Russian services exploit VMware bugs. CISA warns on Iran. Black Shadow ransomware. Deathstalker arrives in North America. Darknet trends. Kimchi time?

Predictions for 2021, with late notes on the holidays

Kaspersky shared predictions with TechRepublic that the security firm thinks will have particular importance for the healthcare sector in 2021. The researchers believe attacks against developers of COVID-19 vaccines and treatments will continue, with theft of data on breakthroughs being at a premium. They see “health-related cyberattacks” as a probable geopolitical “bargaining chip,” with attribution a matter of diplomatic contention. 

In an unrelated statement, CNBC quotes former CISA Director Krebs to the effect that the familiar four—Russia, China, Iran, and North Korea—are actively engaged in industrial espionage aimed at developments in COVID-19 research. “The big four, Russia, China, Iran and North Korea we have seen to some extent all four of those countries doing some kind of espionage or spying, trying to get intellectual property related to the vaccine,” Krebs said yesterday on Face the Nation. Thus in this respect 2021 will witness a continuation of a trend already well-established in 2020.

To return to Kaspersky's predictions, the security firm also sees cybercriminals as a growing threat to the healthcare sector. Criminals can also be expected to pursue private medical organizations: they not only hold valuable data, but they may be less able to protect it than are better-resourced public healthcare organizations. As patient data migrates to the cloud, Kaspersky expects criminals to follow. And, of course, medical topics will retain their prominence as phishbait.

Writing in Help Net Security, Futurex offers its take on the near future of encryption. Like every other seer we’ve consulted, they foretell a greater role for the cloud, as cloud-based encryption and key management become more important to financial services in particular. Homomorphic encryption, which encrypts data in use, will see more widespread adoption, as will bring-your-own-encryption (BYOE). BYOE is seen as offering a hedge against certain forms of third-party risk, especially legal and regulatory risk. And device manufacturers will increasingly move toward “crypto agility,” the better to be prepared for quantum computing when it eventually arrives.

Looking ahead to the next US Administration, the Washington Post's Cyber 202 lays out the case for significant continuity in cybersecurity policy. The discontinuities are likely to be largely organizational.

With respect to online safety during the holidays, Specops Software emailed us their updated list of the fifteen most common (and most commonly exposed in breaches) holiday-themed passwords. They are, in order, "Star," "Angel," "God," "Elf," "Jesus," "Snow," "Carol," "Noel," "Santa," "Chocolate," "Gift," "Bells," "December," "Xmas," and "Jolly." Piety, affection, and happiness are all excellent, but their expression in credentials is probably a mistake. They're short, they're not random, and they're easily guessed, even by a soulless algorithm.

By the CyberWire staff

NSA this morning published an alert concerning vulnerabilities VMware patched last week. The bugs are being actively exploited by Russian intelligence services.

CISA’s alert last Thursday in which it warned of a likely increase in Iranian cyberattacks is seen by many observers, Nextgov reports, as aimed more at an Iranian audience than a US domestic one. 

The large Israeli insurance firm Shirbit at the end of last week refused to pay the actors behind a ransomware attack it sustained. The Times of Israel reports that Black Shadow, the criminal organization that claimed responsibility, on Friday began releasing some of the data it stole. says exchanges between attackers and victim include a demand for 200 Bitcoin (roughly $3.8 million), but Shirbit tells Haaretz that the motive was “strategic” and not financial.

Kaspersky reports that the DeathStalker hackers-for-hire are now working targets in North America.

Chainalysis looks at darknet markets and sees both consolidation and a drop in activity. The number of active markets has fallen to thirty-seven from a high of forty-nine. Some of the decline the researchers attribute to the same COVID-19 delivery pressures legitimate markets face, but they think the operation of market forces accounts for most consolidation. Law enforcement attention may in part be credited with the drop in transactions. 

The Wall Street Journal notices an unusual turn in North Korea’s self-presentation through social media: Pyongyang's become positively cuddly, with sweet homages to Mom and kimchi, not to mention low-key, friendly tours of grocery stores and parks.



Popular posts from this blog

‘The chances of nuclear use are minimal. Both Russia & Ukraine are well aware of results’: DB Venkatesh Varma

Pak off FATF Grey List; ‘Black Spot’ on Fight Against Terror Irks India; J&K Guv Says 'World is Watching'

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive