Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
Kyberturvallisuus saattaa nousta keskiöön ensi kuussa julkaistavassa
puolustusselonteossa [TILAAJILLE]
https://www.lapinkansa.fi/kyberturvallisuus-saattaa-nousta-keskioon-ensi-kuu/3457056
Puolustautumiseen tietoverkkohyökkäyksiä ja hybridivaikuttamista
vastaan on kaivattu selkeää vastuunjakoa sekä valmiutta vastatoimiin.
Tomi Engdahl says:
The ‘Frankencloud’ model is our biggest security risk
https://techcrunch.com/2021/03/22/the-frankencloud-model-is-our-biggest-security-risk/
Recent testimony before Congress on the massive SolarWinds attacks served as a wake-up call for many. What I saw emerge from the testimony was a debate on whether the public cloud is a more secure option than a hybrid cloud approach.
The debate shouldn’t surround which cloud approach is more secure, but rather which one we need to design security for. We — enterprise technology providers — should be designing security around the way our modern systems work, rather than pigeonholing our customers into securing one computing model over the other.
An organization’s security needs to be designed with one single point of control that provides a holistic view of threats and mitigates complexity.
Tomi Engdahl says:
Cybersecurity limbo: is there a place for women in the industry?
https://cybernews.com/editorial/cybersecurity-limbo-is-there-a-place-for-women-in-the-industry/
11% of the cybersecurity workforce worldwide are women, and it drops to only 7% in Europe. Experts argue that cybersecurity is still in limbo – it’s pictured as a profession requiring only hard skills, and therefore not always considered as a career choice, especially by girls.
Cybersecurity is all about protection, and therefore, men are and need to be in charge. It is a completely false statement, yet, a very widespread perception of cybersecurity. The industry is still pictured as requiring mostly hard stills, and this misconception discourages many girls and women from entering the field.
Cybersecurity is quite a fresh field, compared to such deep-rooted and conventional career choices as medicine or finance.
“It’s still in limbo somehow in the minds of people. Many people think that cybersecurity is about hard skills, but soft skills are just as important. Cybersecurity is very horizontal and applies to every other single field that exists out there. As long as you have employees using devices, cybersecurity is your concern,” Hasratyan said.
That’s why role models are so important – to present opportunities that people don’t know exist.
Tomi Engdahl says:
US Office of National Intelligence says Russia, Iran tried to mess with 2020 elections, China sat it out
Security precautions held up, but Putin himself signed off on efforts to scare the public with claims of voting system compromise
https://www.theregister.com/2021/03/17/2020_us_election_security_report/
Tomi Engdahl says:
How to safely blur or pixelize text and images (an experiment)
https://cybernews.com/privacy/how-to-safely-blur-pixelize-text-and-images/
Tomi Engdahl says:
Uutinen
Linux kaipaa virussuojaa – “jos torjuu 90 prosenttia, se on voitto”
TIVI18.3.202109:42TIETOTURVALINUXHAITTAOHJELMATKYBERSOTA
Linux-haittaohjelmien määrä kasvoi 40 prosenttia viime vuonna. IBM:n Antti Pirisen mukaan virustorjunnan käyttäminen kannattaa Linuxissa, vaikka suojaus ei torjuisi kaikkia uhkia.
https://www.tivi.fi/uutiset/linux-kaipaa-virussuojaa-jos-torjuu-90-prosenttia-se-on-voitto/dd783c57-7a2d-441e-a44c-92e920d6e1e7
Tomi Engdahl says:
https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236/
Tomi Engdahl says:
https://ifunny.co/picture/big-brother-is-not-watching-you-are-boring-ftt8Jqui7
Tomi Engdahl says:
A Hacker Got All My Texts for $16
A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.
https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
Tomi Engdahl says:
Companies can silently reroute your texts to hackers, sometimes for just $16
It’s an industry aimed at businesses, but it’s open to nefarious uses
https://www.theverge.com/2021/3/15/22332315/sms-redirect-flaw-exploit-text-message-hijacking-hacking
Tomi Engdahl says:
Why ‘blaming the intern’ won’t save startups from cybersecurity liability
https://techcrunch.com/2021/03/13/why-blaming-the-intern-wont-save-startups-from-cybersecurity-liability/
SolarWinds is back in hot water after a shareholder lawsuit accused the company of poor security practices, which they say allowed hackers to break into at least nine U.S. government agencies and hundreds of companies.
The lawsuit said SolarWinds used an easily guessable password “solarwinds123” on an update server, which was subsequently breached by hackers “likely Russian in origin.” SolarWinds chief executive Sudhakar Ramakrishna, speaking at a congressional hearing in March, blamed the weak password on an intern.
There are countless cases of companies bearing the brunt from breaches caused by vendors and contractors across the supply chain.
Tomi Engdahl says:
https://pentestmag.com/insecure-deserialization-with-json-net/
Tomi Engdahl says:
50 years of malware? Not really. 50 years of computer worms? That’s a different story…
https://isc.sans.edu/forums/diary/50+years+of+malware+Not+really+50+years+of+computer+worms+Thats+a+different+story/27208/
If you have any interest in the history of malicious code, chances are you’ve heard or read somewhere that the first piece of malware ever created was a computer worm called Creeper and that spread itself through the ARPANET in 1971. Some sources even mention that it might have been on this very date, i.e. exactly 50 years ago[1].
So does malware really turn 50 today?
Not likely. Even leaving aside that according to some sources[2], there may have been a fork bomb[3] program created all the way back in 1969, and therefore the oldest malware might already be over 50 years old, the simple fact is that Creeper wasn’t malware in any sense of the word… Alhough it was probably the first example of a (benign) computer worm ever created.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11919-verkkokalastelu-kasvaa-nyt-voimakkaasti
Tomi Engdahl says:
Kuka omistaa datamme? EU:n datalait saavat muotonsa
https://etn.fi/index.php/13-news/11921-kuka-omistaa-datamme-eu-n-datalait-saavat-muotonsa
Tomi Engdahl says:
Näin haittaohjelma tulee älypuhelimeen ja miten se estetään
https://pjarvinen.blogspot.com/2021/03/nain-haittaohjelma-tulee-alypuhelimeen.html?m=1&s=09
Pari päivää sitten puhelimeeni kilahti tekstiviesti: “[OmaPosti]
Sinulla on paketti, joka on allekirjoitettava, tarkista…” (ja
is.gd-linkkilyhennyspalvelun taakse piilotettu osoite).
Haittaohjelmien yhä lisääntyessä virustorjuntaohjelma saattaa olla
paikallaan, varsinkin jos puhelimeen ladataan pelejä ja sitä käytetään
huolimattomasti. Ilman torjuntaohjelmaakin pärjää, kunhan ei lataa
epämääräisiä ohjelmia eikä ikinä asenna mitään nettisivulta. Älä
asenna puhelimeen yhtään ylimääräistä sovellusta, niin pysyt turvassa.
Lue myös:
https://www.tivi.fi/uutiset/tv/4eb85c41-c316-4ea7-8a43-d16f5baed95c
Tomi Engdahl says:
Haluatko lisätä tietoturvaa helposti? Näin kaksivaiheinen
tunnistautuminen tapahtuu helpoimmin [TILAAJILLE]
https://www.kauppalehti.fi/uutiset/haluatko-lisata-tietoturvaa-helposti-nain-kaksivaiheinen-tunnistautuminen-tapahtuu-helpoimmin/c7e1ef81-e46a-422d-885b-8bf82f3a9c8b
Kaksivaiheinen tunnistus (two-factor authentication eli 2FA) poistaa
käyttäjätunnusten vääriin käsiin joutumiseen liittyvät huolet miltei
kokonaan. Kaksivaiheinen tunnistus ei ole sen enempää teorian kuin
käytännönkään tasolla monimutkaista. Esimerkiksi pankkiautomaatilla
asiointi tai monien työpaikkojen kulkukortin käyttö ovat hyviä
esimerkkejä siitä. Käyttäjällä on ensinnäkin hallussaan tunnistukseen
vaadittava kortti tai rfid-lätkä, ja sen lisäksi tämä syöttää salaisen
pin-koodin. Vaikka kortti varastetaan tai koodi urkitaan tietoon,
täytyy varkaan saada myös toinen tunnistustapa haltuunsa, ennen kuin
väärinkäyttö onnistuu. Yleisin tapa hyödyntää kaksivaiheista
tunnistusta kotikäytössä on puhelin, johon tunnistuksen jälkimmäiseen
vaiheeseen käytettävä tunnistuskoodi voidaan toimittaa esimerkiksi
tekstiviestillä tai erillisen sovelluksen kautta. Usb-avaimet ja
varmennustikut tarjoavat usein turvallisemman ja kätevämmän tavan
kaksivaiheiseen tunnistukseen kuin sovellukset. Käyttäjän
tunnistaminen tikulla perustuu julkisen ja yksityisen avaimen
käyttöön. Käytössä yksityinen avain ei siirry tikulta ulos. Siksi
avaimet ovat turvassa haittaohjelmilta ja välimieshyökkäyksiltä, jotka
voivat vaarantaa salasanat ja teoriassa myös sovelluksiin perustuvat
kertakäyttökoodiratkaisut. Kaksivaiheinen tunnistus, toteutti sen
sitten sovelluksella, tekstarilla, varmennetikulla tai -avaimella, on
helppo tapa edistää omaa tietoturvaansa. Jos nyt ei kaikkia tunnuksia
jaksa laittaa kaksivaiheisen tunnistuksen taakse, kannattaa varjella
edes niitä tärkeimpiä.
Tomi Engdahl says:
Näin selvität, onko puhelimessasi vakoiluohjelma
https://www.is.fi/digitoday/tietoturva/art-2000007870552.html
Vakoiluohjelman olemassaolo omassa Android-puhelimessa on mahdollista
selvittää itsekin, jos olet valmis vähän kaivelemaan asetuksia.
Tomi Engdahl says:
Instagram scams and how to avoid them
https://nakedsecurity.sophos.com/2021/03/22/instagram-scams-and-how-to-avoid-them/
Since its launch in 2010, Instagram has seen more than 1 billion
accounts opened, and users on the service share close to 100 million
photos every day.
Tomi Engdahl says:
Hackers are switching to credential theft here’s how to stay safe
https://www.pandasecurity.com/en/mediacenter/mobile-news/hackers-credential-theft/
Recent research shows that email scammers are sending less
malware-infected messages. Instead they are choosing to use phishing
techniques to steal credentials directly because they are harder to
detect.
Tomi Engdahl says:
Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security
and Beyond
https://securityintelligence.com/posts/health-care-cybersecurity-costly-data-breaches-pii-security/
As hospitals get smarter, threat actors have more routes inside. IBM’s
recent research on the health care industry shows how smart tools,
which could be very valuable for today’s medical facilities, also need
healing of their own. What should hospital IT security teams look out
for? Our overview of the state of cybersecurity in the health care
industry shows what threats are out there and how you can mitigate
them.
Tomi Engdahl says:
Nuori hakkeri valjasti Elon Muskin ja Jeff Bezosin Twitter-tilit
härskiin bitcoin-huijaukseen Uhkarohkea yritys päättyi tylysti
https://www.kauppalehti.fi/uutiset/nuori-hakkeri-valjasti-elon-muskin-ja-jeff-bezosin-twitter-tilit-harskiin-bitcoin-huijaukseen-uhkarohkea-yritys-paattyi-tylysti/6b2d7c65-b465-4d9e-a75e-6b7fbd49a8ef
Decrypt kertoo, että teini-ikäinen hakkeri korkkasi yli sadan
julkisuuden hahmon, kuten Elon Muskin, Jeff Bezosin, Barack Obaman,
Joe Bidenin sekä Kim Kardashianin sekä suuryhtiöiden kuten Applen ja
Uberin Twitter-tilejä ja käytti niitä huiputtaakseen ihmisiltä
bitcoineja. Hakkeri itse myönsi jo syyllisyytensä törkeään petokseen.
Hänet tuomittiin kolmen vuoden vankeustuomioon, jonka jälkeen häntä
odottaa toiset kolme vuotta ehdonalaisena vankeutena. Hakkerin
epäiltyjen apureiden oikeudenkäynti on vielä kesken.
Tomi Engdahl says:
Tällainen on Supon tuore uhka-arvio: Korona siirsi vakoilua verkkoon – Venäjä ja Kiina mainittu
https://www.iltalehti.fi/politiikka/a/11966271-f8d6-4ffe-97dc-4c2e644c7b39
Supo: ”Suomessa on perheitä, joissa radikalisoituminen on kulkeutunut jo kolmanteen sukupolveen.”
Koronapandemian vuosi 2020 jää suojelupoliisin (Supo) mukaan vakoilun alalla historiaan kybervakoilun vuotena.
– Vakoilussa tunnetuin menetelmä on henkilötiedustelu, mutta koronapandemian leviämisen hidastamiseksi asetetut rajoitustoimet heikensivät valtioiden edellytyksiä harjoittaa henkilötiedustelua ulkomailla, Supon vuosikertomuksessa todetaan.
Samaan aikaan Suomi siirsi nopeasti suuren osan poliittisen päätöksenteon valmistelusta etäyhteyksien päälle verkkoon. Tietoa oli yhtäkkiä saatavilla verkossa paljon enemmän kuin aiemmin.
Laittoman tiedustelun painopiste siirtyi kyberympäristöön.
– Yleisesti voidaan todeta, että vuonna 2020 havaittiin poikkeuksellisen intensiivisiä valtiollisia kybervakoiluyrityksiä, jotka kohdistuivat Suomen ulko- ja turvallisuuspoliittisen päätöksenteon valmisteluun.
Tomi Engdahl says:
https://pentestmag.com/effects-biometrics-co-used-password/
Tomi Engdahl says:
MinterEllison makes its IT security ‘interventions’ easier to understand
https://www.itnews.com.au/news/minterellison-makes-its-it-security-interventions-easier-to-understand-561400
Simplifies processes, provides better context to users.
MinterEllison is re-examining cyber security “interventions” in business processes through a user experience lens, which has led it to provide users with more context about why an alert was triggered and a faster process to overturn any false positives.
Head of cyber and information security Sunil Saale told IQPC Australia’s cyber security A/NZ online series that the law firm is applying both user-centred design (UCD) and continuous improvement (CI) to its cyber security tooling and practices.
Tomi Engdahl says:
Google Cloud: Here are the six ‘best’ vulnerabilities security researchers found last year
Google has paid a researcher a total of $164,674 for this one bug report concerning a Google Cloud Platform tool.
https://www.zdnet.com/article/google-cloud-here-are-the-six-best-vulnerabilities-security-researchers-found-last-year/
Tomi Engdahl says:
When & How to Report Security Incidents
https://www.enisa.europa.eu/news/enisa-news/when-how-to-report-security-incidents
The European Union Agency for Cybersecurity (ENISA) releases new
guidelines to facilitate the reporting of security incidents by
national telecom security authorities.
Tomi Engdahl says:
45 000 suomalaista joutui identiteettivarkauden uhriksi mutta entä
Vastaamo?
https://www.is.fi/digitoday/tietoturva/art-2000007877152.html
Koronan värittämä vuosi lisäsi identiteettivarkauksien yrityksiä
huomattavasti, uusi kyselytutkimus kertoo. Lue:
https://www.mysafety.fi/sites/mysafety.fi/files/MySafety_ID_tutkimusraportti_B2C_2021_176x250mm_22032021_web.pdf.
Myös:
https://www.tivi.fi/uutiset/tv/68f836bd-ee1c-47ed-9e42-16c267a45b34 ja
https://yle.fi/uutiset/3-11850804
Tomi Engdahl says:
Threat Trends: DNS Security, Part 2
https://blogs.cisco.com/security/threat-trends-dns-security-part-2
We’ll focus on specific industries, looking at two things: the top
threat categories they face, and the categories that they’re more
likely to encounter when compared to other industries. In this way,
you’ll be better armed knowing which threats you’re more likely to
encounter within your industry.
Tomi Engdahl says:
How to enable Facebook’s hardware key authentication for iOS and
Android
https://blog.malwarebytes.com/how-tos-2/2021/03/how-to-enable-facebooks-hardware-key-authentication-for-ios-and-android/
Since 2017 desktop users have had the opportunity to use physical
security keys to log in to their Facebook accounts. Now iOS and
Android users have the same option too. Physical security keys are a
more secure option for two-factor authentication (2FA) than SMS (which
is vulnerable to SIM swap attacks and phishing), and apps that
generate codes or push notifications (which are also vulnerable to
phishing).
Tomi Engdahl says:
Three billion phishing emails are sent every day. But one change could
make life much harder for scammers
https://www.bleepingcomputer.com/news/security/ransomware-attack-shuts-down-sierra-wireless-iot-maker/
Phishing attacks remain extremely popular with cyber criminals – but
by applying DMARC, organisations can help thwart them.
Tomi Engdahl says:
Hakkerit saa apuun rahalla näin järjestät bug bounty -ohjelman
[TILAAJILLE]
https://www.tivi.fi/uutiset/tv/c105b7e4-9fc4-416e-9b29-306c0b2dcf4a
Hakkerit päästetään yhä useammin tarkoituksella penkomaan yritysten ja
organisaatioiden järjestelmiä. Niin sanotuissa bug bounty eli
bugipalkkio-ohjelmissa hakkerit raportoivat löytämistään
haavoittuvuuksista palkkioita vastaan. Kyseessä on uudenlainen
strategia kehittää tietoturvaa. Siinä missä perinteinen
tietoturva-auditointi keskittyy pistemäisesti tiettyjen kohteiden
analysointiin, bugipalkkio-ohjelmassa vain hakkerien mielikuvitus on
rajana. Haavoittuvuuksia voikin löytyä yllättävistä paikoista.
Ohjelmasta voi tehdä joko avoimen tai suljetun. Avoimessa ohjelmassa
kuka tahansa pääsee hakkeroimaan järjestelmiä, kun taas suljetussa
ohjelmassa organisaatio valitsee tietyn joukon luotettuja hakkereita.
Avoimen ohjelman kohteena ovat tyypillisesti kaikki julkiset
järjestelmät, suljetussa hakkerit voi päästää syvemmälle järjestelmien
syövereihin. Ulkoministeriön tulevassa ohjelmassa hakkerit pidetään
anonyymeinä, sillä jotkut vierastavat nimensä paljastamista
viranomaistaholle. Nimen pyytäminen tai tunnistautuminen saattaisi
rajata hyviä hakkereita pois ohjelmasta.
Tomi Engdahl says:
The Cusp of a Virtual Analyst Revolution
https://www.securityweek.com/cusp-virtual-analyst-revolution
Security Analytics and Threat Investigation Are in the Midst of a Sea Change
Once live stomping around vendor-packed expo halls at security conferences returns, it is highly probable that “Virtual Analyst” will play a starring role in buzzword bingo. Today, the loosely defined term represents an aspiration for security vendors and managed service providers but may be perceived as a threat by internal day-to-day security operations and threat hunting teams.
For context, security analytics and threat investigation are in the midst of a sea change. Cloud log analytics platforms now enable efficient and timely analysis of ever-increasing swathes of enterprise logs, events, and alerts dating back years. Threat Intelligence platforms are deeply integrated into cloud SIEM solutions—enabling both reactive and proactive threat hunting and automated incident investigation—and are entwined with a growing stack of sophisticated AI and ML capabilities. However, smart event correlation and alert fusion engines automatically triage the daily deluge of suspiciousness down to a manageable stack of high-priority incidents—replete with kill-chain reassembly and data enrichment.
In many environments the traditional tier-one security analyst responsibilities for triaging events (removing false positives and “don’t care” noise) and maintaining operational health of scale-limiting SOC systems (e.g., device connectors, log retention and storage parameters, ticket response management) have already been subsumed by modern SIEM solutions. Meanwhile, platform-native no-code/low-code-powered orchestration and automation capabilities, along with growing libraries of community-sourced investigation and response playbooks, have greatly accelerated incident response and efficacy for tier-two analysts—alleviating time-consuming repetitive tasks and increasing focus on new and novel incidents.
Arguably, the Virtual Analyst is already here—captured within the intelligent automation and efficiencies of modern cloud SIEM— and I believe the journey has just begun.
Tomi Engdahl says:
Why Are We Banning Petty Cybercriminals From the Internet?
https://slate.com/technology/2021/03/graham-clark-twitter-hack-probation-computer-ban.html
Nearly 21 years ago, well-known hacker Kevin Mitnick was released from prison on the condition that he not access the internet or any computers or cell phones during a three-year probation period that lasted until 2003. The rules for Mitnick’s probation even prohibited from holding a job that involved any computer use or “access to computers or computer-related equipment or software.” Even in 2000, it was hard to think of a lot of jobs that would meet those criteria or even a lot of jobs that a person would be able to apply for without any access to a computer. Cutting someone off from computers didn’t just mean preventing them from becoming a programmer or white-collar office worker—it also meant they couldn’t attend school, work in retail, or apply for any jobs that used online applications. Mitnick’s grandmother told MSNBC at the time that he wasn’t permitted by his probation officer to go to school or even work at a 7-Eleven because the cash register was technically a computer.
More than two decades later, cutting someone off from the internet is an even more extreme means of isolating them from professional and social opportunities. It also doesn’t much sense as a way of trying to rehabilitate small-scale cybercriminals, much less trying to make use of their unique skillset and harness it toward more productive ends than petty cybercrime.
And yet, just last week, 18-year-old Graham Clark received a similar sentence to Mitnick’s: He agreed to serve three years in a juvenile prison followed by three years of probation during which he will not be permitted to use computers without law enforcement permission or supervision. Clark pleaded guilty to compromising a set of high-profile Twitter accounts in 2020, including those belonging to Barack Obama, Kanye West, and Bill Gates, and using them to tweet out a fraudulent cryptocurrency donation link and a message promising that everyone who contributed Bitcoins at the given link would receive twice their money back. Apparently, people gave more than $100,000 worth of cryptocurrency to Clark before Twitter shut down the compromised accounts and alerted users to the problem.
What good do these probationary measures do? In some specific cases—people convicted of accessing online child pornography, for instance, or using websites to initiate sex crimes—it may be reasonable to try to limit their online activity in very specific ways, for instance by restricting access to certain websites. But none of these measures are foolproof and many are clearly foolish when it comes to cybercriminals like Clark whose restrictions have not been tailored to their criminal activity in any meaningful way.
Tomi Engdahl says:
Manuka – A Modular OSINT Honeypot For Blue Teamers
https://hakin9.org/manuka-a-modular-osint-honeypot-for-blue-teamers/
Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and tracks signs of adversary interest, closely aligning to MITRE’s PRE-ATT&CK framework. Manuka gives Blue Teams additional visibility of the pre-attack reconnaissance phase and generates early-warning signals for defenders.
Although they vary in scale and sophistication, most traditional honeypots focus on networks. These honeypots uncover attackers at Stage 2 (Weaponization) to 7 (Actions on Objectives) of the cyber kill chain, with the assumption that attackers are already probing the network.
Tomi Engdahl says:
Rauli Paananen: Tehdään kyberturvallisuudesta kansalaistaito ja
vientituote
https://www.erillisverkot.fi/rauli-paananen-tehdaan-kyberturvallisuudesta-kansalaistaito-ja-vientituote/
Asia on yhteinen: kansallinen kyberturvallisuus rakentuu
viranomaisten, elinkeinoelämän, järjestöjen ja kansalaisten
yhteistyönä. Tarvitsemme lisää suomalaista osaamista ja alan
yritystoimintaa näille on kysyntää maailmallakin, kirjoittaa
blogivieraamme valtion kyberturvallisuusjohtaja Rauli Paananen
liikenne- ja viestintäministeriöstä.
Tomi Engdahl says:
How to Protect Our Critical Infrastructure From Attack
https://www.darkreading.com/physical-security/how-to-protect-our-critical-infrastructure-from-attack/d/d-id/1340506
Just how worried should we be about a cyber or physical attack on
national infrastructure? Chris Price reports on how the pandemic, the
growth of remote working, and IoT are putting assets at risk. On Feb.
2, the largest ever compilation of breached usernames and passwords
was leaked online. Known as COMB, it contained 3.2 billion unique
email/password pairs, including the credentials for the Oldsmar water
plant in Florida.
Tomi Engdahl says:
Almost $2 billion lost to BEC scams in 2020
https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/
Nearly half of reported cybercrime losses in 2020 were the result of
BEC fraud, according to an FBI report
Tomi Engdahl says:
Protecting women in the cloud: eSafety hopes the Online Safety Act
will do just that
https://www.zdnet.com/article/protecting-women-in-the-cloud-esafety-hopes-the-online-safety-act-will-do-just-that/
The commissioner said a lot of online abuse is rooted in misogyny and
intended to silence women’s voices. She hopes the new Online Safety
Act will go some way to prevent such abuse.
Tomi Engdahl says:
University of Bristol’s cyber security experts launch new guidelines
to help police crackdown on organised crime
https://www.bristol.ac.uk/news/2021/march/cyber-security-experts-launch-new-guidelines.html
A new centre established by the University of Bristol to help protect
citizens online has created a shared data science framework to help
law enforcement investigate organised crime. The white paper,
published today (March 22) by REPHRAIN, the National Research Centre
on Privacy, Harm Reduction and Adversarial Influence Online in
collaboration with the Dutch National Police, offers a solution to big
data problems that tend to hamper police probes into this type of
law-breaking. Also:
https://cpb-eu-w2.wpmucdn.com/blogs.bristol.ac.uk/dist/1/670/files/2021/03/White-Paper-Towards-Data-Scientific-Investigations.pdf
Tomi Engdahl says:
To Kill A Blockchain, Add Naughty Stuff To It?
https://hackaday.com/2021/03/25/to-kill-a-blockchain-add-naughty-stuff-to-it/
Even if not all of us are blockchain savants, we mostly have a pretty good idea of how they function as a distributed database whose integrity is maintained by an unbroken chain of conputational hashes. For cyryptocurrencies a blockchain ledger stores transaction records, but there is no reason why the same ledger can not contain almost any other form of digital content. [Bruce Schneier] writes on the potential consequences of content that is illegal or censored being written to a blockchain, and about how it might eventually form a fatal weakness for popular cryptocurrencies.
It’s prompted by the news that some botnet operators have been spotted using the Bitcoin ledger to embed command and control messages to hide the address of their control server. There have already been cases of illegal pornography being placed within blockchain ledgers, as well as leaked government data.
[Schneier] uses these two content cases to pose the question as to whether this might prove to be a vulnerability for the whole system. If a government such as China objects to a block containing censored material or a notoriously litigious commercial entity such as Disney objects to a piece of copyrighted content, they could take steps to suppress copies of the blockchain that contain those blocks. Being forced by hostile governments or litigious corporations to in effect remove a block from the chain by returning to the previous block would fork the blockchain, and as multiple forks would inevitably be made in this way it would become a threat to the whole. It’s an interesting possible scenario, and one that should certainly be ready by anyone with an interest in blockchain technologies.
Illegal Content and the Blockchain
https://www.schneier.com/blog/archives/2021/03/illegal-content-and-the-blockchain.html
Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger. Since the blockchain is globally accessible and hard to take down, the botnet’s operators appear to be safe.
It’s best to avoid explaining the mathematics of Bitcoin’s blockchain, but to understand the colossal implications here, you need to understand one concept. Blockchains are a type of “distributed ledger”: a record of all transactions since the beginning, and everyone using the blockchain needs to have access to — and reference — a copy of it. What if someone puts illegal material in the blockchain? Either everyone has a copy of it, or the blockchain’s security fails.
To be fair, not absolutely everyone who uses a blockchain holds a copy of the entire ledger. Many who buy cryptocurrencies like Bitcoin and Ethereum don’t bother using the ledger to verify their purchase. Many don’t actually hold the currency outright, and instead trust an exchange to do the transactions and hold the coins. But people need to continually verify the blockchain’s history on the ledger for the system to be secure. If they stopped, then it would be trivial to forge coins. That’s how the system works.
Some years ago, people started noticing all sorts of things embedded in the Bitcoin blockchain. There are digital images, including one of Nelson Mandela. There’s the Bitcoin logo, and the original paper describing Bitcoin by its alleged founder, the pseudonymous Satoshi Nakamoto. There are advertisements, and several prayers. There’s even illegal pornography and leaked classified documents. All of these were put in by anonymous Bitcoin users. But none of this, so far, appears to seriously threaten those in power in governments and corporations. Once someone adds something to the Bitcoin ledger, it becomes sacrosanct. Removing something requires a fork of the blockchain, in which Bitcoin fragments into multiple parallel cryptocurrencies (and associated blockchains). Forks happen, rarely, but never yet because of legal coercion. And repeated forking would destroy Bitcoin’s stature as a stable(ish) currency.
The botnet’s designers are using this idea to create an unblockable means of coordination, but the implications are much greater. Imagine someone using this idea to evade government censorship. Most Bitcoin mining happens in China. What if someone added a bunch of Chinese-censored Falun Gong texts to the blockchain?<
What if someone added a type of political speech that Singapore routinely censors? Or cartoons that Disney holds the copyright to?
In Bitcoin’s and most other public blockchains there are no central, trusted authorities. Anyone in the world can perform transactions or become a miner. Everyone is equal to the extent that they have the hardware and electricity to perform cryptographic computations.
This openness is also a vulnerability, one that opens the door to asymmetric threats and small-time malicious actors. Anyone can put information in the one and only Bitcoin blockchain. Again, that’s how the system works.
herbal products says:
thanks for sharing these trends sir , loved this website great work
Tomi Engdahl says:
Chris O’Brien / VentureBeat:
Morphisec, which helps mid-size companies thwart cyberattacks and says it helps reduce the costs of security tools, raises $31M led by JVP
Morphisec snags $31M for moving target defense that protects mid-sized companies
https://venturebeat.com/2021/03/25/morphisec-snags-31m-for-moving-target-defense-that-protects-mid-sized-companies/
With cybersecurity companies going after the big enterprise fish, mid-sized companies can get lost in the shuffle. But Morphisec has developed an endpoint protection service that’s designed to be cost-effective enough to serve them high-quality protection.
As the pandemic stretches these companies even further, Morphisec has found itself in high demand. Today, the company announced it has raised $31 million in a funding round led by JVP, with participation from Orange and Deutsche Telekom Capital Partners.
Morphisec CEO Ronen Yehoshua said security for mid-sized companies is taking on greater urgency as they struggle with migration to the cloud and other aspects of their digital transformation. By automating security, Morphisec believes it can help them overcome some of those hurdles.
“If you are able to help them to protect and prevent before the attack comes and does damage, then we solve 90% of the problem in terms of people and cost,” he said.
Morphisec relies on a technique called “moving target defense” that constantly changes the security parameters of a system to thwart cyberattacks. This enables a kind of zero trust defense that doesn’t require employees to have deep security expertise in order to combat threats.
In addition, the company helps leverage existing security tools to make them more effective. That includes a partnership for a service that makes the latest security features in Microsoft Windows 10 easier for clients to use.
The company says it is currently protecting 7 million endpoints
Tomi Engdahl says:
Charlie Osborne / ZDNet:
Researchers find 204 “fleeceware” apps, which charge users extortionate subscription fees after enticing them with free trials, on Play Store and App Store — Free trials can cost mobile app users thousands of dollars in the long run. — Researchers have discovered hundreds …
Hundreds of fleeceware apps earn dubious iOS, Android developers over $400 million
Free trials can cost mobile app users thousands of dollars in the long run.
https://www.zdnet.com/article/fleeceware-apps-earn-dodgy-ios-google-play-developers-over-400-million/
Tomi Engdahl says:
5 Things IT Should Ask Managed Security Providers
https://www.securityweek.com/5-things-it-should-ask-managed-security-providers
While it’d be impossible to dig into all of the requests I’ve received over the years, here are some of the types of requests we’ve received that may make sense for you to ask your own provider.
1. Can you generate a monthly report on metrics that measures the value of your service?
2. How can our teams work more closely together during a security incident?
3. Why didn’t you detect the malware we executed on our lab device?
4. Based on the level of threat activity you’ve observed in our environment, what security recommendations do you have for us?
5. It’s 2 a.m. and we have an incident; can you join our telephone bridge to discuss?
These are five questions that have come up over the years that have helped enhance our service and engage customers with a value-add experience. Managed services should be wanting and willing to improve and adapt. Don’t get me wrong, it’s important to also have reasonable expectations, but if there are opportunities to improve then that’s a benefit for both parties.
Tomi Engdahl says:
Defence Industrial Strategy suggests the UK is ready to start taking its homegrown infosec industry seriously
Doc makes all the right noises if you like government support for business
https://www.theregister.com/2021/03/25/defence_industrial_strategy_infosec_industry_lures/
Tomi Engdahl says:
S Cyber Experts Conducted Operations to Safeguard Election
https://www.securityweek.com/us-cyber-experts-conducted-operations-safeguard-election
The U.S. Cyber Command conducted more than two dozen operations aimed at preventing interference in last November’s presidential election, the general who leads the Pentagon’s cyber force said Thursday.
Gen. Paul Nakasone, in prepared remarks to the Senate Armed Services Committee, did not describe those operations, so it was not immediately clear whether these were efforts strictly at defending the United States against intrusions or offensive measures to shut down intruders. He said his command’s operations were designed “to get ahead of foreign threats before they interfered with or influenced our elections in 2020.”
Tomi Engdahl says:
The Growing Need for a New Security Platform
https://www.securityweek.com/growing-need-new-security-platform
The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world.
There were still challenges, however. Interoperability was one. For many of these solutions, the various technologies — usually some combination of a firewall, IPS, VPN, web filtering, AV, and sandbox solution —didn’t really work together as a single seamless solution. Many components used different operating systems and even had separate management consoles. Another issue was the quality of the solutions embedded in the platform. A security vendor that built an NGFW platform may have had a top-notch firewall to use as an anchor solution, but then filled in the security roster with a second-rate IPS or web filtering solution. Debates raged about the value of an NGFW platform and a best-of-breed security approach.
Today, digital innovation has forced a complete upheaval of the traditional network. Multi-cloud environments, data centers comprised of both physical and virtual infrastructures, distributed branch offices, mobile workers, and home offices have fragmented the traditional perimeter and broken the traditional security model of placing an NGFW solution at the network edge to watch traffic moving back and forth across the border. Each new network environment now comes with its unique requirements and challenges, and as a result, security solutions have begun to pop up like mushrooms across the network. This has created a level of complexity in terms of deployment, optimization, and management that has overwhelmed most IT teams. It’s a problem that the traditional security platform approach is unable to address.
According to a recent IBM survey, an enterprise now has an average of 45 security tools deployed inside their organization. And worse, each incident they need to respond to requires coordination across 19 different tools.
Tomi Engdahl says:
The Untold History of America’s Zero-Day Market
https://www.google.com/amp/s/www.wired.com/story/untold-history-americas-zero-day-market/amp
The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now.
Tomi Engdahl says:
Kyberrikokset voivat aiheuttaa yrityksen toimintaan vakavia häiriöitä ja merkittävää taloudellista vahinkoa. Kyberrikoksen uhriksi joutuminen ei ole häpeä. Sen kohteeksi voi joutua mikä tahansa yritys miltä tahansa toimialalta. Poliisiammattikorkeakoulun (Polamk) ja Jyväskylän ammattikorkeakoulun (JAMK) yhdessä julkaisema opas vastaa kyberrikoksia koskeviin kysymyksiin yritysten näkökulmasta….
:LATAA OPAS: Kyberrikollisuus on poliisiasia – Uusi opas neuvoo yrityksiä kyberrikostilanteissa
https://www.hyperlinkki.mediaparkki.com/2021/03/26/lataa-opas-kyberrikollisuus-on-poliisiasia-uusi-opas-neuvoo-yrityksia-kyberrikostilanteissa/
Kyberrikokset voivat aiheuttaa yrityksen toimintaan vakavia häiriöitä ja merkittävää taloudellista vahinkoa. Kyberrikoksen uhriksi joutuminen ei ole häpeä. Sen kohteeksi voi joutua mikä tahansa yritys miltä tahansa toimialalta. Poliisiammattikorkeakoulun (Polamk) ja Jyväskylän ammattikorkeakoulun (JAMK) yhdessä julkaisema opas vastaa kyberrikoksia koskeviin kysymyksiin yritysten näkökulmasta
Kyberrikoksista vain osa tulee poliisin tietoon. Mikä nostaa kynnystä rikosilmoituksen tekemiseen?
– Rikoksesta ilmoittaminen poliisille on usein järkiperäistä pohdintaa; ilmoittamisesta mahdollisesti aiheutuvia kielteisiä seuraamuksia punnitaan suhteessa etuihin. Pelkona voi olla maineen menetys tai epäilys, että rikoksen tekijän henkilöllisyys jää selvittämättä. Monet eivät välttämättä tule ajatelleeksi yhteiskunnallisia syitä, kuten sitä, että ilmoittamatta jättäminen rapauttaa samalla rikosoikeusjärjestelmää, kertoo Poliisiammattikorkeakoulun tutkija Anna Leppänen.