Daily NCSC-FI news followup 2020-12-14

Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät?

www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita.

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security. also: github.com/fireeye/sunburst_countermeasures. also:


Customer Guidance on Recent Nation-State Cyber Attacks

msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/ This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor. As we wrote in that blog, while these elements aren’t present in every attack, this is a summary of techniques that are part of the toolkit of this actor.

SEC filings: SolarWinds says 18, 000 customers were impacted by recent hack

www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ In SEC documents filed today, SolarWinds said it notified 33, 000 customers of its recent hack, but that only 18, 000 used a trojanized version of its Orion platform. also:


USA:n kauppa- ja valtionvarainministeriön sähköposteja on hakkeroitu viranomaiset epäilevät mittavaksi kuvaillusta hyökkäyksestä venäläisiä

yle.fi/uutiset/3-11695612 also:

www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html. also: forbes.com/sites/thomasbrewster/2020/12/14/dhs-doj-and-dod-are-all-customers-of-solarwinds-orion-the-source-of-the-huge-us-government-hack/

Googlen verkkopalvelujen laajat katkokset näyttävät korjaantuneen Asiantuntija: Tunnin katkos tuottaa jo isoja taloudellisia menetyksiä

yle.fi/uutiset/3-11696364 Google kertoi automaattisella tilapäivityssivullaan iltapäivällä neljän aikaan, eli noin kahden tunnin kuluttua vikojen ilmenemisestä, että Gmail-sähköpostisovellus toimii suurimmalla osalla käyttäjistä jälleen normaalisti. Google ei ole kertonut laajan vikatilan syitä. Sanomalehti The Guardianin(siirryt toiseen palveluun) mukaan ongelmat liittyivät tunnistautumiseen. Ne palvelut, jotka vaativat kirjautumista, kuten sähköposti ja Googlen kalenteri, lakkasivat toimimasta kokonaan.

Uusi kysely: Yhä useampi yritys on joutunut rikoksen kohteeksi

www.kauppalehti.fi/uutiset/uusi-kysely-yha-useampi-yritys-on-joutunut-rikoksen-kohteeksi/bf9af8d1-8473-41e7-9c7d-6c014fba786b Helsingin seudun kauppakamarin kyselyn mukaan yritysvakoilu ja tiedon urkinta on aiempaa yleisempää. Kolme vuotta sitten vain kahdeksan prosenttia yrityksistä kertoi havainneensa kyseistä toimintaa. Nyt pelkästään teollisuusyrityksistä 21 prosenttia raportoi vakoilusta ja urkinnasta.

Yritykset kärsivät verkkorikollisuudesta selvästi useammin Suomessa kuin muualla Euroopassa

yle.fi/uutiset/3-11695621 Lähimmät vertailumaat Ruotsi ja Tanska ovat kirineet tietoturva-asioissa Suomen edelle liki kaikilla mittareilla.

Israeli Spy Tech Firm Says It Can Break Into Signal App Previously Considered Safe From Hacking

www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581 Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources

Israel’s supply chain targeted in massive cyberattack

www.calcalistech.com/ctech/articles/0, A hack into the servers of software company Amital Data led to an attack on some 40 of its clients, including some of the country’s largest in the logistics and importing sectors

Microsoft Office 365 Credentials Under Attack By Fax Alert’ Emails

threatpost.com/microsoft-office-365-credentials-attack-fax/162232/ Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

thehackernews.com/2020/12/sorel-20m-huge-dataset-of-20-million.html Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.

PyMICROPSIA: New Information-Stealing Trojan from AridViper

unit42.paloaltonetworks.com/pymicropsia/ Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets. We have named this new malware family PyMICROPSIA because it is built with Python.

Hunting the Hunters: How We Identified Navalny’s FSB Stalkers

www.bellingcat.com/resources/2020/12/14/navalny-fsb-methodology/ […] How did we find all of this information, and how did we verify the information? We’ll detail our investigative methodologies here, with some discussion on Russian data markets, cross-referencing data to be sure of its veracity, and other topics. also:


You might be interested in …

Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi: www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/ Recently fixed Windows zero-day actively exploited since mid-2020 www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ […]

Read More

Daily NCSC-FI news followup 2021-06-30

Public Windows PrintNightmare 0-day exploit allows domain takeover www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ Another vulnerability, CVE-2021-1675 also regarding Print Spooler, was fixed in the Microsoft June update. Researchers from Chinese security company Sangfor, decided to release their writeup and demo exploit called PrintNightmareand believed to release information about the same issue. As it turns out PrintNightmare is not the […]

Read More

Daily NCSC-FI news followup 2020-03-02

Active Scans for Apache Tomcat Ghostcat Vulnerability Detected, Patch Now www.bleepingcomputer.com/news/security/active-scans-for-apache-tomcat-ghostcat-vulnerability-detected-patch-now/ Ongoing scans for Apache Tomcat servers unpatched against the Ghostcat vulnerability that allows potential attackers to take over servers have been detected over the weekend.. As cyber threat intelligence firm Bad Packets said on Saturday, “mass scanning activity targeting this vulnerability has already begun. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.