Current and upcoming cybersecurity threats

Time goes by, and the cybersecuty space is always changing. Some times even to fast to keep track of everything that is going on. Cybersecurity proffesionals, the cybersecurity industry and general users need to adapt themselves to new tendencies, attacks and behaviours to prevent malicious actors to achieve their goals.

While, there are times when we, as a community, are reactive (i.e., a new vulnerability discovered), we need to be thinking about the future, and based on data and tendencies try to predict which ones would be the next threats and how to prevent or mitigate them. A long that lines, ENISA (European Union Agency for Cybersecutiry) has published a booklet summarising upcoming challenges that can be found here.

There we can find the following threads (Top 10).

Supply chain compromise of software dependencies

A supply chain compromise of software dependencies is a type of cyberattack in which the attacker targets the software supply chain in order to gain access to the software that is used by an organization. This can be done by compromising a software vendor, a third-party dependency, or even a developer’s workstation.

Once the attacker has gained access to the software, they can then modify it to include malicious code. This malicious code can then be used to steal data, install malware, or disrupt operations.

Some of the most common ways to compromise a software supply chain include:

• Social engineering: The attacker tricks a software vendor or developer into giving them access to the software.
• Phishing: The attacker sends emails or text messages that appear to be from a legitimate source, such as a software vendor or developer. These emails or text messages may contain links or attachments that, when clicked or opened, install malicious code on the victim’s computer.
• Malware: The attacker infects a software vendor or developer’s computer with malware. This malware can then be used to steal passwords, install malicious code, or disrupt operations.
• Zero-day attacks: The attacker exploits a vulnerability in the software that the software vendor is not aware of.

Some specific examples of supply chain compromise of software dependencies:

• The SolarWinds hack: In 2020, a Russian government-backed hacking group compromised SolarWinds, a software company that provides IT management software to businesses and government agencies around the world. The hackers used this compromise to inject malicious code into SolarWinds’ Orion software, which was then installed on thousands of computers. This gave the hackers access to the networks of these organizations.
• The Log4j vulnerability: In 2021, a critical vulnerability was found in Log4j, a popular Java logging library. This vulnerability could be exploited by attackers to take control of systems that used Log4j. The vulnerability was used by attackers to attack a wide range of organizations, including government agencies, telecommunications companies, and financial institutions.

Advanced Desinformation Campaigns

Advanced disinformation campaigns are a type of information warfare that uses false, misleading, or manipulated information to influence public opinion or behavior. These campaigns are often well-funded and well-organized, and they can use a variety of techniques to spread their message, including social media, traditional media, and even hacking.

Some of the most common techniques used in advanced disinformation campaigns include:

• Creating fake news articles or social media posts: This is a common way to spread false information. The articles or posts may be made to look like they come from legitimate sources, such as news organizations or government agencies.
• Using social media bots: Social media bots are automated accounts that can be used to spread messages or amplify the reach of certain messages. Bots can be used to create the illusion of widespread support for a particular viewpoint.
• Hacking: Hackers can be used to steal or modify information, or to disrupt websites or social media platforms. This can be used to spread disinformation or to silence critics.
• Using trolls: Trolls are people who post inflammatory or disruptive messages online. They can be used to sow discord and confusion, or to discredit legitimate sources of information.

Advanced disinformation campaigns can have a significant impact on public opinion and behavior. They can be used to influence elections, to destabilize governments, or to promote violence.

Some examples of advanced disinformation campaigns:

• The Russian interference in the 2016 US presidential election: Russia is believed to have used a variety of techniques, including social media, to spread disinformation and sow discord among American voters.
• The Chinese government’s disinformation campaign about the COVID-19 pandemic: The Chinese government has been accused of spreading false information about the origins of the COVID-19 pandemic and the effectiveness of its response to the pandemic.

Rise of Digital Surveillance Authoritarianism / Loss of Privacy

Digital surveillance authoritarianism is the use of digital technologies by authoritarian governments to surveil their citizens, suppress dissent, and control the flow of information. This can be done through a variety of means, including:

• Mass surveillance: The collection of large amounts of data about citizens, such as their movements, communications, and online activity.
• Targeted surveillance: The collection of data about specific individuals or groups, such as political dissidents or journalists.
• Social media monitoring: The use of social media platforms to track and monitor citizens’ activities.
• Internet censorship: The blocking of websites, social media platforms, and other online content that the government deems to be harmful or subversive.

The rise of digital surveillance authoritarianism has been facilitated by the development of new technologies, such as big data analytics and artificial intelligence. These technologies allow governments to collect and analyze vast amounts of data about their citizens, which can be used to identify and track dissenters, predict criminal activity, and control the flow of information.

The loss of privacy is a major consequence of digital surveillance authoritarianism. When governments collect and analyze large amounts of data about their citizens, they can gain a deep understanding of their lives, including their movements, communications, and online activity. This information can be used to manipulate, control, or even harm citizens.

The fight against digital surveillance authoritarianism is an ongoing one. It is important to stay informed about the issue and to take action to protect your privacy.

Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems

Human error and exploited legacy systems are two of the most common causes of cyberattacks in cyber-physical ecosystems.

• Human error: This refers to mistakes made by humans, such as clicking on a malicious link, entering a wrong password, or failing to update software. Human error is often the result of factors such as fatigue, stress, or lack of training.
• Exploited legacy systems: Legacy systems are older systems that are no longer supported by the vendor. These systems are often more vulnerable to cyberattacks because they may contain known vulnerabilities that have not been patched.

And, we are not just talking about enterprise systems, the fast adoption of IoT (Internet of Things) is rapidly increasing the number of available devices online and possible targets. While improving multiple areas of our lives, companies that released them go out of business, users that own them have no awareness of the risks they create, they are deployed in hard to reach places, understanding of the cyber- physical ecosystem, etc… All these factors can lead to security issues.

Targeted Attacks Enhanced by Smart Device Data (e.g., Ransomware)

Targeted attacks enhanced by smart device data are attacks that are specifically designed to target individuals or organizations. These attacks often use data from smart devices, such as smartphones, smart homes, and wearables, to gain access to the victim’s systems or to launch more effective attacks. Examples such as an attacker using data from a smart home to learn the victim’s daily routine, and then using that information to launch a targeted attack would be more common.

Lack of Analysis and Control of Space-Based Infrastructure and Objects

The lack of analysis and control of space-based infrastructure and objects is a growing problem that could have serious consequences for our planet. Space-based infrastructure and objects are essential for many critical services, such as communications, navigation, and weather forecasting. However, they are also vulnerable to a variety of threats, including collisions, hacking, and misuse.

Due to the intersections between private and public infrastructure in space, the security of these new infrastructures and technologies need to be investigated as a lack of understanding, analysis and control of space-based infrastructure can make it vulnerable to attacks and outages. This lack of analysis and control of space-based infrastructure and objects could lead to a number of problems, including:

• Collisions: Space is becoming increasingly crowded, with more and more objects being launched into orbit. This increases the risk of collisions, which could create debris that could damage other objects or even ground stations.
• Hacking: Space-based objects are increasingly connected to the internet, which makes them vulnerable to hacking. This could be used to disrupt or disable critical services, or even to launch attacks on Earth.
• Misuse: Space-based objects could be used for malicious purposes, such as launching attacks on Earth or disrupting communications.

Rise of Advanced Hybrid Threats

The rise of advanced hybrid threats is a growing concern for businesses and governments around the world. Hybrid threats are those that combine traditional kinetic attacks, such as physical sabotage or terrorism, with cyber attacks. This makes them more difficult to defend against, as they can exploit vulnerabilities in both physical and cyber systems.

There are a number of factors that have contributed to the rise of advanced hybrid threats. These include:

• The increasing sophistication of cyber attacks: Cyber attackers are becoming increasingly sophisticated in their use of tools and techniques. They are also able to exploit vulnerabilities in a wider range of systems.
• The growing interconnectedness of our world: The increasing interconnectedness of our world makes it easier for attackers to launch attacks that have a global impact.
• The proliferation of dual-use technologies: Dual-use technologies are those that have both civilian and military applications. This makes it easier for attackers to acquire the tools and technologies they need to launch attacks.

The rise of advanced hybrid threats poses a number of challenges for businesses and governments. These challenges include:

• The difficulty of detecting and responding to hybrid attacks: Hybrid attacks are often difficult to detect, as they can be disguised as legitimate activity. This makes it difficult to respond to them effectively.
• The high cost of defending against hybrid attacks: The cost of defending against hybrid attacks can be high, as businesses and governments need to invest in a range of security measures.
• The risk of cascading effects: Hybrid attacks can have cascading effects, as they can disrupt critical infrastructure and services. This can have a significant impact on the economy and society.

Skill Shortages

A skill shortage is a situation in which there is a lack of qualified workers to fill available jobs. This can happen when the demand for workers with certain skills exceeds the supply of workers with those skills.

There are a number of factors that can contribute to skill shortages. These include:

• Rapid technological change: Technological change can create new jobs that require new skills, while also making some existing jobs obsolete. This can lead to a mismatch between the skills that workers have and the skills that are in demand.
• Globalization: Globalization has led to an increase in the movement of workers across borders. This can make it difficult for some businesses to find workers with the skills they need.
• Demographics: The aging population in many countries is leading to a decline in the number of young people entering the workforce. This can lead to a shortage of workers in certain industries.
• Education and training: In some cases, there may not be enough educational and training programs available to produce the number of workers with the skills that are in demand.

This lack of capacities and competencies could see cybercriminal groups target organisations with the largest skills gap and the least maturity.

Cross-Border ICT Service Providers as a Single Point of Failure

A cross-border ICT service provider is a company that provides ICT (Information and Communications Technology) services across borders. This can include services such as cloud computing, data center hosting, and network connectivity.

ICT sector connecting critical services such as transport, electric grids and industry that provide services across borders are likely be to targeted by techniques such as backdoors, physical manipulation, and denials of service and weaponised during a future potential conflict. This can be a problem especially if the provider is a SPOF (single point of failure), which can cause:

• Service disruption: If the SPOF fails, it can disrupt services for all of the provider’s customers. This can have a significant impact on businesses and organizations that rely on these services.
• Data loss: If the SPOF contains data, a failure can lead to data loss. This can be a major problem for businesses and organizations that store sensitive data with the provider.
• Financial losses: A service disruption or data loss can lead to financial losses for businesses and organizations. This can include lost revenue, increased costs, and damage to reputation.
• Compliance issues: A service disruption or data loss can also lead to compliance issues. For example, businesses that are regulated by the European Union’s General Data Protection Regulation (GDPR) may be required to report data breaches to the authorities.

Artificial Intelligence Abuse

Artificial Intelligence (AI) abuse is the misuse of AI technology for malicious purposes. Manipulation of AI algorithms and training data can be used to enhance nefarious activities such as:

• Deepfakes: Deepfakes are videos or audio recordings that have been manipulated to make it look or sound like someone is saying or doing something they never did. Deepfakes can be used to spread misinformation, damage reputations, or even commit fraud.
• Autonomous weapons: Autonomous weapons are weapons that can select and engage targets without human intervention. These weapons are a serious threat to international peace and security.
• Discrimination: AI can be used to discriminate against people based on their race, religion, gender, or other protected characteristics. This can happen through algorithms that are biased or through the use of AI to track and monitor people.
• Manipulation: AI can be used to manipulate people’s emotions, thoughts, and behaviors. This can be done through the use of chatbots, social media, or other forms of technology.
• Exploitation: AI can be used to exploit people’s vulnerabilities, such as their financial situation or their mental health. This can be done through the use of scams, phishing attacks, or other forms of fraud.

AI abuse is a serious problem that is likely to become more widespread as AI technology becomes more sophisticated. There are a number of ways to prevent AI abuse, including:

• Developing ethical guidelines for the development and use of AI: These guidelines should be based on principles such as fairness, transparency, and accountability.
• Enacting laws and regulations to govern the development and use of AI: These laws and regulations should be designed to protect people from harm.
• Educating the public about AI abuse: This will help people to understand the risks and how to protect themselves.
• Developing technical solutions to prevent AI abuse: These solutions could include algorithms that can detect and prevent bias or that can identify and block malicious AI applications.

This is just the top ten, there are a total of twenty-one in the document. Go and check them.

New github repositories

One of the beautiful things that Computer Science has it that every single day appears something new to learn about or to investigate. That’s true that as a professional this make sometimes our jobs more challenging but, it is always a pleasure to have something to learn.

In this case, I have added two new repositories to my github account. Honestly, I know that the account is not very active and I do not have tons of code and snippets there, I prefer to write in the blog and not all the articles I write here generate code but, in the puntual occasions they do it, I use to upload the code to the github account.

In this days, I am learning a few things and they are generating some code. For this reason, I have decided to create a couple of new repositories.

On the one hand, I am preparing the CEH certification, I do not know yet if I am going to do the exam or not but I want to have the knowledge that involves. If you take a look to my old blog you will find some articles related with security and penetration testing. Together with this, I am learning a little bit of python focusing my learning in libraries that can help my with the automatization in this field. For this reason, I have started to read a book called “Python Penetration Testing Essentials” and I am writing some python code. To store properly all the code I am writing, I have decided to create a github repository in my account called “pythonPentesting“. In this repository, you can find the code I am writing in the meantime I am learning. In advance, I need to say that I do not know python, I am learning at the same time. Sometimes, the code is the one we can find in the book, sometimes I make some changes considering that it is an improvement or just for experimentation, and probably, sometimes I will be doing something very stupid but, any case, all is part of the learning process, right?

Repository URL: https://github.com/fjavierm/pythonPentesting

On the other hand, I have been writing code for some years, different languages, different platforms, different environments, but during the last years I have been focus in the Java / Java EE world (I am sure you could guess that for the content of my articles). In some projects I have been involved I have been a full-stack developer but, in one way or another, I was just writing basic JavaScript code, and not working with well known frameworks like Angular or Backbone, for example. Maybe, I have been involved in the development with in-house JavaScript frameworks but this is a complete different thing. The thing is that now I am a bit rusty when we are talking about front-end technologies and sometimes I have problems even to create a decent front-end for my little snippets or examples. I have decided to solve it  and to do it I have select Angular 2 and TypeScript. Why? I do not exactly know, I have been reading a lot, and it looks like it is an option that can match with me and my style. Will see in the future. In addition, both of them are quite mainstream (there is no discussion about that) and maybe can be useful in the future. In the same way that before, I have created a new github repository to store my code called “angular2AndTypeScript“. Let’s see how I progress. Nowadays, I am just following the course you can find in the “angular.io” page. You can find the course here.

Repository URL: https://github.com/fjavierm/angular2AndTypeScript

Let see how progress these learning initiatives.

See you.

Google Code close

This week, it has been announced that Google Code is going to be closed.

You can find all the information here, especially the one to migrate your projects if you have it any there.

The roadmap for this is:

• March 12, 2015 – New project creation disabled.
• August 24, 2015 – The site goes read-only. You can still checkout/view project source, issues, and wikis.
• January 25, 2016 – The project hosting service is closed. You will be able to download a tarball of project source, issues, and wikis. These tarballs will be available throughout the rest of 2016.

See you.