Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Kybertoimintaympäristö haastaa meidät yhteistyöhön

turvallisuuskomitea.fi/kybertoimintaymparisto-haastaa-meidat-yhteistyohon/ Kybertoimintaympäristön merkitys kasvaa turvallisuus- ja puolustuspolitiikassa. Kyberoperaatiot luovat työkalun, jolla voidaan painostaa kaikkina aikoina ja eri tasoilla. Kiinnijäämisen riskin ollessa pieni, operaatioiden toteutus voi vaikuttaa houkuttelevalta. Päätös operaation toteuttamisesta on helppo tehdä, jolloin operaatioiden määrä saattaa tulevaisuudessa kasvaa. Myös ei-valtiolliset toimijat lisäävät kyberulottuvuuden kompleksi

NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS

blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html Members of Akamai’s Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks.. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained first-hand knowledge into the inner workings of a WSD attack after one of our customers came under fire. The attack, which targeted the gaming industry, weighed in at 35/Gbps at peak bandwidth.

Nemty Ransomware 1.0: A Threat in its Early Stage

www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before the threat actors announced retirement. It is also interesting to see that the Nemty ransomware is being distributed using the s

Remote access flaws found in popular routers, NAS devices

www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/ Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.