Daily NCSC-FI news followup 2020-11-27

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy “dozens of digitally signed variants” of the Bandook Windows Trojan over the past year, thus once again “reigniting interest in this old malware family.”. Report:


TurkeyBombing Puts New Twist on Zoom Abuse

threatpost.com/turkeybombing-zoom-abuse/161646/ Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack, cybersecurity experts warn, victims are targeted with a Zoom-related and Thanksgiving-specific hook reminiscent to ZoomBoming call it TurkeyBombing. On Thursday, a security researcher warned that a major phishing campaign kicked off over the Thanksgiving long weekend and is aimed at stealing Microsoft credentials. Attackers have already successfully pried credentials out of thousands of users, according to the researcher who goes by the handle TheAnalyst.

A hacker is selling access to the email accounts of hundreds of C-level executives

www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/ A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions.

Toinenkin sveitsiläinen kryptausyhtiö toimi CIA:n piikkiin poliitikot vaativat tutkintaa

www.is.fi/digitoday/tietoturva/art-2000007647892.html SVEITSISSÄ jo toinen viestinsalauslaitteita valmistanut yritys on paljastunut ulkomaisten tiedustelupalveluiden laskuun toimineeksi Troijan hevoseksi. Tapaus on erityisen nolo Sveitsille, joka on ollut julkisesti erityisen tarkka puolueettomuudestaan. Helmikuussa Sveitsin yleisradio SRF, Washington Postin ja Saksan julkisen palvelun tv-kanava ZDF paljastivat yhteisessä jutussaan, että kryptauslaitteita vuosikymmenien ajan yli sataan maahan myynyt Crypto AG -yritys oli oikeasti Yhdysvaltain ja Saksan tiedustelupalveluiden omistama.

Exclusive: Suspected North Korean hackers targeted COVID vaccine maker AstraZeneca – sources

www.reuters.com/article/healthcare-coronavirus-astrazeneca-north/exclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSL8N2IC2QU Suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca in recent weeks, two people with knowledge of the matter told Reuters, as the company races to deploy its vaccine for the COVID-19 virus. The hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers, the sources said. They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victims computer.

Canon publicly confirms August ransomware attack, data theft

www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/ Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers. BleepingComputer was the first to report the attack after tracking a suspicious outage on the cloud photo and video storage service (image.canon) that caused users to lose files.

The Emerging Ransomware-As-A-Service Economy

www.forbes.com/sites/robertvamosi/2020/11/27/the-emerging-ransomware-as-a-service-economy/ Perhaps it’s not surprising that supply and demand affect online criminal enterprises. The more stolen credit cards and social security numbers that you monetize on the criminal underground forums, the lower the value of that data. That trend has been clear in recent years. “That is not the case with ransomware,” Jason Rivera, Director, Strategic Threat Advisory Group at CrowdStrike, explained. “With ransomware, it is the exact opposite. The more ransomware attacks that occur, the more they succeed, the more the victims pay, other ransomware operators are like, ‘Oh yeah, I can do that too? How would I get into this game?'”

UK infoseccer launches petition asking government not to backdoor encryption

www.theregister.com/2020/11/27/encryption_backdoor_petition/ A UK infosec bod has launched a petition asking the government if it would please drop its plans to install backdoors in end-to-end encryption. Application security specialist Sean Wright’s Parliamentary petition comes as an expression of uneasiness at long-signalled plans for British state agencies to sidestep encryption and enable snooping on private citizens’ online conversations at will.. The so-called “ghost user” proposal, the latest incarnation of which was dreamt up by folk from eavesdropping agency GCHQ, prompted an international backlash last year from luminaries such as Bruce Schneier and Richard Stallman.

Our first time arranging a CTF competition

medium.com/ouspg/crim-2020-ctf-dca8a4bd99b9 This year we held an entry-level CTF (capture the flag) event as a part of the workshops at CriM 2020. CriM is an annual event with workshops and lectures that focuses on security and privacy of digital systems. In CTF, players compete against each other by solving different kinds of challenges, usually related to computer security. This was our first time arranging a CTF competition.

Networking equipment vendor Belden discloses data breach

www.zdnet.com/article/networking-equipment-vendor-belden-discloses-data-breach/ American networking equipment vendor Belden said it was hacked in a press release published earlier this week. Belden says the security breach took place after hackers gained access to a limited number of its file servers.. The intrusion was detected after the company’s IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well as limited company information regarding some business partners.

Office 365 phishing abuses Oracle and Amazon cloud services

www.bleepingcomputer.com/news/security/office-365-phishing-abuses-oracle-and-amazon-cloud-services/ A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. The campaign has been active for more than half a year and uses a network of legitimate websites that have been compromised to work as a proxy chain.

You might be interested in …

Daily NCSC-FI news followup 2020-08-20

Emotet palasi kesälomalta ja on jälleen aktiivinen Miten pienennät riskiä ympäristössäsi? blog.f-secure.com/fi/emotet-palasi-kesalomalta-ja-on-jalleen-aktiivinen-miten-pienennat-riskia-ymparistossasi/ Emotet-haittaohjelma on jälleen aktivoitunut rauhallisemman kevään ja kesän jälkeen. Vuodesta 2014 toiminut troijalainen on ollut vaihtelevasti tauolla, mutta jälleen on havaittavissa poikkeuksellisen voimakasta toimintaa.. Kyberturvallisuuskeskus varoitti 18.8.2020 organisaatioita haittaohjelman poikkeuksellisen aktiivisesta leviämisestä suomalaisten organisaatioiden keskuudessa ja uhka on luokiteltu tällä hetkellä vakavaksi Microsoft […]

Read More

Daily NCSC-FI news followup 2020-07-13

The NCSC-UK’s Exercise in a Box tool set has been updated to help organisations keep their employees safe while working from home www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/ The ‘Home and Remote Working’ exercise has been added to the NCSC-UK’s Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyber attacks by […]

Read More

Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.