Daily NCSC-FI news followup 2021-04-30

DarkPath scam group loses 134 domains impersonating the WHO

therecord.media/darkpath-scam-group-loses-134-domains-impersonating-the-who/ United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath. Group-IB told The Record that after notifying the UN’s International Computing Centre, they worked with “a wide network of regulators and service suppliers domain name registrars, hosting providers, associations, including FIRST, TRUSTED Introducer, APWG, Scamadviser and many others” to take down the 134 sites.

Brazil’s Rio Grande do Sul court system hit by REvil ransomware

www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/ Brazil’s Tribunal de Justi├ža do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee’s files and forced the courts to shut down their network. BleepingComputer was told that the REVil ransomware operation demanded a $5, 000, 000 ransom to decrypt files and not leak data.

Babuk ransomware readies ‘shut down’ post, plans to open source malware

www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ Whenever the Babuk ransomware gang decides to call it quits, at least under the Babuk name, they would “do something like Open Source Ransomware-as-a-Service (RaaS), everyone can make their own product based on our product and finish with the rest of the RaaS.”

Ransomware is now a national security risk. This group thinks it knows how to defeat it

www.zdnet.com/article/ransomware-is-now-a-national-security-risk-this-group-thinks-it-knows-how-to-defeat-it/ A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe. Some solutions focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly.

You might be interested in …

Daily NCSC-FI news followup 2020-11-22

Manchester United Shuts Down Systems To Fend Off A Sophisticated Cyber Attack www.forbes.com/sites/leemathews/2020/11/21/manchester-united-shuts-down-systems-to-fend-off-a-sophisticated-cyber-attack/?sh=2759d59b4b60 Its not often that you find cybersecurity headlines on sports websites, but you will this weekend. Manchester United, the third most valuable soccer team in the world, announced yesterday that its network had been breached by hackers.

Read More

Daily NCSC-FI news followup 2020-05-06

COVID-19: Cloud Threat Landscape unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/ Unit 42 researchers analyzed 1.2 million newly registered domain (NRD) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86, 600+ domains are classified as “risky” or “malicious”, spread across various regions, as shown in Figure 1. The United States has […]

Read More

Daily NCSC-FI news followup 2020-01-06

The Hidden Cost of Ransomware: Wholesale Password Theft krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Moral of the story: Companies that experience a ransomware attack or for that matter any type of equally invasive malware infestation should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.