Daily NCSC-FI news followup 2021-03-30

Älä ole hiljaa: 7 syytä, joiden vuoksi verkkorötöksistä kannattaa tehdä rikosilmoitus

www.is.fi/digitoday/tietoturva/art-2000007889042.html Kyberrikokset tulisi ilmoittaa poliisille, uusi Kyberrikollisuus on poliisiasia -opas kertoo. Suuri osa kyberrikoksista jää ilmoittamatta poliisille. Tähän tärkeimmät syyt ovat epäröinti käynnistää prosessi esimerkiksi negatiivisen julkisuuden pelossa, pelko omien virheiden paljastumisesta, sekä hyötyjen ja haittojen punnitseminen, johon kuuluu muun muassa uskomus rikollisen kiinni saamisen epätodennäköisyydestä.

Attack landscape update: Ransomware 2.0, automated recon, and supply chain attacks

blog.f-secure.com/attack-landscape-update-h1-2021/ Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are some of the critical threats facing organizations highlighted in F-Secure’s latest attack landscape update.

Fileless Malware Attacks Surge by 900% and Cryptominers Make a Comeback

www.pandasecurity.com/en/mediacenter/news/internet-security-report-q4-watchguard/ Among its most notable findings, the report reveals that fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019.

PYSA, the ransomware attacking schools

blog.malwarebytes.com/threat-spotlight/2021/03/pysa-the-ransomware-attacking-schools/ The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware.

Whistleblower: Ubiquiti Breach “Catastrophic”

krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ Ubiquiti Inc. – a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

Unfair exchange: ransomware attacks surge globally amid Microsoft Exchange Server vulnerabilities

blog.checkpoint.com/2021/03/30/unfair-exchange-ransomware-attacks-surge-globally-amid-microsoft-exchange-server-vulnerabilities/ Over the past year, hospitals and the healthcare industry have been under tremendous pressure during the COVID-19 pandemic, not only dealing with surges in patient numbers, but also with shameless ransomware attacks. It now seems that criminals are shifting their attention to new targets, because they sense even easier opportunities for their extortion tactics.

Akamai Sees Largest DDoS Extortion Attack Known to Date

www.securityweek.com/akamai-sees-largest-ddos-extortion-attack-known-date Distributed denial of service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent, according to web security services provider Akamai. The most recent extortion attack peaking at more than 800 Gbps and targeting a European gambling company, was the biggest and most complex we’ve seen since the widespread return of extortion attacks that kicked off in mid-August 2020.

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

www.microsoft.com/security/blog/2021/03/30/new-security-signals-study-shows-firmware-attacks-on-the-rise-heres-how-microsoft-is-working-to-help-eliminate-this-entire-class-of-threats/ Recently, Microsoft commissioned a study that showed how attacks against firmware are outpacing investments targeted at stopping them. The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/ In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before.

You might be interested in …

Daily NCSC-FI news followup 2019-06-08

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover threatpost.com/amcrest-critical-security-issues/145507/ Two critical severity bugs have been publicly disclosed that impact Amcrest HDSeries model IPM-721S cameras. Both vulnerabilities open the consumer-grade ($50) Wi-Fi cameras to complete takeover by remote, unauthenticated attackers. Mandar Satam, senior security researcher at Synopsys, found the six security flaws in the IPM-721S […]

Read More

Daily NCSC-FI news followup 2020-05-14

Spam campaign: Netwire RAT via paste.ee and MS Excel to German users www.gdatasoftware.com/blog/netwire-rat-via-pasteee-and-ms-excel G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL. Sodinokibi drops greatest hits collection, and crime is the secret ingredient blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/ […]

Read More

Daily NCSC-FI news followup 2019-11-06

BlueKeep RDP Attacks are Starting Patch CVE-2019-0708 Now www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html Microsoft patched a critical Remote Desktop Services Remote Code Execution Vulnerability this past May, 2019. Identified as CVE-2019-0708, and also known as BlueKeep, this remote code execution vulnerability can be exploited when an unauthenticated attacker connects to a target system using RDP and then sends specially […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.