Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
G7 Tells Russia to Crack Down on Ransomware, Other Cybercrime
https://www.securityweek.com/g7-tells-russia-crack-down-ransomware-other-cybercrime
At the latest Group of Seven (G7) summit, held June 11-13 in the UK, Western leaders called on Russia to take action against those who conduct ransomware attacks and other cybercrimes from within its borders.
In a communiqué issued after the conclusion of the summit, G7 countries vowed to work together to “further a common understanding of how existing international law applies to cyberspace” and collaborate to “urgently address the escalating shared threat from criminal ransomware networks.”
The G7 called on all states to “urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions.”
However, they singled out Russia, and called on Moscow to halt its “destabilising behaviour and malign activities, including its interference in other countries’ democratic systems” and to “identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes.”
Tomi Engdahl says:
Google Offers UK Watchdog Role in Browser Cookie Phase-Out
https://www.securityweek.com/google-offers-uk-watchdog-role-browser-cookie-phase-out
Google is offering U.K. regulators a role overseeing its phasing out of ad-tracking technology from its Chrome browser, in a package of commitments the tech giant is proposing to apply globally to head off a competition investigation.
The U.K. competition watchdog has been investigating Google’s proposals to remove so-called third-party cookies over concerns they would undermine digital ad competition and entrench the company’s market power.
To address the concerns, Google on Friday offered a set of commitments including giving the Competition and Markets Authority an oversight role as the company designs and develops a replacement technology.
“The emergence of tech giants such as Google has presented competition authorities around the world with new challenges that require a new approach,” Andrea Coscelli, the watchdog’s chief executive, said.
The Competition and Markets Authority will work with tech companies to “shape their behaviour and protect competition to the benefit of consumers,” he said.
Tomi Engdahl says:
NBC News:
Sources: in 2019, major labor union Teamsters refused a ransomware demand of $2.5M, against the FBI’s advice, and instead rebuilt its systems from scratch — WASHINGTON — When the Teamsters were hit by a ransomware attack over Labor Day weekend in 2019, the hackers asked for a seven-figure payment.
Ransomware attack hit Teamsters in 2019 — but they refused to pay
https://www.nbcnews.com/tech/security/ransomware-attack-hit-teamsters-2019-they-refused-pay-n1270461
The FBI advised the union to “just pay” the ransom, according to sources. Union officials chose to rebuild their computer network instead.
Tomi Engdahl says:
Securing Your Remote Workforce Under Constant Change
https://www.securityweek.com/securing-your-remote-workforce-under-constant-change
A remote workforce under constant threat requires continuous vigilance and timely responses
Network and online security are serious issues. But for most infosec teams, there is real skepticism about whether all the security features they’ve installed and all the protocols they follow are actually deterring bad actors. Particularly now, following the horrendous SolarWinds and Microsoft Exchange hacks, is anyone really safe? But let’s say you’re one of the few who haven’t detected any network intrusions. Is it because your security tools are working really well? Does it mean that attackers have succeeded, but managed to hide their intrusion? Or could it be that you’ve somehow been spared by hackers?
Many reports claim that employees’ productivity and work-life balance have, if anything, improved since the start of the WFH movement. But it also means that certain security measures — which were hastily put into place as part of a temporarily response to a short-term emergency — now need to be re-engineered into more structured, durable, and high-capacity approaches.
With so much in flux, security teams need to regularly, or even continuously, assess their security posture to find and remediate any potential vulnerabilities. Configuration drift is a huge problem. Even if everything seemed to be 100% secure the day it was installed, a perpetually shifting threat landscape means it may not be tomorrow. Therefore, it’s so important to have frequent, recurring assessments. You can’t just have your reseller set it up once then walk away. In the case of security measures, non-destructive testing is not only possible — it is essential, and easy to perform. Breach and attack simulation tools make it easy to safely simulate all sorts of different attacks to test a network’s defenses as well as those of its individual users.
Software misconfigurations create hidden vulnerabilities and footholds for attackers to strike. Moreover, they can affect any point in an organization’s application stack. These can include its network services, platforms, databases, web servers, application servers, custom code, virtual machines, containers, or storage. Unpatched flaws — including default access accounts, unused web pages, and unprotected files or directories — are among the most frequently used paths for gaining unauthorized access to a victim’s system.
Tomi Engdahl says:
Video: Microsoft’s John Lambert on Better Information Sharing in Cybersecurity
https://www.securityweek.com/video-microsofts-john-lambert-better-information-sharing-cybersecurity
John Lambert, General Manager of the Microsoft Threat Intelligence Center, discusses how it’s more important than ever for defenders and organizations to come together and better share information that can help the entire ecosystem protect against emerging threats.
Lambert shares specific examples of how community resources such as GitHub, MITRE’s ATT&CK Framework, Sigma rules, CodeQL queries and Jupyter notebooks have all been used in recent months to “open-source” security to better defend against sophisticated threats such as NOBELIUM and others.
Microsoft Threat Intel Chief Discusses Open-Sourcing Threat Intelligence to Combat Sophisticated Threats
https://vimeo.com/563317186
Tomi Engdahl says:
Mukavuudenhalusi voi olla tietoturvariski
https://www.uusiteknologia.fi/2021/06/16/mukavuudenhalusi-voi-olla-tietoturvariski-yritykselle/
IBM:n tietoturvatutkimus paljastaa tietotekniikan käyttäjän mukavuudenhalun ohittavan kriittisen tietoturva-ajattelun ja halun suojella jopa omaa yksityisyyttään. Tutkimuksen mukaan jopa 82 prosenttia vastanneista käytti salasanoja uudelleen, mutta Pohjoismaissa salasanojen kierrätys onneksi ei ole aivan niin yleistä kuin globaalisti.
Tomi Engdahl says:
Scientists at the Pacific Northwest National Laboratory have created a cybersecurity technology designed to stop hackers from damaging critical infrastructure networks by luring them instead into an artificial world and feeding them false signals of success.
Shadow Figment is based on honeypots, which attract hackers by providing what appears to be an easy target so cybersecurity researchers can study the attackers’ methods.
PNNL’s technology uses a machine learning enhanced honeypot that learns from observing the real-world operational-technology system where it is installed. It responds to an attack by sending signals that indicate that the system under attack is responding in plausible ways. This “model-driven dynamic deception” is much more realistic than a static decoy, PNNL officials said in a recent release.
Decoy system diverts hackers from critical infrastructure
https://gcn.com/articles/2021/06/14/pnnl-shadow-figment.aspx?m=1
Tomi Engdahl says:
Introducing SLSA, an End-to-End Framework for Supply Chain Integrity https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html
Supply chain integrity attacksunauthorized modifications to software packageshave been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software. The software development and deployment supply chain is quite complicated, with numerous threats along the source build publish workflow. While point solutions do exist for some specific vulnerabilities, there is no comprehensive end-to-end framework that both defines how to mitigate threats across the software supply chain, and provides reasonable security guarantees.. Our proposed solution is Supply chain Levels for Software Artifacts (SLSA, pronounced salsa), an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply
Tomi Engdahl says:
Smoking Out a DARKSIDE Affiliates Supply Chain Software Compromise https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. As reported in the Mandiant post, “Shining a Light on DARKSIDE Ransomware Operations,” Mandiant Consulting has investigated intrusions involving several DARKSIDE affiliates. UNC2465 is one of those DARKSIDE affiliates that Mandiant believes has been active since at least March 2020.
Tomi Engdahl says:
The First Step: Initial Access Leads to Ransomware https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware
Ransomware attacks still use email — but not in the way you might think. Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains.
Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network.
The result is a robust and lucrative criminal ecosystem in which different individuals and organizations increasingly specialize to the tune of greater profits for allexcept, of course, the victims.
Tomi Engdahl says:
Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority https://www.theregister.com/2021/06/16/baltimore_ryuk_ransomware_dollars_8_1m_recovery_cost/
An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it and thats still not the end of it, according to US news reports. The sum, spent by Baltimore County Public Schools, will doubtless raise some eyebrows and the public breakdown of the costs will be eye-opening for the infosec industry and potential corporate ransomware victims alike.
Tomi Engdahl says:
Security Flaw Found in 2G Mobile Data Encryption Standard
https://www.securityweek.com/security-flaw-found-2g-mobile-data-encryption-standard
Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS – or 2G – mobile data standard.
While most phones now use 4G or even 5G standards, GPRS remains a fallback for data connections in some countries.
The vulnerability in the GEA-1 algorithm is unlikely to have been an accident, the researchers said. Instead, it was probably created intentionally to provide law enforcement agencies with a “backdoor” and comply with laws restricting the export of strong encryption tools.
Tomi Engdahl says:
Apple Warns EU Law ‘Risks Destroying iPhone Security’
https://www.securityweek.com/apple-warns-eu-law-risks-destroying-iphone-security
The EU’s proposed new rules to rein in tech giants risk undermining the security of the iPhone, Apple chief Tim Cook warned Wednesday.
The European Union last year unveiled tough draft rules targeting tech giants like Apple, Google, Amazon and Facebook that could shake up the way Big Tech does business.
Cook, speaking at the VivaTech convention for startups in Paris, took aim at some of the rules that target online “gatekeepers” such as Apple which controls which apps can be installed on its phones and tablets.
He said current proposals “would force side loading on the iPhone, and so this will be an alternative way of getting apps onto the iPhone.”
Side loading would allow iPhone users to install apps directly from publishers, something they cannot currently do.
Tomi Engdahl says:
CloudLinux releases UChecker security tool for Linux servers
CloudLinux, best known for its CentOS work, is releasing UChecker, its Linux server security scanner.
https://www.zdnet.com/article/cloudlinux-releases-uchecker-security-tool-for-linux-servers/
Tomi Engdahl says:
OSINT 101: What is open source intelligence and how is it used?
https://www.welivesecurity.com/2021/06/16/osint-101-what-is-open-source-intelligence-how-is-it-used/
The cybersecurity industry often gets obsessed with technology: the latest exploits, hacking tools and threat hunting software. In reality, a lot comes down to people. Its people who develop malware, people that hit the red button to launch attacks and, on the other side, people who are tasked with defending against them. To this end, OSINT, or open source intelligence, is an important but often overlooked human element of cybersecurity.. The bottom line is that whatever you can find out online about your organization, so can the bad actors. That thought alone should drive ongoing OSINT efforts to mitigate cyber-risk.
Tomi Engdahl says:
NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2661746/nsa-releases-guidance-on-securing-unified-communications-and-voice-and-video-ov/
NSA released a Cybersecurity Technical Report today that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The comprehensive report, Deploying Secure Unified Communications/Voice and Video over IP Systems, also describes potential risks to UC/VVoIP systems that arent properly secured. To complement the larger report, NSA published an abridged Cybersecurity Information Sheet to capture key takeways and introduce the steps organizations should take when securing their UC/VVoIP systems.
Tomi Engdahl says:
Network Forensics on Azure VMs (Part #1) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/
The tooling to investigate a potentially malicious event on an Azure Cloud VM is still in its infancy. We have covered before (Forensicating Azure VMs) how we can create a snapshot of the OS disk of a running VM. Snapshotting and then killing off the infected VM is very straight forward, but it also tips off an intruder that he has been found out. Sometimes, it makes sense to first watch for a while, and learn more, for example about compromised accounts, lateral movement, or other involved hosts.
Tomi Engdahl says:
Varo saastunutta linkkiä huijarit matkivat pankkia
https://www.iltalehti.fi/tietoturva/a/d426784f-c79d-40a1-969d-fb922195d564
Erilaisia huijausviestejä on ollut liikkeellä viime aikoina erittäin paljon. Rikolliset yrittävät kalastella suomalaisten tietoja, kuten pankkitunnuksia sekä levittää haittaohjelmaa, joka kaappaa tietoja käyttäjän puhelimesta. Nyt huijarit esittävät Aktian asiakaspalvelua.
Iltalehden käsiinsä saamassa sähköpostiviestissä väitetään, että Aktia on lähettänyt vastaanottajalle luottamuksellisen allekirjoitetun asiakirjan. Viestissä annetaan kiireentuntu sillä, että viestin voi lukea vain kahden viikon ajan. Iltalehden saamien tietojen mukaan myös POP Pankin nimissä liikkuu samanlaisia viestejä.
Tomi Engdahl says:
Biden to Putin: Get your ransomware gangs under control and dont you dare cyber-attack our infrastructure https://www.theregister.com/2021/06/17/biden_putin_summit_cybersecurity_discussion/
US President Joe Biden and his Russian Federation counterpart Vladimir Putin have traded barbs over cyber-attacks at a summit meeting staged yesterday in Switzerland. The readout of Bidens post-summit press conference states that what the two presidents spent a great deal of time on was cyber and cybersecurity.. – I talked about the proposition that certain critical infrastructure should be off limits to attack period by cyber or any other means.. Biden gave Putin a list of 16 specific entities defined as critical infrastructure under US policy, from the energy sector to our water systems.
Tomi Engdahl says:
Ransomware Operators’ Strategies Evolve as Attacks Rise https://beta.darkreading.com/attacks-breaches/ransomware-operators-strategies-evolve-as-attacks-rise
Corporate email inboxes remain a valuable target for many cybercriminals, but ransomware operators are finding new avenues into enterprise networks as defensive tools improve, new research shows.
Ransomware attackers have begun to leverage criminal organizations, mostly banking Trojan distributors, for malware deployment. These so-called “access facilitators” distribute backdoors to victims using malicious links and attachments sent via email. Once they infiltrate a target, the attackers can sell their access to ransomware groups for a cut of the profit, Proofpoint reports.
Tomi Engdahl says:
Google Confirms Sixth Zero-Day Chrome Attack in 2021
https://www.securityweek.com/google-confirms-sixth-zero-day-chrome-attack-2021
Google’s ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn’t going away anytime soon.
For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.
“Google is aware that an exploit for CVE-2021-30554 exists in the wild,” the company said in an advisory posted on Thursday. It refers to a use-after-free vulnerability in WebGL, the JavaScript API used to render graphics without browser plugins.
Tomi Engdahl says:
NSA shares guidance on securing voice, video communications
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-on-securing-voice-video-communications/
The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.
UC and VVoIP are call-processing systems used in enterprise environments for various purposes, from video conferencing to instant messaging and project collaboration.
Since these communication systems are tightly integrated with other IT equipment within enterprise networks, they also inadvertently increase the attack surface by introducing new vulnerabilities and the potential for covert access to an organization’s communications.
Tomi Engdahl says:
UK’s ICO warns over ‘big data’ surveillance threat of live facial recognition in public
https://techcrunch.com/2021/06/18/uks-ico-warns-over-big-data-surveillance-threat-of-live-facial-recognition-in-public/?tpcc=ECFB2021
The UK’s chief data protection regulator has warned over reckless and inappropriate use of live facial recognition (LFR) in public places.
Publishing an opinion today on the use of this biometric surveillance in public — to set out what is dubbed as the “rules of engagement”
“I am deeply concerned about the potential for live facial recognition (LFR) technology to be used inappropriately, excessively or even recklessly. When sensitive personal data is collected on a mass scale without people’s knowledge, choice or control, the impacts could be significant,” she warned in a blog post.
Blog: Information Commissioner’s Opinion addresses privacy concerns on the use of live facial recognition technology in public places
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/06/information-commissioner-s-opinion-live-facial-recognition-technology/
Tomi Engdahl says:
The goal now of the FBI and other agencies is not to break encryption but spread FUD about it. It’s also interesting how the FBI is “partnering” with countries that have more oppressive laws so that they can get around wiretapping laws.
How the FBI Is Trying to Break Encryption Without Actually Breaking Encryption
An encrypted platform created by the FBI led to over 800 arrests in dozens of countries, but at what cost?
https://gizmodo.com/how-the-fbi-is-trying-to-break-encryption-without-actua-1847054471
Tomi Engdahl says:
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2661746/nsa-releases-guidance-on-securing-unified-communications-and-voice-and-video-ov/
42 pages
Tomi Engdahl says:
Ransomware criminals look to other hackers to provide them with network access
New report finds ransomware gangs are buying access from hackers planting backdoors
https://www.itpro.co.uk/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network
Tomi Engdahl says:
The Worst Kind Of Clickbait
https://notalwaysright.com/the-worst-kind-of-clickbait/235750/
They didn’t announce that they were doing this, so the first any of us heard about it was when we got an email from an unknown external address asking us to go to a website and enter in our company location and link our cell numbers to it. Most of us did exactly what IT had trained us to do; we did not click the link and marked it as spam.
They tried sending out an email from one of the higher-ups, which most people didn’t even open because these are usually time-waster emails asking us to check out their new blog posts. Finally, they cascaded the info down through the management chain so that people got messages from their direct managers.
Managers: “The email from [Third Party] is not a scam. When you got the email from them again, sign up for their service.”
But they forgot that thousands of employees marking a single sender as spam would train the filters, so the resend didn’t make it to our inboxes. Eventually, they managed to get the sender whitelisted and the emails arrived.
A process that should have taken a week instead took months because no one bothered to think that this email they were sending looked exactly like the scam emails they had trained us to ignore.
Tomi Engdahl says:
https://pentestmag.com/how-to-run-a-simple-purple-team-operation-on-a-zero-budget/
Tomi Engdahl says:
How to Spot Any Spoofed & Fake Email (Ultimate Guide)
https://www.youtube.com/watch?v=hF1bIT1ym4g
Tomi Engdahl says:
Pekka Riipinen tietää, mitä kybermaailman pimeässä ytimessä on – siellä käydään jatkuvaa taistelua
https://yhteiso.telia.fi/t5/5G-artikkelit-ja-uutiset/Pekka-Riipinen-tietaa-mita-kybermaailman-pimeassa-ytimessa-on/ba-p/224343
Tomi Engdahl says:
Ransomware Actors Evolved Their Operations in 2020 https://www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/
The year 2020 was marked by the trend continuing at an accelerated rate. The advancements by eCrime actors include refinement and application of high-pressure extortion tactics on victim organizations and the sharing or copying of new techniques among different ransomware groups, in addition to a marked increase in the number of ransomware variants. These advancements all but ensure that ransomware will remain a popular method for eCrime actors to monetize breaches in the foreseeable future.
Tomi Engdahl says:
What’s Making Your Company a Ransomware Sitting Duck https://threatpost.com/ransomware-sitting-duck/167040/
What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?
5 essential things to do before ransomware strikes https://www.welivesecurity.com/2021/06/18/5-essential-things-do-before-ransomware-strikes/
By failing to prepare you are preparing to fail here’s what you can do today to minimize the impact of a potential ransomware attack in the future
Tomi Engdahl says:
50, 000 security disasters waiting to happen: The problem of America’s water supplies
https://www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206
“If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant, ” one cybersecurity consultant said. But of all the country’s critical infrastructure, water might be the most vulnerable to hackers: the hardest in which to guarantee everyone follows basic cybersecurity steps, and the easiest in which to cause major, real-world harm to large numbers of people.
Tomi Engdahl says:
Fake DarkSide Campaign Targets Energy and Food Sectors https://www.trendmicro.com/en_us/research/21/f/fake-darkside-campaign-targets-energy-and-food-sectors.html
Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom.
Tomi Engdahl says:
Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/
In yesterday’s diary, we took a look at two methods that allow to capture network connection information off a potentially compromised virtual machine in Azure. Today, we’ll investigate the most recent addition to the VM monitoring arsenal, namely “Azure Monitor Insights”.
Tomi Engdahl says:
Google Releases New Framework to Prevent Software Supply Chain Attacks https://thehackernews.com/2021/06/google-releases-new-framework-to.html
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.
Tomi Engdahl says:
Miljoonat salasanat vuotivat katso, ovatko tietosi mukana
https://www.iltalehti.fi/tietoturva/a/469b78f0-94d0-4ec2-8ce1-479bc5c95467
Suojattuja pilvipalveluja tarjoava NordLocker kertoo sivuillaan havaitsemastaan mittavasta haittaohjelmakampanjasta. Yhtiön mukaan troijalaishaittaohjelma kaappasi vuosien 2018 ja 2020 välillä käyttäjien tietoja 3, 35 miljoonalta Windows-koneelta.
Tomi Engdahl says:
Data is Wealth: Data Security is Wealth Protection https://securityintelligence.com/posts/data-security-wealth-protection/
In 2021 alone, humanity (and a few robots) will create 79 sextillion bytes of data. That’s nearly 10 million times the estimated number of grains of sand on Earth. And those 79 sextillion bytes of data are in addition to all the data we already have. So today, organizations everywhere are not just swimming in data; they are sinking into their own data quicksand.
Tomi Engdahl says:
Inside the Market for Cookies That Lets Hackers Pretend to Be You https://www.vice.com/en/article/n7b3jm/genesis-market-buy-cookies-slack
A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market. On Genesis, criminals don’t just buy one cookie; they buy exclusive access to a “bot, ” a compromised computer that is part of a botnet which could contain any number of login details. But more importantly, Genesis also lets customers essentially recreate a one-to-one replica of that victim’s browser, with their cookies and device fingerprints intact.
Tomi Engdahl says:
Klingon RAT Holding on for Dear Life
https://www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/
This is a technical analysis of an advanced RAT written in Go that we are calling Klingon RAT. The RAT is well-featured and resilient due to its multiple methods of persistence and privilege escalation. It was determined that the RAT is being used by cybercriminals for financial gain. It is important to stay on top of this threat as it will degrade Antivirus security through killing targeted processes and hiding communications through encrypted channels.
Tomi Engdahl says:
Easy Access to the NIST RDS Database
https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/
When you’re facing some suspicious files while performing forensic investigations or analyzing malware components, it’s always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project (“National Software Reference Library”). They build “Reference Data Set” (RDS) of information that can be queried to verify a file hash. CIRCL, the Luxembourg CERT, has a good reputation to offer/participate in services like MISP, a passive DNS service, etc. They are now offering an API to query the NIST RDS via HTTP or DNS requests!
Tomi Engdahl says:
Uusi lakimuutos houkuttelee rikollisia huijaamaan nettitilausten tekijöitä uusilla tavoilla pakettitilaukset voivat kohta tulla viikkojen viiveellä
https://yle.fi/uutiset/3-11982325
Poliisin mukaan viivästykset tarjoavat huijausviestien lähettäjille lisäsauman ryövätä paketinodottajien rahat. – Erilaiset huijausviestit on yksi tämänpäivän vitsauksista ja koko ajan kasvava rikollisuuden ala. Rikosilmoitusmäärät kasvoivat viime vuonna noin 20 prosenttia edellisvuodesta ja nyt suunta näyttää olevan samanlainen, Pöyhönen kertoo.
Uusi lakimuutos houkuttelee rikollisia huijaamaan nettitilausten tekijöitä uusilla tavoilla – pakettitilaukset voivat kohta tulla viikkojen viiveellä
EU:n ulkopuolisia nettiostoksia koskeva arvonlisäverouudistus voi aiheuttaa viikkojen viivästyksiä pakettien toimitusaikoihin heinäkuun alusta lukien. Siitä lähtien kaikista EU:n ulkopuolelta saapuvista nettiostoksista on tehtävä tulli-ilmoitus ja maksettava arvonlisävero, kun nyt valtaosa on tullut Suomeen verovapaasti.
Tomi Engdahl says:
Hit by a Ransomware Attack? Your Payment May be Deductible
https://www.securityweek.com/hit-ransomware-attack-your-payment-may-be-deductible
As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible.
The IRS offers no formal guidance on ransomware payments, but multiple tax experts interviewed by The Associated Press said deductions are usually allowed under law and established guidance. It’s a “silver lining” to ransomware victims, as some tax lawyers and accountants put it.
But those looking to discourage payments are less sanguine. They fear the deduction is a potentially problematic incentive that could entice businesses to pay ransoms against the advice of law enforcement. At a minimum, they say, the deductibility sends a discordant message to businesses under duress.
“It seems a little incongruous to me,” said New York Rep. John Katko, the top Republican on the House Committee on Homeland Security.
Tomi Engdahl says:
NSA Releases Guidance for Securing Enterprise Communication Systems
https://www.securityweek.com/nsa-releases-guidance-securing-enterprise-communication-systems
Tomi Engdahl says:
How to Plan Your M&A Security Strategy
https://www.securityweek.com/how-plan-your-ma-security-strategy
Why Evaluating Cybersecurity Prior to Mergers and Acquisitions is Necessary
https://www.securityweek.com/why-evaluating-cybersecurity-prior-mergers-and-acquisitions-necessary
Tomi Engdahl says:
Attacks Against Container Infrastructures Increasing, Including Supply Chain Attacks
https://www.securityweek.com/attacks-against-container-infrastructures-increasing-including-supply-chain-attacks
Tomi Engdahl says:
Ransomware Gangs Get Paid Off as Officials Struggle for Fix
https://www.securityweek.com/ransomware-gangs-get-paid-officials-struggle-fix
If your business falls victim to ransomware and you want simple advice on whether to pay the criminals, don’t expect much help from the U.S. government. The answer is apt to be: It depends.
“It is the position of the U.S. government that we strongly discourage the payment of ransoms,” Eric Goldstein, a top cybersecurity official in the Department of Homeland Security, told a congressional hearing last week.
But paying carries no penalties and refusing would be almost suicidal for many companies, especially the small and medium-sized. Too many are unprepared. The consequences could also be dire for the nation itself. Recent high-profile extortive attacks led to runs on East Coast gas stations and threatened meat supplies.
The dilemma has left public officials fumbling about how to respond. In an initial step, bipartisan legislation in the works would mandate immediate federal reporting of ransomware attacks to assist response, help identify the authors and even recoup ransoms, as the FBI did with most of the $4.4 million that Colonial Pipeline recently paid.
Without additional action soon, however, experts say ransoms will continue to skyrocket, financing better criminal intelligence-gathering and tools that only worsen the global crime wave.
Tomi Engdahl says:
Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light
https://www.securityweek.com/water-sector-security-report-released-just-another-water-plant-hack-comes-light
The Water Sector Coordinating Council last week announced a new cybersecurity report focusing on water and wastewater utilities in the United States. The release of the report coincided with news that a threat actor in January attempted to poison the water at a facility in the U.S.
The Water Sector Coordinating Council describes itself as “a policy, strategy and coordination mechanism for the Water and Wastewater Sector in interactions with the government and other sectors on critical infrastructure security and resilience issues.”
The organization in April surveyed 606 individuals working at water and wastewater utilities in the U.S. to get a better understanding of the sector in terms of cybersecurity.
According to the report made public on June 17, 356 of respondents said they did not experience any IT security incident in the past year. Three respondents said they experienced 5 or more incidents and 83 reported 1-4 incidents in the last 12 months.
Tomi Engdahl says:
The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
https://www.bbc.com/news/stories-57520169
In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and came within an inch of success – it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world’s poorest and most isolated countries train a team of elite cyber-criminals?
Tomi Engdahl says:
Statesponsored or financially motivated: Is there any difference anymore?
https://www.welivesecurity.com/2021/06/21/state-sponsored-financially-motivated-is-there-any-difference-anymore/
Governments have always conducted offensive cyber-operations. But over the past few years, campaigns have seemed to grow in audacity and volume. The headlines scream about “state-sponsored” or “nation state”
raids targeting everything from critical infrastructure to complex supply chains. But peer closer and the lines between these and traditional cybercrime are increasingly blurred. What does this mean for the future of the threat landscape and the growing impact of cybercrime on global organizations? Without some kind of geopolitical consensus, it’s going to get a lot tougher to stop those criminal groups effectively being sheltered by nation states.
Hit by a ransomware attack? Your payment may be deductible
https://apnews.com/article/technology-business-government-and-politics-d8c1e9958ad1e89eab83f44e6ca70a94
As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S.
government also offers a little-noticed incentive for those who do
pay: The ransoms may be tax deductible.