Daily NCSC-FI news followup 2020-04-30

Osataanko teillä torpata tietoturvauhkia? Kyberharjoittelusta hyötyvät kaikki

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/osataanko-teilla-torpata-tietoturvauhkia-kyberharjoittelusta-hyotyvat-kaikki Nyt tehdään mielikuvitusreissu tavalliseen toimistotyöpäivään Kyberilän vesihuollossa, jossa sähköpostejaan läpikäyvä Pirjo saa varsin houkuttelevan tarjouksen. Hän on yksi tuhansista ammattilaisista, joiden työpanos on olennainen, kun varmistamme yhteiskuntamme sujuvaa toimintaa muun muassa tietoturvallisilla työtavoilla. . Tilanteita ja toimintatapoja kannattaa jokaisen harjoitella etukäteen. Me voimme auttaa.

Kyberturvallisuuskeskus kartoittaa suojaamattomia automaatiojärjestelmiä

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskus-kartoittaa-suojaamattomia-automaatiojarjestelmia Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus etsii tietoverkoista suojaamattomia automaatiolaitteita. Työn tavoitteena on parantaa tilannekuvaa ja kyberturvallisuutta Suomessa. Saatuja tuloksia verrataan aikaisempien vuosien tuloksiin.

 Vappuvisa: Tunnista petkuhuiputus!

webropol.com/s/vappuvisa Julkaisimme kalastelusivujen tunnistamiseen liittyvän leikkimielisen visan.

Spear-phishing campaign compromises executives at 150+ companies

www.zdnet.com/article/spear-phishing-campaign-compromises-executives-at-150-companies/ A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today.


Pankki varoittaa edistyneestä kalastelusta sadat tuhannet suomalaiset vaarassa

www.is.fi/digitoday/tietoturva/art-2000006493033.html?ref=rss Aktia on lähettänyt asiakkailleen varoituksen huijauksesta otsikolla Edistynyt pankkitunnuksien kalastelukampanja käynnissä. Huijaus alkaa puhelimeen saapuvalla tekstiviestillä “Teille on sähköpostia”. Traficomin alainen Kyberturvallisuuskeskus (KTK) ei ole nähnyt vielä kalastelua laajasti. Näin ollen se on suurelle osasta ihmisiä tuntematon. On mahdollista, että hyökkääjä käyttää hyväkseen jostain aiemmasta tietovuodosta saamiaan henkilötietoja, KTK:n asiantuntija Juha Tretjakov kertoo.

APT trends report Q1 2020

securelist.com/apt-trends-report-q1-2020/96826/ For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Given the exceptional situation the world is living in because of the COVID-19 pandemia, it is mandatory we to start with a summary of how APT groups have been abusing this topic for different types of attacks.

Gain Visibility Into Operational Technology (OT) Environments With a Combined SOC

securityintelligence.com/posts/gain-visibility-into-operational-technology-ot-environments-with-a-combined-soc/ OT cybersecurity incidents have also increased dramatically in recent years: According to the 2020 IBM X-Force Threat Intelligence Index, there was a 2, 000 percent increase year-over-year. This, coupled with a lack of combined IT/OT visibility into OT environments, means security issues can happen without anyone knowing, resulting in catastrophic damage to the business in some cases.

ESET Threat Report

www.welivesecurity.com/2020/04/29/eset-threat-report-q12020/ A view of the Q1 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. PDF:


TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam

securityintelligence.com/posts/trickbot-campaigns-targeting-users-via-department-of-labor-fmla-spam/ Recent analysis from our spam traps uncovered a new Trickbot campaign that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA), which gives employees the right to medical leave benefits, as context around COVID-19 in order to distribute the malware.

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

thehackernews.com/2020/04/android-banking-keylogger.html A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called “EventBot” by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.


The Dangers of COVID-19 Surveillance Proposals to the Future of Protest

www.eff.org/deeplinks/2020/04/some-covid-19-surveillance-proposals-could-harm-free-speech-after-covid-19 Many of the new surveillance powers now sought by the government to address the COVID-19 crisis would harm our First Amendment rights for years to come.

Average Ransomware Payments Soared in the First Quarter

www.darkreading.com/attacks-breaches/average-ransomware-payments-soared-in-the-first-quarter/d/d-id/1337695 Criminals extorting large amounts of money from big enterprises pulled up the overall average significantly compared with the fourth quarter of 2019, Coveware says.

Haittaohjelma salaa puhelimen ja pelottelee pornolla tutkija pelkää vielä pahempaa

www.is.fi/digitoday/mobiili/art-2000006490926.html Venäläinen Android-haittaohjelma jäljittelee nyt FBI:tä ja syyttää uhria kielletyn pornon katsomisesta.

Security: Blocking the path that leads from gaming cheats to malware

www.zdnet.com/article/security-blocking-the-path-that-leads-from-gaming-cheats-to-malware/#ftag=RSSbaffb68 Hyper-competitive online gaming has led to a ready market for cheats. But security experts warn that the skills involved with crafting cheats can easily by used for developing and selling malware. There’s now enough demand for cheats that there is a lucrative marketplace dedicated to helping gamers gain an unfair edge. “People create software to be able to install it in the game without being detected, so it’s similar to a virus; you want to attack without being detected, while other things are going on in the background for the user, ” says Mayra Rosario, senior threat researcher at Trend Micro.

Cybersecurity and the economy: when recession strikes

blog.malwarebytes.com/cybercrime/2020/04/cybersecurity-and-the-economy-when-recession-strikes/ Cybercrime and the economy have always been intertwined, but with COVID-19 on the road to causing a seemingly inevitable global recession, many are asking what, exactly, will the impact be on cybercrime. Will criminals step up and increase malware production, ramp up phishing attacks, do whatever it takes to pull in some cash? Or will it cause a little downturn in malware making and other dubious dealings?

Here’s the NSA’s guide for choosing a safe text chat and video conferencing service

www.zdnet.com/article/heres-the-nsas-guide-for-choosing-a-safe-text-chat-and-video-conferencing-service/#ftag=RSSbaffb68 NSA publishes guidance on choosing a secure teleworking service. Assessed tools include Slack, Zoom, Signal, Skype, more.

You might be interested in …

Daily NCSC-FI news followup 2021-01-07

Linux malware authors use Ezuri Golang crypter for zero detection www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use. December 2020’s Most Wanted Malware: Emotet Returns as Top Malware […]

Read More

Daily NCSC-FI news followup 2020-08-28

Is China the World’s Greatest Cyber Power? www.darkreading.com/threat-intelligence/is-china-the-worlds-greatest-cyber-power/d/d-id/1338778 The nation’s aggressive approach to using cyber operations to achieve political and national aims has set its cyber strategy apart from the more cautious and considered approaches of most other nations. Attackers linked to China have vacuumed up personally identifiable information on US and European citizens, stolen […]

Read More

Daily NCSC-FI news followup 2020-12-27

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. Koei Tecmo discloses data breach after hacker leaks stolen data www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/ Japanese game developer Koei Tecmo has disclosed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.