Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Most organizations would pay in the event of a ransomware attack https://www.helpnetsecurity.com/2021/06/21/pay-ransomware-attack/
Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research from Harris Interactive. When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.
New Australian bill would force companies to disclose ransomware payments https://therecord.media/new-australian-bill-would-force-companies-to-disclose-ransomware-payments/
Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang.
Tomi Engdahl says:
Cyber security needs continuous development https://impulssilvm.fi/2021/06/21/cyber-security-needs-continuous-development/
The need to improve cyber security has been constantly highlighted by increasingly frequent cyber security disruptions. In response to the need for improvement, the Government has now provided guidance for the development of cyber security in its recent Government Resolution. The cyber security development programme steers the long-term cyber security development on a concrete level across industry boundaries.
Its aim is to bring the cyber security skills of companies and citizens to a good level and to produce a strong pool of Finnish cyber security specialists.
Tomi Engdahl says:
EU court rules in Telenet copyright case: ISPs can be forced to hand over some customer data use details https://www.theregister.com/2021/06/21/court_of_justice_telenet_bittorrent_ruling/
Europe’s top court has ruled ISPs can be forced to hand over the details of customers who are alleged to have downloaded material illegally online – but only if they meet certain criteria. In its preliminary finding published last week, the CJEU found that customer details can be handed over as long as it is done in a way that is “justified, proportionate and not abusive.”
Tomi Engdahl says:
DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps https://thehackernews.com/2021/06/droidmorph-shows-popular-android.html
A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis.
“Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by signature based detectors, ” the researchers said. “This attack of clones seriously threatens all the mobile platforms, especially Android.”
Tomi Engdahl says:
How “HackMachine” Enables Fraud and Cyber Intrusions https://geminiadvisory.io/how-hackmachine-enables-fraud/
The cybercriminal software “HackMachine” provides attackers with a simple-to-use and automated method of gaining access to web applications. Attackers can load target victim domains into the software, whereupon the software scans the sites for known vulnerabilities, collects administrator and user login credentials through multiple types of brute-force attacks, and verifies the validity of the credentials.
Tomi Engdahl says:
The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
https://www.bbc.com/news/stories-57520169
In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and came within an inch of success – it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world’s poorest and most isolated countries train a team of elite cyber-criminals?
It all started with a malfunctioning printer. It’s just part of modern life, and so when it happened to staff at Bangladesh Bank they thought the same thing most of us do: another day, another tech headache. It didn’t seem like a big deal.
And the printer played a pivotal role. It was located inside a highly secure room on the 10th floor of the bank’s main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank.
To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.
Tomi Engdahl says:
Hackers are trying to attack big companies. Small suppliers are the weakest link https://www.zdnet.com/article/hackers-are-trying-to-attack-big-companies-small-suppliers-are-the-weakest-link/
Defence companies are a prime target for cyber attackers, and the sometimes-poor security of SMBs in the supply chain could be giving them an easy way in, warn researchers.
Attackers in Executive Clothing – BEC continues to separate orgs from their money https://blog.talosintelligence.com/2021/06/business-email-compromise.html
Business Email Compromise starts as a lot of cybercrime does, with an email. These emails can vary widely in content or in design, but they are almost always spoofed to look like they are coming from someone important. The other common thing is they will almost always ask for some type of assistance. The type of request varies widely, as we’ll demonstrate throughout this blog, but the resulting ask is always financial in nature and will require the recipient to purchase something or wire funds somewhere. So let’s walk through some examples of what we’ve seen over the past year.
Tomi Engdahl says:
How Cyber Safe is Your Drinking Water Supply?
https://krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/
Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52, 000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems a basic first step in protecting networks from cyberattacks.
Tomi Engdahl says:
DirtyMoe malware has infected more than 100, 000 Windows systems https://therecord.media/dirtymoe-malware-has-infected-more-than-100000-windows-systems/
A Windows malware botnet believed to be operated out of China has exploded this year, growing from 10, 000 infected systems in 2020 to more than 100, 000 in the first half of 2021, cyber-security firm Avast reported last week. also:
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
Tomi Engdahl says:
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances https://thehackernews.com/2021/06/wormable-darkradiation-ransomware.html
Cybersecurity researchers have disclosed a new ransomware strain called “DarkRadiation” that’s implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. also:
https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat–and-debian-based-linux-distributions.html
Tomi Engdahl says:
Machine Learning and Cybersecurity – Hype and Reality https://cset.georgetown.edu/publication/machine-learning-and-cybersecurity/
Cybersecurity operators have increasingly relied on machine learning to address a rising number of threats. But will machine learning give them a decisive advantage or just help them keep pace with attackers?
This report explores the history of machine learning in cybersecurity and the potential it has for transforming cyber defense in the near future.
Tomi Engdahl says:
Yritykset: Data on vaarassa konesalissa tai pilvipalvelussa
https://etn.fi/index.php/13-news/12312-yritykset-data-on-vaarassa-konesalissa-tai-pilvipalvelussa
VMware on julkistanut Global Security Insights -turvallisuusraportin nyt neljättä kertaa. Raportin perusteella datanmurroista on tullut arkipäivää Pohjoismaissa. 44 prosenttia kyselyyn vastanneista pelkää vakavaa tunkeutumista ensi vuoden aikana. Datamatkan haavoittuvin piste löytyy yritysten mukaan konesalista tai pilvipalvelusta.
Raportti perustuu verkkokyselyyn, johon vastasi 3 542 tietohallinto-, teknologia- ja tietoturvajohtajaa ympäri maailmaa. Mukana oli myös 251 pohjoismaalaista vastaajaa Suomesta, Ruotsista ja Norjasta.
Tomi Engdahl says:
Laurens Cerulus / Politico:
In a draft plan, the EU outlines a Joint Cyber Unit, which would let countries hit by cyberattacks request help, including rapid response teams
EU to launch rapid response cybersecurity team
Barrage of cyberattacks pushes EU to pool powers to fight hackers.
https://www.politico.eu/article/eu-joint-cyber-unit-rapid-response-cyberattacks/
The European Union wants to launch a new cyber unit to respond to cyberattacks, according to a draft of the plan seen by POLITICO.
The European Commission will present its plan on Wednesday to set up what it calls the “Joint Cyber Unit,” which would allow national capitals hit by cyberattacks to ask for help from other countries and the EU, including through rapid response teams that can swoop in and fight off hackers in real time, according to the draft.
A spate of cyberattacks have wreaked havoc on the Continent, leading to concerns that Europe cannot defend itself or its trade secrets against adversaries. The EU’s plan aims to help countries fight back against increasingly sophisticated and brash attacks by pooling national governments’ cybersecurity powers.
Tomi Engdahl says:
Hannah Murphy / Financial Times:
How Monero, a cryptocurrency that obscures the sender and receiver, is increasingly being used by ransomware gangs wary of bitcoin’s traceability
https://t.co/hbQIknQGK2?amp=1
Tomi Engdahl says:
Daphne Leprince-Ringuet / ZDNet:
EU member states approve unimpeded data flows between EU and UK, deciding UK’s regulations are as good as GDPR, avoiding complex legal paperwork for businesses
A major international data flow problem just got resolved. But another row is already brewing
https://www.zdnet.com/article/a-major-international-data-flow-problem-just-got-resolved-but-another-row-is-already-brewing/
The EU has just green-lighted the free flow of personal data with the UK. But if the country now changes its data laws, it could bring an end to the agreement.
Tomi Engdahl says:
Garland: More “Depth” Needed to Protect Against Cyberattacks
https://www.securityweek.com/garland-more-depth-needed-protect-against-cyberattacks
Attorney General Merrick Garland said Tuesday that private industry needs better safeguards to avoid calamitous consequences in the event of cyberattacks like the ones that have targeted American infrastructure and corporations.
“You have to have a secondary method if your first method is shut down. You have to have depth, and we need to work with them on that,” Garland said, one week after a meeting between President Joe Biden and Russian President Vladimir Putin that included discussion of a spate of Russia-linked ransomware attacks in recent months.
Such hacks, including a ransomware attack last month on Colonial Pipeline, are “extremely dangerous,” Garland said. The Justice Department has responded with a task force focused on ransomware.
Tomi Engdahl says:
MITRE Adds D3FEND Countermeasures to ATT&CK Framework
https://www.securityweek.com/mitre-adds-d3fend-countermeasures-attck-framework
The U.S. government’s National Security Agency (NSA) on Tuesday announced plans to fund the development of a knowledge base of defensive countermeasures for the most common techniques used by malicious hackers.
The project, called D3FEND, is available through the non-profit MITRE Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques.
The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.
Mitre described D3FEND as an “early stage experimental research project”
https://d3fend.mitre.org/
Tomi Engdahl says:
Digiturvabarometri kertoo huolen kasvavan
https://www.uusiteknologia.fi/2021/06/23/digiturvabarometri-kertoo-huolen-kasvavan/
Tomi Engdahl says:
Suomalaiset menettäneet 13, 5 miljoonaa huijareille lue poliisin ohjeet https://www.is.fi/digitoday/tietoturva/art-2000008078041.html
Verkkohuijarit ovat vieneet suomalaisilta tänä vuonna 13, 5 miljoonaa euroa, joista lähes 5 miljoonaa pankkihuijauksin.
Tomi Engdahl says:
MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework https://therecord.media/mitre-releases-d3fend-defensive-measures-complimentary-to-its-attck-framework/
The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.
Tomi Engdahl says:
French Spyware Executives Are Indicted for Aiding Torture https://www.wired.com/story/french-spyware-executives-indicted-aiding-torture/
The managers are accused of selling tech to Libya and Egypt that was used to to identify activists, read private messages, and kidnap, torture, or kill them.
Tomi Engdahl says:
Guide for enterprises on how to prevent and deal with ransomware attacks https://blog.checkpoint.com/2021/06/23/global-surge-in-ransomware-attacks-to-pay-or-not-to-pay-is-not-the-only-question/
Every week, more than 1, 200 organizations worldwide fall victim to a ransomware attack, and all enterprises without exceptions are at risk.
The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The increase in attacks is also related to the availability of threats. Many hacker groups offer ransomware as a service, so anyone can rent this type of threat, including infrastructure, negotiating with victims or extortion websites where stolen information can be posted.
Tomi Engdahl says:
Strategies, tools, and frameworks for building an effective threat intelligence team https://www.microsoft.com/security/blog/2021/06/22/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team/
In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Red Canary Director of Intelligence Katie Nickels, a certified instructor with the SANS Institute. In this blog, Katie shares strategies, tools, and frameworks for building an effective threat intelligence team.
Tomi Engdahl says:
Threat Update 43 Ransomware Early Warning: Brute Force https://www.varonis.com/blog/threat-update-43-ransomware-early-warning-brute-force/
Join Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team as they talk about how monitoring for brute-force attempts helps organizations spot potential infiltration points or attempts to elevate rights. They will also review real-world examples of how to narrow down the source of the attempts to foil the attacker’s plans.
Tomi Engdahl says:
Games, Gaming and Gamers Are a Rapidly Growing Target for Hackers
https://www.securityweek.com/games-gaming-and-gamers-are-rapidly-growing-target-hackers
New report from Akamai provides insight into the recent surge of game-related hacking
Attacks against the video gaming industry and its gamers skyrocketed during the pandemic lockdown year of 2020, with more than 240 million web app attacks (a growth of 340% over the previous year). While the pandemic conditions likely contributed to this growth, researchers believe that attacks will continue, and continue to grow, even after the pandemic is over.
Tomi Engdahl says:
Tim Higgins / Wall Street Journal:
In a new report, Apple says letting iOS users sideload apps would undermine privacy protections, complicate parental controls, and potentially expose user data — Company says allowing users to download software onto their iPhones without using the App Store jeopardizes protections
Apple’s Fight for Control Over Apps Moves to Congress and EU
https://www.wsj.com/articles/apples-fight-for-control-over-apps-moves-to-congress-and-eu-11624440601?mod=djemalertNEWS
Company says allowing users to download software onto their iPhones without using the App Store jeopardizes protections
Tomi Engdahl says:
Ole varovainen somessa – verkkorikolliset vaanivat kaikkialla
https://etn.fi/index.php/13-news/12323-ole-varovainen-somessa-verkkorikolliset-vaanivat-kaikkialla
Tomi Engdahl says:
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
The Story of a Novel Supply Chain Attack
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
Some programming languages, like Python, come with an easy, more or less official method of installing dependencies for your projects. These installers are usually tied to public code repositories where anyone can freely upload code packages for others to use.
When downloading and using a package from any of these sources, you are essentially trusting its publisher to run code on your machine. So can this blind trust be exploited by malicious actors?
Tomi Engdahl says:
EU announces joint cyber-unit to respond to large-scale security incidents https://therecord.media/eu-announces-joint-cyber-unit-to-respond-to-large-scale-security-incidents/
The new unit will operate separately from current EU agencies. It will only intervene in the case of a widespread security incident to coordinate resources, communications, and joint response plans between existing EU bodies and state governments if the incident impacts more than one state
Tomi Engdahl says:
Schneier on Security – Norwegian Consumer Council – Time to ban surveillance-based advertising https://www.schneier.com/blog/archives/2021/06/banning-surveillance-based-advertising.html
Norwegian Consumer Concil published a report about privacy and data protection challenges (and much more) and possible ways forward for advertising-funded digital content. Link to report:
https://www.forbrukerradet.no/wp-content/uploads/2021/06/20210622-final-report-time-to-ban-surveillance-based-advertising.pdf
Tomi Engdahl says:
US seizes 33 Iranian state-run media sites accused of election disinformation https://arstechnica.com/tech-policy/2021/06/us-seizes-33-iranian-state-run-media-sites-accused-of-election-disinformation/
US government said it seized 33 websites run by a branch of the Iranian government that spread disinformation in the US before the
2020 presidential election. The US also seized three websites that it said were operated by an Iraqi terrorist organization
Tomi Engdahl says:
Using VMs to hide ransomware attacks is becoming more popular https://therecord.media/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular/
In early 2020, security researchers were baffled to discover that a ransomware gang had come up with an innovative trick that allowed it to run its payload inside virtual machines on infected hosts as a technical solution that bypassed security software.
Tomi Engdahl says:
Clop gang partners laundered $500 Million in ransomware payments https://thehackernews.com/2021/06/clop-gang-members-laundered-500-million.html
The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. While the bust was seen as a major blow to the operations of the Clop gang, the hackers published earlier this week a fresh batch of confidential employee records stolen from a previously unknown victim on their dark web portal, raising the possibility that the arrested suspects may have been affiliates who play a lesser role in the operations.
Tomi Engdahl says:
Gaming industry under siege from cyberattacks during pandemic https://www.welivesecurity.com/2021/06/24/gaming-industry-under-siege-cyberattacks-pandemic/
During the COVID-19 pandemic, the gaming industry has seen greater growth in cyberattacks than any other industry, according to content delivery network (CDN) provider Akamai. Web application attacks against gaming companies rose by 340 percent between 2019 and 2020 and by as much as 415 percent between 2018 and 2020.
Tomi Engdahl says:
Google announces unified vulnerability schema to strengthen open-source security https://security.googleblog.com/2021/06/announcing-unified-vulnerability-schema.html
The Open Source Vulnerabilities (OSV) database was released in February with the goal of automating and improving vulnerability triage for developers and users of open source software. Google is now expanding OSV to several key open-source ecosystems: Go, Rust, Python, and DWF.
Tomi Engdahl says:
XDR is a Destination, Not a Solution
https://www.securityweek.com/xdr-destination-not-solution
If we define XDR as a solution, SOCs can’t reach their ultimate destination because, as a solution, XDR can’t be a holistic approach
Extended Detection and Response (XDR) is the latest buzz word in the security industry and, as with any new technology development, in the early days there is a lot of confusion. Industry analysts each have their own definition. Meanwhile, security vendors are quickly jumping on the bandwagon, recasting their products as XDR solutions and spinning up their own definitions.
Here is the problem…XDR is a destination, not a solution. Let me explain.
Tomi Engdahl says:
Cybersecurity is Never Out-of-Office
https://www.securityweek.com/cybersecurity-never-out-office
Things to consider which may help keep attacks at bay and allow everyone to enjoy their well-earned break
Over the last year, up to two-thirds of us had to work remotely, and a significant number will continue to do so. This has caused a blurring of the boundary between work and home, with many people using personal devices for work use or work devices for personal use. Security teams have seen traffic increases on the corporate network for shopping, social media and online education. Introducing new policies to manage risk on corporate devices and monitor home-network traffic without encroaching on staff privacy has proved a tricky balance, attempting to remain vigilant, fully compliant and provide protection without affecting the end-user experience.
Tomi Engdahl says:
Self-Healing Cybersecurity Systems: A Pipe Dream or Reality?
https://www.securityweek.com/self-healing-cybersecurity-systems-pipe-dream-or-reality
Cybersecurity has been a priority for organizations for many years. According to Gartner, organizations are expected to spend $150.4 million on IT security and risk management technologies in 2021, which would reflect a 12.4 percent increase compared to 2020. Yet, despite these investments in security controls, cyber-attacks keep coming. In fact, cyber criminals took advantage of the shift to a pandemic-defined work environment by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Their primary target for their attacks – remote workers and their endpoint devices, which serve as an access point to an enterprise’s network.
Ensuring that the increased number of remote endpoints are kept secure and avoid becoming an entry point for hackers to compromise the network, is overwhelming for many IT teams. They are often allocated to big-ticket items such as servers and cloud-based databases to protect. Thus, it is not surprising that the concept of self-healing cybersecurity systems is appealing to many IT and security professionals, as they are seeking ways to cut the time and effort needed to protect distributed infrastructures. So how close are we to self-healing cybersecurity systems?
When establishing visibility and security controls across endpoints, IT and security professionals need to understand that each endpoint bears some or all responsibility for its own security. This is different from the traditional network security approach, in which case established security measures apply to the entire network rather than individual devices and servers. At a minimum, organizations therefore should deploy simple forms of endpoint security like anti-virus or anti-malware software across their entire fleet of devices. Many organizations are going beyond these simple measures and nowadays leverage modern endpoint security technology that encompasses encryption, intrusion detection, and behavior-blocking elements to identify and block threats and risky behavior, either by end users or intruders.
Tomi Engdahl says:
Cyrus Farivar / NBC News:
As “security robots” get deployed across the US by local governments and companies, there is little to no evidence they can effectively fight crime
Security robots expand across U.S., with few tangible results
“It would be difficult to introduce a single thing and it causes crime to go down,” one expert said.
https://www.nbcnews.com/business/business-news/security-robots-expand-across-u-s-few-tangible-results-n1272421
So earlier this year, Westland introduced a broader program to reduce crime and added an “autonomous security robot” manufactured by Knightscope, a Silicon Valley company to make the complex safer. Each robot is given a nickname, and the one roaming around Liberty Village is called “Westy.”
This model, K5, is a conical, bulky, artificial intelligence-powered robot that stands just over 5 feet tall. Westy slowly roams around at about a human walking speed, with four internal cameras capturing a constant 360-degree view. It also can scan and record license plates and unique digital identifiers that every cellphone broadcasts, known as MAC addresses.
But it’s unclear how much Westy has reduced crime at Liberty Village.
Smith Johnes says:
Thanks for sharing “Cyber security trends for 2021″. Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. If you want to read more on “How to Ensure Cybersecurity in the Age of IoT” please follow the link
Tomi Engdahl says:
One billion dollars lost by over-60s through online fraud in 2020 https://hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.html
According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. In the IC3′s Elder Fraud Report, the FBI detailed that approximately 28% of all fraud losses are sustained by victims who are over 60 years old with losses totalling approaching US $1 billion.
Tomi Engdahl says:
What is the WireGuard VPN protocol?
https://blog.malwarebytes.com/101/2021/06/what-is-the-wireguard-vpn-protocol/
WireGuard is the newest player in the VPN protocol world and has many advantages over older types of protocols. Many experts are excited about WireGuard because it trims the fat to be faster and lighter than protocols like OpenVPN.
Tomi Engdahl says:
Like Their Adversaries, Threat Hunters Need Anonymity
https://www.securityweek.com/their-adversaries-threat-hunters-need-anonymity
The pivot to remote work forced by the Covid-19 outbreak was sudden, but security stepped up to the challenge. According (ISC)², the association of certified cybersecurity professionals, three out of ten said they had a day or less to secure their employers’ remote workers.
Now that operations are returning to normal—or the New Normal, which is bound to include a big segment of remote work—security needs to adjust to a number of workers who will continue to work from home. And that includes a fair amount of security analysts and other network security staff.
That opens up a new front in the war against cybercrime, often right in the white hats’ homes. How can we be sure that threat hunters stay safe, and don’t themselves become a threat to the systems they protect?
Tomi Engdahl says:
GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016
https://www.securityweek.com/github-paid-out-over-15-million-bug-bounty-program-2016
Tomi Engdahl says:
Mozilla Launches Privacy-Focused Browsing Data Sharing Platform
https://www.securityweek.com/mozilla-launches-privacy-focused-browsing-data-sharing-platform
Mozilla has a new privacy-focused data sharing platform that provides users with increased control of their data and also allows them to contribute to a better Internet.
Built in collaboration with Princeton University researchers, the new Mozilla Rally allows users to select who they want to share their browsing data with, the browser maker says.
The new platform, Mozilla says, was built with privacy and transparency at its core, but also allows users to contribute their browsing data to projects that could help build “a better Internet and a better society.”
https://rally.mozilla.org/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12331-usb-on-todellinen-uhka-teollisuudelle
Tomi Engdahl says:
USB on todellinen uhka teollisuudelle
https://etn.fi/index.php/13-news/12331-usb-on-todellinen-uhka-teollisuudelle
Raportin mukaan USB-tikkujen tai siirrettävien levyjen käyttö kasvoi viime vuonna 30 prosenttia. Osin tähän vaikutti koronapandemia, kun esimerkiksi teknikkojen käyntejä tehtailla rajoitettiin. Samaan aikaan USB:n yli siirtyvien teollisuuden järjestelmiin tarkoitettujen haittaohjelmien määrä kaksinkertaistui.
teollisuuden haittaohjelmissa troijalaiset dominoivat 76 prosentin markkinaosuudella. Yli puolet haitoista oli matoja eli kykenivät monistamaan itsensä ja infektoimaan aina uusia laitteita. Matojen osuus kasvoi selvästi edellisvuodesta.
Huolestuttavaa raportissa on vakavien haittojen määrän kasvu. Vuonna 2019 noin 59 prosenttia teollisuuslaitteisiin suunnitelluista haitoista kykeni sammuttamaan verkkoja. Viime vuonna osuus nousi 79 prosenttiin eli neljä viidestä teollisuuden USB-haitasta oli ns. kriittinen.
https://www.honeywell.com/us/en/honeywell-forge/cybersecurity/cybersecurity-threat-report-2021#form
Tomi Engdahl says:
Russian hackers had months-long access to Denmark’s central bank https://www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/
Russian state hackers compromised Denmark’s central bank (Danmarks
Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.
Tomi Engdahl says:
The “WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight https://yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/
Yoroi Malware ZLAB is reporting extensively on a large scale operation by an actor that has been active since 2019 and targeting Italian and European organizations.
Tomi Engdahl says:
NCSC UK – Device Security Guidance for public sector and large organisations https://www.ncsc.gov.uk/blog-post/securing-your-devices-future
National Cyber Security Centre UK has published “Device Security Guidance” for organisations on how to choose, configure and use devices securely