Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Huawei Listed Anew as Threat to US National Security
https://www.securityweek.com/huawei-listed-anew-threat-us-national-security
Tomi Engdahl says:
Despite Hacks, US Not Seeking Widened Domestic Surveillance
https://www.securityweek.com/despite-hacks-us-not-seeking-widened-domestic-surveillance
The Biden administration is not planning to step up government surveillance of the U.S. internet even as state-backed foreign hackers and cybercriminals increasingly use it to evade detection, a senior administration official said Friday.
The official said the administration, mindful of the privacy and civil liberties implications that could arise, is not currently seeking additional authority to monitor U.S.-based networks. Instead, the administration will focus on tighter partnerships and improved information-sharing with the private-sector companies that already have broad visibility into the domestic internet, said the official, who spoke to reporters on condition of anonymity.
The comment was an acknowledgement of the fraught political debate surrounding domestic government surveillance — nearly eight years after former National Security Agency contractor Edward Snowden triggered a scandal with leaked agency documents — and a recognition of the challenges in balancing the growing cyber defense imperative against privacy concerns that come with stepped-up monitoring.
Foreign state hackers are increasingly using U.S.-based virtual private networks, or VPNs, to evade detection by U.S. intelligence agencies, who are legally constrained from monitoring domestic infrastructure.
In the crucial second stage of the SolarWinds hacking campaign, for instance, the suspected Russian intelligence operatives used U.S.-based VPNs to siphon off data through backdoors in victims’ networks, establishing an account that made it seem like they were in the U.S.
Tomi Engdahl says:
https://www.iso.org/isoiec-27001-information-security.html
Tomi Engdahl says:
Joseph Cox / VICE:
Hacker paid a company called Sakari $16 to reroute a reporter’s texts and used SMS 2FA to break into his accounts, showing the need for regulation of SMS tools — A gaping flaw in SMS lets hackers take over phone numbers in minutes,by simply paying a company to reroute text messages. — Joseph Cox
A Hacker Got All My Texts for $16
A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.
https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
Tomi Engdahl says:
Top 10 Cloud Malware Threats
https://www.intezer.com/blog/cloud-security/top-10-cloud-malware-threats/
For a long time Linux has not been seen as a serious target of threat
actors. This operating system makes up such a small percentage of the
desktop market share compared to Windows, it’s no surprise why threat
actors would focus most of their attention on attacking Windows
endpoints. Times are quickly changing though as the next major
battleground moves from traditional on-premise Windows endpoints to
Linux-based servers and containers in the cloud. For perspective 90%
of the public cloud runs Linux. Attackers are taking note. Some have
started to write new malware from scratch exclusively for Linux, while
others are adapting their existing Windows malware to target Linux.
Tomi Engdahl says:
Haittaohjelmien tekijät ovat ajan hermolla, selviää tietoturvayhtiö
Kasperskyn tuoreesta raportista
https://www.tivi.fi/uutiset/tv/8531ef10-ab0d-43ab-ae9c-4e25980e8aeb
Applen uudet M1-suorittimet ovat saaneet paljon ylistystä
suorituskyvystään, mikä tietysti näkyy lisääntyneenä suosiona. Suosio
taas saa haittaohjelmien tekijät liikkeelle. Kaspersky kertoo kolmesta
haittaohjelmasta, jotka kaikki ovat uusille M1-Maceille suunnattuja.
also:
https://securelist.com/malware-for-the-new-apple-silicon-platform/101137/
Tomi Engdahl says:
No, Your iPhone Is Not More Secure Than Android, Warns Cyber
Billionaire
https://www.forbes.com/sites/zakdoffman/2021/03/16/iphone-12-pro-max-and-iphone-13-not-more-secure-than-google-and-samsung-android-warns-cyber-billionaire/
One of the world’s leading cybersecurity experts has just warned that
the alarming new surge in malicious apps is a much more serious threat
to iPhone users than you might think. iPhones, he says, have a
surprising security vulnerability.
Tomi Engdahl says:
Future Focused: Encryption and Visibility Can Co-Exist
https://blogs.cisco.com/security/future-focused-encryption-and-visibility-can-co-exist
Along with others in the networking industry, we at Cisco are working
to continually improve both security and privacy, without an advance
in one area harming the other. In this blog I’ll describe two recent
privacy advancesDNS over HTTPS (DoH) and QUICand what we’re doing to
maintain visibility.
Tomi Engdahl says:
50 years of malware? Not really. 50 years of computer worms? That’s a
different story…
https://isc.sans.edu/forums/diary/50+years+of+malware+Not+really+50+years+of+computer+worms+Thats+a+different+story/27208/
Tomi Engdahl says:
US Office of National Intelligence says Russia, Iran tried to mess with 2020 elections, China sat it out
https://www.theregister.com/2021/03/17/2020_us_election_security_report/
Security precautions held up, but Putin himself signed off on efforts to scare the public with claims of voting system compromise
The USA’s Office of National Intelligence today released its previously classified assessment of “Foreign Threats to the 2020 US Federal Elections” and found “some successful compromises of state and local government networks prior to Election Day—as well as a higher volume of unsuccessful attempts”.
But those efforts were “not directed at altering election processes”, instead aiming to “spread false or inflated claims about alleged compromises of voting systems to undermine public confidence in election processes and results.”
Tomi Engdahl says:
That effort appears to have worked, given the riot at the US Capitol was fueled by the false belief that the election had been compromised
Tomi Engdahl says:
Securing Endpoints in 2020: Proactive Security with XDR
https://pentestmag.com/securing-endpoints-in-2020…/
#pentest #magazine #pentestmag #pentestblog #PTblog #endpoint #proactive #security #XDR #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
This Surveillance Company Claims It Can Track Nearly Any Car in Real-Time
https://gizmodo.com/this-surveillance-company-claims-it-can-track-nearly-an-1846494534
A defense contractor that claims to have access to motor vehicle location data on a global scale says it wants to use that data to help U.S. federal agencies conduct more efficient spying and military operations.
says it can “access over 15 billion vehicle locations” worldwide every month. This data, which can be viewed “historically” or in real-time, should be used operationally by U.S. agencies, the company says.
A document obtained by the office of Sen. Ron Wyden, which was first reported by Motherboard and shared with Gizmodo, shows Ulysses claims to be able to “remotely geolocate” cars in “nearly any country,” with the exceptions of Cuba and North Korea.
Caitlin McGarry
5
It’s been well-known for some time that as cars have become increasingly connected to the internet, they have also generated an ever-larger amount of data (this can include location, usage rates, internal media and communications preferences, external road conditions, and so on): Often, this data is being shared continuously with the automaker, with car-parts manufacturers, and sometimes with third parties. In recent years, there has been a race to sell and profit off this data
At the same time, federal agencies have been enthusiastically hoovering up personal consumer data collected by private contractors like Ulysses, in an effort to augment their own surveillance and espionage operations. The Department of Homeland Security, the FBI, and countless other agencies have all been caught indulging in this trend. In the case of car location data, the spying capabilities it claims to provide are enormous, as Ulysses freely admits.
“Vehicle location data is transmitted on a constant and near real time basis while the vehicle is operating,”
Tomi Engdahl says:
Jeff Stone / CyberScoop:
FBI says $4.2B in losses as a result of cybercrime and internet fraud were reported to its Internet Crime Complaint Center in 2020, up about 20%
https://www.cyberscoop.com/fbi-ic3-cybercrime-4-billion-fraud/
Tomi Engdahl says:
Supon tutkija A-studiossa: Etätyö lisännyt verkkovakoilua “Kaikkia
tietoturvaratkaisuja ei ole mietitty ihan täydellisesti”
https://yle.fi/uutiset/3-11840467
Suojelupoliisin mukaan ulkomaiset tiedustelupalvelut ovat lisänneet
verkossa tapahtuvaa vakoilua pandemian aikana. Supon erikoistutkijan
Veli-Pekka Kivimäen mukaan kohteiden määrä verkossa on lisääntynyt
muun muassa etätyön myötä. – Kaikkia tietoturvaratkaisuja ei ole
välttämättä mietitty ihan täydellisesti, kun toimintoja on siirretty
etätyöhön, Kivimäki sanoi tiistaina A-studiossa.
Tomi Engdahl says:
TTP Table for Detecting APT Activity Related to SolarWinds and Active
Directory/M365 Compromise
https://us-cert.cisa.gov/ncas/current-activity/2021/03/17/ttp-table-detecting-apt-activity-related-solarwinds-and-active
CISA has released a table of tactics, techniques, and procedures
(TTPs) used by the advanced persistent threat (APT) actor involved
with the recent SolarWinds and Active Directory/M365 compromise. The
table uses the MITRE ATT&CK framework to identify APT TTPs and
includes detection recommendations. This information will assist
network defenders in detecting and responding to this activity. also:
https://us-cert.cisa.gov/sites/default/files/publications/SolarWinds_and_AD-M365_Compromise-Detecting_APT_Activity_from_Known_TTPs.pdf
Tomi Engdahl says:
ZERO TRUST NOLLALUOTTAMUS MODERNIN TURVALLISEN ICT-YMPÄRISTÖN
PERUSTANA
https://yrityksille.elisa.fi/ideat/zero-trust-nollaluottamus-turvaa-ict-ymparistosi/
Zero Trust eli “luottamattomuuden periaate” on kehitetty modernien ja
ketterästi kehittyvien ICT-ympäristöjen suunnitteluun. Se auttaa
rakentamaan tietoturvaa nykypäivän monimutkaisessa maailmassa, jossa
eri ICT-järjestelmät integroituvat toisiinsa. Zero Trust -mallin
perustana on nimensä mukaisesti, että luottamus on nolla kaikilla ajan
hetkillä. Laitteet ja käyttäjät tunnistetaan kaikissa tilanteissa ja
päätös pääsyn sallimisesta perustuu riskiarvioon. Vahvan
tunnistautumisen käyttö on yksi perusasioita.
Tomi Engdahl says:
Largest ransomware demand now stands at $30 million as crooks get
bolder
https://www.zdnet.com/article/largest-ransomware-demand-now-stands-at-30-million-as-crooks-get-bolder/
Ransomware shows no sign of slowing down as the average ransom paid to
cyber criminals by organisations which fall victim to these attacks
has nearly tripled over the last year. also:
https://unit42.paloaltonetworks.com/ransomware-threat-assessments/
Tomi Engdahl says:
New global model needed to dismantle ransomware gangs, experts warn
https://www.cyberscoop.com/ransomware-attacks-global-hacks-diplomacy/
Ransomware gangs are making a killing they’re encrypting data at
schools and hospitals around the world at an alarming rate, and
they’re raking in hundreds of millions of dollars’ worth doing it, by
some counts.
Tomi Engdahl says:
New ICS Threat Activity Group: VANADINITE
https://www.dragos.com/blog/industry-news/new-ics-threat-activity-group-vanadinite/
In this blog post, we will provide more information on one of the new
groups: VANADINITE. The fundamental assessment of threats tracked by
Dragos is that they are explicitly attempting to gain access to ICS
networks and operations or are successful in achieving access, not
simply trying to gain access to an industrial organization. The new
VANADINITE activity group targets electric utilities, oil and gas,
manufacturing, telecommunications, and transportation. VANADINITE
targets a geographically broad region including North America, Europe,
and with evidence of activity in Asia and Australia.
Tomi Engdahl says:
To Patch or Not to Patch in OT That Is the Real Challenge
https://www.tripwire.com/state-of-security/ics-security/to-patch-or-not-to-patch-in-ot-that-is-the-real-challenge/
What do you think of when your mind goes to an OT environment? Is it
all about old legacy machines and some specialized devices such as
Programmable Logic Controllers (PLC), Servos, Variable Frequency
Drives (VFD), RTUs and other remote IO devices?. If so, you are almost
right. But also remember there is a fair number of IT like assets in
that environment, too. As a result, patching in the OT environment is
not altogether a wrong or far-fetched notion. It’s just not a blanket
one.
Tomi Engdahl says:
Defenders, Know Your Operating System Like Attackers Do!
https://isc.sans.edu/forums/diary/Defenders+Know+Your+Operating+System+Like+Attackers+Do/27212/
Not a technical diary today but more a reflection When I’m teaching
FOR610[1], I always remind students to “RTFM” or “Read the F Manual”.
I mean to not hesitate to have a look at the Microsoft document when
they meet an API call for the first time or if they are not sure about
the expected parameters. Many attackers have a very deep knowledge of
how targeted operating systems are behaving and what are the controls
in place or features that could be (ab)used by malicious code.
Tomi Engdahl says:
Can We Stop Pretending SMS Is Secure Now?
https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
SMS text messages were already the weakest link securing just about
anything online, mainly because there are tens of thousands of
employees at mobile stores who can be tricked or bribed into swapping
control over a mobile phone number to someone else. Now we’re learning
about an entire ecosystem of companies that anyone could use to
silently intercept text messages intended for other mobile users.
Tomi Engdahl says:
Google toimii 24/7 miksi suomalaiset verkkopankit takkuavat?
https://www.tivi.fi/uutiset/google-toimii-24-7-miksi-suomalaiset-verkkopankit-takkuavat/f22bd9e2-7a72-4e81-8e67-019c60ebad89
Nettijättien palvelut on rakennettu moderneilla teknologoilla
puhtaalta pöydältä. Osa pankkien järjestelmistä periytyy viime
vuosituhannelta. [TILAAJILLE]
Tomi Engdahl says:
FINDING THE CRACKS IN THE WALL – HOW MODERN SCAMS BYPASS MFA
https://blogs.akamai.com/2021/03/finding-the-cracks-in-the-wall-how-modern-scams-bypass-mfa—blog2.html
In this blog, I will cover the most prevalent techniques being used to
bypass MFA factors, and I will explain how different MFA techniques
present different risks for user credentials becoming compromised and,
as a result, accounts being taken over.
Tomi Engdahl says:
Debunking the Top User Experience, Security, and Fraud Myths
https://www.securityweek.com/debunking-top-user-experience-security-and-fraud-myths
Tomi Engdahl says:
Chinese Cyberspies Target Telecom Companies in America, Asia, Europe
https://www.securityweek.com/chinese-cyberspies-target-telecom-companies-america-asia-europe
China-linked cyber-espionage group Mustang Panda is targeting telecommunications companies in Asia, Europe, and the United States for espionage purposes, according to a warning from security researchers at McAfee.
Also referred to as RedDelta and TA416, the threat actor has been previously associated with the targeting of entities in connection with the Vatican – Chinese Communist Party diplomatic relations, along with some entities in Myanmar.
The new malware attacks, McAfee says, employ the same tactics, techniques and procedures (TTPs) previously associated with Mustang Panda. The initial vector of infection hasn’t been identified, but the researchers believe that victims were being lured to a fake website crafted to mimic the legitimate career site for Chinese tech giant Huawei.
The first stage of the attack leverages a fake Flash application and a phishing page mimicking the original website, while the second stage is a .Net payload executed to further compromise the machine through downloading and managing backdoors. A Cobalt Strike beacon payload is delivered as a third stage.
Referred collectively as Operation Diànxùn, the new attacks were targeted at telecommunication companies in based in Southeast Asia, Europe, and the United States. The adversary, McAfee says, shows strong interest in German, Vietnamese, and Indian telecommunication companies.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11904-mac-virusten-maara-rajahti-kasvuun
Tomi Engdahl says:
Businesses who rely solely on endpoint security solutions most likely won’t stand a chance against a Zerologon type of cyberthreat. Here’s how you can conveniently strengthen your security.
How to guard against Zerologon and similar vulnerabilities
https://www.kaspersky.com/blog/zerologon-threat-mdr/39026/?utm_source=facebook&utm_medium=social&utm_campaign=gl_Optimum-Sec-Framework-_ay0073_promo&utm_content=sm-post&utm_term=gl_facebook_promo_hfk2lekrv73sicd&fbclid=IwAR1U3Rg9AN727GU2PZHRaM95p5fOrEUEys3tp718t3hZ8NCxKEJv-Z2X_80
To stop all threats to the corporate infrastructure, you have to do more than just protect workstations.
Tomi Engdahl says:
Fears of ‘digital dictatorship’ as Myanmar deploys AI
https://news.trust.org/item/20210318130045-zsgja
Protesters fear they are being tracked by cameras armed with facial recognition technology
*Protesters fear they are being tracked by CCTV cameras
*Cameras with AI technology can scan faces and licence plates, and alert police
*Most of the equipment is from Chinese tech firm Huawei
Tomi Engdahl says:
Identifying suspicious credential usage
https://www.ncsc.gov.uk/blog-post/identifying-suspicious-credential-usage
How NCSC guidance can help organisations detect and protect themselves
from credential abuse.
Tomi Engdahl says:
Trust your surveillance? Why hacked cameras are very bad
https://www.welivesecurity.com/2021/03/19/trust-your-surveillance-why-hacked-cameras-are-very-bad/
When a breach captures a part of us that is unchangeable, does it mean
that we have allowed technology to pry too deeply into our lives?
FBI: Cybercrime losses topped US$4.2 billion in 2020
https://www.welivesecurity.com/2021/03/18/fbi-cybercrime-losses-topped-us42billion-2020/
The Bureau received over 28, 000 reports of COVID-19-themed scams last
year
Tomi Engdahl says:
FBI warns of BEC attacks increasingly targeting US govt orgs
https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attacks-increasingly-targeting-us-govt-orgs/
The Federal Bureau of Investigation (FBI) is warning US private sector
companies about an increase in business email compromise (BEC) attacks
targeting state, local, tribal, and territorial (SLTT) government
entities.
Tomi Engdahl says:
Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S.
Military
https://www.vice.com/en/article/k7adn9/car-location-data-telematics-us-military-ulysses-group
15 billion car locations. Nearly any country on Earth. The Ulysses
Group’ is pitching a powerful surveillance technology to the U.S.
government.
Tomi Engdahl says:
Uhkat Ruotsia kohtaan kasvavat eivätkä nykyiset vastatoimet riitä,
arvioi Ruotsin turvallisuuspoliisi Säpo
https://yle.fi/uutiset/3-11844771
Ruotsiin kohdistuvat uhkat ulkomailta ja väkivaltaisista
ääriliikkeistä jatkavat kasvuaan, arvioi turvallisuuspoliisi Säpo.
Norjan parlamenttia vastaan tehtiin kyberhyökkäys toista kertaa noin
puolen vuoden aikana
https://yle.fi/uutiset/3-11831255
Verkkohyökkäys suurkäräjille käytti hyväkseen Microsoft Exchangen
haavoittuvuuksia, kertoo NRK.
Tomi Engdahl says:
Safeguarding critical infrastructure
https://medium.com/e-tech/protecting-the-healthcare-sector-from-cyber-attacks-7b1851538e27
A UN report highlights the vulnerability of the healthcare sector and
suggests a cybersecurity code of conduct for nation states
Tomi Engdahl says:
China-Linked Cyber-Espionage Group Mustang Panda is Targeting
Telecommunications
https://cybersguards.com/china-linked-cyber-espionage-group-mustang-panda-is-targeting-telecommunications/
According to McAfee security researchers, the China-linked
cyber-espionage organisation Mustang Panda is targeting
telecommunications companies in Asia, Europe, and the United States
for espionage purposes. Also:
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf.
Also:
https://www.databreachtoday.co.uk/hacking-group-conducted-espionage-campaign-targeting-telcos-a-16203
Tomi Engdahl says:
NIS2 Proposal: First feedback on the normative text
https://cert.at/en/blog/2021/3/nis2-proposal-first-feedback-on-the-normative-text
Feedback on the normative text of the NIS2 proposal.
https://cert.at/en/blog/2021/3/nis2-proposal-first-feedback-on-the-normative-text
Tomi Engdahl says:
iedote 18.3.2021: Timanttiteko-palkinto 2020
Kyberturvallisuuskeskukselle
https://www.erillisverkot.fi/timanttiteko-palkinto-2020/
Turvallisuuskomitea on myöntänyt vuoden 2020 Timanttiteko-palkinnon
Kyberturvallisuuskeskukselle Yhteiskunnan turvallisuusstrategian
tavoitteiden esimerkillisestä edistämisestä. Liikenne- ja
viestintävirasto Traficomin Kyberturvallisuuskeskus on kansallinen
tietoturvaviranomainen ja sillä on merkittävä rooli digitaalisessa
yhteiskunnassa. Nopeasti muuttuvassa maailmassa tietoturvan ylläpito
ja kehittäminen, tietoturvaloukkausten havainnointi ja selvittäminen
sekä eri organisaatioiden kouluttaminen ja tietojärjestelmien
arviointi on välttämätöntä.
Suojelupoliisi tunnisti eduskuntaan kohdistuneen
kybervakoiluoperaation APT31:ksi
https://supo.fi/-/suojelupoliisi-tunnisti-eduskuntaan-kohdistuneen-kybervakoiluoperaation-apt31-ksi
Suojelupoliisi on tunnistanut vuonna 2020 eduskuntaan kohdistuneen
kybervakoiluoperaation, jossa yritettiin tunkeutua eduskunnan
tietojärjestelmiin. Eduskunta vahvisti tietoturvaansa saatuaan
Suojelupoliisilta ohjeita. Eduskunnan tietohallinnon varoittamisen
lisäksi Suojelupoliisi toimitti asiasta tietoa toiselle
toimivaltaiselle viranomaiselle eli Kyberturvallisuuskeskukselle,
jotta se pystyi tehostamaan omaa havainnointiaan. myös:
https://poliisi.fi/-/eduskunnan-tietojarjestelmiin-kohdistuneen-tietomurron-tutkinnassa-selvitetaan-yhteytta-apt31-toimijaan.
myös: https://yle.fi/uutiset/3-11843261. also:
https://www.bleepingcomputer.com/news/security/chinese-nation-state-hackers-linked-to-finnish-parliament-hack/
Tomi Engdahl says:
FBI Releases the Internet Crime Complaint Center 2020 Internet Crime
Report, Including COVID-19 Scam Statistics
https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internet-crime-complaint-center-2020-internet-crime-report-including-covid-19-scam-statistics
The FBI’s Internet Crime Complaint Center has released its annual
report. The 2020 Internet Crime Report includes information from 791,
790 complaints of suspected internet crimean increase of more than
300, 000 complaints from 2019 – and reported losses exceeding $4.2
billion. Internet Crime Report 2020 (PDF):
https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf. also:
64 times worse than ransomware? FBI statistics underline the horrific
cost of business email compromise -
https://www.tripwire.com/state-of-security/featured/fbi-statistics-underline-orrific-cost-of-business-email-compromise/.
also: More than $4 billion in cybercrime losses reported to FBI in
2020 – https://www.cyberscoop.com/fbi-ic3-cybercrime-4-billion-fraud/
Tomi Engdahl says:
Breaking bad: desperate job seekers turn to the Darknet and hacking
forums for opportunities
https://blog.checkpoint.com/2021/03/18/breaking-bad-desperate-job-seekers-turn-to-the-darknet-and-hacking-forums-for-opportunities/
Check Point Research noticed a growing trend that began towards the
end of 2020 and continues to develop in 2021 people are turning to the
Darknet and various hacking forums to offer their services and
availability for work for any kind of work available, including less
than legitimate roles.
The Ransomware Threat: Bigger, Greedier, Attacking the Most Vulnerable
https://blog.paloaltonetworks.com/2021/03/ransomware-threat/
Today, we released the 2021 Unit 42 Ransomware Threat Report. Using
data from Unit 42, as well as from our Crypsis incident response team,
the report details a disturbing new watershed: Cyber extortion has
reached crisis levels as cybercriminal enterprises have flourished,
obtaining capabilities that rival those of nation-states.
Tomi Engdahl says:
Alert (AA21-077A) – Detecting Post-Compromise Threat Activity Using
the CHIRP IOC Detection Tool
https://us-cert.cisa.gov/ncas/alerts/aa21-077a
This Alert announces the CISA Hunt and Incident Response Program
(CHIRP) tool. CHIRP is a forensics collection tool that CISA developed
to help network defenders find indicators of compromise (IOCs)
associated with activity detailed in the following CISA Alerts:.
AA20-352A: Advanced Persistent Threat Compromise of Government
Agencies, Critical Infrastructure, and Private Sector Organizations.
AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft
Cloud Environments.
Tomi Engdahl says:
What exactly should we be logging?
https://www.ncsc.gov.uk/blog-post/what-exactly-should-we-be-logging
A structured look at what data to collect for security purposes and
when to collect it.
The most common on premises vulnerabilities & misconfigurations
https://s3cur3th1ssh1t.github.io/The-most-common-on-premise-vulnerabilities-and-misconfigurations/
In this blog post I’m gonna cover the in my opinion most common
findings in a Windows Active Directory environment, which can be found
and abused for Privilege Escalation and Lateral Movement in such a
project. It’s about on premises vulnerabilities and misconfigurations
in an internal company environment as well as mitigations.
Tomi Engdahl says:
Infrastructure the Good, the Bad and the Ugly
https://www.lightbluetouchpaper.org/2021/03/18/infrastructure-the-good-the-bad-and-the-ugly/
Infrastructure the Good, the Bad and the Ugly analyses the security
economics of platforms and services. The existence of platforms such
as the Internet and cloud services enabled startups like YouTube and
Instagram soar to huge valuations almost overnight, with only a
handful of staff. But criminals also build infrastructure, from
botnets through malware-as-a-service. There’s also dual-use
infrastructure, from Tor to bitcoins, with entangled legitimate and
criminal applications. So crime can scale too.
Cybersecurity in Railways Conference: Key Takeaways
https://www.enisa.europa.eu/news/enisa-news/cybersecurity-in-railways-conference-key-takeaways
The ENISA-ERA Conference: “Cybersecurity in Railways” presented the
latest cybersecurity developments and highlighted the main challenges
in the field.
Tomi Engdahl says:
Google Cloud: Here are the six ‘best’ vulnerabilities security
researchers found last year
https://www.zdnet.com/article/google-cloud-here-are-the-six-best-vulnerabilities-security-researchers-found-last-year/
Google has paid a researcher a total of $164, 674 for this one bug
report concerning a Google Cloud Platform tool.
Google Reveals What Personal Data Chrome and Its Apps Collect On You
https://thehackernews.com/2021/03/google-to-reveals-what-personal-data.html
Privacy-focused search engine DuckDuckGo called out rival Google for
“spying” on users after the search giant updated its flagship app to
spell out the exact kinds of information it collects for
personalization and marketing purposes. “After months of stalling,
Google finally revealed how much personal data they collect in Chrome
and the Google app. No wonder they wanted to hide it, ” the company
said in a tweet. “Spying on users has nothing to do with building a
great web browser or search engine.”
Tomi Engdahl says:
Palvelinrikko voi yllättää asiakkaan “varmuuskopioinnista elää sitkeä
harhakäsitys”
https://www.tivi.fi/uutiset/tv/7d2e1c4d-54c9-4a2d-8b47-40a01e339f55
Pienten ja keskisuurten yritysten keskuudessa elää sitkeästi
harhakäsitys siitä, että varmuuskopiointi kuuluu oletuksena
hosting-palveluun. Sopimusehdoista kannattaa olla tarkkana.
[TILAAJILLE]
Tomi Engdahl says:
Report reveals the staggering scale of Business Email Compromise
losses
https://blog.malwarebytes.com/business-2/2021/03/report-reveals-the-staggering-scale-of-business-email-compromise-losses/
The Internet Crime Complaint Center (IC3), an arm of the FBI where
internet users can report online fraud crimes, recently released the
2020 Internet Crime Report, an annual report that contains high-level
information on suspected fraud cases reported to them and their
losses. A state-by-state statistical breakdown of these cases were
included in an accompanying report, 2020 State Reports, that you can
browse through here. Also:
https://www.ic3.gov/Media/PDF/AnnualReport/2020State/StateReport.aspx
Tomi Engdahl says:
US grid at rising risk to cyberattack, says GAO
https://thehill.com/policy/energy-environment/543831-government-watchdog-energy-department-must-address-cyber-threats-to
Distribution systems within the U.S. electrical grid are increasingly
vulnerable to cyberattack, a government watchdog said in a report
released Thursday. https://www.gao.gov/assets/gao-21-81.pdf
Tomi Engdahl says:
4 Ways Hackers Are Bypassing Network Segmentation
https://infosecwriteups.com/4-ways-hackers-are-bypassing-network-segmentation-9190d6f71a70?source=rss—-7b722bfd1b8d—4&gi=f72540426c4f
If you own a business or work in the industry, you’ve most likely
heard of PCI and know maintaining compliance is critical for a
business to continue accepting credit card payments.
Tomi Engdahl says:
Puolustusministeri Kaikkonen: Digitaalinen itsenäisyys on
puolustamisen arvoinen
https://www.erillisverkot.fi/puolustusministeri-kaikkonen-digitaalinen-itsenaisyys-on-puolustamisen-arvoinen/
Digitaalisen itsenäisyyden turvaaminen on osa modernia
maanpuolustusta. Kyberpuolustus ja kyberhyökkäysten torjuminen kuuluu
olennaisesti siihen, linjasi puolustusministeri Antti Kaikkonen Erve
Foorumi 2021 -tervehdyksessään.