Posted on Nov. 24, 8:07 p.m.
Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), outlining how the threat landscape will change in 2022. Politicization playing an increasing role in cyberspace, the return of low-level attacks, an inflow of new APT actors, and a growth of supply chain attacks are some of the predictions outlined by the researchers.
The changes in the world in 2021 have a direct effect on the development of sophisticated attacks in the coming year. Building on trends that the Kaspersky Global Research and Analysis Team (GReAT) observed throughout 2021, the researchers have prepared a forecast to help the IT community prepare for the challenges ahead.
Private sector supporting an influx of new APT players
This year, the use of surveillance software developed by private vendors has come under the spotlight with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. We have also seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them in the wild – as was the case with the Slingshot framework.
The potential of commercial surveillance software – its access to large amounts of personal data and wider targets – makes it a lucrative business for those who supply it and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors until governments begin to regulate its use.
Other targeted threat predictions for 2022 include:
- Mobile devices exposed to wide, sophisticated attacks. Mobile devices have always been a tidbit for attackers, with smartphones traveling along with their owners everywhere, and each potential target acting as a storage for a huge amount of valuable information. In 2021 we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlike on a PC or Mac, where the user has the option of installing a security package, on iOS, such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.
- More supply-chain attacks. Kaspersky researchers paid particular attention to the frequency of cases in which cybercriminals exploited weaknesses in vendor security to compromise the company’s customers. Such attacks are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022.
- Continued exploitation of WFH. With remote work, cybercriminals will continue to use unprotected or unpatched employees’ home computers as a way to penetrate corporate networks. Social engineering to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers will continue.
- Increase in APT intrusions in the META region, especially in Africa. Geopolitical tensions in the region are increasing, which means cyber espionage is on the rise. Moreover, new defenses in the region are constantly improving and becoming more sophisticated. Taken together, these trends suggest that the main APT attacks in the META region will target Africa.
- Explosion of attacks against cloud security and outsourced services. Numerous businesses are incorporating cloud computing and software architectures based on microservices and running on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year.
- The return of low-level attacks: bootkits are “hot” again. Owing to the increasing popularity of Secure Boot among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, growth in the number of bootkits is expected in 2022.
- States clarify their acceptable cyber-offense practices. There is a growing tendency for governments both to denounce cyber-attacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber-offenses, distinguishing acceptable types of attack vectors.
“There are dozens of events happening every day that are changing the world of cyberspace. These changes are quite difficult to track, and even more difficult to foresee. Nevertheless, for several years now, based on the knowledge of our experts, we have been able to predict many future trends in the world of cybersecurity. We believe it is crucial to continue to track APT-related activities, evaluate the impact these targeted campaigns have, and share the insights we learn with the wider community. By sharing these predictions, we hope to help users to be better prepared for what the future holds for them in cyberspace,” says Ivan Kwiatkowski, senior security researcher at Kaspersky.
The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used around the world. Read the full report on Securelist.
These predictions are a part of the Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity. Click here to look at other KSB pieces.
To look back at what the Kaspersky experts expected to see in the advanced targeted threats landscape in 2020, please read our previous yearly report.
Excellent holiday season with promos by Taiwan Excellence products
December 7, 2022 7:51 p.m.
Don’t fret thinking about your Christmas gift for a loved one this Yuletide season anymore. Taiwan Excellence has got a complete range of excellent lifestyle products you can choose from for that all-important present you can give in this most important and joyous season.
Take Acer, for example. One of Taiwan’s best IT brands that completely took the world by storm, Acer makes unboxing during the holidays a truly exceptional experience with the whole family.
Just buy any participating Acer products and be ready to get a free Digital SM Gift Pass worth up to P8,000. Promo runs until December 31, 2022.
Ready to give the gift of beauty this season of giving? Try giving away Annie’s Way products from Taiwan through their “Buy 5, Take 1” promo. You can buy any five of their popular Jelly Masks such as their Honey + Lecithin, Arbutin Hyaluronic Acid, Lavender, Aloe + Seaweed, Anti-Aging, Calendula + Chamomile, Charcoal + Vita-C Pore, Snail Secretion Repairing and get another one absolutely free! Now how about that for Christmas beauty?
Here’s another one of Taiwan’s outstanding products on information technology devices. ASUS has its “ASUS/ROG Share 2022” promo, where you can receive up to P11,000 worth of wonderful freebies through the purchase of participating ASUS products. ASUS made it even sweeter where the freebie you’ll get depends on the price range of the ASUS product you will buy. Of course, the higher priced products get a premium freebie, which is logical. But then again, just get whatever ASUS product your heart desires because every ASUS product is marked with excellence.
The ASUS/ROG Share 2022 Promo also offers limited-time exclusive bundle packages and discounts for select ASUS and ROG products such as laptops, mobile phones and others.
Better hurry since the “ASUS/ROG Share 2022” is only up to December 31, 2022. Learn more here.
Worried about your loved one’s thinning hair up there? Give the gift of Aromase and its Anti-Hair Loss Set to give your man—or woman—that extra boost in confidence. With Aromase’s Juniper Scalp Purifying Liquid Shampoo, it softens and removes unnecessary sebum on the scalp and regulates the health of the scalp ecosystem for hair growth, moisturizes scalp, and effectively relieves scalp itchiness.
On the other hand, the Aromase Anti-Hair Loss Essential Shampoo for Hair Loss helps strengthen the protective mechanism of the scalp and maintains hair visibility and makes it even stronger.
Looking to upgrade your computer hardware this season? Give yourself that gift of Transcend solid state drives, the leading brand in digital storage and multimedia products. The Transcend SSD225S, for example, is a 2.5-inch solid state drive that’s designed for both desktops or laptops. Enjoy fast application processing times to greatly enhance your computer’s performance. Plus, with up to 2TB of storage capacity, saving your music, documents, movies and photos will be such a breeze, a better choice than the usual hard disk drives.
Meanwhile, the Transcend MTE250S SSD features the 3D NAND flash, an 8-channel controller, and DRAM cache that delivers sequential read and write speeds of up to 7,200/6,500 MB/s (R/W) and ample capacity of up to 2TB. Its ultra-thin graphene heatsink guarantees stable performance despite working non-stop, with proven performance that gamers, content creators, and software developers will surely love and enjoy no matter what their game is.
Another award-winning Taiwanese IT product is MSI that you can consider giving as a Christmas gift for an exceptional family member or friend. Get full joy with MSI’s “Joy-Full Christmas Sale” where you get special discounts and freebies worth up to P28,500. Whether for gaming or business productivity needs, trust MSI to give your computing this Christmas a big boost. And you only have until December 31, 2022 to avail of the MSI “Joy-Full Christmas” Sale so hurry up!
So, forget about buying products that can be like a box of chocolates where you wouldn’t know what you’re going to get. When buying Taiwan Excellence products, you have no doubt that what you get is quality and excellence.
Most employees fear robot hacking but believe they should be used more in production
December 2, 2022 12:54 p.m.
A recent Kaspersky study on the consequences of automation and increased use of robots showed the growing level of robotization in companies but highlighted the increased number of cybersecurity risks this causes. Today, 79% of employees believe that robots should be more widely used across different industries, however, 85% of them fear robot hacking.
Nowadays, robotics is being used to command industrial control systems, production processes and other information technology.
It replaces manual labor, improving efficiency, speed, quality and performance.
With this in mind, Kaspersky conducted a study to learn the opinion of employees of manufacturing companies and other large organizations around the world about the consequences of automation and increased use of robots.
The goal was to gather employees’ thoughts about the security of robots and automated systems in their companies. The survey was conducted across 15 countries: USA, France, Italy, Germany, Spain, South Korea, Japan, Singapore, Argentina, Brazil, Egypt, South Africa, Saudi Arabia, UAE, and Turkey.
Employees reported an increase in robotization levels in their companies over the last 2 years. Forty-one percent of employees said their organizations already use robots, and 29% of organizations plan to use them in the near future.
One of the findings in the research was that respondents believe robots can help industries increase economic benefits as well as saving people from dangerous duties.
This point of view is shared by more than half of the surveyed employees, as 52% think use of robots can accelerate and increase the efficiency of production processes and cut down costs, and 60% believe robotization can free people from hard or dangerous duties, reducing risks to life and health in the future.
This, in turn, will help employees avoid routine and boring duties and retain more interesting and highly paid positions (36%).
More than one third of respondents consider that one of the key tasks that robots can successfully perform is to build a safe environment and reduce the likelihood of accidents due to human error.
This point of view was shared by 36% of employees.
Another important finding was that cybersecurity risks increase because of robotization.
The majority of respondents (85%) believe that robots can get hacked, and 51% know of incidents such as these occurring in their company or other local businesses.
Respondents are split in their assessment of how protected robots are: almost one half of employees (44%) believe that not enough cybersecurity measures are in place to protect the robots in different industries while 40% believe that sufficient protective measures are in place.
“Cyber-physical systems use industrial robots more often to increase production efficiency. However, new technologies like these bring new cyber risks because they are potentially vulnerable to cyberthreats. Kaspersky sees ensuring that cybersecurity remains at the forefront of robot technology adoption as its mission, helping to tackle the challenges and capitalize on the opportunities that robotization presents,” comments Andrey Strelkov, Head of Industrial Cybersecurity Product Line at Kaspersky.
“In our research, we asked respondents to judge not only how convenient and efficient robots are to use in production, but also their level of safety. It turned out that many employees believe that using robots causes risks. Robots, robotic controllers, automation systems, and supply chains are going to become the prime vector for cyberattacks in the coming years, and they need protection here and now. Before one integrates robots into production, one needs to guarantee network intrusion robustness and overall network security,” says Strelkov.
“Not all modern technologies are designed with security in mind, so only the use of defense-in-depth industrial network protection and multifunctional monitoring platforms will ensure uninterrupted operation of the company. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant for protecting robotics in production,” adds Strelkov.
To keep your industrial computer systems protected from various threats, Kaspersky experts recommend:
- Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.
- Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.
- Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
- Using Industrial EDR solutions such as Kaspersky Industrial Cybersecurity for Nodes with EDR for timely detection of sophisticated threats, investigation, and effective remediation of incidents.
- Improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.
The full presentation with results and more insights on the consequences of automation and increased use of robots are available via the link.
Infinix launches the all-new HOT 20S, the best value-for-money gaming phone yet
November 27, 2022 7:20 p.m.
Filipinos absolutely live and breathe mobile gaming, and here’s some good news: being the best mobile gamer around no longer has to break the bank.
That’s because Infinix is dropping the brand-new HOT 20S on November 27, which lets you own the competition as a top game assassin–all at an affordable price.
Now, you don’t even have to spend more than P9,000 to enjoy #MoreSmoothGameplay on the HOT 20S. The phone packs a Helio G96 Premium Gaming Processor and up to 13 GB of RAM, which powers all your favorite games and allows it to perfectly handle the toughest and latest titles. You can have a wide selection of games to download and stomp other players in thanks to its 128GB ROM storage.
You’ll also never miss a single detail in the action thanks to the HOT 20S’s 120Hz 6.78-inch Full HD+ HyperVision Gaming Pro display, which gives you bright and vivid high-resolution visuals no matter what you’re running. Your sessions can also go for as long as you want thanks to its 5000mAh Power Monster battery that fills up quickly with its 18W Power Charge.
The whole gaming experience is rounded out by the HOT 20S’s Bionic Breathing Cooling System, which keeps the phone humming and going through great heat and pressure. Meanwhile, the All-Around Gaming Network Enhancement Turbo increases its performance during playtime even further.
For those who still want to upload great-looking content on their social media accounts, the HOT 20S also packs a solid 50MP Super Nightscape Triple Camera setup, which lets you take stunning photos and videos, especially in low-light settings.
So what are you waiting for–be the best game assassin you can be without spending too much, as the Infinix HOT 20S gives you #MoreThanWhatYouPayFor, guaranteed. Get it for a suggested retail price of P8,499 from Lazada, Shopee, TikTok Shop, and official Infinix kiosks nationwide starting November 27. Get it for even less at only P7,849 exclusively on Lazada on November 28, and P7,999 in a limited-time Flash Sale on Lazada, Shopee, TikTok Shop starting December 1. For more info on the HOT 20S, visit the official Infinix website.