Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
FROM STOLEN LAPTOP TO INSIDE THE COMPANY NETWORK
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
What can you do with a stolen laptop? Can you get access to our internal network? That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.
We received a Lenovo laptop preconfigured with the standard security stack for this organization. We didn’t get any information about this laptop, no test credentials, no configuration details, no nothing, it was a 100% blackbox test.
With nothing else working, that last point, TPM secured BitLocker, was going to be our way in. One of the things we saw when doing recon was that the laptop boots directly to the Windows 10 Login screen. That, coupled with the BitLocker encryption means that the drive decryption key is being pulled only from the TPM, no user supplied PIN or password was needed which is the default for BitLocker.
A pre-equipped attacker can perform this entire attack chain in less than 30 minutes with no soldering, simple and relatively cheap hardware, and publicly available tools. A process that places it squarely into Evil-Maid territory.
Tomi Engdahl says:
Sysadmins: Why not simply verify there’s no backdoor in every program you install, and thus avoid any cyber-drama?
Just ‘validate third-party code before using it’, says Euro body
https://www.theregister.com/2021/07/31/enisa_supply_chain_attack_report/
Half of publicly reported supply chain attacks were carried out by “well known APT groups”, according to an analysis by EU infosec agency ENISA, which warned such digital assaults need to drive “new protective methods.”
Of the 24 supply-chain attacks studied by ENISA since January 2020, a dozen were attributed to APTs while 10 of them hadn’t been attributed to anyone at all in open-source reporting, the agency said.
Juhan Lepassaar, ENISA’s exec director, said in a canned statement: “Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once. With good practices and coordinated actions at EU level, Member States will be able to reach a similar level of capabilities raising the common level of cybersecurity in the EU.”
The open-source study is intended as a primer on supply-chain attacks, which typically consist of targeting B2B software suppliers that have extensive customer lists. Once the supplier is compromised, the attackers then move laterally into their customers’ networks, typically to steal data and extort the victims.
“An additional characteristic of supply chain attacks involves the complexity in handling them and the efforts required to mitigate and address such attacks,” said ENISA in its report.
Tomi Engdahl says:
It’s not feasible to ask every org to break out disassemblers, source code editors, and network and memory analysis tools, and have staff on hand capable of using them, to inspect every update, be they open or closed source
Tomi Engdahl says:
Cybercriminals up their game as ‘cracking’ drives big rise in hacking tool downloads
Availability of hacking tools allowing anyone to use them without paying
https://www.foxbusiness.com/technology/cybercriminals-game-cracking-drives-big-rise-hacking-tool-downloads
Tomi Engdahl says:
The cybersecurity jobs crisis is getting worse, and companies are making basic mistakes with hiring
https://www.zdnet.com/article/the-cybersecurity-jobs-crisis-is-getting-worse-and-companies-are-making-basic-mistakes-with-hiring/
Overworked cybersecurity employees are struggling to keep up with the challenges of the job, and employers are struggling to keep hold of them.
Tomi Engdahl says:
lack of business investment means cybersecurity teams are struggling to keep enterprise networks secure at a time when the rise in remote working is providing additional security challenges — and it’s having an impact on their well-being.
https://www.zdnet.com/article/the-cybersecurity-jobs-crisis-is-getting-worse-and-companies-are-making-basic-mistakes-with-hiring/
Tomi Engdahl says:
The Automated SOC: Reviewing the Future of Layered Security Solutions
https://pentestmag.com/the-automated-soc-reviewing-the-future-of-layered-security-solutions/
#pentest #magazine #pentestmag #pentestblog #automated #SOC #SecurityOperationsCenter #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Thinking Outside the Box – Data Breaches
https://pentestmag.com/thinking-outside-the-box-data…/
#pentest #magazine #pentestmag #pentestblog #PTblog #data #breach #OSINT #password #outsidetheboxthinking #TraceLabs #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Exposed: The Pentagon’s cyberwar against Russia
https://www.liberationnews.org/exposed-the-pentagons-cyberwar-against-russia/
The cyberwar against Russia began in 2012. The timing of the cyberwar against Russia is significant. It was thus not triggered by Russia’s intervention in Syria (2015) or the Crimea referendum in June 2014 that resulted in Crimea leaving Ukraine and rejoining Russia.
During the past year the attacks have accelerated “with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before,” according to a new report published by the New York Times based on three months of private interviews with Pentagon officials.
Militarism and U.S. capitalism are one and the same.
Tomi Engdahl says:
Windows 10 alkaa automaattisesti estää monien ohjelmien toimintaa – voi johtaa ongelmiin
Microsoft kytkee ei-toivottujen ohjelmien eston oletuksena päälle Windows 10:ssä.
https://www.is.fi/digitoday/tietoturva/art-2000008167873.html
Tomi Engdahl says:
https://support.microsoft.com/en-us/windows/potentially-unwanted-apps-will-be-blocked-by-default-b9f53cb9-7f1e-40bb-8c6b-a17e0ab6289e
Tomi Engdahl says:
https://www.kingston.com/finland/en/solutions/data-security/how-ssd-encryption-works
Tomi Engdahl says:
It’s time to improve Linux’s security
Top Linux developer Kees Cook calls for everyone to push more for securing Linux.
https://www.zdnet.com/article/a-call-to-improve-linuxs-security/
Is Linux more secure than Windows? Sure. But that’s a very low bar. Kees Cook, a Linux security expert, Debian Linux developer, and Google Security Engineer, is well aware that Linux could be more secure. As Cook tweeted, “We need more investment in bug fixers, reviewers, testers, infrastructure builders, toolchain devs, and security devs.”
Tomi Engdahl says:
White House Memo Takes on Securing Critical Infrastructure Control Systems
https://www.tripwire.com/state-of-security/ics-security/white-house-memo-takes-on-securing-critical-infrastructure-control-systems/
Attacks targeting critical infrastructure have been on the rise in recent years. Back in 2019, for instance, 56% of utility professionals responsible for overseeing risk in their organizations’ operational technology (OT) assets told Siemens and the Ponemon Institute that they experience at least one shutdown or operational data loss event a year. That’s about the same proportion (54%) of survey respondents who said they expected to see an attack on critical infrastructure in the next 12 months, reported HSToday.
The Biden Administration Responds
These critical infrastructure security events could explain why the Biden Administration has taken several steps in 2021 to help protect industrial control systems serving critical national infrastructure. Here’s an overview of three of those initiatives:
The 100-day sprint for electrical infrastructure: Earlier in the year, the Biden Administration announced a 100-day sprint to identify weaknesses within the United States’ electrical infrastructure. It also announced a Request for Information (RFI) from the U.S. Department of Energy to help to address supply chain risks in the U.S. electric system. (Tripwire’s response to that RFI is available here.)
The Executive Order on Improving the Nation’s Cybersecurity: In mid-May, the Administration published an Executive Order around strengthening the nation’s cybersecurity. The directive came with several measures for helping Federal Civilian Executive Branch (FCEB) agencies within the U.S. government to defend against supply chain attacks. It also included a section on removing barriers that would prevent information technology (IT) and OT service providers sharing threat intelligence information with FBI and similar entities.
Revised security guidelines for pipeline owners: Following a high-profile ransomware attack involving a U.S. pipeline company, the Transportation Security Agency (TSA) issued a directive that discusses new security requirements for pipeline operators. Those obligations include the need for all pipeline companies to disclose all security incidents to the TSA and the Cybersecurity & Infrastructure Security Agency (CISA) going forward.
The Biden Administration isn’t done for the year, either. In July, it released its “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.”
Tomi Engdahl says:
Cybersecurity and Security Incidents in Healthcare Infographic
https://www.himss.org/resources/cybersecurity-and-security-incidents-healthcare-infographic
Tomi Engdahl says:
https://www.news.com.au/finance/money/wealth/what-happens-when-you-try-to-photocopy-money/news-story/302fd18f623b1e9e5d1e299dcd3c75ec
Tomi Engdahl says:
Nude Sharing Spikes During Pandemic: Here’s How To Deal With Revenge Porn
https://www.forbes.com/sites/daveywinder/2021/08/07/is-someone-sharing-your-nudes-heres-what-you-need-to-do/?utm_campaign=sprinklrForbesMainFB&utm_content=5275248854&utm_medium=social&utm_source=FBPAGE&sh=537c28607232
The non-consensual sharing of intimate images, both photographic and video, remains a massive problem and the Covid 19 pandemic could have worsened the situation. According to new research from Kaspersky, some 33% of those surveyed admitted to having shared nudes, or more explicit material, with someone they only had an online relationship with.
Generation Z, those under 24 years of age, shared the most, with 50% of those asked having done so. This compares to a meagre 5% of baby boomers, aged 57 to 75, and, perhaps surprisingly, 11% of those aged between 75 and 95.
Moreover, since the beginning of the pandemic and the associated lockdowns, the Kaspersky research revealed what it calls a “significant impact” on the volume of intimate image sharing: 19% have shared more nudes, and 24% have received more.
However, the non-consensual sharing of intimate images statistic that reveals most about this harmful and abusive act comes from a different source. The Revenge Porn Helpline has confirmed that while 75% of victims are female, 67% of the perpetrators that could be identified are male.
This can be seen even when images have yet to be shared publicly, but threats to do so are made. The Revenge Porn Helpline explains this as being an abusive tactic to “keep them in the relationship; to control the public narrative about the break-up; to keep the victim under their control; or just because they can.”
What can you do if someone has shared your nudes without consent?
Although prevention is way better than cure, and ‘take care before you share’ is always a good mantra, it is far from perfect. It’s impossible to know how someone you trust now might act later. You cannot secure the device your images are sent to, and the recipient could be lax about passwords or allowing others access, for example.
Indeed, according to the Cyber Civil Rights Initiative, 48 U.S. states now have laws specifically concerning non-consensual pornography.
Although you may not initially be thinking about a legal pursuit of whoever shared the images, it’s still common sense to preserve the evidence you have. The easiest method being to take a screenshot of wherever the image has appeared, including the date and any details of the account posting it. Print this out and save it to your phone and do the same with any messages or emails from the perpetrator if you have contacted them regarding publication and removal.
Acting as quickly as you can, as rationally as you are able, is vital. The longer the images are accessible, the greater the opportunity for them to be distributed further. Truth be told, though, depending upon the platform where the material has been published and who else has access to it, unless images are deleted quickly they can soon be distributed very widely indeed.
This doesn’t mean you should give up before you even start, however.
If the images, or videos, are ones that you took yourself, then you should be the copyright holder and can use this to issue a Digital Millennium Copyright Act (DCMA) takedown notice against the publishing platform. Even though this is a U.S. copyright law thing, the international nature of the internet means that most web hosting and social media platforms should respond positively and quickly to such notices.
Unfortunately, cached copies of images can remain even after deletion of the original, and there’s the problem of copies published elsewhere to consider. Searching using either Google’s reverse image search feature, or the Yandex equivalent can help track these down.
https://support.google.com/websearch/answer/6302812
Tomi Engdahl says:
The Affiliate’s Cookbook – A Firsthand Peek into the Operations and
Tradecraft of Conti
https://www.fortinet.com/blog/threat-research/affiliates-cookbook-firsthand-peek-into-operations-and-tradecraft-of-conti?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
The primary focus of the following analysis will be on the Conti
support manual, titled “CobaltStrike Manuals_V2 Active Directory.”. It
will touch on several interesting observations lifted from the manual.
Although other files and documents were released, this support manual
contains information for “affiliates” and offers a rare glimpse into
the Ransomware-as-a-Service world.
Tomi Engdahl says:
5 reasons not to use work mail for personal matters
https://www.kaspersky.com/blog/5-reasons-not-to-use-corp-e-mail/41166/
1. It makes profiling easier. 2. It facilitates spear-phishing. 3. It
provides criminals with a smoke screen. 4. More mass phishing and
malware in the inbox. 5. The eyes glaze over
Tomi Engdahl says:
Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws
https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/
Today is Microsoft’s August 2021 Patch Tuesday, and with it comes
fixes for three zero-day vulnerabilities and a total of 44 flaws, so
please be nice to your Windows admins as they scramble to installed
patches. Microsoft has fixed 44 vulnerabilities (51 including
Microsoft Edge) with today’s update, with seven classified as Critical
and 37 as Important. Of the 44 vulnerabilities, 13 are remote code
execution, eight are information disclosure, two are denial of
service, and four are spoofing vulnerabilities. Microsoft has released
security updates for two eagerly anticipated zero-day vulnerabilities
that were discovered over the past month: PrintNightmare and
PetitPotam
Tomi Engdahl says:
UNC215: Spotlight on a Chinese Espionage Campaign in Israel
https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html
This blog post details the post-compromise tradecraft and operational
tactics, techniques, and procedures (TTPs) of a Chinese espionage
group we track as UNC215. While UNC215′s targets are located
throughout the Middle East, Europe, Asia, and North America, this
report focuses on intrusion activity primarily observed at Israeli
entities.
Tomi Engdahl says:
Chaos Ransomware: A Proof of Concept With Potentially Dangerous
Applications
https://www.trendmicro.com/en_us/research/21/h/chaos-ransomware-a-dangerous-proof-of-concept.html
Since June 2021, we [Trendmicro] have been monitoring an
in-development ransomware builder called Chaos, which is being offered
for testing on an underground forum. While it’s purportedly a.NET
version of Ryuk, closer examination of the sample reveals that it
doesn’t share much with the notorious ransomware. In fact, early
versions of Chaos, which is now in its fourth iteration, were more
akin to a destructive trojan than to traditional ransomware. In this
blog entry, we [Trendmicro] take a look at some of the characteristics
of the Chaos ransomware builder and how its iterations added new
capabilities.
Tomi Engdahl says:
Optimize Your Incident Response Planning with the MITRE Framework
https://www.trendmicro.com/en_us/ciso/21/h/optimize-your-incident-response-planning-with-the-mitre-framework.html
Threat research experts discuss the evolving landscape and how the
MITRE ATT&CK framework can help optimize incident response across your
organization. The MITRE ATT&CK knowledge base is completely publically
sourced, allowing a greater number of researchers to work together to
connects these dots. This allows for adversary tactics and techniques
to be sourced from real world attacks and mapped back to the
adversaries, so the cybersecurity industry can develop specific threat
models and solutions to protect private, public, and government
environments more effectively.
Tomi Engdahl says:
Olisiko aika unohtaa vanhat s4l4s4n40hjeet? “Näin teet turvallisen ja
käytännöllisen salasanan”
https://www.tivi.fi/uutiset/tv/5ce37851-4495-44c3-b75d-08ff89f8d029
Asiantuntijoiden antamalla vinkillä on helppo luoda hankalasti
murrettava salasana, joka monimutkaisuudestaan huolimatta pysyy
mielessä. Ison-Britannian kyberturvallisuuskeskus (NCSC) on antanut
varsin näppärän salasanasuosituksen. Sen avulla kuka tahansa voi tehdä
monimutkaisen salasanan, joka on myös käytännöllinen, The Guardian
kirjoittaa. NCSC suosittelee yksinkertaisesti käyttämään kolmen
satunnaisen sanan yhdistelmää. Näin salasana muodostuu sitä murtamaan
valjastetun algoritmin perspektiivistä epätavanomaisista
kirjainyhdistelmästä. Sen sijaan perinteisesti hyvinä pidetyt
salasanat saattavat olla verkkorikollisten perspektiivistä
huomattavasti helpommin murrettavissa.
Tomi Engdahl says:
Dutch government to stop issuing TLS certs because of ever-complicated
standards
https://therecord.media/dutch-government-to-stop-issuing-tls-certs-because-of-ever-complicated-standards/
The Dutch government, the last EU country that is still running its
own certificate authority (CA), announced plans last week to stop
issuing new TLS certificates starting December 2021. At a technical
level, Dutch officials said they do not plan to renew a root
certificate for the PKIoverheid CA program once it expires next year,
on December 6, 2022.
Tomi Engdahl says:
Security tools showcased at Black Hat USA 2021
https://therecord.media/security-tools-showcased-at-black-hat-usa-2021/
While everyone associates the Black Hat security conference with
high-profile keynotes and state-of-the-art cybersecurity research,
ever since the 2017 edition, the conference has also been the place
where the cybersecurity community has also announced and released
security tools part of the lesser-known “Arsenal” track.
Tomi Engdahl says:
Guide to Cyber Security Measures
https://english.ncsc.nl/publications/publications/2021/august/4/guide-to-cyber-security-measures
The Guide to Cyber Security Measures lists eight measures that every organisation should take to prevent cyber-attacks. Examples of these measures are enabling logging, implementing multi-factor authentication, creating backups and encrypting sensitive information.
Furthermore, the Guide to Cyber Security Measures provides the organisational context in which you apply these measures.
Organisations can use the Guide to Cyber Security Measures to discuss their internal cyber security policy and in contacts with their suppliers about the security of their products and services. The accompanying infographic provides a clear overview of the eight basic measures.
Tomi Engdahl says:
Board toolkit: five questions for your board’s agenda https://www.ncsc.gov.uk/guidance/board-toolkit-five-questions-your-boards-agenda
A range of questions that the NCSC believe will help generate constructive cyber security discussions between board members and their CISOs. CISOs and technical teams are one of the greatest assets any organisation has, and their role in improving your knowledge of relevant cyber security issues shouldn’t be underestimated. For this reason, the NCSC have identified a range of questions which will help generate the right discussions between board members and their CISOs and increase awareness of key topics in cyber security.
Tomi Engdahl says:
Apple to Scan Every Device for Child Abuse Content But Experts Fear for Privacy https://thehackernews.com/2021/08/apple-to-scan-every-device-for-child.html
Apple on Thursday said it’s introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos,. in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts (aged under 13) to warn parents of sexually explicit photos in the messaging platform. Furthermore, Apple also plans to update Siri and Search to stage an intervention when users try to perform searches for CSAM-related topics, alerting the “interest in this topic is harmful and problematic.”
Tomi Engdahl says:
Black Hat: How cybersecurity incidents can become legal minefields
https://www.zdnet.com/article/black-hat-how-cybersecurity-can-be-a-legal-minefield-for-lawyers/#ftag=RSSbaffb68
When a company becomes the victim of a cyberattack, executives are faced with a tsunami of challenges: containing a breach, remediation, informing customers and stakeholders, identifying those responsible, and conducting a forensic analysis of the incident — to name but a few. However, it is not just the real-world issues faced, in the now, that businesses have to tackle: the legal ramifications of a security incident have become more important than ever to consider. Speaking to attendees at Black Hat USA in Las Vegas, Nick Merker, partner at Indianapolis-based legal firm Ice Miller LLP said that before becoming a lawyer, he worked as an information security professional — and this experience allowed him to transition into the legal field through a cybersecurity lens. Merker emphasised that companies more often “need to actually use an incident response plan in an incident situation, ” and said that documentation should be a key focus.
Timelines, logs, major decisions, and status summaries should be kept as regulators — or plaintiffs – will be asking questions, and you need to know “what you did, and why you did it.”
Tomi Engdahl says:
Microsoft listasi tärkeimpiä tietoturvatutkijoita mukana kaksi suomalaista https://www.tivi.fi/uutiset/microsoft-listasi-tarkeimpia-tietoturvatutkijoita-mukana-kaksi-suomalaista/020287c7-13bb-468a-8f06-4f3641eccbdf
Suomalaiset Aapo Oksman ja Nestori Syynimaa ylsivät Microsoftin vuoden
2021 tärkeimpien tietoturvatutkijoiden listalle.
Tomi Engdahl says:
Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.
Ransomware Gangs and the Name Game Distraction https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/
It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry.
Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation.
Tomi Engdahl says:
Prometheus TDS: The $250 service behind recent malware attacks https://www.bleepingcomputer.com/news/security/prometheus-tds-the-250-service-behind-recent-malware-attacks/
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. Among the malware families that Prometheus TDS has dished out so far are BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader, all of them commonly used in intermediary attack stages to download more damaging payloads.
Tomi Engdahl says:
Tutkimus: Puolet Suomen väestöstä joutunut teknisen tuen huijausten kohteeksi viimeisen vuoden aikana https://news.microsoft.com/fi-fi/2021/08/04/tech-support-scam-research-2021/
Microsoftin teettämän tutkimuksen mukaan puolet Suomessa asuvista aikuisista on altistunut teknisen tuen huijauksille, ja 3 % on menettänyt rahaa näissä huijauksissa. Puhelinyhteydenottojen ja sähköpostin lisäksi huijarit hyödyntävät nyt myös esimerkiksi ammattimaisen näköisesti tehtyjä verkkosivuja ja ponnahdusikkunoita.
Tomi Engdahl says:
Spam and phishing in Q2 2021
https://securelist.com/spam-and-phishing-in-q2-2021/103548/
In Q2 2021, corporate accounts continued to be one of the most tempting targets for cybercriminals. To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. This technique has been used many times before. A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials.
Tomi Engdahl says:
Facebook bans academics who researched ad transparency and misinformation on Facebook https://www.theverge.com/2021/8/4/22609020/facebook-bans-academic-researchers-ad-transparency-misinformation-nyu-ad-observatory-plug-in
The researchers say their work is being silenced. Facebook has banned the personal accounts of academics who researched ad transparency and the spread of misinformation on the social network. Facebook says the group violated its term of service by scraping user data without permission. But the academics say they are being silenced for exposing problems on Facebook’s platform.
How a fake network pushes pro-China propaganda
https://www.bbc.com/news/world-asia-china-58062630
A sprawling network of more than 350 fake social media profiles is pushing pro-China narratives and attempting to discredit those seen as opponents of China’s government, according to a new study. The aim is to delegitimise the West and boost China’s influence and image overseas, the report by the Centre for Information Resilience (CIR) suggests.
Tomi Engdahl says:
New CISA chief announces Joint Cyber Defense Collaborative with private sector https://therecord.media/new-cisa-chief-announces-joint-cyber-defense-collaborative-with-private-sector/
The new Cybersecurity and Infrastructure Security Agency Director Jen Easterly appealed to the private sector for help fending off digital attackers and announced an initiative called the Joint Cyber Defense Collaborative (JCDC) partnering with major tech and cybersecurity firms Thursday at the Black Hat Security conference. The initial partners in the program are Crowdstrike, Palo Alto, FireEye, Amazon Web Services, Google, Microsoft, AT&T, Verizon, and Lumen, according to Easterly.
Tomi Engdahl says:
Lessons Learned From Examining More Than a Decade of Public ICS/OT Exploits
https://www.dragos.com/blog/industry-news/lessons-learned-from-examining-decade-of-public-ics-ot-exploits-data/
report:
https://hub.dragos.com/hubfs/Whitepapers/Examining%20Public%20ICS%20OT%20Exploits%20-%20Dragos%202021.pdf?hsLang=en
Tomi Engdahl says:
Messaging Apps Have an Eavesdropping Problem https://www.wired.com/story/signal-facebook-messenger-eavesdropping-vulnerabilities/
Vulnerabilities in Signal, Facebook Messenger, Google Duo, and more all point to a pervasive privacy issue. “I find interaction-less bugs to be the most interesting class of vulnerabilities just because they’re so useful to attackers, ” Silvanovich says. “If a user doesn’t have to do anything, that’s the easiest thing.”
Tomi Engdahl says:
Microsoft Exchange Used to Hack Diplomats Before 2021 Breach https://www.bloomberg.com/news/articles/2021-08-04/microsoft-exchange-used-to-hack-diplomats-before-2021-breach
Researchers say attacks a prequel to this year’s cyber-assault.
Foreign ministries, energy companies said to be compromised
ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group https://securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/
IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453.
LittleLooter, ITG18′s Android Surveillance Tool
Tomi Engdahl says:
LockBit ransomware recruiting insiders to breach corporate networks https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts.
Tomi Engdahl says:
Several Malware Families Targeting IIS Web Servers With Malicious Modules https://thehackernews.com/2021/08/several-malware-families-targeting-iis.html
A systematic analysis of attacks against Microsoft’s Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.
Tomi Engdahl says:
Supply Chain Attacks from a Managed Detection and Response Perspective https://www.trendmicro.com/en_us/research/21/h/supply-chain-attacks-from-a-managed-detection-and-response-persp.html
In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months. Incident #1: Attack on the Kaseya platform. Incident #2: Credential dumping attack on the Active Directory
Tomi Engdahl says:
The State Department and 3 other US agencies earn a D for cybersecurity https://arstechnica.com/information-technology/2021/08/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity/
Two years after a damning cybersecurity report, auditors find little has improved.
Tomi Engdahl says:
NSA, CISA release Kubernetes Hardening Guidance https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance, ” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.
Tomi Engdahl says:
A Cold War is raging in cyberspace. Here’s how countries are preparing their defenses https://www.zdnet.com/article/a-cold-war-is-raging-in-cyberspace-heres-how-countries-are-preparing-their-defenses/
Much like conventional militaries, countries also need to perform occasional drills of their cybersecurity defenses. Instead of soldiers and tanks, these involve virtual machines and months of pestering executives for their login credentials.
Tomi Engdahl says:
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/
Ransomware operators love them: Key trends in the Initial Access Broker space https://www.zdnet.com/article/ransomware-operators-love-them-key-trends-in-the-initial-access-broker-space/
In a threat actor’s mind, take out the legwork, reap the proceeds of blackmail.
Tomi Engdahl says:
PwnedPiper vulnerabilities impact 80% of major hospitals in North America https://therecord.media/pwnedpiper-vulnerabilities-impact-80-of-major-hospitals-in-north-america/
Details have been published today about a collection of nine vulnerabilities known as PwnedPiper that impact common a type of medical equipment that’s installed in roughly 80% of all major hospitals in North America.
Tomi Engdahl says:
A Tech Firm Has Blocked Some Governments From Using Its Spyware Over Misuse Claims
https://www.npr.org/2021/07/29/1022409865/nso-suspended-govvernment-contracts-spyware-pegasus-project?t=1627773668726
Israeli spyware company NSO Group has temporarily blocked several government clients around the world from using its technology as the company investigates their possible misuse, a company employee told NPR on Thursday.
Tomi Engdahl says:
Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall https://www.zdnet.com/article/ransomware-attack-volume-sets-record-reaches-more-than-300-million-for-first-half-of-2021-sonicwall/
The US, UK, Germany, South Africa and Brazil topped the list of countries most impacted by ransomware attempts while states like Florida and New York struggled as well.
Decryptor released for Prometheus ransomware victims https://therecord.media/decryptor-released-for-prometheus-ransomware-victims/
Taiwanese security firm CyCraft has released a free application that can help victims of the Prometheus ransomware recover and decrypt some of their files. Available on GitHub, the decryptor effectively works by brute-forcing the encryption key used to lock the victim’s data.