Daily NCSC-FI news followup 2020-05-02

Scammers Using COVID-19/Coronavirus Lure to Target Medical Suppliers

www.fortinet.com/blog/threat-research/scammers-using-covid-19-coronavirus-lure-to-target-medical-suppliers.html FortiGuard Labs has discovered a new malicious spearphishing campaign, once again using the COVID-19/Coronavirus pandemic as a lure. This latest email campaign targets a medical device supplier, wherein the attacker is inquiring about various materials needed to address the COVID-19 pandemic due to high demand for supplies, and includes a compelling statement that they have already tried to reach the recipient via telephone in order to create a stronger sense of urgency. The attachment is a maliciously crafted Word document, utilizing the infamous CVE-2017-11882 (Office Equation Editor) vulnerability.

It’s no time to let your guard down as coronavirus fraud remains a threat

www.welivesecurity.com/2020/05/01/no-time-let-your-guard-down-coronavirus-fraud-rampant/ In part four of our series on COVID-19-related scams, we share a few examples of recent campaigns targeting your money and personal data.

Cybersecurity and the economy: when recession strikes

blog.malwarebytes.com/cybercrime/2020/04/cybersecurity-and-the-economy-when-recession-strikes/ Cybercrime and the economy have always been intertwined, but with COVID-19 on the road to causing a seemingly inevitable global recession, many are asking what, exactly, will the impact be on cybercrime. Will criminals step up and increase malware production, ramp up phishing attacks, do whatever it takes to pull in some cash? Or will it cause a little downturn in malware making and other dubious dealings?

Europol analyses on criminal operations in Europe during COVID-19 Crisis

securityaffairs.co/wordpress/102574/cyber-crime/europol-criminal-operations-covid-19.html Threat actors and criminal organizations continue to take advantage of the COVID-19 pandemic to make money, Europol warns. also:


Abnormal Attack Stories: Microsoft Teams Impersonation

abnormalsecurity.com/blog/abnormal-attack-stories-microsoft-teams-impersonation/ In this attack, attackers are impersonating a notification from Microsoft Teams in order to steal the credentials of employees. Microsoft Teams has seen one of the largest increase in users as a result of the shift to remote work in response to the current COVID-19 pandemic.

Trump bans acquisition of foreign power grid equipment, citing hacking threats

www.zdnet.com/article/trump-bans-acquisition-of-foreign-power-grid-equipment-citing-hacking-threats/#ftag=RSSbaffb68 President Donald Trump signed today an executive order barring US power grid entities from buying and installing electrical equipment that has been manufactured outside the US. Trump said that “foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system.”

Upgraded Cerberus Spyware Spreads Rapidly via MDM

threatpost.com/cerberus-trojan-major-spyware-targeted-attack/155415/ No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers. also:


Advanced Persistent Threat Golden_hands – Digital Bank Robbery of the Year 2020

www.vulnerability-db.com/?q=articles%2F2020%2F04%2F30%2Fadvanced-persistent-threat-goldenhands-digital-bank-robbery-year-2020 This is a story about advanced persistent threats in Germany and the European Union during the crisis affecting the finance system and economy sector.

Zero Trust Deployment Guide for Microsoft Azure Active Directory

www.microsoft.com/security/blog/2020/04/30/zero-trust-deployment-guide-azure-active-directory/ Microsoft is providing a series of deployment guides for customers who have engaged in a Zero Trust security strategy. In this guide, we cover how to deploy and configure Azure Active Directory (Azure AD) capabilities to support your Zero Trust security strategy.

Threat Spotlight: Malicious use of reCaptcha

blog.barracuda.com/2020/04/30/threat-spotlight-malicious-recaptcha/ In the never-ending battle between cybersecurity and cybercrime, cybercriminals continue to find new techniques to evade detection. One such trick Barracuda researchers have started seeing more often in phishing campaigns uses reCaptcha walls to block URL scanning services from accessing the content of phishing pages.

North Dakota government fiber provider hit by ransomware

statescoop.com/north-dakota-government-fiber-provider-hit-maze-ransomware/ The company that operates a fiber optic network that supports statewide and local government entities across North Dakota was a victim of a recent ransomware attack that included some of the firm’s files being published on a website that attempts to shame victims into paying.

The Russian Doll of Putin’s Internet Clampdown

www.wired.com/story/opinion-the-russian-doll-of-putins-internet-clampdown/ The Kremlin’s path toward censorship, surveillance, and repression has many more layers than meets the eye.

Hacker leaks 15 million records from Tokopedia, Indonesia’s largest online store

www.zdnet.com/article/hacker-leaks-15-million-records-from-tokopedia-indonesias-largest-online-store/#ftag=RSSbaffb68 The Tokopedia data has been published on a well-known hacking forum.

Näin sinua yritetään huijata koronan nimissä Tietoturva-asiantuntija kertoo, miten nettihuijarit hyödyntävät nyt koronaepidemiaa

www.hs.fi/teknologia/art-2000006493173.html “Korona vaikuttaa siihen, kenen nimissä verkkorikolliset yrittävät nyt tehdä huijauksia”, sanoo tietoturva-asiantuntija Ville Kontinen.

You might be interested in …

Daily NCSC-FI news followup 2019-10-21

Verkon myyntisivustolla liikkuu huijariostajia näyttävät myyjälle väärennetyn kuitin tai tiliotteen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/verkon_myyntisivustolla_liikkuu_huijariostajia_nayttavat_myyjalle_vaarennetyn_kuitin_tai_tiliotteen_85170 Helsingin poliisin tietoon on tullut syksyn aikana samantyyppisiä huijaustapauksia, joissa tavarat ovat vaihtaneet omistajaa Tori.fi-verkkosivuston kautta. Tapauksissa huijarit ovat esittäneet ostotilanteessa myyjälle väärennetyn kuitin tai tiliotteen, joka on tehty pankin demosivustolla. Venäläiset kaappasivat Iranin operaation ja vakoilivat kohteita kymmenissä maissa www.hs.fi/ulkomaat/art-2000006280146.html Turvallisuuspalvelu FSB:hen yhdistetty […]

Read More

Daily NCSC-FI news followup 2020-03-20

GUIDANCE ON THE ESSENTIAL CRITICAL INFRASTRUCTURE WORKFORCE www.cisa.gov/publication/guidance-essential-critical-infrastructure-workforce MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/ Ransomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell […]

Read More

Daily NCSC-FI news followup 2020-11-16

Verkkorikolliset yrittävät nyt kiristää varastetulla datalla tuplasti Yhä useampi raportoi, ettei tietoja ole palautettu lunnaiden maksun jälkeen www.kauppalehti.fi/uutiset/verkkorikolliset-yrittavat-nyt-kiristaa-varastetulla-datalla-tuplasti-yha-useampi-raportoi-ettei-tietoja-ole-palautettu-lunnaiden-maksun-jalkeen/5d70090b-104d-4950-a751-0… Esimerkiksi Revil-kiristysohjelmaa käyttäneet hakkerit olivat lähestyneet uhreja uudelleen viikkoja sen jälkeen, kun lunnaat oli vastaanotettu. Kun uhri saa lunnaat maksettuaan salausavaimen, sitä ei voida häneltä ottaa pois. Varastettujen tietojen avulla rikolliset sen sijaan voivat palata toiseen maksuun […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.