Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Understanding the Cryptocurrency-Ransomware Connection
https://www.securityweek.com/understanding-cryptocurrency-ransomware-connection
Unfortunately for the law-abiding of the world, ransomware is an idea that caught on immediately and never lost steam. In fact, it’s grown to the point that it now contributes to a thriving cybercrime business, often targeting large sectors, including education, finance, healthcare, the legal sector, and manufacturing. According to Fortinet research, by the end of 2020, there were as many as 17,200 devices reporting ransomware each day.
Ransomware was widespread long before cryptocurrency came along, but in recent years, both have skyrocketed in tandem. Because cryptocurrency is difficult to trace, cybercriminals have rapidly switched to it as their preferred method for ransom payments. In fact, DarkSide, the group behind the high-profile attack on Colonial Pipeline, purportedly raked in $90 million in Bitcoin ransom payments before shutting down in May.
So, why is this happening? And what do you need to know? Read on.
The appeal of cryptocurrency
For bad actors extorting money from victim organizations via ransomware, they typically had to rely in the past on wire transfer services or other forms of payment using regular currency. While these got the job done, they also came with a paper trail – a very traceable paper trail, in most cases. And that made it easy for the FBI to track the bad actors down.
Meanwhile, cryptocurrency has surged in value in the past couple of years, and new currencies continue to be launched – though Bitcoin and Dogecoin continue to lead the pack. Bitcoin, in particular, soared to new highs during the pandemic, breaking through to an all-time high of more than $64,000 in the second quarter of 2021.
This popularity extends to cybercriminals. These days, almost all ransomware attackers demand payments via some form of cryptocurrency, which makes it a lot harder to identify who the actual person behind the keyboard is and it doesn’t leave the same kind of paper trail. It’s also faster – payments can be made almost instantly. For bad actors, this kind of convenience is a no-brainer.
Cryptocurrency also makes it easier to diversify across payment platforms and demand payments in several smaller amounts paid out to different digital wallets, which again all goes back to making it hard for law enforcement to trace.
More options, more bad actors
Another big trend within this parallel rise is the growth in variety. Back when bad actors relied on wire transfers and left lengthy paper trails behind, there weren’t as many of them. There were just a handful of ransomware operators and just a few “flavors” of ransomware. These days, there are more varieties of ransomware and far more criminal operators, especially when it comes to affiliate programs. Even novice attackers can be successful today by buying Ransomware-as-a-Service (RaaS) and other kit-like tools, which have lowered the bar to entry. At the same time, there’s been a shift toward “VIP” programs or the use of hand-selected partners to commit these major, seven-figure attacks. While it used to be there were hundreds or thousands of affiliates to partner with, now bad actors are being a little pickier for their large targets and ransom demands.
Concurrently, there are new cryptocurrencies being added to the marketplace regularly. While Bitcoin, Dogecoin and Ethereum are probably the three we hear of most often, they’re far from the only options in an increasingly crowded space. As of May 2021, there were more than 10,000 different cryptocurrencies available. That’s a whole lot of options for bad actors looking to fly under the radar when collecting ransom payments.
Putting the brakes on crypto-tied ransomware plots
The cryptocurrency market has certainly seen its ups and downs in the past year, but it doesn’t show any sign of slowing down completely. And the rise of NFTs (non-fungible tokens) goes along with this. Likewise, ransomware shows no signs of stopping. Whether it’s Kaseya, JBS, Colonial Pipeline or the hundreds of incidents that don’t make international headlines each year, ransomware is huge business – and it’s increasingly organized.
How can organizations fight ransomware? The best solution is always prevention. Here are three tactics toward that goal:
Cyber hygiene must be part of board-level conversations, as should training and risk management. Attackers often target high-value assets at organizations, as they have greater access to the network. Those in leadership must be trained to spot malicious tactics and ensure all other employees are trained, too.
Ransomware mitigation strategies must be put in place. These include zero-trust access (ZTA), regular data back-ups to an offsite location, data encryption and immediate patching of vulnerabilities.
Collaboration must be prioritized. More data ensures more effective responses, so share with all internal and external stakeholders, including law enforcement. Sharing intelligence with law enforcement and other global security organizations is the only way to effectively take down cybercrime groups.
Tomi Engdahl says:
Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent
https://www.securityweek.com/hacking-hire-three-ways-recruit-and-retain-cyber-talent
Finding the right fit for your security team remains a daunting and somewhat challenging task in today’s world. There’s a well-documented shortage of talent across the cybersecurity industry dating back several years. The COVID-19 pandemic and the challenges it brought have made matters worse.
Recent reports and surveys don’t paint a pretty picture.
ESG and ISSA’s fifth annual research report, The Life and Times of Cybersecurity Professionals 2021, said “the cybersecurity skills crisis continues on a downward, multi-year trend of bad to worse and has impacted more than half of organizations.” Nearly everyone surveyed (95%) agreed that the gap hasn’t improved over the past several years; 44% say it’s only gotten worse.
In the federal sector, a recent Partnership for Public Service report (PDF) found the number of full-time cyber employees only increased by 8% from September 2016 to September 2020. Many agencies still struggle with retaining a cyber workforce that actually looks like the American public; few are female, few are under 30.
While the availability of some resources, like the Cyber Aptitude and Talent Assessment (CATA), seems poised to help, it won’t be a silver bullet. Organizations still need to take steps to train and retain cybersecurity talent. With that in mind, what are the best practices for finding the right fit for your security team? If your company is bleeding talent, what strategies can you employ to help ensure cyber talent retention?
For many organizations, it depends on the type of position you’re looking to fill. These days, there’s an extremely wide range of roles from security analysts, to incident responders, threat hunters, malware reverse engineers, architects, and so on. Your first objective is to identify the specific positions you want to fill, detailing all the responsibilities that’ll be required of them. Larger organizations may have the luxury of hiring for each of these specific roles but a lot of times you may end up having to hire someone able to wear a bunch of those hats. In short, when it comes to hiring the right employee, knowing the role you’re looking to fill is critical.
Identify Talent from the Inside
The first place an organization can look is internally. Having someone that’s already familiar with the corporate network, culture, and the people can be a major benefit. Then you can focus on building up their skills through a range of online training and encouraging them to acquire various cybersecurity certifications, which can pay long-term dividends. I’ve found some of the best security folks right within adjacent internal IT audit organizations. Instead of having them question you about your IT controls, have them join you!
Tomi Engdahl says:
Mark Suster / Both Sides of the Table:
A look at the state of the VC industry: from over-paying in the face of absurd valuations, to big bets on decentralized “Web 3.0” apps, cybersecurity, and more — The world around us is being disrupted by the acceleration of technology into more industries and more consumer applications.
The Changing Venture Landscape
https://bothsidesofthetable.com/the-changing-venture-landscape-6b655c68e631
Tomi Engdahl says:
Simon Parkin / The Guardian:
How FBI and Australian police built and marketed the An0m chat service for criminals, which cost $1,700 for a handset and $1,250 for an annual subscription — Billed as the most secure phone on the planet, An0m became a viral sensation in the underworld. There was just one problem …
‘Every message was copied to the police’: the inside story of the most daring surveillance sting in history
https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history
Billed as the most secure phone on the planet, An0m became a viral sensation in the underworld. There was just one problem for anyone using it for criminal means: it was run by the police
Simon Parkin
Simon Parkin
Sat 11 Sep 2021 10.00 BST
An0m, as it was called, looked like any off-the-shelf smartphone, a polished pebble of black glass and aluminium. The device had been modified to remove many of its core functions. An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.
Advertisement
Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone’s calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled.
Users’ confidence in An0m was, it seemed, bolstered by some novel functionality included on every device. In the past, phones marketed to hyper security-conscious users were sold with the option to remotely wipe the device’s data. This would enable, say, a smuggler to destroy evidence even after it had been collected. To counter the ploy, police investigators had started to use Faraday bags – containers lined with metal that would prevent a phone from sending and receiving a kill signal. The An0m phone came with an ingenious workaround: users could set an option to wipe the phone’s data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker’s voice.
Big Bang’s targets’ alleged crimes ranged from drug trafficking to attempted murder. What they had in common was their choice of texting app
An0m was marketed and sold not so much to the security conscious as the security paranoid; its embedded suite of anonymising digital tools went far beyond the requirements of the average user. According to Australian police, it was the ideal telecommunications channel to arrange the safe passage of A$64m of cocaine across the world. An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 – 19.37m of them – had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.
On 7 June 2021, more than 800 arrests were made around the world, all of people who had in some way fallen under suspicion thanks to a treacherous device that sent information into the hands of the AFP. In Belgium, two weeks later, the divers did not have to hunt for the sacks of cocaine for long; they already knew precisely where to look.
Operation Ironside (or Operation Trojan Shield, as it was known in North America and elsewhere) was the largest coordinated law enforcement effort in Australian history. Commander Richard Chin, head of transnational operations in the AFP, had taken to calling 7 June, the day when their work would be realised in a series of searches and arrests involving 4,000 Australian officers, “Big Bang”. If all went to plan, it would be a moment with the potential to reshape the criminal world.
The scheme was seeded 10 years earlier, in Vancouver. There, in 2008, Vincent Ramos, a young entrepreneur who started out as a bathtub salesman before progressing to smartphones, founded Phantom Secure, a telecoms company that promised users absolute privacy. It was a prescient selling point. After years in which data has been endlessly mined, the idea that users of technology now want to avoid online surveillance is widespread in Silicon Valley; Mark Zuckerberg, founder of Facebook, recently pronounced: “The future is private.” In 2008, however, both the sentiment and the technology that enabled secure communication were niche concerns.
In contrast to An0m’s bespoke technology, Phantom Secure’s phones were off-the-shelf BlackBerries modified to remove the camera, microphone and GPS tracking software, and installed with a remote-wipe feature. Every message sent from one device to another was encrypted and routed through servers in Panama and Hong Kong. To build word-of-mouth interest in his new product, Ramos offered free devices to high-profile “influencers” – rappers and athletes for whom privacy was a primary concern. For paying customers, the seemingly basic functionality came at an exorbitant cost: according to court documents, a Phantom Secure phone and subscription could set you back as much as $2,000 for a six-month contract. It was a fair price to pay, Ramos assured prospective clients, for total discretion.
To launch a desirable encrypted phone, the AFP and FBI not only needed to think like a tech startup, they had to become a tech startup
On the company’s website, Phantom Secure phones were marketed to the “sophisticated executive”. While it was company policy not to collect the names of clients, Ramos soon became aware that his customers were not, in fact, legitimate businessmen, but criminals drawn by the promise of a means to communicate with one another beyond the reach of law enforcement. Ramos made no checks on his clientele. He did not believe it was his responsibility to moderate how his phones were being used. He was a mere humble salesman of aftermarket BlackBerries – albeit one who drove a Lamborghini, owned properties in Las Vegas and Canada, and had a net worth of $10m.
An0m needed to be used and tested, then very slowly, like any other brand, it could take market share
To launch a desirable encrypted phone product, the AFP and FBI not only needed to think like a tech startup, they effectively had to become a tech startup (it remains unclear which of the international agencies took the leading role in masterminding and developing the operation). The aim was to create word-of-mouth, albeit within a single, highly specific demographic. This required the marketing of exclusivity: a downplaying of public presence to create an aura of discretion and selectness. “We positioned ourselves as a small, bespoke brand coming into the organised crime marketplace,” says Chin. The aim was to assure prospective clients of the product’s “security, privacy and anonymity”.
The An0m application and the bespoke operating system on which it was run, called ArcaneOS, according to a Vice report (the AFP would not confirm this detail and the FBI declined to comment), was provided by a former distributor of the Phantom Secure phones, whom the FBI recruited in 2018 in exchange for the possibility of a reduced sentence. The confidential source was paid $180,000 by the FBI in salary and expenses, and built “a master key” that, the FBI explained in court documents, “surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted”. Every message sent via An0m was effectively BCC’d to the police.
To gain the trust of criminal networks, the AFP introduced a pilot scheme: in October 2018, agents passed 50 An0m devices to three trusted distributors in Australia. The plan was that these distributors, believing An0m to be the next generation of Phantom Secure, would vouch for the device’s security and begin selling them to organised criminal gangs. “An0m needed to be used and tested, shown to have useful functionality, then very slowly, like any other brand, it could take market share by building a network of people who like using it,” says Chin.
The AFP began a grassroots marketing campaign, identifying so-called influencers – “well-known crime figures who wield significant power and influence over other criminal associates”, according to a US indictment – within criminal subcultures. They could raise the profile of the An0m devices, in much the same way that brands collaborate with popular figures on social networks to increase awareness of their products.
As soon as An0m devices were in the wild, the AFP began to receive and decipher messages sent via the app. “On a daily basis, we were receiving messages about drug distribution, drug importation into Australia and elsewhere,” says Chin. Some users felt so confident in its security that, in many cases, they dispensed with all euphemisms, naming specific drugs and weight measurements. “If they were talking about money, they’d describe the exact amounts. These were not coded conversations, they were black and white,” says the AFP’s assistant commissioner, Nigel Ryan.
An0m’s success in Australia was soon replicated overseas, with distributors in Spain, Turkey, the Netherlands, Finland, Mexico and Thailand, as well as, allegedly, at least one British citizen, James Flood, believed to be living in Spain. Soon there were as many An0m phone users in Germany, Spain and the Netherlands as there were in Australia. As An0m’s reach expanded to 12,000 devices in more than 90 countries, the operation’s net was forced to expand accordingly.
Tomi Engdahl says:
How 9/11 Changed Skyscraper Design – Cheddar Explains
https://www.youtube.com/watch?v=4eE8d94qGPo
Tomi Engdahl says:
How To Minimize Cybersecurity Risks on Business Travels https://quointelligence.eu/2021/09/travel-risk-security-for-business-travels/
Business travelers face a unique risk of being targeted by cybercriminals. Not only do they carry multiple devices like business phone, private phone, laptop, tablet. They also they find themselves in unfamiliar places, away from the security of their company’s infrastructure, information technology, and potentially exposed to security threats. This article collects our most valuable tips for your organization’s travel security model. We summarize how to keep yourself and your devices secure.
Tomi Engdahl says:
Incident response analyst report 2020
https://securelist.com/incident-response-analyst-report-2020/104080/
The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need:
incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams. In 2020, the pandemic forced companies to restructure their information security practices, accommodating a work-from-home (WFH) approach. Although key trends in terms of threats have stayed the same, our service approach moved to a near-complete 97% of all cases remote delivery.
Tomi Engdahl says:
This is how a cybersecurity researcher accidentally broke Apple Shortcuts
https://www.zdnet.com/article/this-is-how-a-cybersecurity-researcher-accidentally-broke-apple-shortcuts/#ftag=RSSbaffb68
A Detectify researcher has explained how an investigation into Apple CloudKit led to the accidental downtime of Shortcuts functionality for users. In March, Apple users began to report error messages when they attempted to open shared shortcuts. As noted by 9to5Mac, this bizarre issue was of particular concern to content creators who shared shortcuts with their followers via iCloud, who suddenly found their links were broken. . Reports began to surface on March 24, and a day later, the iPad and iPhone maker told MacStories editor-in-chief Federico Viticci that the company was “working to restore previously shared shortcuts as quickly as possible.”. According to Detectify Knowledge Advisor and bug bounty hunter Frans Rosén, the root cause of the issue was a misconfiguration flaw he accidentally stumbled upon — and triggered — in Apple CloudKit.
Tomi Engdahl says:
SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs
https://www.securityweek.com/ssid-stripping-new-method-tricking-users-connecting-rogue-aps
A team of researchers has identified what appears to be a new method that malicious actors could use to trick users into connecting to their wireless access points (APs).
The method, dubbed SSID Stripping, was disclosed on Monday by AirEye, which specializes in wireless security. It was discovered in collaboration with researchers at the Technion – Israel Institute of Technology.
According to the researchers, SSID Stripping affects devices running Windows, macOS, Ubuntu, Android and iOS. They showed how an attacker could manipulate the name of a wireless network, specifically the SSID (Service Set Identifier), so that it’s displayed to the user with the name of a legitimate network.
They were able to generate three types of what they describe as “display errors.” One of them involves inserting a NULL byte into the SSID, causing Apple devices to display only the part of the name that is before this byte. On Windows devices, the attacker could use “new line” characters to achieve the same effect.
Another type of display error — these appear to be the most common — can be triggered using non-printable characters. An attacker can add special characters to the SSID that will be included in the name, but will not actually be displayed to the user.
“For example, the network name ‘aireye_x1cnetwork’ (with x1c representing a byte with the value 0x1C hex), is displayed exactly the same as ‘aireye_network’,” the researchers explained.
The SSID Stripping Vulnerability: When You Don’t See What You Get
https://aireye.tech/2021/09/13/the-ssid-stripping-vulnerability-when-you-dont-see-what-you-get/
AirEye’s research team in collaboration with the Computer Science faculty at the Technion – Israel Institute of Technology have found a vulnerability, dubbed SSID Stripping, which causes a network name – aka SSID – to appear differently in the device’s “List of Networks” than its actual network name.
The significance? Unsuspecting users may connect to an attacker-controlled network they did not intend to connect to.
The SSID Stripping vulnerability affects all major software platforms – Microsoft Windows, Apple iOS and macOS, Android and Ubuntu.
Tomi Engdahl says:
CISOs Faced With Friction, Resistance From Remote Workers Over Security Controls
https://www.securityweek.com/cisos-faced-friction-resistance-remote-workers-over-security-controls
The sudden and forced migration of staff from office working to home working caused by the COVID pandemic is often touted as a success. This is true. It was a logistical success. But the cybersecurity ramifications are only just unfolding; and they need to be tackled.
The cyberthreat to working from home is well understood. Security teams are suddenly faced with hundreds and often thousands of new endpoints that are beyond the protection of the office system, and outside the reach of their visibility.
While there are technological answers to this problem, new research from HP Wolf Security indicates that implementing those solutions may suffer from the resurgence of an old problem: user resistance. By combining the results from two separate surveys and research from KuppingerCole, HP Wolf Security concludes that securing work from home suffers from friction between staff and security teams, and security teams and senior management.
Tomi Engdahl says:
John Arquilla on the New Challenge of Cyberwarfare
https://thediplomat.com/2021/09/john-arquilla-on-the-new-challenge-of-cyberwarfare/
“The United States is the world’s most imbalanced cyber power. We have terrific offensive capabilities but terrible defenses.”
As we move into the era of 5G networks and the Internet of Things, the challenges of keeping online systems safe and secure is growing ever-more daunting. In parallel, the question of cyberwar is looming larger and larger.
But this is not a new problem. John Arquilla, distinguished professor of defense analysis at the United States Naval Postgraduate School, originally coined the term “cyberwar” over 20 years ago and remains one of the world’s leading experts on the threats posed by cyber technologies to national security. His recent book, “Bitskrieg: The New Challenge of Cyberwarfare” discusses the state of cyberattacks and cybersecurity – and he finds the U.S. critically underprepared for the age of cyberwarfare.
In this interview, Arquilla discusses the future of cyberwar, the potential for cyber arms control, and how best to respond to cyberattacks.
Tomi Engdahl says:
How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool https://www.recordedfuture.com/detect-cobalt-strike-inside-look/
Throughout history there are many examples of inventions created with good intentions (and maybe still are used for the right purposes) but when in the wrong hands, are used for something more malicious than their original intent. The commercially available adversary emulation software called Cobalt Strike is a perfect example. It was created in
2012 with the intention of aiding pentesters and red teams. Its purpose was to help these teams become more advanced in their work to conduct intrusions where they were allowed to carry out an authorized cyber attack on their company or in a consultative role. It quickly gained popularity in the community because of its full suite of functionality from payloads and exploitation to command & control.
This allowed (and still allows) red teams to conduct an incredibly advanced and wide-ranging attack scenario that wasn’t possibleor as easyprior to Cobalt Strike. To take a deeper look at the features and the various ways that detecting Cobalt Strike is possible even with the embedded advanced evasion features, the Recorded Future Insikt Group purchased Cobalt Strike and tried to detect it themselves. They found that using full-spectrum detection techniques, there are actually multiple ways and times to detect Cobalt Strike.
Tomi Engdahl says:
OWASP Top 10 ranking has a new leader after ten years https://therecord.media/owasp-top-10-ranking-has-a-new-leader-after-ten-years/
The OWASP Top 10, a list of the most dangerous web vulnerabilities, has been updated after four years, and, after more than a decade, there is a new vulnerability at the top of the ranking. New Top 3:
Broken Access Control, Cryptographic Failures, Injection.
Tomi Engdahl says:
Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole
https://www.securityweek.com/patch-tuesday-microsoft-plugs-exploited-mshtml-zero-day-hole
Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.
The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office documents.
Microsoft did not provide additional details of the live attacks or any indicators of compromise to help defenders hunt for signs of malicious activity. However, there are enough clues in the attribution section of Microsoft’s bulletin to suggest this is the work of nation-state APT actors.
Tomi Engdahl says:
Apple Security Flaw: How do ‘Zero-Click’ Attacks Work?
https://www.securityweek.com/apple-security-flaw-how-do-zero-click-attacks-work
Apple has spent the past week rushing to develop a fix for a major security flaw which allows spyware to be downloaded on an iPhone or iPad without the owner even clicking a button. But how do such “zero-click” attacks work, and can they be stopped?
What is a ‘zero-click’ hack?
Spying software has traditionally relied on convincing the targeted person to click on a booby-trapped link or file in order to install itself on their phone, tablet or computer.
“Zero-click takes that threat to the next level,” said John Scott-Railton, senior researcher at Citizen Lab, the Toronto University cybersecurity centre which discovered the Apple flaw.
With a zero-click attack, the software can sneak its way onto the device without the person needing to be fooled into clicking on the link.
That grants would-be spies much easier access, not least in an era when people have grown increasingly wary of clicking on suspicious-looking messages.
In this case, the malware exploited a hole in Apple’s iMessage software to stealthily install Pegasus, a hugely invasive piece of software that essentially turns a phone into a pocket listening device.
Allegations that the software has been used by governments worldwide to eavesdrop on human rights activists, business executives and politicians sparked a global scandal in July.
Will I know if my phone is infected?
A simple answer: “No,” said Scott-Railton.
“There’s nothing you can do as a user to protect yourself from infection, and nothing you’re going to see when you’re infected,” he told AFP.
Tomi Engdahl says:
Now LIVE: SecurityWeek’s 2021 CISO Forum, Presented by Cisco (Virtual Event)
https://www.securityweek.com/now-live-securityweeks-2021-ciso-forum-presented-cisco-virtual-event
Tomi Engdahl says:
Opinion: We’re sleepwalking toward a cyber 9/11
https://www.washingtonpost.com/opinions/2021/09/14/were-sleepwalking-toward-cyber-911/?utm_source=feedly&utm_medium=referral&utm_campaign=wp_opinions
In early February, an unknown hacker or team of hackers remotely accessed the software that manages the water supply in Oldsmar, Fla. They attempted to inject huge amounts of lye into the municipal water, which could have lethally poisoned thousands of people. That attempted attack was thwarted due to sheer luck: An engineer happened to notice the mouse cursor of his computer moving across the screen seemingly of its own accord and took action before it was too late. Disaster was narrowly averted. The attack was likely not a random prank: Oldsmar is located just outside Tampa, where the Super Bowl was being held that week.
Because the attack was foiled and nobody was hurt, few people have heard about it. It was a blip in the news cycle. But the botched Oldsmar attack should have been much more of a wake-up call.
There is a ticking time bomb that we’ve embedded within our daily lives, from our water supply to Internet-connected thermostats, to WiFi-enabled tea kettles.
In a recent interview for my podcast, cybersecurity consultant Ken Munro told me about the extremely lax security around various Internet of Things devices, from dolls and sex toys to Internet-connected suitcases. Hacking these devices, Munro said, is often “off-the-scale easy and requires no technical skill at all.” In other words, the devices functionally have zero security. The products have been designed to connect to the Internet with no serious thought about how to secure that digital traffic.
Stories about these vulnerabilities have gained prominence when researchers have warned that hackers could, for example, speak to a child through their Internet-connected doll. But the larger threat to society, Munro argued, is when the centralized systems that manage Internet of Things devices are targeted.
“So, if I was to target a particularly hot area at the time of peak load and tell all the thermostats pushing your A/C across multiple properties to turn off and on at the same time, you create spikes on the power grid,”
“we’ve inadvertently built weapons” all around us.
Your seemingly harmless tea kettle, once connected to the Internet, could be used to help trigger a widespread blackout that kills people.
Unfortunately, nation-states aren’t the only possible perpetrators of a devastating cyberattack. Freelance hackers or organized digital crime groups that have loose links to governments are also eager to wreak havoc where they can.
Security vulnerabilities have long been part of the digital technology debate. But Internet of Things devices are more problematic because people rarely download “patches,” or software fixes, when vulnerabilities get discovered. Your iPhone prompts you to download security updates, but how many people regularly update their tea kettle or their thermostat?
Similarly, while computers and phones are usually replaced every few years — which automatically means a security upgrade — many Internet of Things devices last for a decade or more, ensuring that any security they once had becomes obsolete.
Government plays a key role in regulating product safety and protecting national security. And yet much of the world of the Internet of Things is still a digital Wild West. One regulatory law was signed late last year, but the legislation doesn’t go nearly far enough. Months after it was signed into law, the municipal water supply in Oldsmar was still being managed by Windows 7, software released in 2009 that is no longer supported by Microsoft.
Twenty years ago, counterterrorism experts were issuing dire warnings about the threat posed by groups such as al-Qaeda. They were largely ignored. Today, digital experts are issuing dire warnings and are being largely ignored. We would be wise to take action now and avoid making the same mistake twice, so we’re not forced to commemorate another devastating, but avoidable, attack.
Tomi Engdahl says:
When Cyber War Becomes War
https://www.forbes.com/sites/emilsayegh/2021/09/15/when-cyber-war-becomes-war/?sh=508388666186
In the last several months alone, the impact of targeted cyberattacks resulted in critical gut punches to the nation. SolarWinds, the meat processing giant JBS, and the software platform known as Kaseya are examples of companies that faced attacks that compromised and crippled critical services such as fuel and food in parts of the United States. The Colonial Pipeline hack shut down the eastern seaboard for about a week, while the JBS meatpacking plant hack shut down a key ingredient of our food supply.
These attacks could have simply been disastrous had they lasted longer, or been more distributed across the U.S. The threat of cyberattacks has been a looming presence in computing for longer than most people are willing to admit. What many failed to realize, however, is that despite significant efforts to secure and protect their organizations, this cyber battlefield has accelerated on several technical fronts. What has happened in the last several months should not shock.
● Poor architectures
● Poor awareness of risks
● Legacy IT systems
● Security gaps
● Software supply chain vulnerabilities
● Cheaper, more available means of cyberattack
● State-sponsorship of cybercrime
The list goes on. And as the world sheltered during the COVID-19 crisis a year ago, criminal cyber-plotting hit an entirely new level. For years, cybercriminals have stepped up their efforts against hospitals, city governments, law enforcement, and beyond but ransomware is in the news every day now, and the stakes are higher than ever. Even the ransom amounts speak to how devastating these attacks can be. Just a decade ago, ransomware demands were a few hundred bucks and the sort of blight that affected individual users, not organizations or entire countries.
Modern War is Cyber War
The situation is tantamount to a prelude to a war, and it is difficult to envision a real life “shooting war” without a cyberattack that precedes it or accompanies it.
What we are facing are well-organized criminals with ties to foreign intelligence agencies, with massive leverage, time, and deep technical knowledge. The scenario of cyberattacks escalating to actual warfare is highly likely as cyber weapons are now viable tools of war that cripple a nation’s power supply, power grid, and food supplies without a single bullet being fired. Lives and livelihoods are the eventual casualty of future cyberattacks. Would a sustained attack on the IRS or a complete outage of the banking system or a shutdown of the stock exchanges be enough to prompt a conventional or even a nuclear war? Where is the line drawn and where does the leap happen?
Those are questions we should probably all agree on because of the ramifications of loss that go along with these decisions.
None of us want to be the weak link in our efforts to suppress the rampant and vicious cybercrime. These sorts of cyber threats have always been around, and they always will be. It is up to the organizations themselves to accept responsibilities of their actions, of targeted spending and of building out well-advised operations. It is more critical than ever to readily identify threats, to secure resources wherever they may exist, to protect data when it is delivered to partners and customers, to be prepared to safely recover when things go wrong and to assure operations remain intact under any challenge. Let’s do our part, as a cyberwar can become a shooting war, and a shooting war almost never ends well.
Tomi Engdahl says:
Microsoft accounts can go passwordless, making “password123″ a thing of the past https://arstechnica.com/gadgets/2021/09/starting-today-you-can-remove-your-password-from-your-microsoft-account/
Microsoft has been working to make passwordless sign-in for Windows and Microsoft accounts a reality for years now, and today those efforts come to fruition: The Verge reports that starting today, users can completely remove their passwords from their Microsoft accounts and opt to rely on Microsoft Authenticator or some other form of verification to sign in on new devices. Microsoft added passwordless login support for work and school accounts back in March, but this is the first time the feature has been offered for regular, old individual Microsoft accounts. Passwordless accounts improve security by taking passwords out of the equation entirely, making it impossible to get any kind of access to your full account information without access to whatever you use to verify your identity for two-factor authentication. Even if you protect your Microsoft account with two-factor authentication, an attacker who knows your Microsoft account password could still try that password on other sites to see if you’ve reused it anywhere. And some forms of two-factor authentication, particularly SMS-based 2FA, have security problems of their own. Additional source:
https://www.zdnet.com/article/microsoft-just-took-another-big-step-towards-getting-rid-of-passwords-forever/
Tomi Engdahl says:
Regular Users Can Now Remove Password From Their Microsoft Account
https://www.securityweek.com/regular-users-can-now-remove-password-their-microsoft-account
Microsoft on Wednesday informed owners of consumer accounts that they can now go completely passwordless and rely on other, more secure authentication methods.
Users with existing Microsoft accounts can delete their password from the account, and new accounts can be created without a password. Users will be able to rely on Microsoft’s Authenticator app, Windows Hello, physical security keys, or phone/email verification codes to sign in to services such as Outlook, OneDrive and Family Safety.
Users who want to go passwordless need to access the Advanced Security Options menu in their account and select Passwordless Account to remove their password. However, they need to ensure that another authentication method is linked to the account before removing the password.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2021/09/15/cyber-security-nordic-siirtyy-tammikuulle/
Tomi Engdahl says:
The Ongoing Reciprocal Relationship Between APTs and Cybercriminals
https://www.securityweek.com/ongoing-reciprocal-relationship-between-apts-and-cybercriminals
The two main villains of the cyber security world are the nation state-backed Advance Persistent Threats (APTs) and cybercriminals, with their comprehensive infrastructure and circles known as the dark web. Both threat actors are independent, each with its own goals, actors and methods. However, over the years there has been quite a lot of cross-pollination between the two.
Since entering the spotlight, APTs have been using tools commonly sold on the dark web. Specifically, Remote Access Trojans (RATs) such as Poison Ivy, have been found in many APT incidents. This was common enough that many people have contested the term “APT” itself, as RATs were not considered “Advanced” (in reality, the “Advanced” in APT refers to the infrastructure behind the threat actor, i.e. a nation state). The use of various cybercriminal tools available on the Dark Web has been consistent throughout the years in APT cases where data exfiltration has been the goal.
Cybercriminals, on the other hand, also took a page out of the APT book. Fraudsters have always targeted the customers of financial institutions as they were considered the weakest link. Instead of trying to gain access to the secure networks of banks, they would instead use Phishing attacks to compromise their victims. Other organizations have been victimized by criminals hacking into their systems, such as e-commerce websites, in order to steal credentials, but breaching a bank’s systems was considered such an unattainable goal, that the vast majority of criminals would not attempt it.
At some point, though, criminals realized that if APTs have immense success in accessing organizations’ networks using their tools, they can do it themselves. Some criminal threat actors have adopted APT tactics, using Spear Phishing to send out malware-infected attachments, which was used to gain them access to banks’ IT systems. According to cybersecurity company Group-IB, a group named Cobalt used access to banking systems to remotely infect ATMs with malware, in what is known a Jackpotting attack.
Tomi Engdahl says:
How Threat Response is Evolving
https://www.securityweek.com/how-threat-response-evolving
Tomi Engdahl says:
UN Urges Moratorium on AI Tech That Threatens Rights
https://www.securityweek.com/un-urges-moratorium-ai-tech-threatens-rights
The UN called Wednesday for a moratorium on artificial intelligence systems like facial recognition technology that threaten human rights until “guardrails” are in place against violations.
UN High Commissioner for Human Rights Michelle Bachelet warned that “AI technologies can have negative, even catastrophic effects if they are used without sufficient regard to how they affect people’s human rights.”
She called for assessments of how great a risk various AI technologies pose to things like rights to privacy and freedom of movement and of expression.
She said countries should ban or heavily regulate the ones that pose the greatest threats.
But while such assessments are under way, she said that “states should place moratoriums on the use of potentially high-risk technology”.
Presenting a fresh report on the issue, she pointed to the use of profiling and automated decision-making technologies.
She acknowledged that “the power of AI to serve people is undeniable.”
“But so is AI’s ability to feed human rights violations at an enormous scale with virtually no visibility,” she said.
“Action is needed now to put human rights guardrails on the use of AI, for the good of all of us.”
Tomi Engdahl says:
Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021
https://www.securityweek.com/kaspersky-received-105-government-law-enforcement-requests-h1-2021
Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021.
During the first half of 2021, the Russian cybersecurity firm received 105 requests from law enforcement and government organizations in 17 countries. Russia made the highest number of requests, at 49 (14 for user data and 35 for technical expertise), followed by South Korea with 12 and Japan with 10.
The company rejected 40% of those requests “due to an absence of data or not meeting legal verification requirements.” Furthermore, Kaspersky says, 89 of those requests were for non-personal technical information and expertise.
In 2020, the company received a total of 160 requests from authorities in 15 countries. Once again, Russia made the highest number of requests, at 93 (27 for user data and 66 for technical expertise), followed by South Korea with 23, and France and Japan with 11 each.
Of the total number of received requests, 28 were for user data and all were rejected. The remaining 132 requests were for non-personal technical information and expertise, the company reveals in its report.
Tomi Engdahl says:
Google Helps OSTIF Boost Security of Open Source Projects
https://www.securityweek.com/google-helps-ostif-boost-security-open-source-projects
Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.
The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open source environment.
A total of eight projects will benefit from Google’s contribution, including Git, the version control software in modern DevOps, considered the second-most critical application in C; Lodash, a JavaScript utility library that has more than 200 functions to help web development; and Laravel, a php web application framework used in full-stack web applications.
The remaining projects include Slf4j, a logging facade for Java logging frameworks; Jackson-core & Jackson-databind, which are considered the most-used non-JavaScript packages; and Httpcomponents-core & Httpcomponents-client, which are the core and client components of Apache httpcomponents.
“This marks a major success in bringing on large corporate donors to support OSTIF’s model of improving open source software through security reviews and source code audits. A focused, well-scoped review by an experienced team can drive significant and long-lasting improvements in widely used projects,” according to an OSTIF statement.
Post published:September 15, 2021
Post category:Audits / News / Security
Announcement:
Google is partnering with Open Source Technology Improvement Fund, Inc to sponsor security reviews of critical open source software.
https://ostif.org/google-is-partnering-with-open-source-technology-improvement-fund-inc-to-sponsor-security-reviews-of-critical-open-source-software/
Tomi Engdahl says:
Mitigating malware and ransomware attacks https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
The guidance document helps private and public sector organisations deal with the effects of malware (which includes ransomware). It provides actions to help organisations prevent a malware infection, and also steps to take if you’re already infected.
Tomi Engdahl says:
Jyväskylän ammattikorkeakoulun virtuaalisairaalassa harjoitellaan terveydenhuoltoalan toimijoiden kyberturvallisuusvalmiutta https://www.epressi.com/tiedotteet/terveys/jyvaskylan-ammattikorkeakoulun-virtuaalisairaalassa-harjoitellaan-terveydenhuoltoalan-toimijoiden-kyberturvallisuusvalmiutta.html
Terveydenhuollon työn luonne tekee alasta äärimmäisen herkän palveluiden häiriöille. Sairaalan tietojärjestelmiin tai tietoliikenneverkkoon kohdistuneen hyökkäyksen vuoksi toimenpiteet voivat viivästyä tai pysähtyä vaikuttaen haitallisesti potilasturvallisuuteen. Terveydenhuollon kansallisia toimijoita ja sairaanhoitopiirejä kokoontuu 21. – 23.9. Jyväskylän ammattikorkeakouluun harjoittelemaan ja kehittämään kyberturvallisuusvalmiuttaan Healthcare Cyber Range -hankkeen pilottiharjoitukseen.
Tomi Engdahl says:
Researchers compile list of vulnerabilities abused by ransomware gangs https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/
Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims’ networks. All this started with a call to action made by Allan Liska, a member of Recorded Future’s CSIRT, on Twitter over the weekend. Since then, with the help of several other contributors that joined his efforts, the list quickly grew to include security flaws found in products from over a dozen different software and hardware vendors.
Tomi Engdahl says:
Poliisi tehostaa verkkoavusteisten petosrikosten torjuntaa ja tutkintaa https://poliisi.fi/-/pankkien-nimissa-tehdyt-petokset-jatkuvat-poliisi-tehostaa-verkkoavusteisten-petosrikosten-torjuntaa-ja-tutkintaa
Poliisi on havainnut kevään ja kesän 2021 aikana tietoverkkoavusteisen petosrikoskokonaisuuden, jossa verkkorikolliset kalastelevat verkkopankkitunnuksia väärinkäytöksiä varten. Petosrikollisuuteen puuttumiseksi poliisissa on perustettu valtakunnallinen tutkintaryhmä.
Tomi Engdahl says:
$133 million lost in online romance scams in 2021: FBI https://www.zdnet.com/article/133-million-lost-in-online-romance-scams-in-2021-fbi/
The FBI said this week that thousands of people had filed complaints about online romance scams that resulted in losses totaling about $133 million. In a release, the FBI explained that from January 1 to July 31, the FBI Internet Crime Complaint Center received more than 1, 800 complaints about romance scams where victims were coerced into sending money digitally or trading cryptocurrency for another person.
Tomi Engdahl says:
An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/
A U.S. company’s tech was abused by the Indian government, amidst warnings Americans are contributing to a spyware industry already under fire for being out of control. Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan. They began in June 2020 and continued through to April 2021. What piqued the researchers’ interest was the hacking software used by the digital spies, whom Kaspersky had dubbed Bitter APT, a pseudonym for an unspecified government agency. Aspects of the code looked like some the Moscow antivirus provider had previously seen and attributed to a company it gave the cryptonym “Moses.”
Tomi Engdahl says:
“Yes, we are breaking the law:” An interview with the operator of a marketplace for stolen data https://therecord.media/yes-we-are-breaking-the-law-an-interview-with-the-operator-of-a-marketplace-for-stolen-data/
A website called Marketo emerged earlier this year, billing itself as a marketplace where people can buy leaked data. Although Marketo isn’t a ransomware group, it appears to borrow key strategies from those types of threat actors. In late August, the group wrote that it was selling confidential data from Japanese tech firm Fujitsu. Earlier this month, reports emerged that data stolen from the Virginia Department of Military Affairs was available for purchase on the site.
But the group’s extortion efforts have gone further than many ransomware operatorsthey reportedly reach out to their victim’s competitors and law enforcement to pressure organizations into paying for the data.
Tomi Engdahl says:
AT&T lost $200M in seven years to illegal phone unlocking scheme https://www.bleepingcomputer.com/news/security/atandt-lost-200m-in-seven-years-to-illegal-phone-unlocking-scheme/
A Pakistani fraudster was sentenced to 12 years in prison earlier this week after AT&T, the world’s largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven-year scheme that led to the fraudulent unlocking of almost 2 million phones.
Tomi Engdahl says:
Freedom Hosting admin gets 27 years in prison for hosting child pornography https://therecord.media/freedom-hosting-admin-gets-27-years-in-prison-for-hosting-child-pornography/
An Irish man who ran a cheap dark web hosting service has been sentenced today to 27 years in prison for turning a blind eye to customers hosting child sex abuse material.
Tomi Engdahl says:
Lessons From History: Afghanistan and the Dangerous Afterlives of Identifying Data https://www.eff.org/deeplinks/2021/09/lessons-history-afghanistan-and-dangerous-afterlives-identifying-data
As the United States pulled its troops out of Afghanistan after a 20-year occupation, byproducts of the prolonged deployment took on new meaning and represented a new chapter of danger for the Afghan people.
For two decades, the United States spearheaded the collection of information on the people of Afghanistan, both for commonplace bureaucratic reasons like payroll and employment data – and in massive databases of biometric material accessible through devices called HIIDE.
Tomi Engdahl says:
Luuletko, ettet voi narahtaa nettihuijaukseen?
https://www.is.fi/digitoday/tietoturva/art-2000008260886.html
TIETOKONEESSASI on virus. Sinulle on saapunut postipaketti.
Vastaajassasi on viesti. Olet voittanut arvonnassa lahjakortin. Pankki on lähettänyt sinulle yksityisviestin, joka pitäisi lukea. Kuulostaako tutulta? Olemme kirjoittaneet puhelimitse, tekstiviestitse ja sähköpostitse tulevista huijauksista paljon. Siksi, että huijauksia on paljon.
Tomi Engdahl says:
Court Rejects Lawsuit Against NSA on “State Secrets” Grounds
https://www.securityweek.com/court-rejects-lawsuit-against-nsa-state-secrets-grounds
A divided federal appeals court has upheld the dismissal of an ACLU lawsuit challenging a portion of the National Security Agency’s warrantless surveillance of Americans’ international email and phone communications.
The 4th U.S. Circuit Court of Appeals ruled Wednesday that the lawsuit must be dismissed after the government invoked the “state secrets privilege,” meaning that a full exploration of the issue in a court of law would damage national security.
Tomi Engdahl says:
Cybersecurity M&A Roundup for September 1-15, 2021
https://www.securityweek.com/cybersecurity-ma-roundup-september-1-15-2021
Tomi Engdahl says:
Google Helps OSTIF Boost Security of Open Source Projects
https://www.securityweek.com/google-helps-ostif-boost-security-open-source-projects
Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.
The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open source environment.
A total of eight projects will benefit from Google’s contribution, including Git, the version control software in modern DevOps, considered the second-most critical application in C; Lodash, a JavaScript utility library that has more than 200 functions to help web development; and Laravel, a php web application framework used in full-stack web applications.
The remaining projects include Slf4j, a logging facade for Java logging frameworks; Jackson-core & Jackson-databind, which are considered the most-used non-JavaScript packages; and Httpcomponents-core & Httpcomponents-client, which are the core and client components of Apache httpcomponents.
https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/
Tomi Engdahl says:
https://www.securityweek.com/how-threat-response-evolving
Tomi Engdahl says:
How Threat Response is Evolving
https://www.securityweek.com/how-threat-response-evolving
As adversaries changed their view of an attack to include vectors across an organization, defenders have had to evolve their approach as well. This is best captured by Mark Harris from Gartner who observed that adversaries have shifted their focus of attacks from infecting files to infecting systems and now to infecting the entire enterprise. Previously, I talked about how this has impacted our approach to threat detection. It is no longer just about finding the one control point or system where the attack is being triggered. Multiple points across the enterprise are involved so you need to be able to connect the dots for a comprehensive understanding of the threat you are facing and know what you must defend. This is why Extended Detection and Response (XDR) is generating great interest right now.
Tomi Engdahl says:
The future of technology is here. Interesting what new stuff we have in the pipeline and the think tank.
Israel reportedly used a remote-controlled gun to assassinate an Iranian scientist
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.engadget.com%2Fisrael-remote-control-iran-scientist-assassination-144746205.html&h=AT2Q-KQKmomgEPXtccb2zqHhVlaETKfxmwaXFl8Ok1Z-_YhvmfgmDY1XiZbWTWibVcGWW26qW2No80GD0RiY1SHbX47VVuQk8vkbejYUsbZF_39ZMGMQtQn3E_7JY1hmoVvYfFKRRFp21ZwAiA
It could change the nature of espionage.
Countries have assassinated people with drones, but those attacks now appear to include robotic weapons on the ground. The New York Times sources claim Israel assassinated top Iranian nuclear scientist Mohsen Fakhrizadeh on November 27th, 2020 using a remotely-controlled, AI-assisted machine gun. Israel reportedly mounted the gun on a pickup truck by the side of the road and, when Fakhrizadeh’s car approached had a distant operator fire the gun using a satellite link.
Tomi Engdahl says:
This Father-Son Hacker Duo Is Helping People Crack Into Their Lost Bitcoin Wallets
It’s estimated that there’s about $140 billion USD in unclaimed Bitcoin.
https://hypebeast.com/2021/9/bitcoin-wallet-hacker-chris-charlie-crypto-asset-recovery
Tomi Engdahl says:
NYT: Iran Nuclear Scientist Was Killed By an ‘AI-Assisted, Remote-Control Killing Machine’
from the long-range-weapons dept.
https://m.slashdot.org/story/390463
For 14 years Israel had wanted to kill Iran’s chief military nuclear scientist and the father of its weapons program, who they suspected of leading Iran’s quest to build nuclear weapons.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12586-jyvaeskylaessae-hyoekaetaeaen-sairaalan-tietojaerjestelmiin
Tomi Engdahl says:
A Journey in Organizational Cyber Resilience Part 2: Business Continuity https://securityintelligence.com/articles/organizational-cyber-resilience-part-2-business-continuity/
Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first piece in this series, but it also makes a big difference to the second topic: business continuity. So, how do you make sure that your business processes and functions keep running during a disruption?
Tomi Engdahl says:
Internet safety tips for kids and teens: A comprehensive guide for the modern parent https://blog.malwarebytes.com/how-tos-2/2021/09/internet-safety-tips-for-kids-and-teens-a-comprehensive-guide-for-the-modern-parent/
When it comes to picking a new device for your child, it’s often difficult to know where to start. Whether you’re looking for a smartphone, a laptop, a gaming device or something else, or even just signing up for an account online, you want to make sure your kids are protected. It’s important to get the basics right, and you also want to be able to set parental controls, leaving little room for your child end up in online destinations you don’t want them going. Of course, setting controls shouldn’t be a be-all and end-all. Nothing can replace having good and open communication with your kids.
Tomi Engdahl says:
Freedom House:
Report finds global internet freedom has declined for the 11th consecutive year including in the US, tech giants clashed with governments over data, and more
Freedom on the Net 2021
The Global Drive to Control Big Tech
https://freedomhouse.org/report/freedom-net/2021/global-drive-control-big-tech
Tomi Engdahl says:
Älä luota mihinkään!
https://etn.fi/index.php/13-news/12592-aelae-luota-mihinkaeaen
IDC järjesti tänään tietoturva-aiheisen seminaarin From Secure to Trusted. Seminaarissa käsiteltiin laajasti uusimpia tietoturvan haasteita, joita parina viime vuonna ovat kasvattaneet erityisesti etätyö ja kiristyshaittaohjelmat. Ykkösohjeeksi tällä hetkellä nousee Zero Trust. Älä luota mihinkään!
HP:n konsultti Riku Reimaa muistutti, että laitteistoon kohdistuvat hyökkäykset sekä ransomware-hyökkäykset ovat kovassa kasvussa. Moni iskuista on saanut paljo julkisuutta, kuten Coop-taaus Ruotsissa ja SolarWind-murto Yhdysvalloissa.
- SolarWind-murto lopulta lähetti bensan hinnan nousuun, eli tietomurtojen vaikutukset voi olla arvaamattomia ja suurempia kuin itse tietomurto.
Laitteiden suojauksessa tärkeää on haitallisen sisällön eristäminen, mutta myös laitteiden suojaaminen, jos ollaan järjestelmissä admin-oikeuksin. HP onkin tuomassa BIOS-suojaukseen biometristä tunnistusta, Reimaa kertoi.
Yleistymässä on myös esimerkiksi office-dokumenttien avaaminen virtuaaliseen hiekkalaatikkoon. – Jos joku avaa saastuneen tiedoston, se eristetään omaan virtuaaliseen hiekkalaatikkoonsa, joten vain virtuaalikone saastuu.
Käyttäjät ovat edelleen ketjun selvästi heikoin lenkki. Julkisten tilastojen mukaan 94 prosenttia nykyaikaisista hyökkäyksistä alkaa sähköpostilla, ja 75 prosenttia hyökkäyksistä tapahtuu päätelaitteen kautta.
Ransomwareen kiinnitti huomiota myös Check Pointin tutkimuspäällikkö Peter Sandkuijl. Niissä on siirrytty kolmanteen sukupolveen eli kolminkertaiseen kiristykseen. Siinä käyttäjiä kiristetään datalla, joka on varastettu joltakin yritykseltä tai organisaatiolta. Ongelma on massiivinen.
- Joka viikko yli 1200 organisaatiota joutuu kiristyshaittaohjelmahyökkäyksen kohteeksi. Määrä on kasvanut 93 prosenttia viimeisen vuoden aikana. Uusin trendi on ransomware-as-a-service
Mitä keinoja yritysten sitten pitäisi käyttää? Sandkuijlin mukaan pitäisi estää haittakoodia sisältävien tiedostojen lataaminen ja estää saastuneiden koneiden mahdollisuus kommunikoida verkossa. Tämä tuo väistämättä käyttäjille epämukavuutta ja voi jopa alentaa tuottavuutta. Vaihtoehtoja ei kuitenkaan oikeastaan ole.
Vaikka huolellisuudesta ja varovaisuudesta on puhuttu jo vuosia, käyttäjät eivät edelleenkään toimi aina fiksusti. Pitkän linjan ICT-guru Kimmo Rousku muistutti, että suomalaiset maksavat kymmeniä miljoonia vuodessa erilaisille huijareille