Daily NCSC-FI news followup 2020-12-14

Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät?

www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita.

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security. also: github.com/fireeye/sunburst_countermeasures. also:

cyber.dhs.gov/ed/21-01/

Customer Guidance on Recent Nation-State Cyber Attacks

msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/ This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor. As we wrote in that blog, while these elements aren’t present in every attack, this is a summary of techniques that are part of the toolkit of this actor.

SEC filings: SolarWinds says 18, 000 customers were impacted by recent hack

www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ In SEC documents filed today, SolarWinds said it notified 33, 000 customers of its recent hack, but that only 18, 000 used a trojanized version of its Orion platform. also:

krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/

USA:n kauppa- ja valtionvarainministeriön sähköposteja on hakkeroitu viranomaiset epäilevät mittavaksi kuvaillusta hyökkäyksestä venäläisiä

yle.fi/uutiset/3-11695612 also:

www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html. also: forbes.com/sites/thomasbrewster/2020/12/14/dhs-doj-and-dod-are-all-customers-of-solarwinds-orion-the-source-of-the-huge-us-government-hack/

Googlen verkkopalvelujen laajat katkokset näyttävät korjaantuneen Asiantuntija: Tunnin katkos tuottaa jo isoja taloudellisia menetyksiä

yle.fi/uutiset/3-11696364 Google kertoi automaattisella tilapäivityssivullaan iltapäivällä neljän aikaan, eli noin kahden tunnin kuluttua vikojen ilmenemisestä, että Gmail-sähköpostisovellus toimii suurimmalla osalla käyttäjistä jälleen normaalisti. Google ei ole kertonut laajan vikatilan syitä. Sanomalehti The Guardianin(siirryt toiseen palveluun) mukaan ongelmat liittyivät tunnistautumiseen. Ne palvelut, jotka vaativat kirjautumista, kuten sähköposti ja Googlen kalenteri, lakkasivat toimimasta kokonaan.

Uusi kysely: Yhä useampi yritys on joutunut rikoksen kohteeksi

www.kauppalehti.fi/uutiset/uusi-kysely-yha-useampi-yritys-on-joutunut-rikoksen-kohteeksi/bf9af8d1-8473-41e7-9c7d-6c014fba786b Helsingin seudun kauppakamarin kyselyn mukaan yritysvakoilu ja tiedon urkinta on aiempaa yleisempää. Kolme vuotta sitten vain kahdeksan prosenttia yrityksistä kertoi havainneensa kyseistä toimintaa. Nyt pelkästään teollisuusyrityksistä 21 prosenttia raportoi vakoilusta ja urkinnasta.

Yritykset kärsivät verkkorikollisuudesta selvästi useammin Suomessa kuin muualla Euroopassa

yle.fi/uutiset/3-11695621 Lähimmät vertailumaat Ruotsi ja Tanska ovat kirineet tietoturva-asioissa Suomen edelle liki kaikilla mittareilla.

Israeli Spy Tech Firm Says It Can Break Into Signal App Previously Considered Safe From Hacking

www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581 Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources

Israel’s supply chain targeted in massive cyberattack

www.calcalistech.com/ctech/articles/0, A hack into the servers of software company Amital Data led to an attack on some 40 of its clients, including some of the country’s largest in the logistics and importing sectors

Microsoft Office 365 Credentials Under Attack By Fax Alert’ Emails

threatpost.com/microsoft-office-365-credentials-attack-fax/162232/ Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

thehackernews.com/2020/12/sorel-20m-huge-dataset-of-20-million.html Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.

PyMICROPSIA: New Information-Stealing Trojan from AridViper

unit42.paloaltonetworks.com/pymicropsia/ Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets. We have named this new malware family PyMICROPSIA because it is built with Python.

Hunting the Hunters: How We Identified Navalny’s FSB Stalkers

www.bellingcat.com/resources/2020/12/14/navalny-fsb-methodology/ […] How did we find all of this information, and how did we verify the information? We’ll detail our investigative methodologies here, with some discussion on Russian data markets, cross-referencing data to be sure of its veracity, and other topics. also:

www.bellingcat.com/news/uk-and-europe/2020/12/14/fsb-team-of-chemical-weapon-experts-implicated-in-alexey-navalny-novichok-poisoning/

You might be interested in …

Daily NCSC-FI news followup 2019-07-19

Security Lessons From a New Programming Language www.darkreading.com/application-security/security-lessons-from-a-new-programming-language/d/d-id/1335300?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process. It’s never good when ‘Magecart’ and ‘bulletproof’ appear in the same sentence, but here we are www.theregister.co.uk/2019/07/18/magecart_ukraine_hosting/ Researchers with security shop Malwarebytes […]

Read More

Daily NCSC-FI news followup 2019-12-29

UK Government exposes addresses of new year honours recipients www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients More than 1,000 celebrities, government employees and politicians recognized in the U.K.’s traditional New Year’s Honours list this year “have had their home and work addresses posted on a government website.” IoT vendor Wyze confirms server leak www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/ Wyze, a company that sells smart devices […]

Read More

Daily NCSC-FI news followup 2019-10-13

Ruotsi aikoo sulkea kiinalaisen Huawein 5g-verkkojensa ulkopuolelle, kertoo SVT “Paniikkireaktio”, sanoo suomalaisprofessori yle.fi/uutiset/3-11018309 Huippunopeisiin 5g-verkkoihin nojaavat tulevaisuudessa monet yhteiskunnan elintärkeät palvelut, ja siksi niiden turvallisuus on noussut keskusteluun. Uusi merkki kertoo, että tuotteen tietoturva on kunnossa www.tivi.fi/uutiset/tv/d387512b-1d9d-4822-a8a9-d6981f62eb47 Kodin älylaitteet ovat saamassa Kyberturvallisuuskeskukselta oman merkinnän, joka kertoisi laitteen perustietoturvan olevan kunnossa. Planting tiny spy chips in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.