Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi:


Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja parantamaan tietosuojaa

yle.fi/uutiset/3-11638974 Liikenne- ja viestintäministeriö (LVM) on asettanut työryhmän, jonka tehtävänä on kartoittaa yhteiskunnan toiminnan kannalta keskeisten toimialojen tietoturvaa, ministeriö kertoo tiedotteessaan.

Compal, the second-largest laptop manufacturer in the world, hit by ransomware – Compal factories build laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu

www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/ Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal employees with Yahoo Taiwan reporters. Lisäksi:


Le malware-as-a-service Emotet

www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-010/ Observé pour la première fois en 2014 en tant que cheval de Troie bancaire, Emotet a évolué vers une structure modulaire à partir de 2015. Depuis 2017, Emotet distribue, au sein des systèmes d’information qu’il infecte, des codes malveillants opérés par des groupes d’attaquants cybercriminels clients de TA542.

Active Directory Attacks – Red It Out

packetstormsecurity.com/files/159968/red-it-out.pdf This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network.

RDP and the remote desktop

blogs.cisco.com/security/rdp-and-the-remote-desktop There are two sides to the shift to remote work. On one side, you need to ensure that your people have access to equipment that will allow them to perform their day-to-day tasks. On the other, there needs to be a way to connect back to company resources that will help workers complete those tasks.

Fake Microsoft Teams updates lead to Cobalt Strike deployment

www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. The attacks target organizations in various industries, but recent ones focused on the education sector (K-12), which depends on videoconferencing solutions due to Covid-19 restrictions.

Ghimob: a Tétrade threat actor moves to infect mobile devices

securelist.com/ghimob-tetrade-threat-mobile-devices/99228/ Ghimob is a full-fledged spy in your pocket: once infection is completed, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their antifraud behavioral systems.

Ultimate Member Plugin for WordPress Allows Site Takeover

threatpost.com/ultimate-member-plugin-wordpress-site-takeover/161053/ A WordPress plugin installed on more than 100, 000 sites has three critical security bugs that each allow privilege escalation and potentially full control over a target WordPress site.

Microsoft Exchange Attack Exposes New xHunt Backdoors

threatpost.com/microsoft-exchange-attack-xhunt-backdoors/161041/ Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait

Insecure APIs a Growing Risk for Organizations

www.darkreading.com/application-security/insecure-apis-a-growing-risk-for-organizations/d/d-id/1339402 Security models for application programming interfaces haven’t kept pace with requirements of a non-perimeter world, Forrester says.

Ransomware hits e-commerce platform X-Cart

www.zdnet.com/article/ransomware-hits-e-commerce-platform-x-cart E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform.

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

unit42.paloaltonetworks.com/xhunt-campaign-backdoors/ The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait.

You might be interested in …

Daily NCSC-FI news followup 2020-12-25

SUNBURST Additional Technical Details www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated […]

Read More

Daily NCSC-FI news followup 2019-11-05

Ransomware freezes govt IT in Canadian territory of Nunavut, drops citizens right Inuit www.theregister.co.uk/2019/11/04/ransomware_freezes_nunavut_canada/ A malware infection has crippled the IT operations in the remote Canadian territory of Nunavut. An alert from the provincial government on Monday says that “all government services requiring access to electronic information” are being impacted by what they describe as […]

Read More

Daily NCSC-FI news followup 2021-01-21

Digitaalinen turvallisuus 2030 -ohjelma kehittää yhteiskunnan kyberhäiriöiden sietokykyä www.huoltovarmuuskeskus.fi/digitaalinen-turvallisuus-2030-ohjelma-kehittaa-yhteiskunnan-kyberhairioiden-sietokykya/ Huoltovarmuuskeskus käynnistää laajan ohjelmakokonaisuuden, jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä vastaan. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa, yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä tulevaisuuden ilmiöiden ennakointi. Ohjelma on osa Suomen kansallisen kyberturvallisuusstrategian toteutusta. Ransomware is now the biggest […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.