Daily NCSC-FI news followup 2020-12-14

Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät?

www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita.

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security. also: github.com/fireeye/sunburst_countermeasures. also:


Customer Guidance on Recent Nation-State Cyber Attacks

msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/ This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor. As we wrote in that blog, while these elements aren’t present in every attack, this is a summary of techniques that are part of the toolkit of this actor.

SEC filings: SolarWinds says 18, 000 customers were impacted by recent hack

www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ In SEC documents filed today, SolarWinds said it notified 33, 000 customers of its recent hack, but that only 18, 000 used a trojanized version of its Orion platform. also:


USA:n kauppa- ja valtionvarainministeriön sähköposteja on hakkeroitu viranomaiset epäilevät mittavaksi kuvaillusta hyökkäyksestä venäläisiä

yle.fi/uutiset/3-11695612 also:

www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html. also: forbes.com/sites/thomasbrewster/2020/12/14/dhs-doj-and-dod-are-all-customers-of-solarwinds-orion-the-source-of-the-huge-us-government-hack/

Googlen verkkopalvelujen laajat katkokset näyttävät korjaantuneen Asiantuntija: Tunnin katkos tuottaa jo isoja taloudellisia menetyksiä

yle.fi/uutiset/3-11696364 Google kertoi automaattisella tilapäivityssivullaan iltapäivällä neljän aikaan, eli noin kahden tunnin kuluttua vikojen ilmenemisestä, että Gmail-sähköpostisovellus toimii suurimmalla osalla käyttäjistä jälleen normaalisti. Google ei ole kertonut laajan vikatilan syitä. Sanomalehti The Guardianin(siirryt toiseen palveluun) mukaan ongelmat liittyivät tunnistautumiseen. Ne palvelut, jotka vaativat kirjautumista, kuten sähköposti ja Googlen kalenteri, lakkasivat toimimasta kokonaan.

Uusi kysely: Yhä useampi yritys on joutunut rikoksen kohteeksi

www.kauppalehti.fi/uutiset/uusi-kysely-yha-useampi-yritys-on-joutunut-rikoksen-kohteeksi/bf9af8d1-8473-41e7-9c7d-6c014fba786b Helsingin seudun kauppakamarin kyselyn mukaan yritysvakoilu ja tiedon urkinta on aiempaa yleisempää. Kolme vuotta sitten vain kahdeksan prosenttia yrityksistä kertoi havainneensa kyseistä toimintaa. Nyt pelkästään teollisuusyrityksistä 21 prosenttia raportoi vakoilusta ja urkinnasta.

Yritykset kärsivät verkkorikollisuudesta selvästi useammin Suomessa kuin muualla Euroopassa

yle.fi/uutiset/3-11695621 Lähimmät vertailumaat Ruotsi ja Tanska ovat kirineet tietoturva-asioissa Suomen edelle liki kaikilla mittareilla.

Israeli Spy Tech Firm Says It Can Break Into Signal App Previously Considered Safe From Hacking

www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581 Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources

Israel’s supply chain targeted in massive cyberattack

www.calcalistech.com/ctech/articles/0, A hack into the servers of software company Amital Data led to an attack on some 40 of its clients, including some of the country’s largest in the logistics and importing sectors

Microsoft Office 365 Credentials Under Attack By Fax Alert’ Emails

threatpost.com/microsoft-office-365-credentials-attack-fax/162232/ Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

thehackernews.com/2020/12/sorel-20m-huge-dataset-of-20-million.html Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.

PyMICROPSIA: New Information-Stealing Trojan from AridViper

unit42.paloaltonetworks.com/pymicropsia/ Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets. We have named this new malware family PyMICROPSIA because it is built with Python.

Hunting the Hunters: How We Identified Navalny’s FSB Stalkers

www.bellingcat.com/resources/2020/12/14/navalny-fsb-methodology/ […] How did we find all of this information, and how did we verify the information? We’ll detail our investigative methodologies here, with some discussion on Russian data markets, cross-referencing data to be sure of its veracity, and other topics. also:


You might be interested in …

Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi: chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi: www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/ DNS cache poisoning, the Internet […]

Read More

Daily NCSC-FI news followup 2020-07-02

Connection discovered between Chinese hacker group APT15 and defense contractor www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/ Lookout said it linked APT15 malware to Xi’an Tianhe Defense Technology, a Chinese defense contractor. In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense […]

Read More

Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.