Daily NCSC-FI news followup 2021-06-25

Clop gang partners laundered $500 Million in ransomware payments

thehackernews.com/2021/06/clop-gang-members-laundered-500-million.html The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. While the bust was seen as a major blow to the operations of the Clop gang, the hackers published earlier this week a fresh batch of confidential employee records stolen from a previously unknown victim on their dark web portal, raising the possibility that the arrested suspects may have been affiliates who play a lesser role in the operations.

Using VMs to hide ransomware attacks is becoming more popular

therecord.media/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular/ In early 2020, security researchers were baffled to discover that a ransomware gang had come up with an innovative trick that allowed it to run its payload inside virtual machines on infected hosts as a technical solution that bypassed security software.

Microsoft signed a malicious Netfilter rootkit

www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP.

The Ghosts of Mirai

www.fortinet.com/blog/threat-research/the-ghosts-of-mirai It has been almost five years since the source code of the notorious MIRAI IoT malware was released to the public by its author in late 2016. This event led to the emergence of numerous copycats, creating their own flavors of IoT botnet armies. Although improvements have been constantly added since then by various threat actors, the structure and goal of the campaigns have remained the same.

Mercedes-Benz data breach exposes SSNs, credit card numbers

www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/ The data breach exposed credit card information, social security numbers, and driver license numbers of under 1, 000 Mercedes-Benz customers and potential buyers.

Gaming industry under siege from cyberattacks during pandemic

www.welivesecurity.com/2021/06/24/gaming-industry-under-siege-cyberattacks-pandemic/ During the COVID-19 pandemic, the gaming industry has seen greater growth in cyberattacks than any other industry, according to content delivery network (CDN) provider Akamai. Web application attacks against gaming companies rose by 340 percent between 2019 and 2020 and by as much as 415 percent between 2018 and 2020.

Zyxel firewalls and VPNs under active cyberattack

thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html Zyxel is warning customers of an ongoing attack targeting a “small subset” of its security products such as firewall and VPN servers.

Cisco ASA Bug Now Actively Exploited

threatpost.com/cisco-asa-bug-exploited-poc/167274/ In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

Windows 11 won’t work without a TPM

www.bleepingcomputer.com/news/microsoft/windows-11-wont-work-without-a-tpm-what-you-need-to-know/ Today, Microsoft announced the system requirements to upgrade or install Windows 11 and included a new PC Health Check tool that you can use to check if your hardware is compatible with Windows 11. With Windows 11, Microsoft has brought security to the forefront by requiring a TPM to be installed.

AWS Has Acquired Encrypted Messaging Service Wickr

techcrunch.com/2021/06/25/aws-is-buying-encrypted-messaging-service-wickr/ Amazon’s cloud services giant Amazon Web Services (AWS) is getting into the encrypted messaging business. The company has just announced that it has acquired secure communications service Wickr a messaging app that has geared itself towards providing services to government and military groups and enterprises. It claims to be the only “collaboration service” that meets security criteria set out by the NSA.

Pankkien nimissä huijattu tänä vuonna jo 5 miljoonaa euroa

www.kauppalehti.fi/uutiset/pankkien-nimissa-huijattu-tana-vuonna-jo-5-miljoonaa-euroa-poliisi-neuvoo-miten-huijauksen-voi-havaita/0f063943-7527-4616-b454-355f471c583e Poliisi varoittaa nousevasta rikosilmiöstä, jossa rikolliset kalastelevat verkkopankkitunnuksia pankkien verkkosivuja muistuttavien valesivustojen avulla. Verkkopankilta näyttäville valesivustoille päätyy useimmiten joko pankin nimissä saapuneen teksti- tai sähköpostiviestin kautta tai verkon hakukoneen hakutuloksista.

You might be interested in …

Daily NCSC-FI news followup 2020-08-02

Telstra DNS falls over after denial of service attack www.zdnet.com/article/telstra-dns-falls-over-after-denial-of-service-attack/ Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack. The attack kicked off some time before 10:30am on the Australian east coast. Some of our Domain Name […]

Read More

Daily NCSC-FI news followup 2019-08-05

– From State-Sponsored Attackers to Common Cybercriminals: Destructive Attacks on the Rise securityintelligence.com/posts/from-state-sponsored-attackers-to-common-cybercriminals-destructive-attacks-on-the-rise/ Destructive attacks have left their mark over the past few years, wiping data and rendering millions of enterprise devices inoperable at companies around the world. A new report today from IBM X-Force Incident Response and Intelligence Services (IRIS) shows that these attacks […]

Read More

Daily NCSC-FI news followup 2019-10-18

KRP epäilee: Rikosliiga hankki suomalaisia henkilötunnuksia ja pankkitilejä kuin liukuhihnalta kansainvälisessä petossarjassa yle.fi/uutiset/3-11026054 KRP:n mukaan asianomistajille aiheutuneet vahingot ovat olleet tutkittavassa kokonaisuudessa yhteensä noin 725 000 euroa. APT trends report Q3 2019 securelist.com/apt-trends-report-q3-2019/94530/ UK government has revealed it is working with chip-maker Arm on a £36m initiative to make more secure processors. www.infosecurity-magazine.com/news/uk-government-announces/ See also […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.