Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Valtorin pelko osui oikeaan: katkenneet kahdennetut kaapelit samassa kourussa TietoEvryltä saatetaan vaatia korvauksia
https://www.tivi.fi/uutiset/tv/fdc81ca9-3dbe-42cc-8e0a-ed0075e4ae15
Valtorin asiakkuusjohtaja Jouni Mustonen kertoo Tiville, että asia oli niin kuin aiemmin epäiltiin: tietoliikenneyhteydet oli kahdennettu, mutta siten, että molemmat yhteydet kulkivat samassa kourussa.
Tomi Engdahl says:
Disinformation for hire: PR firms are the new battleground for Facebook https://www.zdnet.com/article/disinformation-for-hire-pr-firms-are-the-new-battleground-for-facebook/
Facebook’s head of security policy has testified before an Australian Parliamentary inquiry that his company has witnessed an increasing use of marketing firms or PR agencies that are essentially hired to run disinformation campaigns.
Tomi Engdahl says:
Mexico says officials spent $61 million on Pegasus spyware https://www.pbs.org/newshour/world/mexico-says-officials-spent-61-million-on-pegasus-spyware
Mexicos top security official said Wednesday that two previous administrations spent $61 million to buy Pegasus spyware that has been implicated in government surveillance of opponents and journalists around the world.
Tomi Engdahl says:
APT trends report Q2 2021
https://securelist.com/apt-trends-report-q2-2021/103517/
We have reported several supply-chain attacks in recent months.. While some were major and have attracted worldwide attention, we observed equally successful low-tech attacks, such as BountyGlad, CoughingDown and the attack targeting Codecov.
Tomi Engdahl says:
Cyber-attack on Iranian railway was a wiper incident, not ransomware https://therecord.media/cyber-attack-on-iranian-railway-was-a-wiper-incident-not-ransomware/
The cyber-attack that paralyzed Irans national railway system at the start of the month was caused by a disk-wiping malware strain named Meteor and not by a ransomware attack, according to research published by security firms Amnpardaz and SentinelOne, which managed to obtain a copy of the malware.. Also https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/
Tomi Engdahl says:
Disentangling Disinformation: Not as Easy as it Looks https://www.eff.org/deeplinks/2021/07/disentangling-disinformation-not-easy-it-looks
But while disinformation superspreaders are easy to identify based on the sheer amount of information they disseminate, tackling disinformation at a systemic level is not an easy task, and some of the policy proposals were seeing have us concerned. Heres why.
Tomi Engdahl says:
Google Play Protect fails Android security tests once more https://www.bleepingcomputer.com/news/security/google-play-protect-fails-android-security-tests-once-more/
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.
Tomi Engdahl says:
‘Woefully insufficient’: Biden administration’s assessment of critical infrastructure infosec protection https://www.theregister.com/2021/07/29/biden_memo_on_critical_infrastructure_control_systems_security/
The Memorandum was accompanied by transcripts of remarks made by a “Senior administration official” who said the edicts are needed because “We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.
Tomi Engdahl says:
Israel begins investigation into NSO Group spyware abuse https://www.technologyreview.com/2021/07/28/1030244/israel-investigation-nso-group-pegasus-spyware/
Israeli government officials visited the offices of the hacking company NSO Group on Wednesday to investigate allegations that the firms spyware has been used to target activists, politicians, business executives, and journalists, the countrys defense ministry said in a statement today.. Also in NSO coverage
https://www.ft.com/content/24f22b28-56d1-4d66-8f76-c9020b1b5cb1 “How Israel used NSO spyware as diplomatic calling card”, and BSI guidance at https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-234348-1032.pdf
Tomi Engdahl says:
Understanding the increase in Supply Chain Security Attacks https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks
The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the suppliers code..
Report at
https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks/at_download/fullReport
Tomi Engdahl says:
Mid-Year Attack Trends Report Reveals A 29% Increase In Cyberattacks Against Organizations Globally https://research.checkpoint.com/2021/check-point-softwares-mid-year-attack-trends-report-reveals-a-29-increase-in-cyberattacks-against-organizations-globally/
Cyber Attack Trends: 2021 Mid-Year Report uncovers how cybercriminals have continued to exploit the Covid-19 pandemic and highlights a dramatic global 93% increase in the number of ransomware attacks
IBM cost of data breach report
https://www.ibm.com/downloads/cas/OJDVQGRY
The average total cost of a data breach increased by nearly 10% year over year, the largest single year cost increase in the last seven years. Remote working and digital transformation due to the COVID-19 pandemic increased the average total cost of a data breach. Healthcare organizations experienced the highest average cost of a data breach, for the eleventh year in a row
Tomi Engdahl says:
PDF as a Weapon of Choice on the Cybersecurity Battlefield https://www.deepinstinct.com/2021/07/28/pdf-as-a-weapon-of-choice-on-the-cybersecurity-battlefield/
In this blog well look more closely at the PDF and a variety of ways cybercriminals are using it to fool detection and infiltrate networks.
Well also show how Deep Instinct detects compromised PDFs, immediately disabling them from being opened.
Tomi Engdahl says:
NSA Issues Guidance on Securing Wireless Devices in Public Settings https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2711968/nsa-issues-guidance-on-securing-wireless-devices-in-public-settings/
NSA released the Cybersecurity Information Sheet, Securing Wireless Devices in Public Settings today to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers identify potential threats and minimize risks to their wireless devices and data.. Guidance at https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF
Tomi Engdahl says:
The Inevitable Weaponization of App Data Is Here https://www.vice.com/en/article/pkbxp8/grindr-location-data-priest-weaponization-app
It finally happened. After years of warning from researchers, journalists, and even governments, someone used highly sensitive location data from a smartphone app to track and publicly harass a specific person.. The data itself didn’t contain each mobile phone user’s real name, but The Pillar and its partner were able to pinpoint which device belonged to Burill by observing one that appeared at the USCCB staff residence and headquarters, locations of meetings that he was in, as well as his family lake house and an apartment that has him listed as a resident. . In other words, they managed to, as experts have long said is easy to do, unmask this specific person and their movements across time from an supposedly anonymous dataset.. Also https://www.schneier.com/blog/archives/2021/07/de-anonymization-story.html
Tomi Engdahl says:
Top Routinely Exploited Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
This Joint Cybersecurity Advisory was coauthored by the U.S.
Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdoms National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). . This advisory provides details on the top 30 vulnerabilitiesprimarily Common Vulnerabilities and Exposures (CVEs)routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
Tomi Engdahl says:
Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report https://unit42.paloaltonetworks.com/ransomware-families/
In the first quarter (Q1) of 2021, Unit 42 detected 113 different ransomware families in the wild. Based on the statistical data, the top 15 ransomware families only cover 52.3% of total ransomware cases.
This demonstrates the diversity of ransomware and emphasizes how difficult it is to expand ransomware detection coverage with static profiling.
Tomi Engdahl says:
No More Ransom saves almost 1 billion in ransomware payments in 5 years https://www.bleepingcomputer.com/news/security/no-more-ransom-saves-almost-1-billion-in-ransomware-payments-in-5-years/
The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost 1 billion in ransomware payments.
2021 RANSOMWARE IMPACT REPORT
https://www.keeper.io/hubfs/2021_Ransomware_Impact_Report/2021_Ransomware_Impact_Report.pdf
But what happens within an organization post-attack? How are internal processes affected? Whats the impact on employee efficiency and productivity? To find out, Keeper surveyed 2,000 employees across the U.S. whose employers had suffered a ransomware attack in the previous
12 months.. 49% of respondents told Keeper that their employers paid the ransom. However, this money didnt fall out of the sky: 93% reported that their employers tightened budgets in other areas following the ransom payment.. 26% of respondents reported that their employers disclosed the attack only to partners and customers (not the general public), while 15% didnt tell anyone. This indicates that ransomware attacks are likely far more pervasive than anyone realizes.
Tomi Engdahl says:
Disrupting Ransomware by Disrupting Bitcoin https://www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html
We suggest an easier alternative: merely disrupt the cryptocurrency markets. Making them harder to use will have the effect of making them less useful as a ransomware payment vehicle, and not just because victims will have more difficulty figuring out how to pay. The reason requires understanding how criminals collect their profits.
Tomi Engdahl says:
Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
The average ransom payment declined to $136,576 while the median fell to $47,008, levels not seen since the beginning of 2021. The decrease was primarily driven by a growing number of disparate Ransomware-as-a-Service brands that have proliferated recently, and which have diluted the concentration of attacks controlled by just a few.. [Interesting chart on the various degrees of state responsibility for cyber attacks https://images.squarespace-cdn.com/content/v1/5ab16578e2ccd10898976178/1627049256926-84KBU1XKAFQ6HWRKRW0U/State+responsibility.png
Tomi Engdahl says:
Even after Emotet takedown, Office docs deliver 43% of all malware downloads now https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/
Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope.. Report at https://go.netskope.com/rs/665-KFP-612/images/2021-07-Cloud%20and%20Threat%20Report-RR-474-1.pdf
Tomi Engdahl says:
Meet Package Hunter: A tool for detecting malicious code in your dependencies https://about.gitlab.com/blog/2021/07/23/announcing-package-hunter/
Package Hunter is a tool to analyze a program’s dependencies for malicious code and other unexpected behavior by installing the dependencies in a sandbox environment and monitoring system calls executed during the installation. Any suspicious system calls are reported to the user for further examination. It currently supports testing NodeJS modules and Ruby Gems.
Tomi Engdahl says:
Shortcomings With Financial Market Infrastructure Companies Business Continuity And Cybersecurity Plans Need To Be Resolved https://www.forbes.com/sites/mayrarodriguezvalladares/2021/07/25/shortcomings-with-financial-market-infrastructure-companies-business-continuity-and-cybersecurity-plans-need-to-be-resolved/
[A report released this week] shows that it is doubtful that [financial markets infrastructure companies] business continuity plans
(BCPs) are designed to ensure that critical information technology
(IT) systems can resume operations within two hours following disruptive events and enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme . circumstances.
Tomi Engdahl says:
First came the ransomware attacks, now come the lawsuits https://www.msn.com/en-us/news/us/first-came-the-ransomware-attacks-now-come-the-lawsuits/ar-AAMxd5i
[Several] class-action lawsuit [...] are popping up in the wake of high-profile ransomware attacks. Another lawsuit filed against Colonial in Georgia in May seeks to get damages for regular consumers who had to pay higher gas prices. A third is in the works, with law firm Chimicles Schwartz Kriner & Donaldson-Smith LLP seeking to mount a similar effort. Colonial isnt the only company thats . been targeted. Another suit was launched in June against the San Diego based hospital system Scripps Health after it was hit by a ransomware attack.
Tomi Engdahl says:
The 25 most dangerous software vulnerabilities to watch out for https://www.zdnet.com/article/the-25-most-dangerous-software-vulnerabilities-to-watch-out-for/
Top of the list with the highest score by some margin is CWE-787:
Out-of-bounds Write, a vulnerability where software writes past the end, or before the beginning, of the intended buffer. . Second in the list is CWE-79: Improper Neutralization of Input During Web Page Generation, a cross-site scripting vulnerability which doesn’t correctly neutralise inputs before being placed as outputs on a website. . Third in the list is CWE-125: Out-of-bounds Read, a vulnerability which can allow attackers read sensitive information from other memory locations or cause a crash.
Tomi Engdahl says:
It’s time for a Business Logic API Security Testing Approach https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html
To do this, you must find ways to simplify and streamline your organization’s API security testing, integrating and enforcing API security testing standards within the development cycle. This way, along with runtime monitoring, the security team can gain visibility into all known vulnerabilities in one place. As a bonus, taking steps to shift-left API security testing will cut costs and accelerate .
time to remediation.
Tomi Engdahl says:
Zero trust architecture design principles 1.0 launched.
https://www.ncsc.gov.uk/blog-post/zero-trust-1-0
The eight principles outlined in our guidance will help you to implement your own zero trust network architecture in an enterprise environment.. The principles are: Know your architecture, including users, devices, services and data. Know your User, Service and Device identities. Assess your user behaviour, device and service health. Use policies to authorise requests. Authenticate & Authorise everywhere.
Focus your monitoring on users, devices and services. Don’t trust any network, including your own. Choose services designed for zero .
trust.
Tomi Engdahl says:
Tech support scams remain a threat globally and in Asia Pacific despite drop in encounters: Microsoft survey https://news.microsoft.com/apac/2021/07/22/tech-support-scams-remain-a-threat-globally-and-in-asia-pacific-despite-drop-in-encounters-microsoft-survey/
Globally, three out of five consumers encountered a tech support scam in the last 12 months, a five-point drop since 2018. Gen Zers and Millennials most likely to continue interactions when targeted with tech support scams
Tomi Engdahl says:
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
Anything that can gain access to machineseven so-called commodity malwarecan bring in more dangerous threats. Weve seen this in banking Trojans serving as entry point for ransomware and hands-on-keyboard attacks. LemonDuck, an actively updated and robust malware thats primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more . sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.. LemonDucks threat to enterprises is also in the fact that its a cross-platform threat. Its one of a few documented bot malware families that targets Linux systems as well as Windows devices. It uses a wide range of spreading mechanismsphishing emails, exploits, USB devices, brute force, among othersand it has shown that it can quickly take advantage of news, events, or the release of . new exploits to run effective campaigns.
Tomi Engdahl says:
Top Organizations on GitHub Vulnerable to Dependency Confusion Attacks https://redhuntlabs.com/blog/top-organizations-on-github-vulnerable-to-dependency-confusion-attack.html
On analyzing these repositories, we found that 93 repositories out of Top 1000 GitHub Organizations are using a package that doesnt exist on a public package index which can be claimed by an attacker to cause a supply chain attack. On similar lines, we observed that 169 repositories were found to be installing dependencies from a host that isnt reachable over the internet and 126 repositories . were installing packages owned by a GitHub/Gitlab user that doesnt exist.
Tomi Engdahl says:
The NSO Surveillance List: What It Is and Isnt https://zetter.substack.com/p/the-nso-surveillance-list-what-it
A series of blockbuster stories published this week around a leaked list of 50,000 phone numbers have created confusion about whether the owners of those numbers were targets of surveillance or not.. To give readers a little clarity about the list and its revelations, Ive laid out what we do and dont know about it and how it might have been used.
. Also
https://www.calcalistech.com/ctech/articles/0,7340,L-3912882,00.html
Tomi Engdahl says:
Long-awaited bill would force breach victims to contact CISA https://www.scmagazine.com/analysis/breach/long-awaited-bill-would-force-breach-victims-to-contact-cisa
The Cyber Incident Notification Act would give federal agencies, government contractors, and critical infrastructure owners and operators 24 hours to report breaches to CISA
Tomi Engdahl says:
Virtuaalivaluuttoihin liittyviä rahanpesuilmoituksia alkuvuonna yli 3,
4 miljoonaa kappaletta, kertoo KRP
https://www.is.fi/digitoday/tietoturva/art-2000008140592.html
Selvittelykeskus kirjasi kesäkuun loppuun mennessä rahanpesurekisteriin ennätykselliset yli 3466000 epäilyttävää liiketoimea tai epäiltyä terrorismin rahoittamista koskevaa ilmoitusta. Näistä noin 26600 tuli muilta kuin virtuaalivaluuttapalveluihin liittyviltä tahoilta.
Tomi Engdahl says:
USA: DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators https://www.dhs.gov/news/2021/07/20/dhs-announces-new-cybersecurity-requirements-critical-pipeline-owners-and-operators
This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.
Tomi Engdahl says:
New Linux kernel bug lets you get root on most modern distros https://www.bleepingcomputer.com/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/
As discovered by Qualys researchers, the LPE security flaw tracked as
CVE-2021-33909 (dubbed Sequoia) is present in the filesystem layer used to manage user data, a feature universally used by all major
(Linux) operating systems. According to Qualys’ research, the vulnerability impacts all Linux kernel versions released since 2014.
Qualys:
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
Tomi Engdahl says:
Kiina: ulkoasiainedustajan Euroopan unionin puolesta antama julkilausuma, jossa Kiinan viranomaisia kehotetaan ryhtymään toimiin Kiinan alueelta käsin toteutettuja haitallisia kybertoimia vastaan https://www.consilium.europa.eu/fi/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/
EU ja sen jäsenmaat paljastavat tänään yhdessä kumppaneidensa kanssa haitallisia kybertoimia, joilla on ollut merkittävä vaikutus talouteen, turvallisuuteen, demokratiaan ja koko yhteiskuntaan. EU ja sen jäsenmaat arvioivat, että nämä haitalliset kybertoimet on toteutettu Kiinan alueelta käsin. Nämä toimet voidaan yhdistää hakkeriryhmiin, jotka tunnetaan nimillä Advanced Persistent Threat 40 ja Advanced Persistent Threat 31. Toimet on toteutettu Kiinan alueelta käsin tarkoituksena teollis- ja tekijänoikeuksien varastaminen ja vakoilu. Katso myös UK:n, USAn ja NATOn vastaavat lausunnot:. UK:
https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking.
USA:
https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/.
NATO: https://www.nato.int/cps/en/natohq/news_185863.htm. CISA/NSA/FBI
TTPs:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/19/us-government-releases-indictment-and-several-advisories-detailing
Tomi Engdahl says:
Selvitys: Unkari ja yhdeksän muuta maata vakoilleet kansalaisiaan israelilaisyrityksen haittaohjelmalla “tarkkailulistalla” jopa tuhansia henkilöitä
https://yle.fi/uutiset/3-12025927
Kansainvälisen toimittajaryhmän selvitys antaa viitteitä, että useat valtiot ovat käyttäneet terrorismintorjuntaan tarkoitettua vakoiluohjelmaa kansalaistensa tarkkailemiseen. Hakkeroinnin uhreiksi epäillään joutuneen muun muassa toimittajia ja ihmisoikeusaktivisteja.
Kaikkiaan kymmenen maan hallituksia voidaan epäillä kansalaistensa vakoilemisesta. Nämä valtiot ovat EU-maa Unkari, Azerbaidzan, Bahrain, Kazakstan, Meksiko, Marokko, Ruanda, Saudi-Arabia, Intia ja Yhdistyneet Arabiemiirikunnat. Selvityksen mukaan Pegasus-ohjelmaa on levitetty Applen iPhone-laitteisiin iMessage-viesteissä olevan uuden haavoittuvuusketjun välityksellä. Tästä ei vielä ole tarkempia tietoja. HS: https://www.hs.fi/ulkomaat/art-2000008134250.html.
Amnesty:
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/.
The Guardian:
https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus.
Forbes:
https://www.forbes.com/sites/thomasbrewster/2021/07/19/pegasus-spyware-does-apple-have-major-imessage-security-problems/
Tomi Engdahl says:
Top CVEs Trending with Cybercriminals
https://threatpost.com/top-cves-trending-with-cybercriminals/167889/
An analysis by Cognyte examined 15 cybercrime forums between Jan. 2020 and March 2021. The researchers found ZeroLogon, SMBGhost and BlueKeep were among the most buzzed about vulnerabilities among attackers between Jan. 2020 and March 2021. The report added, the 9-year-old
CVE-2012-0158 was exploited by threat actors during the COVID-19 pandemic in 2020, which, “indicates that organizations are not patching their systems and are not maintaining a resilient security posture.”
Tomi Engdahl says:
Cancer patient to sue Cork’s Mercy Hospital over cyber hack https://www.irishexaminer.com/news/munster/arid-40337252.html
One of the first legal cases over the release of sensitive medical information on the dark web as part of the HSE cyber hack has been lodged at Cork Circuit Court. On May 14, the HSE became aware of a significant ransomware attack on some of its systems, resulting in more than 85, 000 computers being shut down in an attempt to contain the attack. By the end of June, 75% of its servers had been decrypted.
The solicitor said some, but not all, information relating to the man’s medical files had been put up on the dark web and he had other clients in a similar situation for whom he expects to lodge legal proceedings as well.
Tomi Engdahl says:
Verifiable design in modern systems
https://security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html
The way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get cryptographic certainty of what the software has done. In this post, we’ll introduce the concept of verifiable data structures that help us get this cryptographic certainty. We’ll describe some existing and new applications of verifiable data structures, and provide some additional resources we have created to help you use them in your own applications.
Tomi Engdahl says:
Finanssiala varoittaa Älä mene verkkopankkiin hakukoneella
https://www.kauppalehti.fi/uutiset/finanssiala-varoittaa-ala-mene-verkkopankkiin-hakukoneella/b70e4e0e-8838-44f4-b477-b42b08f2b999
Huijarit ovat saaneet ujutettua Googlen ja Bingin kaltaisiin hakukoneisiin omia mainoksiaan, jotka ponnahtavat kärkeen, jos pyrkii haun avulla verkkopankkiin, varoittaa Finanssiala ry tiedotteessaan.
Pankeista neuvotaan, että verkkopankkiin tulee aina kirjautua hakukoneen sijaan selaimen osoitekentän kautta. Verkkopankin kirjautumissivun voi myös tallentaa selaimen kirjanmerkkeihin.
Tomi Engdahl says:
SuomiAreenassa kyberturvallisuudesta 5G-aikana: Meillä kaikilla on vastuumme https://www.huoltovarmuuskeskus.fi/a/suomiareenassa-kyberturvallisuudesta-5g-aikana
Monen elämä muuttui digitaaliseksi, kun korona esti kasvokkaiset tapaamiset ja työ siirtyi pois toimistolta. Ilman toimivia yhteyksiä sukulaisten kuulumiset olisivat jääneet kuulematta ja työpalaverit hankaloituneet. Digitaalisuus on arkea, joten myös siihen liittyvästä turvallisuudesta on jokaisen pidettävä jatkuvasti huolta. Huijaukset ja kalastelut sekä haittaohjelmat ovat tärkeimpiä kyberuhkia, joihin tavalliset ihmiset törmäävät joko töissä tai vapaa-ajalla. Tavoitteena on saada ihminen lataamaan jokin haitallinen linkki tai antamaan tietoja, joiden avulla voidaan saada rahaa tai tietoa, josta voi koitua ongelmia käyttäjälle.
Tomi Engdahl says:
Web shells: How can we get rid of them and why law enforcement is not really the answer https://www.gdatasoftware.com/blog/webshells
Microsoft recorded a total of 144,000 web shell attacks between August
2020 and January 2021. Web shells are very light programmes (scripts) that hackers install to either attack affected websites or web-facing services or prepare a future attack. A web shell allows hackers to execute standard commands on web servers that have been compromised.
Web shells use code such as PHP, JSP or ASP for this purpose. When the web shells are successfully installed, the hackers are able to execute the same commands as the administrators of the website can. They can also execute commands that steal data, install malicious code and provide system information that allows hackers to penetrate deeper into networks.
Tomi Engdahl says:
Chinese government lays out new vulnerability disclosure rules https://therecord.media/chinese-government-lays-out-new-vulnerability-disclosure-rules/
The Chinese government has published new regulation on Tuesday laying out stricter rules for vulnerability disclosure procedures inside the countrys borders. The new rules include controversial articles, such as ones introducing restrictions to prevent security researchers from disclosing bug details before a vendor had a reasonable chance to release fixes and the mandatory disclosure of bug details to state authorities within two days of a bug report.. Also:
https://www.scmp.com/tech/policy/article/3141098/beijing-pushes-chinese-firms-report-cybersecurity-vulnerabilities-early
Tomi Engdahl says:
CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses https://us-cert.cisa.gov/ncas/current-activity/2021/07/14/cisa-insights-guidance-msps-and-small-and-mid-sized-businesses
CISA has released CISA Insights: Guidance for Managed Service Providers (MSPs) and Small- and Mid-sized Businesses, which provides mitigation and hardening guidance to help these organizations strengthen their defenses against cyberattacks. Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors. Compromises of MSPssuch as with the recent Kaseya ransomware attackcan have globally cascading effects and introduce significant risk to MSP customers.
Tomi Engdahl says:
How We Protect Users From 0-Day Attacks
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
Zero-day vulnerabilities are unknown software flaws. Until theyre identified and fixed, they can be exploited by attackers. Threat Analysis Group (TAG) actively works to detect hacking attempts and influence operations to protect users from digital attacks, this includes hunting for these types of vulnerabilities because they can be particularly dangerous when exploited and have a high rate of success. In this blog, were sharing details about four in-the-wild 0-day campaigns targeting four separate vulnerabilities weve discovered so far this year.
Tomi Engdahl says:
Cybersecurity organizations announce new first responder credentialing program https://www.zdnet.com/article/cybersecurity-organizations-announce-new-first-responder-credentialing-program/
Cybersecurity companies and organizations are banding together to create a cybersecurity first responder credentialing program designed to support both large and small organizations dealing with cyber incidents. The ISA Global Cybersecurity Alliance is working with CISA on the effort alongside the Incident Command System for Industrial Control Systems (ICS4ICS) and more than 50 other cybersecurity companies, universities and corporations. The groups will be incorporating FEMA’s Incident Command System framework for response structure, roles, and interoperability, according to a statement from ISA.
Tomi Engdahl says:
Nämä syyt tekevät Suomesta houkuttelevan kohteen yritysvakoilijalle “tietoturvaosaaminen on rajallista https://www.tivi.fi/uutiset/tv/2e808f5d-e7eb-4387-843d-e2e07abbbd8b
Yritysvakoilu on uhka, johon suomalaisyritykset ovat viime vuosina alkaneet hiljalleen herätä. Asiantuntijoiden mukaan Suomi on otollinen kohde varkaille, jotka havittelevat yritysten tietopääomaa. Helsingin seudun kauppakamarin Yritysvakoilu 2021 -selvityksessä joka neljäs vastaaja on työskennellyt yrityksessä, jonka epäillään olleen yritysvakoilun kohteena. Paljastuneista tekijöistä kaksi kolmasosaa oli ulkomaalaisia ja yksi kolmasosa kotimaisia tahoja. Yli puolesta tapauksista ei tehty minkäänlaista ilmoitusta viranomaisille. Reilu viidennes selvityksen tapauksista on johtanut yli miljoonan euron vahinkoihin yritykselle.
Tomi Engdahl says:
BazarBackdoor sneaks in through nested RAR and ZIP archives https://www.bleepingcomputer.com/news/security/bazarbackdoor-sneaks-in-through-nested-rar-and-zip-archives/
Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file. The multi-compression or nested archive method is not new but gained in popularity recently as it can trick email security gateways into mislabeling malicious attachments as clean. It consists of placing an archive within another. Researchers at Cofense say that this method can bypass some secure email gateways (SEGs), which can have a limit to how deep they check a compressed file.
Tomi Engdahl says:
How Zoom moved toward end-to-end encryption https://www.kaspersky.com/blog/rsa2021-zoom-end-to-end-encryption/40562/
Zooms presentation at RSA Conference 2021 focused on end-to-end encryption in Zoom Cloud Meetings. The company explained why its developers are focusing on the issue, how they plan to make calls more secure, and what other new, security-related features users can expect. The pandemic forced many of us to switch to long-term remote work and communicate with colleagues and loved ones through teleconferencing software. Zooms high popularity aroused the interest of security experts and cybercriminals alike, whereupon many quickly learned that not all was well with the platforms security.
Tomi Engdahl says:
British spy chief declares ransomware biggest online threat https://www.pandasecurity.com/en/mediacenter/security/ransomware-biggest-threat/
The digital world is full of risks and pitfalls but one is more dangerous than others. According to Lindy Cameron, chief executive of the UKs National Cyber Security Centre, computerised extortion is the one to watch out for. Camerons job is to protect the UK from cyberthreats including major attacks by hostile foreign governments.
During a recent speech however, she claimed that ransomware presents the most immediate threat and disruptive potential.