NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-03

Iltalehti: Asiantuntija varoittaa Suomea salakavalasta kyberiskusta: Onnistuessaan aika jäätävä Kyberturvallisuutta ja tiedustelua Jyväskylän yliopistossa tutkiva ja opettava filosofian tohtori Martti J. Kari toteaa, että maan vakautta vakavasti horjuttamaan pyrkivät tietoverkkojen kautta tehtävät kyberoperaatiot ovat tulevaisuudessa yhä mahdollisempia.. Hän pohjaa näkemyksensä viralliseen kansalliseen riskiarvioon, joiden mukaan kyberhyökkäysten todennäköisyys on kasvussa. Näillä hyökkäyksillä tarkoitetaan myös maan vakautta horjuttavia operaatioita.

The Cybercrime Pandemic Keeps Spreading Cyberattacks have become a pervasive threat to individuals, businesses, societies, and worldwide economic growth.. These ideas are driven home in the World Economic Forum’s (WEF) “Global Risks Report 2020,” which positions cyberattacks as the seventh most-likely and eighth most-impactful risks, and the second most-concerning risk, for global business over the next 10 years.

‘Malware-free’ attacks now most popular tactic amongst cybercriminals Malware-free or fileless techniques accounted for 51% of attacks last year, compared to 40% the year before, as hackers turn to stolen credentials to breach corporate networks, reveals CrowdStrike’s latest threat report.. Crowdstrike Global Threat Report 2020:

2 Chinese Charged with Laundering $100 Million for North Korean Hackers Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.

Chinese security firm says CIA hacked Chinese targets for the past 11 years China’s largest cyber-security vendor has published today a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years.. The report, authored by Qihoo 360, claims the CIA hacked targets in China’s aviation industry, scientific research institutions, petroleum industry, Internet companies, and government agencies.. Qihoo 360 blog:

The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity. Cybaze-Yoroi ZLab decided to study in depth a recent threat attributed to a North Korean APT dubbed Kimsuky.

Lets Encrypt discovers CAA bug, must revoke customer certificates On Leap Day, Let’s Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.. The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain’s DNS should prohibit it. As a result, Let’s Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can’t be certain are legitimate, saying:. Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you’ll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue.. If you’re not able to renew your certificate by March 4, the date we are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate.. also:

Android security: Google patches dangerous MediaTek flaw for tons of phones Google has disclosed a severe vulnerability affecting dozens of models of mid-range Android devices running on chips from MediaTek. Malicious Android apps have been exploiting the flaw since at least January 2020.. The elevation-of-privilege flaw, tracked as CVE-2020-0069, is disclosed in Google’s March 2020 Android bulletin and affects the MediaTek Command Queue driver.

New PwndLocker Ransomware Targeting U.S. Cities, Enterprises Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.. This new ransomware began operating in late 2019 and has since encrypted a stream of victims ranging from local cities to organizations.. It is not known if any of these victims have paid at this time.

Nemty Ransomware Punishes Victims by Posting Their Stolen Data The Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay ransoms.. As more ransomware operators begin to utilize this extortion tactic, victims will need to consider all ransomware attacks a data breach. This means file noticed with the government, alerting affected people, and sending out breach notifications.

German BSI Tells Local Govt Authorities Not to Pay Ransoms BSI, Germany’s federal cybersecurity agency, recommends local governments and municipal institutions not to pay the ransoms asked by attackers after they get affected by ransomware attacks.. The presidents of the German City Council, the German District Council, and the German Association of Cities and Municipalities also issued a joint statement in support of BSI’s recommendation.. “We must not give in to such ransom demands. It must be clear that municipal administrations cannot be blackmailed,” they said. “Otherwise, criminals will be offered incentives to continue their actions. The attitude of our administrations must be crystal-clear and non-negotiable.”. “Every attempt to extortion must be consistently reported and followed up. A zero-tolerance policy must apply to such attacks on the functionality of municipal services, the data of citizens and their tax money.”

5g-verkoissa laitteiden määrä kasvaa räjähdysmäisesti paras aika miettiä tietoturvaa on nyt Tulevien vuosien aikana 5g-verkot mullistavat yritysten digibisnekset monellakin tavalla, mutta standardeja vasta kehitellään. Monet tietoturvan asiantuntijat huomauttavat, että paras aika miettiä 5g:n tietoturvaa on juuri nyt.

Why Threat Intelligence Gathering Can Be a Legal Minefield Organizations that collect threat intelligence from Dark Web forums and other criminal online sources where cybercrimes are planned and stolen data is traded are walking into a legal minefield. Even small mistakes in how data is collected from these venues or how it is handled can end up landing them in deep legal trouble, according to newly released guidance from the US Department of Justice.

Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries, of which the latter two were quite peculiar.. All of the attacks involved spear-phishing emails to deliver malicious documents that required the recipient to carry out some action. The social engineering techniques included lure images attempting to trick the user into enabling content to run a macro and even document contents that threaten to release compromising pictures to the media to coerce the user into clicking a link to download a . malicious payload. The payload in a majority of these attacks was a backdoor called Spark, which is a backdoor that allows the threat actors to open applications and run command line commands on the compromised system.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.