Daily NCSC-FI news followup 2021-06-02

Ransomware: What board members should know and what they should be asking their technical experts

www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards. This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.

Ransomware attack disrupts Massachusetts ferries

therecord.media/ransomware-attack-disrupts-massachusetts-ferries/ A ransomware attack has caused delays and disruptions at Steamship Authority, the largest ferry service in Massachusetts, and has disrupted ferry transports between mainland US and the Martha’s Vineyard and Nantucket islands. The attack took place earlier today, according to a series of tweets posted on the company’s official Twitter account.

FUJIFILM shuts down network after suspected ransomware attack

www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/ FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack’s spread. “Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021, ” Advanced Intel CEO Vitali Kremez told BleepingComputer. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”

Babuk ransomware gang says it’s no longer interested in encrypting data, would rather kidnap it instead

hotforsecurity.bitdefender.com/blog/babuk-ransomware-gang-says-its-no-longer-interested-in-encrypting-data-would-rather-kidnap-it-instead-25910.html In the early days of ransomware things were fairly simple: malware would infect your company’s infrastructure, encrypting your valuable data with a secret key that was only known to your attackers. But in recent years there have been more and more ransomware attacks which have been combined with the exfiltration of data, prior to its encryption. If criminal hackers have a copy of your data you don’t have the “get-out-of-jail-free” card of a secure backup to play. Because your extortionists can also threaten to publish your data online regardless of whether you have successfully recovered your systems, potentially damaging your brand and relationships with customers and business partners.

Breaking down NOBELIUM’s latest early-stage toolset

www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/ NOBELIUM is an actor that operates with rapid operational tempo, often leveraging temporary infrastructure, payloads, and methods to obfuscate their activities. Despite growing community visibility since the exposure of the SolarWinds attack in late 2020, NOBELIUM has continued to target government and diplomatic entities across the globe. We anticipate that as these operations progress, NOBELIUM will continue to mature their tools and tactics to target a global audience. Each of the NOBELIUM tools discussed in this blog is designed for flexibility, enabling the actor to adapt to operational challenges over time.

Uyghurs, a Turkic ethnic minority in China, targeted via fake foundations

research.checkpoint.com/2021/uyghurs-a-Turkic-ethnic-minority-in-china-targeted-via-fake-foundations/ During the past year, Check Point Research (CPR), in cooperation with Kaspersky’s GReAT, have been tracking an ongoing attack targeting a small group of Uyghur individuals located in Xinjiang and Pakistan. In this report, Check Point Research (CPR) examine the flow of both infection vectors and provide our analysis of the malicious artifacts we came across during this investigation, even though we were unable to obtain the later stages of the infection chain.

Routers prove weak point in remote-work strategy

www.kaspersky.com/blog/rsa2021-hijacked-router/40117/ Home and SOHO routers are often insecure, but companies can protect themselves from attacks through remote workers’ home routers.

Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals

therecord.media/zerodium-acquiring-zero-days-in-pidgin-an-im-client-popular-with-cybercriminals/ Exploit broker Zerodium announced plans today to pay up to $100, 000 for zero-days in Pidgin, a multi-protocol instant messaging desktop client and a popular IM tool used in cybercriminal circles. The company, which buys exploits from security researchers and sells them to government and law enforcement agencies, said it would buy Pidgin zero-days at the higher $100, 000 price for the next three months, until August 2021, in what the company described as a temporary bug acquisition drive.

You might be interested in …

Daily NCSC-FI news followup 2021-03-04

Selecting a Protective DNS Service media.defense.gov/2021/Mar/03/2002593055/-1/-1/0/CSI_PROTECTIVE%20DNS_UOO117652-21.PDF Due to the centrality of DNS for cybersecurity, the Department of Defense (DoD) included DNS filtering as a requirement in its Cybersecurity Maturity Model Certification (CMMC) standard (SC.3.192). Three Top Russian Cybercrime Forums Hacked krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/ Over the past few weeks, three of the longest running and most venerated Russian-language […]

Read More

Daily NCSC-FI news followup 2020-03-09

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn. threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/ Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.. see also www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys ENTSO-E: cyber intrusion on its office […]

Read More

Daily NCSC-FI news followup 2019-07-03

Facebook says its working to resolve outages across Instagram, WhatsApp, and Messenger www.theverge.com/2019/7/3/20681050/facebook-picture-stories-outage-instagram-whatsapp-messenger Facebook has had problems loading images, videos, and other data across its apps today, leaving some people unable to load photos in the Facebook News Feed, view stories on Instagram, or send messages in WhatsApp. Facebook says it is aware of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.