Daily NCSC-FI news followup 2020-12-25

SUNBURST Additional Technical Details

www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently tracking as UNC2452.

CrowdStrike releases free Azure security tool after failed hack

www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/ Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company’s emails through compromised by Microsoft Azure credentials.. see also

thehackernews.com/2020/12/microsoft-warns-crowdstrike-of-hackers.html

CISA Releases Free Detection Tool for Azure/M365 Environment

us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.. The tool: github.com/cisagov/Sparrow

Russian crypto-exchange Livecoin hacked after it lost control of its servers

www.zdnet.com/article/russian-crypto-exchange-livecoin-hacked-after-it-lost-control-of-its-servers/ Hackers gained access to the Livecoin portal and modified exchange rates to 10-15 times their normal values.

Microsoft, Citrix Help Form New Task Force To Take On Global Ransomware Scourge

www.forbes.com/sites/leemathews/2020/12/24/microsoft-citrix-help-form-new-task-force-to-take-on-global-ransomware-scourge/ Ransomware has plagued computer networks around the world for more than a decade and a half. For many, an attack can seem inevitable a matter of when and not if. The Ransomware Task Force has formed to change all that.

Daily NCSC-FI news followup 2019-08-04

Extortion Emails on the Rise: A Look at The Different Types www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ No matter the theme of an extortion scam, their goal is all the same. To scare you into thinking the attackers have information or video about you so that you make a bitcoin payment to avoid the information from being released.. Below we […]

Daily NCSC-FI news followup 2021-05-30

Attacks On Healthcare Sector Are On The Rise www.forbes.com/sites/davidbalaban/2021/05/30/attacks-on-healthcare-sector-are-on-the-rise/ According to Bitglass, a US-based provider of threat protection services, the number of reported healthcare breaches reached 599 in 2020, a 55.1% spike compared to 2019. Hacking and IT incidents accounted for the vast majority of these incidents, exposing personally identifiable information of more than 24 […]

Daily NCSC-FI news followup 2021-05-28

APT29: Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ The campaign’s phishing e-mails purported to originate from the USAID government agency and contained a malicious link that resulted in an ISO file being delivered. This file contained a malicious LNK file, a malicious DLL file, and a legitimate lure referencing foreign threats to […]