Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
YARA and CyberChef
https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
If you prefer a graphical user interface to match YARA rules, you can
try CyberChef. YARA is a pattern matching tool, known as “The pattern
matching swiss knife”. CyberChef is a web app for all kinds of (file)
analysis techniques, known as “The Cyber Swiss Army Knife”. And what
do you get when you combine 2 Swiss Knifes? One really big Swiss Knife
Tomi Engdahl says:
Intel And Microsoft Collaborate On DARPA Program That Pioneers A New
Frontier Of Ultra-Secure Computing
https://www.forbes.com/sites/davealtavilla/2021/03/08/intel-and-microsoft-collaborate-on-darpa-program-that-pioneers-a-new-frontier-of-ultra-secure-computing/
In the Tech sector there are few areas of the market that are as
critical and burgeoning with opportunity as security. Simply put, the
more connected we become and the more data we amass, the more we need
to secure that data and our connections. As such, data encryption
technologies have been advancing over the years in an effort to meet
the need to fend off large scale hacks and breaches. But what if I
told you there are also new encryption processing technologies being
developed that will some day allow us to perform compute and other
functions on encrypted data, without the need to decrypt said data?
Say what?
Tomi Engdahl says:
Introducing DAIC: A Suggested System for Preventing BEC Fraud
https://www.securityweek.com/introducing-daic-suggested-system-preventing-bec-fraud
BEC Fraud (Business E-mail Compromise) has reached epidemic levels in recent years. In 2019, the FBI’s Internet Crime Compliant Center, reported that it received complaints with adjusted losses of over $1.7 billion from this type of scam. The reported cases to the IC3 is just a drop in the bucket compared to the overall amount of incidents online. Considering nothing dramatic has changed in the cybercriminal world, it can be assumed that in 2020 and 2021, the numbers are the same, if not worse.
The scam has a few variants in how it is executed and in its technical sophistication. The majority of the cases involve invoice scams, in which the fraudster masquerades as a vendor, sending the victim’s CFO or account payable team a request for payment with an updated bank account information. In term of sophistication, the scam ranges from involving an actual compromised E-mail account of the vendor, the use of a similar domain that impersonates the vendor’s, to a simple well-crafted E-mail message. In all variants, the attacker hopes for the victim to fall for the bait and issue a wire transfer.
The reason why BEC fraud has become immensely popular is due to its high success rate despite the low bar of entry, at least for the less sophisticated variants of the scam. The reason why the success rate is so high is because CFOs and account payable teams don’t have a quick and easy way of validating that the account information they currently have for a vendor is indeed legitimate.
As the anti-fraud industry is beginning to catch up with the threat and BEC fraud detection solutions enter the market, these are premium services that are limited by the specific anti-fraud vendor’s data and visibility.
In this column I am suggesting a free and open source solution for BEC fraud.
This can be achieved through a Distributed Account Information Certification, or DAIC for short.
The Concept
With DAIC, every company can place its account number, in which it receives payments from customers, into a “certification server” of its choosing.
When an entity wants to send money to that company, it can then query the server using a DAIC client to check whether the account information they have on file is the same as the “certified” account information stored on the server.
By validating the account number prior to sending payment, if the payment was done due to a fraudulent invoice that has been received from a scammer, one which contains a different account number, it will be identified and the payment could be stopped.
As DAIC is open source and works with a standard protocol, this validation process could be done using a dedicated open source software or be embedded into any payment solution.
How it works
DAIC uses tried-and-tested methods used in other security standards, such as DMARC (Domain-based Message Authentication, Reporting & Conformance).
Each company adds to their DNS records a record indicating the DAIC server of their choice. When a client is used to validate an account number, the user enters the payment recipient’s account number and domain name. It then looks for a DAIC DNS record of the provided domain in order to extract the location of the DAIC server. The server is then queried to validate if the account number is accurate.
Benefits of DAIC
This concept provides several benefits.
• It’s free. As BEC fraud targets smaller organizations as well as large ones, it can be used to improve everyone’s ability to protect themselves from the scam without impacting their bottom line. It also means that adopting this standard should be easier.
• It’s a standard. As the solution does not rely on a specific vendor’s visibility into account information, it can work well across geographies and industries if adopted. Furthermore, as noted, it can be embedded into existing payment management solutions.
• As it is open source, companies can decide whether to set up their own DAIC server, which would exclusively hold their account information, or use a SaaS service. There is an incentive for anti-fraud vendors to provide such services as theoretically it can help them capture any queries with wrong account numbers, generating threat intelligence.
• DAIC doesn’t need to be adopted by everyone to work. Companies can demand that their vendors implement DAIC in order to receive payments from them. Even without mass adoption, they would be protected.
• Any attempt to disrupt the validation process, by performing DDoS attacks on DAIC servers, for example, would be counterproductive to attackers, as their payment requests would not be validated.
Limitations of DAIC
DAIC isn’t an infallible system. It is exposed to some forms of attacks, such as gaining a company’s DNS management rights (for example, by obtaining registrar credentials using malware), enabling attackers to redirect DAIC queries to servers they control. Alternatively, attackers can take over the server currently used by a company and poison its data.
Despite some limitations, implementing DAIC still raises the bar of the technical level necessary to pull off a successful BEC fraud, taking many of the unsophisticated fraudsters who are currently performing these scams out of the game, dramatically reducing the overall losses experienced by BEC fraud worldwide.
Tomi Engdahl says:
NSA, DHS Issue Guidance on Protective DNS
https://www.securityweek.com/nsa-dhs-issue-guidance-protective-dns
Tomi Engdahl says:
Ransomware Takedowns Underscore Need for Private-Public Cybersecurity Collaboration
https://www.securityweek.com/ransomware-takedowns-underscore-need-private-public-cybersecurity-collaboration
Tomi Engdahl says:
Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers
https://www.securityweek.com/thousands-mobile-apps-expose-data-misconfigured-cloud-containers
Thousands of mobile applications expose user data through insecurely implemented cloud containers, according to a new report from security vendor Zimperium.
The issue, the company notes, is rooted in the fact that many developers tend to overlook the security of cloud containers during the development process.
Cloud services help resolve the issue of storage space on mobile devices, and developers have numerous such solutions to choose from, some of the most popular being Amazon Web Services, Microsoft’s Azure, Google Storage, and Firebase, among others.
“All of these services allow you to easily store data and make it accessible to your apps. But, herein lies the risk, the ease of use of these services also makes it easy for the developer to misconfigure access policies – – potentially allowing anyone to access and in some cases even alter data,” Zimperium notes.
Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps
https://blog.zimperium.com/unsecured-cloud-configurations-exposing-information-in-thousands-of-mobile-apps/
Tomi Engdahl says:
https://www.facebook.com/watch/?v=147764123861742
13 ways to Unlock Various Locks…
https://www.facebook.com/watch/?v=147764123861742
Tomi Engdahl says:
Kelly Sheridan / Dark Reading:
Linux Foundation debuts the Sigstore initiative, which aims to improve open source software supply chain security, and includes members like Google and Red Hat
https://www.darkreading.com/application-security/linux-foundation-debuts-sigstore-project-for-software-signing/d/d-id/1340360
Introducing sigstore: Easy Code Signing & Verification for Supply
Chain Integrity
https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html
One of the fundamental security issues with open source is that its
difficult to know where the software comes from or how it was built,
making it susceptible to supply chain attacks. A few recent examples
of this include dependency confusion attack and malicious RubyGems
package to steal cryptocurrency. Today we welcome the announcement of
sigstore, a new project in the Linux Foundation that aims to solve
this issue by improving software supply chain integrity and
verification.
Tomi Engdahl says:
Warning the World of a Ticking Time Bomb
https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/
On Mar. 5, KrebsOnSecurity broke the news that at least 30,000
organizations and hundreds of thousands globally had been hacked. The
same sources who shared those figures say the victim list has grown
considerably since then, with many victims compromised by multiple
cybercrime groups. Security experts are now trying to alert and assist
these victims before malicious hackers launch what many refer to with
a mix of dread and anticipation as Stage 2, when the bad guys revisit
all these hacked servers and seed them with ransomware or else
additional hacking tools for crawling even deeper into victim
networks.
Tomi Engdahl says:
Cyber criminals targeting hospitals are ‘playing with lives’ and must
be stopped, report warns
https://www.zdnet.com/article/cyber-criminals-targeting-hospitals-are-playing-with-lives-and-must-be-stopped-report-warns/
Cyberattacks targeting healthcare are putting patients at unnecessary
risk and more must be done to hold the cyber criminals involved to
account, warns the CyberPeace Institute, an international body
dedicated to protecting the vulnerable in cyberspace. The healthcare
industry has been under increased strain over the past year due to the
impact of the COVID-19 pandemic, which has prompted some cyber
criminals to conduct ransomware campaigns and other cyberattacks.
Tomi Engdahl says:
WE OFTEN HEAR about cyberattacks, cyber operations, and malware
infections that target computer systems or smartphones. Attacks
against civilian infrastructure facilities such as hospitals, water
sanitation systems, and the energy sector similarly get a lot of
airtime
https://www.wired.com/story/dire-possibility-cyberattacks-weapons-systems/
But there is another type of high stakes system that gets much less
attention: weapons systems. These include guided missiles, missile,
and anti-missile systems, tanks, fighter jets, and moreall of which
are computerized and possibly networked. We can imagine that weapons
systems contain security vulnerabilities similar to most other
information systems, including serious ones.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11864-yli-100-miljoonaa-windows-konetta-saastui-viime-vuonna
Tomi Engdahl says:
https://www.eetimes.com/darpa-funds-asic-accelerators-for-fully-homomorphic-encryption/
Tomi Engdahl says:
Iso muutos viime vuonna: Linux-hyökkäysten määrä kovaan kasvuun
https://etn.fi/index.php/13-news/11847-iso-muutos-viime-vuonna-linux-hyokkaysten-maara-kovaan-kasvuun
IBM:n X-Force-tietoturvaryhmä on julkaissut raportin, josta löytyy useita mielenkiintoisia tietoja. Yksi viime vuoden isoja muutoksia on Linuxiin kohdistuvien haittaohjelmien ja hyökkäysten määrän kasvu.
Tomi Engdahl says:
Hardening Fragile GPS Through Real-World Testing
By George Leopold 03.05.2021 0
https://www.eetimes.com/hardening-fragile-gps-through-real-world-testing/
The growing vulnerability of the Global Positioning System, critical infrastructure used for everything from synchronizing networks to guiding fire trucks, is prompting calls to harden the satellite network with backup networks that could be used if — and some predict, when — GPS is knocked out by jamming, spoofing or other types of interference.
As a technical debate continues over the best course for securing and augmenting GPS with complementary technologies, security experts are working to develop real-world testing frameworks that can be used to assess risks. Those effort are considering different technology options if relatively weak GPS signals are jammed or spoofed.
Tomi Engdahl says:
Changing winds of cybersecurity for ICSs
The SolarWinds attack is the latest reminder the cybersecurity landscape is changing, and manufacturers need to protect industrial control systems (ICSs). See three ways a software bill of materials can help cybersecurity.
https://www.controleng.com/articles/changing-winds-of-cybersecurity-for-icss/?oly_enc_id=0462E3054934E2U
The SolarWinds attack has been in the news a lot lately due to the widespread scope of the attack, which went beyond one company or one specific target industry. The SolarWinds attack affected more than four-fifths of the Fortune 500 companies and hit virtually every major sector in the U.S. government and military.
This was more than a one-off cyberattack, and it’s only going to increase, according to Eric Byres, CEO for aDolus, in his presentation: “After the SolarWinds attack: What the SolarWinds fiasco tells us about the changing security landscape” at the ARC Advisory Group Forum, which was presented remotely via Zoom.
Tomi Engdahl says:
COVID-19 And Cybersecurity: Pay Attention To Exponential Growth!
What the multi-layered pandemic response can teach about combatting cyberattacks.
https://semiengineering.com/covid-19-and-cybersecurity-pay-attention-to-exponential-growth/
COVID-19 and cybersecurity – you may wonder what these two seemingly very different topics have in common. I would list two:
Both of them are exponential in nature, which, as a society we have difficulties grappling with – making this one of the reasons for our uneven responses.
Both of them require a multi-layered solution strategy that, while it does not need to be perfect, must be consistent and sustained.
Since the outbreak of the COVID-19 pandemic, I have been surprised to hear the word “exponential” increasingly appear in common news coverage. This term used to be reserved for scientists and engineers: in our field, for example, to reason about algorithmic complexity. Nevertheless, knowingly or not, “exponential” plays a key role in many aspects of our modern life such as compound interests for loans, spread of popular information on social networks, or for the given topic, the impact of viral transmission and cyberattacks.
While exponential growth is about multiplying the base value every so often, it is its time constant that determines the speed of growth (or decay). For a viral transmission, you might have heard about the reproduction number R which determines the growth (or shrinkage) of the outbreak. When we learn that some virus variant is 50% more infectious, we could shrug it off as it seems like a relatively small increment. However, after only five more transmissions, this 50% could lead to a 11-fold increase of people being infected – explaining why new COVID variants can become dominant quickly, but also illustrating how easy it is for us to underestimate the impact of “exponential.”
The situation is similar in the cybersecurity area. You may remember the early IBM PC days when the first computer viruses appeared (my mother asked me whether she could get infected by such a computer virus – I am sure she was not the only one with that concern). The initial propagation was via floppy disk – showing an exponential growth similar to its biological cousin. However, once PCs became networked and connected to the internet, the time constant shrunk dramatically, leading to much faster spread and much bigger impact. Since then, cyberattacks have become significantly more sophisticated, exploiting a wide spectrum of vulnerabilities such as weaknesses in hardware or software designs, or simply mistakes in how we organize and operate our digital infrastructure. The recent SolarWinds fiasco demonstrated a highly sophisticated attack that exploited the SW supply chain to gain fast and deep proliferation. Similarly, the just published weaponized Spectre exploit has the potential of massive attacks taking advantage of a vulnerability in widely used semiconductor chips.
Whether reacting to a pandemic or improving our cybersecurity posture, the response does not need to be perfect, but requires a consistent and sustained multi-layered approach – all aimed at slowing (and eventually reversing) the growth.
For the Coronavirus, we all have acquired new habits such as mask wearing, social distancing, hand washing, reduced travel, etc., which are combined with a broad medical response such as contract tracing, PPEs, a massive vaccination campaign and more. All of them are important, as their combination can dramatically reduce the spread with the goal to reduce the pandemic to manageable levels, if not eradicate it completely.
It is unlikely that we will ever be able to eliminate cyberattacks. But to limit their impact, we need to drastically slow their spread and once encountered, respond as thoroughly and quickly as possible. Similar to a pandemic response, combatting cyberattacks requires a combination of adjusting our behavior with a comprehensive technical response. The former starts with simple means such as maintaining secure passwords and resisting socially engineered cyberattacks to truly embracing security processes and standards for product development and system operation. Technically, we need to ensure that security is a key business requirement across the entire system stack from semiconductor chips, firmware, operating system, application software, communication networks, to datacenter, cloud infrastructure, etc. Too often, we observe a siloed approach to these diverse domains, which is highly visible at vendor exhibitions of cyber conferences such as RSA or BlackHat. These disconnects allow attackers to breach a system by weaving together vulnerabilities from different domains into a comprehensive exploit.
Tomi Engdahl says:
Covid: White hat bounty hackers become millionaires
https://www.bbc.co.uk/news/technology-56350362
Hackers earned a record $40m (£28m) in 2020 for reporting software flaws via a leading bug bounty reporting service.
HackerOne said nine hackers made more than $1m each after it flagged their findings to affected organisations.
One Romanian man, who only started bug-hunting two years ago, saw his total earnings to date top $2m. The UK’s top-earning hacker made $370,000 last year.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Dependency confusion attacks, where package managers override local packages with global ones, are flourishing, impacting Microsoft, Zillow, Lyft, and others
A new type of supply-chain attack with serious consequences is flourishing
New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow.
https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.
The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but it’s not clear if they succeeded in executing the malware inside their networks. The npm and PyPi open source code repositories, meanwhile, have been flooded with more than 5,000 proof-of-concept packages, according to Sonatype, a firm that helps customers secure the applications they develop.
“Given the daily volume of suspicious npm packages being picked up by Sonatype’s automated malware detection systems, we only expect this trend to increase, with adversaries abusing dependency confusion to conduct even more sinister activities,” Sonatype researcher Ax Sharma wrote earlier this week.
Tomi Engdahl says:
#Deepfakes aren’t sophisticated enough yet to fool the vast majority of us, but deepfake innovations can be co-opted by bad actors to mess with other kinds of #machinelearning applications.
Improved Technology for Deepfakes Highlights a Supply Chain Problem
https://spectrum.ieee.org/riskfactor/telecom/security/deepfakes-supply-chain
Every time a realistic-looking deepfake video makes the rounds—and lately, it feels like there is one every few days—there are warnings that the technology has advanced to the extent that these videos generated by artificial intelligence will be used in disinformation and other attacks.
Typically, deepfake videos are generated by putting a person’s face onto the body of someone else, and the facial movements are manipulated to fit the original video using artificial intelligence. The technology isn’t sophisticated enough yet that people can’t tell the generated videos aren’t real, but the technology is improving rapidly, creating more opportunities for malicious actors to co-opt these applications for their own purposes
“There is not a lot of harm yet [with deepfakes], but you can envision how this tech might be used in the future for other kinds of attacks, as the technology matures,” Sherman said at a recent Ai4 Cybersecurity 2021 Summit.
The risk isn’t hypothetical. Back in 2019, an executive in a United Kingdom-based energy company received a phone call from his boss in Germany instructing him to wire €200,000 (US$220,000) to a Hungarian supplier within the hour. The call had actually been a deepfake audio,
While it was bad that the company lost money, the damage wasn’t catastrophic. And that is what Sherman worries about. Currently, generating deepfake videos requires a good deal of technical expertise, time, processing power, and data, so it is still out of reach of the average user. Typically, transferring a person’s face onto the video of another person involves collecting thousands of pictures of both people, encoding the images using a deep learning neural network, and calculating features. Transferring the face of a person onto a video of another person could easily wind up involving 175 million parameters and millions of updates, Sherman said.
Tomi Engdahl says:
February 2021s Most Wanted Malware: Trickbot Takes Over Following
Emotet Shutdown
https://blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/
Check Point Research reports that following the international police
operation that took control of Emotet in January, Trickbot has become
the new top global threat used by cybercriminals. Our latest Global
Threat Index for February 2021 has revealed that the Trickbot trojan
has topped the Index for the first time, rising from third position in
January.
Tomi Engdahl says:
Whitelist Me, Maybe? Netbounce Threat Actor Tries A Bold Approach To
Evade Detection
https://www.fortinet.com/blog/threat-research/netbounce-threat-actor-tries-bold-approach-to-evade-detection
On the 12th of February, FortiGuard Labs received a request via email
from a person representing a company called Packity Networks asking to
whitelist their software. The sender claimed it to be a false-positive
that inflicts a significant impact on their business
Tomi Engdahl says:
Attackers Wont Stop With Exchange Server. You Need a New Playbook
https://blog.paloaltonetworks.com/2021/03/exchange-server-new-playbook/
When watershed SolarWinds attacks hit in December, I urged
organizations to redouble efforts to secure their networks. It was a
wakeup call SolarWinds exposed security weaknesses in organizations
that would only be compounded now that were all so reliant on
technology. Less than three months later, here we are again. Over the
last week weve learned how hackers spent at least two months breaking
into servers running Microsofts widely used Exchange Server email
software before they were caught.
Tomi Engdahl says:
Piktochart – Phishing with Infographics
https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
In line with our recent diaries featuring unique attack vectors for
credential theft, such as phishing over LinkedIn Mail and pretending
to be an Outlook version update[2], we’ve recently learned of a
phishing campaign targetting users of the Infographic service
Piktochart.. During the COVID-19 pandemic, nearly every kind of
company has moved to use more online collaboration tools. This means
that many small businesses, universities, primary and secondary
schools, and others that may not be well-trained in online safety will
be especially vulnerable to this type of attack, especially if they
are using a relatively new tool, like Piktochart.
Tomi Engdahl says:
Threat Trends: DNS Security, Part 1
https://blogs.cisco.com/security/threat-trends-dns-security-part-1
When it comes to security, deciding where to dedicate resources is
vital. To do so, its important to know what security issues are most
likely to crop up within your organization, and their potential
impact. The challenge is that the most active threats change over
time, as the prevalence of different attacks ebb and flows. This is
where it becomes helpful to know about the larger trends on the threat
landscape. Reading up on these trends can inform you as to what types
of attacks are currently active. That way, youll be better positioned
to determine where to dedicate resources.
Tomi Engdahl says:
OVH datacenter disaster shows why recovery plans and backups are vital
https://venturebeat.com/2021/03/10/ovh-datacenter-disaster-shows-why-recovery-plans-and-backups-are-vital/
European cloud computing giant OVH announced today that a major fire destroyed one of its Strasbourg datacenters and damaged another, while the company also shut down two other datacenters located at the site as a precautionary measure. Nobody was reported to have been injured.
While AWS, Azure, and Google Cloud usually garner most of the limelight in the cloud computing realm, OVH is one of the bigger ones outside the “big three” with 27 datacenters globally, 15 of which are in Europe. Today’s disaster, which was thought to have taken more than 3.5 million websites offline, comes during a major period of activity for France-based OVH, after it recently announced a partnership with Atos to offer fully EU-made cloud services in an industry dominated by Amazon, Microsoft, and Google. And just this week, OVH revealed that it was in the early planning stages of going public.
one of the biggest lessons businesses can glean from the events that unfolded in Strasbourg today. Despite all the benefits that cloud computing brings to the table, companies are still putting all their trust in a third-party’s infrastructure, which is why having a robust disaster recovery plan — including data backups — is so important
Tomi Engdahl says:
https://www.infosecurity-magazine.com/news/solarwinds-attackers-more/
Tomi Engdahl says:
Among law firms surveyed, 36% reported malware infections of their office computers; 43% claimed to encrypt their files, less than 40% use full disk encryption, with similar numbers for e-mail encryption. These stats almost certainly under-estimate the security measures used by law firms, because as Dr. House says, “Everybody lies.”
Ransomware Attackers Take Aim At Law Firms
https://www.forbes.com/sites/forbestechcouncil/2021/03/12/ransomware-attackers-take-aim-at-law-firms/?sh=1bdc9585a13e
Ransomware attackers have ratcheted up during the pandemic, particularly against organizations like hospitals and schools, for which outages can cause irreparable harm and impact large numbers of people.
However, law firms are increasingly an attractive target because of the nature of their business. In the course of corporate legal and M&A work, litigation and other legal services they perform, law firms and in-house legal teams collect tons of confidential corporate information and sensitive data like tax returns. They can suffer reputational and financial losses if they are breached, especially if data is exposed. Average ransomware payouts exceed $1 million, according to a recent report from security firm CrowdStrike.
Tomi Engdahl says:
How to share Wi-Fi without giving out your password
https://www.komando.com/privacy/qr-code-generator-qifi/422924/
Many of us are leery when it comes to giving guests in our home the Wi-Fi password. It’s not that you don’t trust grandma, you’re just afraid that handing your network’s password out to anyone could lead to disaster later.
There has to be a better way. Don’t worry, there is. Keep reading for a secure way to let guests use your Wi-Fi network without all the usual risks.
Tomi Engdahl says:
After SolarWinds debacle, the U.S. needs to keep software makers from being hurt by cost-cutting owners
Last week, President Joe Biden promised an initiative to identify software and computer hardware firms, among other strategic industries, in order to give them incentives to stay or move back here.
https://www.inquirer.com/business/cybersecurity-solarwinds-russia-thoma-bravo-hack-software-20210301.html
Tomi Engdahl says:
https://pentestmag.com/a-not-so-blind-rce-with-sql-injection/
Tomi Engdahl says:
https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
Tomi Engdahl says:
Hackers hack at unhackable new chip for three months. Chip remains unhacked
By Dave James 2 days ago
https://www.pcgamer.com/unhackable-chip-not-hacked-yet/
University of Michigan’s Morpheus chip has passed its stiffest security test to far.
Tomi Engdahl says:
Ecommerce apps are more vulnerable than ever
https://cybernews.com/security/ecommerce-apps-are-more-vulnerable-than-ever/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=Apps_in_danger&fbclid=IwAR3HSiiF3AMs6ji5A-bVtOxZSe6r7YcTza2nyXGFoa6pVu77XSkKl6-X3GE
As lockdown measures have become commonplace throughout much of the world in its bid to tackle COVID-19, ecommerce has blossomed. Indeed, recent data from eShopWorld suggests a 63% rise in ecommerce sales year-on-year over the Christmas period, following a 113% increase in global online sales during October.
New research from cybersecurity firm Outpost24 highlights the particular risks associated with the kind of web applications we increasingly use for our ecommerce activities. The report outlines that 43% of all data breaches during 2019 were experienced by web applications, which has brought the issue to the top of the agenda for retailers the world over.
Tomi Engdahl says:
Securing industrial networks: What is ISA/IEC 62443?
https://blogs.cisco.com/security/securing-industrial-networks-what-is-isa-iec-62443
Cyber attacks targeting industrial networks increased by 2000% from
2018 to 2019. Attacks on operational technology (OT) can interrupt
production and revenue, expose proprietary information, or taint
product quality. They can even put employees in harm’s way or damage
the environment. Attacks on critical infrastructurewater, power, and
transportationcan inflict devastating effects on the economy and
public health.
Tomi Engdahl says:
Chinese universities connected to known APTs are conducting AI/ML
cybersecurity research
https://therecord.media/chinese-universities-connected-to-known-apts-are-conducting-ai-ml-cybersecurity-research/
At least six major Chinese universities with previous connections to
government-backed hacking groups have been conducting research on the
intersection of cybersecurity and machine learning. In a paper titled
“Academics, AI, and APTs, ” the Center for Security and Emerging
Technology at Georgetown University warns that the research conducted
today in these Chinese universities today could soon be integrated
into the techniques used by Chinese state-sponsored hackers (APTs).
also (PDF):
https://cset.georgetown.edu/wp-content/uploads/CSET-Academics-AI-and-APTs.pdf
Tomi Engdahl says:
Welcome to the era of the mega-hack
Weaponised software flaws now threaten everyone, not just the few.
https://www.zdnet.com/google-amp/article/welcome-to-the-era-of-the-mega-hack/
We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs — and use them to create attacks that compromise the computer systems of thousands of organisations, all at once.
Bugs exists wherever there is software, despite attempts to eradicate them. What we’re seeing now is a growing ability and desire from hackers to turn these bugs into attacks. Increasingly, the same software applications and tools are being used by companies around the world. Some may not even be aware of the software code they are relying on, such is the interconnected world of tech products. And even if they do know the software they are using, too many companies fail to update it even when warned about vulnerabilities by software vendors.
Hacking groups have different motivations: state-backed hackers want to gain access to as many systems as possible before deciding which have strategic value (either a source of intelligence or as a stepping-stone to compromising other systems); cyber criminals want to break in where they can to either steal data or deliver money-making ransomware. Either way, threat actors are now sophisticated enough to respond to weaknesses quicker than ever before. That’s bad for everyone.
A software flaw doesn’t affect just one company, but can put thousands or even tens of thousands at risk as hacking groups seize on a new bug and race to exploit it, breaking into as many systems as possible before a fix is found and applied.
Some companies used to think they were too small to be targeted, but will sadly discover that crooks will attack — and potentially destroy — their business, just on the off-chance that a ransom will be paid. Others will find that cutting costs by not patching software flaws is a false economy, to say the least.
Tomi Engdahl says:
It’s time to stop using SMS for anything.
https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80
By now most infosec professionals are aware of various ways SMS text messaging can be hijacked. For example so-called “SIM Swap” attacks, SS7 attacks, Port-out fraud, etc. All of these attacks however do require some level of sophistication, whether it be high level access to SS7, or account information or social engineering to successfully port out the phone number to a new provider or swap the sim on the existing account.
There is however other vulnerabilities that are not particularly well known.
Up until sometime on Thursday, March 11th, 2021 NetNumber was allowing any and all wireless phone numbers to have their NNIDs reassigned or hijacked without any authorization or verification as well. Presumably while this author and other journalists were seeking comment, after a proof of concept was demonstrated, it appears they have devised a scheme to pretend this is no longer a problem by temporarily not allowing wireless numbers to be hijacked. Their quick fix however brings more questions than answers. If wireless numbers are locked to the carrier they’re already assigned to then what is the purpose of NetNumber’s database?
Enter Okey Monitor, a new service that promises to alert you to this type of attack, as well as other SMS intercept attacks(such as port outs, etc.). Their website states:
The unspoken truth is, out-of-band security gaps exist which allow hackers to virtually steal your phone from anywhere. In today’s world, if they have your phone, they are ‘Authentically’ you. Now they can easily pass Two-Factor Authentication and take over your accounts. Hijack your text messages. Impersonate you. All without you knowing a thing.
Tomi Engdahl says:
US charges CEO of company selling encrypted devices to drug traffickers
https://www.engadget.com/us-charges-ceo-selling-encrypted-devices-drug-traffickers-121552423.html
The custom handsets included iPhones that were allegedly used to evade police surveillance.
Tomi Engdahl says:
The Obama Administration Had a Plan to Stop Cyberattacks Like SolarWinds
They blew it.
https://slate.com/news-and-politics/2021/03/obama-cyber-napolitano-gates-solarwinds.html
The problem, as analysts have since determined, is that the hacks were mounted from servers based in the United States. This explains why the U.S. government didn’t notice the intrusions. (FireEye, one of the private cybersecurity firms targeted in the SolarWinds hack, detected them.) The National Security Agency, which monitors cybertraffic as well as any entity on earth, is legally barred from engaging in domestic surveillance. The Department of Homeland Security, which is supposed to track threats from within, has never been up to the task, lacking the money, manpower, or technology.
Tomi Engdahl says:
Hacked Water Plant in Florida Relied on Shared Password, Windows 7
https://uk.pcmag.com/security/131699/hacked-water-plant-in-florida-relied-on-shared-password-windows-7
While it’s easy to condemn the water treatment plant in Florida for poor security practices, a former US cybersecurity official says many public utilities in the US are underfunded.
Tomi Engdahl says:
Welcome to the era of the mega-hack
https://www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/
We’re now living in the era of the mega-hack. More than ever, software
flaws are being seized on by sophisticated hackers who take these bugs
- – and use them to create attacks that compromise the computer systems
of thousands of organisations, all at once. Right now, we need to
realise that the stakes are increasing – and rapidly.
Tomi Engdahl says:
COVID-19: Examining the threat landscape a year later
https://securelist.com/covid-19-examining-the-threat-landscape-a-year-later/101154/
On the anniversary of the global shutdown, Kaspersky experts decided
to take a look back at how the threat landscape has evolved since the
beginning of the pandemic and what that means for users in the years
to come.
Tomi Engdahl says:
Phishing sites now detect virtual machines to bypass detection
https://www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/
Phishing sites are now using JavaScript to evade detection by checking
whether a visitor is browsing the site from a virtual machine or
headless device.
Tomi Engdahl says:
Verkada Breach Demonstrates Danger of Overprivileged Users
https://www.darkreading.com/vulnerabilities—threats/verkada-breach-demonstrates-danger-of-overprivileged-users/d/d-id/1340403
In re-evaluating supply chains, companies should classify vendors with
super admin privileges to devices or backdoors as a significant
threat.
Tomi Engdahl says:
Rising Demand for DDoS Protection Software Market By 2020-2028
https://thehackernews.com/2021/03/rising-demand-for-ddos-protection.html
Demand for the DDoS software market is on the rise due to the
exponential increase in multi-vector DDoS attacks and the ease with
which DDoS-for-hire services are available today.
Tomi Engdahl says:
Haluatko lisätä tietoturvaa helposti? Näin kaksivaiheinen
tunnistautuminen tapahtuu helpoimmin
https://www.kauppalehti.fi/uutiset/haluatko-lisata-tietoturvaa-helposti-nain-kaksivaiheinen-tunnistautuminen-tapahtuu-helpoimmin/c7e1ef81-e46a-422d-885b-8bf82f3a9c8b
Osaatko pitää tietosi turvassa verkossa? Käyttäjätilin turvallisuutta
voi helposti lisätä kaksivaiheisella tunnistuksella. [TILAAJILLE]
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11888-fcc-viisi-kiinalaisvalmistajaa-uhkaa-kansallista-turvallisuutta
Huawein lisäksi listalla ovat ZTE, Hytera Communications, Hangzhou Hikvision Digital Technology ja Dahua Technology. Hytera, Hangzhou ja Dahua kehittävät esimerkiksi videovalvontalaitteita.
Tomi Engdahl says:
https://www.securityweek.com/ransomware-operators-start-targeting-microsoft-exchange-vulnerabilities
Tomi Engdahl says:
US Moves Closer to Retaliation Over Hacking as Cyber Woes Grow
https://www.securityweek.com/us-moves-closer-retaliation-over-hacking-cyber-woes-grow
A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks.
The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.
US officials had previously hinted at moves against Russia, which has been linked to the massive SolarWinds hack that shook the government and corporate security last year. The latest comments suggested forthcoming actions.
“You can expect further announcements on that in weeks, not months,” the senior official said, in reference to SolarWinds, in a briefing with reporters on the two hacking incidents.