Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
How to Avoid Being Impacted by a Managed Service Provider (MSP) Breach https://www.crowdstrike.com/blog/how-to-avoid-being-a-victim-of-a-msp-breach/
Managed service providers (MSPs) provide extremely important and valuable services by assisting organizations with information technology related tasks such as provisioning software or Active Directory accounts. Yet despite all of the benefits an MSP can provide, theres also an inherent risk: if an MSP is breached, its customers may also be. This scenario played out on the world stage July 2 with the REvil ransomware attack that targeted Kaseya a key software provider to MSPs and as a result, the MSPs themselves (fewer than 60 Kaseya customers) and just under 1,500 downstream companies, according to Kaseyas public statement at noon on July 6.
Tomi Engdahl says:
DNS Provider Hit With Outrageous Blocking Order Is Your Provider Next?
https://www.eff.org/deeplinks/2021/07/dns-provider-hit-outrageous-blocking-order-your-provider-next
The seemingly endless battle against copyright infringement has caused plenty of collateral damage. But now that damages is reaching new levels, as copyright holders target providers of basic internet services. For example, Sony Music has persuaded a German court to order a Swiss domain name service (DNS) provider, Quad9, to block a site that simply indexes other sites suspected of copyright . Quad9 has no special relationships with any of the alleged infringers. It simply resolves domain names, conveying the public information of which web addresses direct to which server, on the public internet, like many other service providers.
Tomi Engdahl says:
A Controversial Tool Calls Out Thousands of Hackable Websites https://www.wired.com/story/punkspider-web-site-vulnerabilities/
At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to releaseor, rather, to upgrade and re-release after a years-long hiatusa tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible
Tomi Engdahl says:
HP finds 75% of threats were delivered by email in first six months of
2021
https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/
HP’s researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools are able to solve CAPTCHA challenges using computer vision techniques. . Report at https://threatresearch.ext.hp.com/wp-content/uploads/2021/07/HP_Wolf_Security_Threat_Insights_Report_H1_2021.pdf
Tomi Engdahl says:
Hackers Turning to ‘Exotic’ Programming Languages for Malware Development https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html
Earlier this year, enterprise security firm Proofpoint discovered new malware written in Nim (NimzaLoader) and Rust (RustyBuer) that it said were being used in active campaigns to distribute and deploy Cobalt Strike and ransomware strains via social engineering campaigns. In a similar vein, CrowdStrike last month observed a ransomware sample that borrowed implementations from previous HelloKitty . and FiveHands variants, while using a Golang packer to encrypt its main C++-based payload.
Tomi Engdahl says:
Politics and Security Don’t Mix
https://www.securityweek.com/politics-and-security-dont-mix
There are plenty of issues and challenges every security team already faces. There’s no need to add politics to them.
Sometimes, it seems like politics is everywhere lately. In recent years, politics seems to have worked its way into all kinds of places that used to be relatively free of it. Whether it be sports, food, or yes, even work, I’m guessing I’m not the only person who longs for a time when not everything was politicized.
Aside from being unpleasant, it turns out that politics is bad for security. How so? Security professionals already have a tough enough job to do when we stick to the issues related to managing and mitigating risk in the enterprises we defend. When we stray beyond those issues, and in particular, into the realm of politics, it not only makes our jobs harder – it also reduces our effectiveness. Allow me to elaborate on why that is the case.
Tomi Engdahl says:
Is Your SecOps Solution Keeping Up?
https://www.securityweek.com/your-secops-solution-keeping
The goal of any SecOps system is to collect, correlate, and assess data gathered from every corner of the network to detect and investigate anomalous behavior and then respond promptly to thwart an attack before its damage is done. And when networks were primarily contained within a clearly defined and static perimeter, this was not just an aspirational goal. It was well within the ability of virtually any SecOps team.
My, how things have changed.
Tomi Engdahl says:
Cloud Considerations Learned from the Pandemic
https://www.securityweek.com/cloud-considerations-learned-pandemic
Over the last 18 months, there have been massive scale changes in how everyone works, learns and socializes online primarily due to the pandemic. We all had to stay home; a switch flipped and being online was more critical than ever before.
Cyber attackers took advantage of this situation, not with the development of advanced threats, but by accelerating existing malware campaign capabilities with minor enhancements. For example, there has been growth in DDoS attacks, disconnecting employees from work and acting as a smokescreen that distracts security teams long enough for a penetration attack to map the network and deploy malware on vulnerable devices. Many of these attacks are targeted at critical verticals such as education and healthcare, with vast phishing and ransomware campaigns causing systems to go offline. For many, there has been no choice but to pay the ransom to get back online fast.
Cloud platform attacks are growing in frequency as more people must rely on cloud services for their daily work – collaboration, file-sharing and videoconferencing, to name a few. The common methods of these attacks are password theft via spear-phishing or user-coercion, which allow an attacker to steal data or take control of cloud systems, as well as malicious videoconferencing access that can not only disrupt business, but also allow an unknown user to hide in plain sight and secretly listen in on confidential conversations.
All types of attacks are damaging, potentially affecting business flow and reputation, but enterprises have been quick to learn due to the rapid transition to remote working environments. With the proliferation of mobile devices and requirements for always-on connectivity and access, we’ve all become familiar with the conversation around shifting network perimeters and the elastic security needed to expand and contract based on dynamic usage and demand.
The Network Pushed to the Edge
Tomi Engdahl says:
New ‘Allstar’ App Enforces Security Best Practices for GitHub Projects
https://www.securityweek.com/new-allstar-app-enforces-security-best-practices-github-projects
The Open Source Security Foundation (OpenSSF) on Wednesday announced the availability of a new GitHub app that can be used to automatically and continuously enforce security best practices for GitHub projects.
The new application, named Allstar, was developed by Google and released through OpenSSF, of which the tech giant is a founding member. Allstar is a companion to Security Scorecards, an automated risk assessment tool for repositories and their dependencies that was also contributed by Google.
Allstar GitHub appAllstart continuously checks GitHub API states and file contents against defined security policies. If they don’t match, the application applies user-defined enforcement actions.
“Security Scorecards checks a number of important heuristics (currently 18), such as whether the project uses branch protection, cryptographically signs release artifacts, or requires code review. From these scores, users can understand specific areas to improve in order to strengthen the security posture of their project,” explained Google’s Mike Maraya and Jeff Mendoza.
https://github.com/ossf/allstar
Tomi Engdahl says:
Introducing the Allstar GitHub App
By OpenSSFAugust 11, 2021Blog
https://openssf.org/blog/2021/08/11/introducing-the-allstar-github-app/
Tomi Engdahl says:
Leading Threat to Industrial Security is Not What You Think
https://www.securityweek.com/leading-threat-industrial-security-not-what-you-think
As attackers become more sophisticated, so do their attacks. This in turn exposes threat vectors that once were thought to be well protected, or at least not interesting enough to attack. Nowhere is this truer than in industrial control systems (ICS) environments.
The growing practice of connecting ICS to enterprise networks and the internet, driven by technologies such as IoT, edge computing and analytics platforms, has put ICS on the radar of cybercriminals.
ICS attacks can cause severe problems, ranging from supply chain disruption to physical damage to components and subsystems. What’s more, ICS traffic often contains proprietary data or information that has intrinsic value to business processes or workflows.
Securing ICS is more challenging than protecting traditional IT environments since ICS is insecure by design. ICS was originally conceived to be siloed from other IT systems, shared IT infrastructure and the outside world. These closed systems were considered immune from external threats, simply because they were “air gapped”.
Advances in IoT technologies and other IT centric systems made it logical to connect ICS to IT to garner numerous benefits. However, very few considered the implications of that connectivity, which cybercriminals are able to exploit. Especially the native insecurities of ICS, such as limited policies, a lack of access control provisions, weak password enforcement and infrequent patching. Perhaps the biggest threat to ICS is the fact that utility companies are such large targets – they are well known, cover large geographic areas, and their critical locations are all very public.
Consider the following attack vectors that can impact ICS.
Brute force attacks against weak passwords are something IT pros have been dealing with for years and have developed countermeasures against. However, most ICS systems lack policies around passwords, meaning that attacks may go unnoticed or unrecorded. Here, ICS operators need to learn what constitutes a brute force attack, identify the signs of such an attack, and implement controls to prevent damage. Processes that require knowledge, action, and response. Those processes must be taught.
Another attack vector is false data injection, whose primary goal is to disrupt ICS processes. In the IT world, DDoS (Distributed Denial of Service) attacks are focused on disruption. However, with ICS false data injection may take on a different characteristic, one that not only disrupts processing, but potentially damages physical equipment, or cascades to other devices. ICS operators must learn how to monitor for those types of attacks, create policies that can stem them, and remediate vulnerabilities they exploit.
Other attack vectors ICS is susceptible to include buffer overflows, command injection, PLC programming modifications, and many more. Dealing with those attacks requires knowledge of both ICS and IT, meaning that ICS operators must achieve the same level of cyber competency as their IT counterparts, while also applying their knowledge of the intricacies of ICS.
Simply put, organizations must put in place plans and policies to adequately train those that manage ICS, build realistic scenarios, and also provide a layer of anonymity for those responding to those threats.
Tomi Engdahl says:
Workers increasingly steal company data during turnover tsunami’
https://www.ft.com/content/a7a2b5c4-1653-4364-84c1-c322c5b56745
Employees are taking sensitive computer code from their own companies at three times the rate they were a year ago, according to new research into so-called insider threats, as record numbers of disgruntled workers quit their jobs with pandemic restrictions easing.
An analysis of data of 700, 000 company devices by the cyber security group Code42 found that there were about 65m attempts made by staff to exfiltrate source code from their corporate network in the three months to the end of June, up from about 20m in each of the previous three quarters.
Tomi Engdahl says:
Indra Group Attack on Iran Highlights the Threats to Global Critical Infrastructure https://blog.checkpoint.com/2021/08/14/indra-group-attack-on-iran-highlights-the-threats-to-global-critical-infrastructure/
Check Point Research (CPR) warns governments everywhere of the importance of protecting critical infrastructure, as it learns that the July 9 cyber attack on Iran’s train system was carried out by Indra, a group that identifies itself as regime opposition and has the capability to wipe out data without direct means for recovery.
Tomi Engdahl says:
Mitä valtiollinen kybervakoilu tarkoittaa Suomelle?
https://www.tivi.fi/uutiset/mita-valtiollinen-kybervakoilu-tarkoittaa-suomelle/f2a594f5-0d2e-41a5-b60e-aa5696616698
Räätälöidyn, tarkkaan kohdistetun ja ennalta-arvaamattoman kybervakoilun riski kasvaa Suomessa. Vakoilu voi olla osa tiedonkeruutoimintaa tai laajempaa, esimerkiksi tietojärjestelmiin kohdistuvaa operaatiota. [TILAAJILLE]
Puhelimessa haittaohjelma? Uskomattoman yksinkertainen kikka auttaa pitkälle https://www.is.fi/digitoday/tietoturva/art-2000008186492.html
Uudelleenkäynnistys voi kuulostaa äkkiseltään lähinnä kuluneelta nettivitsiltä, mutta siitä on usein ratkaisevaa apua haittaohjelman iskiessä. Konstiin ei pidä kuitenkaan luottaa liikaa.
Tomi Engdahl says:
An Incredibly Simple Trick Can Help Make Your Phone More Secure
https://www.forbes.com/sites/leemathews/2021/07/31/an-incredibly-simple-trick-can-help-make-your-phone-more-secure/
Our online world is rife with threats, and not everyone is an expert in cyber security. Protecting yourself from those threats doesn’t always require expertise, however. In fact there’s one ridiculously simple trick that anyone can use to keep their phone more secure.
Ready? Here it is. Turn your phone off and then turn it back on.
Yes, that’s it — and it really is an effective security measure, despite the fact that the whole “turn off and on again” thing has become a technological trope.
This incredibly simple tip was shared recently at a security briefing provided to members of the U.S. Senate. There’s a very good reason members of Congress were being advised to make a habit of regularly powering down their phones.
It’s all down to the way cyber threats have evolved in recent years.
In the past, cyber attackers were focused on achieving persistence — that is making sure that an infected device stayed infected and under the attacker’s control. As malicious hackers increasingly turned their attention to smartphones, however, they discovered that persistence wasn’t necessarily required.
Turn off, turn on: Simple step can thwart top phone hackers
https://apnews.com/article/technology-government-and-politics-hacking-752db867fafbaba1f9cc34f7588944c5
As a member of the secretive Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a briefing by security staff this year, he said he got some advice on how to help keep his cellphone secure.
Step One: Turn off phone.
Step Two: Turn it back on.
That’s it. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones.
Regularly rebooting phones won’t stop the army of cybercriminals or spy-for-hire firms that have sowed chaos and doubt about the ability to keep any information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.
“This is all about imposing cost on these malicious actors,”
Tomi Engdahl says:
Attackers use Morse code, other encryption methods in evasive phishing campaign https://www.microsoft.com/security/blog/2021/08/12/attackers-use-morse-code-other-encryption-methods-in-evasive-phishing-campaign/
Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running.
Tomi Engdahl says:
Philips study finds hospitals struggling to manage thousands of IoT devices https://www.zdnet.com/article/philips-study-finds-hospitals-struggling-to-manage-thousands-of-devices/
Working with cybersecurity company CyberMDX, researchers with Philips surveyed 130 IT healthcare decision-makers to figure out how they were managing the thousands of medical devices that populate most hospitals today.
Tomi Engdahl says:
United Nations calls for moratorium on sale of surveillance tech like NSO Group’s Pegasus https://www.theregister.com/2021/08/13/un_wants_surveillance_tech_sales_moratorium/
The United Nations has called for a moratorium on the sale of “life threatening” surveillance technology and singled out the NSO Group and Israel for criticism. Which sounds lovely but is likely impractical.
While several efforts are underway to define norms governing acceptable use of information technology in cross-border and in-country conflicts, few are binding, some major governments have not signed up, and any government can in any case use plausibly detached crime gangs to do its work for it. Throw in the fact that several nations are increasingly letting it be known their military and electronic warfare agencies have offensive capabilities and will not be afraid to use them when it is felt to be justified,. and it is clear the UN’s call may make life more difficult still for NSO Group but has little chance of stamping out the use of surveillance tech whenever a government wants to us it.
Tomi Engdahl says:
What Is Zero Trust and Why Does It Matter?
https://www.trendmicro.com/en_us/ciso/21/h/what-is-zero-trust-and-why-does-it-matter.html
As the remote workforce expanded, so did the attack surface for cybercriminalsforcing security teams to pivot their strategy to effectively protect company resources. During this time of change, the hype around Zero Trust increased, but with several different interpretations of what it was and how it helps. Eric Skinner from Trend Micro gets real about the true intent of Zero Trust and how you can use it better protect your organization.
Tomi Engdahl says:
Firewalls and middleboxes can be weaponized for gigantic DDoS attacks https://therecord.media/firewalls-and-middleboxes-can-be-weaponized-for-gigantic-ddos-attacks/
In an award-winning paper today, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet. Research paper “Weaponizing Middleboxes for TCP Reflected Amplification”:
https://www.usenix.org/system/files/sec21fall-bock.pdf
Tomi Engdahl says:
New Anti Anti-Money Laundering Services for Crooks https://krebsonsecurity.com/2021/08/new-anti-anti-money-laundering-services-for-crooks/
A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “Antinalysis, ” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.
Tomi Engdahl says:
Ransomware gangs are working with Russian intelligence services,
report says
https://www.cbsnews.com/news/ransomware-gang-russia/
Russian intelligence services worked with prominent ransomware gangs
to compromise U.S. government and government-affiliated organizations,
according to new research from cybersecurity firm Analyst1. Two
Russian intelligence bureaus – the Federal Security Service, or FSB,
and Foreign Intelligence Service, or SVR – collaborated with
individuals in “multiple cybercriminal organizations, ” security
analysts with the firm say in the report. The research indicates these
cybercriminals helped Russian intelligence develop and deploy custom
malware targeting American companies that serve U.S. military clients.
report:
https://analyst1.com/file-assets/Nationstate_ransomware_with_consecutive_endnotes.pdf
Tomi Engdahl says:
Korona kasvatti palveluyritysten digi-investointeja ja lisäsi
tietoturvauhkia, tuore tutkimus paljastaa
https://www.epressi.com/tiedotteet/talous/korona-kasvatti-palveluyritysten-digi-investointeja-ja-lisasi-tietoturvauhkia-tuore-tutkimus-paljastaa.html
Lähes kaksi kolmesta palveluyrityksestä investoi viime vuonna
vähintään yhteen digikehityskohteeseen edellisvuotta enemmän, selviää
Palvelualojen työnantajat Paltan tuoreesta Digitaloudesta kasvua
- -tutkimuksesta. Koronan myötä lisääntynyt digitaalisuus ja etätyöt
ovat tuoneet mukanaan myös uusia tietoturvauhkia. Yhteensä neljäsosa
palveluyrityksistä on kokenut huijausyrityksiä tai muiden
tietoturvauhkien yleistymistä korona-aikana. Etenkin huijausviestejä
ja -puheluita on vastaajien mukaan tullut aiempaa enemmän. Lähes
kolmannes onkin investoinut etätyön yleistymisen myötä uusiin
tietoturvaratkaisuihin, ja suurista yli 250 henkeä työllistävistä
yrityksistä jopa 80 prosenttia.
Tomi Engdahl says:
Defeating the False Sense of Cyber Safety
https://www.securityweek.com/defeating-false-sense-cyber-safety
For multiple reasons, people generally don’t take cybersecurity anywhere near as seriously as physical safety
Self-preservation is a basic human instinct. We’re intrinsically and innately focused on avoiding physical harm, and that instinct is exercised and honed from an early age. It’s almost primal, passed down through the generations in some cases. Think about all the warnings you received as a child about not talking to strangers, touching hot stoves, and playing in the street. But in the modern era, it’s virtual safety that poses some of the biggest risks. Though this primarily impacts things like financial accounts, as we’ve seen in the case of recent attacks against hospitals and critical infrastructure, cybersecurity also can impact physical safety and security.
As cybersecurity professionals, we have our work cut out for us. How do we change the paradigm and start transferring some of the same sensibilities we all have about physical safety over to cyber safety? It’s a huge challenge but one that must be addressed. Ransomware and cyber-attacks obviously aren’t going away; they’re just going to get worse.
A false sense of (online) safety
The discrepancy between real-life and online behaviors is often significant. How often do we see individuals do things like post a photo of their driver’s license on a social media site to celebrate learning to drive or share a photo announcing they are on vacation, with their home address geo-tagged? It’s so common that most people don’t even bat an eye.
Tomi Engdahl says:
How to Defend vs Go365 – The Microsoft 365 Password Spraying Tool https://www.msspalert.com/cybersecurity-breaches-and-attacks/how-to-defend-vs-go365-the-microsoft-365-password-spraying-tool/
Go365 is a password-guessing cyberattack tool used to target Microsoft
365 customers. Optiv Security recommends these Office 365 security steps.
Tomi Engdahl says:
How to Reduce Exchange Server Downtime in Case of a Disaster?
https://threatpost.com/how-to-reduce-exchange-server-downtime/168344/
Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.
Tomi Engdahl says:
What Is Cyber Command’s Role in Combating Ransomware?
https://www.lawfareblog.com/what-cyber-commands-role-combating-ransomware
The recent spate of ransomware attacks in the United States, including against critical infrastructure in the case of the Colonial Pipeline attack, raises questions about U.S. Cyber Command’s role in responding to this type of malicious behavior. The crux of the issue is how to define an appropriate mission—if any at all—for employing military authorities, capabilities and resources against ransomware gangs, which are typically criminal organizations rather than nation-state adversaries. It’s an issue that will only take on increased relevance, and one for which many key questions remain unanswered.
Commentators and experts have offered different perspectives on this issue.
Tomi Engdahl says:
Detecting Embedded Content in OOXML Documents https://www.fireeye.com/blog/threat-research/2021/08/detecting-embedded-content-in-ooxml-documents.html
On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documentsspecifically those in the Office Open XML (OOXML) file format. Additionally, we’re releasing a tool so analysts and defenders can automatically generate YARA rules using this technique.
Tomi Engdahl says:
Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon https://securityintelligence.com/posts/hunting-evidence-dll-side-loading-powershell-sysmon/
To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading on Windows systems. This post will talk about why IBM X-Force thinks the tool is needed, describe its functions and analyze some use cases.
Tomi Engdahl says:
Protecting Sensitive And Personal Information From Ransomware-caused Data Breach https://www.cisa.gov/publication/protecting-sensitive-and-personal-information
CISA has released this fact sheet to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. Fact Sheet (PDF):
https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf
Tomi Engdahl says:
Turvallisuuden työelämäprofessori varoittaa: “Ei ole olemassa viatonta dataa” Näihin kolmeen kysymykseen Suomen tulisi vastata
https://www.kauppalehti.fi/uutiset/turvallisuuden-tyoelamaprofessori-varoittaa-ei-ole-olemassa-viatonta-dataa-naihin-kolmeen-kysymykseen-suomen-tulisi-vastata/bb4b55e6-3d98-43b2-9242-081928c65953
Suomi on muun maailman ohella joutumassa yhä hektisemmin muuttuvan teknologian pyöritykseen, joka muuttaa turvallisuusympäristöä jatkuvasti. “Varautumisemme turvallisuusuhkiin perustuu hitaampaan maailmaan”, työelämäprofessori Valtteri Vuorisalo toteaa.
Tomi Engdahl says:
China orders annual security reviews for all critical information infrastructure operators https://www.theregister.com/2021/08/18/china_critical_information_infrastructure_rules/
China’s government has introduced rules for protection of critical information infrastructure. An announcement by the Cyberspace Administration of China (CAC) said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe. The announcement therefore defines infosec regulations and and responsibilities.
Tomi Engdahl says:
FBI warns of credential stuffing attacks against grocery and food delivery services https://therecord.media/fbi-warns-of-credential-stuffing-attacks-against-grocery-and-food-delivery-services/
The FBI says that hackers are using credential stuffing attacks to hijack online accounts at grocery stores, restaurants, and food delivery services in order to drain user funds through fraudulent orders and to steal personal or financial data.
Tomi Engdahl says:
Ransomware recovery can be costly, and not just because of the ransom
https://techcrunch.com/2021/08/18/ransomware-recovery-can-be-costly-and-not-just-because-of-the-ransom/?tpcc=ECFB2021
Ransomware is rarely out of the headlines. Just last week, IT consulting giant Accenture was hit by the LockBit ransomware gang, days after Taiwan-based laptop maker Gigabyte also fell victim to an apparent ransomware attack, leading the hackers to leak gigabytes of confidential AMD and Intel data.
Unsurprisingly, ransomware — which has rocketed in activity during the pandemic — remains among the most costly to businesses, with large U.S companies losing an average of $5.66 million each year to ransomware. But new findings show that is not for the reason you might think.
While we often hear of multimillion-dollar ransom payments made by hackers, research from Proofpoint and the Ponemon Institute found that ransom payments typically account for less than 20% of the total cost of a ransomware attack. Of that $5.66 million figure each year, just $790,000 accounts for ransom payments. Rather, the research shows businesses suffer the majority of their losses through lost productivity and the time-consuming task of containing and cleaning up after a ransomware attack.
Proofpoint says that the remediation process for an average-sized organization takes on average 32,258 hours, which when multiplied by the average $63.50 IT hourly wage totals more than $2 million. Downtime and lost productivity is another costly consequence of ransomware attacks; the research shows that phishing attacks, for example, which were determined as the root cause of almost one-fifth of ransomware attacks last year, have led to employee productivity losses of $3.2 million in 2021, up from $1.8 million in 2015.
Tomi Engdahl says:
New ‘Allstar’ App Enforces Security Best Practices for GitHub Projects
https://www.securityweek.com/new-allstar-app-enforces-security-best-practices-github-projects
The Open Source Security Foundation (OpenSSF) on Wednesday announced the availability of a new GitHub app that can be used to automatically and continuously enforce security best practices for GitHub projects.
The new application, named Allstar, was developed by Google and released through OpenSSF, of which the tech giant is a founding member. Allstar is a companion to Security Scorecards, an automated risk assessment tool for repositories and their dependencies that was also contributed by Google.
Allstar GitHub appAllstart continuously checks GitHub API states and file contents against defined security policies. If they don’t match, the application applies user-defined enforcement actions.
https://github.com/ossf/allstar
Tomi Engdahl says:
https://pentestmag.com/pentest-scapy-cheat-sheet/
https://pentestmag.com/download/pentest-splunk-and-cybersecurity/
Tomi Engdahl says:
Hacktivism: Social Justice by Data Leaks and Defacements
https://sudosecurity.org/blog/hacktivism-social-justice-through-data-leaks-and-defacements/
Tomi Engdahl says:
China pushes through data protection law that applies cross-border https://www.zdnet.com/article/china-pushes-through-data-protection-law-that-applies-cross-border/
China has pushed through a new personal data protection law that details regulations around collection, use, and storage. It includes data processing by companies based outside of China and encompasses requirements for organisations, including multinational cooperations, operating China to appoint someone responsible for its compliance. If a business refused to correct the violation, it could be fined up to
1 million yuan ($150, 000). Employees directly responsible and overseeing the data violation also might be slapped with a fine of 10, 000 yuan ($1, 500) to 100, 000 yuan ($15, 000). In more serious violations, financial penalties could go up to 50 million yuan ($7.5
million) or 5% of annual revenue in the company’s previous fiscal year.
Tomi Engdahl says:
https://www.securityweek.com/china-passes-tough-new-online-privacy-law
Tomi Engdahl says:
CISA Issues Guidance on Protecting Data From Ransomware
https://www.securityweek.com/cisa-issues-guidance-protecting-data-ransomware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published a new document providing recommendations on how to prevent data compromise during ransomware attacks.
Recent high-profile incidents involving ransomware have resulted in sensitive and personal information being stolen by the attackers, in addition to encrypting data on compromised machines and causing major service disruptions.
In fact, adversaries typically lurk for a long time in the compromised networks to identify and exfiltrate data of interest, and only then deploy ransomware to encrypt the victim’s machines. Thus, they increase the impact of the attack, as they can blackmail the victim into paying a ransom, threatening to make the stolen information public.
In a newly published fact sheet aimed at both government and private sector organizations, CISA provides information on how to prevent and respond to ransomware-caused data breaches.
“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems,” CISA notes in the document.
https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf
Tomi Engdahl says:
Will DDOS Attack Break the Servers…?
https://pentestmag.com/will-ddos-attack-break-the-servers/
#pentest #magazine #pentestmag #pentestblog #PTblog #DDoS #attack #hacking #cybersecurity
Tomi Engdahl says:
Do Open-Source Supply Chains Leave Security Gaps in Your Organization?
https://www.infosecurity-magazine.com/opinions/open-source-supply-chainssecurity/
There has been a 430% year-on-year increase in attacks targeting open source components to infect software supply chains in the last year.
Infiltrating open source libraries can also be a more covert approach than directly attacking organizations if it’s already part of a trusted supply chain, its malicious activity will be detected.
Organizations need to ensure that developers are armed with the automation and clear processes required to incorporate security and vulnerability checks in new software; repositories also need to shoulder the burden and review the submitted code.
Tomi Engdahl says:
Cyber Warfare May be Losing Its Advantage of Deniability
https://www.securityweek.com/cyber-warfare-may-be-losing-its-advantage-deniability
Only time will tell if countries eventually establish proper cyber rules of engagement and punish those who break them
Cyberspace has been added to the fighting doctrine of almost all militaries today and for good reasons. One of the greatest advantages of attacking an enemy state through cyberspace is plausible deniability. Even if in the post-mortem of an attack the researchers are able to attribute it to a specific attacker, the attacker can always deny it, an option that doesn’t exist in clashes that take place in the “real world”. This provides a massive operational leeway to military operations in cyberspace, enabling governments to take actions without risking an all-out war. The low risk of offensive cyber operations translates to decision makers being much more trigger-happy when it comes to approving them. However, the attitude towards nation-state attacks seems to be changing, especially considering that attacks carried out in cyberspace can have kinetic implications in the real world.
Retaliation to cyber attacks is not exclusive to Israel and Iran. During the Brussels Summit in June this year, the Heads of State and Government participating in the summit have issued a statement claiming that going forward NATO will consider treating cyber attacks against its members and its allies the same as it will physical attacks. This means that an attack against one member will be considered an attack on all alliance members. Furthermore, the issue insinuates that a military response is not off the table. NATO considers a wide variety of incidents as cyber attacks that may deem a response, including interfering in elections and other democratic processes, disinformation campaigns, as well as turning a bling eye to cyber criminals operating from a certain country’s territory (suggesting this statement was directed at Russia). While claims of retaliation to cyber attacks have been made in the past by others and did not eventually amount to any concrete action being taken, it does help shape public perception and indicate where the wind is blowing.
Cyber attacks have real world consequences and major impact to civilians’ lives. The Colonial pipeline attack serves as a real-world example of that. In Israel’s case, based on the reports, if the attacks on the water infrastructure would have been successful, it may have resulted in Chlorine contamination of the water and an ensued tragedy. We can no longer separate cyberspace and the real world and it seems that more policy makers indeed no longer see them as separate. Retaliation to cyber attacks may add a real cost to what is now low-risk military operations and could eventually remove the finger from the trigger when approving them. That said, it is becoming crucial that any retaliation is directed at the real attacker, which has always been tricky in this space, as well as make sure that civilians on the other side are not to be punished for the decisions of their government. Ever since nation states have entered the game, cyber has become a vastly more complicated subject both technically and at times morally. Only time will tell if countries eventually establish proper rules of engagement and punish those who break them.
view counter
Tomi Engdahl says:
Tales of Dealing with Ransomware Attacks
https://sudosecurity.org/blog/tales-of-dealing-with-ransomware-attacks/
The backups, applications, and configurations – including all of the technology that is needed for the business to run – all need to be safe from malware and ransomware. You must remember that the backups also need to be well tested.
Tomi Engdahl says:
The companies included Microsoft, Intel and Cisco; the list of federal agencies so far includes the Treasury, Justice and Energy departments and the Pentagon. The hackers also found their way, rather embarrassingly, into the Cybersecurity and Infrastructure Security Agency, or CISA — the office at the Department of Homeland Security whose job it is to protect federal computer networks from cyberattacks.”
A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack
https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack
Tomi Engdahl says:
Threat Modeling: The Key to Dealing With 5G Security Challenges https://securityintelligence.com/articles/threat-modeling-5g-security-challenges/
With 5G reshaping the smartphone market, 5G security needs to keep up.
Almost one in three smartphones sold in the first quarter of 2021 can connect to a 5G network. Threat modeling is critical in the age of 5G because it’s essential in any telecommunications revolution. If 5G is going to catch on, security teams need to prevent malicious actors from misusing it. It also means that operators need to address the privacy concerns of 5G from the start. These efforts require a proactive approach that only threat modeling can provide.That’s just one year after the world’s first commercial 5G network emerged in South Korea. Such growth helped annual shipment numbers of 5G-enabled smartphones exceed 200 million units in just one year.
Tomi Engdahl says:
Tutkimus: pandemia laski kuluttajien kynnystä jakaa tietojaan yritysten kanssa https://www.epressi.com/tiedotteet/teknologia/tutkimus-pandemia-laski-kuluttajien-kynnysta-jakaa-tietojaan-yritysten-kanssa.html
Maailman johtavan analytiikkayritys SAS Instituten teettämästä kyselystä käy ilmi, että kuluttajat EMEA-alueella ovat yhä aiempaa halukkaampia antamaan henkilökohtaisia tietojaan yrityksille. Noin kolmannes asiakkaasta kertoi, että jakaa henkilökohtaista dataa yritysten kanssa todennäköisemmin nyt kuin ennen pandemiaa. Kuluttajat ovat yhä valmiimpia jakamaan henkilökohtaista dataansa yritysten kanssa. Kolmannes kuluttajista (32 %) antaa nyt aiempaa todennäköisemmin omaa dataansa organisaatioiden käyttöön. Kuluttajien tietoisuus petoksista on lisääntynyt merkittävästi pandemian aikana.
60 % kaikista kuluttajista kertoo olevansa aiempaa varovaisia tai kokeneensa huijauksen. 19 % vastaajista on huomannut, että huijausviestien määrä on lisääntynyt.
Tomi Engdahl says:
ALTDOS hacking group wreaks havoc across Southeast Asia https://therecord.media/altdos-hacking-group-wreaks-havoc-across-southeast-asia/
For the past eight months, a cybercrime group calling itself ALTDOS has been wreaking havoc across Southeast Asia, hacking companies left and right, in order to pilfer their data and ransom it back or sell it on underground forums. First spotted in December 2020, the group has been linked to intrusions at companies in Bangladesh, Singapore, and Thailand. Among the group’s targets are companies like OrangeTee, 3BB, Audio House, Vhive, CGSEC, and others. According to a series of government cybersecurity alerts and reporting done by DataBreaches.net, which has had extensive direct contact and conversations with the group, ALTDOS’ modus operandi can only be described as chaotic. In some past instances, the group has been seen deploying ransomware to encrypt a victim’s data, while in others, they only resorted to stealing sensitive information. Additionally, in some cases, the group engaged with victims and demanded ransom payments, while in others, the group did not bother and simply auctioned or released the victim’s data for free online.
Tomi Engdahl says:
Madhumita Murgia / Financial Times:
UK ICO’s Age Appropriate Design Code, aimed at protecting data and limiting ads for kids, comes into effect next Thursday, with large fines for non-compliance
UK targets social media and gaming with new Children’s Code
Legislation aims to stop companies targeting children with ads and nudging them to stay online
https://www.ft.com/content/705e0468-bfcf-4f5d-b777-c25785d950cb
The UK will target social media companies, video streaming and gaming platforms as a sweeping set of new regulations to protect children’s data online comes into force on Thursday next week.
The rules proposed by the UK regulator, the Information Commissioner’s Office, seek to limit companies from tracking the location of children, personalising content or advertising for them, and serving up behavioural nudges, such as automatically playing videos.
“We have identified that currently, some of the biggest risks come from social-media platforms, video and music streaming sites and video gaming platforms,” said Stephen Bonner, the ICO’s executive director of regulatory futures. “This may include inappropriate adverts; unsolicited messages and friend requests; and privacy-eroding nudges urging children to stay online.”
Tomi Engdahl says:
Cybersecurity VC funding surges to a record $11.5B in 2021
https://techcrunch.com/2021/08/25/cybersecurity-vc-funding-surges-to-a-record-11-5b-in-2021/?tpcc=ECFB2021
The pandemic completely upended the threat landscape as we know it. Ransomware accounted for an estimated 2.9 million attacks so far in 2021, and supply-chain attacks that targeted Kaseya and SolarWinds have increased fourfold over 2020, according to the European Union’s cybersecurity agency, ENISA, which recently warned that the more traditional cybersecurity protections are no longer effective in defending against these types of attacks.
This has created an unprecedented need for emerging technologies, attracting both organizations and investors to look closer at newer cybersecurity technologies.