Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Kybertoimintaympäristö haastaa meidät yhteistyöhön

turvallisuuskomitea.fi/kybertoimintaymparisto-haastaa-meidat-yhteistyohon/ Kybertoimintaympäristön merkitys kasvaa turvallisuus- ja puolustuspolitiikassa. Kyberoperaatiot luovat työkalun, jolla voidaan painostaa kaikkina aikoina ja eri tasoilla. Kiinnijäämisen riskin ollessa pieni, operaatioiden toteutus voi vaikuttaa houkuttelevalta. Päätös operaation toteuttamisesta on helppo tehdä, jolloin operaatioiden määrä saattaa tulevaisuudessa kasvaa. Myös ei-valtiolliset toimijat lisäävät kyberulottuvuuden kompleksi

NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS

blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html Members of Akamai’s Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks.. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained first-hand knowledge into the inner workings of a WSD attack after one of our customers came under fire. The attack, which targeted the gaming industry, weighed in at 35/Gbps at peak bandwidth.

Nemty Ransomware 1.0: A Threat in its Early Stage

www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before the threat actors announced retirement. It is also interesting to see that the Nemty ransomware is being distributed using the s

Remote access flaws found in popular routers, NAS devices

www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/ Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

You might be interested in …

Daily NCSC-FI news followup 2020-04-01

Holy water: ongoing targeted water-holing attack in Asia securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/ The threat actors unsophisticated but creative toolset has been evolving a lot since the inception date, may still be in development, and leverages Sojson obfuscation, NSIS installer, Python, open-source code, GitHub distribution, Go language, as well as Google Drive-based C2 channels. Zoom Client Leaks Windows Login […]

Read More

Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses. Stantinko botnet adds cryptomining to its pool of criminal activities www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators […]

Read More

Daily NCSC-FI news followup 2019-06-25

Operation Soft Cell a worldwide campaign against telecommunications providers www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.