Daily NCSC-FI news followup 2021-04-30

DarkPath scam group loses 134 domains impersonating the WHO

therecord.media/darkpath-scam-group-loses-134-domains-impersonating-the-who/ United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath. Group-IB told The Record that after notifying the UN’s International Computing Centre, they worked with “a wide network of regulators and service suppliers domain name registrars, hosting providers, associations, including FIRST, TRUSTED Introducer, APWG, Scamadviser and many others” to take down the 134 sites.

Brazil’s Rio Grande do Sul court system hit by REvil ransomware

www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/ Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee’s files and forced the courts to shut down their network. BleepingComputer was told that the REVil ransomware operation demanded a $5, 000, 000 ransom to decrypt files and not leak data.

Babuk ransomware readies ‘shut down’ post, plans to open source malware

www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ Whenever the Babuk ransomware gang decides to call it quits, at least under the Babuk name, they would “do something like Open Source Ransomware-as-a-Service (RaaS), everyone can make their own product based on our product and finish with the rest of the RaaS.”

Ransomware is now a national security risk. This group thinks it knows how to defeat it

www.zdnet.com/article/ransomware-is-now-a-national-security-risk-this-group-thinks-it-knows-how-to-defeat-it/ A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe. Some solutions focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly.

You might be interested in …

Daily NCSC-FI news followup 2020-12-07

KRP: Tässä ovat Vastaamo-kiristyksen päätutkintalinjat www.is.fi/digitoday/tietoturva/art-2000007666543.html Keskusrikospoliisi käy yhä läpi valtavia datamääriä, joista etsitään Vastaamo-kiristäjän jättämiä jälkiä. KRP saa edelleen arvokkaita vihjeitä yleisöltä. Tutkintalinjoja on useita, ja niiden määrä vaihtelee uusien löydösten myötä. Päätutkintalinjat ovat itse tietomurron ja kiristäjän yhteys sekä Vastaamon kiristäjän ja yksittäisten uhrien kiristäjän yhteys. Vapaaehtoiset tietoturva-asiantuntijat, valkohattuhakkerit sekä monet yritykset ovat […]

Read More

Daily NCSC-FI news followup 2020-11-21

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems arxiv.org/pdf/2011.09642.pdf Integrated GPUs share some resources with the CPU and as a result, there is a potential for microarchitectural attacks from the GPU to the CPU or vice versa. We believe this type of attack, crossing the component boundary (GPU to CPU or vice versa) is […]

Read More

Daily NCSC-FI news followup 2021-06-23

Suomalaiset menettäneet 13, 5 miljoonaa huijareille lue poliisin ohjeet www.is.fi/digitoday/tietoturva/art-2000008078041.html Verkkohuijarit ovat vieneet suomalaisilta tänä vuonna 13, 5 miljoonaa euroa, joista lähes 5 miljoonaa pankkihuijauksin. Huawei sai kylmää vettä niskaan Ruotsissa – Ericsson pelkää kostoa www.tivi.fi/uutiset/tv/a3301f54-967e-482f-addf-6f3698eda710 Ruotsin turvallisuuspoliisin esittämät uhkakuvat vakuuttivat hallinto-oikeuden Huawein muodostamasta riskistä. MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.