Daily NCSC-FI news followup 2019-12-12

Hackers in Finland Test 5G Networks, Devices in Security Exercise

www.wsj.com/articles/hackers-in-finland-test-5g-networks-devices-in-security-exercise-11576146601 We understand better how we need to change our approach from 4G to 5G, says government official. Read also:

www.synopsys.com/blogs/software-security/5g-cyber-security-hackathon/,

www.tivi.fi/uutiset/tv/32850776-f76d-4bdd-91af-445d5e3efefa and www.oulu.fi/yliopisto/uutiset/5ghack

Microsoft details the most clever phishing techniques it saw in 2019

www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/ Earlier this month, Microsoft released a report on this year’s malware and cyber-security trends. Among the few trends highlighted in the report was that phishing was one of the few attack vectors that saw a rise in activity over the past two years. Microsoft said that phishing attempts grew from under 0.2% in January 2018 to around 0.6% in October 2019, where 0.6% represented the percentage of phishing emails detected out of the total volume of emails the company analyzed.

Apple Used the DMCA to Take Down a Tweet Containing an iPhone Encryption Key

www.vice.com/en_us/article/pkeeay/apple-dmca-take-down-tweet-containing-an-iphone-encryption-key Apple asked Twitter to take down a viral tweet posted by an independent iPhone security researcher. Then, the company backtracked and asked for the tweet to be re-posted. Security researchers are accusing Apple of abusing the Digital Millennium Copyright Act (DMCA) to take down a viral tweet and several Reddit posts that discuss techniques and tools to hack iPhones. On Sunday, a security researcher who focuses on iOS and goes by the name Siguza posted a tweet containing what appears to be an encryption key that could be used to reverse engineer the Secure Enclave Processor, the part of the iPhone that handles data encryption and stores other sensitive data.

2019: The ransomware tsunami

www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/ This has been another record-breaking year for ransomware attacks. The waves of attacks seen in the USA at the start of the year, followed by attacks on public administrations all over Europe, and the latest breaches detected in Spain have all led to ransomware keeping its place on the list of the most important cyberthreats in 2019. And the statistics speak for themselves: ransomware attacks have . All organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. In fact, according to the World Economic Forum, the percentage of organizations that experienced an attack in 2018 rose to 61%. The figure of 2019 is likely to be even higher. This is largely down to the surge of ransomware attacks that we’ve seen in different waves throughout the year.. Nevertheless, more than waves specifically designed to be deployed massively all at once, these seem to be a series of attacks that have coincided in time and in their use of ransomware. We’ve actually identified a large range of TTPs used to breach the security of the victims of these attacks.

Valmistajalla aivan päätön ratkaisu älykelloissa järkyttävä turvallisuusaukko

www.tivi.fi/uutiset/tv/0e4b2001-f713-4bf2-b4dc-b258396c4677 Turvallisuustutkijat löysivät lasten älykelloista haavoittuvuuden, jonka kautta kuka tahansa pystyy seuraamaan lapsen liikkeitä. Kolmesta sattumanvaraisesti valitusta lasten älykellosta on löydetty vakava haavoittuvuus, uutisoi Fortune. Haavoittuvuus mahdollistaa sen, että lapsen huoltajan sijasta älykellon asetuksia voi hallita kuka tahansa.

fortune.com/2019/12/11/security-flaws-smartwatches-amazon-strangers-track-kids/

(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing

blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/ As the value of cryptocurrencies increased (after a short dip in 2018), we observed increased activity from cryptocurrency mining malware this year, particularly infections and routines involving Monero miners. Over a span of a few months, we came across an infection routine that exploited vulnerabilities to propagate itself, and another that used fileless techniques to evade detection. Other routines involved the use of targeted attack tools to maximize profits, weaponized legitimate tools such as Windows Management Instrumentation to achieve persistence, and other sophisticated malware to hide cryptocurrency malware payloads to cash in on new platforms.

Why the Age of the Cloud Native Security Platform Is Here to Stay

blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/ The writing is on the wall: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. It’s now time to enter the Age of the Cloud Native Security Platform (CNSP). Infrastructure as a service (IaaS) was largely about taking existing infrastructure and operational patterns and moving them to environments that could be more easily scaled. The underlying business model was largely consumption-based. Because the base patterns and technology stack largely didn’t change, the contemporary security tools of the age could easily ride along for this transition and simply be “lifted and shifted” to run on those IaaS platforms. However, over the past four years, we’ve entered the cloud native age, which is defined by shifting focus to higher-value outcomes rather than simply faster deployments and a . shift from CapEx costs.

Russian police raid NGINX Moscow office

www.zdnet.com/article/russian-police-raid-nginx-moscow-office/ Russian search engine Rambler.ru claims full ownership of NGINX code. Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology. Equipment was seized and employees were detained for questioning. Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code. The Rambler Group is the parent company of rambler.ru, one of Russia’s biggest search engines and internet portals.

Attackers now use process hollowing to hide cryptocurrency miners on your PC

www.zdnet.com/article/monero-miners-can-lurk-undetected-through-new-process-hollowing-technique/ The malware’s dropper is a skeleton that avoids detection as a malicious file. Researchers have documented the use of a process hollowing technique to disguise the presence of cryptocurrency mining malware on infected systems. On Wednesday, Trend Micro researchers Arianne Dela Cruz, Jay Nebre, and Augusto Remillano said that over November, a campaign striking targets across countries including Kuwait, Thailand, India, Bangladesh, the United Arab Emirates, Brazil, and Pakistan is using an interesting dropper component containing a malicious secret.

A Look Back at the Major Cyber Threats of 2019

blogs.cisco.com/security/a-look-back-at-the-major-cyber-threats-of-2019 Today we launch our 2019 Threats of the Year report; a look back at the major tools and tactics that cybercriminals have exploited over the past year. Based on original research conducted for our Threat of the Month’ blog series, we look into the impact of directed attacks against specific organizations, and how we can defend ourselves against these types of attack. We also look at non-direct attacks the attacks that are more of a numbers game for cybercriminals. In this case they are looking to hit as many victims as possible, without regard for the organizations or individuals that they affect. Finally, we look at the cybercriminal toolkit’. From remote access trojans, to hiding threats in encrypted traffic, we’ve seen various innovations in how cybercriminals have evaded detection this year. Read also:

www.cisco.com/c/en/us/products/security/threat-of-the-month.html and

www.cisco.com/c/en/us/products/security/security-reports.html

Smart Building Security Awareness Grows

www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597 In 2020, expect to hear more about smart building security. In 2015, USA Networks aired one of the most realistic depictions of building hacking ever to be featured in a TV or movie. The lead character, Elliot, posing as a tech billionaire, walks into a highly secured data facility in upstate New York and obtains a tour. Afterward, he manages to sneak into a sensitive area where he attaches a Raspberry Pi board to the facility’s HVAC system, ultimately overheating the building to compromise the magnetic tape backup systems stored there. Read also:

www.iotworldtoday.com/2019/12/10/2020-predictions-smart-building-security-awareness-grows/ and

www.iotworldtoday.com/2019/10/08/ics-security-attack-enables-remote-control-of-buildings/

Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards

www.bleepingcomputer.com/news/security/hundreds-of-counterfeit-sneaker-sites-hacked-to-steal-credit-cards/ As the craze for the latest Off-White, Nike, and Adidas sneakers heats up, sites selling counterfeit kicks have popped up to capitalize on sneakerheads searching for the best deal. To make a bad deal even worse, hackers are now targeting these sites to install malicious Magecart scripts that also steal your credit card information. When shoppers purchase sneakers off of counterfeit sites, they will find that they didn’t get the sneakers they were expecting, and in some cases, may not get anything at all. In a new report, Malwarebytes has discovered a large-scale hacking operation that is targeting these counterfeit sneaker sites and infecting them with malicious scripts to steal shopper’s credit cards.

blog.malwarebytes.com/threat-analysis/2019/12/hundreds-of-counterfeit-online-shoe-stores-injected-with-credit-card-skimmer/

Rikollisten kauppapaikalla myydään jättierää: 455 000 maksukortin tiedot kaupan

www.tivi.fi/uutiset/tv/9a6d30bc-d247-4f19-8a10-98fc15a006ef Verkossa on kaupitellaan 463 378 turkkilaisen maksukortin tietoja. ZDNet uutisoi, että tietopakettia kaupitellaan Joker’s Stash – -nimisellä kauppapaikalla. Uutissivusto kuuli asiasta Group-IB:n tietoturvatutkijoilta. Ryhmän mukaan turkkilaisten korttien tiedot ovat harvinaisia verkon laittomilla kauppapaikoilla. Kyse on ainoasta suuremmasta turkkilaisten pankkien korttitietojen myyntierästä viimeisen 12 kuukauden aikana. Korttitietoja myydään neljässä erässä. Mukana on monenlaisia ja monien pankkien kortteja, mikä viittaa siihen, että tiedot on varastettu todennäköisesti maksamisen yhteydessä eikä pankkien järjestelmiin murtautumalla. Mukana tiedoissa on myös kortin käyttäjän puhelinnumero ja sähköpostiosoite, mikä viittaa taas siihen, että tietoja on tuskin viety pankkiautomaattien tai maksupäätteiden korttiluukuille lisätyillä kopiointilaitteilla kortteja niin kutsutusti skimmaamalla. Kyse voi olla tietojenkalastelusta, murretuista verkkokaupoista tai haittaohjelmista, jotka vakoilevat tietoja. Lue myös:

www.zdnet.com/article/455000-turkish-card-details-put-up-for-sale-web-skimmers-suspected/

Cybersecurity: This password-stealing hacking campaign is targeting governments around the world

www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/ Researchers uncover a phishing campaign attempting to steal login credentials from government departments across North America, Europe and Asia – and nobody knows who is behind it. A mysterious new phishing campaign is targeting government departments and related business services around the world in cyber attacks which aim to steal the login credentials from the victims. In total, the phishing attacks have targeted at least 22 different potential victim organisations in countries including the United States, Canada, China, Australia, Sweden and more. All of the attacks involve emails claiming to be related to the targeted government agencies and all of them attempt to trick victims into clicking an email link which asks for their username and password. Anyone who enters their login credentials into the spoofed government agency websites will give cyber criminals access to their account.

Iran says it staved off cyber attack but doesn’t blame US

www.theregister.co.uk/2019/12/12/iran_cyberattacked_no_attribution/ Iran claims to have staved off a major cyber attack on its national infrastructure, a couple of months after the Middle Eastern theocracy was blamed for real-world assaults on two Saudi oil refineries. “We recently faced a highly organized and state-sponsored attack on our e-government infrastructure which was successfully identified and repelled by the country’s security shield, ” Mohammad Javad Azari-Jahromi, Iran’s ICT minister, was quoted as saying yesterday.

Russian police raid NGINX Moscow office

www.zdnet.com/article/russian-police-raid-nginx-moscow-office/ Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology.. Equipment was seized and employees were detained for questioning.. Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code. The Rambler Group is the parent company of rambler.ru, one of Russia’s biggest search engines and internet portals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.