Daily NCSC-FI news followup 2021-06-21

The Lazarus heist: How North Korea almost pulled off a billion-dollar hack

www.bbc.com/news/stories-57520169 In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and came within an inch of success – it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world’s poorest and most isolated countries train a team of elite cyber-criminals?

Statesponsored or financially motivated: Is there any difference anymore?

www.welivesecurity.com/2021/06/21/state-sponsored-financially-motivated-is-there-any-difference-anymore/ Governments have always conducted offensive cyber-operations. But over the past few years, campaigns have seemed to grow in audacity and volume. The headlines scream about “state-sponsored” or “nation state” raids targeting everything from critical infrastructure to complex supply chains. But peer closer and the lines between these and traditional cybercrime are increasingly blurred. What does this mean for the future of the threat landscape and the growing impact of cybercrime on global organizations? Without some kind of geopolitical consensus, it’s going to get a lot tougher to stop those criminal groups effectively being sheltered by nation states.

Hit by a ransomware attack? Your payment may be deductible

apnews.com/article/technology-business-government-and-politics-d8c1e9958ad1e89eab83f44e6ca70a94 As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible.

Most organizations would pay in the event of a ransomware attack

www.helpnetsecurity.com/2021/06/21/pay-ransomware-attack/ Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research from Harris Interactive. When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.

New Australian bill would force companies to disclose ransomware payments

therecord.media/new-australian-bill-would-force-companies-to-disclose-ransomware-payments/ Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang.

Cyber security needs continuous development

impulssilvm.fi/2021/06/21/cyber-security-needs-continuous-development/ The need to improve cyber security has been constantly highlighted by increasingly frequent cyber security disruptions. In response to the need for improvement, the Government has now provided guidance for the development of cyber security in its recent Government Resolution. The cyber security development programme steers the long-term cyber security development on a concrete level across industry boundaries. Its aim is to bring the cyber security skills of companies and citizens to a good level and to produce a strong pool of Finnish cyber security specialists.

EU court rules in Telenet copyright case: ISPs can be forced to hand over some customer data use details

www.theregister.com/2021/06/21/court_of_justice_telenet_bittorrent_ruling/ Europe’s top court has ruled ISPs can be forced to hand over the details of customers who are alleged to have downloaded material illegally online – but only if they meet certain criteria. In its preliminary finding published last week, the CJEU found that customer details can be handed over as long as it is done in a way that is “justified, proportionate and not abusive.”

ADATA suffers 700 GB data leak in Ragnar Locker ransomware attack

www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/ The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA.

Agent Tesla RAT Returns in COVID-19 Vax Phish

threatpost.com/agent-tesla-covid-vax-phish/167082/ The Agent Tesla remote access trojan (RAT) is scurrying around the internet again, this time arriving via a phishing campaign that uses a COVID-19 vaccination schedule as a lure. Spotted by researchers at the Bitdefender Antispam Lab, the attackers are targeting Windows machines using emails with malicious attachments. The body of the mails take a business-email approach and ask recipients to review an “issue” with vaccination registration.

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

thehackernews.com/2021/06/droidmorph-shows-popular-android.html A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. “Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by signature based detectors, ” the researchers said. “This attack of clones seriously threatens all the mobile platforms, especially Android.”

Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature

thehackernews.com/2021/06/beware-connecting-to-this-wireless.html A wireless network naming bug has been discovered in Apple’s iOS operating system that effectively disables an iPhone’s ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone’s Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name “%p%s%s%s%s%n” even after rebooting the phone or changing the network’s name (i.e., service set identifier or SSID). also:


How “HackMachine” Enables Fraud and Cyber Intrusions

geminiadvisory.io/how-hackmachine-enables-fraud/ The cybercriminal software “HackMachine” provides attackers with a simple-to-use and automated method of gaining access to web applications. Attackers can load target victim domains into the software, whereupon the software scans the sites for known vulnerabilities, collects administrator and user login credentials through multiple types of brute-force attacks, and verifies the validity of the credentials.

You might be interested in …

[NCSC-FI News] The Golden Hour of Incident Response

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and […]

Read More

[NCSC-FI News] LAPSUS$ & OKTA: The Cyber Attacks Continue

Lapsus$, a Portuguese hacking group from Brazil, has recently been linked to cyber attacks on some high-profile targets. The cyber gang is best known for publishing sensitive information stolen from major technology companies and governments. The group has boasted breaking into Nvidia, Samsung, Ubisoft and others How the group managed to breach these targets has […]

Read More

Daily NCSC-FI news followup 2019-08-20

Guccifer Rising? Months-Long Phishing Campaign on ProtonMail Targets Dozens of Russia-Focused Journalists and NGOs www.bellingcat.com/news/uk-and-europe/2019/08/10/guccifer-rising-months-long-phishing-campaign-on-protonmail-targets-dozens-of-russia-focused-journalists-and-ngos/ A sophisticated phishing campaign targeting Bellingcat and other Russia-focused journalists has been much larger in scope than previously thought, and has lasted at least several months. Bellingcat has identified dozens of targeted individuals across Europe and the US, with the […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.