Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
https://www.cnn.com/2021/04/21/tech/amazon-whole-foods-palm-scan-payments/index.html?fbclid=IwAR2HgMLmGm20NUduQrtRfgBfQ_oduiRqu3Flv0INlJkHNxJxULgyxlzar8w
What could possible go wrong. Variations of biometric pay will be at almost all major grocers within the next thirteen months or so
Tomi Engdahl says:
Important Failures to Watch out for in DevSecOps
https://sudosecurity.org/devsecops-important-failures/
Companies are adopting development security operations (DevSecOps) for several important reasons: to deliver value faster, to gain an advantage, to low the cost of security for clients, and more.
Companies are adopting development security operations (DevSecOps) for several important reasons: to deliver value faster, to gain an advantage, to low the cost of security for clients, and more. Despite people rushing to adoption, companies will sometimes fail with their DevSecOps initiatives – and the sad part is that a lot of those reasons are easily avoidable. So, allow me to give an idea of the ones which I have seen the most from people.
Tomi Engdahl says:
How will it look when your recorded videoconference is played back in court?
Unexpected Legal Risks Of Videoconferencing
https://www.forbes.com/sites/joshuastein/2021/04/21/unexpected-legal-risks-of-videoconferencing/
Zoom, Microsoft Teams, Google Meet, and many other similar services have rapidly become staples of the real estate and larger business worlds. We have all learned to videoconference. But videoconferencing may produce some awkward surprises if we aren’t careful.
Videoconferencing software often allows the conference to be recorded. Once recorded, the resulting data files can live forever, in the servers of the videoconferencing company or in the local hard drives or network servers of meeting participants. Those data files can include records of sidebar chats during the video call, screen shares, facial expressions, positions taken in contract negotiations, and everything else that happened in the video call.
If the subject matter of that videoconference later goes into litigation, all those videoconference recordings can, in the eyes of the law, become “electronically stored information,” commonly abbreviated as ESI. That means a court can require whoever kept the videoconference files to hand them over to the adverse party in the litigation. It’s part of the “discovery” process, in which litigation lawyers have more or less carte blanche authority to collect documents and ESI that might conceivably lead to relevant evidence in the litigation. Notions of confidentiality and privacy are practically irrelevant. Anyone who doesn’t cooperate may face punishment.
Once those videoconference recordings are handed over, whoever combs through them will have a great opportunity to look for comments that sound bad, admissions, and statements that might be used to impute bad motivations.
Tomi Engdahl says:
All major #cybersecurity and data protection laws and regulations in one place: GDPR, HIPAA, PDPA, LGPD, NYDFS, CCPA and more. Learn how to comply with them. #privacy #compliance
https://www.immuniweb.com/compliance/
Tomi Engdahl says:
https://www.facebook.com/groups/majordomo/permalink/10161764364504522/
two brothers hacked the French optical telegraph system to gain advance information on the stock market. When they got caught two years later, they walked away as free men because in 1836 there were no laws against hacking
https://www.reddit.com/r/todayilearned/comments/n18m9p/til_by_using_a_man_in_the_middle_two_brothers/
TIL by using a man in the middle, two brothers hacked the French optical telegraph system to gain advance information on the stock market. When they got caught two years later, they walked away as free men because in 1836 there were no laws against hacking
Tomi Engdahl says:
Missile Defense Agency scrapped cybersecurity tests last year for a new approach, watchdog finds
https://www.c4isrnet.com/cyber/2021/04/29/missile-defense-agency-scrapped-cybersecurity-tests-last-year-for-a-new-approach-watchdog-finds/
The agency has failed since 2017 to complete assessments to identify cyber vulnerabilities for missile defense systems.
WASHINGTON — The Missile Defense Agency canceled all 17 planned cybersecurity operational assessments last year opting instead for a new approach designed to improve cyber requirements, a new watchdog report says.
The agency responsible for developing and fielding defense systems for ballistic missiles — and recently hypersonic missiles — has failed to complete assessments since 2017 to identify cyber vulnerabilities and possible attack routes, the nonpartisan Government Accountability Office noted.
“The lack of testing during fiscal year 2020 coupled with persistent testing shortcomings over the last 3 years are representative of a broader MDA cybersecurity development issue,” the GAO report said.
Missile defense technologies are vulnerable to cyber and other electronic attacks that can target their software or radars, potentially rendering them ineffective.
MDA told assessors that it scrapped the operational cybersecurity assessments for seven programs because the results weren’t needed given that fiscal 2020 operational capability baseline decisions had been completed. Instead, MDA restructured its cybersecurity test planning to align with its 2019 four-phase cybersecurity test concept, GAO said.
Now, the MDA will plan tests and documented results using the same process as flight and ground tests with internal and external stakeholder input informing test requirements. This will drive cyber test design and execution for each capability increment.
The cybersecurity assessments that weren’t completed fell into two categories: element level cooperative assessments, which provide initial information about a system’s resilience in an operational context, and adversarial assessments, which characterize the operational effects caused by potential cyberattacks and test defensive measures. MDA had scheduled 13 cooperative and four adversary assessments for 2020.
Tomi Engdahl says:
Prime targets: Governments shouldn’t go it alone on cybersecurity
https://www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/
A year into the pandemic, ESET reveals new research into activities of
the LuckyMouse APT group and considers how governments can rise to the
cybersecurity challenges of the accelerated shift to digital
Tomi Engdahl says:
Tonya Riley / Washington Post:
A task force of 60+ experts from industry, government, nonprofits, and academia calls on the US and allies to take steps to fight a surge in ransomware attacks — A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies …
The Cybersecurity 202: A group of industry, government and cyber experts have a big plan to disrupt the ransomware crisis
https://www.washingtonpost.com/politics/2021/04/29/cybersecurity-202-group-industry-government-cyber-experts-have-big-plan-disrupt-ransomware-crisis/
A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom.
The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.
“We’re seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular,” says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.”
Tomi Engdahl says:
New ransomware task force wants more support for victims who don’t pay
https://therecord.media/new-ransomware-task-force-wants-wants-more-support-for-victims-who-dont-pay/
A new government and industry coalition on Thursday put its weight
behind a number of aggressive measures aimed at curbing ransomware,
including financially supporting victims who refuse to pay attackers
and making it easier to track cryptocurrency payments. The group has
been working over the last four months on an 80-page report released
today that highlights the growing threat of ransomware and proposes a
long list of actions that would reverse the trend that cybersecurity
experts have been observing in recent years. also:
https://securityandtechnology.org/ransomwaretaskforce/report/
Tomi Engdahl says:
Incident Response Life Cycle Phases for Effective IR
https://www.secureworks.com/blog/incident-response-life-cycle-phases-for-effective-ir
Incident Response frameworks highlight the importance of preparation
and improvement for improved response outcomes
Tomi Engdahl says:
The Business of Fraud: Deepfakes, Fraud’s Next Frontier
https://www.recordedfuture.com/deepfakes-frauds-next-frontier/
Threat actors have begun to use dark web sources to offer customized
services and tutorials that incorporate visual and audio deepfake
technologies designed to bypass and defeat security measures.
Furthermore, threat actors are using these sources, as well as many
clearnet sources such as forums and messengers, to share tools, best
practices, and advancements in deepfake techniques and technologies.
As reported by Insikt Group’s Criminal and Underground Team throughout
2020, threat actors are developing customized deepfake products. PDF
report: https://go.recordedfuture.com/hubfs/reports/cta-2021-0429.pdf
Tomi Engdahl says:
Effective Security Needs to See and Interrupt Every Step in an Attack Chain
https://www.securityweek.com/effective-security-needs-see-and-interrupt-every-step-attack-chain
The best defense in depth strategy should not include loading up your network with a plethora of point solutions
Too many people outside of the cybersecurity profession see security as a series of binaries. Networks are under attack or they are not, cybercriminals are targeting a network or they aren’t, and security tools either see and stop threats or they miss them. But the reality is much more complex, as anyone who has spent time digging through log files or analyzing indicators of compromise can tell you.
True, a network can be directly attacked. But it can also be indirectly impacted by an event happening somewhere else. A critical server may be taken down as the result of a cascading chain of events, causing a segment of a network to go offline when it was never a target or under attack. End users can inadvertently spread malware when interacting with compromised devices. Preparing for such eventualities requires implementing a comprehensive and holistic security strategy.
The idea behind defense in depth today is about much more than just having solutions from different vendors in place to catch each other’s mistakes. It involves interconnecting networks and unifying security devices and technologies to see and respond to both known and unknown threats in real time, thereby breaking the attack sequence.
Threat mitigation is all about identifying even the most complex, multi-stage attacks and stopping them before they can achieve their objectives. To break an attack sequence, security solutions need to detect and rapidly adjust their security posture to effectively stop threats, even zero-day attacks, that are still in progress. These trusted insights also help threat hunters focus, as well as provide recommendations for next steps—preferably automated—when needed.
Tomi Engdahl says:
Mark Wilson / Fast Company:
Experts detail how Apple AirTags can be used by an abuser to discreetly track a partner despite built-in protections, especially when victims are not iOS users — AirTags are powerful surveillance technology. And the National Network to End Domestic Violence believes Apple has more work to do to fix them.
Apple AirTags could enable domestic abuse in terrifying ways
https://www.fastcompany.com/90630404/apple-airtags-could-enable-domestic-abuse-in-terrifying-ways
AirTags are powerful surveillance technology. And the National Network to End Domestic Violence believes Apple has more work to do to fix them.
Last week, Apple announced its new AirTags—$29 location-tracking fobs that can help find your keys or purse anywhere in the world. The devices, which are roughly the diameter of a quarter, have since been tested and lauded by tech journalists, including our own.
But technology often comes with unintended consequences, explain representatives from the National Network to End Domestic Violence (NNEDV), a leading nonprofit with the goal of ending violence against women. NNEDV sits on advisory boards for Facebook, Twitter, Snapchat, and Uber and has consulted for both Google and Apple in the past (but not on AirTags). The organization’s representatives say that while Apple AirTags are a cheap, easy-to-use product to find a lost item, they are also a worrisome surveillance tool that could be leveraged by an abuser to discreetly track a partner. An AirTag simply needs to be slipped into someone’s bag or jacket pocket to track exactly where they go.
AirTags operate through Apple’s Find My network. The network allows nearly a billion active Apple devices, including iPhones and Macs, to be located. Apple claims to discourage stalking by alerting an iPhone user if someone else’s tag has been placed on their person, and by making AirTags chime after three days if they’ve been unpaired with their source iPhone.
In response to our request for comment, an Apple spokesperson provided the following statement:
We take customer safety very seriously and are committed to AirTag’s privacy and security. AirTag is designed with a set of proactive features to discourage unwanted tracking—a first in the industry—and the Find My network includes a smart, tunable system with deterrents that applies to AirTag, as well as third-party products part of the Find My network accessory program. We are raising the bar on privacy for our users and the industry, and hope others will follow.
However, Apple declined to answer any of our specific questions, including whether the company consulted domestic violence organizations when designing AirTags and why they did not extend full AirTag protections to Android users. They also declined to address how domestic abusers might exploit AirTags to harass people close to them.
AirTags are not the first mass-market surveillance tool by any means, nor are they the first tracking fob. NNDEV has published several white papers on the dangers of technology for domestic abuse survivors.
In developing a tracker, Apple is following the path of companies such as Tile, which produced the original, popular fob tracker. But AirTags are being launched at a scale, and a level of platform control, that only Apple can achieve. Tile uses Bluetooth and an app to locate other Tile devices—and 35 million Tiles have sold to date. Meanwhile, AirTags leverage the worldwide network of nearly a billion Apple iPhones and Macs to spot AirTags on Apple’s own encrypted network. Every Apple user is a piece of Apple’s AirTag-hunting web and is passively complicit in the massive AirTag infrastructure, unless they opt out of the Find My network.
Apple has built some protections into this system. If you are an iPhone user, for instance, and someone has placed an AirTag on your person, your phone will eventually alert you that an AirTag that isn’t yours has been found “moving with you.” Apple didn’t clarify how quickly or often this alert will arrive, but it did share that it will occur when you arrive at your home (the address stored in your Apple “Me” card) or at certain other locations that your phone has learned you frequent over time. Apple declined to disclose further specifics, citing the interest of public safety.
If you are an Android user—note that Android made up 87% of the worldwide smartphone market share as of 2019—you don’t have the protection of Apple’s network notifications. Instead, an AirTag that has not paired locally with its iPhone in three days will emit a sound. So if you are an Android user who has had an AirTag placed on you, you will know in 72 hours. (Apple told Fast Company last week that it could lengthen or shorten that time span in the future, and it reiterated that point for this article.) If you are an Android user living with an iPhone abuser, however, a hidden AirTag could be pairing far more often.
This is part of Apple’s larger “walled garden” strategy of product development. Generally, Apple’s walled gardens mean that Android users appear as second-class-citizen green bubbles in iMessages, or they can’t connect to FaceTime calls. These decisions keep people in the Apple ecosystem, spending money on Apple products. But with AirTags, every Android user can be discreetly tracked by an AirTag for longer than an iPhone user.
“I lose my keys and wallet all the time!” says Streett. “But how do you build it in a way that those folks who are in relationships, so that this can’t be used against them? I hope Apple keeps their learning hat on and works to figure out that piece of the puzzle.”
Tomi Engdahl says:
Organizations can no longer afford to overlook encrypted traffic
https://www.helpnetsecurity.com/2021/04/27/organizations-overlook-encrypted-traffic/
Whether you’re a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic entering and leaving can be a costly mistake, as cybercriminals are increasingly using TLS (Transport Layer Security) in their attacks.
Case in point: in Q1 2020, 23 percent of malware detected by Sophos used TLS to disguise malicious communications. Only a year later, that percentage has nearly doubled (45%)!
TLS encryption: For better and for worse
The widespread use of TLS encryption prevents criminals to steal or tamper with sensitive data and to impersonate legitimate organizations online. Unfortunately, it can also allow malware to fly under the radar and hide from enterprise IT security teams and the tools they use.
“A large portion of the growth in overall TLS use by malware can be linked in part to the increased use of legitimate web and cloud services protected by TLS—such as Discord, Pastebin, Github and Google’s cloud services—as repositories for malware components, as destinations for stolen data, and even to send commands to botnets and other malware,” noted Sean Gallagher, Senior Threat Researcher at Sophos.
“It is also linked to the increased use of Tor and other TLS-based network proxies to encapsulate malicious communications between malware and the actors deploying them.”
But despite obvious benefits, many organizations are reluctant to perform deep-packet inspection of their ingoing and outgoing network traffic. They have privacy concerns, worries that this practice will lead to a degraded user experience, and believe it to be too complex to handle. Mostly, though, they are worried their firewall simply can’t handle it.
For those, Sophos offers a solution that was many years in the making: a new series of firewall appliances that offer TLS inspection capabilities at up to five times the speed of other models currently available on the market.
As Gallagher noted, “TLS can be implemented over any assignable IP port, and after the initial handshake it looks like any other TCP application traffic.”
Tomi Engdahl says:
https://www.youtube.com/watch?v=H1rozZ7ebxQ
Would a type of “microphone jammer” be legal in america? Because essentially it is just a type of radio; it’s just one that people cannot hear. Technically it is not really jamming, it’s just a tuned radio that overpowers a microphone.
It is to my understanding that; technically one could be cited if caught using it (would be difficult to catch), but it is unlikely there is anything presently on the books to warrant further prosecution.
Tomi Engdahl says:
https://crypto.stackexchange.com/questions/59375/are-hash-functions-strong-against-quantum-cryptanalysis-and-or-independent-enoug
Tomi Engdahl says:
NSA releases Cybersecurity Advisory (CSA) on Ensuring Security of Operational Technology https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2589103/nsa-releases-cybersecurity-advisory-on-ensuring-security-of-operational-technol/
The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks.
Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.
Tomi Engdahl says:
Experian API Exposed Credit Scores of Most Americans https://krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/
American consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address
Tomi Engdahl says:
Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/
According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% last year. That same global survey discovered that only 8% of them got all their data back despite doing so. Nearly a third, 29%, couldn’t recover more than half the encrypted data. The Sophos research suggests that average ransomware recovery costs are now $1.85 million compared to $761,106 a year ago. Sophos found the average paid to be $170,404.
Tomi Engdahl says:
Ransomware is now a national security risk. This group thinks it knows how to defeat it https://www.zdnet.com/article/ransomware-is-now-a-national-security-risk-this-group-thinks-it-knows-how-to-defeat-it/
A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe. Some solutions focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.
Tomi Engdahl says:
Prime targets: Governments shouldn’t go it alone on cybersecurity https://www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/
A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital
Tomi Engdahl says:
The Business of Fraud: Deepfakes, Fraud’s Next Frontier https://www.recordedfuture.com/deepfakes-frauds-next-frontier/
Threat actors have begun to use dark web sources to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures.
Furthermore, threat actors are using these sources, as well as many clearnet sources such as forums and messengers, to share tools, best practices, and advancements in deepfake techniques and technologies.
As reported by Insikt Group’s Criminal and Underground Team throughout 2020, threat actors are developing customized deepfake products. PDF
report: https://go.recordedfuture.com/hubfs/reports/cta-2021-0429.pdf
Tomi Engdahl says:
Two million database servers are currently exposed across cloud providers https://therecord.media/two-million-database-servers-are-currently-exposed-across-cloud-providers/
Last month, Censys, a security firm specializing in internet-wide census-like scans, took a closer look at the services that were left exposed on the infrastructure of cloud providers, seeking to discover what would be the most possible source of a misconfiguration for companies running cloud-based systems. According to its report, published this week, Censys said it found more than 1.93 million databases on cloud servers that were exposed online without a firewall or other security protections. But the security firm also scanned if cloud service providers were exposing ports typically used by remote management software, such as SSH, RDP, VNC, SMB, Telnet, Team Viewer, and PC Anywhere. The most notable discovery was that more than 1.93 million servers were exposing RDP login screens online.
Tomi Engdahl says:
Cybercrime is (still) (often) boring
https://www.lightbluetouchpaper.org/2021/04/28/cybercrime-is-still-often-boring/
Depictions of cybercrime often revolve around the figure of the lone hacker’, a skilled artisan who builds their own tools and has a deep mastery of technical systems. However, much of the work involved is now in fact more akin to a deviant customer service or maintenance job. This means that exit from cybercrime communities is less often via the justice system, and far more likely to be a simple case of burnout.
Tomi Engdahl says:
Do Cyberattacks Affect Stock Prices? It Depends on the Breach https://beta.darkreading.com/threat-intelligence/do-cyberattacks-affect-stock-prices-it-depends-on-the-breach
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
Tomi Engdahl says:
OBSERVED CHANGES TO THE THREAT LANDSCAPE IN 2020 https://blogs.akamai.com/2021/04/reflecting-on-the-cybersecurity-threat.html
Reflecting on the cybersecurity threat landscape in 2020, we can’t overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the
COVID-19 pandemic only deepened these troubling conditions. As corporations tried to adapt to remote working practices and other environmental changes, cybercriminals ramped up their attacks.
Tomi Engdahl says:
What is C2? Command and Control Infrastructure Explained https://www.varonis.com/blog/what-is-c2/
A successful cyberattack is about more than just getting your foot into the door of an unsuspecting organization. To be of any real benefit, the attacker needs to maintain persistence within the target environment, communicate with infected or compromised devices inside the network, and potentially exfiltrate sensitive data. The key to accomplishing all these tasks is a robust Command and Control Infrastructure or “C2″. What is C2? In this post, we’ll answer that question and look at how adversaries use these covert channels of communication channels to carry out highly sophisticated attacks.
We’ll also look at how to spot and defend against C2-based attacks.
Tomi Engdahl says:
The State of Ransomware 2021
https://news.sophos.com/en-us/2021/04/27/the-state-of-ransomware-2021/
The State of Ransomware 2021 report provides fresh new insights into the frequency and impact of ransomware. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf
Tomi Engdahl says:
Types of Cybercrime
https://www.pandasecurity.com/en/mediacenter/panda-security/types-of-cybercrime/
Cybercrime is defined as a crime where a computer is the object of the crime or is used as a tool to commit an offense. A cybercriminal may use a device to access a user’s personal information, confidential business information, government information, or disable a device. It is also a cybercrime to sell or elicit the above information online.
Cybercrimes are at an all time high, costing companies and individuals billions of dollars annually. What’s even more frightening is that this figure only represents the last 5 years with no end in sight.
Tomi Engdahl says:
Supply Chain Attacks via GitHub.com Releases https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/
Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and without notification or audit logging accessible in the UI to either the project owners or the public.
However, some audit information may be available via the GitHub APIs.
An attacker can compromise a collaborator’s account and use it to modify releases without the knowledge of project owners or the public, thus resulting in supply chain attacks against the users of the project. As a mitigation measure, project owners using GitHub.com are encouraged to use other methods for securing releases such as digitally signing releases with PGP. Users are encouraged to check digital signatures and use the GitHub.com release APIs to extract and verify release assets data.
Tomi Engdahl says:
3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails https://thehackernews.com/2021/04/32-billion-leaked-passwords-contain-15.html
A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what’s one of the largest data dumps of breached usernames and passwords. The findings come from an analysis of a massive 100GB data set called “COMB21″ aka Compilation of Many Breaches that was published for free in an online cybercrime forum earlier this February by putting together data from multiple leaks in different companies and organizations that occurred over the years.
Tomi Engdahl says:
When AIs Start Hacking
https://www.schneier.com/blog/archives/2021/04/when-ais-start-hacking.html
If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. also:
https://www.belfercenter.org/publication/coming-ai-hackers
Tomi Engdahl says:
11-13 year old girls most likely to be targeted by online predators https://blog.malwarebytes.com/awareness/2021/04/11-13-year-old-girls-most-likely-to-be-targeted-by-online-predators/
The Internet Watch Foundation (IWF), a not-for-profit organization in England whose mission is “to eliminate child sexual abuse imagery online”, has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of the report covered the whole of 2020.
Tomi Engdahl says:
VPN Hacks Are a Slow-Motion Disaster
https://www.wired.com/story/vpn-hacks-pulse-secure-espionage/
Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown.
Tomi Engdahl says:
Zero trust, basic cyber hygiene best defence against third-party attacks
https://www.zdnet.com/article/zero-trust-basic-cyber-hygiene-best-defence-against-third-party-attacks/
Tomi Engdahl says:
Ransomware gang wants to short the stock price of their victims https://therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/
The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets.
Tomi Engdahl says:
Passwordless: More Mirage Than Reality
https://thehackernews.com/2021/04/passwordless-more-mirage-than-reality.html
The concept of “passwordless” authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn’t want an easier way?
Tomi Engdahl says:
Zero trust, basic cyber hygiene best defence against third-party attacks https://www.zdnet.com/article/zero-trust-basic-cyber-hygiene-best-defence-against-third-party-attacks/
Rather than entrust third-party suppliers to keep their supply chain secured, organisations should adopt a zero trust security strategy and establish basic cyber hygiene to safeguard their data. Adopting a zero trust security strategy can better safeguard organisations against third-party attacks, where suppliers should not simply be entrusted to do the right thing. In this second piece of a two-part feature, ZDNet looks at how businesses in Asia-Pacific can establish basic cyber hygiene as well as better data management to combat attacks from across their supply chain.
Tomi Engdahl says:
Combating Sleeper Threats With MTTD
https://securityintelligence.com/articles/sleeper-threats-mean-time-to-detect/
During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March 2020), it means attackers were able to remain hidden for a long time.
Tomi Engdahl says:
Five signs ransomware is becoming an industry https://www.kaspersky.com/blog/darkside-ransomware-industry/39377/
With a website that looks like it could represent an online service provider, DarkSide Leaks makes us wonder what cybercriminals’ other PR tricks might be. Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.
Tomi Engdahl says:
Google backs new security standard for smartphone VPN apps https://www.zdnet.com/article/google-backs-new-security-standard-for-smartphone-vpn-apps/
The Internet of Secure Things Alliance, an IoT security certification body (a.k.a. ioXt), has launched a new security certification for mobile apps and VPNs. The new ioXt compliance program includes a ‘mobile application profile’ a set of security-related criteria against which apps can be certified. The profile or mobile app assessment includes additional requirements for virtual private network (VPN) applications.
Tomi Engdahl says:
Gafgyt Botnet Lifts DDoS Tricks from Mirai https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
Huge upsurge in DDoS attacks during pandemic https://blog.malwarebytes.com/reports/2021/04/huge-upsurge-in-ddos-attacks-during-pandemic/
Tomi Engdahl says:
SMASH
https://www.vusec.net/projects/smash/
SMASH is a new JavaScript-based attack that gives the attacker an arbitrary read and write primitive in the browser. It does not rely on software vulnerabilities or bugs, but instead takes advantage of the much harder to mitigate Rowhammer bug in hardware to initiate the exploit chain.
Tomi Engdahl says:
Nation-state cyber attacks targeting businesses are on the rise https://www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/
Analysis of attacks over the last few years shows that the enterprise is increasingly becoming a target for significant hacking campaigns by government-backed operations. But it’s possible to try to protect your network against attacks.
Tomi Engdahl says:
Are text files safe?
https://www.kaspersky.com/blog/is-txt-file-safe/39256/
Files with the TXT extension are typically considered safe. Are they, though?. Researchers found a way to exploit a vulnerability (now
patched) in the format, and they could find more. The file format isnt actually the problem; its the way programs handle TXTs.
Tomi Engdahl says:
15 Cybersecurity Pitfalls and Fixes for SMBs https://threatpost.com/cybersecurity-pitfalls-fixes-smbs/165225/
Small- to medium-sized businesses (SMBs), those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. Security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.
Tomi Engdahl says:
As ransomware stalks the manufacturing sector, victims are still keeping quiet https://www.cyberscoop.com/honeywell-hack-ransomware-manufacturing-norsk-hydro/
Of 500 manufacturing sector employees in the U.S., Germany and Japan surveyed by security firm Trend Micro, 61% said they had experienced cybersecurity incidents, with many of those cases causing system outages. The manufacturing industry paid $6.8 million in ransomware payments in 2019, more than any other sector, according to Kivu Consulting. The next most-extorted sector was education, with $1.8 million.
Tomi Engdahl says:
2021 Security Outcomes Study: Timely Incident Response as a Business Enabler https://blogs.cisco.com/security/2021-security-outcomes-study-timely-incident-response-as-a-business-enabler
Timely incident response as a business enabler is surprising, and even more telling is that, among the respondents of the Security Outcomes Study, incident response also ranked highly on the list of components that contribute to a host of other progressive security initiatives.
Tomi Engdahl says:
Your Car Is Spying on You, and a CBP Contract Shows the Risks
https://theintercept.com/2021/05/03/car-surveillance-berla-msab-cbp/
U.S. CUSTOMS AND BORDER PROTECTION purchased technology that vacuums up reams of personal information stored inside cars, according to a federal contract reviewed by The Intercept, illustrating the serious risks in connecting your vehicle and your smartphone.
The contract, shared with The Intercept by Latinx advocacy organization Mijente, shows that CBP paid Swedish data extraction firm MSAB $456,073 for a bundle of hardware including five iVe “vehicle forensics kits” manufactured by Berla, an American company. A related document indicates that CBP believed the kit would be “critical in CBP investigations as it can provide evidence [not only] regarding the vehicle’s use, but also information obtained through mobile devices paired with the infotainment system.” The document went on to say that iVe was the only tool available for purchase that could tap into such systems.
According to statements by Berla’s own founder, part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones.
https://beta.sam.gov/opp/28e69f99d22440418297dbb0820e86d3/view?sort=-modifiedDate&index=opps&is_active=1&page=1
Tomi Engdahl says:
What Cybersecurity Can Learn From Video Games
https://www.securityweek.com/what-cybersecurity-can-learn-video-games
The enterprise security world is complex and confusing where we want to believe in the possibility of clean linear solutions for asymmetrical problems. Learning from past history and our current challenges should be enough of a lesson in the failure of security processes and products not delivering in their attempts to make the day-to-day routine of security professional lives easier. Each year we see more vendors with technology solutions and buzzwords that rarely live up to their hype and customers willing to believe or gamble for the chance at more visibility, lower business risk, or the chance to close a security gap.
Buzzword bingo
Let’s go through some historical examples.
“Big Data” has been a boon to cybersecurity from the aspect of providing the ability to aggregate and store voluminous and disparate data sets. Still, getting value from that stored data has been problematic. Storing data has become more trivial, but making sense of all that data still challenges us today.
“Security Orchestration” was supposed to be another savior of cybersecurity by automating away mundane tasks and supplementing security teams’ bandwidth to make the hard decisions easier. The reality is these solutions were too difficult to be implemented by most customers because their technical interfaces required more software engineering skills than security skills. This created more opportunities in the security services industry than in enterprise security, with MSPs being more than happy to provide python developers to their customers to make their expensive and unwieldy orchestration solution work.
“ML/AI” – don’t even get me started. While there are hopeful pockets of activity in the security industry here, a good majority of security vendors are more interested in applying AI/ML-themed marketing sheens on the product rather than actually putting useful working ML/AI in the product.
Video Games and Cybersecurity
“Cloud Security” suffered from rampantly fast public cloud adoption by businesses and left enterprise security teams, and vendors for that matter, in the familiar position of playing from behind. Enterprise security teams scrambled to catch up with their business counterparts in securing the gaps created by cloud adoption. Initial cloud security vendors rushed to market trying to provide products to address these gaps, but many ended up with a narrow focus on product functionality or fell into the trap of trying to support multiple cloud service providers, which diluted the offering or made it unable to scale.
There are more examples, of course, but regardless of the security gap trying to be filled by a solution, the attention paid to helping the human behind the keyboard with better design and usability has always been overshadowed by more and better technological solutions with the focus on detection, integration, automation, and other security product ‘check boxes’ to increase their revenue.
Learning from outside cybersecurity
From a design and usability perspective, it’s important to understand what is happening outside of cybersecurity to learn valuable lessons which can be adapted for our purposes. If you look outside of the cybersecurity realm you’ll find many examples where design and usability are key to the success of the industry.
Why is this important to enterprise security? If cybersecurity tools were less designed to look like Microsoft Office applications and more designed to enable the user would interest and engagement with the tool increase?
Another perspective to think about comes from academic researcher Lori Norton-Meier in a 2005 article where she said, “The video game has the potential to push an individual to learn and think cognitively, socially, and morally. Players actively create new virtual worlds; participate in complex decision-making; and think reflectively about choices that were made, including the design of the game.”
Let us remove video game references and insert cybersecurity terms and see how it reads:“Cybersecurity has the potential to push an individual to learn and think cognitively, socially, and morally. Security teams actively investigate networks; participate in complex decision-making; and think reflectively about choices that were made, including the design for the defense of their network.”
If someone told me the second quote, but not the first, I’d find the statement insightful. How much of this quote is relevant to:
• What we expect of our more experienced enterprise security professionals, and
• How we can better teach and upskill our less experienced enterprise security professionals?
Another perspective comes from a 2018 McAfee cybersecurity survey. Out of 300 managers and 650 security professionals, it was found that 92% believed skills fostered by video games – such as tenacity, logic, and predicting hostile strategies – could make the gaming community an ideal, untapped reservoir of candidates for the current staffing shortages in enterprise security.