Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Where do all those cybercrime payments go?
https://nakedsecurity.sophos.com/2021/07/09/where-do-all-those-cybercrime-payments-go/
Here on Naked Security, weve regularly asked the question, or at least implied it: Where do you think all those cybercrime payments go?. When a ransomware victim hands over a largely anonymous, mostly untraceable quantity of Bitcoin, for example, to pay off a multi-million dollar blackmail demand in the hope of recovering their unusable files. what happens to that money?
Tomi Engdahl says:
Factsheet ISO: Changes to ISO 27002 Include Addition of Threat Intelligence https://quointelligence.eu/2021/07/factsheet-iso-changes-to-iso-27002-include-addition-of-threat-intelligence/
The International Organization for Standardization (ISO) recently presented updates to the ISO 27002 standard, which consolidates chapters and controls, as well as adding several new controls. The update to the ISO framework also includes Threat Intelligence (TI), which further highlights the growing importance of TI in an organizations security management. <The update was released in April for a 12-week review period, which has now closed. While ISO has not yet set a release date, the framework should become available by 2022.
Tomi Engdahl says:
Ransomware: To pay or not to pay? Legal or illegal? These are the questions https://www.welivesecurity.com/2021/07/08/ransomware-pay-not-pay-legal-illegal-these-are-questions/
The recent spate of ransomware payments cannot be the best use of cybersecurity budgets or shareholder capital, nor is it the best use of insurance industry funds. So, why are companies paying and what will it take for them to stop?. In simple terms, it may just be, or at least initially seem, more cost effective to pay than not to pay. The current precedent to pay likely dates back to the ethically brave organizations who refused to pay. When WannaCryptor (a.k.a. WannaCry) inflicted its malicious payload on the world in 2017, the United Kingdoms National Health Service bore a significant hit on its infrastructure.
Tomi Engdahl says:
Ransomwhere project wants to create a database of past ransomware payments https://therecord.media/ransomwhere-project-wants-to-create-a-database-of-past-ransomware-payments/
A new website launched this week wants to create a crowdfunded, free, and open database of past ransomware payments in the hopes of expanding visibility into the broader picture of the ransomware ecosystem. Named Ransomwhere, the new portal is the personal project of Jack Cable, a Stanford University student and a security researcher for the Krebs Stamos Group. The website allows victims of ransomware attacks or cybersecurity professionals to submit a copy of a ransom note, along with the size of the ransom demand and the Bitcoin address where victims made the payment, which would then be indexed in a public database.
Tomi Engdahl says:
Traficom laajentaa Tietoturvamerkin käyttöä puhelimille sitä tuskin myönnetään
https://www.tivi.fi/uutiset/traficom-laajentaa-tietoturvamerkin-kayttoa-puhelimille-sita-tuskin-myonnetaan/103601a5-8ec3-49ff-b273-764a1c72bda8
Liikenne- ja viestintävirasto Traficomin keväällä teettämän kuluttajatutkimuksen mukaan lähes 80 prosenttia suomalaisista oli tietoisia älylaitteiden tietoturvariskeistä. Vuonna 2019 vastaava osuus oli alle 70 prosenttia. Saman tutkimuksen mukaan älylaitteen tietoturvallisuudesta kertova merkki vaikuttaisi ostopäätökseen 45 prosentilla vastaajista. Traficom lanseerasi vuonna 2019 Tietoturvamerkin, jonka tavoitteena on auttaa kuluttajia tekemään tietoturvallisia ostopäätöksiä. Ensimmäiset laitteet saivat merkinnän vuonna 2020.. Aiemmin Kyberturvallisuuskeskus on itse vastannut merkin vaatimista tietoturvatarkastuksista, mutta nyt myös yritykset voivat tehdä tarkastuksia. Taustalla on halu laajentaa merkittyjen laitteiden saamista kauppoihin ja helpottaa yritysten tuotetarkastusprosessia.
Tomi Engdahl says:
Mikko Hyppönen: Ennen pitkää Suomessakin rysähtää näin järjestäytynyt verkkorikollisuus tehtailee kyberhyökkäyksiä
https://www.tivi.fi/uutiset/tv/aacc69d6-a01c-4bde-97ab-24f5459595c5
Venäläisen REvilin kiristyshaittaohjelma sulki ruotsalaisen Coopin 800 ruokakauppaa viikoksi. F-Securen Mikko Hyppösen mukaan vastaavaa saatetaan nähdä Suomessakin ennen pitkää. Ihan vain todennäköisyyksiä katsomalla voi sanoa, että ennen pitkää Suomessakin rysähtää. Voidaan henkisesti valmistautua siihen, että tällainen tapaus tulee Suomeen ennemmin tai myöhemmin. Jos ei tänä vuonna tule niin ihmeellistä on, Hyppönen kommentoi Tiville.
Tomi Engdahl says:
James Pearson / Reuters:
Investigation sheds light on Force 47, the Vietnamese army’s online information warfare unit behind pro-state Facebook Groups that aim to correct “wrong views” — In Vietnam, where the state is fighting a fierce online battle against political dissent, social media “influencers” …
How Vietnam’s ‘influencer’ army wages information warfare on Facebook
https://www.reuters.com/world/asia-pacific/how-vietnams-influencer-army-wages-information-warfare-facebook-2021-07-09/
Thousands-strong ‘Force 47′ army unit fights ‘wrong views’
State media reveals network of Force 47 Facebook groups
Vietnam threatens to block Facebook over censorship requests
Facebook culls ‘Force 47′ group following Reuters investigation
YouTube says removes nine channels over spam policy
Tomi Engdahl says:
Carly Page / TechCrunch:
Jack Cable of Krebs Stamos Group launches Ransomwhere, a crowdsourced ransomware payment tracker; the site is already tracking $32M+ in ransom payments for 2021
This crowdsourced payments tracker wants to solve the ransomware visibility problem
https://techcrunch.com/2021/07/09/this-crowdsourced-payments-tracker-wants-to-solve-the-ransomware-visibility-problem/
Ransomware attacks, fueled by COVID-19 pandemic turbulence, have become a major money earner for cybercriminals, with the number of attacks rising in 2020.
These file-encrypting attacks have continued largely unabated this year, too. In the last few months alone we’ve witnessed the attack on Colonial Pipeline that forced the company to shut down its systems — and the gasoline supply — to much of the eastern seaboard, the hack on meat supplier JBS that abruptly halted its slaughterhouse operations around the world, and just this month a supply chain attack on IT vendor Kaseya that saw hundreds of downstream victims locked out of their systems.
However, while ransomware attacks continue to make headlines, it’s nearly impossible to understand their full impact, nor is it known whether taking certain decisions — such as paying the cybercriminals’ ransom demands — make a difference.
Jack Cable, a security architect at Krebs Stamos Group who previously worked for the U.S. Cybersecurity and Infrastructure Agency (CISA), is looking to solve that problem with the launch of a crowdsourced ransom payments tracking website, Ransomwhere.
https://ransomwhe.re/
Tomi Engdahl says:
Seizing Cryptocurrency: How is Law Enforcement Tracing and Recovering Bitcoin Payments?
https://www.securityweek.com/seizing-cryptocurrency-how-law-enforcement-tracing-and-recovering-bitcoin-payments
Tomi Engdahl says:
Chris Metinko / Crunchbase News:
Analysis: in H1 2021, private funding for cybersecurity companies reached $9B, up more than 2x from H1 2020 and eclipsing record total of $7.8B for all of 2020
Funding Pours Into Cybersecurity As Mid-Year 2021 Numbers Eclipse Last Year’s Total
https://news.crunchbase.com/news/funding-pours-into-cybersecurity-as-first-half-numbers-eclipse-last-years-total/
Perhaps the only thing more abundant than headlines about cyberattacks this year has been reports of record funding rounds by companies expected to protect against those attacks.
While global funding to startups has exploded this year, cybersecurity seems to be riding its own wave. Only halfway through the year, 2021 already has surpassed the record-breaking $7.8 billion raised by security companies last year.
According to Crunchbase data, $9 billion has flooded into the sector in 309 deals in the first six months of the year — more than double the $4.4 billion the industry realized in the first half of 2020. The second quarter alone saw $5.2 billion — compared to less than $2 billion for the same quarter last year.
The second-quarter blitz came after the sector saw $3.8 billion in the first quarter.
“Valuations have been crazy,” said Umesh Padval, a venture partner at Thomvest Ventures. “The multiples have just been crazy.”
What’s going on?
The reasons for the explosion in dollars raised cybersecurity are varied, but no doubt some may be attributed to huge attacks like the SolarWinds and the Colonial Pipeline incidents. Just as the first half of the year was closing, the sector saw another large-scale attack with Kaseya — which helps companies manage their IT infrastructure — being hit by a ransomware attack.
“There have been so many hacks, you see it every month,” Padval said.
But to just point to those attacks as the driving factor is likely an oversimplification.
“I’m not too surprised by the surge in activity in 2021 given a couple key drivers,” said Dino Boukouris, founding director of Momentum Cyber, a San Francisco-based financial advisory firm for cybersecurity.
“First, in 2020 we saw a rapid acceleration in companies’ digital transformation leading to a significant increase in their reliance on technology in order to thrive — or even survive,” he said. “This further fuels already strong growth in cybersecurity spending.”
Richard Seewald, founder and managing partner at Evolution Equity Partners, added that the pandemic also is the type of crisis that spawns an increase in more sophisticated cyberattacks and forces people to be more vigilant when it comes to their network and IT infrastructure.
“Post 9/11, cybersecurity grew about tenfold in the following decade,” he said. “Then you had the financial crisis in 2008 … after that you had companies like CrowdStrike and Okta.”
Areas of interest
Post-COVID-19, Seewald said he believes new generational companies could be created in security for things like quantum computing, DevOps and crypto, and digital assets.
Padval said areas such as cloud security — which has seen big rounds this year go to companies such as Lacework and Israel-based Wiz — as well as API security and continuous, contextual authentication likely will interest him in the second half of the year.
In addition to cloud security, subsectors such as identity and access management and risk and compliance all performed well in the first half of the year and there’s little reason to believe that will change, Boukouris said.
“These sectors have been performing well over the past few years and we see them continuing to do so in the quarters to come,” he said.
Yanev Suissa, founder of SineWave Ventures and an early investor in SentinelOne — which went public in late June — said he sees some problems with the current landscape and investment interest.
Suissa said he believes there are too many “whack-a-mole” solutions being funded — solutions that solve a very specific sliver of security or a niche problem.
“We just don’t see a lot of revolutionary platforms out there right now,” he said. “We are seeing a lot of ‘nice-to-have things.’ ”
“You are just seeing these guys pour a ton of money early at a price they know can win the deal and hope you get one winner,” Suissa said.
It’s almost inevitable cybersecurity will see at least $15 billion of investment this year and could see $20 billion if the frenzy continues, he said.
He does not know how long the current run will last, and does not think this record-breaking run is indefinite.
Tomi Engdahl says:
Bloomberg:
Sources: Microsoft has agreed to acquire SaaS security intelligence company RiskIQ; a source says Microsoft will pay over $500M — Software giant said to pay more than $500 million in cash for the San Francisco company — Microsoft Corp. has agreed to acquire RiskIQ, a security software maker …
https://www.bloomberg.com/news/articles/2021-07-11/microsoft-is-said-to-be-buying-cybersecurity-company-riskiq
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12354-uusi-katakri-suojaa-suomalaisten-datan-entista-tiukemmin
Tomi Engdahl says:
Diagnosing the Ransomware Deployment Protocol (RDP) https://www.paloaltonetworks.com/blog/2021/07/diagnosing-the-ransomware-deployment-protocol/
Remote Desktop Protocol (RDP) is the most popular initial ransomware attack vector and has been for years. For the 2020 Unit 42 Incident Response and Data Breach Report, Unit 42 studied data from over 1,000 incidents and found in 50% of ransomware deployment cases, RDP was the initial attack vector. In the 2021 Cortex Xpanse Attack Surface Threat Report, Cortex Xpanse researchers found that RDP accounted for 30% of total exposures, which more than doubles the next most common exposure.
Tomi Engdahl says:
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation https://securityintelligence.com/posts/roboski-global-recovery-automation/
In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the delivery of a new variant of the RoboSki packer, which is widely used to thwart detection and deliver commodity RATs to enterprise networks.
Tomi Engdahl says:
Aussies have lost over AU$7 million to remote access scams already this year https://www.zdnet.com/article/aussies-have-lost-over-au7-million-to-remote-access-scams-already-this-year/
In the first six months of 2021, Australians lost over AU$7 million by letting scammers access their home computers — up 184% when compared to last year. The latest data from the ACCC’s Scamwatch reveals so far this year almost 6,500 Australians have reported phone calls from scammers trying to convince them to download software that gives access to home computers and their bank accounts.. “Remote access scams are one of the largest growing scam types in Australia. Scammers take advantage of the digital world and the fear of fraud and cybercrime to access people’s devices and steal their money,” ACCC deputy chair Delia Rickard said.
Tomi Engdahl says:
Kyberrikollista syytetään vuosia vanhoista teoista myi pörssivinkkejä salaisille agenteille https://www.tivi.fi/uutiset/tv/dd1a05e0-89c9-46fd-aa37-4e71d544ffbd
Lähes neljä vuotta AlphaBay-kauppapaikan sulkemisen jälkeen poliisit syyttävät vieläkin ihmisiä pimeän verkon markkinapaikkaan liittyvistä rikoksista. Perjantaina Yhdysvaltain arvopaperi- ja pörssikomissio ja oikeusministeriö ilmoittivat nostavansa syytteet kreikkalaista Apostolos Troviasta vastaan, joka on virastojen mukaan toiminut markkinapaikoilla nimimerkillä The Bull eli härkä. Toisin kuin aiemmin kohteena olleita huumekauppiaita viranomaiset syyttävät Troviasta foorumeiden käyttämisestä tietojen myymiseen. Troviaksen kohteena olivat sisäpiirikauppatietoja myyvät ja ostavat ihmiset.
Tomi Engdahl says:
BIMI: Emerging Standard Aims to Address DMARC Shortcomings
https://www.securityweek.com/bimi-emerging-standard-aims-address-dmarc-shortcomings
BIMI is an emerging email specification that enables the use of brand logos within supported email clients
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a proven method to prevent sender identity fraud widely used in phishing attacks. But it suffers from major drawbacks that have delayed if not prevented its widespread adoption. Brand Indicators for Message Identification (BIMI) is a new and additional standard that could solve this.
DMARC, if fully enforced, will prevent the delivery of email that is not authenticated to have come from the enforcing domain. It protects the brand of the service provider, and protects the service user from phishing attacks.
BIMI Email Authentication But it is expensive and difficult to implement. To be fully effective, the service provider needs to register and implement DMARC for every domain that could be confused – and used by criminals – with its primary domain or domains. Anything missed could provide a route for the phishers to carry on phishing.
For the service user, there is no immediately apparent method of knowing whether the provider is using DMARC. If the user believes the provider is using DMARC, it could lead to a false and relaxed sense of security. A look-alike domain could be assumed to be protected when it isn’t; and the content of what is really a phishing email could be assumed to be safe when it isn’t.
BIMI solves this by allowing a DMARC authenticated provider to insert an authenticated logo next to genuine emails in the email inbox. Since look-alike domains will not, in theory, be able to achieve logo certified authentication, the user can see at a glance that the email is genuine.
It is an all-round win situation. The service provider does not suffer from brand dilution by being associated with spam and phishing while the user can be assured that the email is genuine. The service provider achieves a marketing benefit from achieving thousands – eventually millions – of additional logo impressions, while DMARC benefits from the providers’ additional incentive to implement the DMARC enforced standard across potentially fewer domains.
Tomi Engdahl says:
CISA Releases Analysis of 2020 Risk and Vulnerability Assessments
https://www.securityweek.com/cisa-releases-analysis-2020-risk-and-vulnerability-assessments
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published the results of the Risk and Vulnerability Assessments (RVAs) it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations.
Designed to assess the effectiveness of Federal Civilian Executive Branch (FCEB), Critical Infrastructure (CI), and State, Local, Tribal, and Territorial (SLTT) stakeholders in identifying and resolving network vulnerabilities, the RVAs revealed that phishing links were the most successful technique for initial access.
CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to provide a better understanding of risks and help organizations remediate weaknesses that threat actors might abuse in live attacks to compromise network security controls.
In a report published last week, CISA details an attack path comprising six successive steps, namely initial access, command and control (C&C), lateral movement, privilege escalation, collection, and exfiltration. These steps are based loosely on the ATT&CK methods used by threat actors.
“This path is not all-encompassing of the potential steps used by malicious actors and not all attack paths follow this model. However, these steps serve to highlight some of the more successful attack strategies used during RVAs and the impacts these strategies have had on a target network,” CISA says.
In its assessments, CISA successfully used phishing links for initial access in 49% of the attacks, web protocols were employed for command and control in 42% of RVAs, while pass the hash was used for lateral movement in roughly 30% of attacks (followed by RDP in 25% of incidents). In 37.5% of “attacks,” valid accounts were used for privilege escalation.
https://www.cisa.gov/sites/default/files/publications/FY20_RVAs_Mapped_to_the_MITRE_ATTCK_Framework_508_corrected.pdf
Tomi Engdahl says:
Catalin Cimpanu / The Record:
Google rolls out support for the BIMI security standard for brands to all Gmail users as part of an effort to improve email-sender authenticity — Google has rolled out today support for the new Brand Indicators for Message Identification (BIMI) standard to all Gmail users as part of an effort to improve email-sender authenticity.
Gmail deploys support BIMI security standard
https://therecord.media/gmail-deploys-support-bimi-security-standard/
Google has rolled out today support for the new Brand Indicators for Message Identification (BIMI) standard to all Gmail users as part of an effort to improve email-sender authenticity.
The new standard is hard to comprehend for non-technical users, but it basically allows companies that have implemented email security standards like DMARC, DKIM, and SPF for their email domains to show “authenticated logos” inside email clients.
Since all these security protocols rely on digital certificates and advanced cryptography, the verified logos will only appear for a company’s real email domain and not for spoofed emails sent by scammers or cybercrime groups.
A high-level technical explanation of how BIMI works is available below:
Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot.
If companies have implemented SFP, DKIM, DMARC, and have obtained a VMC, they can add a verified logo for all emails sent from their domains by adding a special DMARC DNS record that looks like below and points to a logo URL:
default._bimi TXT “v=BIMI1; l=https://mydomain.com/image.svg;”
https://bimigroup.org/
Tomi Engdahl says:
Global shortage of cybersecurity talent
https://www.thestar.com.my/starpicks/2021/07/12/global-shortage-of-cybersecurity-talent
TO protect our data, privacy and keep digital society safe from new threats, we count on cyber experts or cybersecurity specialists – unsung heroes who are our digital frontliners.
As Prime Minister Tan Sri Muhyiddin Yassin said at the virtual Cyber Defence and Security Exhibition and Conference 2021: “We cannot escape anymore from emphasising the elements of cybersecurity in each and every initiative.”
X
Log In
The Star People’s paper 50 Years Anniversary
TOPICSEuro Mania 2020|Sabah & Sarawak|The New Normal|In 500 Words|Covid-19 Watch|EEA 2021|True or Not|Do You Know
Global shortage of cybersecurity talent
STARPICKS
Monday, 12 Jul 20217:46 AM MYT
APU is a pioneer in Cybersecurity & Digital Forensics higher education, a talent ground for cybersecurity specialists.
TO protect our data, privacy and keep digital society safe from new threats, we count on cyber experts or cybersecurity specialists – unsung heroes who are our digital frontliners.
As Prime Minister Tan Sri Muhyiddin Yassin said at the virtual Cyber Defence and Security Exhibition and Conference 2021: “We cannot escape anymore from emphasising the elements of cybersecurity in each and every initiative.”
Within Malaysia, there is a high number of cybersecurity intrusions and fraud reported to the police which has resulted in losses amounting to millions.
Source: World Economic Forum (WEF) Report 2021
Source: World Economic Forum (WEF) Report 2021
Global demand for cybersecurity talent
According to the World Economic Forum (WEF) report 2021, there is a global gap of over three million cyber security workforce, with two million in the APAC region alone.
Cisco, Symantec, Cybersecurity Ventures, ISACA and Intel have all expressed concerns on global talent shortage, as highlighted in the Cybersecurity Jobs Report 2018-2021 by Cybersecurity Ventures.
Together with its industry partners especially MDEC, the Asia Pacific University of Technology and Innovation (APU) aims to respond to the local and global talent demand.
“Cybersecurity is one of the central pillars of the digital economy, recording more than twice the overall ICT spending growth in the country over the next five years, according to an IDC report. With the recently-launched Malaysia Cyber Security Strategy (MCSS) and MyDIGITAL, 20,000 cyber security knowledge workers are needed by 2025 to support the cybersecurity workforce demand from the industry,” said Malaysia Digital Economy Corporation (MDEC) Chief Executive Officer Surina Shukri.
Tomi Engdahl says:
https://pauljerimy.com/security-certification-roadmap/
Tomi Engdahl says:
Matt Wixey – Sound Effects Exploring Acoustic Cyberweapons – DEF CON 27 Conference
https://www.youtube.com/watch?v=ftCULiYV7Wg
Tomi Engdahl says:
https://www.google.com/search?q=real+penetration+testing+talk&client=ms-android-samsung-ga-rev1&prmd=vin&sxsrf=ALeKk00M8klcGQtAMfdvEzMid7tgFLND2g:1625474177670&source=lnms&tbm=vid&sa=X&ved=2ahUKEwiJ9c2Xw8vxAhXIAxAIHRuxCywQ_AUoAXoECAIQAQ&biw=412&bih=782&dpr=2.63
Tomi Engdahl says:
https://pentestmag.com/industrial_cyber_physical_security_enhancement/
Tomi Engdahl says:
https://pentestmag.com/cybersecurity-in-the-online-casino-industry/
Tomi Engdahl says:
https://www.enfo.fi/blogi/tietoturvan-suunnannayttajat-tuovat-tietoturvapoikkeamia-paivanvaloon
Tomi Engdahl says:
https://pentestmag.com/iot-security-how-to-search-for-vulnerable-connected-devices/
Tomi Engdahl says:
Cybersecurity Training Program Teaches How to Fend Off Attacks
https://spectrum.ieee.org/the-institute/ieee-products-services/cybersecurity-training-program-teaches-how-to-fend-off-attacks
Tomi Engdahl says:
https://www.hs-works.fi/Levynsalaus+ja+sen+tarkeys?utm_source=facebook&utm_medium=cpc&utm_campaign=23847046194910576&utm_content=23847046194700576&utm_term=23847321456320576&fbclid=IwAR1454rJnAGB0pKaBd5NBZwfHv6fWwo0xbqJMc69cfz2b5dS5pRD9R6td2M
Tomi Engdahl says:
https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
Tomi Engdahl says:
So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into
We sum up Middle Kingdom’s massive crackdown on bug reports
https://www.theregister.com/2021/07/15/china_vulnerability_law/
Chinese makers of network software and hardware must alert Beijing within two days of learning of a security vulnerability in their products under rules coming into force in China this year.
Details of holes cannot be publicized until the bugs are fixed. Malicious or weaponized exploit code cannot be released. There are restrictions on disclosing details of flaws to foreign organizations. And vendors will be under pressure to address these vulnerabilities as soon as they can and set up bounty programs to reward researchers.
The regulations are intended to tighten up the nation’s cyber-security defenses, crack down on the handling and dissemination of bugs, and keep China’s elite up to speed on exploitable flaws present in Chinese-made communications systems, wherever in the world that technology may be deployed.
Tomi Engdahl says:
https://www.seroundtable.com/photos/google-ethernet-cables-cut-here-to-activate-firewall-27140.html
Tomi Engdahl says:
WTF is NS1? It’s DNS, DDI, and maybe other TLAs
NS1 EC-1 Part 2: Product development and roadmap
https://techcrunch.com/2021/07/08/ns1-ec1-product/?tpcc=ecfb2020
Tomi Engdahl says:
Code in huge ransomware attack written to avoid computers that use Russian, says new report
“They don’t want to annoy the local authorities, and they know they will be able to run their business much longer if they do it this way,” said an expert.
https://www.nbcnews.com/politics/national-security/code-huge-ransomware-attack-written-avoid-computers-use-russian-says-n1273222
Tomi Engdahl says:
Revealed: leak uncovers global abuse of cyber-surveillance weapon
Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests
https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus
Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.
The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.
Tomi Engdahl says:
Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers
Attackers are increasingly attuned to the power and potential of remote management software.
https://www.wired.com/story/it-management-tools-hacking-jamf-kaseya/
Tomi Engdahl says:
US government launches plans to cut cybercriminals off from cryptocurrency
https://www.cyberscoop.com/us-government-crypocurrency-ransomware-criminals-treasury-state-reward/
The Treasury Department will support the implementation of money laundering requirements for virtual currency exchanges and building partnerships with the industry to track the currency in real time. The Financial Crimes Enforcement Network will announce a new public-private information sharing group that will include financial institutions, technology firms, third-party service providers and federal government agencies.
Many of the recommendations align with those made in April by a nonprofit task for comprising than 60 experts from industry, government, nonprofits and academia. White House officials and members of Congress have held meetings with members of the task force to discuss the report in recent weeks.
“The exploitation of virtual currency to launder ransomware proceeds is without question, facilitating ransomware,” a senior administration official told reporters. “There’s inadequate international regulation of virtual currency activity, which is a key factor in how cybercriminals are able to launder their funds, demand ransomware payments and fuel sophisticated cybercrime as a service business model.”
Tomi Engdahl says:
Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure
https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-foreign-malicious-cyber-activity-against-u-s-critical-infrastructure/
Tomi Engdahl says:
Amnesty kirjoittaa rapotissaan:
9.4 Attack infrastructure hosted primarily in Europe and North America
NSO Group’s Pegasus infrastructure primarily consists of servers hosted at datacentres located in European countries. The countries hosting the most infection domain DNS servers included Germany, the United Kingdom, Switzerland, France, and the United States (US).
Country ja Servers per country
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Tomi Engdahl says:
Is Remote Desktop Protocol Secure? It Can Be
https://threatpost.com/remote-desktop-protocol-secure/167719/
Tomi Engdahl says:
https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus
Tomi Engdahl says:
In the most recent HIMSS Cybersecurity Survey, 70% of respondents indicated their organizations experienced significant incidents in the past twelve months. #HIMSS21 #HITsecurity
Cybersecurity and Security Incidents in Healthcare Infographic
https://www.himss.org/resources/cybersecurity-and-security-incidents-healthcare-infographic?utm_source=facebook&utm_medium=social&utm_campaign=ghc_vegas_nurture_cybersecurity&utm_content=cybersecurity_infographic&fbclid=IwAR1S1eirxaWmGQFAiGTYSz9L0RNQGGzU17T3wP9CiBZtgvSVXeuzrtivTbM
The most recent HIMSS Cybersecurity Survey provides insight into the cybersecurity landscape of healthcare organizations based upon the feedback from 168 U.S.-based healthcare cybersecurity professionals. Healthcare organizations face a barrage of significant security incidents such as phishing, ransomware, and social engineering attacks, in addition to the challenges faced by dealing with the COVID-19 pandemic.
Significant security incidents continue to plague healthcare organizations of all types and sizes. Often, securing information and infrastructure is quite complex. Preserving the confidentiality, integrity, and availability of information are equally important. This is, however, a difficult balancing act
Other highlights include:
Phishing is the most common type of significant security incident. Most phishing is either general phishing or spear-phishing occurring via email. Top threat actors include online scam artists and cybercriminals.
Financial information is king. Threat actors typically seek the following: financial information, employee information, and patient information.
Tomi Engdahl says:
https://threatpost.com/improving-ransomware-resiliency/168091/
Tomi Engdahl says:
https://blog.cloudflare.com/cloudflares-handling-of-an-rce-vulnerability-in-cdnjs/
Tomi Engdahl says:
The Insecurity Industry
https://edwardsnowden.substack.com/p/ns-oh-god-how-is-this-legal
The greatest danger to national security has become the companies that claim to protect it
In short, the phone in your hand exists in a state of perpetual insecurity, open to infection by anyone willing to put money in the hand of this new Insecurity Industry. The entirety of this Industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines—AKA security updates—and then selling them to countries that occupy the red-hot intersection of a Venn Diagram between “desperately craves the tools of oppression” and “sorely lacks the sophistication to produce them domestically.”
An Industry like this, whose sole purpose is the production of vulnerability, should be dismantled.
Tomi Engdahl says:
Biden warns ‘real shooting war’ will be sparked by severe cyber attack
Suggests incident ‘of great consequence’ in the real world could be a tipping point
https://www.theregister.com/2021/07/28/biden_cyber_attack_real_war_prediction/?td=keepreading-btm
“We’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world,” he said.
“I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely … if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence.
“And it’s increasing exponentially – the capabilities,” he added, presumably a reference to the potency of cyber attacks.
Tomi Engdahl says:
eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering
Four others at online tat bazaar admit trying to silence newsletter couple, two senior execs fight charges
https://www.theregister.com/2021/07/28/ebay_security_prison/
Tomi Engdahl says:
A Controversial Tool Calls Out Thousands of Hackable Websites
PunkSpider is back, and crawling hundreds of millions of sites for vulnerabilities.
https://www-wired-com.cdn.ampproject.org/v/s/www.wired.com/story/punkspider-web-site-vulnerabilities/amp?amp_gsa=1&_js_v=a6&usqp=mq331AQIKAGwASCAAgM%3D#amp_tf=From%20%251%24s&aoh=16275271150258&csi=0&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpunkspider-web-site-vulnerabilities%2F
The web has long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit. Now one hacker tool is about to take that practice to its logical, extreme conclusion: Scanning every website in the world to find and then publicly release their exploitable flaws, all at the same time—and all in the name of making the web more secure.
At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to release—or, rather, to upgrade and re-release after a years-long hiatus—a tool called PunkSpider.
PunkSpider’s creators say it will catalog hundreds of thousands of those unpatched vulnerabilities at launch, making all of them publicly accessible.
Low-Hanging Fruit
The sort of web vulnerabilities that PunkSpider finds remain incredibly common, despite years of warnings. In January of last year, for instance, security researchers found that one such web vulnerability let anyone take over Fortnite accounts, and earlier this year another web bug allowed hacktivists to breach the right-wing social media site Gab and leak 70 gigabytes of its backend data. Both have since been patched. But Caceres argues that PunkSpider could spur web admins to finally fix those sorts of ubiquitous bugs before hackers abuse them.
“I thought, ‘Wouldn’t it be cool if I could scan the entire web for vulnerabilities? And to make it even more fun, wouldn’t it be cool if I released all those vulnerabilities for free?’” says Caceres, who along with Hopper works as a researcher for cybersecurity startup QOMPLX.
PunkSpider will automatically scan and “fuzz” sites for seven kinds of exploitable bug, repeatedly trying variations of common hacking methods to check if a site is vulnerable.
Tomi Engdahl says:
https://www.forbes.com/sites/thomasbrewster/2021/07/29/paragon-is-an-nso-competitor-and-an-american-funded-israeli-surveillance-startup-that-hacks-encrypted-apps-like-whatsapp-and-signal/?sh=3da9fd3a153b
Tomi Engdahl says:
Turn off, turn on: Simple step can thwart top phone hackers
https://apnews.com/article/technology-government-and-politics-hacking-752db867fafbaba1f9cc34f7588944c5
As a member of the secretive Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a briefing by security staff this year, he said he got some advice on how to help keep his cellphone secure.
Step One: Turn off phone.
Step Two: Turn it back on.
That’s it. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones.
Regularly rebooting phones won’t stop the army of cybercriminals or spy-for-hire firms that have sowed chaos and doubt about the ability to keep any information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.
“This is all about imposing cost on these malicious actors,”