Daily NCSC-FI news followup 2021-06-21

The Lazarus heist: How North Korea almost pulled off a billion-dollar hack

www.bbc.com/news/stories-57520169 In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and came within an inch of success – it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world’s poorest and most isolated countries train a team of elite cyber-criminals?

Statesponsored or financially motivated: Is there any difference anymore?

www.welivesecurity.com/2021/06/21/state-sponsored-financially-motivated-is-there-any-difference-anymore/ Governments have always conducted offensive cyber-operations. But over the past few years, campaigns have seemed to grow in audacity and volume. The headlines scream about “state-sponsored” or “nation state” raids targeting everything from critical infrastructure to complex supply chains. But peer closer and the lines between these and traditional cybercrime are increasingly blurred. What does this mean for the future of the threat landscape and the growing impact of cybercrime on global organizations? Without some kind of geopolitical consensus, it’s going to get a lot tougher to stop those criminal groups effectively being sheltered by nation states.

Hit by a ransomware attack? Your payment may be deductible

apnews.com/article/technology-business-government-and-politics-d8c1e9958ad1e89eab83f44e6ca70a94 As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible.

Most organizations would pay in the event of a ransomware attack

www.helpnetsecurity.com/2021/06/21/pay-ransomware-attack/ Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research from Harris Interactive. When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.

New Australian bill would force companies to disclose ransomware payments

therecord.media/new-australian-bill-would-force-companies-to-disclose-ransomware-payments/ Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang.

Cyber security needs continuous development

impulssilvm.fi/2021/06/21/cyber-security-needs-continuous-development/ The need to improve cyber security has been constantly highlighted by increasingly frequent cyber security disruptions. In response to the need for improvement, the Government has now provided guidance for the development of cyber security in its recent Government Resolution. The cyber security development programme steers the long-term cyber security development on a concrete level across industry boundaries. Its aim is to bring the cyber security skills of companies and citizens to a good level and to produce a strong pool of Finnish cyber security specialists.

EU court rules in Telenet copyright case: ISPs can be forced to hand over some customer data use details

www.theregister.com/2021/06/21/court_of_justice_telenet_bittorrent_ruling/ Europe’s top court has ruled ISPs can be forced to hand over the details of customers who are alleged to have downloaded material illegally online – but only if they meet certain criteria. In its preliminary finding published last week, the CJEU found that customer details can be handed over as long as it is done in a way that is “justified, proportionate and not abusive.”

ADATA suffers 700 GB data leak in Ragnar Locker ransomware attack

www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/ The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA.

Agent Tesla RAT Returns in COVID-19 Vax Phish

threatpost.com/agent-tesla-covid-vax-phish/167082/ The Agent Tesla remote access trojan (RAT) is scurrying around the internet again, this time arriving via a phishing campaign that uses a COVID-19 vaccination schedule as a lure. Spotted by researchers at the Bitdefender Antispam Lab, the attackers are targeting Windows machines using emails with malicious attachments. The body of the mails take a business-email approach and ask recipients to review an “issue” with vaccination registration.

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

thehackernews.com/2021/06/droidmorph-shows-popular-android.html A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. “Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by signature based detectors, ” the researchers said. “This attack of clones seriously threatens all the mobile platforms, especially Android.”

Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature

thehackernews.com/2021/06/beware-connecting-to-this-wireless.html A wireless network naming bug has been discovered in Apple’s iOS operating system that effectively disables an iPhone’s ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone’s Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name “%p%s%s%s%s%n” even after rebooting the phone or changing the network’s name (i.e., service set identifier or SSID). also:


How “HackMachine” Enables Fraud and Cyber Intrusions

geminiadvisory.io/how-hackmachine-enables-fraud/ The cybercriminal software “HackMachine” provides attackers with a simple-to-use and automated method of gaining access to web applications. Attackers can load target victim domains into the software, whereupon the software scans the sites for known vulnerabilities, collects administrator and user login credentials through multiple types of brute-force attacks, and verifies the validity of the credentials.

You might be interested in …

Daily NCSC-FI news followup 2019-12-18

MPY:n runkoverkkoon iski vakava häiriö ja suuri osa tietoliikenneyhteyksistä meni poikki “Liian pitkä katkos, palaverin paikka” lansi-savo.fi/uutiset/lahella/412aad43-f61a-4456-a342-9e98bd254d16 MPY tiedotti iltapäivällä vakavasta häiriöstä runkoverkossaan ja kertoi suuren osan yhteyksistä olevan poikki. Yhteys korjaantui seitsemän jälkeen illalla. . Myyntijohtaja Juha Putkonen kertoo, että asia havaittiin kahden maissa iltapäivällä eli katkos kesti noin viisi tuntia.. Myös: blogi.mpy.fi/kuluttajat/hairiotiedotteet/vakava-hairio-mpyn-runkoverkossa-suuri-osa-yhteyksista-poikki Seven […]

Read More

Daily NCSC-FI news followup 2021-06-18

Ransomware Actors Evolved Their Operations in 2020 www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/ The year 2020 was marked by the trend continuing at an accelerated rate. The advancements by eCrime actors include refinement and application of high-pressure extortion tactics on victim organizations and the sharing or copying of new techniques among different ransomware groups, in addition to a marked increase […]

Read More

Daily NCSC-FI news followup 2021-05-31

NSA spied on European politicians through Danish telecommunications hub therecord.media/nsa-spied-on-european-politicians-through-danish-telecommunications-hub/ Denmark’s foreign secret service allowed the US National Security Agency to tap into a crucial internet and telecommunications hub in Denmark and spy on the communications of European politicians, a joint investigation by some of Europe’s biggest news agencies revealed on Sunday. The covert spying […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.