Daily NCSC-FI news followup 2020-08-04

Google and Amazon overtake Apple as most imitated brands for phishing in Q2 2020

blog.checkpoint.com/2020/08/04/google-and-amazon-overtake-apple-as-most-imitated-brands-for-phishing-in-q2-2020/ When the career criminal Willie Sutton was asked by a reporter why he robbed so many banks, he reportedly answered: Because thats where the money is. The same logic applies to the question, Why are there so many phishing attacks? Simply because they work, again and again. Its estimated that phishing is the starting point of over 90% of all attempted cyber-attacks, and Verizons 2019 Data Breach Investigations Report showed that nearly one-third (32%) of actual data breaches involved phishing activity. Whats more, phishing was present in 78% of cyber-espionage incidents and the installation and use of backdoors to networks.

Code-Signing: How Malware Gets a Free Pass

www.gdatasoftware.com/blog/how-malware-gets-a-free-pass In an ideal world, something that is signed cannot not be altered. A signature implies that the signed item is trustworthy and unaltered. When it comes to signed files, things look a bit different: A signature does not always mean that everything is in order. Digitally signing a software – also referred to as code signing – is intended to certify a softwares authenticity. It is a method that provides a sense of assurance to the users that the software they are using is untampered with and true to its original design. In January 2019, Virustotal[1], together with Microsoft, disclosed a vulnerability involving digitally signed Microsoft Installer files(.MSI). Researchers had found out that the validity of a digitally signed MSI file will remain intact even after appending additional content to the end of the file.

Robocall Legal Advocate Leaks Customer Data

krebsonsecurity.com/2020/08/robocall-legal-advocate-leaks-customer-data/ A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Do You Have Enough Cloud Security? Use CIS Controls to Assess Yourself

blog.paloaltonetworks.com/2020/08/cloud-cis-controls/ Clients often ask me, How do I know if I have enough security in the cloud? This is a great question because it shows a willingness to learn. The truth is that there is no right answer. However, a simple place to begin is the basics. You should be sure youre covering the basics well and tracking them closely. This is why I am a huge fan of standards. While they are not the be-all and end-all for security, they give you an excellent place to start.

6 Ransomware Trends You Should Watch for in 2020

securityintelligence.com/articles/6-ransomware-trends-2020/ A ransomware infection can have a significant financial impact on an organization. American digital security and data backup firm Datto found that ransomware is costing businesses more than $75 billion a year. Part of that financial impact results from downtime costs. Govtech also revealed that businesses lost an average of $8,500 per hour as the result of ransomware-related downtime, while Coveware placed the total amount of downtime damages at $65,645 per crypto-malware incident.

How much is your personal data worth on the dark web?

www.welivesecurity.com/2020/08/03/how-much-is-your-personal-data-worth-dark-web/ Its no news that the dark web is rife with offers of stolen data that ranges from pilfered credit card information and hijacked payment services accounts to hacked social media accounts. Anyone interested can also hire a neer-do-well to launch a distributed denial of service (DDoS) attack, buy malware, or purchase forged documents and commit identity theft.. But have you ever wondered how much your personal information goes for on the dark web? Researchers at Privacy Affairs have sifted through the listings in the internets seedy underbelly and created an overview of the average price tags attached to your stolen personal data.

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

msrc-blog.microsoft.com/2020/08/04/microsoft-bug-bounty-programs-year-in-review/ Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The security landscape is constantly changing with emerging technology and new threats. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), security researchers have continued to help us secure millions of customers.

Internet Choke Points: Concentration of Authoritative Name Servers

isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/ A utopian vision of the Internet often describes it as a distributed partnership of equals giving everybody the ability to publish and discover information worldwide. This open, democratic Internet is often little more than an imaginary legacy construct that may have existed at some time in the distant past, if ever. Reality: Today, the Internet is governed by a few large entities. Diverse interconnectivity and content distribution were also supposed to make the Internet more robust. But as it has been shown over and over again, a simple misconfiguration at a single significant player will cause large parts of the network to disappear.

Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)

www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/ An Iranian hacking group known as Oilrig has become the first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in its attacks. Speaking in a webinar last week, Vincente Diaz, a malware analyst for antivirus maker Kaspersky, said the change happened in May this year when Oilrig added a new tool to its hacking arsenal.. According to Diaz, Oilrig operators began using a new utility called DNSExfiltrator as part of their intrusions into hacked networks.

Tietoturvaa vaivannut sama päänsärky jo 30 vuotta ei mikään tuntematon uhka

www.tivi.fi/uutiset/tv/30502d08-b6a4-4dd2-95c4-097d149a23d5 Kiristyshaittaohjelmat ovat vaivanneet internetiä kolmen vuosikymmenen ajan, joten ne eivät todellakaan ole mikään eilispäivän uhka. Tästä huolimatta kaikenkokoisissa yrityksissä väki tuntuu olevan aina yhtä yllättynyt siitä, että tunkeutujat ovat onnistuneet pääsemään järjestelmiin ja verkkoihin. Lopulta uhreille jää vain kaksi vaihtoehtoa: joko rakentaa kriittiset it-järjestelmät alusta asti uudelleen tai maksaa roistoille lunnaat datan salauksen purkamiseksi. Aiheesta myös:


WastedLockers techniques point to a familiar heritage

news.sophos.com/en-us/2020/08/04/wastedlocker-techniques-point-to-a-familiar-heritage/ WastedLockers evades detection by performing most operations in memory, and shares several characteristics with a more well known ransomware family. Its a lot easier to change a ransomwares appearance (or obfuscate its code) than to change its underlying goals or behavior. After all, ransomware must necessarily reveal its intent when it strikes. But there are behavioral traits that ransomware routinely exhibits that security software can use to decide whether the program is malicious. Some traits such as the successive encryption of documents are hard for attackers to change.

Windows 10: HOSTS file blocking telemetry is now flagged as a risk

www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a ‘Severe’ security risk. The HOSTS file is a text file located at C:\Windows\system32\driver\etc\HOSTS and can only be edited by a program with Administrator privileges. This file is used to resolve hostnames to IP addresses without using the Domain Name System (DNS).

Leaky AWS S3 buckets are so common, they’re being found by the thousands now with lots of buried secrets

www.theregister.com/2020/08/03/leaky_s3_buckets/ Misconfigured AWS S3 storage buckets exposing massive amounts of data to the internet are like an unexploded bomb just waiting to go off, say experts. The team at Truffle Security said its automated search tools were able to stumble across some 4,000 open Amazon-hosted S3 buckets that included data companies would not want public things like login credentials, security keys, and API keys.

Vulnerable perimeter devices: a huge attack surface

www.bleepingcomputer.com/news/security/vulnerable-perimeter-devices-a-huge-attack-surface/ With the increase of critical gateway devices deployed to support off-premise work, companies across the world have to adapt to a new threat landscape where perimeter and remote access devices are now in the first line. Companies lack visibility into the growing network of internet-connected services and devices that support the new work paradigm; and the avalanche of vulnerabilities reported for edge devices make tackling the new security challenge even more difficult.

INTERPOL report shows alarming rate of cyberattacks during COVID-19

www.interpol.int/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19 An INTERPOL assessment of the impact of COVID-19 on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure. With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.. Also:


Ransomware gang publishes tens of GBs of internal data from LG and Xerox

www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/ The operators of the Maze ransomware have published today tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts. The hackers leaked 50.2 GB they claim to have stolen from LG’s internal network, and 25.8 GB of Xerox data. While LG issued a generic statement to ZDNet in June, neither company wanted to talk about the incident in great depth today.

Hackers Could Use IoT Botnets to Manipulate Energy Markets

www.wired.com/story/hackers-iot-botnets-manipulate-energy-markets/ ON A FRIDAY morning in the fall of 2016, the Mirai botnet wrecked havoc on internet infrastructure, causing major website outages across the United States. It was a wakeup call, revealing the true damage that zombie armies of malware-infected gadgets could cause. Now, researchers at the Georgia Institute of Technology are thinking even farther afield about how the unlikely targets that botnets could someday disruptsuch as energy markets.

FBI Warns on New E-Commerce Fraud

www.darkreading.com/attacks-breaches/fbi-warns-on-new-e-commerce-fraud/d/d-id/1338534 A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic. The FBI is warning of a new wave of fraudulent shopping websites, often advertised on social media platforms, that take orders for a wide range of products and then never deliver.


You might be interested in …

Daily NCSC-FI news followup 2021-12-28

Cyberattack on one of Norway’s largest media companies shuts down presses therecord.media/cyberattack-on-one-of-norways-largest-media-companies-shuts-down-presses/ Amedia, the largest local news publisher in Norway, announced on Tuesday that several of its central computer systems were shut down in what it is calling an apparent “serious” cyberattack. The attack is preventing the company from printing Wednesday’s edition of physical newspapers, […]

Read More

Daily NCSC-FI news followup 2021-04-03

Ransomware gang leaks data from Stanford, Maryland universities www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine’s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial […]

Read More

Daily NCSC-FI news followup 2020-08-28

Is China the World’s Greatest Cyber Power? www.darkreading.com/threat-intelligence/is-china-the-worlds-greatest-cyber-power/d/d-id/1338778 The nation’s aggressive approach to using cyber operations to achieve political and national aims has set its cyber strategy apart from the more cautious and considered approaches of most other nations. Attackers linked to China have vacuumed up personally identifiable information on US and European citizens, stolen […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.