Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.


  1. Tomi Engdahl says:

    John D. McKinnon / Wall Street Journal:
    The US FTC seeks public comment on federal online privacy rules, which could take years to enact, and is considering various paths, such as focusing on children — Lack of a broad federal law has become a growing concern as online platforms and others amass troves of consumers’ search data and other information

    Federal Trade Commission Expected to Launch Effort to Expand Online Privacy Protection
    Lack of a broad federal law has become a growing concern as online platforms and others amass troves of consumers’ search data and other information

  2. Tomi Engdahl says:

    Researchers Find Stolen Algorithms in Commercial Cybersecurity Products

    LAS VEGAS – BLACK HAT USA 2022 – An analysis conducted by two researchers has revealed that some commercial cybersecurity products rely on algorithms that have been taken from other security tools without authorization.

    The results of the research will be presented on Thursday at the Black Hat conference in Las Vegas by Tom McGuire, instructor at Johns Hopkins University, and Patrick Wardle, macOS security expert and founder of the Objective-See Foundation, a non-profit that provides free and open source macOS security resources.

    The analysis focused on OverSight, a free tool offered via the Objective-See Foundation. The app enables users to monitor a Mac’s microphone and webcam, and alerts them whenever the mic is activated or the camera is accessed by a process.

    The analysis led to the discovery of three security tools — developed by three different companies — that used OverSight algorithms without authorization. OverSight has been available as a free tool since 2016, but it was only made open source in 2021. Reverse engineering it in an effort to create commercial products would be unethical, if not illegal.

    Using Google and Yara rules, the researchers identified commercial products using the same method names, paths, strings, undocumented registry keys, and parsing logic as OverSight.

    The offending companies were contacted and provided with proof that OverSight algorithms had been used in their products without authorization. They acknowledged the issue — even though one of the firms only took the researchers seriously after being faced with the possibility of public backlash — and promised to remove the code, and even offered financial compensation.

    Wardle told SecurityWeek that the compensation offered by the companies was reasonable — even if it was only a ‘drop in the bucket’ for them. The money will be used by the Objective-See Foundation for its Objective by the Sea conference, books and free tools.

    However, Wardle said, the most important aspect is that all of the companies seemed eager to make changes and ensure that such practices are avoided in the future, which was one of the project’s main goals, along with bringing attention to the issue.

    On the other hand, it’s worth mentioning that the researchers concluded that in a majority of cases the infringement is the work of a single — possibly naive — developer, rather than ‘malice of the entire corporation’.

  3. Tomi Engdahl says:

    New Identity Verification Feature Boosts Google Workspace Protections

    Google this week announced a new Google Workspace capability meant to prevent unauthorized sensitive changes to user accounts.

    Formerly called G Suite, Google Workspace provides enterprise users with secure collaboration and productivity tools.

    With the new feature in place, Google will evaluate a user’s current session and present them with a ‘verify-it’s-you’ prompt if the session is deemed risky.

    According to Google, the capability will prevent an attacker who has gained access to an account from making any changes that could impact the account owner and the organization the account belongs to.

    “Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action,” Google notes.

    Thus, if a threat actor has gained access to an account, their actions will be blocked until the account owner can verify that any attempted changes are intentional.

    tronger protection for sensitive Google Workspace account actions

    We’re introducing stronger safeguards for sensitive actions taken in your Google Workspace account. These apply to actions that, when done by hijackers, can have far reaching consequences for the account owner or the organization it belongs to.

    Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a “Verify it’s You” prompt. Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. For example, if a malicious actor gains access to your account and attempts to change the name on your account, the action will be blocked until the true account owner can verify that this was intentional.

    Note that this feature only supports users that use Google as their identity provider and actions taken within Google products. SAML users are not supported at this time. See below for more information.

  4. Tomi Engdahl says:

    Lily Hay Newman / Wired:
    After the Nebraska abortion case, Meta tests more E2EE chats and backups in Messenger, and says default E2EE messages and calls will roll out globally in 2023 — The company says an expansion of privacy features in Messenger is unrelated to a high-profile Nebraska abortion case.

    Meta Just Happens to Expand Messenger’s End-to-End Encryption
    The company says an expansion of privacy features in Messenger is unrelated to a high-profile Nebraska abortion case.

  5. Tomi Engdahl says:

    The Ever-Increasing Issue of Cyber Threats – and the Zero Trust Answer

    The benefits of ZTNA make it hard to ignore

    Ensuring that the right people have access to the proper resources when they need them whilst maintaining security and access controls across multiple data centers and cloud environments is one of the biggest technical challenges any organization faces.

    From Basecamp to Icefall: Secure by Design OT Makes Little Headway

    OT:Icefall: 56 vulnerabilities plague OT devices from 10 different major industrial manufacturers

    Ten years ago, Project Basecamp introduced SCADA exploits into Metasploit. The hope was that it would encourage a ‘Firesheep Moment’ (that is, the rapid solution to a long-known security issue following publication of an exploit); and more specifically, persuade manufacturers to introduce ‘security by design’. Ten years on, researchers have examined whether it worked – and it hasn’t.

    In 2013, Dale Peterson, founder and CEO at Digital Bond and contributor to Project Basecamp wrote, “We coined the term of Insecure By Design as part of Project Basecamp… Most ICS vulnerabilities matter little because most ICS protocols and controllers are Insecure By Design.”

  6. Tomi Engdahl says:

    Suomessa kehitetään digitaalista henkilökorttia – johtaja uskoo, että se voi jopa parantaa tietoturvaa

  7. Tomi Engdahl says:

    Lunnaiden maksu rikollisille voi olla välttämätöntä tietomurroissa
    tietoturva-asiantuntija: Toinen vaihtoehto on konkurssi
    Viime viikkojen aikana on tullut ilmi useita verkkohyökkäyksiä, joista uutistoimisto STT:hen ja konepajayhtiö Wärtsilään kohdistuneet hyökkäykset ovat olleet tietomurtoja. Loihde Trust -yhtiön kybertiedustelun johtaja, tietoturva-asiantuntija Benjamin Särkän mukaan tietomurroissa käytetään kiristyshaittaohjelmia, jotka ovat tällä hetkellä kyberrikollisuuden helpoin ja tuottavin tapa ansaita rahaa. Särkän mukaan rikollista toimintaa ei pidä lähtökohtaisesti rahoittaa, mutta joskus lunnaiden maksaminen on välttämätöntä. Jossain pienessä yrityksessä kyse voi olla konkurssista tai lunnaiden maksamisesta, sanoo Särkkä Ylen aamun haastattelussa.
    Kyberturvallisuuskeskuksen erityisasiantuntija Juha Tretjakovin linja lunnaisiin on tiukempi. Ei ole mitään takeita, että lunnaille saisi mitään vastinetta. Lisäksi se on rikollisryhmien rahoittamista.

  8. Tomi Engdahl says:

    Once, Twice, Three Times A Ransomware Victim: Triple-Hacked In Just 2 Weeks
    If he were alive today, Oscar Wilde could well be saying, “To be compromised by one ransomware actor may be regarded as unfortunate, to be compromised three times in two weeks looks like poor security posture.”. Yet, as outlined in a new Sophos report, here we are.
    That’s exactly what happened to one enterprise, an unnamed automotive supplies company, which fell victim to three different ransomware groups, three times, in the space of just 14 days.

  9. Tomi Engdahl says:

    Facebook testing end-to-end encryption as a default on Messenger
    Facebook has long been criticized for not using end-to-end encryption as a default option for its messaging service, but that might change soon. This week Facebook announced that it has started testing default end-to-end encryption among some users of its Messenger app. The company plans to roll out the feature for messages and calls globally next year. With end-to-end encryption, Facebook and its parent company Meta cannot view its users’ private conversations only the senders and recipients can. This is an important security feature that protects users from cybercriminals and hackers, as well as law enforcement, which may require social media platforms to provide a private chat history as part of an investigation.

  10. Tomi Engdahl says:

    Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year

    Microsoft this week announced that, over the past 12 months alone, it paid out $13.7 million in rewards as part of its bug bounty programs.

    The tech giant is currently running over 15 bug bounty programs covering assets across its cloud services, desktop applications and operating systems, and confidentiality and virtualization solutions, including a program covering the ElectionGuard open source software development kit (SDK).

    Security researchers interested in participating in Microsoft’s bug bounty programs may earn rewards of up to $250,000 for critical-severity vulnerabilities in Hyper-V that could lead to remote code execution, information disclosure, or denial of service (DoS).

    In fact, the single biggest payout that Microsoft handed out between July 1, 2021, and June 30, 2022, was of $200,000, awarded for a critical flaw in the Hyper-V hypervisor.

    During the 12-month period, more than 330 security researchers received rewards via Microsoft’s bug bounty programs, for an average payout of more than $12,000.

  11. Tomi Engdahl says:

    FTC Looking at Rules to Corral Tech Firms’ Data Collection

    Whether it’s the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.

    How that data is being used and protected has led to growing public concern and officials’ outrage. And now federal regulators are looking at drafting rules to crack down on what they call harmful commercial surveillance and lax data security.

    The Federal Trade Commission announced the initiative Thursday, seeking public comment on the effects of companies’ data collection and the potential benefit of new rules to protect consumers’ privacy.

    The FTC defines commercial surveillance as “the business of collecting, analyzing and profiting from information about people.”

    In Congress, bipartisan condemnation of the data power of Meta — the parent of Facebook and Instagram — Google and other tech giants that have earned riches by aggregating consumer information used by online advertisers, has brought national data privacy legislation to its closest point ever to passage.

  12. Tomi Engdahl says:

    Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities

    Google is once again boosting the maximum bounty payouts for Linux vulnerabilities reported as part of its open-source Kubernetes-based capture-the-flag (CTF) vulnerability rewards program (VRP).

    Called kCTF, the program was launched in 2020 to provide security researchers with the means to report vulnerabilities in the Google Kubernetes Engine (GKE), for which they receive a flag.

    “All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability. We’ve learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder,” Google notes.

  13. Tomi Engdahl says:

    Weaponized PLCs Can Hack Engineering Workstations in Attacks on Industrial Orgs

    Researchers have shown how hackers could weaponize programmable logic controllers (PLCs) and use them to exploit engineering workstations running software from several major industrial automation companies.

    PLCs can be a tempting target for threat actors as they can be abused to cause damage and disruption, and to make changes to the processes they control. This is why they are often seen as the ultimate goal of an attacker.

    However, researchers at industrial cybersecurity firm Claroty wanted to show that PLCs can also be used as a point of entry into an organization, being leveraged to target the engineering workstations connected to them and from there the rest of the internal network.

    In such an attack, named ‘Evil PLC Attack’, the hacker first compromises the PLC, which can often be exposed to the internet and unprotected, and then tricks an engineer into connecting to the PLC from the engineering workstation. This could be achieved by causing a fault on the PLC, which an engineer would likely want to investigate.

    During this research, vulnerabilities have been discovered in engineering workstation software from ABB (B&R Automation Studio), Emerson (PAC Machine Edition), GE (ToolBoxST), Ovarro (TwinSoft), Rockwell Automation (Connected Components Workbench), Schneider Electric (EcoStruxure Control Expert) and Xinje (XD PLC Program Tool).

    Nearly a dozen CVE identifiers have been assigned to the vulnerabilities. Over the past year and a half, impacted vendors have been releasing advisories to inform their customers about the flaws and associated patches and mitigations.

    The researchers have described three different theoretical Evil PLC attack scenarios.

    Researchers and defenders can also leverage the Evil PLC method against threat actors. They can set up a honeypot where an internet-facing PLC they have weaponized acts as a lure. When a malicious actor connects to the PLC from their own computer and attempts to obtain the currently loaded project from the controller, their device will get compromised.

    “This method can be used to detect attacks in the early stage of enumeration and might also deter attackers from targeting internet-facing PLCs since they will need to secure themselves against the target they planned to attack,” Claroty researchers said.

    The cybersecurity firm has shared technical details and mitigations for these types of attacks.

    Evil PLC Attack: Using a Controller as Predator Rather than Prey

    Team82 has developed a novel attack that weaponizes programmable logic controllers (PLCs) in order to exploit engineering workstations and further invade OT and enterprise networks. We’re calling this the Evil PLC Attack.

    The attack targets engineers working every day on industrial networks, configuring and troubleshooting PLCs to ensure the safety and reliability of processes across critical industries such as utilities, electricity, water and wastewater, heavy industry, manufacturing, and automotive, among others.

    The Evil PLC Attack research resulted in working proof-of-concept exploits against seven market-leading automation companies, including Rockwell Automation, Schneider Electric, GE, B&R, XINJE, OVARRO, and Emerson.

  14. Tomi Engdahl says:

    Hi everyone! Learn how easy it is to bypass antivirus and hacking windows machine using python from basic to advance.
    Article Link:
    #cybersecurity #ethicalhacking #penetrationtesting #informationsecurity #privacy #security #python #programming #coding #pythonprogramminglanguage

  15. Tomi Engdahl says:

    Callback phishing attacks see massive 625% growth since Q1 2021
    Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks. According to Agari’s Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022.
    However, the use of hybrid vishing’ is seeing a massive 625% growth.
    Vishing, “voice phishing, ” involves some form of a phone call to perform social engineering on the victim. Its hybrid form, called “callback phishing, ” also includes an email before the call, typically presenting the victim with a fake subscription/invoice notice. The recipient is advised to call on the provided phone number to resolve any issues with the charge, but instead of a real customer support agent, the call is answered by phishing actors.

  16. Tomi Engdahl says:

    Black Hat Windows isn’t the only mass casualty platform anymore
    In years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars. Windows is no longer alone at the front of the pack, hackwise it has company. The cloud, by nature, is multi-tenant.
    This means multiple clients rent a segment of a single shared resource from a cloud provider. But where the intersections exist between tenants and hardware, a single flaw can expose many tenants to badness, and how would they know? How would you know?

  17. Tomi Engdahl says:

    Ilma- ja meriliikenne alttiina kyberhyökkäyksille

    Kansainvälisessä ilma- ja meriliikenteessä käytettävien valvontateknologioiden tehtävä on lisätä tilannetietoisuutta, turvallisuutta ja viestiliikenteen toimivuutta. Samalla ne voivat olla alttiita kyberhyökkäyksille. Jyväskylän yliopistossa tehty väitöstutkimus paljastaa näiden järjestelmien alttiuden kyberhyökkäyksille ja kyseenalaistaa ADS-B- ja AIS-järjestelmien käytön turvallisuuden.

    Jyväskylän yliopistolla tällä viikolla tarkastettavassa väitöstyössä FM Syed Khandker analysoi kahden ilma- ja meriliikenteen turvallisuuden kannalta kriittisen valvontajärjestelmän, ADS-B:n (Automatic Dependent Surveillance-Broadcast) ja AIS:n (Automatic Identification System) turvallisuusominaisuuksia.

    Järjestelmät ovat käytössä käytännössä lähes kaikissa kaupallisesti toimivissa ilma- ja merialuksissa. Esimerkiksi Yhdysvallat ja EU vaativat ADS-B:n käyttöä kaikkialla ilmatilassaan. Khandker havaitsi tutkimuksissaan, että vaikka järjestelmien kehittämiseen on käytetty useita miljoonia dollareita, ne eivät ole esineiden Internetin aikakaudella riittävän turvallisia, ja niihin voidaan vaikuttaa hyvinkin edullista laitteistoa käyttämällä.

    Positioning services in different wireless networks : a development and security perspective

  18. Tomi Engdahl says:

    Kyberhyökkäysten kustannukset maksaa lopulta kuluttaja

    Tietoturvaloukkausten määrät kasvavat maailmanlaajuisesti. IBM:n tuoreen raportin mukaan kyberhyökkäysten aiheuttamat kustannukset ovat nousseet ennätystasolle. Kyberhyökkäyksen keskimääräinen hinta yritykselle on jo 4,35 miljoonaa dollaria. Lopulta kustannukset päätyvät kuluttajan maksettavaksi.

    IBM Securityn tuoreen Cost of Data Breach -raportin mukaan tietoturvaloukkauksia – kuten tietomurtoja, palvelunestohyökkäyksiä tai kiristysohjelmia – tehdään maailmanlaajuisesti yhä enemmän. Myös niiden vaikutukset ovat kasvussa. Tietoturvaloukkausten kustannukset ovat raportin mukaan nousseet kahdessa vuodessa 13 prosenttia.

    Eniten tietomurto maksaa terveydenhuoltoalalla, jossa keskimääräiset kustannukset tietoturvaloukkauksista ovat nousseet jo kymmeneen miljoonaan dollariin. Kyberrikollisuuden maksumiehiksi joutuvat lopulta kuluttajat ja yritysten asiakkaat. IBM:n analysoimista 550 yrityksestä 60 prosenttia kertoi nostaneensa tuotteidensa tai palveluidensa hintaa tietoturvahyökkäyksen jälkeen.

    Vuoden 2022 Cost of data Breach -raporttiin analysoitiin yhteensä 550 sellaista globaalia organisaatiota, joihin kohdistui tietoturvaloukkauksia maaliskuun 2021 ja maaliskuun 2022 välisenä aikana. IBM:n rahoittaman ja analysoiman tutkimuksen toteutti Ponemon Institute. Vuoden 2022 Cost of Data Breach -raportin voi ladata täältä.

    How much does a data breach cost in 2022?

  19. Tomi Engdahl says:

    Callback phishing attacks see massive 625% growth since Q1 2021

    Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks.

    According to Agari’s Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022. However, the use of ‘hybrid vishing’ is seeing a massive 625% growth.

  20. Tomi Engdahl says:

    Are You Being Followed? Use a Raspberry Pi to Find Out
    Using inexpensive components, a Black Hat presenter built a device that sniffs the airwaves to check for people on your tail.

  21. Tomi Engdahl says:

    Malicious browser extensions targeted almost 7 million people
    Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links. This finding is based on telemetry data collected by Kaspersky, which reports over 1, 300, 000 attempts by users to install malicious extensions throughout H1 ’22, an increase compared to last year’s figures. From January 2020 to June 2022, Kaspersky recorded adware extensions targeting 4.3 million unique users, corresponding to roughly 70% of all malicious extensions in that period.

  22. Tomi Engdahl says:

    The Future of CyberSecurity is Prevention

    Zero Trust has become so prevalent that it has lost some of its stopping power

    Just based on the number of cybersecurity firms that have popped up in the last few years, it’s not hard to see that we’re having a moment of heightened anxiety. Some organizations are on alert because they know their networks have already been targeted by state-sponsored hackers, others know their executives are being targeted by fraudsters, and yet others are worried about insider threats and intellectual property theft.

    The kind of anxiety depends on the organization, and the solutions for it depend on what cybersecurity company they are talking to: some deal in improving threat response, while others solve specific problems, such as detecting and remediating malware attacks.

    While awareness and vigilance are not the biggest worry today, the real issue we now face is that all these security companies are focused on dealing with security after the fact, once indicators of compromise have surfaced. By then, the damage is done; the latest annual IBM Cost of a Data Breach report found the cost of a data breach has hit a record $4.35 million on average, and that doesn’t count all the damage to reputation and other intangibles that follows a cyber attack.

    So an ounce of prevention is definitely worth a pound of cure when it comes to cybersecurity. Companies need to place a stronger focus on prevention, just as they now dedicate to detection and response. To make a difference in cybersecurity, rather than deal with incidents after they’ve already happened, defenders need to prevent them; fight the disease, not its symptoms.

    Many companies have embraced zero trust architectures as a prevention tool, but zero trust has become so prevalent that it has lost some of its stopping power. Everybody now has a different definition of what zero trust is to their organization, and the bad guys are finding ways around the certificate handshakes and verifications that make it work.

  23. Tomi Engdahl says:

    Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High
    IBM Security and the Ponemon institute release an annual report known as one the most significant industry benchmarks. The Cost of a Data Breach analysis examines real-world breaches in great detail, producing insights into the factors that impact the cost of cyber-attacks. In the 2022 report just released, the healthcare sector stands out for extremely high breach costs on the global average chart. Furthermore, the sector has kept its leading position in that respect for the 12th year in a row, setting a new record of $10.10 million in average breach costs after rising nearly $1 million from the previous year. Here are some stats to consider in comparison:. * The global average of breaches across all sectors was $4.32 million. * The average ransomware attack costs organizations $4.54 million. * The average critical infrastructure attack came in at $4.82 million

  24. Tomi Engdahl says:

    RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
    RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. “Users in this category who do not have MFA enabled on the UI and API or UI and gem sign-in level will not be able to edit their profile on the web, perform privileged actions (i.e. push and yank gems, or add and remove gem owners), or sign in on the command line until they configure MFA, ” RubyGems noted.

  25. Tomi Engdahl says:

    iOS VPNs have leaked traffic for more than 2 years, researcher claims
    A security researcher says that Apple’s iOS devices don’t fully route all network traffic through VPNs, a potential security issue the device maker has known about for years. Michael Horowitz, a longtime computer security blogger and researcher, puts it plainlyif contentiouslyin a continually updated blog post. “VPNs on iOS are broken, ” he says. Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz’s findings with advanced router logging, can still send data outside the VPN tunnel while it’s active.

  26. Tomi Engdahl says:

    Vulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches

    Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches.

    In a major revision of its disclosure policies, the vulnerability broker said it will set strict 30-day deadlines for critical-level bug reports that result from faulty or incomplete patches as part of a deliberate effort to reverse a disturbing trend around patch quality and transparency around vendor communications.

    “Over the last few years, we’ve noticed a disturbing trend – a decrease in patch quality and a reduction in communications surrounding the patch. This has resulted in enterprises losing their ability to accurately estimate the risk to their systems,” ZDI said in a note announcing the disclosure timeline policy change.

    In an interview with SecurityWeek, ZDI spokesman Dustin Childs said the company will implement a tiered approach based on the severity of the bug and the efficacy of the original fix.

    On the first tier, an aggressive 30-day timeframe will be applied for more critical-rated cases where exploitation is detected or likely to happen. Childs said ZDI will implement 60-day deadlines for critical- and high-severity bugs where the patch offers some protections and a 90-day window for vulnerabilities no imminent exploitation is expected.

    The vulnerability wholesaler typically gives companies up to 120 days to patch security vulnerabilities bought from bug-bounty hackers and Childs said aggressive deadlines is one of the few tools available to influence software vendors.

    Over the last 18 months, Childs said ZDI bug bounty data shows a dramatic surge in submissions related to faulty patches that are easy to bypass or fail to fix the underlying vulnerability.

    “We’re seeing between 10% and 20% of all bugs we’ve purchased come from bad patches. We’re seeing it across the board, not just in our regular bug bounty program, but at Pwn2Own and other submissions, it’s a significant problem,” Childs said.

    During a Black Hat conference session in Las Vegas last week (download slides), Childs and ZDI colleagues shared data showing a surge in patches that make no effective changes (the vulnerability is still present after the vendor’s official patch is applied) and an ongoing issue where patches are bypassed mere hours after a patch is released.

    The company identified faulty patches from a roster of major tech vendors, including Microsoft, Adobe, Google, Oracle, VMware, Cisco, Apple, HP and Dell.

    Childs blamed a “lack of commitment” from vendors to sustained security engineering and response and an absence of transparency in communications or advisories.

  27. Tomi Engdahl says:

    Making each endpoint resilient is paramount to implementing a successful defense strategy

    Media coverage of data breaches (e.g., Cisco, Flagstar Bank, South Denver Cardiology Associates) often puts a spotlight on the tail end of the cyberattack life cycle, focusing on the exfiltration points rather than how the threat actor got there.

    Post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials that are subsequently used to establish a beachhead on an end user device (e.g., desktop, laptop, or mobile device). In such instances, endpoints serve as the main point of access to an enterprise network and therefore are often exploited by malicious actors. That’s why it is not surprising that a Ponemon Institute survey revealed 68 percent of organizations suffered a successful endpoint attack within the last 12 months.

    Most IT teams rely on specialized software to manage and secure the endpoint, which serves as the primary work utensil for today’s anywhere workforce. Endpoint management remains a foundational component of any IT team’s enterprise infrastructure strategy. The rapid pivot to a work from anywhere workforce however threw a curve ball to organizations which were employing more traditional approaches.

  28. Tomi Engdahl says:

    Attackers waited until holidays to hit US government >

    Sometimes they even wait for Blackhat/Defcon .. since most of their smart people are OoO

  29. Tomi Engdahl says:

    Spyware Hunters Are Expanding Their Toolset
    This invasive malware isn’t just for phones—it can target your PC, too. But a new batch of algorithms aims to weed out this threat.

  30. Tomi Engdahl says:

    Don’t let your Firewalls be STUN DDoS Reflector

    Your firewalls can be used as a STUN DDoS reflector to attack others on the Internet. Open UDP firewall ports for STUN (Session Traversal Utilities for NAT) are being exploited for DDoS reflection. Your network is most likely one of those networks.

    Shadowserver now detects 101k IPv4 and 2.9K IPv6 accessible UDP STUN services.

  31. Tomi Engdahl says:

    Blockchain Technology As a Defense Mechanism Against Cyberattacks
    Specifically the utilization of the Ethereum-based IPFS node network.

  32. Tomi Engdahl says:

    China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year
    The Chinese advanced persistent threat (APT) actor tracked as Winnti (aka APT41) has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. “The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation, ”
    cybersecurity firm Group-IB said in a report shared with The Hacker News. This also included the attack on Air India that came to light in June 2021 as part of a campaign codenamed ColunmTK. The other three campaigns have been assigned the monikers DelayLinkTK, Mute-Pond, and Gentle-Voice based on the domain names used in the attacks.

  33. Tomi Engdahl says:

    The US military wants to understand the most important software on Earth

    Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted

  34. Tomi Engdahl says:

    Universal ZTNA is Fundamental to Your Zero Trust Strategy

    Universal ZTNA ensures that every user and device has secure access to the applications they need to do their jobs

    Digital transformation requires a fundamental security paradigm shift that catches many organizations unprepared. New business demands, fueled mainly by the recent transition to a hybrid workforce model, mean any user on any device needs to access resources distributed across the network. This inevitably introduces security challenges because point security products cannot deliver consistent and comprehensive end-to-end security policies across all those environments and scenarios.

    Part of the challenge is that most organizations use a security model that defines trusted users and devices by which side of the perimeter they are on. Because users and devices inside the perimeter are trusted implicitly, they have broad access to resources. But that’s not how most networks today work. Perimeters are eroding. Applications, data, and other resources can be deployed anywhere, and users and devices need access regardless of location. And worse, those networks are also subject to constant change. Traditional security solutions were simply never designed to protect these fluid, perimeterless environments.

    Zero Trust requires rethinking security

    Rather than dialing back on digital acceleration, organizations are being encouraged to adopt Zero Trust as a corporate security strategy. The basic idea behind Zero Trust is that today’s network perimeters are highly porous and distributed, making every transaction a potential risk. As a result, every user and device must be authenticated, specific rights granted based on a least privilege model, and continuous monitoring applied. But according to Gartner, while “60% of organizations will embrace Zero Trust as a starting point for security by 2025”, “more than half will fail to realize the benefits.”

  35. Tomi Engdahl says:

    Joka neljäs venäläinen kiertää Putinin propagandaa VPN:n avulla

    AtlasVPN:n tuoreimman VPN-barometrin mukaan (Global VPN Adoption Index) VPN-latauksien määrä oli vuoden ensimmäisellä puoliskolla 215 miljoonaa. Merkittävin markkinoiden muutos tapahtui Venäjällä, jossa lähes neljäsosa väestöstä latasi VPN-palveluita. VPN on venäläisten keskeinen keino kiertää Putinin hallinnon propagandaa, joka kertoo omaa versiotaan maan laittomasta hyökkäyksestä Ukrainaan.

    Vielä vuodenvaihteessa vain 3-9 prosenttia venäläisistä käytti VPN-yhteyksiä. Tilanne muuttui maaliskuussa, kun venäläinen tuomioistuin kielsi Facebookin ja Instagramin leimaamalla sen emoyhtiö Metan ekstremistiseksi.

  36. Tomi Engdahl says:

    New Intel chips won’t play Blu-ray disks due to SGX deprecation

    Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution.

    This technical problem arises from the fact that Blu-ray disks require Digital Rights Management (DRM), which needs the presence of SGX to work.

    This is a feature that Intel introduced in the Skylake generation back in 2016, enabling PCs to play protected Blu-ray disks for the first time.

  37. Tomi Engdahl says:

    Intel’s New Tech Stops Physical Attacks
    By Anton Shilov

    Intel’s Alder Lake CPUs have protection against fault injections.

  38. Tomi Engdahl says:

    Deepfake yleistyy – pian emme enää väittele siitä, mitä videolla sanottiin

    Suomi kohisee tällä hetkellä siitä, mitä pääministeri on tehnyt vapaa-ajallaan. Analyyseissä on keskitytty jopa videon äänen spektrianalyysiin. Pian tälle analyysille ei ole tarvetta. Deepfake-videoiden tuotanto on kovassa kasvussa.

    Muun muassa tämä käy ilmi VMwaren Black Hat -messuilla julkistamasta Global Incident Response Threat -tutkimuksesta. Raportti sukeltaa syvälle tietoturvatiimien kohtaamiin haasteisiin, kuten pandemian aiheuttamiin häiriöihin ja työuupumukseen geopoliittisten kyberhyökkäysten keskellä.

    Raportin tulosten mukaan 65 prosenttia tietoturvatiimeistä sanoo, että kyberhyökkäykset ovat lisääntyneet sen jälkeen, kun Venäjä hyökkäsi Ukrainaan. Tämä on tietenkin lisännyt tiimien työtaakka ja stressiä. 47 prosenttia hyökkäyksiin vastanneista kertoi kokeneensa työuupumusta tai äärimmäistä stressiä viimeisen 12 kuukauden aikana. 69 prosenttia vastaajista on harkinnut alanvaihtoa. Yli kaksi kolmasosaa vastaajista ilmoitti, että heidän työpaikallaan on otettu käyttöön hyvinvointiohjelmia uupumuksen torjumiseksi.

  39. Tomi Engdahl says:

    Chinese Cyberspy Group ‘RedAlpha’ Targeting Governments, Humanitarian Entities

    For the past three years, Chinese state-sponsored cyberespionage group RedAlpha has been observed targeting numerous government organizations, humanitarian entities, and think tanks.

    Also tracked as Deepcliff and Red Dev 3, the advanced persistent threat (APT) actor has been active since at least 2015, focused on intelligence collection, including the surveillance of ethnic and religious minorities, such as the Tibetan and Uyghur communities.


Leave a Comment

Your email address will not be published. Required fields are marked *