Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät?
www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita.
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security. also: github.com/fireeye/sunburst_countermeasures. also:
Customer Guidance on Recent Nation-State Cyber Attacks
msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/ This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor. As we wrote in that blog, while these elements aren’t present in every attack, this is a summary of techniques that are part of the toolkit of this actor.
SEC filings: SolarWinds says 18, 000 customers were impacted by recent hack
www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ In SEC documents filed today, SolarWinds said it notified 33, 000 customers of its recent hack, but that only 18, 000 used a trojanized version of its Orion platform. also:
krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
USA:n kauppa- ja valtionvarainministeriön sähköposteja on hakkeroitu viranomaiset epäilevät mittavaksi kuvaillusta hyökkäyksestä venäläisiä
yle.fi/uutiset/3-11695612 also:
www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html. also: forbes.com/sites/thomasbrewster/2020/12/14/dhs-doj-and-dod-are-all-customers-of-solarwinds-orion-the-source-of-the-huge-us-government-hack/
Googlen verkkopalvelujen laajat katkokset näyttävät korjaantuneen Asiantuntija: Tunnin katkos tuottaa jo isoja taloudellisia menetyksiä
yle.fi/uutiset/3-11696364 Google kertoi automaattisella tilapäivityssivullaan iltapäivällä neljän aikaan, eli noin kahden tunnin kuluttua vikojen ilmenemisestä, että Gmail-sähköpostisovellus toimii suurimmalla osalla käyttäjistä jälleen normaalisti. Google ei ole kertonut laajan vikatilan syitä. Sanomalehti The Guardianin(siirryt toiseen palveluun) mukaan ongelmat liittyivät tunnistautumiseen. Ne palvelut, jotka vaativat kirjautumista, kuten sähköposti ja Googlen kalenteri, lakkasivat toimimasta kokonaan.
Uusi kysely: Yhä useampi yritys on joutunut rikoksen kohteeksi
www.kauppalehti.fi/uutiset/uusi-kysely-yha-useampi-yritys-on-joutunut-rikoksen-kohteeksi/bf9af8d1-8473-41e7-9c7d-6c014fba786b Helsingin seudun kauppakamarin kyselyn mukaan yritysvakoilu ja tiedon urkinta on aiempaa yleisempää. Kolme vuotta sitten vain kahdeksan prosenttia yrityksistä kertoi havainneensa kyseistä toimintaa. Nyt pelkästään teollisuusyrityksistä 21 prosenttia raportoi vakoilusta ja urkinnasta.
Yritykset kärsivät verkkorikollisuudesta selvästi useammin Suomessa kuin muualla Euroopassa
yle.fi/uutiset/3-11695621 Lähimmät vertailumaat Ruotsi ja Tanska ovat kirineet tietoturva-asioissa Suomen edelle liki kaikilla mittareilla.
Israeli Spy Tech Firm Says It Can Break Into Signal App Previously Considered Safe From Hacking
www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581 Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources
Israel’s supply chain targeted in massive cyberattack
www.calcalistech.com/ctech/articles/0, A hack into the servers of software company Amital Data led to an attack on some 40 of its clients, including some of the country’s largest in the logistics and importing sectors
Microsoft Office 365 Credentials Under Attack By Fax Alert’ Emails
threatpost.com/microsoft-office-365-credentials-attack-fax/162232/ Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.
SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online
thehackernews.com/2020/12/sorel-20m-huge-dataset-of-20-million.html Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response.
PyMICROPSIA: New Information-Stealing Trojan from AridViper
unit42.paloaltonetworks.com/pymicropsia/ Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets. We have named this new malware family PyMICROPSIA because it is built with Python.
Hunting the Hunters: How We Identified Navalny’s FSB Stalkers
www.bellingcat.com/resources/2020/12/14/navalny-fsb-methodology/ […] How did we find all of this information, and how did we verify the information? We’ll detail our investigative methodologies here, with some discussion on Russian data markets, cross-referencing data to be sure of its veracity, and other topics. also: