The following is my translation of “Jokamiehen kyberpuolustus”, Everyman’s Cyber Defence, a short snippet from publicly available document #kyberpuolustus : kyberkäsikirja Puolustusvoimien henkilöstölle (2019) by Laari, Flyktman, Härmä, Timonen and Tuovinen. Source material is encrypted in Finnish and free to download from National Defence University of Finland’s website. I intend no copyright infringement and share this as cyber security awareness material for public interest.Continue reading “Everyman’s Cyber Defence”
I believe there’s a pretty clear consensus within the industry that ransomware should not be mistaken anymore to limit itself to just encrypting files and demanding payment for a decryption key. Dubbed by F-Secure “Ransomware 2.0”, now the standard practice for ransomware groups includes also stealing files from the target company in order to increase the leverage for ransom. Proper backups are an antidote to encrypted files but won’t help against the threat of stolen data being leaked.
Although this double extortion scheme has been the new modus operandi only since late 2019, cyber criminals are already looking for additional ways to apply pressure to their victims. This is where Ransomware 3.0 comes in.
Recently I was invited to KOVA Esports podcast to talk about cyber security, online privacy and identity management from the perspective of gamers and gaming industry in general. Hosted by KOVA’s General Manager Timo Tarvainen and joined by their streamer Teemu “Spamned” Rissanen, we had a great one-hour long discussion. This post covers my own notes about the things we mentioned, source links included, and further expands on some of the topics. Links to the podcast episode can be found on the bottom of the page. Enjoy!
When I started drafting this blog post a while back, the title was “I Have Been Pwned Twice Already”. That number has since risen to five, and I’m assuming it will continue to rise as old breaches come to light and some long forgotten accounts get popped. So far, no immediate harm has been caused to me from these breaches, and I’ll contribute that silver lining to the reactive and since then proactive steps I’ve taken to ensure that’s the case now and in the future. This is how also you can harden your online presence against these (inevitable) breaches.
Following in the footsteps of two great guides, “10 Commandments for a Safer Internet” and “0x0A Hack Commandments”, I was inspired to give something back to the community. For the average Joe, operational security – or OPSEC for short – is basically just about risk management through identifying specific pieces of information requiring protection, and employing measures to protect them. Sounds intimidating? Don’t worry, because you’re already doing it.
Yesterday was the international Safer Internet Day, and also the day that second annual Microsoft Computing Safety Index’s results were published. Research was done globally on a massive scale; over 10,000 PC, smartphone and tablet users in 20 countries and regions were surveyed. The results? Outright troubling.
Holidays have been even more exciting than usual here in Finland, but not in a good way. Apparently cyber criminals aren’t aware of the concept of Christmas peace, and multiple cyber attacks have taken place against some major Finnish websites and servers. During 20.-21.12., several Finnish Joomla-servers had been DDoS-attacked and infected with Brobot-malware. Then between 25.-27.12., at least the websites of Helsingin Sanomat, Iltasanomat, Iltalehti, MTV3, Nelonen and Yle were also under DDoS-attacks. For Finns, I highly recommend following CERT-FI in Twitter – they’re The National Computer Security Incident Response Team of Finland, and give all the official information about cyber attacks, and useful security tips too.