Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
UN Security Council Confronts Growing Threat of Cyber Attacks
https://www.securityweek.com/un-security-council-confronts-growing-threat-cyber-attacks
The UN Security Council on Tuesday will hold its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries’ key infrastructure, an issue Joe Biden recently raised with his Russian counterpart Vladimir Putin.
At their summit earlier this month in Geneva, the US president set out red lines for Russia, which is often accused of being behind major hacks. In this case, he laid out 16 “untouchable” entities, ranging from the energy sector to water distribution.
“This is the generic list of critical infrastructure which every country has,” said one European ambassador who specializes in cybersecurity.
“In the United Nations first committee, we already have agreed in 2015, which is six years ago, that we are refraining from malicious cyber activities against each other’s critical infrastructures as UN member states,” the diplomat said.
Tomi Engdahl says:
Malvuln Project Catalogues 260 Vulnerabilities Found in Malware
https://www.securityweek.com/malvuln-project-catalogues-260-vulnerabilities-found-malware
Malvuln has catalogued hundreds of vulnerabilities discovered in malware, and while the project has yet to actually prove useful to anyone, its developer is not discouraged.
Malvuln, an interesting project of security researcher John Page (aka hyp3rlinx), catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited.
Since launching the project in early January 2021, Page has discovered more than 260 vulnerabilities across an estimated 105 individual malware families, including trojans, worms, backdoors, droppers, and ransomware.
The vulnerabilities include issues related to memory corruption, insecure permissions, hardcoded credentials, authentication bypass, directory traversal, and information disclosure. Some of the flaws can be exploited for DoS attacks (i.e. to cause the malware to crash), while others allow unauthenticated “attackers” to remotely execute arbitrary commands — either OS commands on the already-infected system or commands made available by the malware.
https://www.securityweek.com/malvuln-project-catalogues-vulnerabilities-found-malware
Tomi Engdahl says:
CISA releases new ransomware self-assessment security audit tool https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).
Tomi Engdahl says:
IBM Gifts Threat Hunting Tool to Open Cybersecurity Alliance
https://www.securityweek.com/ibm-gifts-threat-hunting-tool-open-cybersecurity-alliance
IBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance (OCA).
The Kestrel threat hunting tool helps Security Operations Center (SOC) analysts and other cybersecurity professionals streamline threat discovery.
Through threat hunting, cybersecurity professionals can find hidden threats before they perform an attack, accelerating response to indicators of compromise. Kestrel aims to help analysis find threats more effectively through
Kestrel aims “to enable threat hunters to express hunts in an open, composable threat hunting language. Kestrel leverages automation to execute tedious hunting tasks, allowing threat hunters to focus on higher priority tasks,” IBM explains.
The tool leverages machine-based automation and allows for best practices to be reused in reducing times between hunts. Available in open-source, the project can be used by threat hunters worldwide to collaborate and share knowledge.
https://github.com/opencybersecurityalliance/kestrel-lang
Tomi Engdahl says:
Ransomware Increasingly Detected on Industrial Systems: Report
https://www.securityweek.com/ransomware-increasingly-detected-industrial-systems-report
Trend Micro on Wednesday released a new report describing the threats affecting industrial control system (ICS) endpoints in 2020.
According to the report, ransomware infections saw a significant increase last year, mainly due to a rise in Sodinokibi (REvil), Ryuk, Nefilim and LockBit attacks launched between September and December.
The highest number of organizations that had their industrial systems hit by ransomware was seen by the cybersecurity firm in the United States, far more than in any other country. However, in terms of the percentage of organizations affected compared to the total number of organizations in the country, the U.S. was at an average level — the most impacted appear to be Vietnam, Spain and Mexico.
The report is based on data collected from ICS endpoints used to design, monitor and control industrial processes. These systems run industrial automation suites or serve as engineering workstations (EWS).
“Ransomware in ICSs can cause the loss of view or control of physical processes,” Trend Micro explained in its report. “Monitoring and control interfaces such as HMIs and EWS are reliant on image files (.jpg, .bmp, .png) and configuration files to render the interface; However, in ransomware attacks, data including configuration files and images end up encrypted, and therefore, unusable by the ICS software. Therefore, ransomware effectively cripples the HMI and EWS. This in turn leads to productivity and revenue losses for the facility.”
Tomi Engdahl says:
Hackers Used to Be Humans. Soon, AIs Will Hack Humanity
Like crafty genies, AIs will grant our wishes and then hack them, exploiting our social, political, and economic systems like never before.
https://www.wired.com/story/opinion-hackers-used-to-be-humans-soon-ais-will-hack-humanity/?utm_social-type=owned&mbid=social_facebook&utm_medium=social&utm_brand=wired&utm_source=facebook
Tomi Engdahl says:
The VC View: Enabling Business via IT Security
https://www.securityweek.com/vc-view-enabling-business-it-security
The opportunity for the security industry is to build a remote-ready security program that is equally secure for remote and in-office workers
I think it’s safe to say that the pandemic has changed the working world forever. More than a year into the largest social experiment in recent history, pretty much every assumption and hypothesis out there about a remote workforce has been proven and/or disproven at this point.
Looking back at the start of IT security, IT was created to be a business enabler. Any technology the users wanted/needed to increase productivity, IT was the onramp and support to actually use that technology at scale to generate value. IT security was then created to make sure that value was protected, resilient and done according to best practices.
Thus when the pandemic happened and disrupted business on a global scale, every IT and IT security teams’ first priority was to help employees get back to work. The pandemic demanded BYOD on hyperdrive, VPN capacity pushed to its limits, data movement with little to no visibility. Technology was the saving grace that enabled everyone to stay productive no matter where they were. The pandemic made security real.
The opportunity for the security industry now is to build a remote-ready security program that is as equally secure for the remote employee as being in the office.
Tomi Engdahl says:
Becoming Elon Musk – the Danger of Artificial Intelligence
https://www.securityweek.com/becoming-elon-musk-%E2%80%93-danger-artificial-intelligence
A Tel Aviv, Israel-based artificial intelligence (AI) firm, with a mission to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents, has developed the opposite: an attack against facial recognition systems that can fool the algorithm into misinterpreting the image.
Tomi Engdahl says:
Becoming Elon Musk – the Danger of Artificial Intelligence
https://www.securityweek.com/becoming-elon-musk-%E2%80%93-danger-artificial-intelligence
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12344-kiristyshaittaohjelmilla-hyokataan-teollisuuden-ohjausjarjestelmiin
Tomi Engdahl says:
Traficom laajentaa Tietoturvamerkin käyttöä puhelimille sitä tuskin myönnetään (MAKSUMUURI)
https://www.tivi.fi/uutiset/tv/103601a5-8ec3-49ff-b273-764a1c72bda8
Suomalaisten tietoisuus siitä, että älylaitteet saattavat jakaa käyttäjän tietoja luvatta ulkopuolisille on kasvussa. Turvallisia ostopäätöksiä edistetään laajentamalla Tietoturvamerkin käyttöä.
Tomi Engdahl says:
Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks https://threatpost.com/healthcare-prey-ransomware-cyberattacks/167525/
Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. A long-running problem in the healthcare industry is the use of outdated and/or unpatched systems and devices.
This is a problem that can largely be attributed to budgetary pressures, both in terms of the cost of equipment and for fielding a well-equipped IT security operation.
Tomi Engdahl says:
Ransomware gangs are taking aim at ‘soft target’ industrial control systems https://www.zdnet.com/article/ransomware-gangs-are-taking-aim-at-soft-target-industrial-control-systems
Cyber criminals are increasingly targeting industrial control systems that control cyber-physical systems in the hope of big pay days.
Ransomware attacks are targeting legacy industrial control systems
(ICS) and more needs to be done to secure networks at industrial facilities against the threat of being disrupted by cyber criminals attempting to make money from extortion.
Tomi Engdahl says:
DHS Hired 300 Cybersecurity Professionals in Last Two Months
https://www.securityweek.com/dhs-hired-300-cybersecurity-professionals-last-two-months
Tomi Engdahl says:
https://www.securityweek.com/french-tech-firm-charged-over-libya-cyber-spying
Tomi Engdahl says:
Russians Used Brute Force Attacks Against Hundreds of Orgs: Security Agencies
https://www.securityweek.com/security-agencies-russian-cyberspies-used-brute-force-against-hundreds-orgs
Tomi Engdahl says:
CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts
https://www.securityweek.com/cisa-issues-mitre-attck-mapping-guide-threat-intelligence-analysts
https://us-cert.cisa.gov/sites/default/files/publications/Best%20Practices%20for%20MITRE%20ATTCK%20Mapping.pdf
Tomi Engdahl says:
Ransomware attacks driving cyber reinsurance rates up 40% https://www.zdnet.com/article/ransomware-attacks-driving-cyber-reinsurance-rates-up-40/
London-based reinsurance broker Willis Re told Reuters on Thursday that cyber reinsurance rates are skyrocketing due to a spate of devastating ransomware attacks on major companies in recent months.
Tomi Engdahl says:
Getting Started with Security Testing: A Practical Guide for Startups https://thehackernews.com/2021/07/getting-started-with-security-testing.html
A common misconception among startup founders is that cybercriminals won’t waste time on them, because they’re not big or well known enough yet.
Tomi Engdahl says:
https://transnexus.com/whitepapers/understanding-stir-shaken/
Tomi Engdahl says:
https://securityintelligence.com/articles/osi-model-threats-osi-presentation-layer/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/06/23/digiturvabarometri-kertoo-huolen-kasvavan/
Tomi Engdahl says:
Instructions Show How Cops Use GrayKey to Brute Force iPhones
Newly released documents provide new insight into the capabilities of the iPhone unlocking tech.
https://www.vice.com/en/article/k7835w/how-to-brute-force-iphones-graykey
Tomi Engdahl says:
European Union to set up new cyber response unit
Proposed Joint Cyber Unit will tackle a rising number of serious incidents impacting public services, businesses and citizens of the EU
https://www.computerweekly.com/news/252502897/European-Union-to-set-up-new-cyber-response-unit
Tomi Engdahl says:
The Linux Foundation Launches the Open Voice Network, Promises Privacy at the Heart of Its Standards
An official Foundation project, the Open Voice Network aims to encourage the development and adoption of open standards.
https://www.hackster.io/news/the-linux-foundation-launches-the-open-voice-network-promises-privacy-at-the-heart-of-its-standards-7e4797f4581c
Tomi Engdahl says:
SolarWinds hackers could have been waylaid by simple countermeasure -US officials
https://www.reuters.com/technology/solarwinds-hackers-could-have-been-waylaid-by-simple-countermeasure-us-officials-2021-06-21/
Tomi Engdahl says:
https://hackersonlineclub.com/arp-scan-command-to-scan-the-local-network/
Tomi Engdahl says:
https://hackersonlineclub.com/how-to-capture-pcap-logs-with-wireshark/
Tomi Engdahl says:
Tietoturva on oman aktiivisuuden varassa – miksi ja miten siihen pitäisi panostaa?
https://www.kotitalolehti.fi/blogi/tietoturva-on-oman-aktiivisuuden-varassa-miksi-ja-miten-siihen-pitaisi-panostaa/
Tomi Engdahl says:
Biden is worried about cybersecurity. Japan says watch cartoons
It’s hard to make people care about cybersecurity. A Japanese company, however, has a suggestion.
https://www.zdnet.com/article/biden-is-worried-about-cybersecurity-japan-says-watch-cartoons/
Tomi Engdahl says:
https://www.independent.co.uk/life-style/gadgets-and-tech/google-android-app-crashing-stopping-b1870348.html
Tomi Engdahl says:
Ban biometric surveillance in public to safeguard rights, urge EU bodies
https://techcrunch.com/2021/06/21/ban-biometric-surveillance-in-public-to-safeguard-rights-urge-eu-bodies/
Tomi Engdahl says:
EU puts out final guidance on data transfers to third countries
https://techcrunch.com/2021/06/22/eu-puts-out-final-guidance-on-data-transfers-to-third-countries/
Tomi Engdahl says:
https://www.iflscience.com/technology/is-your-phone-really-listening-to-your-conversations-well-turns-out-it-doesnt-have-to/
Tomi Engdahl says:
Ryan Gallagher / Bloomberg:
A new database by human rights groups documents 60+ cases in which NSO’s spyware has been used by authoritarian regimes to target dissidents and critics
https://www.bloomberg.com/news/articles/2021-07-03/new-database-ties-nso-group-to-improper-spying-and-violence
Tomi Engdahl says:
The Complete List Of Hacker And Cybersecurity Movies
You can learn a lot about cybercrime by watching these flicks
https://cybersecurityventures.com/movies-about-cybersecurity-and-hacking/
Tomi Engdahl says:
Researchers Learn From Nation-State Attackers’ OpSec Mistakes https://beta.darkreading.com/threat-intelligence/researchers-learn-from-nation-state-attackers-opsec-mistakes?
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten. When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers’ mistakes instead?
Tomi Engdahl says:
EU Passes Emergency Law Allowing Tech Companies To Screen Messages For Child Abuse https://www.forbes.com/sites/emmawoollacott/2021/07/07/eu-passes-emergency-law-allowing-tech-companies-to-screen-messages-for-child-abuse/
The European Parliament has approved emergency measures allowing internet companies to scan users’ private messages for material containing child sex abuse.
Tomi Engdahl says:
ProtonMail, DuckDuckGo, others ask EU & US regulators to ban surveillance-based advertising https://therecord.media/protonmail-duckduckgo-others-ask-eu-us-regulators-to-ban-surveillance-based-advertising/
A group of privacy-first tech companies, including the likes of ProtonMail, DuckDuckGo, Vivaldi, Tutanota, and Startpage, have published an open letter today asking EU and US regulators to take action and ban surveillance-based advertising.
Tomi Engdahl says:
Why I Love (Breaking Into) Your Security Appliances https://threatpost.com/breaking-into-security-appliances/167584/
David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.
Tomi Engdahl says:
Email fatigue among users opens doors for cybercriminals https://www.bleepingcomputer.com/news/security/email-fatigue-among-users-opens-doors-for-cybercriminals/
Given the mass migration to remote work, more critical business data is being shared by email than ever before. Users can now receive hundreds of emails a day, and sifting through them is time-consuming and exhausting.
Tomi Engdahl says:
Patrick Howell O’Neill / MIT Technology Review:
How a years-long cybercrime investigation by FBI, Russia, and Ukraine was undone by corruption, rivalry, and stonewalling, resulting in the hackers going free — Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.
Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation
https://www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/
Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.
The American cops took the slower, cheaper train from Kyiv to Donetsk.
After repeatedly traveling between Ukraine and the United States, there were more comfortable ways to make this final, 400-mile journey. But the five FBI agents felt like luxury tourists compared to most travelers onboard. They could afford spacious private rooms while locals were sleeping 10 to a cabin. The train moved haltingly, past empty country and villages that, to the Americans at least, looked as if they’d been frozen in the Cold War.
The overnight trek was set to take 12 hours, but it had truly begun two years earlier, in 2008, at the FBI offices in Omaha, Nebraska. That’s where the agents had started trying to understand a cybercrime explosion that was targeting Americans and pulling in millions of dollars from victims. At that point, with at least $79 million stolen, it was by far the biggest cybercrime case the FBI had ever seen. Even today, there are few to match its scale.
Tomi Engdahl says:
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards https://msrc-blog.microsoft.com/2021/07/08/microsoft-bug-bounty-programs-year-in-review-13-6m-in-rewards/
Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program.
Tomi Engdahl says:
Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation https://www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/
Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.
Tomi Engdahl says:
How Fake Accounts and Sneaker-Bots Took Over the Internet https://threatpost.com/fake-accounts-sneaker-bots-internet/167626/
Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. Fake accounts are used for other purposes too: Facebook for instance last fall announced the takedown of 14, 000 fake accounts used to spread disinformation in the 2020 election.
Malvertising: What It Is and How to Protect Yourself https://www.pandasecurity.com/en/mediacenter/security/malvertising-2/
Malvertising is a type of cyber attack that plants malicious code into legitimate-looking online advertisements. A vehicle to distribute malware to unsuspecting victims, malvertising is a major problem worldwide and has gained increasing prevalence across the web.
Tomi Engdahl says:
Biden Pressured to Act on ‘Russian’ Ransomware, Hacking
https://www.securityweek.com/biden-pressured-act-russian-ransomware-hacking
Tomi Engdahl says:
Use of Common Malware in Operation Targeting Energy Sector Makes Attribution Difficult
https://www.securityweek.com/use-common-malware-operation-targeting-energy-sector-makes-attribution-difficult
Researchers at cybersecurity firm Intezer have been monitoring a campaign that appears to be mainly aimed at the energy sector, but attribution to a known threat group is made difficult by the fact that the operation involves several common malware families.
The threat actor is attempting to deliver its malware using spear-phishing emails that are customized for the employees of each targeted organization. The emails come from spoofed or typosquatted addresses in an effort to increase their chances of success.
“The contents and sender of the emails are made to look like they are being sent from another company in a relevant industry offering a business partnership or opportunity,” Intezer explained.
The campaign started at least one year ago and it has targeted international companies in South Korea — this country appears to be the primary target — the United States, the United Arab Emirates, and Germany.
Tomi Engdahl says:
NS1 leverages data and injects software-defined intelligence, automation and real-time decisioning policy to steer and optimize traffic at the DNS layer
https://techcrunch.com/2021/07/08/ns1-ec1-product/?tpcc=ecfb2020
Tomi Engdahl says:
Ransomware tracker: the latest figures
https://therecord.media/ransomware-tracker-the-latest-figures/
Colonial Pipeline, JBS Foods, Kaseya were only halfway through 2021, but it can already be dubbed the year of ransomware. The problem isnt impacting all organizations to the same degree, however. According to data collected by Recorded Future, attacks against the most vulnerable organizations schools, healthcare facilities, state and local governments have plateaued or even . Ransomware expert Allan Liska explains that threat actors are focusing their efforts on organizations that can stomach multimillion-dollar ransom demands.
Tomi Engdahl says:
Tapahtumahuijarit löysivät Suomen: Näin tunnistat vedätyksen https://www.is.fi/digitoday/tietoturva/art-2000008113726.html
HEVISAURUS-bändi joutui vastikään tappelemaan Facebook-huijarien kanssa. Aitoa tapahtumailmoitusta keikasta kopioitiin, ja huijarit levittivät bändin nimissä haitallisia verkkolinkkejä. Ilmiö on Suomessa verrattain tuore. Koronan alkuvaiheessa näitä oli paljon.
Viime kesäkuussa, kun alkoi olla näitä virtuaalikonsertteja, niin silloin tämä ilmiö oikeastaan alkoi, Traficomin alaisen Kyberturvallisuuskeskuksen johtava asiantuntija Jussi Eronen taustoittaa Suomen tilannetta.