Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,203 Comments
Tomi Engdahl says:
Upskilling Cyber Defenders Requires a Readiness Environment
https://www.securityweek.com/upskilling-cyber-defenders-requires-readiness-environment
Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks
Threat Predictions for 2022
Cybercrime actors will continue to hammer small and medium size businesses “below the security poverty line” using common attack vectors including credentials found in the wild and used against open RDP ports exposed to the internet. Simple attacks like sending an HR representative a fake delivery invoice can give even an unsophisticated threat actor the ability to encrypt the entire network filesystem only to find the disaster recovery policies haven’t been updated in five years and the backup systems aren’t intact.
Cybercrime actors will continue to hammer small and medium size businesses “below the security poverty line” using common attack vectors including credentials found in the wild and used against open RDP ports exposed to the internet. Simple attacks like sending an HR representative a fake delivery invoice can give even an unsophisticated threat actor the ability to encrypt the entire network filesystem only to find the disaster recovery policies haven’t been updated in five years and the backup systems aren’t intact.
Security Technology Predictions for 2022
Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks. While this is well known in the industry, security and IT teams’ continue to have an inability to prioritize and respond to the most relevant alerts and problems. The availability of metrics to justify increased security investment continue to be lacking.
Tomi Engdahl says:
Planning for the Future: What’s Ahead in 2022
https://www.securityweek.com/planning-future-whats-ahead-2022
Threat Predictions for 2022
Cybercrime actors will continue to hammer small and medium size businesses “below the security poverty line” using common attack vectors including credentials found in the wild and used against open RDP ports exposed to the internet. Simple attacks like sending an HR representative a fake delivery invoice can give even an unsophisticated threat actor the ability to encrypt the entire network filesystem only to find the disaster recovery policies haven’t been updated in five years and the backup systems aren’t intact.
Cybercrime actors will continue to hammer small and medium size businesses “below the security poverty line” using common attack vectors including credentials found in the wild and used against open RDP ports exposed to the internet. Simple attacks like sending an HR representative a fake delivery invoice can give even an unsophisticated threat actor the ability to encrypt the entire network filesystem only to find the disaster recovery policies haven’t been updated in five years and the backup systems aren’t intact.
Security Technology Predictions for 2022
Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks. While this is well known in the industry, security and IT teams’ continue to have an inability to prioritize and respond to the most relevant alerts and problems. The availability of metrics to justify increased security investment continue to be lacking.
Tomi Engdahl says:
Log4Shell Tools and Resources for Defenders – Continuously Updated
https://www.securityweek.com/log4shell-tools-and-resources-defenders-continuously-updated
Tomi Engdahl says:
A Journey in Organizational Resilience: Survive the Disruption and Become Stronger https://securityintelligence.com/articles/organizational-resilience-survive-disruption-become-stronger/
SecurityIntelligence has 13 chapter series guiding you through your journey through organizational resilience covering the subject from all angles.
Tomi Engdahl says:
Linux For The Paranoid Does The Work For You
https://hackaday.com/2021/12/22/linux-for-the-paranoid-does-the-work-for-you/
We all know that our activity on the Internet is not that hard to track. It just annoys some people more than others. If you are really hardcore, you’ll learn all the ins and outs of networking to help cover your tracks, but what if you don’t want to invest that kind of time? Maybe, as [TechRepublic] suggests, try Kodachi Linux.
You could, of course, start with your own live image. Then when you boot, you could take the following steps:
Randomize your MAC Address
Establish a TOR connection through a VPN
Route all internet traffic through TOR and use DNS encryption
Set up a scheduled task to scramble your MAC address periodically
But that’s what Kodachi does without any real effort on your part.
The distribution is based on Ubuntu, so all the familiar tools are there. There are also a few security and privacy tools included like KeePass, Tox, OnionShare, i2p, and more. The desktop shows a summary of secure network information
Do you need Kodachi? Probably not, if you are a Linux guru. Plus, most people aren’t doing anything that’s that interesting.
Kodachi is the operating system for those who value privacy but don’t want to learn Linux
https://www.techrepublic.com/article/kodachi-is-the-operating-system-for-those-who-value-privacy-but-dont-want-to-learn-linux/
The operating system serves as a Live instance, so you don’t even have to bother installing it. You create a bootable USB drive (with a tool like Unetbootin), insert your USB drive and boot up Kodachi. As soon as the OS boots it:
Changes your MAC Address
Establishes a TOR connection through a VPN
Routes all internet traffic through TOR plus VPN with DNS encryption
Regularly changes your MAC Address to avoid detection and tracking
Tomi Engdahl says:
Navigating around the Cyberthreats in the Digital Economy
https://businessagency.thehague.com/navigating-around-the-cyberthreats-the-digital-economy?utm_source=Advertising&utm_medium=Facebook&utm_campaign=Articles&fbclid=IwAR0HNdN7pbVqarD3DcGK69mQeajO13pgn0dRUnFhsynFuHy9DL4r3h95588
Introduction
Every day we become more and more reliant on technology for even the simplest tasks. Simultaneously, our digital economies become more and more vulnerable to cyber attacks by those with malicious intent. Personally, we have all encountered some form of cyber intrusion, whether it was phishing, hacking, or a virus attack, an assault on our digital lives. We invest in anti-virus software, discard dubious emails and posting and messages in the various social media platforms like Facebook and instant messengers like Whatsapp. However, we are not in control of our own data: it is available in our bank accounts, our medical records, municipal accounts and a host of other repositories where we have placed our trust. Cybercriminals are keenly aware of this, and try to exploit our weaknesses on all these sites. What needs to be done?
How Safe is Our Data?
Well, it depends on who has your data and how diligent they are about protecting it. While we have Acts that protect our data privacy rights, such as the GDPR, they are generally reactive, and can only be applied after the event. They also differ from country to country, which might create extra complexity – what is the situation if there is a data breach on a cloud server, where the company using the cloud services is in Denmark, the CRM software is provided by an Israeli firm, the cloud service provider’s headquarters are based in the US, and their servers are scattered across the globe, from Chile to Russia? Which law or laws apply and who is ultimately responsible?
Understanding Where the Vulnerabilities Lie
It is very easy to understand where there are weaknesses in even the most protected environments: if there is an IP address, or a device that has an ability to connect with the Internet, there is a potential for hacking. So, apart from an organization’s own on-premise IT installation, there are billions, not millions, of ports of entry. The one that comes to mind first for most CIOs is remote workers and employees where BYOD (bring your own device) is allowed. Then we all use the cloud to a greater or lesser extent. However, here we probably have more protection than we know; companies like Microsoft spend billions against cyberattacks annually. Even then, there is a human problem in getting employees with the skills to work in the cyber defence space. There is the risk of emails, social media hacks and spam and instant messaging (e.g. Whatsapp) hacks. However, these all pale into insignificance, when you consider the Internet of Things.
There is a Spy in my Kitchen
We are all familiar with movies and TV series where listening devices are planted in people’s houses, without realizing that most or all of our devices have sensors built in them, from your washing machine to your pop-up toaster. Maybe a fridge that hooks up to the Internet is not such a good idea. Right now, there are 10 billion IoT devices out there communicating in some way or other.
Fighting the Good Fight
As mentioned above, nearly every body overseeing good governance and standards is constantly reviewing the risk of cyber vulnerabilities and have drafted standards and practice notes to be followed to mitigate and prevent cyber risk. The NIST has defined a risk management framework for organizational cyber threat resistance, called the Cybersecurity Posture
While this should be adopted by every organization, it should be noted that it does not address the issue of finding the criminals and stopping them, but that is a topic for another day.
AI to the Rescue
Artificial intelligence has become a vital defence against cyber crime, at all points in the NIST’s framework. It achieves this in different ways, firstly by identifying anomalous data patterns and behaviour that deviate from normal operations. It does this based on historical data and activities, as well as any supplementary information, which may need to be supplied, like previous cyberattacks and hacks that happened across the globe.
In the unfortunate event of an attack, it will mitigate the effect, applying learning about previous breaches as well as the current hack. It will also accelerate the recovery from a breach by assisting in repairing what has been compromised.
This all sounds great, and IBM has estimated that applying AI to assist in cyber protection can reduce the costs of a data breach by up to 80%. What is often overlooked is that your cybersecurity team cannot be replaced by one or more AI applications; they still steer the ship, but can capitalize on the speed and accuracy of the AI risk detection. There is a big skills shortage in this space, as Microsoft has pointed out, and this could be an ideal career path for those who want to progress in ICT.
Tomi Engdahl says:
A yearlong analysis spanning from the second half of 2020 to the first half of 2021 shows that dedicated attackers can always breach company networks.
Most corporate networks can be breached in two days – research
https://cybernews.com/news/most-business-networks-can-be-breached-in-two-days-research/?utm_source=facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post
It takes a mere couple of days to breach the network perimeter, and in 100% of the cases, researchers could gain complete control over the infrastructure.
A yearlong analysis spanning from the second half of 2020 to the first half of 2021 shows that dedicated attackers can always breach company networks.
No one is spared, as the tests were successful with banks, energy, IT companies, and government agencies, a recent report by Positive Technologies shows.
In 93%of cases, an external attacker can breach the organization’s network perimeter to local network resources, and on average, it takes only two days to penetrate the company’s internal network.
In every single case, researchers were able to take over the infrastructure.
According to Ekaterina Kilyusheva, Head of Research and Analytics, Positive Technologies, researchers specifically tried to simulate ‘unacceptable events,’ attacks that would either disrupt the technological processes or lead to theft of funds.
In 71% of cases, researchers were successful in simulating such attacks.
The report’s authors claim that credential compromise is the key weapon in an attacker’s arsenal, allowing to penetrate corporate networks, with 71% of companies breached because of inadequate passwords for user and administrative accounts.
The study shows that most organizations have no segmentation of the network by business processes, allowing threat actors to develop several attack vectors simultaneously.
Exploiting known software vulnerabilities (60%) was the second most successful tool for compromising networks, followed by configuration flaws (54%) and exploiting vulnerabilities in web application code (43%).
Tomi Engdahl says:
VMwaren tutkimus: Etätyön tekninen valvonta heikentää luottamusta ja lisää henkilöstön vaihtuvuutta – seurantaa sovellusten ja jopa webbikameroiden kautta
Tomi Engdahl says:
Covid vaccine researchers are under attack https://www.pandasecurity.com/en/mediacenter/security/vaccine-researchers-attack/
For more than a year, researchers have been warning about an increase in cyberattacks as people adjusted to working from home. Now new figures released by the UK’s National Cyber Security Centre (NCSC) suggest that hackers are dedicating a lot of time and resources to targeting healthcare-related businesses. According to the NCSC, a department of the UK intelligence service, 20% of all attacks they helped to investigate and defend against were launched against the health sector. They also noted that the total number of reported incidents rose from 723 to 777 between 2020 and 2021.
Tomi Engdahl says:
2021 was the year cybersecurity became everyone’s problem
https://www.axios.com/2021-cybersecurity-ransomware-cyber-attack-91ccc592-b611-4825-8e0a-65e37d06a450.html
This year marked a turning point for malicious attacks on computer systems, fueled by a rise in nation-state attacks and ransomware.
Why it matters: Once a worry mostly for IT leaders, the risk of a cyber intrusion is now a top concern for CEOs and world leaders.
Driving the news:
May’s Colonial Pipeline attack helped drive that message home, as did ransomware attacks on cities and hospitals — emphasizing the very real world impact that cyber attacks can have.
Meanwhile, the current Log4j flaw shows just how vulnerable our digital systems are. It’s a single piece of open source code, but it is used so broadly and the flaw so fundamental that it potentially opens nearly every business and government to attack.
The big picture: Evidence that cybersecurity has become the big issue abounds. Foreign Affairs devotes the current issue to the topic, while J.P. Morgan International Council identified it as the most significant threat facing businesses and government in a report released Thursday.
Between the lines: One can never permanently “win” the battle against malicious attacks, but it is possible to be losing the fight. 2021 definitely felt like a year in which the attackers had the upper hand.
The combination of cryptocurrency and ransomware has proven to be especially tough to fight as it is often in the business interests of a victim to pay up rather than take the risk of data loss or even a business disruption.
The rise in cyberattacks has also made for thorny diplomacy among nation states. With physical attacks, there has been a relatively clear line that acts as a deterrent, even for nations with significant conflicts. But in cyberspace, the division is murkier.
“The domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space,” former deputy director of national intelligence Sue Gordon and former Pentagon chief of staff Eric Rosenbach wrote in a Foreign Affairs piece.
“In trying to analogize the cyberthreat to the world of physical warfare, policymakers missed the far more insidious danger that cyber-operations pose: how they erode the trust people place in markets, governments and even national power,” argues Hoover Institution’s Jacquelyn Schneider, in another Foreign Affairs article. “Cyberattacks prey on these weak points, sowing distrust in information, creating confusion and anxiety, and exacerbating hatred and misinformation.”
What’s next: Leaders are calling for much tighter cooperation between businesses and governments as the key way to fighting back. Also needed, many say, is an international agreement on what is and isn’t permissible, in much the way the Geneva Convention sets limits on traditional warfare.
Tomi Engdahl says:
U.S. faces urgent anti-hacker crisis
https://www.axios.com/government-business-cyber-jobs-601a027c-cf68-47bb-96ca-da46237052f6.html
The Biden administration is accelerating efforts to fill nearly 600,000 vacant cybersecurity positions in the public and private sectors bogging down efforts to protect digital infrastructure.
Why it matters: Following a deluge of ransomware attacks targeting critical government and corporate infrastructure this year, clogs in the talent pipeline are leaving federal, cash-strapped local governments and Big Business even more susceptible to hacking.
The issue has emerged repeatedly in Senate and House hearings but received little public attention until recently.
What we’re watching: Private companies like GuidePoint Security are trying one way to fill the void: training veterans leaving the military for careers in cybersecurity.
“It takes way too long to bring people into the federal government,” Cybersecurity and Infrastructure Security Agency director Jen Easterly told the House Committee on Homeland Security this month.
She said it’s necessary to consider those who have the right technical skills and attitude but may lack a traditional educational background, or years of formal experience in the industry.
Women hold only 20% of all cybersecurity jobs, and just 3% of the federal government’s IT workforce is under the age of 30.
Tomi Engdahl says:
Keynote – LockPickingLawyer
https://www.youtube.com/watch?v=IH0GXWQDk0Q
The Lock Picking Lawyer is one of the most well-known names in the world of lock picking and covert entry. He is best known for his extremely popular, eponymous YouTube channel. This channel features over 1,000 videos exposing weaknesses and defects found in locking devices so that consumers can make better security decisions. What’s less well-known is that he also works with lock manufacturers to improve their products, private companies to improve their security, tool-makers to improve their products, and government agencies. As his name suggests, the Lock Picking Lawyer was a business litigator for nearly 15 years, but recently retired from practicing law to devote all of his time to security work.
Tomi Engdahl says:
Targeted Links Used to Steal Tens of Millions in Global Scam Campaign
https://www.securityweek.com/targeted-links-used-steal-tens-millions-global-scam-campaign
By impersonating 121 brands, scammers managed to defraud users in over 90 countries of an estimated $80 million per month, Singapore-based threat hunting and intelligence firm Group-IB reveals.
As part of the scheme, the fraudsters lured victims with fake surveys and giveaways supposedly from popular brands, but which were designed to help the miscreants steal victims’ personal information and credit card data.
The scammers are believed to have targeted tens of millions of individuals in a total of 91 countries, including the United States, Canada, South Korea, and Italy.
To lure their victims, the cybercriminals distributed invitations to partake in a survey, also telling their potential victims that a prize would be offered afterwards. Marketing methods employed in the campaign included advertising on both legitimate and rogue websites, contextual advertising, text and email messages, and pop-up notifications.
Tomi Engdahl says:
Research: Simulated Phishing Tests Make Organizations Less Secure
https://www.securityweek.com/research-simulated-phishing-tests-make-organizations-less-secure
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
After a 15-month phishing experiment done in partnership with an unnamed publicly traded global company, researchers at ETH Zurich found that embedded training during simulated phishing exercises did not make employees more resilient to e-mail malware lures and, worse, “can have unexpected side effects that can make employees even more susceptible to phishing.”
Even as investors pour money into startups promising respite from phishing attacks, corporate defenders struggle to block sophisticated email lures that serve as the initial entry point debilitating malware and ransomware extortion attacks. For decades, businesses added user awareness training to cybersecurity budgets in attempts to help employees to spot suspicious links or malicious email attachments.
There has been active debate over the years about the effectiveness of security awareness training but that has not stopped CISOs (Chief Information Security Officers) from flagging user education as a major priority for cyber defense spending.
The ETH Zurich university study is sure to rekindle that debate with the researchers calling for caution in the deployment of methods like embedded phishing exercises and training, warning of “potential negative side effects.”
The researchers ran the experiment for 15 months (July 2019 through October 2020) where simulated phishing emails were sent to a quarter of the partner company’s workforce during their normal work flow and context.
The raw data from the study tell an interesting story:
Overall, the study participants clicked on 6,680 out of 117,864 simulated phishes (5.67%). During the 15 months, 4,729/14,733 participants (32.10%) clicked on at least one phish.
The trend for dangerous actions is similar, with the numbers slightly lower: participants fell for 4,885 simulated phishing emails (4.14% of the total sent emails, and 73.13% of all the clicked simulated phishes), and 3,747/14,733 participants (25.43%) users did at least one dangerous action.
There were 4,260 study participants that reported at least one email. In total, the participants reported 14,401 emails, of which 11,035 were our simulated emails. The button to report phishing was also deployed to 6300 employees that were not part of the experiment but could report phishing: 1,543 of them reported at least one suspicious email, and they reported 4,075 emails. Thus, the total number of reported emails we received during the 15 months was 18,476.
The researchers also found “repeated clickers” who fell victim to multiple lure mails and concluded that many employees in an organization “will eventually fall for phishing if continuously exposed.”
In the experiment, the researchers found that 4,729 out of 14,733 (32.10%) participants clicked on at least one link or attachment in simulated phishing emails. A similar high number applies to dangerous actions: 3,747 out of 14,733 (25.43%) performed at least one.
“These results indicate that a rather large fraction of the entire employee base will be vulnerable to phishing when exposed to phishing emails for a sufficiently long time. We are the first to show such results at scale,” the researchers added.
“Our experiment shows that crowdsourced phishing detection enables organizations to detect a large number of previously unseen real phishing campaigns with a short delay from the start of the campaign,” the team said, noting that the operational load of phishing report processing can be kept small, even in large organizations.
“Our study also demonstrates that a sufficiently high number of employees report suspicious emails actively over long periods of time. In summary, we show that crowd-sourced phishing detection provides a viable option for many organizations.”
Tomi Engdahl says:
Lock Picking Lawyer Reacts to Hollywood Lock Picking – TKOR Reacts
https://www.youtube.com/watch?v=TMiQIpJXbD0
In this 2KOR Reacts video we’ve got special guest Lock Picking Lawyer with us watching and reacting to a few clips from movies and tv shows. He’ll let us know what’s actually realistic and what is complete nonsense!
Tomi Engdahl says:
Network Hacking is gathering an information from network and computers over the internet.
https://hackersonlineclub.com/network-hacking/
Tomi Engdahl says:
How ‘The Matrix’ Inspired a New Generation of Hackers
The Wachowskis’ masterpiece steered countless people into cybersecurity, and changed hacking culture forever.
https://www.vice.com/en/article/epxvgj/how-the-matrix-inspired-a-new-generation-of-hackers
Tomi Engdahl says:
Security With a Spectrometer What color is your password?
https://spectrum.ieee.org/security-with-a-spectrometer
My editor at IEEE Spectrum is convinced that in the future smartphones will have spectrometers to probe the world around them [True-Ed.]. As an experimental preview into this era, he obtained a spectrometer with a higher resolution than budget-minded makers have access to today, the Hamamatsu C12880MA, available in small quantities as a US $350 breakout board on Tindie. My part of the experiment? To see what idea the device would spark in me for a consumer-focused application.
Tomi Engdahl says:
Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans
Organizations Can Reduce Risk by Implementing a Security Control Framework
https://www.gartner.com/en/newsroom/press-releases/2021-07-21-gartner-predicts-by-2025-cyber-attackers-will-have-we
Tomi Engdahl says:
Google Drive could soon start locking your files
By Joel Khalili published 8 days ago
New Google Drive policy cracks down on ‘abuses’ of the platform
https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files
Tomi Engdahl says:
Cybersecurity risks and how to prevent them effectively
https://pentestmag.com/cybersecurity-risks-and-how-to-prevent-them-effectively/
Tomi Engdahl says:
What Makes PowerShell a Challenge for Cybersecurity Solutions?
https://www.deepinstinct.com/blog/what-makes-powershell-a-challenge-for-cybersecurity-solutions
Tomi Engdahl says:
This USB ‘kill cord’ can instantly wipe your laptop if snatched or stolen
https://techcrunch.com/2021/12/16/buskill-kill-cord-self-destruct-laptop/
Journalists, activists and human rights defenders face a constant battle to keep files safe from a growing set of digital threats and surveillance. But physical attacks can be challenging to defend against, whether an opportunist snatch-and-grab thief or an oppressive government kicking down someone’s door.
This week, a project called BusKill launched a custom USB magnetic breakaway cable that acts as a “dead man’s switch,” locking a computer if someone physically snatches it and severs the magnetic connectors.
https://www.buskill.in/
Tomi Engdahl says:
BusKill USB kill cord protects data on Linux, Windows, Mac OS devices
https://www.cnx-software.com/2021/12/15/buskill-usb-kill-cord-protects-data-on-linux-windows-mac-os-devices/
Data is can be extremely valuable, so Alt Shift designed the BusKill USB kill cord that will automatically execute a user-configurable trigger when your machine is physically separated from you. It can be especially useful to journalists and activists that may get their devices seized by the government, crypto traders, military personnel, or travelers with sensitive data.
Tomi Engdahl says:
A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists
Cytrox is one of seven surveillance companies now banned from Meta’s platforms
https://techcrunch.com/2021/12/16/cytrox-predator-phone-hacking-meta/
Tomi Engdahl says:
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
Tomi Engdahl says:
Kodachi is the operating system for those who value privacy but don’t want to learn Linux
https://www.techrepublic.com/article/kodachi-is-the-operating-system-for-those-who-value-privacy-but-dont-want-to-learn-linux/
Tomi Engdahl says:
Yritysten IT-arkkitehtuurin viimeinen silaus tulee SASEsta
Työelämän uudeksi vakioksi muodostuneet etä- ja hybridityö asettavat tietoturva- ja yhteysarkkitehtuurille uudenlaisia vaatimuksia. Nämä vaatimukset koskevat erityisesti työntekijöiden fyysistä sijaintia sekä SaaS-palvelumallin yleistymistä. SASE on vastaus tähän huutoon.
https://www.dna.fi/yrityksille/blogi/-/blogs/yritysten-it-arkkitehtuurin-viimeinen-silaus-tulee-sasesta/?utm_source=facebook&utm_medium=linkad&utm_content=ILTE-blogi-yritysten-it-arkkitehtuurin-viimeinen-silaus-tulee-sasesta&utm_campaign=H_MES_21-45-48_artikkelikampanja&fbclid=IwAR24ko6NpdesKCvRBKoRSnhP_lRlFjFrgy3tVsFkHScy9zUO5FIG9-VualM
Tomi Engdahl says:
Teknokraattinen bioturvallisuuden järjestelmä
BY TAPIO PUOLIMATKA 07.12.2021 13 MINS
https://tapio.blog/yleinen/teknokraattinen-bioturvallisuuden-jarjestelma/
Koronaepidemia on palvellut kiihdyttimenä prosessille, jota professori Aaron Kheriaty kutsuu “teknokraattisen bioturvallisuuden valvontajärjestelmän nousuksi”.
Kheriatyn mielestä poliittisesti tärkeä jako ei enää nykyään ole jako vasemmistoon ja oikeistoon tai liberaaleihin ja konservatiiveihin. Uudeksi tärkeäksi poliittiseksi jaoksi on nousemassa jako niiden välillä, jotka hyväksyvät teknokraattisen bioturvallisuuden valvontajärjestelmän, ja niiden välillä, jotka vastustavat sitä.
Tomi Engdahl says:
IoT under attack: Security is still not good enough on these edge devices
Most enterprises don’t have visibility into the IoT devices that are being attacked by hackers who want to breach corporate IT networks.
https://www.zdnet.com/article/iot-under-attack-security-is-still-good-not-enough-on-these-edge-devices/
Tomi Engdahl says:
CIO priorities: 10 challenges to tackle in 2022
Digital leaders who focus on these priority areas will help their business to steal a march over its rivals.
https://www.zdnet.com/article/cio-priorities-10-challenges-to-tackle-in-2022/
Tomi Engdahl says:
5 common myths and surprising truths about Zero Trust
https://www.techradar.com/uk/news/5-common-myths-and-surprising-truths-about-zero-trust
Let’s dispel at least five most common myths about the zero trust architecture
Tomi Engdahl says:
The 10 Hottest New Cybersecurity Tools And Products Of 2021
https://www.crn.com/slide-shows/security/the-10-hottest-new-cybersecurity-tools-and-products-of-2021
The 10 cybersecurity tools and products making an impact deliver everything from ransomware readiness assessments and automated incident investigations to protection for remote workers and small businesses.
Tomi Engdahl says:
The Art of CISO – Master of Warfare
https://pentestmag.com/the-art-of-ciso-master-of-warfare/
No one has ever achieved anything of note, without having alliances.
Identify which functions in your organization have similar interests to yours. Align them to push for change and transformation where you feel yourself heading to resistance. Strengthen your Alliance by practicing eye-for-an-eye and returning the effort to push their agenda as well.
When practiced wisely, such alliances tend to develop a web of trust within the organization, where you’ll be able to share your toughest spots and earn the far most genuine support.
Tomi Engdahl says:
Three Key Artificial Intelligence Applications For Cybersecurity by Chuck Brooks and Dr. Frederic Lemieux
https://www.forbes.com/sites/chuckbrooks/2021/09/24/three-key-artificial-intelligence-applications-for-cybersecurity/?sh=69f7db0e7b7e
AI is certainly the core technology leading the smart digital transformation of our 4Th Industrial Era. Computers with AI are designed for automation activities that include, speech recognition, learning, planning, and problem solving.
AI and Cybersecurity
We are at the doorstep of a new era of smart technology and cybersecurity is already a testing ground. The cybersecurity industry is increasingly impacted by the deployment of solutions supported by artificial intelligence. According to research from cybersecurity experts Darktrace, an attempted cyberattack during the Tokyo Olympics was thwarted thanks to the assistance of a cybersecurity artificial intelligence (AI). The firm discovered an attempted attack a week before the games began using artificial intelligence monitoring tools. AI neutralizes IoT attack that threatened to disrupt the Tokyo Olympics | Blog | Darktrace
AI is largely used to protect networks as well as increase data security and endpoint security according to 850 senior IT executives surveyed in 2019 (Statista 2021). Moreover, the market of artificial intelligence in cybersecurity is expected to grow at a compound annual growth rate of 23.6% from 2020 to 2027 to reach $46.3 billion by 2027
There are, among others four specific areas where AI technology can contribute to make cybersecurity responses to threats a smarter:
1) Network Vulnerability Surveillance and Threat Detection
According to Cybersecurity Ventures CEO Steve Morgan, the human attack surface is to reach 6 billion people by 2022 and Cyber-crime damage costs to hit $6 trillion annually by 2021. That is a large and costly cyber-ecosystem to surveil, protect, and remedy. Data breaches and cyber-attacks have dire consequences for companies as loss of data from a breach or ransomware attack can cost millions of dollars and can lead to bankruptcy. In 2020, it took on average two hundred days for an organization to detect a data breach and an additional 80 days to contain the incident. That is too long to be able to effectively respond and mitigate a serious breach.
AI can provide a faster means to detect and identify cyber-threats. Cybersecurity companies have developed software and platform powered by AI that monitors in real time activities on network by, scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
AI threat hunting tools can cover cloud, data center, enterprise networks, and IoT devices. AI tools can allow for automatic updating and threat vetting of defense framework layers (network, server, payload, endpoint, firewalls, and anti-virus) and diagnostic and forensics analysis for cybersecurity.
2) Incident Diagnosis and Response
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.”
3) Cyber Threat Intelligence Reports
Every day, already understaffed cybersecurity professionals regularly face thousands of attacks on their systems and the malware continues to grow in pace, numbers, and complexity. This cyber-reality has generated an overload of information that is challenging to collect, organize, and analyze. AI solutions have been deployed to support cyber threat analysts and address the problem of information overload and current data. These solutions include open-source AI powered collection tools that gather data on specific cyber threats or vulnerabilities on the Internet.
AI Limitations and Threats
As with every technology, there are limits to applications and threats. Cybersecurity solutions powered by AI certainly provide a high degree of accuracy and performance, but some levels of error do exist, and AI technology can produce false positives or false negatives when comes the time to detect the presence of threats in a network.
Also, AI can be a double-edged sword as it can be manipulated for nefarious purposes. A recent global study found that over 40 percent of executives have “extreme” or “major” concerns about AI threats, with cybersecurity vulnerabilities. Security experts predict a global AI-related cyber-attack before year-end (betanews.com)
Tomi Engdahl says:
Security With a Spectrometer What color is your password?
https://spectrum.ieee.org/security-with-a-spectrometer
Tomi Engdahl says:
Two words for everyone to ponder this holiday night:
Cybernetic Ransomware
Meet the future today:
https://www.forbes.com/sites/brucelee/2021/02/06/chastity-belt-ransomware-how-hackers-held-peoples-genitals-hostage/?sh=457463e992b2
Tomi Engdahl says:
Edward Snowden, Glenn Greenwald & Chris Hedges on NSA Leaks, Assange & Protecting a Free Internet
https://www.democracynow.org/2021/12/24/edward_snowden_glenn_greenwald_chris_hedges
NSA whistleblower Edward Snowden and Pulitzer Prize-winning journalists Glenn Greenwald and Chris Hedges discuss mass surveillance, government secrecy, internet freedom and U.S. attempts to extradite and prosecute WikiLeaks founder Julian Assange. They spoke together on a panel moderated by Amy Goodman at the virtual War on Terror Film Festival after a screening of “Citizenfour” — the Oscar-winning documentary about Snowden by Laura Poitras.
Tomi Engdahl says:
93% of Tested Networks Vulnerable to Breach, Pen Testers Find
https://www.darkreading.com/attacks-breaches/93-of-tested-networks-vulnerable-to-breach-pentesters-find
Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers.
The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credential, exploiting known vulnerabilities in software and Web applications, or taking advantage of configuration flaws, according to an analysis of security assessments by Positive Technologies.
In 93% of cases, an external attacker could breach a target company’s network and gain access to local devices and systems, the company’s security service professionals found. In 71% of cases, the attacker could affect the businesses in a way deemed “unacceptable.” For example, every bank tested by the security firm could be attacked in a way that disrupted business processes and reduced the quality of their service.
Positive Technologies’ annual report shows that companies need to take stock in 2022 and model likely threats, says Ekaterina Kilyusheva, the company’s head of research and analytics.
“Every company can fall victim to an attack, both targeted and massive,” she says. “According to our data, the number of cyberattacks is increasing from year to year, and their consequences are becoming more serious. Just look at the damage that ransomware operators inflict on organizations.”
Tomi Engdahl says:
SFW! The Top N Cybersecurity Stories of 2021 (for small positive integer values of N) https://nakedsecurity.sophos.com/2021/12/24/sfw-the-top-n-cybersecurity-stories-of-2021-for-small-positive-integer-values-of-n/
And by totally SFW, we don’t just mean Suitable For Work, but also Something For the Weekend a double bonus if you’re on official duty over the holiday break and are looking for laid-back content that nevertheless counts as genuine on-the-job learning. While everyone else was choosing their Top N Terrible Cybersecurity Incidents Of 2021, some of them for worryingly high values of N, we thought we’d pick our year-end stories in a more family-friendly way.
Tomi Engdahl says:
Data assessment, user consent key to compliance with China law
https://www.zdnet.com/article/data-assessment-user-consent-key-to-compliance-with-china-law/#ftag=RSSbaffb68
International businesses that process information from China should obtain user consent and establish a data map, so they do not run afoul of the country’s Personal Information Protection Law (PIPL).
Specifically, they should look closely at cross-border data flow and residency, even as more clarity still is needed on some components in the new legislation. Organisations that already are set up to comply with Europe’s General Data Protection Regulation (GDPR), though, have a good foundation on which to work towards PIPL adherence.
Tomi Engdahl says:
The Future is in Interoperability Not Big Tech: 2021 in Review https://www.eff.org/deeplinks/2021/12/future-interoperability-not-big-tech-2021-review
2021 was not a good year for Big Tech: a flaming cocktail of moderation failings, privacy breaches, leaked nefarious plans, illegal collusion and tone-deaf, arrogant pronouncements stoked public anger and fired up the political will to do something about the unaccountable power and reckless self-interest of the tech giants. But this year, something new happened: lawmakers, technologists, public interest groups, and regulators around the world converged on an idea we’re very fond of around here: interoperability.
Tomi Engdahl says:
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Tomi Engdahl says:
Common spear-phishing tricks
https://www.kaspersky.com/blog/common-spear-phishing-tricks/43224/
Virtually every employee of a large company comes across the occasional e-mail aiming to steal their corporate credentials. It’s usually in the form of mass phishing, an attack in which e-mails are sent out at random in the hope that at least some recipients will take the bait. However, the stream of phishing e-mails may contain one or two more dangerous, targeted messages, the content of which has been customized for employees of specific companies. This is spear-phishing.
Tomi Engdahl says:
Zero Trust migration: where do I start?
https://www.ncsc.gov.uk/blog-post/zero-trust-migration-where-do-i-start
Following our Zero Trust: is it right for me?’ blog, this second installment focuses on how to start your zero trust architecture journey. Hopefully by now, you have decided it meets your business requirements, and have set implementing a zero trust architecture’ as your strategic goal.
Building the Zero Trust Enterprise: A Holistic Approach https://www.paloaltonetworks.com/blog/2021/12/building-the-zero-trust-enterprise/
At its core, Zero Trust seeks to eliminate implicit trust throughout the enterprise by continuously validating all digital transactions.
This is inherently a much more secure approach and helps deal with some of the most sophisticated and dangerous types of threats, such as ransomware and associated behaviors like lateral movement. Today, organizations can evolve into a Zero Trust enterprise by taking a holistic approach and applying Zero Trust best practices comprehensively across users, applications and infrastructure.
Tomi Engdahl says:
An inside look at how CISA is building an agency for elite cybersecurity talent https://therecord.media/an-inside-look-at-how-cisa-is-building-an-agency-for-elite-cybersecurity-talent/
The Cybersecurity and Infrastructure Security Agency, better known as CISA, was spun up in 2018 operating under the Department of Homeland Security. In July of 2021, Jen Easterly was confirmed by the US Senate as Director of CISA, and under her leadership the organization has continued its efforts toward public-private partnerships in cybersecurity. CISA recently established the Joint Cyber Defense Collaborative, an effort by the agency to lead the development of proactive cyber defense operation plans. Kiersten Todt is Chief of Staff at the Cybersecurity and Infrastructure Security Agency, and she joins us with insights on CISA’s efforts
Tomi Engdahl says:
A Growing Army of Hackers Helps Keep Kim Jong Un in Power https://www.bloomberg.com/news/articles/2021-12-21/north-korean-army-of-cybercriminals-props-up-kim-s-nuclear-program-and-economy
Kim Jong Un marked a decade as supreme leader of North Korea in December. Whether he can hold on to power for another 10 years may depend on state hackers, whose cybercrimes finance his nuclear arms program and prop up the economy.
Tomi Engdahl says:
Convergence or overlap? Understanding the IT/OT relationship
With the increasing number of industrial systems connected to the internet, operational technology (OT) is vulnerable to cyberattacks and stands to benefit from information technology (IT) experience.
https://www.controleng.com/articles/convergence-or-overlap-understanding-the-it-ot-relationship/?oly_enc_id=0462E3054934E2U
Tomi Engdahl says:
New Tech Will Send Police Drones to Sites Where Guns Went Off
https://lm.facebook.com/l.php?u=https%3A%2F%2Ffuturism.com%2Fthe-byte%2Fpolice-drones-gunshots&h=AT3GFSD86NFPUQ9BkrwK_UaJgpenWaZxX8JbH1_mTGbcy29NA5iEXA1ovAzqeG-iisQQEcNFfsxVxHPpcQnQJOQBeI2-bb9LOZWRyDRecFeESs6rN-LOcEc02cctd8OaKgrHre-KSPAXqTRpCg
Police in Israel may soon have autonomous drones that fly to locations where gunshots are detected, according to a new press release from ShotSpotter. The US-based company already creates a controversial product that uses acoustic sensors to detect gun shots and alert police, and now it’s teaming up with a company called Airobotics to create drones that respond to disturbances.
“Airobotics believes that integrating with ShotSpotter, the leader in gunshot detection, will provide a better technological solution for dealing with gunfire crime in Israel,” said Meir Kliner, CEO of Airobotics via the December press release. “This partnership is another step in the company’s strategy to expand the scope of its activities by providing solutions for emergency response, security, and flight in urban areas.”
The concept isn’t without its critics. Just days ago, Axios reported that Denver police are using ShotSpotter, but can’t prove it actually reduces gun violence. New numbers show ShotSpotter alerts in Denver spiked in 2021 by nearly 25 percent compared to last year, but arrests only increased by 2 percent. The tech has been deployed in more than 100 cities worldwide, and Denver isn’t the only one to report problems with it.
https://www.axios.com/local/denver/2021/12/21/denver-spend-millions-shotspotter-technology
Tomi Engdahl says:
In 2022, security will be Linux and open-source developers job number one https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.