Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up

telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. Telecom Italia CEO Luigi Gubitosi said there has been a 70% increase of internet traffic over the landline network, partly . thanks to video streaming and gaming applications such as Fortnite and Call of Duty.

The Coronavirus Exposes Education’s Digital Divide

www.nytimes.com/2020/03/17/technology/china-schools-coronavirus.html In China, many rural students lack the connections or hardware to learn remotely. More nations will confront the same reality as the outbreak spreads. BEIJING Like hundreds of millions of other children worldwide, Liu Chenxinhao and Liu Chenxinyuan were getting used to doing class work online. After their elementary school closed because of the coronavirus outbreak, the brothers received their homework through a smartphone app.

Not just video-conferencing apps taking a dive: IBM Cloud hit by partial Tuesday outage

www.theregister.co.uk/2020/03/17/ibm_cloud_tuesday_partial_outage/ Updated A mystery outage hit IBM Cloud today, partially knocking out services for much of the day stateside. At time of writing, parts of the platform remain down even after several hours. Big Blue said customers running services hosted at its Dallas data center including Watson AI, IBM Cloud, and DB2 were either partially or completely down. The Dallas facility is one of 15 centers for IBM Cloud services in the US. IBM has not yet said exactly what the cause of the outage was, and its spokespeople declined to comment. The Dallas outage appears to have started around 0100 CDT, with more and more of its services dropping out between 0200 and 0500 CDT.

One whole day: That’s how long Facebook’s COVID-19 content moderation went without a mess

www.theregister.co.uk/2020/03/18/facebook_covid_ai_content_moderation_mistakes/ One whole day after telling the world it was going to do its very best to ensure that only high-quality COVID-19 content from proper sources would spread on Facebook, The Social Network has mistakenly identified just such content as violating its community standards. This one seemingly started with Mike Godwin, a US-based lawyer and activist who coined Godwin’s Law: “As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches.”. Read also:

arstechnica.com/information-technology/2020/03/reputable-sites-swept-up-in-fbs-latest-coronavirus-minded-spam-cleanse/ and

www.tivi.fi/uutiset/tv/40324751-df09-48e0-b107-e0918d93a1b1. As well as: www.bbc.com/news/business-51940076,

www.is.fi/digitoday/art-2000006443779.html and

www.zdnet.com/article/was-your-facebook-post-on-the-coronavirus-deleted-this-is-why/

Pervasive digital surveillance of citizens deployed in COVID-19 fight, with rules that send genie back to bottle

www.theregister.co.uk/2020/03/18/digital_surveillance_covid_19_coronavirus/ Israel is up for it. America, Iran, Thailand may be, too. China is there already, natch. Pervasive surveillance through digital technologies is the business model of Facebook and Google. And now governments are considering the web giants’ tools to track COVID-19 carriers for the public good. Read also:

www.tivi.fi/uutiset/tv/40c1a732-c3bd-4d73-8a04-6cbca1bc0ff0 and

www.washingtonpost.com/technology/2020/03/17/white-house-location-data-coronavirus/. …as well as:

www.vice.com/en_us/article/epg8xe/surveillance-company-deploying-coronavirus-detecting-cameras,

www.bbc.com/news/technology-51930681 and

arstechnica.com/tech-policy/2020/03/how-china-built-facial-recognition-for-people-wearing-masks/. …and:

www.tivi.fi/uutiset/tv/42c776f9-9647-4ee6-86cb-7664ac429371 and

threatpost.com/authorities-mobile-phone-tracking-covid-19-spread/153903/

Adobe Fixes Nine Critical Vulnerabilities in Reader, Acrobat

www.bleepingcomputer.com/news/security/adobe-fixes-nine-critical-vulnerabilities-in-reader-acrobat/ Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution. Read also:

helpx.adobe.com/security/products/acrobat/apsb20-13.html and

www.jpcert.or.jp/english/at/2020/at200014.html

Korona tuo ihmismassat verkkoon, mobiilidatan määrä kasvoi peräti 34 %

www.tivi.fi/uutiset/tv/5c3ddf52-23c2-42c8-a673-f0ef4e125613 Korona on lisännyt niin puhelujen kuin verkossa siirrettävän datankin määrää. Teleoperaattori DNA:n mukaan selvä hyppäys verkkoliikenteessä on tapahtunut viime viikon torstaista alkaen. “Puheluliikenteen kasvu torstaista maanantaihin oli jopa 40 prosenttia tavalliseen loppuviikkoon ja viikonloppuun nähden”, sanoo välitysverkkojen johtaja Ville Virtanen. Puheluiden määrä on tavallisesti viikonloppuisin DNA:n mukaan kolmanneksen arkipäiviä vähäisempää, mutta viime viikonlopun puhelumäärät nousivat tavallisen arkipäivän tasolle. Myös mobiilidatan määrä on kasvanut. Maanantaina aamupäivän aikana mobiilidataa käytettiin jopa 34 prosenttia edellisen maanantain vastaavaa ajanjaksoa enemmän. “Tämä ei ole selitettävissä tavallisella liikenteen kasvulla, vaan kasvu johtuu lisääntyneestä etätyöstä “, Virtanen toteaa. Tavallisesti dataa käytetään eniten iltaisin, noin kello 2022 välillä. Nyt nähty kasvu datamäärissä on kuitenkin osunut muihin aikoihin, eli tasaisemmin pitkin päivää.

Kommentti: Puhelinhuijari soitti, ja kävimme erikoisen keskustelun nyt on jokaisen oltava erityisen tarkkana

www.is.fi/digitoday/art-2000006442878.html Teknisen tuen huijauksella on nyt helppo iskeä etätyöläisiin, kirjoittaa Ilta-Sanomien digitoimittaja Henrik Kärkkäinen. Hello, I’m calling from Microsoft tech support. Näin alkoi puhelu, joka tuli suomalaisesta väärennetystä puhelinnumerosta. Soittajan ääni oli murrettua englantia. Kyseessä oli tech support -huijari. Mies, joka kertoi tietokoneessani olevan jotain vikaa, ja että hänen tehtävänsä Microsoftin asiantuntijana on ratkoa nämä ongelmat. Klassinen tech support scam eli teknisen tuen huijaus siis. Nämä huijarit tyhjentävät ihmisten pankkitilejä pyytämällä uhria asentamaan tietokoneelle etähallintaohjelman. Pahimmassa tapauksessa mukana menevät myös henkilötiedot käytettäväksi ties mihin.

Two Trend Micro zero-days exploited in the wild by hackers

www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/ Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities.

A COVID-19 Cybersecurity Poll: Securing a Remote Workforce

threatpost.com/covid-19-cybersecurity-remote-working-poll/153867/ COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll. As the coronavirus pandemic continues to sweep the globe, and cities and states impose social-distancing measures, businesses are sending their users home to work. And this massive, unprecedented shift to distance working brings with it a whole new set of cybersecurity challenges.

Cyber security is essential when preparing for COVID-19

www.cyber.gov.au/news/cyber-security-essential-when-preparing-covid-19 In light of the COVID-19 pandemic, organisations are developing strategies to protect staff and vulnerable members of our community. The Australian Signals Directorate (ASD) would like to remind you to incorporate cyber security into your contingency planning. As more staff may work from home, and the use of remote access technology increases, adversaries may attempt to take advantage. ASD’s Australian Cyber Security Centre (ACSC) encourages Australians to remain vigilant and ensure sound cyber security practices.

Suomen mobiiliverkkojen liikenteessä ennätykset paukkuvat Maanantaina katsottiin paljon suoratoistovideoita ja soiteltiin, tiistaina verkkoa käytettiin jo etätyöhön

yle.fi/uutiset/3-11263348 Lisääntynyt etätyö ja koulujen sulkeminen lisäävät dataliikennettä Suomen mobiiliverkoissa. Operaattorit vakuuttavat, että kapasiteetti riittää. Mobiiliverkkojen käyttö kasvaa, kun etätyö lisääntyy. Erityisesti viime päivinä ihmiset ovat puhuneet puhelimessa ja käyttäneet verkkodataa paljon tavallista enemmän. Kasvu alkoi kuitenkin jo muutama viikko sitten. Telian verkoista vastaavan johtajan Sami Siikin mukaan puheliikenne kasvoi yhtiön verkossa jo maanantaina 30 prosenttia edellismaanantaihin verrattuna. Dataliikenne kasvoi samaan aikaan 16 prosenttia. Myös DNA:n verkossa dataliikenne on kasvanut nopeasti. Verkosta käyttäjälle päin tapahtuva (download) liikenne on kasvanut 16 prosentin luokkaa sekä maanantaina että tiistaina edelllisviikon vastaaviin päiviin verrattuna. Käyttäjältä verkon suuntaan tapahtuvassa liikenteessä (upload) tapahtui 30 prosentin harppaus tiistaina. Myös Elisalla liikenne on kovassa kasvussa. Dataliikenne on kasvanut viime viikosta 10-30 prosenttia päivästä riippuen. Myös puheluissa nähtiin maanantaina poikkeuksellinen ilmiö. Operaattorit vakuuttavat, että mobiiliverkot kestävät lisääntyvän liikenteen. Suomi on mobiiliverkkojen käytössä maailman ykkösmaa. (siirryt toiseen palveluun)Verkot on rakennettu kulutuspiikkien mukaan. Normaalisti dataliikenteen huippu ajoittuu iltakahdeksan ja -kymmenen välille.

Emsisoft, Coveware Offer Free Ransomware Help During Coronavirus Outbreak

www.bleepingcomputer.com/news/security/emsisoft-coveware-offer-free-ransomware-help-during-coronavirus-outbreak/ Emsisoft and Coveware have announced that they will be offering their ransomware decryption and negotiation services for free to healthcare providers during the Coronavirus outbreak. With medical facilities, hospitals, and labs already being over capacity and employees working in stressful and dangerous environments, they need all the help they can get. Unfortunately, some online threat groups and ransomware operators see this as an optimal time to launch attacks on these organizations when they are at their most vulnerable.

Magecart Cyberattack Targets NutriBullet Website

threatpost.com/magecart-cyberattack-targets-nutribullet-website/153855/ Researchers warn that a Magecart group has set up skimmers on the blender manufacturer’s website, in hopes of stealing customer payment-card data.

COVID-19: With everyone working from home, VPN security has now become paramount

www.zdnet.com/article/covid-19-with-everyone-working-from-home-vpn-security-has-now-become-paramount/ DHS, SANS, NJCCIC, and Radware warn companies about securing enterprise VPN servers in the midst of the coronavirus outbreak and when a vast majority of employees are working from home. With most employees working from home amid today’s COVID-19 (coronavirus) outbreak, enterprise VPN servers have now become paramount to a company’s backbone, and their security and availability must be the focus going forward for IT teams.

Skimming code battle on NutriBullet website may have risked customer credit card data

www.zdnet.com/article/skimming-code-lurking-on-nutribullet-website-puts-customer-credit-card-data-at-risk/ The cat-and-mouse game between skimmer installation and removal carried on for weeks. Research made public on Wednesday by RiskIQ said the intrusions were the work of Magecart Group 8, a collective under the Magecart umbrella.

How destructive ransomware attacks could represent the future of cyberwarfare

www.zdnet.com/article/how-destructive-ransomware-attacks-could-represent-the-future-of-cyberwarfare/ Nation-state hacking campaigns could masquerade as common criminals conducting ransomware attacks – but their goal would be pure destruction rather than extorting bitcoin, warns a new report. The increasingly destructive capabilities of ransomware attacks could provide nation-state hacking operations with a means of attacking infrastructure and the ability to plausibly deny any sort of involvement in campaigns.

Windows 10: This kernel malware is why you need Secured-core PCs, says Microsoft

www.zdnet.com/article/windows-10-this-kernel-malware-is-why-you-need-secured-core-pcs-says-microsoft/ Microsoft has outlined why its new breed of Secured-core PCs, such as the Surface Pro X, are equipped to fight off ransomware and other malware that attack vulnerable hardware drivers to compromise a machine.

EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan

securityintelligence.com/posts/enigmaspark-politically-themed-cyber-activity-highlights-regional-opposition-to-middle-east-peace-plan/ In recent analysis of malicious activity likely targeting entities based in the Middle East, IBM X-Force Incident Response and Intelligence Services (IRIS) discovered backdoor malware packed with the legitimate Enigma Protector software. We named this malware “EnigmaSpark” per the Enigma Protector and the string “Spark4.2” from a.pdb file path, and published our findings to the X-Force IRIS Enterprise Intelligence Management platform on TruSTAR in early February 2020.

Work from home: How to set up a VPN

www.welivesecurity.com/2020/03/18/work-home-how-set-up-vpn/ As the COVID-19 pandemic has many organizations switching employees to remote work, a virtual private network is essential for countering the increased security risks

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.

TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks

thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet.. Read also:

www.zdnet.com/article/trickbot-malware-adds-new-feature-to-target-telecoms-universities-and-finance-companies/ and threatpost.com/trickbot-trojan-rdp-brute-forcing/153915/

How Security Intelligence Enables Risk-Prioritized Vulnerability Management

www.recordedfuture.com/vulnerability-management-prioritization/ Vulnerabilities put your business at risk of attack. But with new ones emerging every day, it’s impossible to patch everything, everywhere. Vulnerability management teams need security intelligence to help them quickly weigh and make a rapid, informed decision about the risk of potential disruption that comes with applying a patch versus the real-world threat posed by the vulnerability itself.

Näin tunnistat koronahuijauksen verkossa Suomessa tuhannet ovat saaneet maailmalla leviävän sähköpostihuijauksen

yle.fi/uutiset/3-11263306 Epävarmoja aikoja ja ihmisten tiedontarvetta hyväksikäyttävät huijarit ovat aktivoituneet levittämään verkossa sähköpostihuijauksia koronaviruksen nimissä. Kyberturvallisuuskeskus on saanut Suomessa kymmeniä ilmoituksia huijaussähköposteista, joissa yritetään saada selville ihmisiltä henkilötietoja ja maksukorttitietoja tietoja käyttämällä koronavirusta verukkeena. Verkkohuijarit yrittävät hyödyntää ihmisten suurta tiedontarvetta ja epävarmaa tilannetta. Kyse on yleismaailmallisesta ilmiöstä. Kun on isoja uutisia, niin oli odotettavissa, että näitä tulee. Kyberturvallisuuskeskukseen on ilmoitettu kymmeniä tapauksia, sanoo asiantuntija Juha Tretjakov.

British Army adopts WhatsApp for formal orders as coronavirus isolation kicks in

www.theregister.co.uk/2020/03/18/army_adopts_whatsapp_orders_coronavirus/ The British Army has made a coronavirus-related tech U-turn after telling soldiers that commands issued over WhatsApp are now legally binding.

Thousands of COVID-19 scam and malware sites are being created on a daily basis

www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/ In the midst of a global coronavirus (COVID-19) pandemic, hackers are not letting a disaster go to waste and have now automated their coronavirus-related scams to industrial levels.

Russia deploying coronavirus disinformation to sow panic in West, EU document says

www.reuters.com/article/us-health-coronavirus-disinformation/russia-deploying-coronavirus-disinformation-to-sow-panic-in-west-eu-document-says-idUSKBN21518F BRUSSELS (Reuters) – Russian media have deployed a “significant disinformation campaign” against the West to worsen the impact of the coronavirus, generate panic and sow distrust, according to a European Union document seen by Reuters. Read also:

www.iltalehti.fi/koronavirus/a/a1455f06-8dad-4c74-aab8-81887f230f0a

On the shoulders of giants: recent changes in Internet traffic

blog.cloudflare.com/on-the-shoulders-of-giants-recent-changes-in-internet-traffic/ As the COVID-19 emergency continues and an increasing number of cities and countries are establishing quarantines or cordons sanitaire, the Internet has become, for many, the primary method to keep in touch with their friends and families. And it’s a vital motor of the global economy as many companies have employees who are now working from home.

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

thehackernews.com/2020/03/coronavirus-cybersecurity-ciso.html The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations.

African WhatsApp Modders are the Masters of Worldwide Adversarial Interoperability

www.eff.org/deeplinks/2020/03/african-whatsapp-modders-are-masters-worldwide-adversarial-interoperability Since the earliest days of consumer computing, computer users have asserted their right to have a say in how their tools worked:. whether it was Gopher delivering easy new ways to access services that had originally been designed for power users who could memorize obscure addresses and arcane commands; or toolkits like Hypercard and Visual Basic, which let everyday people automate their work; or Scratch, which lets kids design games and apps that come from their imaginations, rather than an app store.

A spike in home workers raises MFA resilience questions

www.zdnet.com/article/a-spike-in-home-workers-raises-mfa-resilience-questions/#ftag=RSSbaffb68 Millions of employees who have been logging in from workstations on corporate networks are now logging in from home or elsewhere on public networks. In the midst of the coronavirus pandemic, many businesses are asking — or mandating — that office-based employees work from home. Millions of employees that have been logging in from workstations on corporate networks are now logging in from home, or elsewhere on public networks. Stronger authentication, and VPNs, that used to be required for a subset of employees, at any given time, become the point of entry for your entire workforce. So, what happens if your multifactor authentication (MFA) provider’s infrastructure goes down?

How We Learned to Stop Worrying and Embrace Remote Work

securityintelligence.com/posts/how-we-learned-to-stop-worrying-and-embrace-remote-work/ The industry is in the midst of a transformation. In this case, it isn’t the omnipresent digital transformation but rather a sudden tectonic shift towards remote work. For many organizations built on the classic, communal office space, this can seem daunting. Many employees have started to work from home, and some are throwing a wrench in the machine by connecting to unsecured networks and reshaping what may have once been considered an “airtight” perimeter. Further complicating matters, employees can’t collaborate as effectively when remote, right?. Not exactly. Paying mind to recent trends, the remote workforce can be productive and work in a secure environment. International Workplace Group found that 85% of surveyed business noted an increase in productivity that could be directly attributed to remote work flexibility. And security can be ramped up to address the following issues: an influx of new device connections, a flurry of requests for remote access to sensitive information, and the looming threat of phishing and other web-based attacks as users hit rogue sites.

Thales, Telstra, Microsoft and Arduino deliver scalable trust for easy-to-deploy IoT applications

www.thalesgroup.com/en/group/journalist/press-release/thales-telstra-microsoft-and-arduino-deliver-scalable-trust-easy Thales, Telstra, Microsoft and Arduino have implemented the GSMA IoT SAFE solution to address the IoT devices market fragmentation and enable robust and effective IoT Security at scale. Thales and Telstra, Australia’s leading telecommunications company are working with Microsoft and Arduino to pave the way for scalable security for connected IoT devices, by implementing a solution that enables trusted and secure end-to-end communication between device and cloud.

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book

blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/ The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected.

Hackers Hide Malware C2 Communication By Faking News Site Traffic

www.bleepingcomputer.com/news/security/hackers-hide-malware-c2-communication-by-faking-news-site-traffic/ A cyber-espionage group active since at least 2012 used a legitimate tool to shield their backdoor from analysis attempts to avoid detection. In their effort, the hackers also used a fake host header named after a known news site. The backdoor is referred to by the names Spark and EnigmaSpark and was deployed in a recent phishing campaign that appears to have been the work of the MoleRATs group, the low-budget division of the Gaza Cybergang. This is the actor responsible for operation SneakyPastes, detailed by Kaspersky, which relied on malware hosted on free sharing services like GitHub and Pastebin. There are strong indications that the group used this backdoor since March 2017, deploying dozens of variants that contacted at least 15 command and control domains. Researchers from multiple cyber security tracked the campaigns from this threat actor and analyzed the malware, tactics, and infrastructure used in the attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.