
Jill Lepore / New Yorker:
Nations are engaging in a cyberweapons arms race, with agencies like the NSA prioritizing offensive capabilities over defense, fueling a lucrative 0-day market — Amid a global gold rush for digital weapons, the infrastructure of our daily lives has never been more vulnerable.
The Next Cyberattack Is Already Under Way
https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way?currentPage=all
Amid a global gold rush for digital weapons, the infrastructure of our daily lives has never been more vulnerable.
In the nightmare, sirens caterwaul as ambulances career down ice-slicked, car-crashed streets whose traffic lights flash all three colors at once (they’ve been hacked by North Korea) during a climate-catastrophic blizzard, bringing pandemic patients to hospitals without water or electricity—pitch-black, all vaccinations and medications spoiled (the power grid has been hacked by Iran)—racing past apartment buildings where people are freezing to death in their beds, families huddled together under quilts, while, outside the darkened, besieged halls of government, men wearing fur hats and Kevlar vests (social media has been hacked by Russia), flashlights strapped to their rifles, chant, “Q is true! Q is true!”
“SOMEONE SHOULD DO SOMETHING,” reads the T-shirt worn by one of Nicole Perlroth’s sources, a hacker from New Zealand, in “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race” (Bloomsbury). Someone should. But who? And do what? And about which of the Biblical plagues facing humankind? Perlroth is a longtime cybersecurity reporter for the Times, and her book makes a kind of Hollywood entrance, arriving when the end of the world is nigh, at least in the nightmare that, every night, gains on the day.
Perlroth is interested in one particular plague—governments using hacking as a weapon of war—but her book raises the question of whether that’s the root of a lot of other evils.
Tomi Engdahl says:
Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem. Security for software developers is often asked about, but one area often overlooked is the software build process. This blog explains why your build pipeline is one of the foundations of your system security, and why you should give it particular attention.
Defending software build pipelines from malicious attack
https://www.ncsc.gov.uk/blog-post/defending-software-build-pipelines-from-malicious-attack
Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem.
Security for software developers is something the NCSC is often asked about, but one area often overlooked is the software build process. This blog explains why your build pipeline is one of the foundations of your system security, and why you should give it particular attention. See our guidance for the other security aspects of build process security, like code reviews and secrets management.
Tomi Engdahl says:
Google’s decision to kill off third-party cookies has already elicited multiple antitrust lawsuits and a U.S. congressional probe. Now, its attempt to replace the cookie is attracting regulatory attention.
Why Google’s approach to replacing the cookie is drawing antitrust scrutiny
https://digiday.com/media/why-googles-approach-to-replacing-the-cookie-is-drawing-antitrust-scrutiny/
Tomi Engdahl says:
F-Secure varoittaa: Vastaamo ei jääne ainoaksi
https://etn.fi/index.php?option=com_content&view=article&id=11686&via=n&datum=2021-01-28_15:37:10&mottagare=31202
Psykoterapiakeskus Vastaamon potilasdatan alkeellinen suojaus johti viime vuoden puhutuimpaan tietomurtoon Suomessa. Todennäköistä on, ettei tapaus jää ainoaksi. Tietoturvayritys F-Secure varoittaa potilasdataan kohdistuvien hyökkäysten yleistymisestä.
Tulevaisuudessa erilaisten toimitusketjujen tietoturvan hallinnointi ja henkilökohtaisten tietojen turvaaminen on yhä haastavampaa. F-Securen asiantuntijoiden mukaan tulemme näkemään lisää ongelmia terveydenhuollon järjestelmissä ja potilastietojen suojaamisessa.
Terveystiedot ovat olleet aina kohtalaisen helppo kohde hyökkääjälle, sillä suurin osa terveystietojärjestelmistä on vanhoja julkisin varoin ylläpidettäviä järjestelmiä. Kyberrikollisjengien kiristyksen kohteeksi on tyypillisesti joutunut isoja ja keskisuuria yrityksiä, eli sellaisia tahoja, joilla on mahdollisuus maksaa isojakin lunnaita. Nyt hyökkääjien kiinnostus arkaluontoisia henkilökohtaisia tietoja kohtaan on kuitenkin kasvanut, sillä juuri arkaluontoisuus tekee datasta arvokasta. Tämän myötä myös kiristys on siirtynyt yrityksistä suoraan asiakkaiden kiristämiseen. Muutosta voidaan kutsua kiristyshyökkäys 2.0-versioksi.
- Yksilöiden etsiminen kiristystä varten instituutioiden ja yritysten sijaan ei ole vielä kovinkaan suosittua, mutta näemme tästä jo merkkejä että siitä voisi tulla trendi lähitulevaisuudessa. Olen huolissani tästä kehityksestä ja luultavasti meidän kaikkien tulisi olla aiheesta huolestuneita, sanoo F-Securen tutkimusjohtaja Mikko Hyppönen.
Tomi Engdahl says:
Ransomware gangs now have industrial targets in their sights. That
raises the stakes for everyone
https://www.zdnet.com/article/ransomware-gangs-now-have-industrial-targets-in-their-sights-that-raises-the-stakes-for-everyone/
Manufacturers and infrastructure can make a tempting targeted for
ransomware attacks because the organisations in these sectors need to
be in operation around the clock, whether that’s running a factory
production line or operating a utilities plant. If they can’t provide
these services, there can be wide-ranging impacts further down the
supply chain. “Industrial organisations will feel more pressure to pay
the ransom as periods of inoperability have significant impacts to
their customers. This may result in a perception that organizations in
this area are more likely to pay a ransom demand compared to
organizations in other sectors, ” says Jamie Hart, cyber-threat
intelligence analyst at Digital Shadows. also:
https://www.digitalshadows.com/blog-and-research/ransomware-analyzing-the-data-from-2020/
Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration
Extortion Demands
https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020
The Coveware Quarterly Ransomware Report describes ransomware incident
response trends during Q4 of 2020. Ransomware groups continue to
leverage data exfiltration as a tactic. However, the trust that stolen
data will be deleted is eroding; defaults are becoming more frequent
when exfiltrated data is made public despite the victim paying. In Q4,
email phishing overtook RDP compromises as the dominant attack vector.
This is the first quarter since Coveware has been tracking data that
RDP compromise has not been the primary attack vector. Precursor
malware, like Trickbot / Emotet, favor widespread phishing campaigns
as their primary delivery mechanism.
Tomi Engdahl says:
Rubbish software security patches responsible for a quarter of
zero-days last year
https://www.theregister.com/2021/02/03/enigma_patch_zero/
To limit the impact of zero-day vulnerabilities, Google security
researcher Maddie Stone would like those developing software fixes to
stop delivering shoddy patches. Zero-day flaws are a problem because
they may be exploited for long periods of time before they’re detected
and dealt with. There were 24 of them in 2020, four more than in 2019,
Stone said. “Looking at them all together as a group, the number that
stuck out the most to me was that six out of the 24 zero-days
exploited in 2020 are variants of previously disclosed
vulnerabilities, ” she said. “On top of that, three out of the 24
vulnerabilities were incompletely patched, meaning that with just a
few tweaks, you could have an exploit that still works even after the
patch was applied.”
Tomi Engdahl says:
Top 10 most exploited vulnerabilities from 2020
https://www.helpnetsecurity.com/2021/02/03/2020-top-exploited-vulnerabilities/
Vulnerability intelligence-as-a-service outfit vFeed has compiled a
list of the top 10 most exploited vulnerabilities from 2020, and among
them are SMBGhost, Zerologon, and SIGRed. The company compiled the top
10 most exploited vulnerabilities from 2020 list based on how many
proof-of-concept exploits are out there (per vulnerability), how
easily the vulnerability can be exploited, how many malware-based
campaigns are using it, and so on.
Tomi Engdahl says:
Defending software build pipelines from malicious attack
https://www.ncsc.gov.uk/blog-post/defending-software-build-pipelines-from-malicious-attack
Compromise of your software build pipeline can have wide-reaching
impact; here’s how to tackle the problem.
Tomi Engdahl says:
Trust is the key component of human-centric data economy
https://impulssilvm.fi/2021/01/30/trust-is-the-key-component-of-human-centric-data-economy/
Data and digital innovation are vital for achieving public value,
sustainable development goals, and tackling climate change, poverty
and exclusion. In Finland, we speak of human-centric data economy, and
you might wonder, why? It is because we believe that the critical raw
material is not data as such, but trust, which is the prerequisite for
extracting, sharing, utilising, re-using and refining data. Fostering
trust and transparency is the most important task of the government.
Trust between citizens and government, as well as between the public
and private sectors.
Tomi Engdahl says:
Ransomware Payoffs Surge by 311% to Nearly $350 Million
https://www.darkreading.com/vulnerabilities—threats/ransomware-payoffs-surge-by-311–to-nearly-$350-million/d/d-id/1340017
Payments to ransomware gangs using cryptocurrency more than quadrupled
in 2020, with less than 200 cryptocurrency wallets receiving 80% of
funds. also:
https://blog.chainalysis.com/reports/ransomware-ecosystem-crypto-crime-2021
Tomi Engdahl says:
Why operational resilience will be key in 2021, and how this impacts
cybersecurity
https://www.microsoft.com/security/blog/2021/01/28/why-operational-resilience-will-be-key-in-2021-and-how-this-impacts-cybersecurity/
The key to success in surviving any unforeseen circumstances in 2021,
will be operational resiliency. Operational resilience is the ability
to sustain business operations during any major event, including a
cyberattack. It requires a strategic and holistic view of what could
go wrong and how an organization will respond.
Tomi Engdahl says:
Microsoft 365 Becomes Haven for BEC Innovation
https://threatpost.com/microsoft-365-bec-innovation/163508/
Two new phishing tactics use the platform’s automated responses to
evade email filters. In one case, scammers are targeting victims by
redirecting legitimate out-of-office (OOO) replies from an employee to
them; and in the other, read receipts are being manipulated. Both
styles were seen being used in the wild in the U.S. in December, when
auto-responders were more prevalent due to holiday vacation. also:
https://abnormalsecurity.com/blog/scammers-target-microsoft-365-read-receipt-and-out-of-office-reply-loophole-for-bec-attacks/
Tomi Engdahl says:
5 Insights From NSA’s 2020 Cybersecurity Year In Review
https://www.forbes.com/sites/louiscolumbus/2021/01/30/5-insights-from-nsas-2020-cybersecurity-year-in-review/
The report provides insights into the many accomplishments of the NSA
Cybersecurity Directorate’s first full year of operations under the
leadership of Ms. Anne Neuberger, Director of Cybersecurity. also:
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2466179/nsa-cybersecurity-2020-year-in-review/
Tomi Engdahl says:
Blockchain Analysis Shows Connections Between Four of 2020′s Biggest
Ransomware Strains
https://blog.chainalysis.com/reports/ransomware-connections-maze-egregor-suncrypt-doppelpaymer
As we’ve covered on our blog, there may be fewer cybercriminals
responsible for ransomware attacks than one would initially think
given the number of individual attacks, distinct strains, and amount
stolen from victims. Cybersecurity researchers point out that many
RaaS affiliates carrying out attacks switch between different strains,
and many believe that seemingly distinct strains are actually
controlled by the same people. Using blockchain analysis, we’ll
investigate potential connections between four of 2020′s most
prominent ransomware strains: Maze, Egregor, SunCrypt, and
Doppelpaymer.
Tomi Engdahl says:
Tietoturva 2021: 3 uhkaa ja 3 ratkaisua jokaiselle
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/tietoturva-2021-3-uhkaa-ja-3-ratkaisua-jokaiselle
Tavallista internetin käyttäjää uhkaavat huijausansat, joita
verkkorikolliset virittävät eteemme päivittäin. Kaikki ansat eivät
lepää vain internetin syövereissä, sillä nettihuijari voi tarttua myös
puhelimeen. Organisaatiossa uhkia aiheuttavat huterat etätyöratkaisut,
haittaohjelmat ja tietojenkalastelu. Tässä tietoturvauhkien ja
- -ratkaisujen TOP 3 arkeen ja työpaikoille vuonna 2021.
Tomi Engdahl says:
Vulnerability Reward Program: 2020 Year in Review
https://security.googleblog.com/2021/02/vulnerability-reward-program-2020-year.html
Despite the challenges of this unprecedented year, our vulnerability
researchers have achieved more than ever before, partnering with our
Vulnerability Reward Programs (VRPs) to protect Google’s users by
discovering security and abuse bugs and reporting them to us for
remediation. Their diligence helps us keep our users, and the internet
at large, safe, and enables us to fix security issues before they can
be exploited.
Tomi Engdahl says:
Cybersecurity to the Rescue: Pseudonymisation for Personal Data
Protection
https://www.enisa.europa.eu/news/enisa-news/cybersecurity-to-the-rescue-pseudonymisation-for-personal-data-protection
ENISA’s new report explores pseudonymisation techniques and use cases
for healthcare and information sharing in cybersecurity
Tomi Engdahl says:
Introducing data breach guidance for individuals and families
https://www.ncsc.gov.uk/blog-post/introducing-data-breach-guidance-for-individuals-and-families
Tomi Engdahl says:
Entä jos sisäverkko ei olekaan turvallinen? Zero trust -mallissa
epäillään kaikkia
https://www.tivi.fi/uutiset/tv/27deade9-eb10-4bc6-9de1-bd4d3858e14c
Zero trust haastaa kiinteisiin muureihin perustuvan
tietoturva-arkkitehtuurin ja niiden luomat suojaisat poukamat. Kun
yleisen oikeusperiaatteen mukaan syytetty on syytön, kunnes toisin
osoitetaan, zero trust kääntää asetelman päälaelleen.
Tomi Engdahl says:
Kyberharjoitusskenaariot 2021 – uusia ideoita kyberharjoituksiin
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoitusskenaariot-2021-uusia-ideoita-kyberharjoituksiin
Uusi Kyberharjoitusskenaariot 2021 -julkaisumme sisältää
todentuntuisia kyberuhkia maksujärjestelmän tietovuodosta
laajamittaiseen epidemiaan. Skenaarioiden tarkoitus on auttaa
organisaatioita löytämään itselleen sopivimmat uhkakuvat, joiden
torjumista ne voivat harjoitella.
Tomi Engdahl says:
WORLD’S MOST DANGEROUS MALWARE EMOTET DISRUPTED THROUGH GLOBAL ACTION
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action
Law enforcement and judicial authorities worldwide have this week
disrupted one of most significant botnets of the past decade: EMOTET.
Investigators have now taken control of its infrastructure in an
international coordinated action. Also:
https://www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/.
Also:
https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/.
Also:
https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/.
Also: https://yle.fi/uutiset/3-11759178. Also:
https://www.theregister.com/2021/01/27/emotet_botnet_taken_down_europol/
Tomi Engdahl says:
Top Cyber Attacks of 2020
https://thehackernews.com/2021/01/top-cyber-attacks-of-2020.html
Attack 1: Fraudulent unemployment claims rise in response to the
pandemic. Attack 2: T-Mobile breach exposes sensitive customer
datatwice. Attack 3: Hackers try to meddle with the coronavirus
pandemic response. Attack 4: The FireEye attack that exposed a major
breach of the U.S. government
Tomi Engdahl says:
Insurers defend covering ransomware payments
https://www.bbc.com/news/technology-55811165
Also:
https://www.zdnet.com/article/uk-association-defends-ransomware-payments-in-cyber-insurance-policies/.
Also:
https://www.tivi.fi/uutiset/tv/ff49c07f-7626-4027-a9dd-c7cc102fe9f3
Tomi Engdahl says:
Ransomware: Should Governments Hack Cybercrime Cartels?
https://www.bankinfosecurity.com/ransomware-should-governments-hack-cybercrime-cartels-a-15861
Banning Ransom Payments and Unleashing Offensive Hacking Teams Being
Mooted
Tomi Engdahl says:
New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Over the past several months, the Threat Analysis Group has identified
an ongoing campaign targeting security researchers working on
vulnerability research and development at different companies and
organizations. The actors behind this campaign, which we attribute to
a government-backed entity based in North Korea, have employed a
number of means to target researchers which we will outline below. We
hope this post will remind those in the security research community
that they are targets to government-backed attackers and should remain
vigilant when engaging with individuals they have not previously
interacted with. Also:
https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-targeting-security-researchers-with-malware-0-days/.
Also:
https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.htmlh.
Also:
https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/.
Also: https://www.theregister.com/2021/01/26/norks_hack_researchers/.
Also:
https://arstechnica.com/information-technology/2021/01/north-korea-hackers-use-social-media-to-target-security-researchers/.
Also:
https://www.tivi.fi/uutiset/tv/29d4036c-f9fa-4479-bbdd-fd1bc711ef2d
Tomi Engdahl says:
CLAROTY FINDS CRITICAL FLAWS IN OPC PROTOCOL IMPLEMENTATIONS
https://www.claroty.com/2021/01/25/blog-research-critical-flaws-in-opc-protocol/
Three vendors: Softing Industrial Automation GmbH, Kepware PTC, and
Matrikon Honeywell have provided fixes for their respective products.
Users of affected products are urged to determine whether they are
vulnerable and update immediately to the latest versions. The
Industrial Control System Cyber Emergency Response Team (ICS-CERT) has
also published advisories, warning users of the affected products
about the risks. Update and mitigation information is also available
in the advisories. Also:
https://www.petermorin.com/new-significant-vulnerabilities-identified-in-the-opc-protocol/
Tomi Engdahl says:
Follow the Money: Qualifying Opportunism Behind Cyberattacks During
the COVID-19 Pandemic
https://www.recordedfuture.com/opportunism-behind-cyberattacks-during-pandemic/
The opportunism of threat actors is primarily created by the
socioeconomic conditions of the pandemic and is visible in the
evolution of the themes used to target victims over the course of the
pandemic. Threat actors have targeted the healthcare and vaccine
“ecosystems” with a variety of tactics aimed at financial
exploitation, intelligence gathering, and destruction. China and
Russia each conducted coordinated and aggressive disinformation
campaigns targeting Western democracies such as the United States and
United Kingdom. Manipulating global audiences towards favoring their
own systems of governance is a long-term strategic objective of both
China and Russia. However, despite similar aims, their influence
operations tactics vary based on unique tool sets and resources. China
and Russia each used information operations to target vaccine
developers and the COVID economy in Western nations to gain business
and economic advantage over competitors. Also:
https://go.recordedfuture.com/hubfs/reports/cta-2021-0122.pdf
Tomi Engdahl says:
RITICS: Securing cyber-physical systems
https://www.ncsc.gov.uk/blog-post/ritics-securing-cyber-physical-systems
Discover the Research Institute in Trustworthy Inter-connected
Cyber-physical Systems.
Tomi Engdahl says:
Suomi panostaa digiturvallisuuteen, kyberhäiriöihin varaudutaan 130
miljoonalla eurolla: “On siirryttävä yksittäisistä järjestelmistä
kokonaisten toimintoketjujen suojaamiseen”
https://www.kauppalehti.fi/uutiset/suomi-panostaa-digiturvallisuuteen-kyberhairioihin-varaudutaan-130-miljoonalla-eurolla-on-siirryttava-yksittaisista-jarjestelmista-kokonaisten-toimintoketjujen-suojaamiseen/675ba9e4-2b14-4fc0-b719-ae2f69b6b5fc
Huoltovarmuuskeskus kertoo käynnistävänsä laajan ohjelmakokonaisuuden,
jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä
vastaan. Digitaalinen turvallisuus 2030 -ohjelma on osa Suomen
kansallisen kyberturvallisuusstrategian toteutusta. Ohjelmasta
rahoitetaan vuoteen 2026 mennessä yhteiskunnan digitaalista
turvallisuutta parantavia projekteja yhteensä noin 130 miljoonalla
eurolla. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat
kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa,
yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä
tulevaisuuden ilmiöiden ennakointi. Visiona on yhteiskunta, jonka
kriittiset toiminnot kestävät kyberhäiriöt.
Tomi Engdahl says:
Enhancing Email Security with MTA-STS and SMTP TLS Reporting
https://thehackernews.com/2021/01/enhancing-email-security-with-mta-sts.html
Encryption is optional in SMTP, which implies that emails can be sent
in plaintext. Mail Transfer Agent-Strict Transport Security (MTA-STS)
is a relatively new standard that enables mail service providers the
ability to enforce Transport Layer Security (TLS) to secure SMTP
connections and to specify whether the sending SMTP servers should
refuse to deliver emails to MX hosts that that does not offer TLS with
a reliable server certificate. It has been proven to successfully
mitigate TLS downgrade attacks and Man-in-the-Middle (MitM) attacks.
SMTP TLS Reporting (TLS-RPT) is a standard that enables reporting
issues in TLS connectivity experienced by applications that send
emails and detect misconfigurations. It enables the reporting of email
delivery issues that take place when an email isn’t encrypted with
TLS. In September 2018, the standard was first documented in RFC 8460.
Tomi Engdahl says:
The former US government cyber security chief has called for the military to target organized criminal gangs of hackers who launch ransomware attacks on companies and governments.
Former US cyber chief calls for military to attack hackers
https://www.ft.com/content/27c09769-ceb5-46dd-824f-40b684d681ae
The former US government cyber security chief has called for the military to target organised criminal gangs of hackers who launch ransomware attacks on companies and governments.
Chris Krebs, the ex-head of the US Cybersecurity and Infrastructure Security Agency, told the Financial Times the country needed to be more aggressive in hitting back against hackers who hold organisations to ransom by encrypting their data systems and demanding a fee to unfreeze them.
He suggested military cyber attackers could try to deter gangs using ransomware by publishing their private details, a tactic known as doxing.
Tomi Engdahl says:
Criminals quickly followed the spread of coronavirus, and Interpol’s Secretary-General Jürgen Stock has had to deal with the situation that he has never seen in his 40-year long police career.
We all need better cyber hygiene, says Interpol’s Secretary-General
https://cybernews.com/news/we-all-need-better-cyber-hygiene-says-interpols-secretary-general/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=cyber_hygiene&fbclid=IwAR2q3zes7ua375XH5BOXGT_mxq64YWqGrDjYVo9H-h5R5_-NrK1GxdJsPqw
Tomi Engdahl says:
Launching OSV – Better vulnerability triage for open source
https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html
We are excited to launch OSV (Open Source Vulnerabilities), our first
step towards improving vulnerability triage for developers and
consumers of open source software. The goal of OSV is to provide
precise data on where a vulnerability was introduced and where it got
fixed, thereby helping consumers of open source software accurately
identify if they are impacted and then make security fixes as .
quickly as possible.
Tomi Engdahl says:
NCIJTF Releases Ransomware Factsheet
https://us-cert.cisa.gov/ncas/current-activity/2021/02/05/ncijtf-releases-ransomware-factsheet
The National Cyber Investigative Joint Task Force (NCIJTF) has
released a joint-sealed ransomware factsheet to address current
ransomware threats and provide information on prevention and
mitigation techniques.
Tomi Engdahl says:
A Swiss Company Says It Found Weakness That Imperils Encryption
https://www.bloombergquint.com/onweb/a-swiss-company-says-it-found-weakness-that-imperils-encryption
Now, a Swiss technology company says it has made a breakthrough by
using quantum computers to uncover vulnerabilities in commonly used
encryption. The company believes it’s found a security weakness that
could jeopardize the confidentiality of the world’s internet data,
banking transactions and emails. The company said that its research
found vulnerabilities that affect symmetric encryption ciphers,
including the Advanced Encryption Standard, or AES, which is widely
used to secure data transmitted over the internet and to encrypt
files. Using a method known as quantum annealing, the company said its
research found that even the strongest versions of AES encryption may
be decipherable by quantum
Tomi Engdahl says:
https://thehackernews.com/2021/02/top-5-bug-bounty-programs-to-watch-in.html?m=1
Tomi Engdahl says:
Insecure = a : deficient in assurance. b : not highly stable or well-adjusted.
Unsecure = a : not protected or free from danger or risk of loss. b : not secured.
Why are most fb posts about Wi-Fi networks that are not encrypted or secured referred to as Insecure rather than Unsecure? Are they referring to the network or the engineer?