Cyber trends for 2023

Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.

HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.

Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.

Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.

Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications

Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.

Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.

Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.

MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.

Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.

EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?

USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.

Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.

Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.

Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.

Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.

Governance: For boards and management, heightened pressure around climate action dovetails with the SEC’s proposed rules about cybersecurity oversight, which may soon become law. When they do, companies will need to prepare for more disclosures about their cybersecurity policies and procedures. With fresh scrutiny on directors’ cybersecurity expertise, or lack thereof, boards will need to take their cyber savviness to the next level as well.

Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.

Auditing: Audit’s role in corporate governance and risk management has been evolving. Once strictly focused on finance and compliance, internal audit teams are now increasingly expected to help boards and executive management identify, prioritize, manage and mitigate interconnected risks across the organization.

Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workersleaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.

Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers

Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.

Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.

Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”

Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.

Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,

War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.

Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.

ISC: ICS and SCADA systems remain trending attack targets also in 2023.

Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.

Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.

PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.

SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.

Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.

Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.

Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.

MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!

Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-

Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.

VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.

AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.

AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?

Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.

Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.

Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.


Asiantuntija neuvoo käyttämään pilkkua sala­sanassa – taustalla vinha logiikka

Overseeing artificial intelligence: Moving your board from reticence to confidence

Android is adding support for updatable root certificates amidst TrustCor scare

Google Play now lets children send purchase requests to guardians

Diligent’s outlook for 2023: Risk is the trend to watch

Microsoft will turn off Exchange Online basic auth in January

Google is letting businesses try out client-side encryption for Gmail

Google Workspace Gets Client-Side Encryption in Gmail

The risk of escalation from cyberattacks has never been greater

Client-side encryption for Gmail available in beta

AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range

Microsoft: Edge update will disable Internet Explorer in February

Is Cloud Native Security Good Enough?

The Privacy War Is Coming

Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023

Google Chrome preparing an option to block insecure HTTP downloads

Cyber attacks set to become ‘uninsurable’, says Zurich chief

The Dark Risk of Large Language Models

Police Must Prepare For New Crimes In The Metaverse, Says Europol

Policing in the metaverse: what law enforcement needs to know

Cyber as important as missile defences – an ex-NATO general

Misconfigurations, Vulnerabilities Found in 95% of Applications

Mind the Gap

Yritysten kyberturvassa edelleen isoja aukkoja Asiantuntija: Kysymys jopa kansallisesta turvallisuudesta

Personnel security in the cloud

Multi-factor auth fatigue is real – and it’s why you may be in the headlines next

MFA Fatigue attacks are putting your organization at risk

Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience | News | European Parliament

NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset

Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?

Poor software costs the US 2.4 trillion

Passkeys Now Fully Supported in Google Chrome

Google Takes Gmail Security to the Next Level with Client-Side Encryption

Executives take more cybersecurity risks than office workers

NIST Retires SHA-1 Cryptographic Algorithm

NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections

Over 85% of Attacks Hide in Encrypted Channels

GitHub Announces Free Secret Scanning, Mandatory 2FA

Leaked a secret? Check your GitHub alerts…for free

Data Destruction Policies in the Age of Cloud Computing

Why PCI DSS 4.0 Should Be on Your Radar in 2023

2FA is over. Long live 3FA!

Google: With Cloud Comes APIs & Security Headaches

Digesting CISA’s Cross-Sector Cybersecurity Performance Goals

Zero Trust Shouldnt Be The New Normal

Don’t click too quick! FBI warns of malicious search engine ads

FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads

Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

Kyberturvan ammattilaisista on huutava pula

Is Enterprise VPN on Life Support or Ripe for Reinvention?

Cyber as important as missile defences – an ex-NATO general


  1. Tomi Engdahl says:

    Don’t Just Delete Facebook, Poison Your Data First

    If you’re savvy with code, you can employ a script that repeatedly alters your Facebook posts with nonsense, making it more difficult for the social media site to collect user data.

  2. Tomi Engdahl says:

    What Is a Dirty IP Address and How Does It Affect Your Security?
    PUBLISHED MAR 19, 2023
    A dirty IP address is like having a black mark on your record. It tells the web you’re not to be trusted.

  3. Tomi Engdahl says:

    OpenSSL 1.1.1 End of Life
    We are now less than 6 months away from the End Of Life (EOL) date for the OpenSSL 1.1.1 series. Users of OpenSSL 1.1.1 should consider their options and plan any actions they might need to take.
    OpenSSL 1.1.1 is a Long Term Support (LTS) release. Our policy is to support LTS releases for a period of 5 years. During the last year of that we typically only backport security fixes to a release.
    OpenSSL 1.1.1 was released on 11th September 2018, and so it will be considered EOL on 11th September 2023. It will no longer be receiving publicly available security fixes after that date.
    If you got your copy of OpenSSL 1.1.1 from your Operating System vendor (e.g. via .rpm or .deb packages) or some other third party then the support periods that you can expect from them may differ to those provided by the OpenSSL Project itself.
    Our most recent version is OpenSSL 3.1 which will be supported until 14th March 2025. Also available is OpenSSL 3.0 which is an LTS release and will be supported until 7th September 2026. Our migration guide provides some useful information on the issues you should be considering when upgrading.
    Another option is to purchase a premium support contract which offers extended support (i.e. ongoing access to security fixes) for 1.1.1 beyond its public EOL date.

  4. Tomi Engdahl says:

    FDA Announces New Cybersecurity Requirements for Medical Devices

    The FDA is asking medical device manufacturers to provide cybersecurity-related information when submitting an application for a new product.

    According to the FDA, submissions for new medical devices will need to include specific cybersecurity-related information, such as the description of a plan for identifying and addressing vulnerabilities and exploits in a reasonable time.

    Companies must also provide details on the processes and procedures for releasing postmarket updates and patches that address security issues, including through regular updates and out-of-band patches in the case of critical vulnerabilities.

    The information provided to the FDA must also include a software bill of materials (SBOM) for commercial, open source and off-the-shelf components.

    The requirements apply to cyber devices — this is any device that runs software, has the ability to connect to the internet, and could be vulnerable to cyber threats.

    The new cybersecurity requirements do not apply to submissions prior to March 29, 2023, and the FDA will not reject applications solely on this requirement until October 1 — it will provide assistance to companies until that date. However, starting with October 1, the agency may start rejecting premarket submissions that do not contain the required information.

    The FDA has also published an FAQ page that provides additional clarifications on the new requirements, as well as links to useful resources.

    The US Cybersecurity and Infrastructure Security Agency (CISA) has been publishing advisories that describe vulnerabilities in medical devices, and a report published earlier this year by industrial cybersecurity firm SynSaber shows that the number of flaws reported in 2022 decreased to 23, from 87 in 2021 and 79 in 2021.

    Cybersecurity in Medical Devices Frequently Asked Questions (FAQs)

  5. Tomi Engdahl says:

    15 million public-facing services vulnerable to CISA KEV flaws
    Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA’s KEV (known exploitable
    vulnerabilities) catalog. This massive number is reported by cybersecurity company Rezilion, which conducted large-scale research to identify vulnerable systems exposed to cyberattacks from threat actors, whether state-sponsored or ransomware gangs. Rezilion’s findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA’s KEV catalog as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets

  6. Tomi Engdahl says:

    Squeezing Secrets Out Of An Amazon Echo Dot

    As we have seen time and time again, not every device stores our sensitive data in a respectful manner. Some of them send our personal data out to third parties, even! Today’s case is not a mythical one, however — it’s a jellybean Amazon Echo Dot, and [Daniel B] shows how to make it spill your WiFi secrets with a bit of a hardware nudge.

    There’s been exploits for Amazon devices with the same CPU, so to save time, [Daniel] started by porting an old Amazon Fire exploit to the Echo Dot. This exploit requires tactically applying a piece of tin foil to a capacitor on the flash chip power rail, and it forces the Echo to surrender the contents of its entire filesystem, ripe for analysis. Immediately, [Daniel] found out that the Echo keeps your WiFi passwords in plain text, as well as API keys to some of the Amazon-tied services.

    Found an old Echo Dot at a garage sale or on eBay? There might just be a WiFi password and a few API keys ripe for the taking, and who knows what other kinds of data it might hold. From Amazon service authentication keys to voice recognition models and maybe even voice recordings, it sounds like getting an Echo to spill your secrets isn’t all that hard.

    “Alexa, what is my wifi password?”

  7. Tomi Engdahl says:

    ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications

    Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

    This is the Age of artificial intelligence (AI). We think it is new, but it isn’t. The AI Revolution has been in progress for many years. What is new is the public appearance of the large scale generative pre-trained transformer (GPT) known as ChatGPT (an application of Large Language Models – LLMs).

    ChatGPT has breached our absolute sensory threshold for AI. Before this point, the evolution of AI was progressing, but largely unnoticed. Now we are suddenly very aware, as if AI happened overnight. But it’s an ongoing evolution – and is one that we cannot stop. The genius is out of the bottle, and we have little understanding of where it will take us.

    At a very basic level, these implications can be divided into areas such as social, business, political, economic and more. There are no clear boundaries between them. For example, social and business combine in areas such as the future of employment.

    OpenAI, the developer of ChatGPT published its own research in this area: An Early Look at the Labor Market Impact Potential of Large Language Models. (PDF). It concludes, among other things, “around 19% of workers may see at least 50% of their tasks impacted.”

    But we must be clear – these wider effects of AI on society and economics are not our concern here. We are limiting ourselves to discussing the cybersecurity, privacy and ethical implications emerging from the GPT and LLM elements of AI.

  8. Tomi Engdahl says:

    Suomi lisää kyberturvallisuuden koulutusta
    Kyberturvallisuuden osaajapula on haaste, jota pyritään korjaamaan myös valtion rahoituksella. Uusimpana Opetus- ja kulttuuriministeriö rahoittaa 2,2 miljoonalla eurolla kolmivuotista koulutushanketta, jolla halutaan vahvistaa yliopistojen yhteistyötä sekä avata opintomahdollisuuksia yli korkeakoulurajojen ja lisätä täydennyskoulusta suomalaisyrityksille.
    Kansallisen kyberturvallisuuskoulutuksen yhteistyöverkoston rakentaminen -nimistä hanketta koordinoi Jyväskylän yliopisto ja siihen osallistuvat Aalto-yliopisto, Helsingin yliopisto, Lappeenrannan-Lahden teknillinen yliopisto, Oulun yliopisto, Tampereen yliopisto, Turun yliopisto, Vaasan yliopisto ja Åbo Akademi. Hankkeen rahoitus jakautuu näiden yliopistojen kesken.

  9. Tomi Engdahl says:

    Yhdenkin käyttäjän tekemä virhe voi aiheuttaa merkittävät taloudelliset vahingot ja mainehaitan yritykselle. Frendy Oy:n tietojenkalastelutestiin osallistuneista yrityksistä 72 prosentissa yksi tai useampi käyttäjä jäi haaviin.

    IT-kentällä Suomessa operoiva Frendy Oy selvitti alkuvuodesta suomalaisten PK-yritysten alttiutta joutua tietojenkalastelun kohteeksi. Se, että yli seitsemässä yrityksessä kymmenestä yksi tai useampi käyttäjä luovutti sähköpostitunnuksensa on äärimmäisen huolestuttaa.

    - Yritysten kohdalla yhdenkin käyttäjän tunnusten vuotaminen voi johtaa laajamittaiseen katastrofiin, kertoo Frendyllä tietoturvasta vastaava liiketoimintapäällikkö Tuomas Karhula.

  10. Tomi Engdahl says:

    Terrifying study shows how fast AI can crack your passwords; here’s how to protect yourself

    Along with the positive aspects of the new generative AI services come new risks. One that’s surfaced is an advanced approach to cracking passwords called PassGAN. Using the latest AI, it was able to compromise 51% of passwords in under one minute with 71% of passwords cracked in less than a day. Read on for a look at the character thresholds that offer security against AI password cracking, how PassGAN works, and more.

  11. Tomi Engdahl says:

    Kyberuhkien torjuntaan koulutetaan lisää osaajia, mutta nyt ollaan jo myöhässä, sanoo professori
    Venäjän aloittama sota Ukrainassa on kiristänyt myös kyberturvallisuustilannetta. Yliopistot vastaavat alan osaajapulaan aloittamalla uuden yhteistyön koulutuksessa. Yliopistot lisäävät kyberturvallisuuden koulutusta vastatakseen osaajapulaan. Oulun yliopisto aikoo lisätä alan osaajia uudella suuntautumisvaihtoehdolla, joka on suunnattu suoritettavaksi tietotekniikan tutkinto-ohjelman maisterivaiheessa. Hankkeen päätavoite on yhteistyön avulla parantaa koko Suomen kyberturvallisuuden opetusta, kertoo Oulun yliopiston ja Maanpuolustuskorkeakoulun yhteinen kyberturvallisuuden professori Kimmo Halunen

  12. Tomi Engdahl says:

    Stopping cybercriminals from abusing security tools
    Microsofts Digital Crimes Unit (DCU), cybersecurity software company Fortra and Health Information Sharing and Analysis Center
    (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has worked in the past the scope is greater, and the operation is more complex.
    Instead of disrupting the command and control of a malware family, this time, we are working with Fortra to remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals

  13. Tomi Engdahl says:

    Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
    Typhon is an information stealer first publicly reported in mid-2022.
    It steals sensitive information, such as cryptocurrency wallet data, from a variety of applications and uses a file grabber to collect a predefined list of file types, then exfiltrates them via Telegram.
    Since its initial arrival, it has undergone continuous development, with Typhon Reborn being released just several months later in late 2022. The malwares developer announced the release of Typhon Reborn V2 on Jan. 31, 2023 on the popular Russian language dark web forum XSS.
    Samples uploaded to public repositories indicate that the new version of Typhon Reborn has been in the wild since December 2022

  14. Tomi Engdahl says:

    The Telegram phishing market
    Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging apps handy features cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is especially popular with phishers. They have become adept at using Telegram both for automating their activities and for providing various services from selling phishing kits to helping with setting up custom phishing campaigns to all willing to pay

  15. Tomi Engdahl says:

    Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation’s Crown Jewels
    Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned. According to Etay Maor, Senior Director Security Strategy at Cato Networks, “It’s interesting to note critical infrastructure doesn’t necessarily have to be power plants or electricity. A nation’s monetary system or even a global monetary system can be and should be considered a critical infrastructure as well.”

  16. Tomi Engdahl says:

    Security headers you should add into your application to increase cyber risk protection
    Web applications are a wide world that is currently the object of numerous cyberattacks, mostly seeking to compromise the information directly in the clients that use them. Considering the shortage of programmers, most of them are looking to finish the developments that are requested in the shortest periods of time. Although development frameworks carry out some default protection for attacks such as SQL Injection, the same is not the case for other types of attacks. I have been able to demonstrate the framework’s default security protections in multiple developments, which opens up vulnerable scenarios as the ones described.other scenarios such as man-in-the-middle attacks (MITM), cross-site scripting and cross-site injections

  17. Tomi Engdahl says:

    Tällaisia lunnaita nettikiristäjät vaativat suomalaisyrityksiltä Gdpr on vain pahentanut tilannetta
    Pandemia ja kryptovaluutat ovat palvelleet nettikiristäjiä, mutta myös gdpr on tarjonnut rosvoille yllättävän uuden vipuvarren.
    Ammattirikolliset nettoavat yhä suurempia summia niin kauan kuin lunnaita maksetaan. Kiristyshaittaohjelma pysäytti Yhdysvaltain suurimman polttoaineenjakeluverkoston. Psykoterapiakeskus Vastaamon asiakkaita kiristettiin varastetuilla potilastiedoilla. Kauppaketju Coopin kassajärjestelmä jumiutui viikoksi Ruotsissa. Uusista kiristyshyökkäyksistä uutisoidaan viikoittain. Kahdessa vuodessa myös vaaditut lunnaat ovat moninkertaistuneet. Suurin yksittäiseen yhtiöön kohdistunut lunnasvaatimus on 50 miljoonaa dollaria, jota kiristettiin tietokonejätti Acerilta maaliskuussa 2021

  18. Tomi Engdahl says:

    All Dutch govt networks to use RPKI to prevent BGP hijacking
    The Dutch government will upgrade the security of its internet routing by adopting before the end of 2024 the Resource Public Key Infrastructure (RPKI) standard. RPKI, or Resource Certification protects against erroneous rerouting of internet traffic, maliciously or not, through cryptographic verification of the routes. The standard uses digital certificates to secure the Border Gateway Protocol (BGP) used for exchanging routing information and ensure that the traffic comes through the legitimate network operator controlling the IP addresses on the destination path. Standardization Forum in the Netherlands, a research and advising organization that serves the public sector on the use open standards, announced that all communication devices (ICT) managed by the Dutch government must use the RPKI standard by 2024

  19. Tomi Engdahl says:

    Overview of Google Play threats sold on the dark web
    In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to official stores, such as Google Play. These are usually policed vigorously, and apps are pre-moderated before being published; however, the authors of malicious and unwanted software employ a variety of tricks to bypass platform checks. For instance, they may upload a benign application, then update it with malicious or dubious code infecting both new users and those who have already installed the app. Malicious apps get removed from Google Play as soon as they are found, but sometimes after having been downloaded a number of times

  20. Tomi Engdahl says:

    How LockBit Changed Cybersecurity Forever
    In every industry, visionaries drive progress and innovation. Some call these pioneers crazy. The same rule applies to the world of cyber gangs. Most threat groups try to maintain a low profile. They dont seem to trust anyone and want tight control over money flow. Then along came LockBit. Not only does the group maintain a high profile, but theyve also turned ransom monetization upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. Whats the secret to LockBits success? How has security changed due to the gangs appearance?

  21. Tomi Engdahl says:

    Nämä ovat vaarallisimmat tiedostot hakkeri kertoo, miten kannattaa suojautua
    Sähköpostien tai pikaviestien liitetiedostot ovat yleisimpiä tapoja toteuttaa verkkohyökkäys. Tiedostotyyppejä on moneen lähtöön, ja toiset niistä ovat käytännössä vaarallisempia kuin toiset. Murtautujat ovat käyttäneet vuosikausia Microsoftin 365-, tuttavallisemmin Office
    - -tiedostoja, kuten Word-asiakirjoja (.doc), Excel-taulukoita (.xls) ja PowerPoint-esityksiä (.ppt) haittaohjelmien levittämiseen. Microsoft on kuitenkin muuttanut niiden turvakäytäntöjä siten, että asiakirjoihin koodatut ohjelmat, makrot, eivät käynnisty automaattisesti. Makrojen tehtävä on automatisoida toimintoja ja luoda pienohjelmia asiakirjojen sisään, mutta niillä voi koodata myös haittaohjelmia

  22. Tomi Engdahl says:

    LLMs and Phishing
    Heres an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. Its an interesting experiment, and the results are likely to vary wildly based on the details of the experiment. But while its an easy experiment to run, it misses the real risk of large language models (LLMs) writing scam emails. Todays human-run scams arent limited by the number of people who respond to the initial email contact. Theyre limited by the labor-intensive process of persuading those people to send the scammer money. LLMs are about to change that

  23. Tomi Engdahl says:

    Google Wants Android Users to Have More Control Over Their Data

    Developers of Android applications will be required by Google to allow users to delete their account and data from within the app and online.

    Google this week announced plans to increase the control that Android users have over their data by requiring developers to enable data deletion both from the app and online.

    The initiative, expected to be enforced towards the end of the year, is part of a long-time initiative to improve user trust by requiring developers to provide clear information on their applications’ privacy and security practices.

    The new data deletion policy will offer increased control over user data by requiring developers to “provide an option to initiate account and data deletion from within the app and online,” Google explains.

    The web requirement, which developers will have to link in their data safety form, will allow users to request account and data deletion without reinstalling the application.

    Users can already access information on the available data deletion options in Google Play’s data safety section, but the upcoming option will make it easier for them to request data deletion.

  24. Tomi Engdahl says:

    Companies Like eBay are Port Scanning End-users’ Computers: What Does it Mean and How Can You Protect Yourself?

    If you’ve ever heard that a business website is port scanning its online shoppers – you might be interested in exactly what that means. This article will explain what port scanning is, why businesses like eBay port scan their users, and what it means for you from a security perspective.

  25. Tomi Engdahl says:

    Most Attack Paths Are Dead Ends, but 2% Lead to Critical Assets: Report

    Security posture management firm XM Cyber took tens of thousands of attack path assessments involving more than 60 million exposures affecting 20 million entities during 2022.

    Only 2% of attack paths lead to critical assets. Securing the choke points through which they pass dramatically reduces risk.

    Security posture management firm XM Cyber took tens of thousands of attack path assessments involving more than 60 million exposures affecting 20 million entities during 2022, anonymized the datasets and exported them to Cyentia Institute for analysis. The results are presented in its State of Exposure Management in 2023 report (PDF).

    The primary findings of the analysis are the sheer volume of exposures (anywhere between 11,000 and 250,000 per month); the number of exposures that are dead ends that cannot be exploited by attackers (75%); and that 2% are located on choke points. A choke point is where multiple attack paths converge on the route to critical assets.

  26. Tomi Engdahl says:

    Big reasons to bet on automation in 2023:

    • Help close the talent gap: 100% of respondents said that increased automation in the SOC would help fill staffing gaps in their teams.
    • Gaps in defense = risky business: 88% of board members classifying cybersecurity as a business risk vs. technology risk alone.
    • Automation pays off: 65% of respondents cited automation led to financial gains

    Buyer’s Guide for Intelligent Security Automation

    Evaluating security automation platforms? Learn about the benefits, capabilities, and pitfalls to avoid in our guide

    This guide is intended to help IT and security buyers evaluate security automation products. It begins with an overview of uses and benefits of intelligent security automation for enterprise Security Operations Centers (SOC). Then it explores the individual capabilities that make up security automation—both generally and for the Devo SOAR platform specifically.

  27. Tomi Engdahl says:

    Potential Outcomes of the US National Cybersecurity Strategy

    The national strategy outlined by the Federal Government on March 1, 2023, is a monumental attempt to weave a consistent approach to cybersecurity for the whole nation.

  28. Tomi Engdahl says:

    Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default
    CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand (CERT NZ,
    NCSC-NZ) jointly developed Shifting the Balance of Cybersecurity Risk:
    Principles and Approaches for Security-by-Design and -Default. This first-of-its-kind joint guidance urges manufacturers to take urgent steps necessary to ship products that are secure-by-design and
    - -default. In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products

  29. Tomi Engdahl says:

    Read The Manual Locker: A Private RaaS Provider
    The Read The Manual Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gangs strict rules. The business-like set up of the group, where affiliates are required to remain active or notify the gang of their leave, shows the organizational maturity of the group, as has also been observed in other groups, such as Conti. The gangs modus operandi is focused on a single goal: to fly below the radar. Their goal is not to make headlines, but rather to make money while remaining unknown. The groups notifications are posted in Russian and English, where the former is of better quality. Based on that, it isnt surprising that the Commonwealth of Independent States in Eastern Europe and Asia
    (CIS) region is off-limits, ensuring no victims are made in that area

  30. Tomi Engdahl says:

    Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
    During a recent incident response (IR) engagement, the Unit 42 team identified that the Vice Society ransomware gang exfiltrated data from a victim network using a custom built Microsoft PowerShell (PS) script. Well break down the script used, explaining how each function works in order to shed light on this method of data exfiltration.
    Ransomware gangs use a plethora of methods to steal data from their victims networks. Some gangs bring in outside tools, including tools such as FileZilla, WinSCP and rclone. Other gangs use living off the land binaries and scripts (LOLBAS) methods, such as PS scripts, copy/paste via Remote Desktop Protocol (RDP) and Microsofts Win32 API (e.g., Wininet.dll calls). Lets examine what happens when a PS script is used to automate the data exfiltration stage of a ransomware attack

  31. Tomi Engdahl says:

    Deja Vu All Over Again: Tax Scammers at Large
    The time has come again for tax returnsand tax-based scams. Targeting calendar-based events enables threat actors to prepare ahead of time and have a new selection of targets on rotation. This blog covers a few examples of malware that take advantage of tax season. Although such attacks may seem repetitive to the casual observer, threat actors would not continue to target taxpayers if previous attacks had not been successful

  32. Tomi Engdahl says:

    Money Ransomware: The Latest Double Extortion Group
    Financially motivated perpetrators particularly favor the double extortion model, as it enables them to optimize their profits and bolster the likelihood of victims acquiescing to ransom demands. In a double extortion assault, malefactors not only encrypt the targeted party’s data but also exfiltrate sensitive information from the victim’s system prior to encryption. The malicious actor subsequently issues a warning to publicize the purloined data unless the ransom is paid. This deceptively simple yet exceedingly lucrative technique is increasingly being adopted by cybercriminals, leading to the emergence of new threats on a daily basis. One such example is the Money Ransomware group, which surfaced in March 2023. As of the time of writing, this nascent organization has already claimed two victims

    Ransomware in the UK, April 2022March 2023
    This article is based on research by Marcelo Rivero, Malwarebytes’
    ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, “known attacks” are attacks where the victim opted not to pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. Between April 2022 and March 2023, the UK was a prime target for ransomware gangs

  33. Tomi Engdahl says:

    Legion: New hacktool steals credentials from misconfigured sites
    A new Python-based credential harvester and SMTP hijacking tool named Legion is being sold on Telegram that targets online email services for phishing and spam attacks. Legion is sold by cybercriminals who use the Forza Tools moniker and operate a YouTube channel with tutorials and a Telegram channel with over a thousand members. Legion is modular malware which, according to Cado, is likely based on the AndroxGhOst malware and features modules to perform SMTP server enumeration, remote code execution, exploit vulnerable Apache versions, brute-force cPanel and WebHost Manager accounts, interact with Shodans API, and abuse AWS services

  34. Tomi Engdahl says:

    Karu luku Suomesta riittää kun yksikin mokaa, niin koko firma on vaarassa
    Jopa 72 prosentissa suomalaisyrityksiä joku vuoti tunnuksensa, kun it-yhtiö Frendy testasi niiden valmiutta tietojenkalastelun torjumiseksi. Hyökkäyksen onnistumiseen voi riittää vain yhden käyttäjän virhe, koska hänen tunnuksillaan voidaan päästä sisälle yrityksen verkkoon. Frendyn testiin osallistui 25 erikokoista suomalaista PK-yritystä vaihtelevilta toimialoilta. Yritysten henkilöstömäärä oli 20500. Osaan yrityksistä kohdistettiin räätälöityjä kalasteluviestejä ja osaan geneerisempää massakalastelua.
    Yritysten kohdalla yhdenkin käyttäjän tunnusten vuotaminen voi johtaa laajamittaiseen katastrofiin, sanoo Frendyllä tietoturvasta vastaava liiketoimintapäällikkö Tuomas Karhula tiedotteessa

  35. Tomi Engdahl says:

    What are the cybersecurity concerns of SMBs by sector?
    While threat detections continue to rise, the widening cybersecurity skills gap is leaving businesses exposed. It is an issue particularly felt by SMBs forced to rein in their spending due to the current economic climate. With this in mind, we recently surveyed over 700 SMBs across a variety of sectors to ascertain their ability to detect and respond to the latest cyber threats. The differences are stark.
    While some sectors have high confidence in their in-house cybersecurity skills, others prefer to significantly outsource cybersecurity to an external expert to ensure they are protected

  36. Tomi Engdahl says:

    HTTP: What’s Left of it and the OCSP Problem
    It has been well documented that most “web” traffic these days uses TLS, either as traditional HTTPS or the more modern QUIC protocol. So it is always interesting to see what traffic remains as HTTP. HTTPS is by far the top port (and most of the 22/23 connections are likely for my honeypot, and so are many of the port 80 connections.) So let’s dive into a bit more detail on my zeek HTTP logs. I use the JSON format for zeek logs and will use the “jq” tool to parse them instead of the usual “zeek-cut” tool

  37. Tomi Engdahl says:

    Looking for a New Security Technology? Choose a Partner, not a Vendor

    An important area of differentiation to evaluate when you make your next security investment is the vendor’s effectiveness when it comes to customer success.

    Previously, I borrowed the concept of carcinization from convergent evolution and applied it to security to talk about how security tools have evolved over time so that product categories are no longer clearly defined. When the walls between endpoint detection and response (EDR) tools and network security technologies begin to crumble, and when categories like extended detection and response (XDR) and threat detection, investigation and response (TDIR) platforms collide, everything starts to sound the same.

    How can teams cut through the noise and confusion to find a solution that best meets their needs?

    An important area of differentiation to evaluate when you make your next security investment is the vendor’s effectiveness when it comes to customer success. Great customer support is the foundation and includes responsiveness and timeliness, but knowledgeability is also important to help you get the value you expect.

  38. Tomi Engdahl says:

    Disabling Intel’s Backdoors On Modern Laptops
    Despite some companies making strides with ARM, for the most part, the desktop and laptop space is still dominated by x86 machines. For all their advantages, they have a glaring flaw for anyone concerned with privacy or security in the form of a hardware backdoor that can access virtually any part of the computer even with the power off. AMD calls their system the Platform Security Processor (PSP) and Intel’s is known as the Intel Management Engine (IME).
    To fully disable these co-processors a computer from before 2008 is required, but if you need more modern hardware than that which still respects your privacy and security concerns you’ll need to either buy an ARM device, or disable the IME like NovaCustom has managed to do with their NS51 series laptop.


Leave a Comment

Your email address will not be published. Required fields are marked *