Daily NCSC-FI news followup 2020-06-15

AWS Hit With a Record 2.3 Tbps DDoS Attack

www.cbronline.com/news/record-ddos-attack-aws AWS says it was hit with a record DDoS attack of 2.3 Tbps earlier this year, with the (unsuccessful) attempt to knock cloud services offline continuing for three days in February. To put the scale of the attempt in context, it is nearly double the 1.3 Tbps attack that blasted GitHub in 2018, or the circa 1 Tbps Mirai botnet DDoS that famously knocked Dyn offline in 2016.

Complexity and size of DDoS attacks have increased

www.helpnetsecurity.com/2020/06/15/2019-ddos-attacks/ The complexity and size of DDoS attacks in 2019 has increased significantly compared to 2018. A report published by NaWas by NBIP concludes that despite the number of attacks has decreased slightly over 2019, their complexity and size has increased significantly.

Web skimmers found on the websites of Intersport, Claire’s, and Icing

www.zdnet.com/article/web-skimmers-found-on-the-websites-of-intersport-claires-and-icing/ The malicious code has now been removed from all stores, but users are advised to review card statements for suspicious transactions. A similar incident was also detailed today by antivirus maker ESET, impacting the website of Intersport, one of Europe’s largest sporting goods retail chains, with more than 5, 800 stores across the continent. The skimmer wasn’t loaded on all versions of the Intersport website, but only on the local versions serving customers in Croatia, Serbia, Slovenia, Montenegro, and Bosnia and Herzegovina.

Does the world need a multilateral cyber hotline?

www.zdnet.com/article/does-the-world-need-a-multilateral-cyber-hotline/ The pace of a cyber attack could match nuclear war, but attribution is hard. Direct communications links like the Cold War’s US-Soviet hotline could help de-escalate international cyber tensions.

Examining the US Cyber Budget

www.schneier.com/blog/archives/2020/06/examining_the_u.html Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack.

10 Essential Bug Bounty Programs of 2020

www.tripwire.com/state-of-security/security-data-protection/cyber-security/essential-bug-bounty-programs/ In 2019, the State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. COVID-19 has changed the digital security landscape, as well. With that in mind, it’s time for an updated list.

May’s Most Wanted Malware: Ursnif Banking Trojan Ranks On Top 10 Malware List for First Time, Over Doubling Its Impact On Organizations

blog.checkpoint.com/2020/06/15/mays-most-wanted-malware-ursnif-banking-trojan-ranks-on-top-10-malware-list-for-first-time-over-doubling-its-impact-on-organizations/ Our latest Global Threat Index for May 2020 has found several malicious spam campaigns distributing the Ursnif banking trojan, which caused it to jump up 19 places to 5th in the Top Malware list, doubling its impact on organizations worldwide

Explicit content and cyberthreats: 2019 report

securelist.com/explicit-content-and-cyberthreats-2019-report/97310/ Stay at home’ is the new motto for 2020 and it has entailed many changes to our daily lives, most importantly, in terms of our digital content consumption. With users opting to entertain themselves online, malicious activity has grown. Over the past two years we have reviewed how adult content has been used to spread malware and abuse users’ privacy. This is a trend that’s unlikely to go away, especially under current circumstances. While many pornography platforms are enjoying an influx of new users and providing legitimate and safe services, the security risks remain, if not increase.

Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

www.wired.com/story/dating-apps-leak-explicit-photos-screenshots/ Security researchers Noam Rotem and Ran Locar were scanning the open internet on May 24 when they stumbled upon a collection of publicly accessible Amazon Web Services “buckets.”. Each contained a trove of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt. In all, the researchers found 845 gigabytes and close to 2.5 million records, likely representing data from hundreds of thousands of users. They are publishing their findings today with vpnMentor. also:

www.vpnmentor.com/blog/report-dating-apps-leak/

Intel adds CPU-level malware protection to Tiger Lake processors

www.bleepingcomputer.com/news/security/intel-adds-cpu-level-malware-protection-to-tiger-lake-processors/ Intel today announced a new CPU-level security capability known as Control-Flow Enforcement Technology (Intel CET) that offers protection against malware using control-flow hijacking attack methods on devices with Intel’s future Tiger Lake mobile processors. “Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attackswidely used techniques in large classes of malware, ” Intel VP & GM of Client Security Strategy and Initiatives Tom Garrison said.

Running ConnectWise Automate on-prem? Fix this high-risk API vulnerability

www.helpnetsecurity.com/2020/06/15/connectwise-automate-api-vulnerability/ ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes.

HTML based Phishing Run

isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/ An intresting phishing run started over the weekend. At first glance it looks pretty typical…a clumsy email with an attachment with some vital and useful information. But if past history tells us anything these clumsy campaigns will sometimes get better and cause some chaos. So it is worth keeping an eye on.

South African bank to replace 12m cards after employees stole master key

www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/ Postbank, the banking division of South Africa’s Post Office, has lost more than $3.2 million from fraudulent transactions and will now have to replace more than 12 million cards for its customers after employees printed and then stole its master key.

TAU Threat Analysis: Relations to Hakbit Ransomware

www.carbonblack.com/2020/06/15/tau-threat-analysis-relations-to-hakbit-ransomware/ During a recent investigation into Hakbit ransomware, TAU decided to hit the “pause” button and take some time out to investigate this particular ransomware variant. The research methodology and findings are discussed within this report. From a single sample, and using some of the extracted metadata contained in this sample, we were able to pivot across some of those data points in order to uncover a total of 10 related ransomware families. This was discovered through the combination of static and dynamic analysis. This example can be helpful in expanding our understanding behind not only the code reuse amongst cyber criminals, but also the relationships between other ransomware families, campaigns and variants.

Quarterly report: Incident Response trends in Summer 2020

blog.talosintelligence.com/2020/06/CTIR-trends-q3-2020.html For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a decrease in observations of attacks leveraging commodity trojans. Email remained the top infection vector, though we observe increased compromises of remote desktop services (RDS) as well as Citrix devices and Pulse VPN. One of the more interesting trends this quarter was the role of the COVID-19 pandemic. Interestingly, we did not observe any engagements in which COVID-19 was used in an attack. However, CTIR has observed the pandemic impacting organizations, affecting their ability to respond and contain cybersecurity incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.