Daily NCSC-FI news followup 2020-07-17

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

www.wired.com/story/iran-apt35-hacking-video/ IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accountsand who it’s targeting. Read also:


arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/ and


Can the exfiltration of personal data by web trackers be stopped?

freedom-to-tinker.com/2020/07/14/can-the-exfiltration-of-personal-data-by-web-trackers-be-stopped/ In a series of posts on this blog in 2017/18, we revealed how web trackers exfiltrate personal information from web pages, browser password managers, form inputs, and the Facebook Login API. Our findings resulted in many fixes and privacy improvements to browsers, websites, third parties, and privacy protection tools. However, the root causes of these privacy failures remain unchanged, because they stem from the design of the web itself. In a paper at the 2020 Privacy Enhancing Technologies Symposium, we recap our findings and propose two potential paths forward.

EFF Launches Searchable Database of Police Agencies and the Tech Tools They Use to Spy on Communities

www.eff.org/press/releases/eff-launches-searchable-database-police-agencies-and-tech-tools-they-use-spy The Electronic Frontier Foundation (EFF), in partnership with the Reynolds School of Journalism at the University of Nevada, Reno, today launched the largest-ever collection of searchable data on police use of surveillance technologies.

EU Court Again Rules That NSA Spying Makes U.S. Companies Inadequate for Privacy

www.eff.org/deeplinks/2020/07/eu-court-again-rules-nsa-spying-makes-us-companies-inadequate-privacy The European Union’s highest court today made clearonce againthat the US government’s mass surveillance programs are incompatible with the privacy rights of EU citizens. The judgment was made in the latest case involving Austrian privacy advocate and EFF Pioneer Award winner Max Schrems. It invalidated the “Privacy Shield, ” the data protection deal that secured the transatlantic data flow, and narrowed the ability of companies to transfer data using individual agreements (Standard Contractual Clauses, or SCCs). Read also:

www.theguardian.com/technology/2020/jul/16/tech-firms-like-facebook-must-restrict-data-sent-from-eu-to-us-court-rules. Lue myös:

www.tivi.fi/uutiset/tv/4fab5456-d69e-4185-b3a1-f2def844dc74 ja

yle.fi/uutiset/3-11450657. Sekä


The Tactical Chameleon: Security Through Diverse Strategy

blogs.cisco.com/security/the-tactical-chameleon-security-through-diverse-strategy Over the course of my professional career, I have been fortunate enough to be involved in the development of video games and I still keep up with current events and trends in the video game industry. For many, video games are a hobby but for me, they are much more than that. Video games have given me a way to model conflict and there are many patterns we can borrow and apply to the way we approach cybersecurity. When this subject comes up in academic circles, they are quick to reach into the field of study called Game Theory. However, I have had very little luck applying this logical and orderly model in the real world. The reality is, production networks are messy, attackers don’t fit nicely into categories, and in the fast-moving field of cybersecurity, a lot of what happened even this week will take months if not years to reach learning institutions.

Lost in Translation: Serious Flaws Found in ICS Protocol Gateways

www.darkreading.com/vulnerabilities—threats/lost-in-translation-serious-flaws-found-in-ics-protocol-gateways-/d/d-id/1338341 These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month. Read also:


DHS CISA tells government agencies to patch Windows Server DNS bug within 24h

www.zdnet.com/article/dhs-cisa-tells-government-agencies-to-patch-windows-server-dns-bug-within-24h/ CISA cites “likelihood of the vulnerability being exploited” and widespread use of Windows Server as primary reason for today’s rare measure. Read also:

us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability and

www.forbes.com/sites/daveywinder/2020/07/17/windows-updates-just-got-serious-you-have-24-hours-to-comply-homeland-security-tells-government-agencies-wormable-vulnerability-sigred/. As well as:


Coordinated Twitter attack rakes in 100 grand

blog.malwarebytes.com/social-engineering/2020/07/coordinated-twitter-attack-rakes-in-100-grand/ The official Twitter Support account states that their investigation is still ongoing, but it has revealed that threat actors gained unauthorized access and used it to take control of many highly-visible (including verified) accounts and Tweet on their behalf. From other sources we learned that the threat actors managed to use social engineering on a Twitter employee to gain access to their control panel. Through the employee panel, they were able to change associated email addresses for many accounts to addresses under their control. They then used that as a means to reset the password for the account and disable 2FA. Read also:


threatpost.com/the-great-twitter-hack-what-we-know-what-we-dont/157538/ and

www.theregister.com/2020/07/17/twitter_blue_tick_hack_latest/. As well as:

securityintelligence.com/posts/twitter-social-engineering-attack/ and


Orange, Europe’s Fourth-Largest Mobile Operator, Confirms Ransomware Attack

www.forbes.com/sites/daveywinder/2020/07/17/orange-europes-fourth-largest-mobile-operator-confirms-ransomware-attack-nefilim-data-theft/ Orange, a French telecommunications company and the fourth-largest mobile operator in Europe, has confirmed it fell victim to a ransomware attack during the night of July 4 into July 5. Although Orange can boast 266 million customers, it would appear that the reach of this ransomware attack is limited. Read also:


Russia’s Latest Hacking Target: Covid-19 Vaccine Projects

www.wired.com/story/russias-latest-hacking-target-covid-19-vaccine-projects/ Officials in the three countries believe a state-linked group is trying to steal intellectual property and information about potential vaccine candidates. The UK, US, and Canada have discovered hackers working on behalf of the Russian state launching attacks against coronavirus vaccine development projects. Read also:


Cisco releases security fixes for critical VPN, router vulnerabilities

www.zdnet.com/article/cisco-releases-fixes-for-critical-vpn-router-vulnerabilities/ The worst bugs can be exploited for remote code execution and privilege escalation attacks.

Cloud provider stopped ransomware attack but had to pay ransom demand anyway

www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/ Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company’s network and threatened to publish it online.

Apple’s latest updates are out for iPhones and Macs get them now!

nakedsecurity.sophos.com/2020/07/17/apples-latest-updates-are-out-for-iphones-and-macs-get-them-now/ Read also: support.apple.com/en-gb/HT211289

Weekly Threat Report 17th July 2020

www.ncsc.gov.uk/report/weekly-threat-report-17th-july-2020 The NCSC’s weekly threat report is drawn from recent open source reporting.

ENISA unveils its New Strategy towards a Trusted and Cyber Secure Europe

www.enisa.europa.eu/news/enisa-news/enisa-unveils-its-new-strategy-on-cybersecurity-for-a-trusted-and-cyber-secure-europe This publication by the European Union Agency for Cybersecurity outlines the Agency’s strategic objectives to boost cybersecurity, preparedness and trust across the EU under its new strengthened and permanent mandate. Read also:


Connecting your smart devices with confidence

www.ncsc.gov.uk/blog-post/connecting-smart-devices-with-confidence – From Bluetooth speakers to Wi-Fi enabled toothbrushes, there’s a growing army of ‘connected devices’ in all of our homes. Unfortunately, the speed and quality of manufacturer responses to security issues in ‘Internet of Things’ (IoT) products has been extremely varied. In fact, many still lack basic security features.

UK says Russia sought to interfere in 2019 election by spreading documents online

www.theguardian.com/uk-news/2020/jul/16/uk-says-russia-sought-to-interfere-in-2019-election-by-leaking-documents-online Dominic Raab says Russia amplified an illicitly acquired NHS dossier on social media. Russian actors “sought to interfere” in last winter’s general election by amplifying an illicitly acquired NHS dossier that was seized upon by Labour during the campaign, the foreign secretary has said.

The Fake Cisco

labs.f-secure.com/publications/the-fake-cisco/ Producing counterfeit products is, and always was, a great business if you don’t mind being on the wrong side of things. No need to invest in a costly R&D process, no need to select the best performing and looking materials; the only criterion is the cost of manufacture. This is why we see a lot of counterfeit products on the market, and will likely continue seeing them being made and sold at a fraction of the price of the original. Network hardware designed, manufactured, and sold by Cisco is a very good example. Having an excellent reputation due to great engineering, these products sell at a premium price point. Naturally, this motivates people to attempt producing counterfeits to try and make easy money. In fall 2019, an IT company found some network switches failing after a software upgrade. The company would find out later that they had inadvertently procured suspected counterfeit Cisco equipment. The hardware failure initiated a wider investigation to which the F-Secure Hardware Security team was called and asked to analyse the suspected counterfeit Cisco Catalyst 2960-X series switches and, primarily, provide evidence as to whether any kind of a “backdoor” functionality existed in those devices. Read also:


You might be interested in …

[NCSC-FI News] Follow the Money: How eCriminals Monetize Ransomware

Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability Monetization is the step attackers take to receive a payout when an operation is complete. Threat actors are constantly evolving their methods […]

Read More

Daily NCSC-FI news followup 2019-10-29

Industrial equipment to come under fire at the world’s largest hacking contest www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/ Pwn2Own hacking contest to feature ICS SCADA targets for the first time. The next Pwn2Own contest is set to take place at the S4 ICS security conference that will be held in Miami South Beach on January 21-23, 2020. Microsoft: Russian hackers […]

Read More

Daily NCSC-FI news followup 2020-12-25

SUNBURST Additional Technical Details www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.