Daily NCSC-FI news followup 2021-01-09

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel

www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Incident response investigations dont always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an incident involves taking a dive into whatever type of data we are presented with, learning about it, and developing an efficient way to analyze the important evidence.

Hacker used ransomware to lock victims in their IoT chastity belt

www.bleepingcomputer.com/news/security/hacker-used-ransomware-to-lock-victims-in-their-iot-chastity-belt/ The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes. Users of the Bluetooth-controlled Qiui Cellmate chastity device were targets of an attack with this malware last year after security researchers found a vulnerability in the toy that allowed locking it remotely.

Maldoc Strings Analysis

isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/ As I announced in my diary entry “Strings 2021”, I will write some diary entries following a simpler method of malware analysis, namely looking for strings inside malicious files using the strings command. Of course, this simple method will not work for most malware samples, but I still see enough samples for which this method will work. Like this recent malicious Word document. When you analyze this sample with oledump.py, you will find an obfuscated PowerShell command inside the content of the Word document.

Some ransomware gangs are going after top execs to pressure companies into paying

www.zdnet.com/article/some-ransomware-gangs-are-going-after-top-execs-to-pressure-companies-into-paying/ A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain “juicy” information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier this week during a phone call with a company that paid a multi-million dollar ransom to the Clop ransomware gang.

Russias SolarWinds Attack and Software Security

www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses ­primarily through a malicious update of the SolarWinds network management software ­may have slipped under most peoples radar during the holiday season, but its implications are stunning.

You might be interested in …

Daily NCSC-FI news followup 2020-11-16

Verkkorikolliset yrittävät nyt kiristää varastetulla datalla tuplasti Yhä useampi raportoi, ettei tietoja ole palautettu lunnaiden maksun jälkeen www.kauppalehti.fi/uutiset/verkkorikolliset-yrittavat-nyt-kiristaa-varastetulla-datalla-tuplasti-yha-useampi-raportoi-ettei-tietoja-ole-palautettu-lunnaiden-maksun-jalkeen/5d70090b-104d-4950-a751-0… Esimerkiksi Revil-kiristysohjelmaa käyttäneet hakkerit olivat lähestyneet uhreja uudelleen viikkoja sen jälkeen, kun lunnaat oli vastaanotettu. Kun uhri saa lunnaat maksettuaan salausavaimen, sitä ei voida häneltä ottaa pois. Varastettujen tietojen avulla rikolliset sen sijaan voivat palata toiseen maksuun […]

Read More

Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, […]

Read More

Daily NCSC-FI news followup 2021-05-12

The New Ransomware Threat: Triple Extortion blog.checkpoint.com/2021/05/12/the-new-ransomware-threat-triple-extortion/ Global surge in ransomware attacks hits 102% increase this year compared to the beginning of 2020, and shows no sign of slowing down. Number of organizations impacted by ransomware globally has more than doubled in the first half of 2021 compared with 2020. The healthcare and utilities sectors […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.