Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
AI Panel Urges US to Boost Tech Skills Amid China’s Rise
https://www.securityweek.com/ai-panel-urges-us-boost-tech-skills-amid-chinas-rise
An artificial intelligence commission led by former Google CEO Eric Schmidt is urging the U.S. to boost its AI skills to counter China, including by pursuing “AI-enabled” weapons – something that Google itself has shied away from on ethical grounds.
Schmidt and current executives from Google, Microsoft, Oracle and Amazon are among the 15 members of the National Security Commission on Artificial Intelligence, which released its final report to Congress on Monday.
“To win in AI we need more money, more talent, stronger leadership,” Schmidt said Monday.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11824-37-miljardia-tietoa-vaariin-kasiin-viime-vuonna
Tomi Engdahl says:
https://www.securityweek.com/heres-how-north-korean-hackers-stole-data-isolated-network-segment
During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.
Tomi Engdahl says:
https://www.securityweek.com/securing-todays-networks-requires-consolidation-and-collaboration
Tomi Engdahl says:
Take security to the Zero Trust Edge
The Zero Trust Edge (ZTE) model is a safer on-ramp to the internet for organizations’ physical locations and remote workers.
https://www.zdnet.com/article/take-security-to-the-zero-trust-edge/
Tomi Engdahl says:
Patrick Howell O’Neill / MIT Technology Review:
Researchers point out that Apple’s walled garden approach on iOS makes it virtually impossible to detect the presence of malware on iPhones, which does exist — The iPhone’s locked-down approach to security is spreading, but advanced hackers have found that higher barriers are great for avoiding capture.
https://www.technologyreview.com/2021/03/01/1020089/apple-walled-garden-hackers-protected/
Tomi Engdahl says:
Hackers are finding ways to hide inside Apple’s walled garden
https://www.technologyreview.com/2021/03/01/1020089/apple-walled-garden-hackers-protected/
The iPhone’s locked-down approach to security is spreading, but advanced hackers have found that higher barriers are great for avoiding capture.
Tomi Engdahl says:
Security design with principles
https://medium.com/ouspg/security-design-with-principles-a8c045765b93
These ten secure design principles are mostly about avoiding unwanted
features in the system. This either means dropping extra functionality
altogether or controlling the access to the required functionality.
Access control may call for implementing additional security features
in your system.
Tomi Engdahl says:
The Norwegian Intelligence Services assessment of current security
challenges
https://www.forsvaret.no/aktuelt-og-presse/publikasjoner/fokus/rapporter/Focus2021-english.pdf/_/attachment/inline/450b1ed0-1983-4e6b-bc65-4aa7631aa36f:21c5241a06c489fa1608472c3c8ab855c0ac3511/Focus2021-english.pdf
As you will see when you read Focus, the superpowers use a variety of
means, and the security challenges span across many sectors, blurring
the distinction between state security. and public safety. Especially
in the cyber domain, the means are used continuously, adapted. to the
situation and the level of tension. This emphasises the need for close
cooperation. between Norways secret services, police, defence and
other authorities
Tomi Engdahl says:
Cyber Threats 2020: A Year in Retrospect
https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
In a continuation from 2019, there were several instances of espionage
threat actors being linked to financially motivated activity. These
dual motivations are likely due to activity being performed for
personal gain as opposed to a wider shift in operational objectives..
However the variation in activity, in terms of a deviation in expected
targeting and tooling, provides extra challenges in both defence and
attribution efforts. 2020 also saw a number of hacker-for-hire
operations publicly exposed, changing our traditional understanding of
espionage activity.
Tomi Engdahl says:
Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web
https://www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265
Yes, there are “criminal job boards” in the traditional sense on the
Dark Web. The Edge spoke with several security researchers, including
the Photon Research Team at Digital Shadows, about the growing number
of English- and Russian-language Dark Web forums that feature job
boards with specific sections dedicated to the topic of recruitment
and the skills required.
Tomi Engdahl says:
Americans are at risk of being dragged into global cyber warfare, FireEye’s CEO warns: ‘It’s as simple as if you can be hacked, you are hacked’
https://www.businessinsider.com/americans-impacted-by-global-cyber-warfare-fireeye-ceo-warning-2021-3
In a world where more devices are connected to the internet than every before, that could open consumers up to massive risk.
Americans are at risk of being dragged into cyber warfare, FireEye’s CEO told “Axios on HBO.”
Future cyberattacks could take down connected devices, leading to disruptions in daily life.
“It’s as simple as if you can be hacked, you are hacked,” he said.
Kevin Mandia, the CEO of cybersecurity company FireEye, told “Axios on HBO” on Sunday that future cyber warfare between the US and China or Russia could impact regular citizens, leading to widespread disruptions to daily life.
“Apps won’t work. Appliances may not work. People don’t even know all the things they depend on,” Mandia said. “All of a sudden, the supply chain starts getting disrupted because computers don’t work.”
Mandia warned that the rules of engagement around cyberattacks are unclear, meaning that there may be nothing that’s off-limits. In a world where more devices are connected to the internet than every before, consumers could opened up to massive risk.
Connected devices are being hacked
Attackers are taking advantage of the pandemic
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11831-satunnaislukuja-laserilla-sata-kertaa-aiempaa-nopeammin
Tomi Engdahl says:
https://www.internetgovernance.org/2021/03/01/the-narrative-march-1-2021/
Tomi Engdahl says:
Patrick Howell O’Neill / MIT Technology Review:
Brandon Wales, the acting director of the CISA, says that fully recovering from the SolarWinds hack could take the US government as long as 18 months
Recovering from the SolarWinds hack could take 18 months
The head of the agency leading US efforts to fix a Russian hacking attack says rebuilding will take a very long time.
https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/
Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery.
The hacking campaign against American government agencies and major companies was first discovered in November 2020. At least nine federal agencies were targeted, including the Department of Homeland Security and the State Department. The attackers, who US officials believe to be Russian, exploited a product made by the US software firm SolarWinds in order to hack government and corporate targets.
Brandon Wales, the acting director of CISA, the US Cybersecurity and Infrastructure Agency, says that it will be well into 2022 before officials have fully secured the compromised government networks . Even fully understanding the extent of the damage will take months.
“I wouldn’t call this simple,” Wales says. “There are two phases for response to this incident. There is the short-term remediation effort, where we look to remove the adversary from the network, shutting down accounts they control, and shutting down entry points the adversary used to access networks. But given the amount of time they were inside these networks—months—strategic recovery will take time.”
When the hackers have succeeded so thoroughly and for so long, the answer sometimes can be a complete rebuild from scratch. The hackers made a point of undermining trust in targeted networks, stealing identities, and gaining the ability to impersonate or create seemingly legitimate users in order to freely access victims’ Microsoft 365 and Azure accounts. By taking control of trust and identity, the hackers become that much harder to track.
“Most of the agencies going through that level of rebuilding will take in the neighborhood of 12 to 18 months to make sure they’re putting in the appropriate protections,” Wales says.
American intelligence agencies say Russian hackers first infiltrated in 2019. Subsequent investigation has shown that the hackers started using the company’s products to distribute malware by March 2020, and their first successful breach of the US federal government came early in the summer. That’s a long time to go unnoticed—longer than many organizations keep the kind of expensive forensic logs you need to do the level of investigation required to sniff the hackers out.
SolarWinds Orion, the network management product that was targeted, is used in tens of thousands of corporations and government agencies. Over 17,000 organizations downloaded the infected back door. The hackers were extraordinarily stealthy and specific in targeting, which is why it took so long to catch them—and why it’s taking so long to understand their full impact.
“Disruption would have been easier than what they did,” he said. “They had focused, disciplined data theft. It’s easier to just delete everything in blunt-force trauma and see what happens. They actually did more work than what it would have taken to go destructive.”
“This has a silver lining”
CISA first heard about a problem when FireEye discovered that it had been hacked and notified the agency.
It was Microsoft that told the US government federal networks had been compromised. The company shared that information with Wales on December 11, he said in an interview. Microsoft observed the hackers breaking into the Microsoft 365 cloud that is used by many government agencies. A day later, FireEye informed CISA of the back door in SolarWinds, a little-known but extremely widespread and powerful tool.
This signaled that the scale of the hack could be enormous.
These efforts were made even more complicated because Wales had only just taken over at the agency: days earlier, former director Chris Krebs had been fired by Donald Trump
The new man in charge at CISA is now faced with what he describes as “the most complex and challenging” hacking incident the agency has come up against.
The hack will almost certainly accelerate the already apparent rise of CISA by increasing its funding, authority, and support.
CISA was recently given the legal authority to persistently hunt for cyber threats across the federal government, but Wales says the agency lacks the resources and personnel to carry out that mission. He argues that CISA also needs to be able to deploy and manage endpoint detection systems on computers throughout the federal government in order to detect malicious behavior. Finally, pointing to the fact that the hackers moved freely throughout the Microsoft 365 cloud, Wales says CISA needs to push for more visibility into the cloud environment in order to detect cyber espionage in the future.
“This is among the most significant malicious cyber acts ever conducted against the US government. The story will continue to get worse for several months as more understanding of what happened is revealed. That will help focus the incoming administration on this issue. They have a lot of priorities, so it would be easy for cyber to get lost in the clutter. That’s not going to happen now.”
Tomi Engdahl says:
Dave Gershgorn / OneZero :
A look at “Sharp Eyes”, a computerized video surveillance program that aims to surveil 100% of Chinese public spaces and relies largely on reports from citizens
https://onezero.medium.com/chinas-sharp-eyes-program-aims-to-surveil-100-of-public-space-ddc22d63e015
Tomi Engdahl says:
Brian Krebs / Krebs on Security:
A look at web proxy service Infatica, part of a growing industry of firms offering to buy browser extensions or pay their developers to include some extra code
Is Your Browser Extension a Botnet Backdoor?
https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/
A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.
Singapore-based Infatica[.]io is part of a growing industry of shadowy firms trying to woo developers who maintain popular browser extensions — desktop and mobile device software add-ons available for download from Apple, Google, Microsoft and Mozilla designed to add functionality or customization to one’s browsing experience.
Some of these extensions have garnered hundreds of thousands or even millions of users. But here’s the rub: As an extension’s user base grows, maintaining them with software updates and responding to user support requests tends to take up an inordinate amount of the author’s time. Yet extension authors have few options for earning financial compensation for their work.
So when a company comes along and offers to buy the extension — or pay the author to silently include some extra code — that proposal is frequently too good to pass up.
For its part, Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infatica’s computer code can earn anywhere from $15 to $45 each month for every 1,000 active users.
Infatica’s code then uses the browser of anyone who has that extension installed to route Web traffic for the company’s customers, including marketers or anyone able to afford its hefty monthly subscription charges.
The end result is when Infatica customers browse to a web site, that site thinks the traffic is coming from the Internet address tied to the extension user, not the customer’s.
Nguyen removed the ads — which he said weren’t making him much money anyway.
“I had spent at least 10 years building this thing and had no luck monetizing it,” he told KrebsOnSecurity.
Nguyen said he ignored multiple requests from different companies offering to pay him to insert their code, mainly because the code gave those firms the ability to inject whatever they wanted into his program (and onto his users’ devices) at any time.
Then came Infatica, whose code was fairly straightforward by comparison, he said. It restricted the company to routing web requests through his users’ browsers, and did not try to access more sensitive components of the user’s browser experience, such as stored passwords and cookies, or viewing the user’s screen.
More importantly, the deal would net him at least $1,500 a month, and possibly quite a bit more.
“I gave Infatica a try but within a few days I got a lot of negative user reviews,” he said. “They didn’t like that the extension might be using their browser as a proxy for going to not so good places like porn sites.”
Again he relented, and removed the Infatica code.
According to chrome-stats.com, the majority of extensions — more than 100,000 of them — are effectively abandoned by their authors, or haven’t been updated in more than two years. In other words, there a great many developers who are likely to be open to someone else buying up their creation and their user base.
The vast majority of extensions are free, although a handful that have attracted a large and loyal enough following have been able to charge for their creations or for subscription services tied to the extension. But last year, Google announced it was shutting down paid Chrome extensions offered on its Chrome Web Store.
Nguyen said this will only exacerbate the problem of frustrated developers turning to offers from dodgy marketing firms.
“It’s a really tough marketplace for extension developers to be able to monetize and get reward for maintaining their extensions,” he said. “There are tons of small developers who haven’t been able to do anything with their extensions. That’s why some of them will go into shady integration or sell the extension for some money and just be done with it.”
BE SPARING IN TRUSTING EXTENSIONS
Browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. The powers granted to each extension are roughly spelled out in its “manifest,” basically a description of what it will be able to access once you incorporate it into your browser.
According to Nguyen’s chrome-stats.com, about a third of all extensions for Chrome — by far the most widely-used Web browser — require no special permissions. But the remainder require the user to place a good deal of trust in the extension’s author. For example, approximately 30 percent can view all of your data on all or specific websites, or index your open tabs and browsing activity.
More than 68,000 Chrome extensions allow the execution of arbitrary code in the context of webpages, effectively allowing the extension to alter the appearance and functionality of specific sites.
I hope it’s obvious by this point, but readers should be extremely cautious about installing extensions — sticking mainly to those that are actively supported and respond to user concerns.
Tomi Engdahl says:
Founded by Google veterans and backed by $340 million from major VCs, Skydio is creating drones that seem straight out of science fiction—and they could end up in your neighborhood soon.
Drones With ‘Most Advanced AI Ever’ Coming Soon To Your Local Police Department
https://www.forbes.com/sites/thomasbrewster/2021/03/03/drones-with-most-advanced-ai-ever-coming-soon-to-your-local-police-department/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie&sh=e32290b3f0bd
Tomi Engdahl says:
https://pentestmag.com/bgp-hijacking-attack/
Tomi Engdahl says:
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021
https://pentestmag.com/7-cybersecurity-predictions-for…/
#pentest #magazine #pentestmag #pentestblog #PTblog #cybersecurity #predictions2021 #smartbuildings #infrastructure #IoT #IIoT #infosecurity #infosec
Tomi Engdahl says:
Fast Flux 101: How Cybercriminals Improve the Resilience of Their
Infrastructure to Evade Detection and Law Enforcement Takedowns
https://unit42.paloaltonetworks.com/fast-flux-101/
In this blog, we provide a fictional scenario of a cat-and-mouse game
between cybercriminals and law enforcement. We illustrate how
cybercriminals use single fast flux networks and more advanced
techniques such as double flux (when the domain name resolution
becomes part of the fast flux network) and Domain Generation
Algorithms (DGAs) to hamper domain blocklisting and takedown efforts.
Tomi Engdahl says:
Why Cloud Security Risks Have Shifted to Identities and Entitlements
https://www.darkreading.com/cloud/why-cloud-security-risks-have-shifted-to-identities-and-entitlements/a/d-id/1340194
Gartner predicts that by 2023, 75% of cloud security failures will
result from inadequate management of identities, access, and
privileges, up from 50% in 2020. There are several factors driving
these cloud security deficiencies.. Traditional cloud security tools
such as CASB, CSPM, and CWPP weren’t designed to provide these
capabilities or address what Gartner calls Cloud Infrastructure
Entitlement Management (CIEM) and Forrester dubs Cloud Infrastructure
Governance (CIG). What’s needed are cloud-native capabilities to
enforce the concept of least privilege.
Tomi Engdahl says:
Intel Paid Out $800,000 Per Year Through Bug Bounty Program
https://www.securityweek.com/intel-paid-out-800000-year-through-bug-bounty-program
Over 230 Vulnerabilities Patched in Intel Products in 2020
Intel patched 231 vulnerabilities in its products last year, roughly the same as in the previous year, when it fixed 236 flaws.
Tomi Engdahl says:
SolarWinds security fiasco may have started with simple password blunders
https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders/
UPDATED: Many things came together to crack SolarWinds, but it may all have started with that classic mistake of leaking a lousy password. A SolarWinds third-party, public relations spokesperson, however, claims that the password incident had nothing to do with the major security breach.
Tomi Engdahl says:
The Different Flavors of Cyber Resilience
https://www.securityweek.com/different-flavors-cyber-resilience
Cyber Resilience Can be Considered a Preventive Measure to Counteract Human Error, Malicious Actions, and Decayed, Insecure Software
When it comes to cybersecurity, data breaches such as the SolarWinds supply chain attack have made one thing very clear: today’s attacks are no longer limited to the simple spread of a virus or a denial-of-service (DoS) attack. Instead, cyber adversaries deploy advanced persistent threats (APTs), which threaten to exploit even well-patched and monitored infrastructures. The rapid transition to a distributed workforce in response to the COVID-19 pandemic has exacerbated the already challenging situation, widening pre-existing gaps in IT visibility, accountability, and persistence of security controls. It’s not surprising to hear more and more CISOs talk about cyber resilience as an emerging measure to assure the ongoing delivery of business operations. But what exactly is cyber resilience and how does it compare to traditional cybersecurity practices?
Cyber Resilience Defined
According to MITRE, cyber resilience (or cyber resiliency) “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to assure sufficient information, data, and network security. Cyber resilience acknowledges that modern enterprise infrastructures are made up of large and complex entities, and therefore will always have flaws and weaknesses that adversaries will be able to exploit. In this context, the objective of cyber resilience is to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation.
The Different Flavors of Cyber Resilience
Like Zero Trust, cyber resilience applies to today’s ever-expanding attack surface and therefore encompasses the following cyber resources:
• Networks
• Data
• Workloads
• Devices
• People (a.k.a. Identities)
The cyber resources, and the range of adversity to which cyber resources are susceptible, vary depending on the context in which cyber resilience is sought. In any situation, the priority an organization assigns to establishing cyber resilience measures across these different cyber resources should be driven by an assessment of the tactics, techniques, and procedures (so-called TTPs) that hackers are commonly applying when exploiting their victims.
Benefits of Cyber Resilience
Cyber resilience strategies like Endpoint Resilience provide a range of benefits prior, during, and after a cyber-attack. Here are some of the main benefits:
• Hardened Security Posture: Cyber resilience not only helps with responding to and surviving an attack. It can also help an organization develop strategies to improve IT governance, improve security across critical assets, expand data protection efforts, and minimize human error.
• Improved Compliance Posture: Many industry standards, government regulations, and data privacy laws nowadays propagate cyber resilience.
• Enhanced IT Productivity: One of the understated benefits of cyber resilience is that it improves the daily operations of an organization’s IT team. It improves the ability to respond to threats and helps to ensure day-to-day operations run smoothly.
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and post-exploit activities must be thwarted. When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively protect the entire enterprise, covering all the above mentioned available cyber resources. Thus, enterprises need to establish different flavors of cyber resilience across their infrastructure.
Tomi Engdahl says:
Don’t Use a VPN…it’s not the ultimate security fix you’ve been told
https://www.youtube.com/watch?v=8x1BJCKwqpI
There are valid reasons to use a VPN (which I’ll explain), but if you listen to most YouTubers, a VPN has somehow become the end-all-be-all security and privacy app. It’s not.
This isn’t the most popular opinion on the internet, but it’s true. In this video, we cover:
▶ The truth about your current internet security (without a VPN)
▶ What are the legitimate reasons to use a VPN?
▶ What are the things that a VPN CANNOT do?
Tomi Engdahl says:
Selecting a Protective DNS Service
https://media.defense.gov/2021/Mar/03/2002593055/-1/-1/0/CSI_PROTECTIVE%20DNS_UOO117652-21.PDF
Due to the centrality of DNS for cybersecurity, the Department of
Defense (DoD) included DNS filtering as a requirement in its
Cybersecurity Maturity Model Certification (CMMC) standard (SC.3.192).
Tomi Engdahl says:
GAO report finds DOD’s weapons programs lack clear cybersecurity
guidelines
https://www.zdnet.com/article/gao-report-finds-dods-weapons-programs-lack-clear-cybersecurity-guidelines/
In a new report released Thursday, the U.S. Government Accountability
Office (GAO) said the Department of Defense fails to communicate clear
cybersecurity guidelines to contractors tasked with building systems
for its weapons programs.
Tomi Engdahl says:
Intel 2020 Product Security Report
https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/intel-2020-product-security-report.pdf
In 2020 we delivered mitigations for 231 product security issues. 109
(47%) were internally found by Intel employees through our efforts
around offensive security research and another 105 (45%) were reported
through Intels Bug Bounty program. In total, 92% (214) of the issues
addressed were the direct result of our ongoing investment. The
remaining 17 issues were reported to Intel by partners or .
organizations who do not typically seek bounty payments.
Tomi Engdahl says:
Data is the world’s most valuable (and vulnerable) resource
There’s a gaping hole in the data loss prevention market
https://techcrunch.com/2021/03/04/data-is-the-worlds-most-valuable-and-vulnerable-resource/?tpcc=ecfb2020
There’s no overstating it: 2020 was a hell of a year. When future generations learn about 2020, the pandemic, social tension and political unrest will take up most of the oxygen. But for those learning about the history of cybersecurity, 2020 and a midsize company from Austin, Texas — SolarWinds — will take center stage.
Malicious code in one update of a trusted software provider was the Trojan horse that enabled access to petabytes of private data across 18,000 organizations, including Fortune 500s and government entities.
Every business leader must acknowledge what many in cybersecurity have been saying — cyber strategy is company strategy.
By 2025, IDC forecasts the data universe will consist of 175 zettabytes. In case you don’t know, one zettabyte is 1 trillion gigabytes. If you were to download 175 zettabytes of data on your computer, it would take you 1.8 billion years. Mind-boggling!
And it only increases exponentially from here. From likes, posts, profile views, follows and RTs for end consumers to time on site, conversion rate and bounce rate for websites to events, errors and anomaly tracking in IoT — all of this data is logged and tracked. We’ve seen billion-dollar companies built, taken public and acquired that ingest and visualize all of the data we capture.
Tomi Engdahl says:
Hackers exploit websites to give them excellent SEO before deploying malware
Climbing up Google’s ranks is key to this new technique.
https://www.zdnet.com/article/hackers-exploit-websites-to-give-them-excellent-seo-before-deploying-malware/
Tomi Engdahl says:
Hacking is not a crime – and the media should stop using ‘hacker’ as a pejorative
Hackers are friends not foes, says Alyssa Miller in this opening argument for our latest debate
https://www.theregister.com/2021/03/03/debate_hackers_for/
Tomi Engdahl says:
House Session Abruptly Canceled After Domestic Terror Threat Warnings
https://www.forbes.com/sites/andrewsolender/2021/03/03/house-session-abruptly-canceled-after-domestic-terror-threat-warnings/
The House of Representatives on Wednesday canceled a planned Thursday session after the Capitol Police and other federal law enforcement agencies warned of a potential domestic terror threat on that day.
Tomi Engdahl says:
Gab’s CTO Introduced a Critical Vulnerability to the Site
A review of the open source code shows an account under the executive’s name made a mistake that could lead to the kind of breach reported this weekend.
https://arstechnica.com/gadgets/2021/03/rookie-coding-mistake-prior-to-gab-hack-came-from-sites-cto/
Tomi Engdahl says:
Militia Group Potentially Plotting To Breach Capitol Thursday—Date Of March 4 Conspiracy—Capitol Police Say
https://www.forbes.com/sites/nicholasreimann/2021/03/03/militia-group-potentially-plotting-to-breach-capitol-thursday-date-of-march-4-conspiracy-capitol-police-say/
Tomi Engdahl says:
6 Common VPN Myths and Why You Shouldn’t Believe Them
BY BEN STEGNER
UPDATED 5 DAYS AGO
https://www.makeuseof.com/tag/5-common-vpn-myths-shouldnt-believe/
Don’t believe these myths and misconceptions about VPNs. Here’s the truth so you know what to expect when using a VPN service.
Tomi Engdahl says:
https://www.dragos.com/blog/industry-news/risky-business-maturing-ot-security-with-executives/
Risky Business: Maturing OT Security With Executives. For many of us,
the phrase invokes memories of continuous security assessments,
meaningless heat maps, and constantly telling people were not IT, we
dont do that. Its political battles between IT and OT, budget wars,
and oversimplifying years of work into maybe two PowerPoint slides.
There is a reason why, as practitioners, were constantly in the cross
hairs when it comes to cyber risk and cyber program managementbecause,
compared to other operational areas, we are, without a doubt, the
least mature in communicating and documenting risk. Thats not a
criticism, but an observation.
Tomi Engdahl says:
Pitäisikö nettiäänestystä kiirehtiä epidemian vuoksi? Vaakakupissa
painavat vaalisalaisuus ja helppous molempia ei saa, sanoo
kyberturvallisuuden asiantuntija
https://yle.fi/uutiset/3-11809803
Uusinkaan teknologia ei kyberturvallisuuteen erikoistuneen
asiantuntijan mukaan kykene poistamaan vaalisalaisuutta uhkaavia
ongelmia. Edessä olevat kuntavaalit ovat herättäneet paljon huolta ja
keskustelua pahenevan epidemiatilanteen keskellä: Miten kansalaisille
tarjotaan terveysturvallinen pääsy vaaliuurnille? Miten hillitään
jonot kunnantalojen edessä? Entä miten järjestetään koronaan
sairastuneelle mahdollisuus käyttää äänioikeuttaan?
Tomi Engdahl says:
Ransomware gang plans to call victim’s business partners about attacks
https://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/
The REvil ransomware operation announced this week that they are using
DDoS attacks and voice calls to journalists and victim’s business
partners to generate ransom payments. The REvil ransomware operation,
also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where
the ransomware operators develop the malware and payment site, and
affiliates (adverts) compromise corporate networks to deploy the
ransomware.
Tomi Engdahl says:
Countering Cyber Proliferation: Zeroing in on Access-as-a-Service
(PDF)
https://www.atlanticcouncil.org/wp-content/uploads/2021/03/Offensive-Cyber-Capabilities-Proliferation-Report.pdf
ENFER (a cryptonym), is a contractor operating in the Russian
Marketplace, which allegedly partakes in offensive operations under
the direct instruction of the Russian Federal Security Service (FSB).
Tomi Engdahl says:
Spotting the Red Team on VirusTotal!
https://isc.sans.edu/forums/diary/Spotting+the+Red+Team+on+VirusTotal/27174/
Many security researchers like to use the VirusTotal platform. The
provided services are amazing: You can immediately have a clear
overview of the dangerousness level of a file but…. VirusTotal
remains a cloud service. It means that, once you uploaded a file to
scan it, you have to consider it as “lost” and available to a lot of
(good or bad) people! In the SANS FOR610 training (“Reverse
Engineering Malware”), we insist on the fact that you should avoid
uploading a file to VT!
Tomi Engdahl says:
Check to see if youre vulnerable to Microsoft Exchange Server
zero-days using this tool
https://www.zdnet.com/article/check-to-see-if-youre-vulnerable-to-microsoft-exchange-server-zero-days-using-this-tool/
Microsoft’s Exchange Server team has released a script for IT admins
to check if systems are vulnerable to recently-disclosed zero-day
bugs. As noted in an alert published by the US Cybersecurity and
Infrastructure Security Agency (CISA) on Saturday, Microsoft’s team
has published a script on GitHub that can check the security status of
Exchange servers.
Tomi Engdahl says:
A new type of supply-chain attack with serious consequences is
flourishing
https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
A new type of supply chain attack unveiled last month is targeting
more and more companies, with new rounds this week taking aim at
Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of
others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies
were targeted by a similar attack that allowed a security researcher
to execute unauthorized code inside their networks.. The latest attack
against Microsoft was also carried out as a proof-of-concept by a
researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by
contrast, were malicious, but its not clear if they succeeded in
executing the malware inside their networks.
Tomi Engdahl says:
Biden administration labels China top tech threat, promises
proportionate responses to cyberattacks
https://www.theregister.com/2021/03/05/bide_administration_interim_national_security_guidance/
That assessment was offered in a new Interim National Security
Guidance [PDF] issued on Wednesday, in which the administration also
outlines plans to seek more regulation of advanced technologies and an
intention to strike back after cyberattacks.. Guidance document at
https://www.whitehouse.gov/wp-content/uploads/2021/03/NSC-1v2.pdf
Tomi Engdahl says:
AdGuard names 6,000+ web trackers that use CNAME chicanery: Feel free
to feed them into your browser’s filter
https://www.theregister.com/2021/03/04/adguard_cname_tracker/
As privacy barriers have gone up to prevent marketers from gathering
data from web users, CNAME manipulation has become more popular. As we
reported last week, privacy researchers recently found that the
presence of CNAME trackers has increased 21 per cent over the past 22
months and that CNAME trackers show up on almost 10 per cent of the
top 10,000 websites. Worse still, 95 per cent of websites . that
fiddle with their domain records in this manner leak cookies, which
sometimes contain sensitive information.. List at
https://github.com/AdguardTeam/cname-trackers, paper at
https://arxiv.org/pdf/2102.09301.pdf
Tomi Engdahl says:
Hackers are finding ways to hide inside Apple’s walled garden
https://www.technologyreview.com/2021/03/01/1020089/apple-walled-garden-hackers-protected/
The iPhone’s locked-down approach to security is spreading, but advanced hackers have found that higher barriers are great for avoiding capture.
You’ve heard of Apple’s famous walled garden, the tightly controlled tech ecosystem that gives the company unique control of features and security. All apps go through a strict Apple approval process, they are confined so sensitive information isn’t gathered on the phone, and developers are locked out of places they’d be able to get into in other systems. The barriers are so high now that it’s probably more accurate to think of it as a castle wall.
Virtually every expert agrees that the locked-down nature of iOS has solved some fundamental security problems, and that with these restrictions in place, the iPhone succeeds spectacularly in keeping almost all the usual bad guys out. But when the most advanced hackers do succeed in breaking in, something strange happens: Apple’s extraordinary defenses end up protecting the attackers themselves.
“It’s a double-edged sword,”
Tomi Engdahl says:
“You’re going to keep out a lot of the riffraff by making it harder to break iPhones. But the 1% of top hackers are going to find a way in and, once they’re inside, the impenetrable fortress of the iPhone protects them.”
Bill Marczak, Citizen Lab
https://www.technologyreview.com/2021/03/01/1020089/apple-walled-garden-hackers-protected/
Tomi Engdahl says:
And, when will people – in general – finally stop posting photos of their keys? Probably never?
German prison has to spend ‘£43,000′ changing 600 locks after intern sent a photo of the keys to his friends on WhatsApp
https://www.dailymail.co.uk/news/article-9325001/German-prison-changes-locks-intern-shared-photos.html
The trainee shared the photos on a WhatsApp group to boast about his new job
It raised fears that the prison’s 647 inmates could have staged a mass breakout
Tomi Engdahl says:
Poison packages Supply Chain Risks user hits Python community with
4000 fake modules
https://nakedsecurity.sophos.com/2021/03/07/poison-packages-supply-chain-risks-user-hits-python-community-with-4000-fake-modules/
If youve ever used the Python programming language, or installed
software written in Python, youve probably used PyPI, even if you
didnt realise it at the time. PyPI is short for the Python Package
Index, and it currently contains just under 300,000 open source add-on
modules (290,614 of them when we checked [2021-03-07T00:10Z]).. The
ease with which trusting users download and install new Python (and
Node.js, and Ruby, etc.) components has led to a range of
cybercriminal attacks against package managers.
Tomi Engdahl says:
Going dark: Service disruptions at stock exchanges and brokerages
https://www.welivesecurity.com/2021/03/08/going-dark-service-disruptions-stock-exchanges-brokerages/
Given the dependence of todays societies and economies on technology
along with the skyrocketing interest in day trading of late, its only
natural that concerns about the increasing number and severity of
security loopholes in all manner of software applications should rise
in lockstep. Given the dependence of todays societies and economies on
technology along with the skyrocketing interest in day trading of
late, its only natural that concerns about the increasing number and
severity of security loopholes in all manner of software applications
should rise in lockstep. And thats on top of numerous other
cyberthreats that require the continued attention of organizations and
. And thats on top of numerous other cyberthreats that require the
continued attention of organizations and people, including those
involved with stock trading.