Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
U.S. National Security Agency Issues Update on Quantum-Resistant Encryption
By Francisco Pires
https://www.tomshardware.com/news/us-national-security-agency-issues-update-on-crypto-resistant-encryption
Preparing for a quantum computing future and the new national security challenges
Tomi Engdahl says:
The cybersecurity industry is burning — but VCs don’t care
https://venturebeat.com/2021/09/02/the-cybersecurity-industry-is-burning-and-vcs-dont-care/
To say cybersecurity is booming would be an understatement. We’re talking about security companies’ skyrocketing valuations ($524.1 million on average) and the massive amount of funding ($12.2 billion just this year so far) investors are pouring into the industry, of course. Because in terms of success, there’s a lot to be desired. Recent supply chain attacks on SolarWinds and Kaseya, as well as the zero-day attack on Microsoft Exchange, took cybercrime to new levels and showed how one breach could cripple tens or even hundreds of thousands of organizations. And attacks on critical infrastructure like hospitals and the Colonial Pipeline made clear just how high the stakes are. The year 2020 alone saw more data breaches than in the last 15 years combined — and 2021 isn’t looking any better.
Tomi Engdahl says:
Fed up with constant cyberattacks, one country is about to make some big changes
https://www.zdnet.com/article/fed-up-with-constant-cyberattacks-one-country-is-about-to-make-some-big-changes/
Italy has faced a barrage of cyberattacks in recent weeks, and has struggled to cope with the fallout. But a new security agency and a fresh influx of funding could help turn the tide.
Tomi Engdahl says:
9 notable government cybersecurity initiatives of 2021
Governments are increasingly taking on cybersecurity threats, as these nine government-led initiatives from around the globe show.
https://www.csoonline.com/article/3630632/9-notable-government-cybersecurity-initiatives-of-2021.html
Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations.
“Government-led cybersecurity initiatives are critical to addressing cybersecurity issues such as destructive attacks, massive data breaches, poor security posture, and attacks on critical infrastructure,” Steve Turner, security and risk analyst at Forrester, tells CSO. “These initiatives provide consistent guidance on how organizations and consumers can protect themselves, provide services to companies that don’t have the knowledge or monetary means to protect themselves, legislative levers that can be utilized, means of taking offensive actions against nation state adversaries, and most of all investigation of significant cyber incidents paired with critical information sharing during or after those incidents.”
Tomi Engdahl says:
Vakava varoitus: neljän vuoden sisällä tapahtuu kybermurha
Samuli Leppälä2.9.202110:55|päivitetty2.9.202110:55TIETOTURVAKYBERSOTAHAKKERIT
Jo parin vuoden sisällä kyberhyökkäys voi johtaa henkilövahinkoihin.
https://www.tivi.fi/uutiset/vakava-varoitus-neljan-vuoden-sisalla-tapahtuu-kybermurha/785194ca-31d7-4758-9814-6bc19f61d89a
Tavallisesti kyberhyökkäyksessä vaarantuu dataa, minkä lisäksi kiristyshyökkäys voi joko jarruttaa tai kokonaan pysäyttää yhtiön toiminnan. Tämä on kuitenkin pientä verrattuna tulevaisuudenkuviin, joita tietoturvayhtiö Gartner maalailee tiedotteessaan.
Tomi Engdahl says:
NSA: We ‘don’t know when or even if’ a quantum computer will ever be able to break today’s public-key encryption
Then again, it would say that
https://www.theregister.com/2021/09/01/nsa_quantum_computing_faq/
Tomi Engdahl says:
Sähköinen allekirjoitus lainsäädännössä – katsaus eritasoisiin sähköisiin allekirjoituksiin
https://vismasign.fi/blog/sahkoinen-allekirjoitus-lainsaadannossa/
Tärkeimmät pointit kiireisimmille:
Euroopan Unionin eIDAS-asetus takaa sähköisen allekirjoituksen juridisen pätevyyden.
Asetuksessa sähköiset allekirjoitukset jaetaan kolmeen ryhmään: yksinkertainen sähköinen allekirjoitus (SES), kehittynyt sähköinen allekirjoitus (AES) ja hyväksytty (eng. qualified) sähköinen allekirjoitus (QES)
QES-tasoisen allekirjoituksen pystyy Suomessa tekemään vain digi- ja väestöviraston myöntämää kansalais- tai organisaatiovarmennetta hyödyntäen. Vaatii käytännössä poliisin myöntämän sirulla varustetun henkilö- tai organisaatiokortin.
AES- tasoinen sähköinen allekirjoitus hyödyntää vahvoja tunnistautumismenetelmiä, kuten pankkitunnistautumista tai mobiilivarmennetta
Sähköisen allekirjoituksen laajamittaiseen hyödyntämiseen yksityis- ja yrityskäytössä soveltuu parhaiten AES-tasoinen sähköinen allekirjoitus.
AES-tasoisella sähköisellä allekirjoituksella on laaja hyväksyntä yhteiskunnan eri sektoreilla. AES-tasoisia sähköisiä allekirjoituksia hyödynnetään laajasti mm. pankkisektorilla
eIDAS asetuksen mukaan sähköisen allekirjoituksen käytettävyyttä todisteena ei voi torjua vain sillä perusteella, että se on sähköisessä muodossa, tai että se ei täytä QES-tasoisen sähköisen allekirjoituksen vaatimuksia.
Oikeusvaikutukset samalla viivalla perinteisen allekirjoituksen kanssa
Euroopan Unionin sähköistä tunnistautumista ja luottamuspalveluja säätelevän eIDAS-asetuksen 25. artiklan mukaan hyväksytyn sähköisen allekirjoituksen oikeusvaikutukset ovat yhdenmukaiset käsin tehdyn allekirjoituksen kanssa. Vaikka sähköisen allekirjoituksen yhtäläisistä oikeusseuraamuksista säätävässä eIDAS-asetuksen kohdassa mainitaan erikseen vain hyväksytty sähköinen allekirjoitus (QES), saman artiklan ensimmäinen kohta määrää, ettei sähköisen allekirjoituksen käytettävyyttä todisteena oikeudellisissa menettelyissä voi kieltää ainoastaan sillä perusteella, että se on sähköisessä muodossa tai että se ei täytä hyväksyttyjen sähköisten allekirjoitusten vaatimuksia.
SES, AES, QES…?
Sähköiset allekirjoitukset jaetaan EU-lainsäädännössä kolmeen eri kategoriaan. Nämä ovat sähköinen allekirjoitus (electronic signature), kehittynyt sähköinen allekirjoitus (advanced electronic signature, AES) sekä hyväksytty sähköinen allekirjoitus (qualified electronic signature, QES). Matalimman tason sähköisestä allekirjoituksesta käytetään myös nimitystä “yksinkertainen sähköinen allekirjoitus” (simple electronic signature eli SES).
eIDAS-asetus määrittelee sähköisen allekirjoituksen sähköisessä muodossa olevaksi tiedoksi, joka on liitetty tai joka loogisesti liittyy muuhun sähköisessä muodossa olevaan tietoon ja jota allekirjoittaja käyttää allekirjoittamiseen. Toisin sanottuna sähköinen allekirjoitus voi yksinkertaisimmillaan olla PDF-tiedoston alareunaan merkitty nimi. Tällöin puhutaan SES-tasoisesta yksinkertaisesta sähköisestä allekirjoituksesta.
“Kehittynyt sähköinen allekirjoitus” (AES) tarkoittaa sähköistä allekirjoitusta, joka täyttää eIDAS-asetuksen 26. Artiklan säätämät vaatimukset. Nämä ovat seuraavat:
Sillä voidaan yksilöidä allekirjoittaja
Se on luotu käyttäen sähköisen allekirjoituksen luontitietoja, joita allekirjoittaja voi korkealla varmuustasolla käyttää yksinomaisessa valvonnassaan
Se on liitetty sillä allekirjoitettuun tietoon siten, että tiedon mahdollinen myöhempi muuttaminen voidaan havaita.
“Hyväksytty sähköinen allekirjoitus” (QES) määritellään eIDAS-asetuksessa kehittyneeksi sähköiseksi allekirjoitukseksi, joka on luotu hyväksytyllä sähköisen allekirjoituksen luontivälineellä ja joka perustuu sähköisten allekirjoitusten hyväksyttyyn varmenteeseen.
Tomi Engdahl says:
Deepfakes in cyberattacks aren’t coming. They’re already here.
https://venturebeat.com/2021/08/28/deepfakes-in-cyberattacks-arent-coming-theyre-already-here/
In March, the FBI released a report declaring that malicious actors almost certainly will leverage “synthetic content” for cyber and foreign influence operations in the next 12-18 months. This synthetic content includes deepfakes, audio or video that is either wholly created or altered by artificial intelligence or machine learning to convincingly misrepresent someone as doing or saying something that was not actually done or said.
We’ve all heard the story about the CEO whose voice was imitated convincingly enough to initiate a wire transfer of $243,000. Now, the constant Zoom meetings of the anywhere workforce era have created a wealth of audio and video data that can be fed into a machine learning system to create a compelling duplicate. And attackers have taken note. Deepfake technology has seen a drastic uptick across the dark web, and attacks are certainly taking place.
Tomi Engdahl says:
https://www.darknet.org.uk/2021/08/karkinos-beginner-friendly-penetration-testing-tool/
Tomi Engdahl says:
The U.S. Patent System and Quantum Cryptography: An Awkward Relationship
https://www.ipwatchdog.com/2021/08/29/u-s-patent-system-quantum-cryptography-awkward-relationship/id=137148/
“Given the legal questions around the patentability of software and computing technology, tech companies have found it hard to project the proper approach for patenting these types of technologies. This confusion is likely to apply to quantum computing.”
Tomi Engdahl says:
https://github.com/Dewalt-arch/pimpmykali
Tomi Engdahl says:
https://www.techrepublic.com/article/6-cybersecurity-training-best-practices-for-smbs/
Tomi Engdahl says:
https://www.dna.fi/yrityksille/blogi/-/blogs/dna-secure-sd-wan-toimintavarman-ja-tietoturvallisen-yritysverkon-tehoratkaisu?utm_source=facebook&utm_medium=linkad&utm_content=ILTE-artikkeli-dna-secure-sd-wan-toimintavarman-ja-tietoturvallisen-yritysverkon-tehoratkaisu&utm_campaign=H_MESLAS_21-34-36_fortinet&fbclid=IwAR24elp6I8HLrShzSXAIBpjYo2C9niIXvdWbjYUXb3AtnnMRCmZTB8PdebQ
Tomi Engdahl says:
The State of SSL/TLS Certificate Usage in Malware C&C Communications https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/ssl-tls-technical-brief/ssl-tls-technical-brief.pdf
Over the last six years there has been an increased shift by malware authors to secure their C&C communications using the SSL/TLS protocol to stymie detection and blend in with normal traffic. This shift is noticeable in commodity malware, as well as in APT type attacks.. This is also seen in red teaming tabletop exercises to test the capabilities of different detection security layers, using frameworks such as Cobalt Strike, Metasploit and Core Impact, among others
Tomi Engdahl says:
FBI: Spike in sextortion attacks cost victims $8 million this year https://www.bleepingcomputer.com/news/security/fbi-spike-in-sextortion-attacks-cost-victims-8-million-this-year/
The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July.
Tomi Engdahl says:
RISK CONSIDERATIONS FOR MANAGED SERVICE PROVIDER CUSTOMERS https://www.cisa.gov/publication/risk-considerations-msp-customers
This CISA Insights provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.
Tomi Engdahl says:
Confessions of a ransomware negotiator: Well, somebody’s got to talk to the criminals holding data hostage https://www.theregister.com/2021/09/03/how_to_be_a_ransomware/
Often he finds that the ransomware gang’s negotiating skills are quite weak. So part of his role is to make sure that the ransomware-flingers or their henchpersons don’t learn anything more during the negotiations than they already do about the company they’ve attacked and the data they’ve encrypted and/or stolen.
Tomi Engdahl says:
The common vulnerabilities leaving industrial systems open to attack
https://venturebeat.com/2021/09/05/the-common-vulnerabilities-leaving-industrial-systems-open-to-attack/
The industrial sector was the second most targeted by malicious actors in 2020, when data extortion became a primary tactic and attacks skyrocketed. Overall, the year saw more cyberattacks than the past 15 years combined. And the trend has unfortunately persisted throughout this new year — industrial systems continue to come under siege by ransomware, and attacks on critical infrastructure like the Colonial Pipeline and JBL, the world’s largest meat processor, show just how high the stakes are.
The good news is that we do know where many of the vulnerabilities lie. Recent research from industrial security company Claroty, which uncovered many “critical” vulnerabilities in industrial control systems, also laid out which specific vendors are putting industrial enterprises at risk. Now a new report from security company Positive Technologies has revealed the most common industrial vulnerabilities.
Tomi Engdahl says:
Watch what you send on anonymous SMS websites https://blog.malwarebytes.com/privacy-2/2021/09/watch-what-you-send-on-anonymous-sms-websites/
[Anonymous SMS services] are websites which offer SMS services sending messages to you, as opposed to someone else. How does this play out?.
… Each temporary mobile number has its own page on the site you obtain it from. All of the messages sent to that number will be people wanting a code, or a pass, or a login, or a confirmation.. Those messages, for all of those people, display publicly on the numbers page.
Tomi Engdahl says:
FBI Warns Ransomware Attack Could Disrupt Food Supply Chain
https://www.securityweek.com/fbi-warns-ransomware-attack-could-disrupt-food-supply-chain
Ransomware attack on U.S. farm incurred $9 million in losses
The Federal Bureau of Investigation (FBI) has sent out a Private Industry Notification to warn organizations in the Food and Agriculture sector about an increase in ransomware attacks that could and impact the food supply chain.
The increased reliance on smart technologies, Internet-connected (IoT) devices, and industrial control systems exposes the sector to various types of cyberattacks that may lead to disrupted operations, affecting the entire food supply chain.
All types of businesses in the sector are at risk, the FBI says, including farms, processors, manufacturers, markets, and restaurants. Ransomware attacks are often complemented by the theft of data, which is then used as leverage to extort victims.
“Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack,” the FBI’s notification says.
Some high-profile attacks this year have shown just how disruptive ransomware can be. The Kaseya attack forced one of Sweden’s leading supermarket chains to close hundreds of stores for days. Meat processing giant JBS had to suspend operations as well, just as Colonial Pipeline and Molson Coors did.
Tomi Engdahl says:
IoT Attacks Skyrocket, Doubling in 6 Months https://threatpost.com/iot-attacks-doubling/169224/
According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks up from 639 million during the previous half year, which is more than twice the volume.
Tomi Engdahl says:
Ransomware attacks, all concerned how to prevent them and respond to an incident https://www.ssi.gouv.fr/uploads/2021/08/anssi-guide-ransomware_attacks_all_concerned-v1.0.pdf
Ransomware attacks are a current and growing trend, not only in France, but also worldwide. Because they are a serious threat, this guide translated into English aims at making our expertise and our recommendations available to a wider audience we hope that you find it useful.
Tomi Engdahl says:
New Chainsaw tool helps IR teams analyze Windows event logs https://www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/
Authored by James D, lead threat hunter at F-Secures Countercept division, Chainsaw is a Rust-based command-line utility that can go through event logs to highlight suspicious entries or strings that may indicate a threat.. The tool uses the Sigma rule detection logic to quickly find event logs relevant to the investigation.. Tool at https://github.com/countercept/chainsaw
Tomi Engdahl says:
The Ideal Ransomware Victim: What Attackers Are Looking For https://ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/
In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities.
Others aim to plant ransomware and steal data. KELA explored what is valuable for threat actors buying accesses, especially ransomware .
attackers, and built a profile of an ideal ransomware victim.. On average, the actors active in July 2021 aimed to buy access to US companies with revenue of more than 100 million USD. Almost half of them refused to buy access to companies from the healthcare and education industries.. The most common products (enabling network
access) mentioned were Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco.. Ransomware attackers are ready to pay for access up to
100,000 USD, with most actors setting the boundaries at half of that price 56,250 USD.
Tomi Engdahl says:
CISO Conversations: The Difference Between Securing Cities and Businesses
https://www.securityweek.com/ciso-conversations-difference-between-securing-cities-and-businesses
Tomi Engdahl says:
Patch now? Why enterprise exploits are still partying like it’s 1999 https://www.theregister.com/2021/09/08/patch_now_why_enterprise_exploits/
Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report (CVE-1999-0517, impacting Simple Network Management Protocol) dated back to 1999. Which raises the question, why are threat actors being allowed to party like it’s, um… 1999?
Tomi Engdahl says:
CISA Reminds of Risks Connected to Managed Service Providers
https://www.securityweek.com/cisa-reminds-risks-connected-managed-service-providers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to take into consideration when looking to outsource services to a Managed Service Provider (MSP).
Titled Risk Considerations for Managed Service Provider Customers, CISA’s new guidance is aimed at three decision-making groups: senior executives and boards of directors, procurement professionals, and network/system administrators and front-line cybersecurity staff.
https://www.cisa.gov/sites/default/files/publications/cisa-insights_risk-considerations-for-msp-customers_508.pdf
Tomi Engdahl says:
https://www.securityweek.com/impact-pandemic-todays-approach-cybersecurity
https://www.securityweek.com/measuring-cybersecurity-training-effectiveness
Tomi Engdahl says:
Joka kolmas epäilyttävä työmeili yrittää kalastella tietoja
https://etn.fi/index.php/13-news/12534-joka-kolmas-epaeilyttaevae-tyoemeili-yrittaeae-kalastella-tietoja
Uuden tutkimuksen mukaan 33 prosenttia työntekijöiden ilmoittamista kalastelusähköpostiviesteistä on tietoturvan kannalta haitallista tai erittäin haitallista sisältöä. Havainto perustuu F-Securen analyysiin, jota varten on kerätty työntekijöiden raportoimia sähköpostiviestejä eri organisaatioilta ympäri maailmaa vuoden 2021 ensimmäisen puoliskon ajan.
Kolmasosa työtekijöistä, joiden organisaatiossa on käytössä F-Securen Microsoft Office 365:n sähköpostiraportointi, lähettivät yli 200 000 sähköpostia analysoitavaksi vuoden ensimmäisen puoliskon aikana. Aktiiviset käyttäjät lähettivät keskimäärin 2,14 sähköpostia.
Analyysin mukaan yleisin syy ilmoituksen tekemiseen oli epäilyttävä linkki, jonka mainitsi 59 prosenttia käyttäjistä. 54 prosenttia ilmoitti sähköpostista väärän tai odottamattoman lähettäjän takia ja 37 prosenttia roskapostin vuoksi. Käyttäjistä 34% epäili manipulointia (social engineering) ja 7% teki ilmoituksen epäilyttävän liitteen vuoksi.
Tomi Engdahl says:
Ali Watkins / New York Times:
NYC police officers and critics describe the NYPD’s growing use of post-9/11 digital surveillance tools, initially used for counterterrorism, in minor cases — Two decades after the attack on New York City, the Police Department is using counterterrorism tools and tactics to combat routine street crime.
https://www.nytimes.com/2021/09/08/nyregion/nypd-9-11-police-surveillance.html
Tomi Engdahl says:
The Dark Side Of Package Repositories: Ownership Drama And Malware
https://hackaday.com/2021/09/08/the-dark-side-of-package-repositories-ownership-drama-and-malware/
At their core, package repositories sound like a dream: with a simple command one gains access to countless pieces of software, libraries and more to make using an operating system or developing software a snap. Yet the rather obvious flip side to this is that someone has to maintain all of these packages, and those who make use of the repository have to put their faith in that whatever their package manager fetches from the repository is what they intended to obtain.
How ownership of a package in such a repository is managed depends on the specific software repository, with the especially well-known JavaScript repository NPM having suffered regular PR disasters on account of it playing things loose and fast with package ownership. Quite recently an auto-transfer of ownership feature of NPM was quietly taken out back and erased after Andrew Sampson had a run-in with it painfully backfiring.
In short, who can tell when a package is truly ‘abandoned’, guarantee that a package is free from malware, and how does one begin to provide insurance against a package being pulled and half the internet collapsing along with it?
Tomi Engdahl says:
Understanding & Detecting C2 Frameworks — BabyShark
https://pentestmag.com/understanding-detecting-c2-frameworks-babyshark/
Tomi Engdahl says:
Bounty.fi – From bounty hunters to bounty hunters!
https://bounty.fi/
This site contains links to materials that you can use to learn about bug bounties.
Tomi Engdahl says:
Flowspec Bulletproof Services Enable Cybercrime Worldwide https://www.riskiq.com/blog/external-threat-management/flowspec-bulletproof-hosting/
In our analysis of threat infrastructure spanning the global attack surface, we see bulletproof hosting providers continue to play an integral role in threat campaigns and provide essential services for cybercriminals. Flowspec, a bulletproof hosting provider that has been around since October 2018, is a one-stop-shop for threat groups, facilitating phishing campaigns, malware delivery, Magecart .
skimmers, and large swaths of other malicious infrastructure.
Tomi Engdahl says:
2021 Threat Hunting Report
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021ThreatHunting.pdf
ECrime adversaries are moving with increasing speed in pursuit of their objectives. OverWatch observations show they are capable of moving laterally within a victim environment in an average of 1 hour and 32 minutes.. OverWatch has tracked a 60% increase in interactive intrusion activity in the past year. The threat of hands-on intrusion activity remains very real – OverWatch has observed and disrupted intrusions spanning all industry verticals and geographic regions.
ECrime continues to dominate the threat landscape, making up 75% of interactive intrusion activity. . Targeted intrusion adversaries remain a prominent threat, particularly for the telecommunications industry.
Tomi Engdahl says:
Uusi merenkulun kyberturvallisuusohjeistus varustamoille ja aluksille https://shipowners.fi/wp-content/uploads/2021/09/WWW_Parhaat_ka%CC%88yta%CC%88nno%CC%88t_aluksille_SU.pdf
Suomen Varustamot ry ja Huoltovarmuusorganisaatioon kuuluva Vesikuljetuspooli ovat julkaisseet kyberturvallisuuden parhaat käytännöt -ohjeistuksen varustamoille ja aluksille. Ohjeistus perustuu yhdessä tehtyyn laajaan merenkulun kyberturvallisuusselvitykseen.
Tomi Engdahl says:
Threat landscape for industrial automation systems in H1 2021 https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h1-2021/104017/
Full report at
https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Threat-landscape-for-industrial-automation-systems-statistics-for-H1-2021-En.pdf
Tomi Engdahl says:
Dark Covenant: Connections Between the Russian State and Criminal Actors https://www.recordedfuture.com/russian-state-connections-criminal-actors/
The intersection of individuals in the Russian cybercriminal world and officials in the Russian government, typically from the domestic law enforcement or intelligence services, is well established yet highly diffuse. The relationships in this ecosystem are based on spoken and unspoken agreements and comprise fluid associations. Recorded Future identified 3 types of links between the Russian intelligence services and the Russian criminal underground based on historical activity and associations, as well as recent ransomware attacks: direct links, indirect affiliations, and tacit agreement. Even in cases with discernible, direct links between cybercriminal threat actors and the Russian state, indirect affiliations suggest collaboration, and a lack of meaningful punitive actions shows either a tolerance for, or tacit approval of, these efforts.
Tomi Engdahl says:
US Gov Seeks Public Feedback on Draft Federal Zero Trust Strategy
https://www.securityweek.com/us-gov-seeks-public-feedback-draft-federal-zero-trust-strategy
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
The OMB has drafted a federal strategy to transition the U.S. government towards a zero-trust architecture and is now seeking public feedback to improve the documentation and improve the government’s cybersecurity stance.
The draft strategy, which falls in line with the Executive Order on Improving the Nation’s Cybersecurity (EO 14208) that requires for civilian agencies’ enterprise security architecture to be changed based on zero trust principles – clarifies zero trust priorities for these agencies.
Office of Management and Budget Releases Draft Federal Strategy For Moving the U.S. Government Towards a Zero Trust Architecture
https://www.whitehouse.gov/omb/briefing-room/2021/09/07/office-of-management-and-budget-releases-draft-federal-strategy-for-moving-the-u-s-government-towards-a-zero-trust-architecture/
Tomi Engdahl says:
Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent
https://www.securityweek.com/hacking-hire-three-ways-recruit-and-retain-cyber-talent
Finding the right fit for your security team remains a daunting and somewhat challenging task in today’s world. There’s a well-documented shortage of talent across the cybersecurity industry dating back several years. The COVID-19 pandemic and the challenges it brought have made matters worse.
Recent reports and surveys don’t paint a pretty picture.
ESG and ISSA’s fifth annual research report, The Life and Times of Cybersecurity Professionals 2021, said “the cybersecurity skills crisis continues on a downward, multi-year trend of bad to worse and has impacted more than half of organizations.” Nearly everyone surveyed (95%) agreed that the gap hasn’t improved over the past several years; 44% say it’s only gotten worse.
In the federal sector, a recent Partnership for Public Service report (PDF) found the number of full-time cyber employees only increased by 8% from September 2016 to September 2020. Many agencies still struggle with retaining a cyber workforce that actually looks like the American public; few are female, few are under 30.
While the availability of some resources, like the Cyber Aptitude and Talent Assessment (CATA), seems poised to help, it won’t be a silver bullet. Organizations still need to take steps to train and retain cybersecurity talent. With that in mind, what are the best practices for finding the right fit for your security team? If your company is bleeding talent, what strategies can you employ to help ensure cyber talent retention?
Mismanagement Driving Cybersecurity Skills Gap: Research
https://www.securityweek.com/mismanagement-driving-cybersecurity-skills-gap-research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”
There is no substantive difference between this year’s Life and Times of Cybersecurity Professionals (produced by ESG and ISSA) and the previous four annual studies – they are all depressing. But that speaks volumes. It is time to take note of what the study tells us, to learn the lessons, to change the background, and improve the future.
”When I look at this year’s study (PDF),” ISSA’s international president, Candy Alexander, told SecurityWeek, “I think, Are you kidding me? We’ve been doing the same study with the same results for five years. It is truly the definition of insanity to do the same thing and expect different results – but the industry continues to do the same thing and of course nothing changes.”
This year, ISSA polled 489 cybersecurity professionals from around the world. It found that the skills gap continues to worsen; that cybersecurity professionals continue to feel they are under compensated; they do not get enough training; are under-resourced; and they don’t feel supported.
The skills gap
The skills gap is partly a self-inflicted wound on the industry by the industry. The industry demands that new recruits have both academic qualifications and practical experience – two qualities that are largely mutually exclusive. When it cannot find new recruits meeting this demand, the industry simply calls the result a skills gap.
There are other problems. “We tend to simplify things,” said Alexander; “so we say, well education is one of those factors contributing to the skills gap. It is, but it is not the sole cause.” What concerns her about education is its inability to keep up with the speed with which new technology is developed and used.
“It takes time to develop new curricula,”
Tomi Engdahl says:
Three Ways to Keep Cloud Data Safe From Attackers
https://www.securityweek.com/three-ways-keep-cloud-data-safe-attackers
The idea behind obfuscated billing is that an adversary may be able to access public records that tie an enterprise to a cloud deployment simply because their name is on the bill. When using an obfuscation strategy, the cloud deployment is procured through separate legal entities that make this discovery of the end user much more challenging.
Cloud obfuscation is another critical best practice given the rise of ransomware tactics that lock up critical business processes and data. Many recent ransomware attacks have involved a compromise of credentials that allowed criminals to access cloud instances. These backup environments were then corrupted with false data making it impossible to use them to recover from a ransomware attack.
Enterprises need to make it much more difficult for threat actors to even know these backup environments exist. One way to do this is by totally disassociating the most critical business data from enterprise cloud deployments. This can be achieved by procuring a totally separate commercial cloud instance that is reserved for the company’s most sensitive data and only accessible through zero trust controls. In addition,this data should be encrypted in transit using keys controlled by the organization.
Tomi Engdahl says:
Is the Taliban a Cyber Threat to the West?
https://www.securityweek.com/taliban-cyber-threat-west
Two decades ago, the U.S. and its allies invaded Afghanistan as retribution for the 9/11 terrorist attacks carried out by the al-Qaeda terror group. The Taliban, who had harbored al-Qaeda in Afghanistan, was forced out of government. Now, 20 years later, the U.S. has left Afghanistan, and the Taliban has returned. U.S. Defense Secretary Lloyd Austin warned this week that the al-Qaeda extremist group may attempt to regenerate in Afghanistan following the botched American withdrawal that allowed the Taliban to regain control of the country.
But the world has changed in the last 20 years. Most notably, technological advances mean that acts of terror no longer need to be kinetic. Cyberattacks against critical infrastructure can potentially do more harm than the 9/11 attacks. While there are uneasy and unofficial norms of acceptable behavior between the West, Russia and China, no such norms apply to the ‘rogue’ states ‒ most notably North Korea and Iran.
And now, perhaps, Afghanistan. We need to consider whether the Taliban is, or will become, a notable cyber threat to the West.
Does the Taliban pose a cyber threat?
The Taliban is not currently a cyber threat. There are two primary reasons. Firstly, aggressive international behavior is not high on its list of priorities. “They must stabilize their own country and establish a level of governance, security and ‘normality’ and consolidate their position as de facto rulers of Afghanistan, albeit through means unpalatable to international observers,” Brian Lord, CEO of cyber security and business intelligence firm Protection Group International (PGI), told SecurityWeek.
This may not be as easy as we believe. Russia tried and failed to control Afghanistan. The U.S. and its allies tried and failed. Why should we assume that the Taliban will automatically be successful? “In a few weeks, we will see how the power struggle that will erupt between stronger tribal leaders and the Taliban is affecting the country,” commented Dirk Schrader, global VP of security research at New Net Technologies (NNT), now part of Netwrix. “For sure it will be a constant source of unrest in parts of Afghanistan.”
There are areas of the country not under Taliban control, while ISIS ‒ an enemy of the Taliban that has killed both Taliban and al-Qaeda people in Afghanistan ‒ is still able to conduct operations in Kabul. Intelligence firm Flashpoint reported, “The ‘Khorasan’ branch of ISIS [the ‘K’ in ISIS-K] remains very active. It has claimed responsibility for at least 105 military operations inside Afghanistan since May 1, 2021.”
Tomi Engdahl says:
Reed Albergotti / Washington Post:
Security researchers say Apple’s bug bounty program is undermined by Apple’s insular culture, confusion about payments, and long delays in fixing bugs — Lack of communication, confusion about payments and long delays have security researchers fed up with Apple’s bug bounty program
https://www.washingtonpost.com/technology/2021/09/09/apple-bug-bounty/
Tomi Engdahl says:
Edward Ongweso Jr / VICE:
Report: since 2004, Microsoft, Amazon, Google, Facebook and Twitter have earned $43.8B in contracts with the Pentagon, mostly in relation to the War on Terror — A team of researchers have published a new report detailing how Amazon, Microsoft, Google, Facebook, and Twitter have profited from the global campaign of violence.
Big Tech Has Made Billions Off the 20-Year War on Terror
https://www.vice.com/en/article/4aveeq/big-tech-has-made-billions-off-the-20-year-war-on-terror
A team of researchers have published a new report detailing how Amazon, Microsoft, Google, Facebook, and Twitter have profited from the global campaign of violence.
Tomi Engdahl says:
https://cybersecurityventures.com/movies-about-cybersecurity-and-hacking/
Tomi Engdahl says:
An Autonomous Weaponized Drone “Hunted Down” Humans Without Command For First Time
https://www.iflscience.com/technology/an-autonomous-weaponized-drone-hunted-down-humans-without-command-for-first-time/
An autonomous drone may have hunted down and attacked humans without input from human commanders, a recent UN report has revealed. As well as being the first time such an attack by artificial intelligence (AI) has taken place on humans, it’s unclear whether the drone may have killed people during the attack which took place in Libya in March 2020.
The report to the UN Security Council states that on March 27, 2020, Libyan Prime Minister Fayez al-Sarraj ordered “Operation PEACE STORM”, which saw unmanned combat aerial vehicles (UCAV) used against Haftar Affiliated Forces. Drones have been used in combat for years, but what made this attack different is that they operated without human input, after the initial attack with other support had taken place.
Tomi Engdahl says:
Top Steps for Ransomware Recovery and Preparation https://threatpost.com/top-steps-ransomware-recovery-preparation/169378/
When it comes to ransomware attacks, it’s no longer a question of if or even when, but how often. A business falls victim to a ransomware attack every 11 seconds, making ransomware the fastest-growing type of cybercrime. Businesses today need to not only think about strategies to prevent ransomware, but how to protect and recover their data should they fall victim to an attack. After all, it’s not just your data that goes down it’s your entire business. The attack on the Scottish Environment Protection Agency (SEPA) is one of many examples of the importance of a proper backup and recovery strategy. SEPA had more than 4, 000 digital files stolen by hackers. Though it had backup systems in place, the agency has been unable to recover all of its data sets. It could take years for it to fully recover. But recovering from a ransomware attack doesn’t have to be so uncertain, nor such a laborious process. With the right strategies in place, businesses can quickly and safely recover from a ransomware attack and get back up and running without significant downtime. Outlined below are the key steps businesses should keep in mind.
Tomi Engdahl says:
What Is Zero Trust? It Depends What You Want to Hear https://www.wired.com/story/what-is-zero-trust/
For years a concept known as “zero trust” has been a go-to cybersecurity catchphrase, so much so that even the notoriously dilatory federal IT apparatus is going all in. But a crucial barrier to widespread adoption of this next-generation security model is mass confusion over what the term actually means. With cyberattacks like phishing, ransomware, and business email compromise at all time highs, though, something’s gotta change, and soon. At its core, zero trust relates to a shift in how organizations conceive of their networks and IT infrastructure. Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other. Your work computer could connect to the printer on your floor, or find team documents on a shared server.
Tools like firewalls and antivirus were set up to view anything outside the organization as bad; everything inside the network didn’t merit much scrutiny.
Tomi Engdahl says:
Is the Taliban a Cyber Threat to the West?
https://www.securityweek.com/taliban-cyber-threat-west
Two decades ago, the U.S. and its allies invaded Afghanistan as retribution for the 9/11 terrorist attacks carried out by the al-Qaeda terror group. The Taliban, who had harbored al-Qaeda in Afghanistan, was forced out of government. Now, 20 years later, the U.S. has left Afghanistan, and the Taliban has returned. U.S. Defense Secretary Lloyd Austin warned this week that the al-Qaeda extremist group may attempt to regenerate in Afghanistan following the botched American withdrawal that allowed the Taliban to regain control of the country.
But the world has changed in the last 20 years. Most notably, technological advances mean that acts of terror no longer need to be kinetic. Cyberattacks against critical infrastructure can potentially do more harm than the 9/11 attacks. While there are uneasy and unofficial norms of acceptable behavior between the West, Russia and China, no such norms apply to the ‘rogue’ states ‒ most notably North Korea and Iran.
And now, perhaps, Afghanistan. We need to consider whether the Taliban is, or will become, a notable cyber threat to the West.
Tomi Engdahl says:
Cybersecurity Seen as Rising Risk for Airlines After 9/11
https://www.securityweek.com/cybersecurity-seen-rising-risk-airlines-after-911
After remaking their security procedures following the 9/11 attacks to stop airline hijackings, carriers are now faced with rising threats targeting computers and electronic equipment critical to their operations and safety.
Since the tragedy 20 years ago on Saturday, airlines and airports have fortified cockpits, barred sharp objects in carry-on luggage and improved technology to detect explosives.
“We are more secure,” said Willie Walsh, director general of the International Air Transport Association.
Many of today’s security risks are now viewed as targeting the networks and hardware planes and airlines rely on.
From the gradual shift to electronic tickets to the management of jet fuel, even more aspects of aviation go through digital channels now than they did two decades ago.
“We must stay ahead of emerging security threats,” Walsh said. “To do this effectively, we need to take a more integrated approach on things like cyber risks, drones, and insider threats.”
New entry points
Beyond new airline security rules mandated by governments worldwide, security experts say potential hijackers face an additional challenge: other passengers.
“Because of 9/11, if you’re sitting in the airplane, and someone jumps up and tries to enter the cockpit, the passengers themselves are going to fight back and prevent that from happening,” said Dan Cutrer, an expert in aviation safety at Embry-Riddle Aeronautical University.