Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
White House Urges Private Companies to Help in Fight Against Ransomware
https://www.securityweek.com/white-house-urges-private-companies-help-fight-against-ransomware
In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.
The memo, signed by Anne Neuberger, deputy national security advisor for cyber and emerging technology, mentions the recent increase in the number of ransomware incidents, as well as the Biden administration’s response to such attacks targeting government and private sector organizations.
In response to a series of cyberattacks that affected U.S. critical infrastructure both directly and indirectly – including the SolarWinds incident and the Colonial Pipeline attack – President Joe Biden signed an executive order on improving the cyber-defenses of “vital institutions.”
Tomi Engdahl says:
Building End-to-End Security for 5G Networks
https://www.securityweek.com/building-end-end-security-5g-networks
5G is opening a world of opportunities for digital business, but many benefits will not be possible if security is not an integral part of the solution
The arrival of 5G presents unparalleled opportunities for organizations, especially those competing in today’s constantly evolving and highly competitive digital marketplace. 5G brings a ten-fold increase in mobile broadband and ultra-reliability coupled with ultra-low latency (URLLC). The resulting development of new, highly responsive applications, rich media streaming, and more will utterly transform networks. And that’s just the start. The development and deployment of advanced high band millimeter-wave (mmWave) 5G will accelerate the development of smart infrastructures, enhance the automation of manufacturing environments, and provide the super-high density needed to power new computing environments.
However, as with any new technology, the other side of the coin is that as enterprises adopt 5G networks and services to enable digital innovation across new network edges, they are also introducing new risks. And part of the 5G challenge is that there are few security solutions on the market designed to keep up with 5G-enhanced networks. We already see some environments—not just ultra-high performance data centers, but new edge compute environments and even remote workers on 5G-enabled devices—being poorly secured. For example, millions of remote workers are now being protected with little more than a VPN connection. Without a security plan in place, these organizations will be unprepared to defend themselves against the next generation of malware designed to harness the speed and scale of 5G and exploit the fragmented and thinly deployed security systems currently in place.
Tomi Engdahl says:
Heather Kelly / Washington Post:
Though cybersecurity experts have warned of ransomware for years, it’s now having a very visible impact on the lives of everyday people — After years of warnings, the impact of ransomware finally hits home for regular people — SAN FRANCISCO — It can feel abstract …
Ransomware attacks are closing schools, delaying chemotherapy and derailing everyday life
After years of warnings, the impact of ransomware finally hits home for regular people
https://www.washingtonpost.com/technology/2021/07/08/ransomware-human-impact/
It can feel abstract: A group of organized but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return. But the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people.
These crimes have resulted in missed chemotherapy appointments and delayed ambulances, lost school days, and transportation problems. A ransomware attack on Colonial Pipeline in May led to gas shortages and even dangerous situations caused by panic buying. This past week, hackers compromised the JBS meat processing company, leading to worries about meat shortages or other key food providers being at risk. Last fall, the Baltimore County Public Schools system was hit with ransomware and forced to halt classes for two days, which were being held virtually.
As recently as Wednesday, ransomware attacks were causing problems across the country. In Martha’s Vineyard, the ferry service transporting people to and from the Massachusetts island said it had been hit by a ransomware attack that disrupted its ticketing and reservation process. Ferries continued operating all week, but the ticketing system was still affected, causing delays, on Friday.
The recent spate of high-profile ransomware incidents is exactly what cybersecurity professionals have been warning about for years. But it’s partially the impact on everyday people — far from the executive suites, cybersecurity companies, or government agencies that regularly fret about the criminal enterprise — that has made the risk more visible. The ripple effects of ransomware can result in everything from mild inconvenience to people losing their lives, and it’s only increased in frequency during the pandemic.
“It’s not only that it’s getting worse, but it’s the worst possible time for it to happen,” said Robert Lee, chief executive of Dragos, an industrial cybersecurity firm. He says on average, there are likely 20 to 30 big ransomware cases happening behind the scenes in addition to the ones making headlines.
Ransomware attacks are not new. The money at stake has changed drastically, however, inflating from thousands to millions of dollars, and the targets are more sophisticated as well. The increasing number of companies connecting their systems and adding more remote access points, along with things like the widespread use of bitcoin, have widened the pool of targets. Cybercriminals once focused on small companies and individuals but have made headlines this year for attacks on higher-profile victims.
“Now you’ve got ransomware affecting whole corporate networks, interrupting critical national function, causing disruption in people’s lives. It’s really become a national security, public health and safety threat,” said Michael Daniel, president and CEO of the nonprofit group Cyber Threat Alliance.
The ransomware industry has grown but the underlying techniques for gaining access have largely stayed the same. Hackers commonly access companies’ systems through “phishing” attacks — emails sent to try to trick employees into giving up passwords or access. Once inside a company’s system, ransomware outfits will find critical information and lock it down, then contact a company to demand a ransom for it to be released.
These criminals generally work in loosely defined groups, sharing tips and resources that make it possible for individual hackers to easily extort multiple targets. Companies occasionally have backup copies of their systems that they can restore rather than pay a ransom.
“There’s this awful downward spiral of societal harm that happens from ransomware,” said Megan Stifel, co-chair of the ransomware task force and an executive director at the Global Cyber Alliance.
The Colonial Pipeline attack was one of the many worst-case scenarios experts have been warning about, and planning for, for years. A ransomware attack last month caused the company to shut down its pipeline connecting Texas to New Jersey.
Panicked that they wouldn’t be able to get enough fuel, drivers swarmed gas stations, resulting in long lines and barren gas pumps in parts of the U.S. Drivers hoarded fuel as stations ran out of their supply, exacerbating the issue. The attack sparked a real-world fire in a Florida town, according to local news reports, when a Hummer burst into flames after the driver filled up four gas containers. The panic buying even prompted the U.S. Consumer Product Safety Commission to issue a long tweet thread about gas safety, including a message that quickly went viral: “Do not fill plastic bags with gasoline.”
People’s safety has been even more directly threatened by attacks on health care systems. Hospitals have been particularly hard hi
Joshua Corman, the chief strategist for health care and covid on the government’s Cybersecurity and Infrastructure Security Agency COVID Task Force, has been studying the potential impact of health-care attacks on mortality rates. For example, if a hospital has to close suddenly, ambulances might take longer to reach people in distress.
“Minutes can be the difference between life and death for heart attacks, and hour or two can be the difference for a stroke,” said Corman.
Lee, the head of Dragos, recently worked with a power company that got hit with a ransomware attack but was able to maintain operations. However, attacks like that could easily result in localized power shortages, he says. Attacks on pharmaceutical companies, or any of the manufacturers in their pipeline, could delay critical medicine like insulin or even vaccines. The increased targeting of industries with the most potential for disruption may be the criminals’ business decision.
“It feels like these groups realize industrial companies are more ready to pay out and more quick to pay out, because if you impact industrial operations you have to get up and going for safety and community,” said Lee.
Beyond the physical inconveniences, ransomware attacks can also hurt public trust in technology and systems, and cause people to worry they’ll be a victim or to panic-buy products they think will see a price hike or be in short supply, according to Stifel.
Panic after attacks is part of the problem. This past week’s attack on JBS, one of the largest meat-processing companies in the world, resulted in temporary factory shutdowns. While there were not yet any confirmed meat shortages in the U.S., worried meat suppliers still warned consumers not to panic buy beef, which could cause otherwise still stable prices to go up.
From higher gas prices to canceled surgeries, real-world financial and consumer safety implications of these hacks have spurred the federal government to crack down on ransomware.
Tomi Engdahl says:
Naked Short Selling: The Truth Is Much Worse Than You Have Been Told
https://oilprice.com/Energy/Energy-General/Naked-Short-Selling-The-Truth-Is-Much-Worse-Than-You-Have-Been-Told.html
There is a massive threat to our capital markets, the free market in general, and fair dealings overall. And no, it’s not China. It’s a homegrown threat that everyone has been afraid to talk about.
Until now.
That fear has now turned into rage.
Hordes of new retail investors are banding together to take on Wall Street. They are not willing to sit back and watch naked short sellers, funded by big banks, manipulate stocks, harm companies, and fleece shareholders.
It’s a global problem, but it poses the greatest threat to Canadian capital markets, where naked short selling—the process of selling shares you don’t own, thereby creating counterfeit or ‘phantom’ shares—survives and remains under the regulatory radar because Broker-Dealers do not have to report failing trades until they exceed 10 days.
This is an egregious act against capital markets, and it’s caused billions of dollars in damage.
In Canada alone, hundreds of billions of dollars have been vaporized from pension funds and regular, everyday Canadians because of this, according to Texas-based lawyer James W. Christian.
The Dangerous Naked Short-Selling MO
In order to [legally] sell a stock short, traders must first locate and secure a borrow against the shares they intend to sell. A broker who enters such a trade must have assurance that his client will make settlement.
While “long” sales mean the seller owns the stock, short sales can be either “covered” or “naked”. A covered short means that the short seller has already “borrowed” or has located or arranged to borrow the shares when the short sale is made. Whereas, a naked short means the short seller is selling shares it doesn’t own and has made no arrangements to buy. The seller cannot cover or “settle” in this instance, which means they are selling “ghost” or “phantom” shares that simply do not exist without their action.
When you have the ability to sell an unlimited number of non-existent phantom shares in a publicly-traded company, you then have the power to destroy and manipulate the share price at your own will.
And big banks and financial institutions are turning a blind eye to some of the accounts that routinely participate in these illegal transactions
The funds behind this are hyper sophisticated and know all the rules and tricks needed to exploit the regulators to buy themselves time to cover their short positions.
The short-sellers and funds who participate in this manipulation almost always finance undisclosed “short reports” which they research & prepare in advance, before paying well-known short-selling groups to publish and market their reports (often without any form of disclosure) to broad audiences in order to further push the stock down artificially. There’s no doubt that these reports are intended to create maximum fear amongst retail investors and to push them to sell their shares as quickly as possible.
That is market manipulation. Plain and simple.
Their MO is to short weak, vulnerable companies by putting out negative reports that drive down their share price as much as possible. This ensures that the shorted company in question no longer has the ability to obtain financing, putting them at the mercy of the same funds that were just shorting them. After cratering the shorted company’s share price, the funds then start offering these companies financing
Naked short selling was officially labeled illegal in the U.S. and Europe after the 2008/2009 financial crisis.
Making it illegal didn’t stop it from happening, however, because some of the more creative traders have discovered convenient gaps between paper and electronic trading systems, and they have taken advantage of those gaps to short stocks.
Still, it gets even more sinister.
According to Christian, “global working groups” coordinate their attacks on specifically targeted companies in a “Mafia-like” strategy.
Journalists are paid off, along with social media influencers and third-party research houses that are funded by what amounts to a conspiracy. Together, they collaborate to spread lies and negative narratives to destroy a stock.
Often, these illegal transactions involve paying off “informants”, journalists, influencers, and “researchers” are difficult to trace
Finally, these bad actors manage to skirt the settlement system, which is supposed to “clear” on what is called a T+2 basis. That means that any failed trades must be bought or dealt with within 3 days. In other words, if you buy on Monday (your “T” or transaction day), it has to be settled by Wednesday.
Unfortunately, Canadian regulators have a hard time keeping up with this system, and failed trades are often left outstanding for much longer periods than T+2. These failing trades are constantly being traded to reset the settlement clock
According to Christian, it can be T+12 days before a failed trade is even brought to the attention of the IIROC (the Investment Industry Regulatory Organization of Canada)…
Prime Brokers and Banks are Complicit
This is one of Wall Street’s biggest profit center and fines levied against them are merely a minor cost of doing business.
Some banks are getting rich off of these naked short sellers. The profits off this kind of lending are tantalizing, indeed. Brokers are lending stocks they don’t own for massive profit and sizable bonuses.
Tomi Engdahl says:
‘Apple is eating our lunch’: Google employees admit in lawsuit that the company made it nearly impossible for users to keep their location private
https://www.businessinsider.com/unredacted-google-lawsuit-docs-detail-efforts-to-collect-user-location-2021-5
Google made it nearly impossible for users to keep their location private, according to newly unredacted court documents.
Even Google execs and employees in charge of location data were confused about how privacy settings worked.
Google was sued by Arizona’s attorney general over its data collection practices last year.
Tomi Engdahl says:
Hypervisors are crucial for cloud computing, but notoriously tricky to verifiably secure. Researchers at Columbia University say they’ve found a way, however.
SeKVM Makes Cloud Computing Provably Secure
https://spectrum.ieee.org/riskfactor/computing/software/safe-hypervisor
Complex hypervisor software helps run cloud computers, but verifying its security is often thought to be nigh impossible. Now computer scientists at Columbia University have developed what they say is the first hypervisor that can guarantee secure cloud computing.
Hypervisors organize cloud servers into virtual machines to supply data and computing power over the Internet. Hacks that successfully exploit hypervisor vulnerabilities could gain unfettered access to the data of millions of customers of cloud computing providers such as Amazon.
“All it takes is a single weak link in the code — one that is virtually impossible to detect via traditional testing — to leave a system vulnerable to hackers,”
In theory, scientists can formally verify software to mathematically prove that its code “protects data security under 100% of circumstances,” Gu says. However, most verified hypervisors are often far simpler than their commercial counterparts, since they are specifically designed for verification instead of practical applications. In contrast, modern commercial hypervisors are huge pieces of software, often including an entire operating system kernel, which can make verifying them a seemingly insurmountable task.
For example, it took three person-years to verify 6,500 lines of code with the CertiKOS hypervisor and 10 person-years to verify 9,000 lines of code with the seL4 hypervisor, both of which were designed for verification. In comparison, the widely used KVM open-source hypervisor, a full-featured multi-processor system integrated with Linux, has more than 2 million lines of code.
Now the Columbia computer scientists have developed a way to verify commercial-grade hypervisors. They used their new technique to develop a secure version of KVM named SeKVM, which they suggest is the first machine-checked formally verified commercial-grade hypervisor.
The researchers dubbed their new technique microverification, which reduces the amount of work needed to verify a hypervisor. It breaks down a hypervisor into a small core and a set of untrusted services, and then goes on to prove the hypervisor secure by verifying the core alone. The core has no vulnerabilities for a hack to exploit, and this core mediates all the hypervisor’s interactions with virtual machines, so even if a hack undermines one virtual machine, it does not compromise the others.
Based on microverification, the scientists developed software named MicroV to verify large commercial-grade multi-processor hypervisors. With the help of MicroV, they developed a secure core for SeKVM only 3,800 lines of code long, which they verified over the course of two person-years.
When it comes to real application workloads, SeKVM performed similarly to unmodified KVM, at most incurring less than 10% performance overhead on native hardware KVM was specifically designed to run on. At the same time, SeKVM supported KVM’s wide range of features.
“SeKVM is just KVM with some minor changes,”
“SeKVM will lay a foundation for future innovations in systems verification and lead to a new generation of cyber-resilient systems software. In a world where cybersecurity is a growing concern, this resiliency is in high demand.”
SeKVM: Securing virtual machines in the cloud
https://www.helpnetsecurity.com/2021/05/31/sekvm-securing-virtual-machines/
SeKVM as the first formally verified system for cloud computing
Formal verification is a critical step as it is the process of proving that software is mathematically correct, that the program’s code works as it should, and there are no hidden security bugs to worry about.
“This is the first time that a real-world multiprocessor software system has been shown to be mathematically correct and secure,” said Jason Nieh, professor of computer science and co-director of the Software Systems Laboratory. “This means that users’ data are correctly managed by software running in the cloud and are safe from security bugs and hackers.”
Tomi Engdahl says:
CISA Announces Vulnerability Disclosure Policy Platform
https://www.securityweek.com/cisa-announces-vulnerability-disclosure-policy-platform
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.
Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems.
The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all federal agencies to develop and publish a vulnerability disclosure policy.
Courtesy of the new initiative, FCEB agencies will have the opportunity to coordinate with the civilian hacker community to identify and monitor vulnerabilities in their systems.
In addition to taking advantage of the CISA-funded VDP platform service, FCEB agencies can also implement their own bug bounty programs powered by Bugcrowd and Endyna, which has been awarded a one-year contract to provide a Software-as-a-service (SaaS) component for the platform.
Tomi Engdahl says:
TrickBot indictment reveals the scale and complexity of organized cybercrime https://blog.malwarebytes.com/cybercrime/2021/06/trickbot-indictment-reveals-the-scale-and-complexity-of-organized-cybercrime/
Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns, it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data exfiltration and the threat of constant reinfection were the order of the day.
Tomi Engdahl says:
How to Respond to a Cyber Breach
https://endpoint.tanium.com/how-to-respond-to-a-cyber-breach/
After several devastating cyberattacks on U.S. businesses, incident response strategies are getting new respect
Data breaches are occurring at a relentless pace. Their impact on people’s daily lives, as well as on business resilience and national security, is now undeniable.
In the past few months alone, cybercriminals have hit the world’s largest meat processor, shutting down major meatpacking plants in the U.S.; crippled the nation’s largest gas pipeline, causing panic buying; and breached 300 companies and nine federal agencies in the largest cyberattack in U.S. history. (See SolarWinds attack)
For businesses and government, the battle is no longer simply about protecting credit card numbers and other personal data. It’s about protecting the nation’s economic interests and, perhaps more important, society’s ability to function.
Many of the high-profile attacks carried the capacity to severely damage the nation’s “economic engine,” says Maggie Wilderotter, the former Frontier Communications CEO and a board member of several tech companies. The threat is so dire that on June 2, the White House sent an open letter to “corporate executives and business leaders,” saying they had a “key responsibility” in strengthening the nation’s cyber resilience, while noting “no company is safe [from ransomware], regardless of size or location.”
600%
the increase in cyber attacks since the pandemic began
But enterprises that operate as if their defenses alone will keep them secure accept more risk than they realize. At some point, attackers will succeed. (Consider that cyberattacks have spiked 600% since the pandemic began.)
Breached organizations might find core business operations shut down through a ransomware attack. Those incursions come with a cost to a company’s reputation as well as its bottom line: Companies spend an average $3.86 million to mitigate a breach.
Tomi Engdahl says:
“The founder and CEO of Israeli cybersecurity firm Check Point warned Monday that the new reality created by the coronavirus pandemic will cause threats in the cybersecurity field to rise, and that countries need to protect themselves against the coming ‘cyber pandemic.’”
Is a ‘Cyber Pandemic’ Coming?
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/is-a-cyber-pandemic-coming.html
Over the past week, multiple global business leaders warned of a coming cyberattack with devastating impacts. Is this just FUD or current reality? Let’s explore.
For more than a decade, security leaders predicted that a “Cyber Pearl Harbor” or “Cyber 9/11” was coming that would dramatically change society as we know it. For example, back in 2013, Secretary of Homeland Security Janet Napolitano said, “Our country will, at some point, face a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our society.”
However, over the past few years, these bold predictions that the Internet sky is falling have largely dropped off the map — until this past week under a new name.
The main reason that most cyber prognosticators dropped these scary predictions seemed to be an overdose of Fear, Uncertainty and Doubt (FUD) was bad for business and seemed to be getting old. Like constantly predicting the stock market will crash, people were getting tired of these messages. Rather, most experts started to shift to more of a pragmatic approach to future cybersecurity predictions, with ample research backing up claims.
But this trend quietly changed this past week, under a new name inspired by COVID-19.
While the majority of people were focused this past week on peaceful protests against police brutality and the death of George Floyd, or rioting in some cities, or the surprisingly positive jobs numbers and stock market performance, several well-respected leaders and groups are now predicting that a “cyber pandemic” is coming soon.
Check Point CEO: We need to prepare for the coming ‘cyber pandemic’
https://m.jpost.com/jpost-tech/check-point-ceo-we-need-to-prepare-for-the-coming-cyber-pandemic-629933
Tomi Engdahl says:
CTF Vs Real Penetration Testing
https://www.triaxiomsecurity.com/ctf-vs-real-penetration-testing/
For those of you that are unfamiliar with the term, CTF stands for Capture the Flag and is essentially a hacking competition. These CTF competitions can come in various forms. For example, one CTF competition may consist of a ‘red team’ (attackers) vs a ‘blue team’ (defenders) where the red team are attempting to compromise the blue team’s network. Alternatively, it could be a competition where various competitors or teams compete against each other in a race to capture the most ‘flags’ from various machines on a target network. These flags will often come in the form of a text file or snippet hidden somewhere on the target machine. Therefore, to capture the flags a competitor has to achieve various levels of compromise or access to a target, presumably leveraging security vulnerabilities in the process.
CTFs are a great way to learn about hacking techniques and the various tools that are used. For many aspiring penetration testers, CTFs are a great way to gain real-world, hands-on experience. However, while the benefits of CTFs for aspiring penetration testers cannot be overstated, the transition from CTF competitor to a professional penetration tester is not as seamless as some often assume. There are various adjustments that need to be made.
But a professional penetration test is conducted differently. The primary goal of a penetration test is to find as many vulnerabilities as possible, in order to help the client understand their level of risk and take the relevant remediation steps. Therefore, many vulnerabilities that are unlikely to lead to direct system compromise in a CTF environment will often be overlooked or even ignored. However, overlooking said vulnerabilities during a professional penetration test could lead to catastrophic consequences. For example, if a Denial-of-Service vulnerability were identified during a CTF, it would likely be ignored, as it is not going to help the competitor achieve their primary goal of capturing the flag. However, in the real world, for a large company with an SLA agreement that consists of 99.999% up-time, for example, even the thought of being the victim of a DoS attack would be enough to keep a CISO up at night. Thus, a vulnerability that would have likely been ignored in a CTF environment, would be a big deal in a real penetration test, and could not be ignored.
Another adjustment that will need to be made is restraint and the ability to think methodically. Many exploits that are commonly used by penetration testers and/or black hat hackers have the potential to crash systems if not used carefully and with due diligence. This may not be a problem in a CTF environment where target machines will likely have the ability to revert to their original state in the event of a system crash. However, this could lead to disaster in a corporate network. Therefore, every exploit should be carefully examined and tested before being used during a penetration test.
Finally, we will discuss the need for good documentation. Even the most technically gifted hacker will not make a good penetration tester if they are unable to present their findings to their client. It is no good being able to take full control of a company’s network if you are unable to convey how you did it, and what the company needs to do for remediation. Some of the most sought-after penetration testing certifications, such as the OSCP and eCPPT for example, both stress the importance of good documentation and we would highly recommend aspiring penetration testers get into the habit of taking good notes and honing their documentation and presentation skills.
Tomi Engdahl says:
US towns are buying Chinese surveillance tech tied to Uighur abuses
Hikvision and Dahua supplied Beijing with technology it used to surveil ethnic groups
https://techcrunch.com/2021/05/24/united-states-towns-hikvision-dahua-surveillance/
Tomi Engdahl says:
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
https://www.darknet.org.uk/2021/05/vulhub-pre-built-vulnerable-docker-environments-for-learning-to-hack/
Tomi Engdahl says:
https://threatpost.com/bidens-cybersecurity-executive-order-wrong-issues/166479/
Tomi Engdahl says:
How Cognitive Science Can Help Us Create Stronger Passwords
https://academicstories.com/story/discoveries/how-cognitive-science-can-help-us-create-stronger-passwords?utm_source=facebook&utm_medium=cpc&utm_campaign=AS_JYU_1_052021&fbclid=IwAR1nPYAbxPduxabT-Cwl4GFfCmh4WKzdZjPzBEPPCB4xx0xfCWLBm9SF0KA
Tomi Engdahl says:
The new rules of ransomware
The rise in working from home has brought with it a rise in ransomware attacks, but an effective backup routine can guard against disaster
https://www.itpro.co.uk/security/359699/the-new-rules-of-ransomware
Tomi Engdahl says:
https://linuxsecurity.com/
Tomi Engdahl says:
Hacking 2FA: 5 basic attack methods explained
https://www.csoonline.com/article/3620223/hacking-2fa-5-basic-attack-methods-explained.html
As two-factor authentication becomes more widespread, criminals seek novel ways to subvert it. Here’s what you need to know.
Tomi Engdahl says:
Why my need for control made me switch to Linux
Linux gives me the freedom to control how I use my computer. Plus, it’s free and open source.
https://opensource.com/article/21/6/switch-linux
Tomi Engdahl says:
Identify security properties on Linux using checksec
Learn how to use checksec to identify an executable’s security properties, understand what they mean, and know how to use them
https://opensource.com/article/21/6/linux-checksec
Tomi Engdahl says:
Why system backups no longer shield against ransomware
By Craig Lurey 16 days ago
https://www.techradar.com/news/why-system-backups-no-longer-shield-against-ransomware
Backups no longer provide the protection against ransomware that they once did
Tomi Engdahl says:
The bizarre story of the inventor of ransomware
https://www.cnn.com/2021/05/16/tech/ransomware-joseph-popp/index.html
Eddy Willems was working for an insurance company in Belgium back in December 1989 when he popped the floppy disc into his computer.
The disc was one of 20,000 sent in the mail to attendees of the World Health Organization’s AIDS conference in Stockholm, and Willems’ boss had asked him to check what was on it.
Willems was expecting to see medical research when the disc’s contents loaded. Instead he became a victim of the first act of ransomware — more than 30 years before the ransomware attack on the US Colonial Pipeline ignited a gas shortage in parts of the US last week.
A few days after inserting the disc, Willems’ computer locked and a message appeared demanding that he send $189 in an envelope to a PO Box in Panama. “I didn’t pay the ransom or lose any data because I figured out how to reverse the situation,” he told CNN Business.
He was one of the lucky ones: Some people lost their life’s work.
“I started to get calls from medical institutions and organizations asking how I got around it,” said Willems, who is now a cybersecurity expert at G Data, which developed the world’s first commercial antivirus solution in 1987. “The incident created a lot of damage back in those days. People lost a lot of work. It was not a marginal thing — it was a big thing, even then.”
Tomi Engdahl says:
U.S. Suffers Over 7 Ransomware Attacks An Hour. It’s Now A National Security Risk
June 9, 20215:24 PM ET
https://www.npr.org/2021/06/09/1004684788/u-s-suffers-over-7-ransomware-attacks-an-hour-its-now-a-national-security-risk
The United States suffered 65,000 ransomware attacks last year – or over seven an hour. And it will likely get worse.
What was previously seen as a nuisance is fast becoming a national security problem as cybercriminals target key parts of the country’s infrastructure. A recent attack on Colonial Pipeline sparked panic buying that emptied many gas stations across the Southeast, while another attack on JBS raised fears about the domestic beef supply.
Companies and institutions have long neglected their IT systems, leaving them exposed to hacking, experts say. The pandemic has made them more vulnerable, as many Americans use personal modems and routers to work from home.
Stopping the attacks will be difficult. Criminals today can easily find sophisticated malware in dark corners of the web, and the growing popularity of cryptocurrencies such as Bitcoin is further emboldening cybercriminals by making it easier for them to evade law enforcement and financial regulators.
And then there is the most important reason of them all: Attacks are likely to continue because they work.
“This is just the beginning,”
“And it’s going to get a lot worse,”
A malware attack puts an executive in a difficult position. First, a company loses access to its systems or sensitive data. Then, there are knock-on effects. If a hack becomes public, it could affect a company’s share price, or worse, create a nationwide problem.
Last month, Colonial decided to pay $4.4 million to unlock its IT systems after a cyberattack forced the company to shut down a critical fuel pipeline. Colonial CEO Joseph Blount told NPR he had no choice.
ransomware attacks are becoming “professionalized.”
DarkSide, the Russia-based criminal group behind the Colonial Pipeline attack, even has what some experts describe as essentially a customer service contact to deal with questions from targets it attacks.
Alternative currencies offer anonymity
“I do think cryptocurrency has actually helped facilitate the ransomware market,” says Kiersten Todt, the managing director of the Cyber Readiness Institute.
Although the Justice Department was able to trace and recover much of Colonial Pipeline’s ransom payment, experts say that will not be the norm.
there are too many attacks and stopping all of them is not possible.
Tomi Engdahl says:
https://www.darknet.org.uk/2021/05/vulhub-pre-built-vulnerable-docker-environments-for-learning-to-hack/
Tomi Engdahl says:
Ministeri Harakka: Panostus kriittisten toimialojen tietoturvaan ja tietosuojaan on investointi tulevaisuuteen
https://www.lvm.fi/-/ministeri-harakka-panostus-kriittisten-toimialojen-tietoturvaan-ja-tietosuojaan-on-investointi-tulevaisuuteen-1376154
Valtioneuvosto vahvisti 10. kesäkuuta 2021 periaatepäätöksen, jolla linjataan toimia yhteiskunnan kriittisten toimialojen tietoturvan ja tietosuojan tason parantamiseksi. Periaatepäätöksen linjaukset perustuvat asiaa selvittäneen poikkihallinnollisen työryhmän ehdotuksiin.
Tomi Engdahl says:
Emerging Ransomware Targets Dozens of Businesses Worldwide https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html
An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, “Prometheus” is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle East and North Africa last year.
Tomi Engdahl says:
Educating the Educators: Protecting Student Data https://securityintelligence.com/articles/educating-educators-protecting-student-data/
I found my 17-year-old son happily playing video games last year when he was supposed to be in virtual school. But after a few questions, I learned he wasnt skipping school. His class had been canceled after his teacher fell for a phishing attack, and their computer was infected with a virus. This isnt an isolated incident. Take a look at how schools can protect student data and other important information from todays digital attacks.
Tomi Engdahl says:
BackdoorDiplomacy: Upgrading from Quarian to Turian https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017. For initial infection vectors, the group favors exploiting vulnerable internet-exposed devices such as web servers and management interfaces for networking equipment. Once on a system, its operators make use of open-source tools for scanning the environment and lateral movement. Interactive access is achieved in two ways: (1) via a custom backdoor we are calling Turian that is derived from the Quarian backdoor; and (2) in fewer instances, when more direct and interactive access is required, certain open-source remote access tools are deployed
Tomi Engdahl says:
Phishing sites reached all-time high in January 2021 https://therecord.media/phishing-sites-reached-all-time-high-in-january-2021/
The number of active phishing sites hit a record number earlier this year in January, according to an industry report published this week by the Anti-Phishing Working Group (APWG). A total of 245,771 phishing sites were detected in January. The number represents the unique base URLs of phishing sites found and reported by APWG members.
Tomi Engdahl says:
Keeping an Eye on Dangerous Python Modules https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Dangerous+Python+Modules/27514/
With Python getting more and more popular, especially on Microsoft Operating systems, it’s common to find malicious Python scripts today.
I already covered some of them in previous diaries[1][2]. I like this language because it is very powerful. You can automate boring tasks in a few lines. It can be used for offensive as well as defensive purposes, and… it has a lot of 3rd party “modules” or libraries that extend its capabilities.
Tomi Engdahl says:
UK tells UN that nation-states should retaliate against cyber badness with no warning https://www.theregister.com/2021/06/11/uk_ungge_cyber_norms_submission/
Britain has told the UN that international cyber law should allow zero-notice digital punishment directed at countries that attack others’ infrastructure. A statement made by UK diplomats to the UN’s Group of Governmental Experts on Advancing Responsible State Behaviour in the Context of International Security (UN GGE) called for international law to permit retaliation for cyber attacks with no notice.
Tomi Engdahl says:
Tracking ransomware cryptocurrency payments: What now for Bitcoin?
https://www.welivesecurity.com/2021/06/11/tracking-ransomware-cryptocurrency-payments/
Earlier this week, the Department of Justice announced it seized around $2.3 million worth of bitcoin (BTC 63.7) collected in the BTC
75 payment for Colonial Pipeline ransomware. Does this mean Bitcoin is hackable given enough computation horsepower?. For years Bitcoins weaknesses (or strengths, depending on your point of view) have been known, yet rarely come to the fore. But scammers got greedy, or the market just decided for them. With public sentiment boiling, along with policymakers willingness to pursue those trying to take control of critical infrastructure, the appetite to go after Bitcoin has resurfaced.
Tomi Engdahl says:
As Ransomware Demands Boom, Insurance Companies Keep Paying Out https://www.wired.com/story/ransomware-insurance-payments/
EARLIER THIS WEEK, Colonial Pipeline CEO Joseph Blount testified before the House Homeland Security Committee that his company had filed a claim with its cyberinsurance carrier for the $4.4 million cryptocurrency ransom it paid last month. This week, US authorities announced that they had managed to recover $2.3 million of that ransom, raising further questions about who would receive that moneyColonial Pipeline or its insurance carriersand what signal it would send to ransomware victims and their insurers.
Tomi Engdahl says:
Trickbot Investigation Shows Details of Massive Cybercrime Effort https://beta.darkreading.com/threat-intelligence/trickbot-investigation-shows-details-of-massive-cybercrime-effort
The group behind the Trickbot malware operation, which infected more than a million systems in nearly a dozen countries, includes malware experts, freelance developers, and pay-as-you-go money mules, among other participants, according to an indictment against one developer unsealed this week. Details from the indictment against Latvian national Alla Witte charged with being a developer with the group paints a picture of a sprawling, and largely ad hoc, organization that expanded its operations to include almost 20 different participants, and probably more.
Tomi Engdahl says:
U.S. Army Hacked By 40 Military And Civilian Hackers In Six Weeks https://www.forbes.com/sites/daveywinder/2021/06/12/us-army-hacked-by-40-military-and-civilian-hackers-in-six-weeks/
Across six weeks, starting in January 2021, a team of hackers described as top-tier military and civilian operatives took aim at military assets belonging to the U.S. Department of the Army and the U.S. Defense Digital Services. These assets included a number of army.mil and westpoint.edu applications. The operation was a success, and that’s no bad thing because the hackers were participating in the third Hack the Army event to have taken place since 2016.
Tomi Engdahl says:
Malware disguised as antivirus protection https://www.kaspersky.com/blog/malware-disguised-as-antivirus/40252/
In almost every post about Android, we recommend installing apps from official sources only, and that wont change anytime soon. A recent example illustrates why: Scammers were spreading a banking Trojan disguised as popular media players, a fitness app, a book reader, and one that hit close to home, Kaspersky Internet Security for Android.
Nothing is wrong with third-party app marketplaces per se, but no one can know for sure whether any given store is trustworthy. In an official Android app store, be it Google Play or Huawei AppGallery, employees of the respective owner companies screen every application submitted by developers, weeding out any that are clearly malicious.
Tomi Engdahl says:
Why Cyber Attacks Against Film And Media Industries Are Escalating https://www.forbes.com/sites/davidbalaban/2021/06/11/why-cyber-attacks-against-film-and-media-industries-are-escalating/
The entertainment industry is a gigantic ever-accelerating hype train everyone wants to ride. Movie lovers are obsessively tuned for new blockbuster releases and suffer a frustrating setback if they miss another episode of a favorite TV show. Video production companies are now busier than ever creating fresh content, with the pandemic-borne lockdowns forcing millions to immerse themselves deeper in the digital world and causing a greater demand for OTT media stuff that is fun to watch at home. Celebrities get mileage out of the boom, too, by stepping up their repertoire.
Tomi Engdahl says:
Asiantuntijat näkevät Suomen hajanaisessa kyberpuolustuksessa Vastaamon kaltaisia aukkoja suurillekin iskuille
https://yle.fi/uutiset/3-11979008
Liikenne- ja viestintäministeriö julkaisi tällä viikolla kaksi ohjelmaa, joilla halutaan estää muun muassa Vastaamon kaltaisia tapauksia paremmin. Puolassa annettiin valheellinen ilmoitus radioaktiivisesta uhasta, kun ydinturvallisuusviranomaisten nettisivut hakkeroitiin. Hakkerit varastivat Euroopan lääkevirastosta asiakirjoja koronarokotteisiin liittyen. Nämä ovat pari esimerkkiä pelkästään tänä vuonna maailmalla tapahtuneista kyberiskuista. Vaikka kyberturvallisuudesta on puhuttu laajalti Suomessa viime vuosina, osa asiantuntijoista katsoo, että Suomen kyky varautua laaja-alaisiin kyberiskuihin on puutteellinen. Myös:
https://www.is.fi/digitoday/tietoturva/art-2000008050090.html
Tomi Engdahl says:
Wray: FBI Frowns on Ransomware Payments Despite Recent Trend
https://www.securityweek.com/wray-fbi-frowns-ransomware-payments-despite-recent-trend
The FBI’s director told lawmakers Thursday that the bureau discourages ransomware payments to hacking groups even as major companies in the past month have participated in multimillion-dollar transactions aimed at getting their systems back online.
“It is our policy, it is our guidance, from the FBI, that companies should not pay the ransom for a number of reasons,” Christopher Wray testified under questioning from members of the House Judiciary Committee.
Besides the fact that such payments can encourage additional cyberattacks, victims may not automatically get back their data despite forking over millions, “and that’s not unknown to happen,” Wray said.
Tomi Engdahl says:
Italy Sets Up Cybersecurity Agency After Russia Warnings
https://www.securityweek.com/italy-sets-cybersecurity-agency-after-russia-warnings
Italy has created a national cybersecurity agency following warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian “interference.”
The new agency was approved in a cabinet meeting late on Thursday.
It will need to “protect national interests and the resilience of services and essential functions of the State from cyber threats,” the government said in a statement.
Tomi Engdahl says:
MacKenzie Sigalos / CNBC:
Profile of DigitalMint, a final-mile crypto broker that helps ransomware victims pay ransoms in cryptocurrency, within 30-60 minutes of contact from the hacker — – A business will fall victim to a ransomware attack every 11 seconds this year, according to research firm Cybersecurity Ventures.
When ransomware strikes, this company helps victims make bitcoin payments
https://www.cnbc.com/2021/06/10/digitalmint-helps-ransomware-victims-make-bitcoin-payments.html
Tomi Engdahl says:
Maggie Macdonald / The Walrus:
Deepfakes, which are predominantly being used to produce porn, are thriving because the stigma of porn has made it difficult for sex workers to protect their IP
The Double Exploitation of Deepfake Porn
https://thewalrus.ca/the-double-exploitation-of-deepfake-porn/
Discussions around deepfakes have focused on their political danger. But revenge porn and IP theft are the more pressing threats
Over the past three years, celebrities have been appearing across social media in improbable scenarios. You may have recently caught a grinning Tom Cruise doing magic tricks with a coin or Nicolas Cage appearing as Lois Lane in Man of Steel. Most of us now recognize these clips as deepfakes—startlingly realistic videos created using artificial intelligence. In 2017, they began circulating on message boards like Reddit as altered videos from anonymous users; the term is a portmanteau of “deep learning”—the process used to train an algorithm to doctor a scene—and “fake.” Deepfakes once required working knowledge of AI-enabled technology, but today, anyone can make their own using free software like FakeApp or Faceswap. All it takes is some sample footage and a large data set of photos (one reason celebrities are targeted is the easy availability of high-quality facial images) and the app can convincingly swap out one person’s face for another’s.
To date, mainstream reporting on deepfakes has emphasized their political danger. Outfits from the Washington Post to the Guardian have warned that the videos could, by eroding trust in media, create chaos. For Forbes, deepfakes threaten to be “a widely destructive political and social force.” Yet, in over three years of the practice, we have yet to see a single credible disinformation effort linked to the technology. Political deepfakes certainly exist.
In one video, an AI-generated Barack Obama calls Donald Trump “a total and complete dipshit.” In Belgium, a political party circulated a deepfake of Trump mocking the country’s participation in the Paris climate agreement. Here in Canada, one user took footage of a Trump speech and replaced the former president’s face with that of Ontario premier Doug Ford. While these examples caused a stir, none presented a genuine national security risk. This is not to say that these fears are completely unfounded. The breakneck speed at which deepfakes are improving—often in disturbing new directions, including cloning voices—make it possible that they will be successfully weaponized politically. For the moment, however, they are not being used as feared. In warning about a crisis that doesn’t yet exist, headlines are erasing the damaging way the technology is actually being deployed: almost entirely to manufacture pornography.
A 2019 study by cybersecurity company Deeptrace Labs found that 96 percent of deepfakes involve sexually explicit scenes. There are thousands of clips in which the faces of celebrities, like Gal Gadot, Taylor Swift, Scarlett Johansson, Emma Watson, or even seventeen-year-old TikTok star Charli D’Amelio, have been superimposed onto the bodies of adult film stars. Porn deepfakes also feature the faces of nonfamous individuals—ex-wives, ex-girlfriends, high school crushes.
realism isn’t the point. According to media scholar Milena Popova, porn deepfakes are almost always labelled fabrications, with some creators taking pride in them as a kind of fan fiction or media remix.
Like other forms of revenge porn, ethical issues of consent and objectification make it clear that the footage need not be real to inflict real harm. (“It really makes you feel powerless,” Mort said, “like you’re being put in your place.”) Activists and legal scholars widely condemn the practice as a form of media-based sexual abuse.
Platforms have taken steps to moderate the videos, with many sites (including PornHub) banning deepfakes outright. Still, porn deepfakes are abundant due to the ease of sharing and reuploading. Piracy is already a standard practice on porn aggregator sites, and deepfakes benefit from the resulting complacency around porn content theft.
Deepfakes don’t just sow humiliation and trauma among the unsuspecting women whose faces are appropriated; they also harm the sex workers who are digitally decapitated by the process.
Deepfakes, she says, are created to humiliate a person, but “the bodies they steal also belong to someone. They belong to a human being.” Sex workers produce these scenes for profit, and being compensated is how they survive. Whether it’s filmed under contract or created DIY-style, like a cam show, porn that is altered and shared without the consent of the performers is an affront materially as well as morally.
The Walrus/Unsplash
Technology
The Double Exploitation of Deepfake Porn
Discussions around deepfakes have focused on their political danger. But revenge porn and IP theft are the more pressing threats
by Maggie MacDonaldPublished 14:18, Jun. 10, 2021
Over the past three years, celebrities have been appearing across social media in improbable scenarios. You may have recently caught a grinning Tom Cruise doing magic tricks with a coin or Nicolas Cage appearing as Lois Lane in Man of Steel. Most of us now recognize these clips as deepfakes—startlingly realistic videos created using artificial intelligence. In 2017, they began circulating on message boards like Reddit as altered videos from anonymous users; the term is a portmanteau of “deep learning”—the process used to train an algorithm to doctor a scene—and “fake.” Deepfakes once required working knowledge of AI-enabled technology, but today, anyone can make their own using free software like FakeApp or Faceswap. All it takes is some sample footage and a large data set of photos (one reason celebrities are targeted is the easy availability of high-quality facial images) and the app can convincingly swap out one person’s face for another’s.
Never miss stories like this one. Sign up for our Sunday night newsletter:
By checking this box I consent to the use of my information for emails from The Walrus.*
To date, mainstream reporting on deepfakes has emphasized their political danger. Outfits from the Washington Post to the Guardian have warned that the videos could, by eroding trust in media, create chaos. For Forbes, deepfakes threaten to be “a widely destructive political and social force.” Yet, in over three years of the practice, we have yet to see a single credible disinformation effort linked to the technology. Political deepfakes certainly exist. In one video, an AI-generated Barack Obama calls Donald Trump “a total and complete dipshit.” In Belgium, a political party circulated a deepfake of Trump mocking the country’s participation in the Paris climate agreement. Here in Canada, one user took footage of a Trump speech and replaced the former president’s face with that of Ontario premier Doug Ford. While these examples caused a stir, none presented a genuine national security risk. This is not to say that these fears are completely unfounded. The breakneck speed at which deepfakes are improving—often in disturbing new directions, including cloning voices—make it possible that they will be successfully weaponized politically. For the moment, however, they are not being used as feared. In warning about a crisis that doesn’t yet exist, headlines are erasing the damaging way the technology is actually being deployed: almost entirely to manufacture pornography.
A 2019 study by cybersecurity company Deeptrace Labs found that 96 percent of deepfakes involve sexually explicit scenes. There are thousands of clips in which the faces of celebrities, like Gal Gadot, Taylor Swift, Scarlett Johansson, Emma Watson, or even seventeen-year-old TikTok star Charli D’Amelio, have been superimposed onto the bodies of adult film stars. Porn deepfakes also feature the faces of nonfamous individuals—ex-wives, ex-girlfriends, high school crushes. This February, MIT Technology Review reported on a UK woman named Helen Mort who had been warned that she—or, rather, her face, lifted from various social media accounts—had surfaced on a porn site, pasted onto violent sex acts. Such deepfakes, it should be said, are often not aiming to fool viewers. For one thing, the technique frequently results in sloppy overlays with blurry edges and pixelated mouths. But realism isn’t the point. According to media scholar Milena Popova, porn deepfakes are almost always labelled fabrications, with some creators taking pride in them as a kind of fan fiction or media remix.
When Border Security Crosses a Line
Gen Z and the TikTok Generation Wars
This Is the Internet We Were Promised
Like other forms of revenge porn, ethical issues of consent and objectification make it clear that the footage need not be real to inflict real harm. (“It really makes you feel powerless,” Mort said, “like you’re being put in your place.”) Activists and legal scholars widely condemn the practice as a form of media-based sexual abuse. Andrea Werhun, a sex worker whose years in the industry led to the 2018 memoir Modern Whore, describes deepfakes to me as “misogyny in action.” Platforms have taken steps to moderate the videos, with many sites (including PornHub) banning deepfakes outright. Still, porn deepfakes are abundant due to the ease of sharing and reuploading. Piracy is already a standard practice on porn aggregator sites, and deepfakes benefit from the resulting complacency around porn content theft.
Deepfakes don’t just sow humiliation and trauma among the unsuspecting women whose faces are appropriated; they also harm the sex workers who are digitally decapitated by the process. For Zahra Stardust, a fellow at the Berkman Klein Center for Internet and Society at Harvard Law School, deepfakes reflect a broader problem of sex workers losing control over their own images. Deepfakes, she says, are created to humiliate a person, but “the bodies they steal also belong to someone. They belong to a human being.” Sex workers produce these scenes for profit, and being compensated is how they survive. Whether it’s filmed under contract or created DIY-style, like a cam show, porn that is altered and shared without the consent of the performers is an affront materially as well as morally. Deepfakes can be difficult to defeat from a defamation angle, so perhaps a more effective remedy would be to take porn seriously as a part of the digital economy and crack down on deepfaking as copyright infringement.
Like musicians, filmmakers, and writers, porn performers have rights to their creative output. Unlike other media industries, however, porn is the target of a stigma that makes it difficult to fight for better treatment. “Our culture has a fundamental disdain for anyone who makes sex public and explicit,”
“there will be a kind of wilful forgetting around the predominant use of deepfakes.” But this crisis is bigger than porn. If porn performers can have their content brazenly stolen and modified, anyone’s images are fair game. What the porn industry now faces could be an indicator of what we can all expect from platforms in the coming years.
as long as piracy runs rampant in the industry and sharing nonconsensual images is normalized outside of it, responsible alternatives to deepfakes are unlikely to thrive.
Deepfakes are a new and powerful genre of digital media. They represent a creative practice with huge potential for satire and fantasy-building as well as the threat of disinformation. But continuing to frame the technology entirely by what we anticipate—political interference—detracts from our ability to engage with the reality of how deepfakes are being harnessed: to harm women, who are harassed by anonymous creators with no regard for consent, and to harm porn workers, who are made even more precarious without adequate legal protections.
Tomi Engdahl says:
When ransomware strikes, this company helps victims make bitcoin payments
https://www.cnbc.com/2021/06/10/digitalmint-helps-ransomware-victims-make-bitcoin-payments.html
A business will fall victim to a ransomware attack every 11 seconds this year, according to research firm Cybersecurity Ventures.
DigitalMint is a full-service, final-mile crypto broker that helps victims pay ransoms in cryptocurrency.
A business will fall victim to a ransomware attack every 11 seconds this year, according to research firm Cybersecurity Ventures. Some of them, like Colonial Pipeline, have admitted they don’t have a plan for when that happens.
Several businesses have never even dealt in bitcoin, which is the currency of choice for virtually all ransom payments.
“A lot of these companies, especially if they haven’t prepared for an extortion attempt, have no clue what they need to do,” said Rick Holland, chief information security officer at Digital Shadows, a cyberthreat intelligence company.
“Insurance companies will sometimes give them guidance on how to pay and recommend firms to work with on it,” Holland said. “The extortionists will give instructions on how to set up bitcoin wallets and where to go to procure bitcoin.”
There are also companies that swoop in at the last minute to handle the logistics. One example is DigitalMint, a full-service, final-mile crypto broker.
“We’re at the end of the process,” said Marc Grens, co-founder and president of DigitalMint.
Tomi Engdahl says:
Ransomware is the biggest threat, says GCHQ cybersecurity chief https://www.tripwire.com/state-of-security/security-data-protection/ransomware-biggest-threat-says-gchq-cybersecurity-chief/
The head of the UKs National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the need for ransomware problem to be taken seriously, and warns of the cumulative effect if society fails to properly deal with the rising threat.
Tomi Engdahl says:
US-based organizations are under constant ransomware attacks https://www.pandasecurity.com/en/mediacenter/panda-security/us-ransomware-attacks/
Organizations located in the USA are under an unprecedented amount of ransomware attacks that will very likely to continue to grow. In 2020 alone, hackers executed more than 65,000 attacks on U.S. institutions, which equals to approximately seven attacks per minute. Even though most of those attacks are purely driven by greed, they often end up causing absolute havoc for companies and consumers. Panic buying caused gas-shortage on the East Coast with customers paying north of
$7 per gallon because of a cybersecurity incident at Colonial Pipeline back in May.
Tomi Engdahl says:
Microsoft: Scammers bypass Office 365 MFA in BEC attacks https://www.bleepingcomputer.com/news/security/microsoft-scammers-bypass-office-365-mfa-in-bec-attacks/
Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign. The attackers compromised their targets’ mailboxes using phishing and exfiltrated sensitive info in emails matching forwarding rules, allowing them to gain access to messages relating to financial transactions. “The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns,” Microsoft 365 Defender Research Team’s Stefan Sellmer and Microsoft Threat Intelligence Center (MSTIC) security researcher Nick Carr explained.
Tomi Engdahl says:
G7 calls on Russia to crack down on ransomware gangs https://therecord.media/g7-calls-on-russia-to-crack-down-on-ransomware-gangs
In light of the recent wave of high-profile ransomware attacks that have caused havoc in the US and Europe, the member states of the G7 group have called on Russia and other countries to crack down on ransomware gangs operating within their borders. We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions, the G7 group said in a communique [PDF] published on Sunday, at the end of a three-day conference held in Cornwall, UK.
Tomi Engdahl says:
Varmista, etteivät tietosi päädy rikollisille toimi näin https://www.iltalehti.fi/tietoturva/a/d4e66a27-53a0-4f98-9acb-1ac1804ccb0d
Omalla toiminnalla on suuri vaikutus siihen, kuinka turvassa omat tiedot ovat. Suomessa on liikkeellä todella runsaasti erilaisia huijausviestejä, joilla yritetään kalastella tietoja ja päästä käsiksi uhrien rahoihin pankkitunnuksilla. Erilaisilta huijauksilta ja hyökkäyksiltä voi suojautua tehokkaasti toimimalla oikein sellaiseen törmätessä. Lisäksi on tärkeä suojautua jo ennakkoon hyökkäyksiä vastaan.. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kerännyt yhteen seitsemän käytännön ohjetta siihen, miten hyökkäyksiltä voi suojautua tehokkaasti ennakkoon..
Kyberturvallisuuskeskus jakoi hiljattain ohjeet myös organisaatioille siihen, miten verkkotunnukset voi pitää paremmin turvassa.
Tomi Engdahl says:
CISA Warns of Threat Posed by Ransomware to Industrial Systems
https://www.securityweek.com/cisa-warns-threat-posed-ransomware-industrial-systems
Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS).
The Colonial Pipeline attack, which involved Russian cybercriminals and the Darkside ransomware, forced the company to shut down operations. The incident had significant implications, including states declaring a state of emergency, temporary gas shortages, and gas prices rising.
“OT components are often connected to information technology (IT) networks, providing a path for cyber actors to pivot from IT to OT networks,” CISA said. “Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to further other objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network.”
Tomi Engdahl says:
Most Federal Credit Unions Lack Strong Email Security Set Ups
https://www.securityweek.com/most-federal-credit-unions-lack-strong-email-security-set-ups
Financial institutions have always been at the forefront of battling cybercrime. As one of the most targeted industries, they face multiple threats, such as phishing, spear phishing and banking malware. Even less sophisticated scams, such as 419 scams, often abuse their brands in order to add credibility to the scammers behind them.
As these aforementioned incidents all use email as the primary method of reaching out to potential victims, email security is an incredibly important aspect in the banks’ efforts of protecting their customers. Specifically, preventing scammers from masquerading as the bank by sending emails that appear as if they were sent from its official domain.