Daily NCSC-FI news followup 2021-06-18

Ransomware Actors Evolved Their Operations in 2020

www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/ The year 2020 was marked by the trend continuing at an accelerated rate. The advancements by eCrime actors include refinement and application of high-pressure extortion tactics on victim organizations and the sharing or copying of new techniques among different ransomware groups, in addition to a marked increase in the number of ransomware variants. These advancements all but ensure that ransomware will remain a popular method for eCrime actors to monetize breaches in the foreseeable future.

A deep dive into the operations of the LockBit ransomware group

www.zdnet.com/article/a-deep-dive-into-the-operations-of-the-lockbit-ransomware-group/ Researchers have provided an in-depth look at how LockBit, one of the newer ransomware groups on the scene, operates. report PDF:


What’s Making Your Company a Ransomware Sitting Duck

threatpost.com/ransomware-sitting-duck/167040/ What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

5 essential things to do before ransomware strikes

www.welivesecurity.com/2021/06/18/5-essential-things-do-before-ransomware-strikes/ By failing to prepare you are preparing to fail here’s what you can do today to minimize the impact of a potential ransomware attack in the future

Poland says recent attacks on local politicians originated from Russia

therecord.media/poland-says-recent-attacks-on-local-politicians-originated-from-russia/ The Polish government said that a recent wave of cyberattacks that have targeted the email accounts of local political figures originated from Russia. “The analysis of our services and the special services of our allies allows for a clear statement that the cyber attack was carried out from the territory of the Russian Federation, ” Kaczyski said in a press release today. Press release:


Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries

www.recordedfuture.com/redfoxtrot-china-pla-targets-bordering-asian-countries/ RedFoxtrot has been active since at least 2014 and predominantly targets government, defense, and telecommunications sectors across Central Asia, India, and Pakistan, aligning with the likely operational remit of Unit 69010. Of particular note, within the past 6 months, Insikt Group detected RedFoxtrot network intrusions targeting 3 Indian aerospace and defense contractors; major telecommunications providers in Afghanistan, India, Kazakhstan, and Pakistan; and multiple government agencies across the region.

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

thehackernews.com/2021/06/russia-bans-vyprvpn-opera-vpn-services.html Russia’s telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. “In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021, ” the state agency said in a statement.

50, 000 security disasters waiting to happen: The problem of America’s water supplies

www.nbcnews.com/tech/security/50000-security-disasters-waiting-happen-problem-americas-water-supplie-rcna1206 “If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant, ” one cybersecurity consultant said. But of all the country’s critical infrastructure, water might be the most vulnerable to hackers: the hardest in which to guarantee everyone follows basic cybersecurity steps, and the easiest in which to cause major, real-world harm to large numbers of people.

South Korean police arrest computer repairmen who made and distributed ransomware

therecord.media/south-korean-police-arrest-computer-repairmen-who-made-and-distributed-ransomware/ South Korean authorities have filed charges today against nine employees of a local computer repair company for creating and installing ransomware on their customers’ computers.

Fake DarkSide Campaign Targets Energy and Food Sectors

www.trendmicro.com/en_us/research/21/f/fake-darkside-campaign-targets-energy-and-food-sectors.html Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom.

Carnival Cruise Cyber-Torpedoed by Cyberattack

threatpost.com/carnival-cruise-cyberattack/167065/ This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks.

Network Forensics on Azure VMs (Part #2)

isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ In yesterday’s diary, we took a look at two methods that allow to capture network connection information off a potentially compromised virtual machine in Azure. Today, we’ll investigate the most recent addition to the VM monitoring arsenal, namely “Azure Monitor Insights”.

Google Releases New Framework to Prevent Software Supply Chain Attacks

thehackernews.com/2021/06/google-releases-new-framework-to.html As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications.

Poltergeist attack could leave autonomous vehicles blind to obstacles or haunt them with new ones

www.theregister.com/2021/06/18/poltergeist_autonomous_vehicles/ Researchers at the Ubiquitous System Security Lab of Zhejiang University and the University of Michigan’s Security and Privacy Research Group say they’ve found a way to blind autonomous vehicles to obstacles using simple audio signals.

Miljoonat salasanat vuotivat katso, ovatko tietosi mukana

www.iltalehti.fi/tietoturva/a/469b78f0-94d0-4ec2-8ce1-479bc5c95467 Suojattuja pilvipalveluja tarjoava NordLocker kertoo sivuillaan havaitsemastaan mittavasta haittaohjelmakampanjasta. Yhtiön mukaan troijalaishaittaohjelma kaappasi vuosien 2018 ja 2020 välillä käyttäjien tietoja 3, 35 miljoonalta Windows-koneelta.

Data is Wealth: Data Security is Wealth Protection

securityintelligence.com/posts/data-security-wealth-protection/ In 2021 alone, humanity (and a few robots) will create 79 sextillion bytes of data. That’s nearly 10 million times the estimated number of grains of sand on Earth. And those 79 sextillion bytes of data are in addition to all the data we already have. So today, organizations everywhere are not just swimming in data; they are sinking into their own data quicksand.

You might be interested in …

Daily NCSC-FI news followup 2021-12-07

Windows 10 Drive-By RCE Triggered by Default URI Handler threatpost.com/windows-10-rce-url-handler/176830/ According to a report posted Tuesday by Positive Security, the vulnerability is triggered by an argument injection, which is a type of attack that involves tampering with a page’s input parameters. It can enable attackers to see or to modify data via the user interface […]

Read More

Daily NCSC-FI news followup 2020-06-07

Fake ransomware decryptor double-encrypts desperate victims’ files www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/ A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse. New Tekya Ad Fraud Found […]

Read More

Daily NCSC-FI news followup 2020-10-27

Uusi työkalu johdolle kyberuhkien hallintaan www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/uusi-tyokalu-johdolle-kyberuhkien-hallintaan Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen kehittämä Kybermittari auttaa yritysjohtoa saamaan kyberriskit kattavammin hallintaan ja turvaamaan liiketoiminnan jatkuvuuden. DN: Suuri tietomurto ruotsalaiseen turvallisuusalan yritykseen, verkkoon on vuodettu muun muassa pankki­holvien piirustuksia www.hs.fi/ulkomaat/art-2000006700788.html Ruotsalaiseen, kansainvälisesti toimivaan turvallisuusalan yhtiöön on tehty mittava tietomurto, jossa verkkoon on vuodettu esimerkiksi pankkiholvien piirustuksia ja hälytysjärjestelmien […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.