Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Steven J. Vaughan-Nichols / ZDNet:
Have I Been Pwned goes open source, starting with the Pwned Password code; FBI to begin sharing compromised passwords discovered in investigations with the site — Want to find out if someone’s stolen your user IDs and passwords? Then you can use “Have I Been Pwned,” and now the code behind it is being open sourced.
Have I been Pwned goes open source
https://www.zdnet.com/article/have-i-been-pwned-goes-open-source/
Want to find out if someone’s stolen your user IDs and passwords? Then you can use “Have I Been Pwned,” and now the code behind it is being open sourced.
The question isn’t “Does someone have your user IDs and passwords?” I guarantee you someone has. Don’t believe me? Check for yourself at Have I Been Pwned (HIBP). I’ll wait. Now, do you believe me?
People check the free HIBP site at a rate of almost 1 billion requests per month. It collects data from all the many personal security breaches that happen every week or two. Last year alone we saw dozens of data breaches. Moving forward, HIBP will now also receive compromised passwords discovered in the course of FBI investigations.
Why is the FBI getting involved? Because Bryan A. Vorndran, the FBI’s Assistant Director, Cyber Division, said, “We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime.”
The FBI passwords will be provided in SHA-1 and NTLM hash pairs; HIBP doesn’t need them in plain text. They’ll be fed into the system as they’re made available by the Bureau. To do that, HIBP is adding on a new, open-source program, Pwned Passwords, to let the data flow easily into HIBP.
HIBP founder Troy Hunt, security expert and Microsoft Regional Director, explained he’s open-sourcing the code because “The philosophy of HIBP has always been to support the community, now I want the community to help support HIBP.” HIBP is written in .NET and runs on Azure.
Hunt’s starting with the Pwned Password code because it’s relatively easy. The reasons for this include:
It’s a very simple codebase consisting of Azure Storage, a single Azure Function, and a Cloudflare worker.
It has its own domain, Cloudflare account, and Azure services so it can easily be picked up and open-sourced independently to the rest of HIBP.
It’s entirely non-commercial without any API costs or Enterprise services like other parts of HIBP (I want community efforts to remain in the community).
The data that drives Pwned Passwords is already freely available in the public domain via the downloadable hash sets.
At one time Hunt had considered selling HIBP. With this open-source move, this no longer appears to be the case.
The HIBP code is being kept on GitHub. It’s licensed under the BSD 3-Clause license.
https://github.com/HaveIBeenPwned
Tomi Engdahl says:
Why system backups no longer shield against ransomware
By Craig Lurey 3 days ago
https://www.techradar.com/news/why-system-backups-no-longer-shield-against-ransomware
Backups no longer provide the protection against ransomware that they once did
Traditionally, regular system backups have been one of organizations’ key defenses against ransomware attacks, as they allowed organizations to restore systems quickly, without paying ransom. While regular backups are still a necessary and prudent practice, they no longer provide the protection against ransomware that they once did.
From ‘encrypt and exfiltrate’ to ‘exfiltrate and extort’
For years, ransomware attacks differed from data breaches in that no files were compromised. Cybercriminals would lock down systems and demand a ransom, usually in Bitcoin, to provide an encryption key.
As ransomware evolved, cybercriminals realized that the same network access levels they needed to plant ransomware files also lent well to exfiltrating data — and allowed them to get around the pesky backup files that stood in between them and an immediate payday. Enter double extortion, also known as “encrypt and exfiltrate,” which extended ransomware attacks to include data breaches.
Ransomware attacks with an extortion component have soared in popularity since they first emerged in late 2019. A recent study by Coveware found that 77% of ransomware attacks involve a threat to leak exfiltrated data. Additionally, cybercriminals are moving away from the “encrypt and exfiltrate” model and towards “exfiltrate and extort.”
Tomi Engdahl says:
Amazon’s Ring is the largest civilian surveillance network the US has ever seen
https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us
One in 10 US police departments can now access videos from millions of privately owned home security cameras without a warrant
Tomi Engdahl says:
Why Technical Translation Matters in the Cyber Security World
https://pentestmag.com/83690-2/
Technical translation is very relevant to cyber security and penetration testing. As such, anything less than a translation agency specializing in technical translation is very likely a bad idea, and potentially a very costly error. This is true not only for the pentesters but for their clients as well. Pentesting, like any technical realm, has more than its fair share of industry specific language. How it is translated can quite literally make the difference between successful (and profitable) pentesting efforts and the collapse of a conglomerate.
The technical translation of words like PyPI (the Python Package Index or repository) and Kali is going to be difficult for anyone without the relevant programming experience to accurately translate and virtually impossible with most free translation tools online
Tomi Engdahl says:
Deepfake satellite images pose serious military and political challenges
https://www.engadget.com/deepfake-satellite-imagery-144145142.html
AI-generated maps could be used as misinformation tools.
It’s well established that deepfake images of people are problematic, but it’s now clearer that bogus satellite imagery could also represent a threat. The Verge reports that University of Washington-led researchers have developed a way to generate deepfake satellite photography as part of an effort to detect manipulated images.
The team used an AI algorithm to generate deepfakes by feeding the traits of learned satellite images into different base maps. They could use Tacoma’s roads and building locations, for example (at top right in the picture below), but superimpose Beijing’s taller buildings (bottom right) or Seattle’s low-rises (bottom left). You can apply greenery, too. While the execution isn’t flawless, it’s close enough that scientists believe you might blame any oddities on low image quality.
Tomi Engdahl says:
Resilience: RSA Conference 2021
https://www.securityweek.com/resilience-rsa-conference-2021
For many of us, RSA Conference 2020 in San Francisco was the last time we came together as a community, met with colleagues, and saw new technology offerings. It was one of the last global events held in person before the lockdown, and since that time, we’ve had to switch to digital methods for interaction and communication.
RSA 2021 planned to run in person, and the event was delayed from February until May for this reason – but ultimately, many of us are still unable to travel. So, the decision was made to shift to virtual.
This year the whole world moved to a digital format and one where we’ve seen threats rise incrementally with growth in ransomware, credential theft, financial scams and phishing. All attack vectors could take advantage of remote working or dealing with high-stress situations such as frontline health response.
The result of this change is that we’ve gained a new attitude in how we balance our work tasks and developed new levels of resilience in response to challenges created by the COVID-19 pandemic. Whether bolstering or enhancing corporate security posture, creating awareness for formerly office-based employees now working from home or responding to the damage caused by an unfortunate breach or attack, we have learned the importance of resilience and the need to learn from success or failure. The result is that we become more robust in response to ongoing changes.
This was a key message from RSA 2021, delivered with a solid positive story, with excellent supporting takeaways from many keynotes.
Look to new opportunities in hiring a digital workforce
Why not broaden the hiring horizon to help address this challenge?
Keep monitoring for vulnerabilities, and use the results
Keeping up the experience
Tomi Engdahl says:
Kiristyshyökkäykset kaksinkertaistuneet vuodessa Eniten hyökkäyksiä tehdään terveydenhuollon järjestelmiin https://www.kauppalehti.fi/uutiset/kiristyshyokkaykset-kaksinkertaistuneet-vuodessa-eniten-hyokkayksia-tehdaan-terveydenhuollon-jarjestelmiin/ed834387-35a3-4ae8-89d9-a0c5e500e50f
Organisaatioihin kohdistuvissa kiristyshyökkäyksissä on tapahtunut 102 prosentin kasvu vuoden 2020 alkuun verrattuna, kertoo tietoturvayhtiö Check Point Research (CPR) tiedotteessaan. CPR mainitsee tiedotteessaan myös uudenlaisen “kolminkertaisen kiristyksen”, ja tienraivaajan kyseenalaisen kunnian saa suomalainen Vastaamo.
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack https://blog.malwarebytes.com/threat-spotlight/2021/05/threat-spotlight-conti-the-ransomware-used-in-the-hse-healthcare-attack/
Conti ransomware is created and distributed by a group the cybersecurity industry has named Wizard Spider, the same Russian cybercriminal group that created the infamous Ryuk ransomware. It is offered to trusted affiliates as Ransomware-as-a-service (RaaS).
Vitali Kremez: “Based on multiple incident response matters and current assessment, it is believed that Conti ransomware is linked to the same Ryuk ransomware developer group based on the code reuse and unique TrickBot distribution.”
Tomi Engdahl says:
FBI antaa varastetut salasanat nettipalvelulle
https://www.tivi.fi/uutiset/tv/a7781cc7-cec9-4bcb-9786-98c70e3534e0
FBI ryhtyy yhteistyöhön tunnetun Have I Been Pwned -verkkosivun kanssa. FBI luovuttaa sivustolle jatkossa salasanat, joihin se törmää rikostutkimuksissaan.
Tomi Engdahl says:
Deepfake Maps Could Really Mess With Your Sense of the World https://www.wired.com/story/deepfake-maps-mess-sense-world/
Researchers applied AI techniques to make portions of Seattle look more like Beijing. Such imagery could mislead governments or spread misinformation online.
Tomi Engdahl says:
US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/
By simply searching online for terms publicly known to be associated with nuclear weapons, Bellingcat was able to discover cards used by military personnel serving at all six European military bases reported to store nuclear devices. Experts approached by Bellingcat said that these findings represented serious breaches of security protocols and raised renewed questions about US nuclear weapons deployment in Europe.
Tomi Engdahl says:
Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs https://us-cert.cisa.gov/ncas/alerts/aa21-148a
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). CISA and FBI acknowledge open-source reporting attributing the activity discussed in the report to APT29 (also known as Nobelium, The Dukes, and Cozy Bear). However, CISA and FBI are investigating this activity and have not attributed it to any threat actor at this time.
Tomi Engdahl says:
Attacks On Healthcare Sector Are On The Rise https://www.forbes.com/sites/davidbalaban/2021/05/30/attacks-on-healthcare-sector-are-on-the-rise/
According to Bitglass, a US-based provider of threat protection services, the number of reported healthcare breaches reached 599 in 2020, a 55.1% spike compared to 2019. Hacking and IT incidents accounted for the vast majority of these incidents, exposing personally identifiable information of more than 24 million individuals.
Tomi Engdahl says:
Watch out: These unsubscribe emails only lead to further spam https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/
Scammers use fake ‘unsubscribe’ spam emails to confirm valid email accounts to be used in future phishing and spam campaigns.
Tomi Engdahl says:
Interpol intercepts $83 million fighting financial cyber crime https://www.bleepingcomputer.com/news/security/interpol-intercepts-83-million-fighting-financial-cyber-crime/
The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.
Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Tomi Engdahl says:
Google Suddenly Flips The Password Privacy Switch For Billions Of Users https://www.forbes.com/sites/daveywinder/2021/05/30/google-suddenly-flips-the-password-privacy-switch-for-billions-of-users/
Google has suddenly started rolling out two-factor authentication
(2FA) automatic enrollment to users. Google keeps track of your activity across all services such as search, YouTube and the Google assistant. Seeing as just about everyone is logged in all the time, that presents a massive security and privacy problem. Do you really want a partner, friend, work colleague or worse to be able to see what you search for, where you visit online, and the videos you watch?
Tomi Engdahl says:
Redact – Automatically clean up your old posts from services like Twitter, Reddit, Facebook, Discord and more (it’s a downloadable app for Windows and macOS) https://redact.dev
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12208-nykyajan-pankkiryosto-tehdaan-koodilla
Tomi Engdahl says:
Unohditko salasanasi? Ei hätää, et ole yksin
https://etn.fi/index.php/13-news/12195-unohditko-salasanasi-ei-hataa-et-ole-yksin
Tomi Engdahl says:
Väärät hälytykset rasittavat yritysten tietoturvatiimejä
https://etn.fi/index.php/13-news/12196-vaarat-halytykset-rasittavat-yritysten-tietoturvatiimeja
Tietoturvayhtiö Trend Micron uusi tutkimus osoittaa, kuinka organisaatioiden SOC- eli tietoturvahallintakeskukset (Security Operations Center) ja tietoturvatiimit kärsivät rajusta stressistä myös työajan ulkopuolella. Tämä johtuu ennen kaikkea ylikuormitusta aiheuttavasta tietoturvahälytysten ylenpalttisuudesta.
Tutkimuksen mukaan 81 prosenttia vastaajista kertoo, että heidän vapaa-aikansa ja kotielämänsä kärsii tietoturvahälytysten loppumattomasta tulvasta. Suurin osa (51 %) kokee, että heidän työryhmänsä hukkuu hälytyksiin. Kaksi kolmesta (68 %) suomalaisista SOC-ylläpitäjistä tunnustaa, etteivät he ole varmoja kyvyistään priorisoida ja käsitellä hälytyksiä. Tämä on enemmän kuin muualla maailmassa, sillä kansainvälisellä tasolla saman pelon jakaa 55 % vastaajista. Ei siis ihme, että suomalaiset SOC-ylläpitäjät käyttävät jopa 24 prosenttia työajastaan väärien hälytysten käsittelyyn.
Tietoturvahälytysten loppumaton tulva estää monia SOC-ylläpitäjiä rentoutumasta tai vaihtamasta vapaalle työn ulkopuolella. Jatkuva hermopaine ja kireys voi heijastua myös ystäviin ja perheenjäseniin. Stressin takia he saattavat reagoida työpaikalla hälytyksiin sammuttamalla ne ilman toimenpiteitä (46 % suomalaisista satunnaisesti tai säännöllisesti), poistumalla työpisteeltään (45 %), toivoa jonkun työtoverin ottavan hälytyksen vastuulleen (55 %) tai sivuuttamalla ne tykkänään (45 %).
77 suomalaisista tutkimukseen vastanneista on jo kärsinyt tietomurrosta tai odottaa sellaisen tapahtuvan organisaatiossaan vuoden sisään.
Tomi Engdahl says:
SECURITY OPERATIONS ON THE BACKFOOT:How poor tooling is taking its toll on security analysts
https://www.trendmicro.com/explore/en_gb_soc-research/00792-v1-en-tmr
Tomi Engdahl says:
Killer drones may have autonomously attacked humans for the first time
https://metro.co.uk/2021/05/31/killer-drones-may-have-autonomously-attacked-humans-for-the-first-time-14679285/
Drones have been a mainstay on the battlefield for years now, but they have always required a human pilot to pull the trigger.
That might be about to change.
Last year, a group of Libyan rebels were attacked by drones acting autonomously, according to a UN report.
The report alleges these ‘unmanned combat aerial vehicles and lethal autonomous weapons systems’ attacked the rebels without any input from a human operator.
The Kargu-2 drones can be flown by human operators or they can use on-board cameras and artificial intelligence to seek our targets autonomously.
The drones ‘were programmed to attack targets without requiring data connectivity between the operator and the munition: in effect, a true ‘fire, forget and find’ capability.’
The report was provided by an anonymous source to New Scientist.
If it proves to be accurate, it will be the first time that an autonomous drone has hunted down and attacked a human.
Drones packed with explosives may have ‘hunted down’ and attacked HUMANS for the first time without using a remote pilot to guide them
https://www.dailymail.co.uk/sciencetech/article-9629801/Fully-autonomous-drones-hunted-attacked-humans-time.html
Tomi Engdahl says:
Microsoft Creates Cybersecurity Council for the Public Sector in APAC
https://www.securityweek.com/microsoft-creates-cybersecurity-council-public-sector-apac
Looking to build stronger responses against cyberattacks in the Asia Pacific (APAC) region, Microsoft on Monday announced the creation of a cybersecurity council for the public sector in the region.
The Asia Pacific Public Sector Cybersecurity Executive Council consists of policy makers and influencers from Brunei, Indonesia, Korea, Malaysia, Philippines, Singapore, and Thailand. It seeks seeks to accelerate collaboration between public and private cybersecurity organizations.
Policy makers from government and state agencies and cybersecurity experts from the public sector that form the council will work together to ensure improved communication and to promote the sharing of threat intelligence and technology, in an effort to battle evolving cyber threats in the region.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12221-kiristyshyokkaysten-maara-yrityksiin-kaksinkertaistui
Tomi Engdahl says:
Rachel Monroe / New Yorker:
Profile of Kurtis Minder, who for the past year has been managing fraught discussions between companies and hackers as a ransomware negotiator
How to Negotiate with Ransomware Hackers
https://www.newyorker.com/magazine/2021/06/07/how-to-negotiate-with-ransomware-hackers?currentPage=all
Kurtis Minder finds the cat-and-mouse energy of outsmarting criminal syndicates deeply satisfying.
The rise of ransomware has led to new career opportunities for Kurtis Minder.
In the past year, a surge of ransomware attacks has made a disruptive period even more difficult. In December, the acting head of the federal Cybersecurity and Infrastructure Security Agency said that ransomware was “quickly becoming a national emergency.” Hackers hit vaccine manufacturers and research labs. Hospitals lost access to chemotherapy protocols; school districts cancelled classes. Companies scrambling to accommodate a fully remote workforce found themselves newly vulnerable to hackers. In May, an attack by the ransomware group DarkSide forced the shutdown of Colonial Pipeline’s network, which supplies fuel to much of the East Coast. The shutdown, which pushed up gas prices and led to a spate of panic-buying, put a spotlight on ransomware’s potential to disable critical infrastructure. A week after the attack, once Colonial paid a ransom of $4.4 million to get its systems back online, eighty per cent of gas stations in Washington, D.C., still had no fuel.
The F.B.I. advises victims to avoid negotiating with hackers, arguing that paying ransoms incentivizes criminal behavior. This puts victims in a tricky position. “To just tell a hospital that they can’t pay—I’m just incredulous at the notion,” Philip Reiner, the C.E.O. of the nonprofit Institute for Security and Technology, told me. “What do you expect them to do, just shut down and let people die?” Organizations that don’t pay ransoms can spend months rebuilding their systems; if customer data are stolen and leaked as part of an attack, they may be fined by regulators. In 2018, the city of Atlanta declined to pay a ransom of approximately fifty thousand dollars. Instead, in an effort to recover from the attack, it spent more than two million dollars on crisis P.R., digital forensics, and consulting. For every ransomware case that makes the news, there are many more small and medium-sized companies that prefer to keep breaches under wraps, and more than half of them pay their hackers, according to data from the cybersecurity firm Kaspersky.
For the past year, Minder, who is forty-four years old, has been managing the fraught discussions between companies and hackers as a ransomware negotiator, a role that didn’t exist only a few years ago. The half-dozen ransomware-negotiation specialists, and the insurance companies they regularly partner with, help people navigate the world of cyber extortion. But they’ve also been accused of abetting crime by facilitating payments to hackers. Still, with ransomware on the rise, they have no lack of clients. Minder, who is mild and unpretentious, and whose conversation is punctuated by self-deprecating laughter, has become an accidental expert. “While I’ve been talking to you, I’ve already gotten two calls,” he told me when we video-chatted in March.
The man who reached out to him in November explained that the attack, the work of a hacking syndicate known as REvil, had rendered the company’s contracts and architectural plans inaccessible; every day the files remained locked was another day the staff couldn’t work.
“They didn’t even have an I.T. person on staff,” Minder said. The company had no cyber-insurance policy. The man explained that he had been in touch with a company in Florida that had promised to decrypt the files, but it had stopped replying to his e-mails. He wanted Minder to negotiate with the hackers to get the decryption key. “The people who reach out to me are upset,” Minder told me. “They’re very, very upset.”
Popp’s strategy—encrypting files with a private key and demanding a fee to unlock them—is frequently used by ransomware groups today. But hackers initially preferred an approach known as scareware, in which they infected a computer with a virus that manifested as multiplying pop-ups with ominous messages: “SECURITY WARNING! Your Privacy and Security are in DANGER.” The pop-ups told users to buy a certain antivirus software to protect their systems. Hackers posing as software companies could then receive credit-card payments, which were unavailable to those deploying ransomware. In the early two-thousands, ransomware hackers typically demanded a few hundred dollars, in the form of gift cards or prepaid debit cards, and getting hold of the money required middlemen, who siphoned off much of the profits.
The calculus changed with the launch of Bitcoin, in 2009. Now that people could receive digital payments without revealing their identity, ransomware became more lucrative.
By 2015, the F.B.I. estimated that the U.S. was subjected to a thousand ransomware attacks per day; the next year, that number quadrupled. Mike Phillips, the head of claims for the cyber-insurance company Resilience, told me, “Now it’s ransomware first and only, and everything else is a distant second.”
Criminal syndicates are behind most ransomware attacks. In their online interactions, they display a mixture of adolescent posturing and professionalism: they have a fondness for video-game references and the word “evil,” but they also employ an increasingly sophisticated business structure. The larger groups establish call centers to help talk victims through the confusing process of obtaining cryptocurrency, and they promise discounts to those who pay up in a timely fashion. Some ransomware groups, including REvil, work on the affiliate model, providing hackers with the tools to deploy attacks in exchange for a share of the profits.
(REvil also handles ransom negotiations on behalf of its affiliates.) “It’s way too easy to get into this,” Reiner, of the I.S.T., told me. “You or I could do it—you just hire it out. There’s been an incredible commoditization of the entire process.”
Hackers use various techniques to gain access to a company’s computers, from embedding malware in an e-mail attachment to using stolen passwords to log in to the remote desktops that workers use to connect to company networks. Many of the syndicates are based in Russia or former Soviet republics; sometimes their malware includes code that stops an attack on a computer if its language is set to Russian, Belarusian, or Ukrainian.
“We are apolitical,” a man claiming to be an REvil representative said in an interview with a Russian YouTuber. “No politics at all. We don’t care who’s going to be President. We worked, we work, and we will work.”
Phillips told me, “Paying a ransom, you worry about it being venture capital for this dark-Web Silicon Valley on the other side of the world.” Ransomware groups, like their Silicon Valley counterparts, move fast and break things. In May, 2017, the WannaCry attack infected three hundred thousand computers through old and unpatched versions of Microsoft Windows. In the United Kingdom, ambulances had to be diverted from affected hospitals, and a Renault factory stopped production. Just three years after that attack, though, the REvil representative called this scattershot approach “a very stupid experiment.” The WannaCry hackers had demanded ransoms of only three hundred to six hundred dollars, netting around a hundred and forty thousand dollars.
After WannaCry, ransomware groups concentrated on sectors where a combination of lax security and a low tolerance for disruption makes getting paid more likely and more lucrative—industrial agriculture, mid-level manufacturing, oil-field services, municipal governments. Groups timed disruption for periods of acute vulnerability: schools in August, right before students returned; accounting firms during tax season. Certain syndicates specialize in “big-game hunting,” launching targeted attacks against deep-pocketed companies.
Webinar hosted by Europol, the European law-enforcement agency, a security expert mentioned that the cryptocurrency Monero was essentially untraceable; soon afterward, REvil began asking for ransom payments in Monero instead of Bitcoin.
When companies seem reluctant to negotiate, executives receive threatening phone calls and LinkedIn messages. Last year, the Campari Group issued a press release downplaying a recent ransomware attack. In response, hackers launched a Facebook ad campaign, using the profile of a Chicago d.j., whom they had also hacked, to shame the beverage conglomerate. “This is ridiculous and looks like a big fat lie,” they wrote. “We can confirm that confidential data was stolen and we talking about huge volume of data.” Last year, printers at a South American home-goods chain began spitting out ransom notes instead of receipts.
More recently, syndicates have added extortion to their playbook. They siphon off confidential files before encrypting systems; if their ransom demand isn’t met, they threaten to release sensitive data to the media or auction it off on the black market. Hackers have threatened to publish an executive’s porn stash and to share information about non-paying victims with short sellers. “I’ve seen social-work organizations where ransomware actors threatened to expose information about vulnerable children,” Phillips said.
Tomi Engdahl says:
How Hacking Became a Professional Service in Russia
The outfit behind the Colonial Pipeline attack had a blog, a user-friendly interface, and a sliding fee scale for helping hackers cash in on stolen information.
https://www.newyorker.com/news/news-desk/how-hacking-became-a-professional-service-in-russia#intcid=_content-attr-mab-control_0940eacd-e136-442d-93b2-f6276577f464_text2vec1
The Colonial Pipeline Ransomware Attack and the Perils of Privately Owned Infrastructure
For years, businesses have resisted efforts from the federal government to hold them to robust cybersecurity standards.
https://www.newyorker.com/news/daily-comment/the-colonial-pipeline-ransomware-attack-and-the-perils-of-privately-owned-infrastructure#intcid=_content-attr-mab-control_0940eacd-e136-442d-93b2-f6276577f464_text2vec1
Tomi Engdahl says:
No Time to Waste: Three Ways to Quickly Reduce Risk in Critical Infrastructure Environments
https://www.securityweek.com/no-time-waste-three-ways-quickly-reduce-risk-critical-infrastructure-environments
Earlier this month, the U.S. experienced it first major shutdown of critical infrastructure due to a cyberattack in the nation’s history. When adversaries targeted Colonial Pipeline with a disruptive ransomware attack, critical infrastructure security immediately became a mainstream concern, because the attack is unprecedented in terms of its impact. Millions of people were affected as the East Coast’s largest gasoline, diesel, and natural gas distributor suspended oil and gas delivery. What’s more, the aftermath has lingered as rising gasoline and home heating oil prices put further stress on the sector and on individuals’ wallets and plans.
For years now, the government has been warning openly and clearly of targeted attacks against government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. Last July, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert in response to a growing number of attacks targeting industrial networks. The alert included broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors and lengthy, detailed sets of recommendations for how to protect operational technology (OT) environments.
More recently, at the end of April, the NSA issued a second cybersecurity advisory on the risks of connecting industrial networks to IT networks. And following the attack on Colonial Pipeline, CISA and the FBI issued an alert urging critical asset owners and operators to adopt a heightened state of awareness and implement various controls in the face of ransomware attacks, including robust network segmentation between IT and OT networks, regular testing of manual controls, and the implementation of backups that are regularly tested and isolated from network connections.
Clearly, the days of the standard “crawl, walk, run” approach to implementing cybersecurity improvements are gone. We need to go straight to run. We don’t have three to five years nor the resources to physically segment networks that are geographically dispersed across, say, 100 manufacturing sites around the world. And attempting to implement the same 15+ IT security tools within an OT environment is often prohibitively time consuming, not to mention ineffective, unnecessary, and even risky in itself.
NSA Issues Guidance on Securing IT-OT Connectivity
https://www.securityweek.com/nsa-issues-guidance-securing-it-ot-connectivity
The U.S. National Security Agency (NSA) last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems.
The NSA’s advisory, titled “Stop Malicious Cyber Activity Against Connected Operational Technology,” is specifically addressed to the Department of Defense, national security system (NSS) and defense industrial base organizations, but the recommendations can be useful to any industrial company.
The advisory shares recommendations for evaluating risks and improving the securing of connections between IT systems — these can often serve as an entry point into industrial networks — and OT systems.
“Each IT-OT connection increases the potential attack surface,” the NSA said. “To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible.”
Stop Malicious Cyber Activity Against Connected Operational Technology
https://media.defense.gov/2021/Apr/29/2002630479/-1/-1/1/CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF
Tomi Engdahl says:
Ransomware: What board members should know and what they should be asking their technical experts https://www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware
Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards. This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.
Tomi Engdahl says:
Ransomware attack disrupts Massachusetts ferries https://therecord.media/ransomware-attack-disrupts-massachusetts-ferries/
A ransomware attack has caused delays and disruptions at Steamship Authority, the largest ferry service in Massachusetts, and has disrupted ferry transports between mainland US and the Martha’s Vineyard and Nantucket islands. The attack took place earlier today, according to a series of tweets posted on the company’s official Twitter account.
FUJIFILM shuts down network after suspected ransomware attack https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/
FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack’s spread. “Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021, ”
Advanced Intel CEO Vitali Kremez told BleepingComputer. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”
Tomi Engdahl says:
Babuk ransomware gang says it’s no longer interested in encrypting data, would rather kidnap it instead https://hotforsecurity.bitdefender.com/blog/babuk-ransomware-gang-says-its-no-longer-interested-in-encrypting-data-would-rather-kidnap-it-instead-25910.html
In the early days of ransomware things were fairly simple: malware would infect your company’s infrastructure, encrypting your valuable data with a secret key that was only known to your attackers. But in recent years there have been more and more ransomware attacks which have been combined with the exfiltration of data, prior to its encryption. If criminal hackers have a copy of your data you don’t have the “get-out-of-jail-free” card of a secure backup to play.
Because your extortionists can also threaten to publish your data online regardless of whether you have successfully recovered your systems, potentially damaging your brand and relationships with customers and business partners.
Tomi Engdahl says:
Breaking down NOBELIUM’s latest early-stage toolset https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
NOBELIUM is an actor that operates with rapid operational tempo, often leveraging temporary infrastructure, payloads, and methods to obfuscate their activities. Despite growing community visibility since the exposure of the SolarWinds attack in late 2020, NOBELIUM has continued to target government and diplomatic entities across the globe. We anticipate that as these operations progress, NOBELIUM will continue to mature their tools and tactics to target a global audience. Each of the NOBELIUM tools discussed in this blog is designed for flexibility, enabling the actor to adapt to operational challenges over time.
Tomi Engdahl says:
Routers prove weak point in remote-work strategy https://www.kaspersky.com/blog/rsa2021-hijacked-router/40117/
Home and SOHO routers are often insecure, but companies can protect themselves from attacks through remote workers’ home routers.
Tomi Engdahl says:
Oak9 Launches Infrastructure-as-Code Security Platform With $5.9M in Seed Funding
https://www.securityweek.com/oak9-launches-infrastructure-code-security-platform-59m-seed-funding
oak9 on Wednesday announced the launch of its Infrastructure-as-Code (IaC) security platform, backed by a $5.9 million seed funding round.
IaC is the process of managing and provisioning of infrastructure through code instead of through manual processes.
Founded in 2019 in Chicago, oak9 helps secure cloud-native applications through seamless integration into the software development lifecycle.
The company’s platform includes continuous monitoring capabilities to alert developers when security-relevant changes are made to their application, and enables them to visualize IaC and make security design changes through a simple drag-and-drop interface.
Oak9 designed its platform with pre-built Security as Code blueprints to ensure compatibility with multiple architectures and cloud providers.
What is Security As Code?
https://www.bmc.com/blogs/security-as-code/
Businesses have quickly and sophisticatedly embraced cloud technology to super-serve customers and perform better. With this radical change emerges an increased need for DevOps professionals and codified security to enhance their processes.
DevOps as a methodology allows for faster development that is always occurring, evolving in stages. It’s designed to help development teams collaborate with operations by working toward the same goals, instead of working against each other to different ends, resulting in streamlined processes.
DevOps developers are constantly injecting new code into existing infrastructure, continuing to simplify the development lifecycle. Naturally, security comes into question when DevOps developers are forever integrating new code into existing systems. This is where Security As Code comes in. Keep reading to learn more about how Security As Code protects your DevOps organization.
What is Security as Code?
Security as Code is a toolset of resources that help DevOps professionals secure and protect the software development lifecycle (SDLC) throughout the process of development. The practice is interesting because of the popularity of DevOps in enterprise business. Security as Code represents the next evolution of DevOps–an era in development where security is baked into the development process and businesses and their customers operate more safely.
Tomi Engdahl says:
. Some Security as Code best practices include:
Automating feedback loops
Automating scans and security testing
Executing script tests
Implementing monitoring functions
Performing routine security policy checks
https://www.bmc.com/blogs/security-as-code/
Tomi Engdahl says:
Microsoft Buys ReFirm Labs to Expand IoT Firmware Security Push
https://www.securityweek.com/microsoft-buys-refirm-labs-expand-iot-firmware-security-push
Microsoft’s aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of ReFirm Labs, an early-stage startup that helps businesses pinpoint and fix weak links at the firmware layer.
Financial terms of the deal were not disclosed. ReFirm Labs, a four-year-old startup based in Maryland, raised $3.5 million in two rounds of early-stage venture capital funding.
According to Microsoft’s David Weston, the ReFirm Labs technology will be offered as a feature in the Azure Defender for IoT product.
The Refirm Labs deal comes exactly a year after Microsoft snapped up CyberX, an IoT security company that provides a digital map of thousands of devices scattered throughout modern organizations.
Tomi Engdahl says:
Many CISOs Blame Cyberattack Surge on Remote Working: VMware
https://www.securityweek.com/many-cisos-blame-cyberattack-surge-remote-working-vmware
Tomi Engdahl says:
No Time to Waste: Three Ways to Quickly Reduce Risk in Critical Infrastructure Environments
https://www.securityweek.com/no-time-waste-three-ways-quickly-reduce-risk-critical-infrastructure-environments
Earlier this month, the U.S. experienced it first major shutdown of critical infrastructure due to a cyberattack in the nation’s history. When adversaries targeted Colonial Pipeline with a disruptive ransomware attack, critical infrastructure security immediately became a mainstream concern, because the attack is unprecedented in terms of its impact. Millions of people were affected as the East Coast’s largest gasoline, diesel, and natural gas distributor suspended oil and gas delivery. What’s more, the aftermath has lingered as rising gasoline and home heating oil prices put further stress on the sector and on individuals’ wallets and plans.
For years now, the government has been warning openly and clearly of targeted attacks against government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. Last July, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert in response to a growing number of attacks targeting industrial networks. The alert included broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors and lengthy, detailed sets of recommendations for how to protect operational technology (OT) environments.
Here are three ways to fast-track your organization’s journey to stronger industrial cybersecurity:
1. Tackle the visibility challenge. You can’t protect what you can’t see, so effective industrial cybersecurity must start with knowing what needs to be secured. This requires a centralized and always current inventory of all OT, IT and Industrial Internet of Things (IIoT) assets, processes, and connectivity paths into the OT environment, as well as understanding what normal looks like
2. Deploy virtual segmentation to thwart ransomware. Often, improper segmentation between once-separate IT and OT environments is a key enabler of OT ransomware infections
3. Leverage visibility and an understanding of risk to enable detection and response. The reality is that no matter the protective controls or processes you implement, it is not possible to eliminate risk completely. For this reason, being able to detect and respond to threats when they do surface is imperative. Continuous threat detection and monitoring helps manage and mitigate risk from both known and emerging threats that are not yet known. This is particularly critical as businesses adapt to the reality of distributed work environments. In fact, a PwC survey finds 83% of companies expect hybrid workplaces to become the norm. So, as more employees and third-party vendors connect remotely to the OT environment, adjusting controls with secure remote access capabilities minimizes the substantial risks introduced by remote workers.
Fortunately, the essential elements are in place to help reduce risk to critical infrastructure, so we can move straight to run. Most Fortune 500 companies have the support of their board of directors and budgets to strengthen the security of their OT networks.
Tomi Engdahl says:
White House urges businesses to “take ransomware crime seriously”
https://www.bleepingcomputer.com/news/security/white-house-urges-businesses-to-take-ransomware-crime-seriously/
The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council’s chief cybersecurity adviser.
Tomi Engdahl says:
Surur / MSPoweruser:
Microsoft says Teams will support end-to-end encryption for one-to-one voice calls on desktop and mobile apps starhttps://mspoweruser.com/end-to-end-encryption-is-coming-to-microsoft-teams-calls-soon/ting in early July
https://mspoweruser.com/end-to-end-encryption-is-coming-to-microsoft-teams-calls-soon/
Tomi Engdahl says:
Christopher Bing / Reuters:
US DOJ says it is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack — The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack …
Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says
https://www.reuters.com/article/cyber-usa-ransomware-idUSL2N2NC1SD
Tomi Engdahl says:
At Odds: The Promise vs. Operational Reality of Security Solutions
https://www.securityweek.com/odds-promise-vs-operational-reality-security-solutions
There’s a gap between the promise of a security technology and operational reality
By now you’ve probably spent at least a few minutes watching “What I thought I was getting vs. what I actually got” videos. There’s the pet edition, the mature husband edition, even a personal edition – “How I thought I looked vs. how I actually looked.” You get the picture.
A similar phenomenon has been happening in the security industry for years – there is great promise in a new product or technology; however, the operational reality is much different. Think back to the early days and Intrusion Prevention Systems (IPSes). Companies released IPSes that you could plug and play on your network and the device would block what it thought was bad. Sounds great right? Well, the operational reality is that it blocked things it should not have, resulting in many false positives. And when the security team was asked “why was that blocked?,” they couldn’t get an answer as the IPS device was a ‘black box.’
Clearly, there’s a gap between the promise of a security technology and operational reality. Let’s take two more recent examples: Security Orchestration, Automation and Response (SOAR) platforms and tools and Extended Detection and Response (XDR) solutions.
Tomi Engdahl says:
CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts
https://www.securityweek.com/cisa-issues-mitre-attck-mapping-guide-threat-intelligence-analysts
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/06/04/eurooppalaisille-uusi-verkkoidentiteetti/
Tomi Engdahl says:
It’s time for security teams to embrace security data lakes
https://techcrunch.com/2021/06/04/its-time-for-security-teams-to-embrace-security-data-lakes/?tpcc=ecfb2020
The average corporate security organization spends $18 million annually but is largely ineffective at preventing breaches, IP theft and data loss. Why? The fragmented approach we’re currently using in the security operations center (SOC) does not work.
Here’s a quick refresher on security operations and how we got where we are today: A decade ago, we protected our applications and websites by monitoring event logs — digital records of every activity that occurred in our cyber environment, ranging from logins to emails to configuration changes. Logs were audited, flags were raised, suspicious activities were investigated, and data was stored for compliance purposes.
As malicious actors and adversaries became more active, and their tactics, techniques and procedures (or TTP’s, in security parlance) grew more sophisticated, simple logging evolved into an approach called “security information and event management” (SIEM), which involves using software to provide real-time analysis of security alerts generated by applications and network hardware. SIEM software uses rule-driven correlation and analytics to turn raw event data into potentially valuable intelligence.
Although it was no magic bullet (it’s challenging to implement and make everything work properly), the ability to find the so-called “needle in the haystack” and identify attacks in progress was a huge step forward.
Today, SIEMs still exist, and the market is largely led by Splunk and IBM QRadar.
New security demands are asking too much of SIEM
First, data has exploded and SIEM is too narrowly focused. The mere collection of security events is no longer sufficient because the aperture on this dataset is too narrow. While there is likely a massive amount of event data to capture and process from your events, you are missing out on vast amounts of additional information such as OSINT (open-source intelligence information), consumable external-threat feeds, and valuable information such as malware and IP reputation databases, as well as reports from dark web activity. There are endless sources of intelligence, far too many for the dated architecture of a SIEM.
Additionally, data exploded alongside costs. Data explosion + hardware + license costs = spiraling total cost of ownership. With so much infrastructure, both physical and virtual, the amount of information being captured has exploded. Machine-generated data has grown at 50x, while the average security budget grows 14% year on year.
The cost to store all of this information makes the SIEM cost-prohibitive. The average cost of a SIEM has skyrocketed to close to $1 million annually, which is only for license and hardware costs. The economics force teams in the SOC to capture and/or retain less information in an attempt to keep costs in check. This causes the effectiveness of the SIEM to become even further reduced. I recently spoke with a SOC team who wanted to query large datasets searching for evidence of fraud, but doing so in Splunk was cost-prohibitive and a slow, arduous process, leading the team to explore alternatives.
The shortcomings of the SIEM approach today are dangerous and terrifying.
The security-driven data stored in a data lake can be in its native format, structured or unstructured, and therefore dimensional, dynamic and heterogeneous, which gives data lakes their distinction and advantage over data warehouses.
Tomi Engdahl says:
We needed to tighten up the computer crime act. It was written before anyone in law enforcement knew about cyber. And it was overly broad, as in even you or I could end up in violation of the act for many computing actions we take daily. Mark Rash, an expert at cyber and law, wrote a great piece on how this is needed:
Supreme Court Limits Scope of Computer Crime Law
https://securityboulevard.com/2021/06/supreme-court-limits-scope-of-computer-crime-law/
Tomi Engdahl says:
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks https://thehackernews.com/2021/06/github-updates-policy-to-remove-exploit.html
Code-hosting platform GitHub Friday officially announced a series of updates to the site’s policies that delve into how the company deals with malware and exploit code uploaded to its service. Lisäksi:
https://www.bleepingcomputer.com/news/security/githubs-new-policies-allow-removal-of-poc-exploits-used-in-attacks/
Tomi Engdahl says:
Chrome, Safari, Firefox and Edge join forces to improve browser extensions https://www.cnet.com/news/chrome-safari-firefox-and-edge-join-forces-to-improve-browser-extensions/
The teams behind the Google Chrome, Apple Safari, Mozilla Firefox and Microsoft Edge browsers have banded together to improve extensions, the add-ons you can download to customize the software. That should mean your extensions will work better and come with a better security foundation to protect you from malware.
Tomi Engdahl says:
Hacker lexicon: What is a supply chain attack?
https://arstechnica.com/information-technology/2021/06/hacker-lexicon-what-is-a-supply-chain-attack/
Cybersecurity truisms have long been described in simple terms of
trust: Beware email attachments from unfamiliar sources and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: what if the legitimate hardware and software that makes up your network has been compromised at the source?
Tomi Engdahl says:
China Has Triggered a Bitcoin Mining Exodus https://www.wired.com/story/china-bitcoin-mining-exodus/
The promise of a crackdown is sending the country’s crypterati scrambling for the exit.
Tomi Engdahl says:
Google Warns On Password Strength
https://www.forbes.com/sites/brookecrothers/2021/06/06/google-warns-on-password-strength/
Google is warning you about compromised passwords. It’s a very good idea to heed these warnings. Yes, passwords are hell. Strong self-generated passwords often turn into a fog of forgotten letter combinations and phrases.
How to hack into 5500 accounts just using “credential stuffing”
https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/
We all ought to know by now that passwords that are easy to guess will get guessed.
Tomi Engdahl says:
Email spoofing: how attackers impersonate legitimate senders https://securelist.com/email-spoofing-types/102703/
In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address.