Daily NCSC-FI news followup 2020-04-30

Osataanko teillä torpata tietoturvauhkia? Kyberharjoittelusta hyötyvät kaikki

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/osataanko-teilla-torpata-tietoturvauhkia-kyberharjoittelusta-hyotyvat-kaikki Nyt tehdään mielikuvitusreissu tavalliseen toimistotyöpäivään Kyberilän vesihuollossa, jossa sähköpostejaan läpikäyvä Pirjo saa varsin houkuttelevan tarjouksen. Hän on yksi tuhansista ammattilaisista, joiden työpanos on olennainen, kun varmistamme yhteiskuntamme sujuvaa toimintaa muun muassa tietoturvallisilla työtavoilla. . Tilanteita ja toimintatapoja kannattaa jokaisen harjoitella etukäteen. Me voimme auttaa.

Kyberturvallisuuskeskus kartoittaa suojaamattomia automaatiojärjestelmiä

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskus-kartoittaa-suojaamattomia-automaatiojarjestelmia Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus etsii tietoverkoista suojaamattomia automaatiolaitteita. Työn tavoitteena on parantaa tilannekuvaa ja kyberturvallisuutta Suomessa. Saatuja tuloksia verrataan aikaisempien vuosien tuloksiin.

 Vappuvisa: Tunnista petkuhuiputus!

webropol.com/s/vappuvisa Julkaisimme kalastelusivujen tunnistamiseen liittyvän leikkimielisen visan.

Spear-phishing campaign compromises executives at 150+ companies

www.zdnet.com/article/spear-phishing-campaign-compromises-executives-at-150-companies/ A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today.


Pankki varoittaa edistyneestä kalastelusta sadat tuhannet suomalaiset vaarassa

www.is.fi/digitoday/tietoturva/art-2000006493033.html?ref=rss Aktia on lähettänyt asiakkailleen varoituksen huijauksesta otsikolla Edistynyt pankkitunnuksien kalastelukampanja käynnissä. Huijaus alkaa puhelimeen saapuvalla tekstiviestillä “Teille on sähköpostia”. Traficomin alainen Kyberturvallisuuskeskus (KTK) ei ole nähnyt vielä kalastelua laajasti. Näin ollen se on suurelle osasta ihmisiä tuntematon. On mahdollista, että hyökkääjä käyttää hyväkseen jostain aiemmasta tietovuodosta saamiaan henkilötietoja, KTK:n asiantuntija Juha Tretjakov kertoo.

APT trends report Q1 2020

securelist.com/apt-trends-report-q1-2020/96826/ For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Given the exceptional situation the world is living in because of the COVID-19 pandemia, it is mandatory we to start with a summary of how APT groups have been abusing this topic for different types of attacks.

Gain Visibility Into Operational Technology (OT) Environments With a Combined SOC

securityintelligence.com/posts/gain-visibility-into-operational-technology-ot-environments-with-a-combined-soc/ OT cybersecurity incidents have also increased dramatically in recent years: According to the 2020 IBM X-Force Threat Intelligence Index, there was a 2, 000 percent increase year-over-year. This, coupled with a lack of combined IT/OT visibility into OT environments, means security issues can happen without anyone knowing, resulting in catastrophic damage to the business in some cases.

ESET Threat Report

www.welivesecurity.com/2020/04/29/eset-threat-report-q12020/ A view of the Q1 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. PDF:


TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam

securityintelligence.com/posts/trickbot-campaigns-targeting-users-via-department-of-labor-fmla-spam/ Recent analysis from our spam traps uncovered a new Trickbot campaign that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA), which gives employees the right to medical leave benefits, as context around COVID-19 in order to distribute the malware.

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

thehackernews.com/2020/04/android-banking-keylogger.html A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called “EventBot” by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase.


The Dangers of COVID-19 Surveillance Proposals to the Future of Protest

www.eff.org/deeplinks/2020/04/some-covid-19-surveillance-proposals-could-harm-free-speech-after-covid-19 Many of the new surveillance powers now sought by the government to address the COVID-19 crisis would harm our First Amendment rights for years to come.

Average Ransomware Payments Soared in the First Quarter

www.darkreading.com/attacks-breaches/average-ransomware-payments-soared-in-the-first-quarter/d/d-id/1337695 Criminals extorting large amounts of money from big enterprises pulled up the overall average significantly compared with the fourth quarter of 2019, Coveware says.

Haittaohjelma salaa puhelimen ja pelottelee pornolla tutkija pelkää vielä pahempaa

www.is.fi/digitoday/mobiili/art-2000006490926.html Venäläinen Android-haittaohjelma jäljittelee nyt FBI:tä ja syyttää uhria kielletyn pornon katsomisesta.

Security: Blocking the path that leads from gaming cheats to malware

www.zdnet.com/article/security-blocking-the-path-that-leads-from-gaming-cheats-to-malware/#ftag=RSSbaffb68 Hyper-competitive online gaming has led to a ready market for cheats. But security experts warn that the skills involved with crafting cheats can easily by used for developing and selling malware. There’s now enough demand for cheats that there is a lucrative marketplace dedicated to helping gamers gain an unfair edge. “People create software to be able to install it in the game without being detected, so it’s similar to a virus; you want to attack without being detected, while other things are going on in the background for the user, ” says Mayra Rosario, senior threat researcher at Trend Micro.

Cybersecurity and the economy: when recession strikes

blog.malwarebytes.com/cybercrime/2020/04/cybersecurity-and-the-economy-when-recession-strikes/ Cybercrime and the economy have always been intertwined, but with COVID-19 on the road to causing a seemingly inevitable global recession, many are asking what, exactly, will the impact be on cybercrime. Will criminals step up and increase malware production, ramp up phishing attacks, do whatever it takes to pull in some cash? Or will it cause a little downturn in malware making and other dubious dealings?

Here’s the NSA’s guide for choosing a safe text chat and video conferencing service

www.zdnet.com/article/heres-the-nsas-guide-for-choosing-a-safe-text-chat-and-video-conferencing-service/#ftag=RSSbaffb68 NSA publishes guidance on choosing a secure teleworking service. Assessed tools include Slack, Zoom, Signal, Skype, more.

You might be interested in …

Daily NCSC-FI news followup 2021-05-02

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/ According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% last year. That same global survey discovered that only 8% of them got all their data […]

Read More

Daily NCSC-FI news followup 2019-11-16

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers threatpost.com/holiday-shoppers-malicious-sites-posing-retailers/150326/ As the holiday season looms, cybercrooks are going after shoppers with more than 100,000 lookalike domains mimicking legitimate retailers.. To that point, Venafi researchers uncovered the copycat phishing sites, which use trusted, valid TLS certificates (60 percent of them are free certificates from […]

Read More

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.