Daily NCSC-FI news followup 2020-03-19

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book

blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/ The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected.

Hackers Hide Malware C2 Communication By Faking News Site Traffic

www.bleepingcomputer.com/news/security/hackers-hide-malware-c2-communication-by-faking-news-site-traffic/ A cyber-espionage group active since at least 2012 used a legitimate tool to shield their backdoor from analysis attempts to avoid detection. In their effort, the hackers also used a fake host header named after a known news site. The backdoor is referred to by the names Spark and EnigmaSpark and was deployed in a recent phishing campaign that appears to have been the work of the MoleRATs group, the low-budget division of the Gaza Cybergang. This is the actor responsible for operation SneakyPastes, detailed by Kaspersky, which relied on malware hosted on free sharing services like GitHub and Pastebin. There are strong indications that the group used this backdoor since March 2017, deploying dozens of variants that contacted at least 15 command and control domains. Researchers from multiple cyber security tracked the campaigns from this threat actor and analyzed the malware, tactics, and infrastructure used in the attacks.

Vodafone reports 50% rise in internet use as more people work from home

www.theguardian.com/business/2020/mar/18/vodafone-rise-data-usage-more-people-work-from-home-coronavirus The increase in data comes from a wide range of activities, from children accessing educational material online, playing digital games and watching films and TV on multiple devices, as well as people working from home.

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic

www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic/ Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Most Ransomware Gets Executed Three Days After Initial Breach

www.bleepingcomputer.com/news/security/most-ransomware-gets-executed-three-days-after-initial-breach/ Ransomware gets deployed three days after an organization’s network gets infiltrated in the vast majority of attacks, with post-compromise deployment taking as long as 299 days in some of the dozens of attacks researchers at cybersecurity firm FireEye examined between 2017 and 2019.

Food Delivery Service in Germany Under DDoS Attack

www.bleepingcomputer.com/news/security/food-delivery-service-in-germany-under-ddos-attack/ Cybercriminals found in the context of a public health crisis that caused unprecedented restrictions affecting the restaurant industry a perfect opportunity to launch an attack on the systems of Takeaway food delivery service in Germany.

“Toimenpiteemme ovat purreet” valtiolla enimmillään 30 000 etätyöläistä samaan aikaan linjoilla

www.tivi.fi/uutiset/tv/0579e108-ee37-45ff-bd8b-bf56b47ee3ba Valtori kipuili aluksi valtionhallinnon tarvitsemien etätyöyhteyksien kanssa, mutta nyt menee jo paremmin. Työnteossa ei riitä, että internet toimii, sillä pullonkaulaksi muodostuvat turvallisuuden takaavat suojatut yhteyden. Valtori kertoo, että etäkäyttö on nyt yli kolminkertaista normaalitilanteeseen nähden. Käyttäjiä on ollut yhtä aikaa yli 30 000. “Ennakoimme etätyön voimakasta lisääntymistä muutama viikko sitten. Nyt näyttää, että lukuisat toimenpiteemme ovat purreet. Lisäksi valtionhallinnon työntekijät pystyvät itse vaikuttamaan kuormituksen kestävyyteen, ja antamiamme ohjeita on selkeästi noudatettu. Yhteistyö on nyt todella tärkeää”, Valtorin tuotantojohtaja Tero Latvakangas toteaa tiedotteessa.

Huutokaupasta Saksassa ostetussa tieto­koneessa oli ohjus­järjestelmän salaiset käyttö­ohjeet Saman­tyyppinen järjestelmä on käytössä myös Suomessa, Puolustus­voimat niukka­sanaisena

www.hs.fi/kotimaa/art-2000006444561.html Saksan puolustusvoimien Bundeswehrin käytöstä poistaman tietokoneen kiintolevyltä löytyi Leflasys Ozelot -nimistä (Das Leichte Flugabwehr System Ozelot) ilmatorjuntaohjusjärjestelmää koskevat täydelliset käyttöohjeet. Lue myös:

www.tivi.fi/uutiset/tv/0942aff7-d12f-4896-80c5-dbab065c512a

Countering foreign interference and social media misinformation in Australia

www.zdnet.com/article/countering-foreign-interference-and-social-media-misinformation-in-australia/ DFAT, the Attorney-General’s Department, and the AEC have all highlighted what measures are in place to curb trolls from spreading misinformation across social media.

France warns of new ransomware gang targeting local governments

www.zdnet.com/article/france-warns-of-new-ransomware-gang-targeting-local-governments/ CERT France says some local governments have been infected with a new version of the Pysa (Mespinoza) ransomware. France’s cyber-security agency issued an alert this week warning about a new ransomware gang that’s been recently seen targeting the networks of local government authorities.

Coronavirus, Self-Isolation and Work From Home Security

www.pandasecurity.com/mediacenter/mobile-news/coronavirus-work-from-home/ As governments across the world struggle to contain the VCOVID-19 virus, businesses are being asked to allow their employees to work from home. For many people this will be the first time they have ever been able to work remotely which could cause some serious IT security headaches for their employers. Cybercriminals are aware of the rush and the potential for mistakes that could let them break in. Which means you have a part to play in protecting your employer. Here’s a few tips to get you started.

COVID-19 Themed Multistage Malware

isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/ More and more countries are closing their borders and ask citizens to stay at home. The COVID-19 virus is everywhere and also used in campaigns to lure more victims who are looking for information about the pandemic. I found a malicious email that delivers a multi-stage malware.

Tietoturvapoikkeama? Anna meidän auttaa!

kybervpk.fi/ COVID-19-pandemian aikana kyberhyökkäyksiä on kohdistunut enenevissä määrin muun muassa terveydenhuollon organisaatioihin. Suomalainen hakkerikollektiivi KyberVPK on perustettu auttamaan kriittisten toimintojen tuottajia taistelussa hyökkäyksiä vastaan ja palautumaan niistä.

Venäjältä tulvii valeuutisia koronaviruksesta pandemian väitetään olevan salajuoni Venäjää vastaan, Italian tukihuijaus tai Rothschildien salajuoni

yle.fi/uutiset/3-11265329 Villit valeuutiset ylläpitävät suomalaisasiantuntijan mukaan länttä ja EU:ta kohtaan tunnettua epäluuloa.

Valtioneuvoston sivuille ilmestyneiden outojen videoiden alkuperää selvitetään “Hieman säikähdettiin”

www.uusimaa.fi/artikkeli/850267-valtioneuvoston-sivuille-ilmestyneiden-outojen-videoiden-alkuperaa-selvitetaan Verkkosivuilla näkyi keskiviikkoaamuna kaksi videoita. Toisen videon otsikkona oli Ramadan Kareem, joka on muslimien käyttämä tervehdys paastokuukauden aikana. Toinen videoista näytti mainokselta. Lue myös

www.tivi.fi/uutiset/tv/27a2ab46-e209-49d4-9f5b-2bc53dc7e5f6

Telia kertoo, miten suomalaiset käyttävät nettiä nyt antaa 4 vinkkiä

www.is.fi/digitoday/art-2000006445322.html Teleoperaattori antaa myös 4 ohjetta verkonkäyttäjille:. 1. Käytä kiinteää verkkoa, kun mahdollista. Paljon dataa kuluttavia palveluja, kuten pelien ja videoiden suoratoistopalveluja, kannattaa käyttää kiinteään verkkoon kytketyssä wifissä mobiilidatayhteyden sijaan. 2. Älä käytä videoyhteyksiä etätöissä, jos niitä ei tarvita. Video vie puheeseen tai tekstiin verrattuna paljon dataa. 3. Etätyön turvallisuudesta tulisi varmistautua. Yritysten kannattaa varmistaa VPN-lisenssien riittävyys ja ohjeistaa turvalliset etätyökäytännöt. 4. Soita äänipuheluita. Jos data takkuaa, soita “vanhan ajan malliin”. Mobiiliverkossa puheella on etuajo-oikeus dataan nähden. Puhelinsoitto läheiselle on myös konkreettinen ja auttava teko. Lue myös:

www.tivi.fi/uutiset/tv/4d2699da-ce8c-4108-b7cf-8157579ed00c

Erillisverkkojen toiminta jatkuu hallitusti poikkeusoloissa

www.erillisverkot.fi/uutishuone/erillisverkkojen_toiminta_jatkuu_hallitusti_poikkeusoloissa.720.news Erillisverkkojen tehtävä on turvata yhteiskunnan kriittistä viestintää ja johtamista kaikissa olosuhteissa. Erityistehtävämme korostuu poikkeusoloissa. Koronavirusepidemian synnyttämässä tilanteessa yhtiön tuottamien yhteiskuntaa tukevien ja kansalaisten turvallisuutta varmistavien ict-palveluiden merkitys on korostunut. “Yhtiö huolehtii palveluidensa toimintavarmuudesta kaikissa oloissa. Riskien arviointi on jatkuvaa ja päivitämme varautumissuunnitelmiamme aktiivisesti. Koronaviruksella ei ole ollut vaikutuksia yhtiön tarjoamiin palveluihin tai niiden saatavuuteen. Viranomaisille varatussa Virve-radioverkossa riittää ryhmäpuheen ja lyhytsanomien kapasiteettia kaikille käyttäjille”, vahvistaa toimitusjohtaja Timo Lehtimäki.

February 2020 Cyber Attacks Statistics

www.hackmageddon.com/2020/03/19/february-2020-cyber-attacks-statistics/ Another day, another set of monthly statistics. Today we have the charts derived from the cyber attacks timelines of February (Part I and Part II). Even if February had only 29 days, I have collected a total of 186 events. This is the probably the higher number that I remember. The high number of events is immediately visible from the Daily Trend chart, which shows a consistent activity throughout the month (with the predictable breaks during the weekends).

Microsoft Teams Reaches 44M Daily Users After 12M Weekly Gain

www.bleepingcomputer.com/news/microsoft/microsoft-teams-reaches-44m-daily-users-after-12m-weekly-gain/ Microsoft announced today that its Teams collaboration service experienced a huge usage spike with 12 million new daily active users being added within the last seven days, bringing the total to 44 million.

RedLine Info-Stealing Malware Spread by [email protected] Phishing

www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/ A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake

[email protected] app that installs an information-stealing malware.

Critical RCE Bug in Windows 7 and Server 2008 Gets Micropatch

www.bleepingcomputer.com/news/security/critical-rce-bug-in-windows-7-and-server-2008-gets-micropatch/ A micropatch fixing a remote code execution (RCE) vulnerability in the Windows Graphics Device Interface (GDI+) is now available through the 0patch platform for Windows 7 and Server 2008 R2 users.

Probing Pawn Storm – Cyberespionage Campaign Through Scanning, Credential Phishing and More

www.trendmicro.com/vinfo/us/security/news/cyber-attacks/probing-pawn-storm-cyberespionage-campaign-through-scanning-credential-phishing-and-more The notorious threat group Pawn Storm has been known to target high-profile entities, from governments to media for years. This research paper looks into the ways the group compromised email addresses and servers to facilitate credential phishing attacks. Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets. Read also:

www.theregister.co.uk/2020/03/19/apt28_middle_east/ and

documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf

Work from home: Improve your security with MFA

www.welivesecurity.com/2020/03/19/work-home-improve-security-mfa/ Remote work can be much safer with the right cyberhygiene practices in place multifactor authentication is one of them. If you happen to be working from home due to the COVID-19 pandemic, you should beef up your logins with Multi-Factor Authentication (MFA), or sometimes called Two-Factor Authentication (2FA). That way, you don’t have to entrust your security to a password alone. Easy to hack, steal, leak, rinse and repeat, passwords have become passé in the security world; it’s time to dial in your MFA.

Raising Your Own APT: Purple Team Exercises to Drive Security Program Maturity

www.recordedfuture.com/security-program-maturity/ Purple teaming allows your organization to run scenarios pitting your blue team (defenders) against a red team (penetration testers or pen test software) to identify breakdowns in detective and preventive controls, processes during incidents, and procedures. Pen testing, of course, is nothing new to information security teams, but the potential for conducting pen tests in conjunction with a smart, focused intelligence-driven defense will yield far more information about how ready your organization is.

Security tips for working from home (WFH)

blog.malwarebytes.com/how-tos-2/2020/03/security-tips-for-working-from-home-wfh/ The first so-obvious-it’s-not-obvious tip is to make sure your work devices are physically safe, and that you avoid offering unauthorized views of confidential information.

Security flaws found in popular password managers

www.welivesecurity.com/2020/03/19/security-flaws-found-in-popular-password-managers/ Not all theyre cracked up to be? Several password vaults have been found to contain vulnerabilities, both new and previously disclosed but never patched, a study says

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.