Daily NCSC-FI news followup 2020-04-05

Suomessa kaupitellaan nyt olemattomia hengityssuojaimia Koronapandemia pitää rötöstelijätkin kotona, mutta nettirikolliset aktiivisina

yle.fi/uutiset/3-11288563?origin=rss EU-komissio ja eurooppalaiset kuluttajaviranomaiset ovat ryhtyneet toimiin koronaan liittyvien huijausten ehkäisemiseksi. Esimerkiksi EU-komissio on vaatinut suurilta markkinoijilta ja alustoilta yhteistyötä. Koronaan liittyviä huijausilmoituksia on tullut parikymmentä tähän mennessä, sanoo erityisasiantuntija Saija Kivimäki Kilpailu- ja kuluttajavirastosta.

Microsoft: Emotet Took Down a Network by Overheating All Computers

www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/ Microsoft says that an Emotet infection was able to take down an organization’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment.. Case study at

www.microsoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Operational-Shutdown.pdf

Threat Alert: Kinsing Malware Attacks Targeting Container Environments

blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability Lately weve been witnessing a rise in the number of attacks that target container environments. Weve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily basis. These are the highest numbers weve seen in some time, far exceeding . what we have witnessed to date. We therefore believe that these attacks are directed by actors with sufficient resources and the infrastructure needed to carry out and sustain such attacks, and that this is not an improvised endeavor.

Hundreds of internal servicedesks exposed due to COVID-19

medium.com/@intideceukelaire/hundreds-of-internal-servicedesks-exposed-due-to-covid-19-ecd0baec87bd An increasing number of Atlassian JIRA Servicedesks have been misconfigured to be accessible for anyone to sign up. In essence, this is nothing to worry about as servicedesks may have legitimate reasons to be public. However, a growing number of instances have been repurposed to serve as an internal service ticket portal, allowing attackers to impersonate employees and create legitimate internal . requests. […] I took a list of 10.000 popular domain names globally and found out that no less than 288 of 1.972 (roughly 15%) corresponding Atlassian instances were open to the public. This was an increase of 12% compared to tests conducted before the COVID-19 crisis my earliest scans date back from last summer.. About one third of the servicedesks I joined allowed me to assign tickets to other users. In certain configurations, where users are created for any inbound support e-mail (with their display name automatically set to their e-mail address), this would leak the e-mail addresses of every user that has interacted with the external support channels as well.

This is how you deal with route leaks

radar.qrator.net/blog/how_you_deal_with_route_leaks Heres the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP Rostelecom (AS12389) was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.

Crave the Data: Statistics from 1,300 Phishing Campaigns

research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/ analysing the data NCC Group has from its Piranha platform we found a distinct variation on success rates when comparing organisations from different sectors. Targets in Charities were found to be over 3 times more likely to click a link in a Phishing attack than targets in the Health sector, however once a user had been fooled into clicking the link, half were likely to enter credentials . regardless of what sector they worked in.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.