Cyber security trends for 2021

Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.

2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.

Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”

In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.

DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.

One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.

Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.

Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.

The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)

Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.

Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.

A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.

Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.

Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.

Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.

7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.

IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.

2,204 Comments

  1. Tomi Engdahl says:

    Let us talk about ssh server and client auditing tools that anyone can use to the hardened standard SSH server and client configuration for security issues on your #Linux, FreeBSD, macOS and #Unix boxes https://www.cyberciti.biz/tips/how-to-audit-ssh-server-and-client-config-on-linux-unix.html

    Reply
  2. Tomi Engdahl says:

    Lauren Feiner / CNBC:
    After White House meeting, Google will spend $10B over five years and train 100K IT and data workers, Apple pledges supply chain security improvements, and more — – The White House hosted a cybersecurity summit with CEOs in sectors ranging from tech to insurance.

    Google, Microsoft plan to spend billions on cybersecurity after meeting with Biden
    Published Wed, Aug 25 20215:49 PM EDTUpdated Wed, Aug 25 20216:38 PM EDT
    https://www.cnbc.com/2021/08/25/google-microsoft-plan-to-spend-billions-on-cybersecurity-after-meeting-with-biden.html

    The White House hosted a cybersecurity summit Wednesday with CEOs in sectors ranging from tech to insurance.
    The meeting follows a wave of cyberattacks that have brought added urgency to security issues.
    Big Tech companies including Google and Microsoft committed to spending billions on cybersecurity following the meeting.

    Business leaders in sectors ranging from tech to insurance committed billions of dollars to beefing up cybersecurity efforts at a White House meeting with President Joe Biden on Wednesday.

    The meeting comes in the wake of several high-profile cyberattacks, including on government software contractor SolarWinds and oil pipeline Colonial Pipeline, that have brought added urgency to such security issues.

    Reply
  3. Tomi Engdahl says:

    Todd Bishop / GeekWire:
    Microsoft says it will quadruple cybersecurity spending to $20B over five years, spend $150M to help federal, state, and local governments improve security — [Updated below with Microsoft confirmation and related announcements from Amazon, Google, and Code.org.]

    Microsoft to quadruple cybersecurity investments, spending $20B over five years
    https://www.geekwire.com/2021/report-microsoft-quadruple-cybersecurity-investments-spending-20b-five-years/

    Microsoft reportedly plans to quadruple its cybersecurity spending to $20 billion over a five-year period, according to a report out of a White House meeting this afternoon between President Joe Biden and U.S. corporate leaders including the CEOs of the nation’s largest tech companies.

    Reuters reported that Microsoft will also “make available $150 million in technical services to help federal, state and local governments to help keep their security systems up to date.”

    Security technology is also a growing business for the Redmond company, generating more than $10 billion in annual revenue, according to past Microsoft statements.

    “The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said in his opening remarks to the group. “I’ve invited you all here today because you have the power and the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”

    Reply
  4. Tomi Engdahl says:

    equalocean.com, Patently Apple, Windows Central, and TechRepublic
    Russell Brandom / The Verge:
    GAO: 19 of 24 US government agencies surveyed use facial recognition in some capacity; DoD and DHS both have in-house systems, while 4 had used Clearview AI — A new GAO report finds 19 agencies are using some form of the technology — A new report from the Government Accountability Office …
    https://www.theverge.com/2021/8/25/22641216/facial-recognition-gao-report-agency-dhs-cbp-fbi?scrolla=5eb6d68b7fedc32c19ef33b4

    Reply
  5. Tomi Engdahl says:

    DEF CON 29 – Bill Graydon – Defeating Physical Intrusion Detection Alarm Wires
    https://www.youtube.com/watch?v=Liz9R_QxSgk

    Alarm systems are ubiquitous – no longer the realm of banks and vaults only, many people now have them in their homes or workplaces. But how do they work? And the logical follow-up question – how can they be hacked?

    This talk focuses on the communication lines in physical intrusion detection systems: how they are secured, and what vulnerabilities exist. We’ll discuss the logic implemented in the controllers and protections on the communication lines including end of line resistors – and all the ways that this aspect of the system can be exploited.

    In particular, we’ll release schematics for a tool we’ve developed that will enable measuring end-of-line resistor systems covertly, determining the necessary re-wiring to defeat the sensors, and deploy it without setting off the alarm.

    Reply
  6. Tomi Engdahl says:

    Military cyber operators will soon have a new tool to deliver virtual fires
    https://feedproxy.google.com/~r/fifth-domain/home/~3/TouJGP9Fiso/

    The services plan to sunset their separate firing platforms to more tightly link their efforts in cyberspace under one, common tool.

    By fiscal 2024, service cyber components under U.S. Cyber Command will migrate to the Joint Common Access Platform, which will provide the infrastructure for those offensive missions. The service cyber units will move to the firing platform from separate tools they operate now, more tightly linking their efforts in cyberspace, one of the domains the military is trying to protect as a joint force.

    Cyber Command plans bigger budget for mission planning tool
    https://www.c4isrnet.com/cyber/2021/06/04/cyber-command-plans-bigger-budget-for-mission-planning-tool/

    Reply
  7. Tomi Engdahl says:

    AV-Test compares 19 Antivirus Tools: Windows Defender Reaches Maximum Detection Score
    https://blog.knowbe4.com/av-test-compares-19-antivirus-tools-windows-defender-reaches-maximum-detection-score

    The German AV-Test lab compared 19 antivirus products, including the free Windows Defender which comes with the Win10 OS. Defender reached the max detection score, which was better than a slew of commercial products. As we all know, AV home and commercial products use the same engines but enterprise tools come with a management layer.

    The upshot of this test: Ultimately, 3 packages score the maximum 18 points: F-Secure, McAfee, and Symantec. Windows Defender gets 17, and does better than 8 other commercial packages.

    Reply
  8. Tomi Engdahl says:

    Hackers Are Offering $1M to Employees Who Install Ransomware on Company Computers
    No one seems to have taken the offer, so far.
    https://interestingengineering.com/threat-actors-offer-1m-to-employees-for-deploying-ransomware

    Reply
  9. Tomi Engdahl says:

    Google: Here’s how our $10bn investment will boost US cybersecurity https://www.zdnet.com/article/software-supply-chain-security-google-touts-its-10bn-investment-and-zero-trust-work/
    Google has outlined its efforts to shape the US government’s zero-trust initiative, based on Biden’s May Executive Order on cybersecurity. Google’s $10 billion commitment to beefing up critical US infrastructure includes expanding zero-trust programs, helping to secure software supply chains, and enhancing open-source security. Its contributions will see the company leverage initiatives that have been underway at Google for many years, spanning open-source fuzzing tools to funding Linux kernel developers to work on security, and pushing for the use of memory-safe languages in Linux.

    Reply
  10. Tomi Engdahl says:

    Yritykset maksavat lunnaita kiristysohjelmien levittäjille Se on kypsää liiketoimintaa se homma
    https://www.kauppalehti.fi/uutiset/yritykset-maksavat-lunnaita-kiristysohjelmien-levittajille-se-on-kypsaa-liiketoimintaa-se-homma/40805c8c-168d-4813-9c19-3578e8da6494
    Kun Yhdysvaltain suurin puhdistettujen öljytuotteiden putkijärjestelmä Colonial Pipeline joutui toukokuussa kiristyshaittaohjelman uhriksi, yritys päätti maksaa. Laskutusjärjestelmä oli jumissa, eikä bensaa kannattanut toimittaa ilmaiseksi Texasista New Yorkiin. Kannattaako joskus siis maksaa kiristäjille? Kysymys saa Viria Securityn kyberturvallisuudesta vastaavan johtajan Benjamin Särkän huokaamaan.

    Reply
  11. Tomi Engdahl says:

    DOJ launches program to train prosecutors in cybersecurity topics https://therecord.media/doj-launches-program-to-train-prosecutors-in-cybersecurity-topics/
    The US Department of Justice announced a new fellowship program today designed to train a new generation of prosecutors and attorneys on cybersecurity issues, in order to better tackle national security threats and cybercrime. Named the Cyber Fellowship, the new program is one of the outcomes of a 120-day review of cybersecurity challenged the DOJ began in May this year following a series of major cyber-attacks against the US (i.e., Colonial Pipeline incident, Nobelium/Exchange zero-day attacks, SolarWinds supply-chain attack).

    Reply
  12. Tomi Engdahl says:

    72-vuotias Maija menetti eläke­säästönsä Microsoft-huijari vei 23500 euroa https://www.is.fi/digitoday/tietoturva/art-2000008222024.html
    15000 euroa pankkitililtä ja 8500 euroa luottokortilla. Tämän eläkesäästöjen menetyksen kanssa joutuu nyt elämään Varsinais-Suomessa asuva Maija, 72 (nimi muutettu). Kaikki alkoi 4. elokuuta, kun Maijalla oli ongelmia uuden kannettavan tietokoneen kanssa.
    Huono-onnisen sattuman kautta huijari soitti juuri tällä hetkellä ja esittäytyi Microsoftin edustajaksi.

    6 Things You Need to Do to Prevent Getting Hacked https://www.wired.com/story/how-to-prevent-getting-hacked/
    THERE ARE TWO big reasons why people get hacked. Flaws in software and flaws in human behavior. While theres not much you can do about coding vulnerabilities, you can change your own behavior and bad habits. Just ask former US president Donald Trump, whose Twitter password was maga2020! Or Boris Johnson, who revealed details of sensitive Zoom calls at the start of the pandemic in 2020. (These world leaders will have had specific security training from protection agencies too.).
    The risks are just as real for the average personeven if the stakes arent quite so high. If your accounts arent properly protected, your credit card could be compromised or your private messages and photographs stolen and shared for all to see.

    Reply
  13. Tomi Engdahl says:

    GitHub Copilot Security Study: ‘Developers Should Remain Awake’ in View of 40% Bad Code Rate https://visualstudiomagazine.com/articles/2021/08/26/github-copilot-security.aspx
    Researchers published a scholarly paper looking into security implications of GitHub Copilot, an advanced AI system now being used for code completion in Visual Studio Code and possibly headed for Visual Studio after its current preview period ends. In multiple scenario testing, some 40 percent of tested projects were found to include security vulnerabilities.

    Reply
  14. Tomi Engdahl says:

    Winning the Cyber-Defense Race: Understand the Finish Line https://threatpost.com/winning-cyber-defense-race/168996/
    Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: Its not achieving visibility. If you ask organizations about their top objectives, you will likely hear they need to increase visibility, reduce toolsets and adopt automation to counteract the cybersecurity skills gap. And what most dont realize is that these initiatives are driven by hurdles the industry has created for itself. Countless hours are spent trying to overcome hurdles in a process that doesnt get us any closer to thwarting threat actors. Consolidating tools, for example, is just a preservation tactic therein lies the problem. So, how can security professionals stop using Band-Aids and reevaluate whats really going on and how to defend against threats?

    Reply
  15. Tomi Engdahl says:

    Experts Warn of Dangers From Breach of Voter System Software
    https://www.securityweek.com/experts-warn-dangers-breach-voter-system-software

    Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections.

    Copies of the Dominion Voting Systems software used to manage elections — from designing ballots to configuring voting machines and tallying results — were distributed at an event this month in South Dakota organized by MyPillow CEO Mike Lindell, an ally of former President Donald Trump who has made unsubstantiated claims about last year’s election.

    Reply
  16. Tomi Engdahl says:

    In a Hybrid Workplace, Men Are More Likely to Engage in Risky Behavior Than Women: Study
    https://www.securityweek.com/hybrid-workplace-men-are-more-likely-engage-risky-behavior-women-study

    The likelihood of a complete return to the office post-pandemic is low; the probability of an ongoing hybrid home/office work environment is much higher. Security teams will need to continue and possibly expand their plans to secure remote personal devices operating in a hostile environment perhaps indefinitely.

    Much of this security can be achieved by policy and product – but user behavior can undermine policy; and user behavior in the home environment is an unknown quantity. SecurityAdvisor, a firm that delivers personalized and continuous awareness training, seeks to better understand human behavior at home in a new study (PDF) titled, Top Riskiest Behaviors and Employees in a Hybrid Workplace.

    The firm analyzed more than 500,000 malicious emails and more than 500,000 visits to dangerous websites from staff ranging from entry-level to executive in more than 20 countries. The top five ‘risky behaviors’ are: failing authentication; clicking on phishing emails; installing adware; using P2P software and private VPNs; and streaming pirated content.

    Failing authentication may not seem a huge security problem since it demonstrates that access controls are working. However, the volume puts an unnecessary strain on the security team – repeated failure in MFA authentication makes it difficult to distinguish between human error and malicious activity. Fifty percent of home workers fail MFA at least once per month.

    Falling for phishing is the most obvious threat to home workers – and the statistics are disturbing. While 99% of spam and phishing emails are caught by filters, 1% still reach in-boxes – leading to an average of 5 phishing emails received by every employee every month. About 8% of these are clicked on. “In a 5,000-employee organization,” says the report, “this equates to 20 phishing emails opened and clicked each month.”

    Reply
  17. Tomi Engdahl says:

    Amazon to Offer Free Cybersecurity Training Materials, MFA Devices
    https://www.securityweek.com/amazon-offer-free-cybersecurity-training-materials-mfa-devices

    Amazon announced this week that it will soon offer cybersecurity training materials and multi-factor authentication (MFA) devices for free.

    The training materials, which focus on security awareness and particularly the threat posed by social engineering, will be offered for free to both individuals and organizations starting in October. The training courses include online assessments and videos, and Amazon says organizations can build on them to create their own materials that better suit their needs.

    Amazon offering free cybersecurity materials and devices“Amazon has designed a digestible and succinct curriculum, used with its employees, to anticipate and educate about possible security threats,” Amazon said, adding that, “The materials leverage proven neuroscience and adult learning principles to enhance content retention and are regularly updated as digital attack techniques evolve.”

    As for the MFA devices, they will be offered for free to “qualified AWS account holders,” also starting in October.

    Reply
  18. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/12487-tuhoisat-verkkohyokkaykset-lisaantyneet-nopeasti

    VMware on julkaissut seitsemännen vuosittaisen Global Incident Response Threat -raporttinsa. Siinä analysoidaan, kuinka hyökkääjät manipuloivat todellisuutta muuttaakseen nykyistä uhkaympäristöä. Raportin mukaan tuhoisat hyökkäykset ovat lisääntyneet valtavasti.

    Hyökkääjät käyttävät aiempaa kehittyneempiä tekniikoita entistä kohdennetummissa ja monimutkaisemmissa hyökkäyksissä, jotka vääristävät digitaalista todellisuutta. Digitaalista todellisuutta voi muokata esimerkiksi vahingoittamalla yrityksen viestintäkanavia tai manipuloimalla aikaleimoja.

    Rikollisilta puolustautuvilla on vaikeuksia torjua näitä monimutkaisia hyökkäyksiä ja varmistaa riittävä näkyvyys uusiin IT-ympäristöihin, kuten pilveen, Kubernetes-konttiteknologiaan ja yritysten viestintäsovelluksiin, jonne useimmat perinteiset työvälineet eivät sellaisenaan sovellu.

    Raportin mukaan tietoturva-asiantuntijat kärsivät työn kasvavien vaatimusten paineesta ja jopa mielenterveysongelmista. Vastaajista 51 prosenttia kertoi kokeneensa äärimmäistä stressiä tai loppuunpalamisen viimeksi kuluneen vuoden aikana.

    Reply
  19. Tomi Engdahl says:

    Kevin Breuninger / CNBC:
    The House select committee investigating the January 6 riot demands records from Facebook, Twitter, Google, Reddit, TikTok, and other tech companies

    Congressional panel investigating Jan. 6 insurrection demands records from Facebook, Twitter, other tech firms
    https://www.cnbc.com/2021/08/27/congressional-committee-investigating-jan-6-insurrection-demands-records-from-facebook-twitter-and-other-tech-giants.html

    The House select committee investigating the deadly invasion of the Capitol on Jan. 6 said it is demanding a trove of records from 15 social media companies, including numerous pro-Trump platforms.
    Those companies are: 4chan, 8kun, Facebook, Gab, Google and its subsidiary Youtube, Parler, Reddit, Snapchat, Telegram, theDonald.win, Tik-Tok, Twitch, Twitter and Zello.
    Trump is currently suing Twitter, Facebook and Google — and their respective CEOs Jack Dorsey, Mark Zuckerberg and Sundar Pichai — asking courts to let him back on their platforms.

    The requests for records stretching back to the spring of 2020 are related to “the spread of misinformation, efforts to overturn the 2020 election or prevent the certification of the results, domestic violent extremism, and foreign influence in the 2020 election,” the committee said in a press release.

    The select committee is also looking into policy changes that the social media companies adopted “or failed to adopt” regarding the spread of violent extremism, misinformation and foreign malign influence. That includes “decisions on banning material from platforms and contacts with law enforcement and other government entities,” the press release said.

    Select Committee Demands Records Related to January 6th Attack from Social Media Companies
    https://january6th.house.gov/news/press-releases/select-committee-demands-records-related-january-6th-attack-social-media-0

    Aug 27, 2021

    Bolton, MS—Today, Chairman Bennie G. Thompson announced that the Select Committee is demanding records related to the January 6th violent attack on the U.S. Capitol from 15 social media companies. In letters to the companies, Chairman Thompson seeks information including records related to the spread of misinformation, efforts to overturn the 2020 election or prevent the certification of the results, domestic violent extremism, and foreign influence in the 2020 election. Chairman Thompson set a two-week deadline for the companies to produce records.

    This expansion of the Select Committee’s probe comes on the heels of Wednesday’s demands for records from eight Executive Branch agencies. It also follows the July 27 hearing at which four police officers testified about their experiences on January 6th defending the U.S. Capitol in the face of a violent mob aiming to derail the peaceful transfer of power. The officers’ call to action underscored the importance of the Select Committee’s mandate to uncover the facts about January 6th and its causes and to help ensure such an attack on American democracy cannot happen again.

    “The Select Committee to Investigate the January 6th Attack on the United States Capitol is examining the facts, circumstances, and causes of the attack and relating to the peaceful transfer of power, in order to identify and evaluate lessons learned and to recommend corrective laws, policies, procedures, rules, or regulations,” wrote Chairman Thompson.

    Reply
  20. Tomi Engdahl says:

    CISA Adds Single-Factor Authentication to list of Bad Practices https://us-cert.cisa.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices
    Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factorsuch as a passwordto a username to gain access to a system.

    Reply
  21. Tomi Engdahl says:

    Kansalaisia huijataan jälleen viran­omainen varoittaa porno­kiristyksestä https://www.is.fi/digitoday/tietoturva/art-2000008228312.html
    SUOMALAISIA jo vuosien ajan häirinnyt pornokiristys ei ota helpottaakseen. Traficomin alainen Kyberturvallisuuskeskus päivitti artikkeliaan aiheesta maanantaina ja korosti, että näitä aikuisviihdeteemaisia kiristysviestejä on edelleen runsaasti liikkeellä. Viesteissä huijari väittää kuvanneensa viestin vastaanottajaa salaa tämän vieraillessa aikuisviihdesivuilla käyttämällä laitteelle asennettua haittaohjelmaa. Kuitenkaan mitään ei ole kuvattu, eikä haittaohjelmaa ole. Huijarille ei pidä maksaa mitään, ja viestit voi yksinkertaisesti poistaa.

    Reply
  22. Tomi Engdahl says:

    House defense policy bill okays $10.4 billion for DoD cybersecurity https://therecord.media/house-defense-policy-bill-okays-10-4-billion-for-dod-cybersecurity/
    The House version of the annual defense policy bill backs the Biden administrations proposed $10.4 billion cybersecurity budget for the Defense Department next year, according to an aide for the panels Democratic majority. We support the Presidents budget request, the aide said, adding that the annual National Defense Authorization Act provides additional investment for the protection of the Pentagons information systems. A summary of the bill shows an additional $50 million for such work.

    Reply
  23. Tomi Engdahl says:

    10 Reasons to Trust Your Enterprise APIs https://blogs.cisco.com/security/10-reasons-to-trust-your-enterprise-apis
    Recently one of the big-three consumer credit bureaus fixed an issue that allowed an ordinary user to obtain the credit score of tens of millions of Americans just by providing their name and mailing address. The connective tissue making this data exposure possible was an Application Programming Interface or API. An API enables two pieces of software to communicate with each other. Just think about the different ways you interface with software. You might open a web interface to access email or launch your favorite social media app to connect with friends. Each of these workflows is more than likely using an API and has a distinct interface or way in which you achieve a particular task.

    Reply
  24. Tomi Engdahl says:

    How Apple plans to monitor users
    https://www.kaspersky.com/blog/what-is-apple-csam-detection/41502/
    In early August 2021, Apple unveiled its new system for identifying photos containing images of child abuse. Although Apples motives combating the dissemination of child pornography seem indisputably well-intentioned, the announcement immediately came under fire. Apple has long cultivated an image of itself as a device maker that cares about user privacy. New features anticipated for iOS 15 and iPadOS 15 have already dealt a serious blow to that reputation, but the company is not backing down. Heres what happened and how it will affect average users of iPhones and iPads.

    Reply
  25. Tomi Engdahl says:

    U.S. Justice Department Introduces Cyber Fellowship Program
    https://www.securityweek.com/us-justice-department-introduces-cyber-fellowship-program

    The United States Department of Justice on Friday officially announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity-related cases.

    The program will train selected attorneys on emerging national security and criminal cyber threats and how to fight them. The trainees will be rotating department components focused on cyber defense, such as the Criminal Division, the U.S. Attorneys’ Offices, and the National Security Division.

    Participants will investigate and prosecute cybersecurity-related cases such as state-sponsored threats, international crime gangs, infrastructure and ransomware incidents, and the financing of cybercrime through cryptocurrency and money laundering.

    Reply
  26. Tomi Engdahl says:

    Huawein Mika Lauhde: Zoom-kokouksiin hyökätään etätyöaikana
    https://etn.fi/index.php/13-news/12493-huawein-mika-lauhde-zoom-kokouksiin-hyokataan-etatyoaikana

    Koronapandemia hellittää vihdoin otettaan eri puolilla maailmaa, mutta kulunut puolitoista vuotta on ollut vaikeaa aikaa organisaatioiden tietoturvasta vastaaville. Esimerkiksi Zoom-kokouksiin hyökkäämisestä on tullut yleistä, sanoo Huawein suomalainen tietoturvapomo Mika Lauhde.

    Lauhde julkisti näkemyksiään Huawein sivuilla julkistetussa haastattelussa. Siinä Lauhde näki, että koronapandemia sai maat keskittymään sisäisiin ongelmiin. – Tämän takia maailmanlaajuiseen yhteistyöhön kyberturvallisuutta vastaan ei kiinnitetty asianmukaista huomiota. Tämä globaalin yhteistyön puute on vaikuttanut kyberturvallisuusympäristöön.

    Toisaalta Lauhde muistuttaa, että tietoverkkorikollisista on tullut erittäin kehittyneitä ja järjestäytyneitä. Ne hyödyntävät rajat ylittäviä verkkoja haavoittuvuuksien hyödyntämiseksi ympäri maailmaa. Myös etätyön lisääntyminen toi uusia haasteita kyberturvallisuuden näkökulmasta.

    - Työlaitteita ei enää käytetä organisaation suojatulla kehällä. Laitteet, jotka liittyivät yritysverkkoihin suojaamattomien yhteyksien kautta, johtivat haavoittuvuuksiin, joita haitalliset toimijat voivat helposti hyödyntää. Lisäksi IoT:tä ja verkkokameroita hyödynnettiin, ja virtuaalisen konferenssin hakkerointi eli ns. Zoom-pommitus nousi uutisiin.

    Reply
  27. Tomi Engdahl says:

    Calls for a Covid-19 probe plunged Australia into a hacking nightmare
    https://www.straitstimes.com/asia/australianz/calls-for-a-covid-19-probe-plunged-australia-into-a-hacking-nightmare?&utm_source=facebook&utm_medium=social-media&utm_campaign=addtoany

    A few days after Prime Minister Scott Morrison called for an independent international probe into the origins of the coronavirus, Chinese bots swarmed on to Australian government networks.

    It was April 2020. The bots ran hundreds of thousands of scans, apparently looking for vulnerabilities that could later be exploited. It was a massive and noisy attack with little effort made to hide the bots’ presence, said Robert Potter, chief executive officer of Internet 2.0, an Australian cybersecurity firm that works extensively with the federal government.

    “It was just a door knock, like someone walking up and ringing your doorbell,” he said. The previously unreported network scans were followed by months of active hacks that would reverberate across the Australian economy.

    While Beijing denied any involvement, cybersecurity experts traced much of the activity to systems used by China-based advanced persistent threat groups or APTs, a term often used to describe state-sponsored hackers.

    “China’s cyber reach is detectable on almost every government server,”

    Reply
  28. Tomi Engdahl says:

    H1 2021: Malware and Vulnerability Trends Report https://www.recordedfuture.com/malware-vulnerability-trends-report/
    This report examines trends in malware use, distribution, and development, and high-risk vulnerabilities disclosed by major hardware and software vendors between January 1 and June 30, 2021. Data was assembled from the Recorded Future® Platform, open-source intelligence (OSINT), and public reporting on NVD data. This report will assist threat hunters and security operations center (SOC) teams in strengthening their security posture by prioritizing hunting techniques and detection methods based on this research and data along with vulnerability teams looking for ways to prioritize patching and identify trends in vulnerability targeting.

    Reply
  29. Tomi Engdahl says:

    Cyberattacks Use Office 365 to Target Supply Chain https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/
    Malicious actors have a history of trying to compromise users Office
    365 accounts. By doing so, they can tunnel into a network and use their access to steal sensitive information. But they need not stop there. They can also single out other entities with which the target does business for supply chain cyberattacks. In the summer of 2019, phishers used fake alerts to trick admins into thinking that their Office 365 licenses had expired. Those messages instructed the admins to click on a link so that they could sign into the Office 365 Admin Center and review the payment details. Instead, that sign-in page stole their account credentials.

    Reply
  30. Tomi Engdahl says:

    FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends https://us-cert.cisa.gov/ncas/current-activity/2021/08/31/fbi-cisa-advisory-ransomware-awareness-holidays-and-weekends
    Today, the Federal Bureau of Investigation (FBI) and CISA released a Joint Cybersecurity Advisory (CSA) to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekendswhen offices are normally closed. Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021. Alert (AA21-243A):
    https://us-cert.cisa.gov/ncas/alerts/aa21-243a

    Reply
  31. Tomi Engdahl says:

    Top 3 API Vulnerabilities: Why Apps are Pwned by Cyberattackers https://threatpost.com/top-3-api-vulnerabilities-cyberattackers/169048/
    Application programming interfaces (APIs) have become the glue that holds todays apps together. Theres an API to turn on the kitchen lights while still in bed. Theres an API to change the song playing on your house speakers. Whether the app is on your mobile device, entertainment system or garage door, APIs are what developers use to make applications function. There are three major vulnerability types that cyberattackers target in order to own apps. But first, some background on what makes APIs such a security concern.

    Reply
  32. Tomi Engdahl says:

    Ransomware attacks on US schools and colleges cost $6.62bn in 2020 https://www.comparitech.com/blog/information-security/school-ransomware-attacks/
    In 2020, 77 individual ransomware attacks affected over 1,740 schools and colleges, potentially impacting 1.36 million students. We estimate that these attacks cost education institutions $6.62 billion in downtime alone. Most schools will have also faced astronomical recovery costs as they tried to restore computers, recover data, and shore up their systems to prevent future attacks. Over the last few years, ransomware attacks have become an increasing concern for schools and colleges worldwide.

    Reply
  33. Tomi Engdahl says:

    Initial Access Broker use, stolen account sales spike in cloud service cyberattacks https://www.zdnet.com/article/initial-access-broker-use-stolen-account-sales-spike-in-cloud-service-cyberattacks/
    There is rising demand for the services of Initial Access Brokers
    (IABs) and access credentials in cloud-based cyberattacks. On Tuesday, Lacework published its 2021 Cloud Threat Report vol.2, outlining how today’s cybercriminals are attempting to cut out some of the legwork involved in campaigns against cloud service providers.. Over this year, the cloud security firm’s team has observed a number of trends of note in the cloud space, including increased demand for IABs.

    Reply
  34. Tomi Engdahl says:

    Tässä ovat julkishallinnon it-järjestelmien yleisimmät haitat
    https://www.tivi.fi/uutiset/tv/a0b4bc97-9049-4c99-aadd-df99d12ec721
    Digi- ja väestötietoviraston (DVV) toteuttaman kyselyn tulokset osoittavat, että julkisen hallinnon organisaatiot ovat kehittäneet järjestelmällisesti tietoturvaa, tietosuojaa ja häiriötilanteisiin varautumista viimeisen kahden vuoden aikana. Vaikka digiturvallisuus on kehittynyt, on myös uusia uhkia ilmennyt. Positiiviseen kehitykseen ovat DVV:n tiedotteen mukaan vaikuttaneet lainsäädännön tuomat vaatimukset, mutta myös toimintaympäristön nopeat muutokset, kuten koronapandemian aiheuttama etätöihin siirtyminen sekä tietoverkkorikollisuuden ja kybervakoilun yleistyminen. DVV kartoitti hallinnollista digiturvallisuutta kyselyllä keväällä 2021. Suurimmat vastaajaryhmät olivat valtionhallinto, kunnat ja kuntayhtymät, korkeakoulut sekä julkishallinnon omistamat sosiaali- ja terveysalan toimijat.

    Reply
  35. Tomi Engdahl says:

    US officials, experts fear China ransacked Exchange servers for data to train AI systems https://www.theregister.com/2021/08/31/in_brief_security/
    The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR.
    The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement. It’s said the crew exploited four zero-days in Redmond’s mail software in a chain to hijack the servers and siphon off data.
    And what started small turned into what Chang Kawaguchi, CISO for Microsoft 365, told NPR this month was the fastest scale-up of a cyber-attack he’d ever seen.

    Reply
  36. Tomi Engdahl says:

    Verkkorikolliset iskevät nyt pieniinkin suomalaisiin yrityksiin ovat saaneet ennen olla rauhassa
    https://www.tivi.fi/uutiset/tv/5b2cc6d6-0f04-45b0-841c-242a4b4fc3e1
    Olemme viime aikoina nähneet kohdistettuja hyökkäyksiä esimerkiksi suomalaisiin teollisuusyrityksiin ja pieniin yrityksiin. Näissä hyökkäyksissä voi olla kyse silkasta kiusanteosta, mutta vaikuttimet voivat olla myös poliittis-taloudellisia taustaltaan, Telia Cygaten palveluliiketoiminnan johtaja Toni Vartiainen kertoo tiedotteessa.
    Vartiaisen mukaan suomalaisyritykset eivät ole riittävän valmistautuneita uuteen tietoturvaympäristöön. Varsinkin liikkuminen etätyömalliin on aiheuttanut ongelmia tietoturvalle.

    Reply
  37. Tomi Engdahl says:

    Viranomainen antaa evästeiden käytölle uudet ohjeet tarkoitettu suositusluonteiseksi dokumentiksi https://www.tivi.fi/uutiset/tv/257a12d0-e6f1-45e8-8ed6-02a726639afa
    Liikenne- ja viestintävirasto Traficom on valmistellut palveluntarjoajille ja loppukäyttäjille tarkoitettuja ohjeistuksia yhteistyössä tietosuojavaltuutetun toimiston kanssa. Hankkiakseen lisäviisautta se pyysi kesän mittaan julkisia kommentteja valmisteilla oleviin ohjeisiin. Ohjeistuksen piti alun alkaen valmistua kesän aikana, mutta vielä ei ole aivan valmista. Kommenttien alkuperäinen määräaika oli elokuun 9. päivä. Osa toimijoista pyysi kesälomien takia lisäaikaa lausunnon toimittamiseen.

    Reply
  38. Tomi Engdahl says:

    Paul Bischoff / Comparitech:
    Study: in 2020, 77 ransomware attacks affected over 1,740 US schools and colleges, potentially impacting 1.36M students and costing ~$6.6B in downtime alone

    Ransomware attacks on US schools and colleges cost $6.62bn in 2020
    https://www.comparitech.com/blog/information-security/school-ransomware-attacks/

    In 2020, 77 individual ransomware attacks affected over 1,740 schools and colleges, potentially impacting 1.36 million students. We estimate that these attacks cost education institutions $6.62 billion in downtime alone. Most schools will have also faced astronomical recovery costs as they tried to restore computers, recover data, and shore up their systems to prevent future attacks.

    Over the last few years, ransomware attacks have become an increasing concern for schools and colleges worldwide. They take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data. But what we did notice in 2020 was that while individual attack figures decreased quite significantly, the number of schools and students impacted by the attacks grew exponentially. This suggests hackers targeted larger school districts with bigger annual budgets, hoping to cause greater disruption and increase their ransom payment demands.

    This trend looks as though it has continued in 2021, too, exemplified by the “bizarre” $40 million ransom request made to Broward County Public Schools in April.

    Reply
  39. Tomi Engdahl says:

    An Explosion in Geofence Warrants Threatens Privacy Across the US
    New figures from Google show a tenfold increase in the requests from law enforcement, which target anyone who happened to be in a given location at a specified time.
    https://www.wired.com/story/geofence-warrants-google/

    Reply
  40. Tomi Engdahl says:

    What Has Changed Since the 2017 WannaCry Ransomware Attack?
    https://securityintelligence.com/articles/what-has-changed-since-wannacry-ransomware-attack/
    The cybersecurity world is still feeling the effects of the 2017 WannaCry ransomware attack today. While the majority of the damage occurred in the weeks after May 12, 2017, WannaCry ransomware attacks actually increased 53% from January 2021 to March 2021. While researching my in-depth article WannaCry: How the Widespread Ransomware Changed Cybersecurity, I learned that WannaCry attacks are still found today. Even so, I was surprised that it is still such an active issue. So, what has happened since then? What are these attackers doing today? How have organizations responded to these threats? And will an attack like this happen again?

    Reply
  41. Tomi Engdahl says:

    Half of businesses can’t spot these signs of insider cybersecurity threats https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/
    Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyberattacks. Research by security think tank the Ponemon Institute and cybersecurity company DTEX Systems suggests that over half of companies find it impossible or very difficult to prevent insider attacks. These businesses are missing indicators that something might be wrong. Those include unusual amounts of files being opened, attempts to use USB devices, staff purposefully circumventing security controls, masking their online activities, or moving and saving files to unusual locations. All these and more might suggest that a user is planning malicious activity, including the theft of company data.

    Reply
  42. Tomi Engdahl says:

    FBI warns of ransomware gangs targeting food, agriculture orgs https://www.bleepingcomputer.com/news/security/fbi-warns-of-ransomware-gangs-targeting-food-agriculture-orgs/
    The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain.

    Reply
  43. Tomi Engdahl says:

    Attackers Will Always Abuse Major Events in our Lifes
    https://isc.sans.edu/diary/rss/27808
    All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or collect interesting data (credentials). It’s the same with major meteorological phenomena. The hurricane “Ida” was the second most intense hurricane to hit the state of Louisiana on record, only .
    behind “Katrina”

    Reply
  44. Tomi Engdahl says:

    The Postmortem Password Problem
    https://hackaday.com/2021/09/01/the-postmortem-password-problem/

    Death and passwords: two things we just can’t avoid. With so much of our lives tied up in cloud services nowadays, there’s good reason to worry about what happens to these accounts if we drop dead tomorrow. For many of us, important documents, photos, financial information and other data will be locked behind a login prompt. Your payment methods will also expire shortly after you have, which could lead to data loss if not handled promptly. The most obvious way to address this is to give a trusted party access in case of emergency.
    A Bad Solution

    Let’s start with the simplest solution: using the same password everywhere. Great, all you need to do is put this on a Post-it note, stuff it in an envelope, and let someone know where to find it. Unfortunately, using a single password for many services is a terrible idea. Password breaches happen, and if you’re using a single password across the internet, they can be disastrous.

    Reply
  45. Tomi Engdahl says:

    In space, no one can hear cyber security professionals scream
    Miscreants hacking vulnerable orbital hardware could set living standards back by decades in seconds
    https://www.theregister.com/2021/09/02/in_space_no_security/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*