Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Kybertoimintaympäristö haastaa meidät yhteistyöhön

turvallisuuskomitea.fi/kybertoimintaymparisto-haastaa-meidat-yhteistyohon/ Kybertoimintaympäristön merkitys kasvaa turvallisuus- ja puolustuspolitiikassa. Kyberoperaatiot luovat työkalun, jolla voidaan painostaa kaikkina aikoina ja eri tasoilla. Kiinnijäämisen riskin ollessa pieni, operaatioiden toteutus voi vaikuttaa houkuttelevalta. Päätös operaation toteuttamisesta on helppo tehdä, jolloin operaatioiden määrä saattaa tulevaisuudessa kasvaa. Myös ei-valtiolliset toimijat lisäävät kyberulottuvuuden kompleksi

NEW DDOS VECTOR OBSERVED IN THE WILD: WSD ATTACKS HITTING 35/GBPS

blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html Members of Akamai’s Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made public, but multiple threat actors have begun to leverage this DDoS method to ramp up their attacks.. While conducting exploratory research prior to WSD becoming public, the Akamai SIRT gained first-hand knowledge into the inner workings of a WSD attack after one of our customers came under fire. The attack, which targeted the gaming industry, weighed in at 35/Gbps at peak bandwidth.

Nemty Ransomware 1.0: A Threat in its Early Stage

www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html FortiGuard Labs was investigating the Sodinokibi ransomware family, when we came across the newly discovered Nemty Ransomware. Interestingly, as we analyzed this new malware, we also encountered an artifact embedded in its binary that we were very much familiar with since it was also used by the GandCrab ransomware before the threat actors announced retirement. It is also interesting to see that the Nemty ransomware is being distributed using the s

Remote access flaws found in popular routers, NAS devices

www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/ Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

You might be interested in …

[NCSC-FI News] LemonDuck Targets Docker for Cryptomining Operations

LemonDuck, a well-known cryptomining botnet, is targeting Docker to mine cryptocurrency on Linux systems. This campaign is currently active. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2021-07-11

Chinas Great Firewall is blocking around 311k domains, 41k by accident therecord.media/chinas-great-firewall-is-blocking-around-311k-domains-41k-by-accident/ In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of Chinas Great Firewall internet censorship capabilities. In a research project that lasted nine months, from April to […]

Read More

[NCSC-FI News] The secret US mission to bolster Ukraine’s cyber defences ahead of Russia’s invasion

Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat. Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.