Daily NCSC-FI news followup 2021-07-15

Brand Phishing Report Q2 2021: Microsoft Continues Reign

blog.checkpoint.com/2021/07/15/brand-phishing-report-q2-2021-microsoft-continues-reign/ Our latest Brand Phishing Report for Q2 2021 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals personal information or payment credentials during April, May and June 2021. In a quarter that saw Microsoft warn of a new Russian Nobelium phishing campaign, the technology giant was again the brand most frequently targeted by cybercriminals, as it was in both Q1 2021 and Q4 2020. Forty-five percent of all brand phishing attempts were related to Microsoft in Q2 (up six points from Q1). Shipping company, DHL, maintained its position as the second most impersonated brand, with 26% of all phishing attempts related to it, as criminals continue to take advantage of the growing reliance on online shopping.

Verifiable design in modern systems

security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html The way we design and build software is continually evolving. Just as we now think of security as something we build into software from the start, we are also increasingly looking for new ways to minimize trust in that software. One of the ways we can do that is by designing software so that you can get cryptographic certainty of what the software has done. In this post, we’ll introduce the concept of verifiable data structures that help us get this cryptographic certainty. We’ll describe some existing and new applications of verifiable data structures, and provide some additional resources we have created to help you use them in your own applications.

How to avoid falling victim to support scams on Twitter

www.kaspersky.com/blog/brand-scams-on-twitter/40615/ Scammers pretend to represent brands on Twitter and lure customers onto phishing websites. Heres how to avoid it. On the internet nobody knows if youre a dog. Scammers on Twitter rely on that and frequently try tricking users into believing that they represent a vendors tech support and then exfiltrate financial information from them.

Ransomwares Russia problem

blog.malwarebytes.com/malwarebytes-news/2021/07/ransomwares-russia-problem/ Last week, US news outlet NBC News caused a stir with an article proclaiming that the REvil ransomware used in the recent, colossal Kaseya supply-chain attack was written to avoid computers that use Russian.. The attack, one of the largest and most dramatic ransomware attacks in history, happened at a time when the Biden administration was escalating its rhetoric over Russian cyber-activity. To the uninitiated, and the NBC headline writer, it looked like a new revelation. Readers were invited to join the geopolitical dots.

The Code Red worm 20 years on what have we learned?

nakedsecurity.sophos.com/2021/07/15/the-code-red-worm-20-years-on-what-have-we-learned/ Theres a famous and very catchy song that starts, It was 20 years ago today. In the song, of course, Sergeant Pepper was busily teaching his band to play a band, as the song assures us, that was guaranteed to raise a smile. But can you remember where you were and what you were doing 20 years ago, if youre old enough to have well-formed memories of that period?. If you were in IT or cybersecurity 20 years ago this week, the answer to that question is almost certainly a big fat Yes.

Threats to the 2020 Tokyo Olympic Games

www.recordedfuture.com/threats-2020-tokyo-olympic-games/ The Olympic Games are a target-rich environment, drawing athletes from more than 200 nations, worldwide media coverage, and thousands of spectators. The high profile and international nature of the event make the Olympics a target for those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation on the international stage. Past Olympics have seen the targeting of the Olympics organization and its partners, such as the World Anti-Doping Agency, from a variety of threat actors.

Microsoft’s print nightmare continues with malicious driver packages

www.bleepingcomputer.com/news/microsoft/microsofts-print-nightmare-continues-with-malicious-driver-packages/ Microsoft’s print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. Yesterday, security researcher and Mimikatz creator Benjamin Delpy said he found a way to abuse Windows’ normal method of installing printer drivers to gain local SYSTEM privileges through malicious printer drivers. This technique can be used even if admins applied Microsoft’s recommended mitigations of restricting printer driver installation to admins and disabling Point and Print.

New StopRansomware.gov website The U.S. Governments One-Stop Location to Stop Ransomware

us-cert.cisa.gov/ncas/current-activity/2021/07/15/new-stopransomwaregov-website-us-governments-one-stop-location The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.

June 2021 Cyber Attacks Statistics

www.hackmageddon.com/2021/07/15/june-2021-cyber-attacks-statistics/ Yesterday I have published the Cyber Attacks Timelines of June (part I and part II), so now I can finally publish the statistics. In June I have collected 211 significant events, an increase compared to the 211 of May. Unsurprisingly, cyber crime leads the Motivations chart with 85.8% (a slightly lower than May when it was 88.7%.) Similarly, malware continues to lead the Attack Techniques chart, but its value drops to 40.8% from 48.6% in May).. I wont stress enough the concept that the real value could be even higher since some malware-based attacks are filed as Unknown as the victims do not disclose enough information.

Rewards for Justice Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure

www.state.gov/rewards-for-justice-reward-offer-for-information-on-foreign-malicious-cyber-activity-against-u-s-critical-infrastructure/ The U.S. Department of States Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure . in violation of the Computer Fraud and Abuse Act (CFAA)

DragonForce Malaysia #OpsBedil

www.radware.com/security/ddos-threats-attacks/dragonforce-malaysia-opsbedil #OpsBedil is a hacktivist operation currently targeting several verticals and government agencies in the Middle East. It is the latest digital campaign to target the region and is being conducted by threat actors in Southeast Asia, specifically Malaysia and Indonesia. Attacks performed under #OpsBedil are considered a political response to the Israeli ambassador to Singapore stating in June that Israel is ready to work towards establishing ties with Southeast Asias Muslim-majority nations. Malaysia, which is over 60% Muslim and supports Palestine, has a significant presence of hacktivist and Palestinian militants.

Facebook disrupts Iranian group targeting US defense and aerospace sectors

therecord.media/facebook-disrupts-iranian-group-targeting-us-defense-and-aerospace-sectors/ Facebook said today it disrupted and took down accounts on its platform that were being used by an Iranian cyber-espionage network to go after employees working at US defense and aerospace companies. In a press call today, executives from the Facebook security team said the group operated by registering accounts on Facebook for fake personas. These fictitious personas had profiles across multiple social media platforms to make them appear more credible, said Mike Dvilyanski, Head of Cyber Espionage Investigations, and David Agranovich, Director, Threat Disruption at Facebook.. Also:

www.wired.com/story/facebook-iran-espionage-catfishing-us-military/

USPS Phishing Using Telegram to Collect Data

isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Phishing… at least they don’t understand security any better than most kids. The latest example is a simple USPS phish. The lure is an email claiming that a package can not be delivered until I care to update my address. Urgency… and obvious action. They learned something in their phishing 101 class.

Phishing continues to be one of the easiest paths for ransomware

www.zdnet.com/article/phishing-continues-to-be-one-of-the-easiest-paths-for-ransomware-report/ Ransomware gangs are still using phishing as one of the main ways to attack an organization, according to a new survey from Cloudian featuring the insights of 200 IT decision-makers who experienced a ransomware attack over the last two years. More than half of all respondents have held anti-phishing training among employees, and 49% had perimeter defenses in place when they were attacked.

Finanssiala varoittaa Älä mene verkkopankkiin hakukoneella

www.kauppalehti.fi/uutiset/finanssiala-varoittaa-ala-mene-verkkopankkiin-hakukoneella/b70e4e0e-8838-44f4-b477-b42b08f2b999 Huijarit ovat saaneet ujutettua Googlen ja Bingin kaltaisiin hakukoneisiin omia mainoksiaan, jotka ponnahtavat kärkeen, jos pyrkii haun avulla verkkopankkiin, varoittaa Finanssiala ry tiedotteessaan. Pankeista neuvotaan, että verkkopankkiin tulee aina kirjautua hakukoneen sijaan selaimen osoitekentän kautta. Verkkopankin kirjautumissivun voi myös tallentaa selaimen kirjanmerkkeihin.

For years, a backdoor in popular KiwiSDR product gave root to project developer

arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/ KiwiSDR is hardware that uses a software-defined radio to monitor transmissions in a local area and stream them over the Internet. A largely hobbyist base of users do all kinds of cool things with the playing-card-sized devices. For instance, a user in Manhattan could connect one to the Internet so that people in Madrid, Spain, or Sydney, Australia, could listen to AM radio broadcasts, CB radio conversations, or even watch lightning storms in Manhattan.. On Wednesday, users learned that for years, their devices had been equipped with a backdoor that allowed the KiwiSDR creatorand possibly othersto log in to their devices with administrative system rights.

SuomiAreenassa kyberturvallisuudesta 5G-aikana: Meillä kaikilla on vastuumme

www.huoltovarmuuskeskus.fi/a/suomiareenassa-kyberturvallisuudesta-5g-aikana Monen elämä muuttui digitaaliseksi, kun korona esti kasvokkaiset tapaamiset ja työ siirtyi pois toimistolta. Ilman toimivia yhteyksiä sukulaisten kuulumiset olisivat jääneet kuulematta ja työpalaverit hankaloituneet. Digitaalisuus on arkea, joten myös siihen liittyvästä turvallisuudesta on jokaisen pidettävä jatkuvasti huolta. Huijaukset ja kalastelut sekä haittaohjelmat ovat tärkeimpiä kyberuhkia, joihin tavalliset ihmiset törmäävät joko töissä tai vapaa-ajalla. Tavoitteena on saada ihminen lataamaan jokin haitallinen linkki tai antamaan tietoja, joiden avulla voidaan saada rahaa tai tietoa, josta voi koitua ongelmia käyttäjälle.

TSA Pipeline Security Guideline Update

www.dragos.com/blog/industry-news/tsa-pipeline-security-guideline-update/ n the United States, CISA identifies 16 critical infrastructure sectors considered vital to our economy and way of life. Energy is one of the critical sectors and is quite literally the lifeline that every other sector depends on. The energy sector is made up of the electric and oil and natural gas subsectors. While the electric subsector has for over a decade had minimum mandatory cybersecurity requirements, there have been understandable challenges in implementing similar standards for the oil and natural gas subsector.

Linux version of HelloKitty ransomware targets VMware ESXi servers

www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/ The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware’s ESXi virtual machine platform for maximum damage. As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors that target these servers. VMware ESXi is one of the most popular enterprise virtual machine platforms. Over the past year, there has been an increasing number of ransomware gangs releasing Linux encryptors targeting this platform.

Hooking Candiru – Another Mercenary Spyware Vendor Comes into Focus

citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. Using Internet scanning we identified more than 750 websites linked to Candirus spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities. We identified a politically active victim in Western Europe and recovered a copy of Candirus Windows spyware.

You might be interested in …

Daily NCSC-FI news followup 2019-06-23

U.S. Carried Out Cyberattacks on Iran www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation. The intrusion occurred the same day President Trump called off a strike on […]

Read More

Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known […]

Read More

Daily NCSC-FI news followup 2020-12-19

Tietoturva NYT! – SolarWinds Orion Platformin takaovi mahdollisti vakoilun ja tietomurtoja www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/solarwinds-orion-platformin-takaovi-mahdollisti-vakoilun-ja-tietomurtoja SolarWinds Orion Platform -hallintatyökaluun lisätty takaovi on merkittävä tietoturvatapaus. Tietomurron ja vakoilun mahdollistanut takaovi onnistuttiin levittämään tuhansiin organisaatioihin. Työkalun haavoittuvaa versiota käyttävien organisaatioiden pyydetään olemaan yhteydessä Kyberturvallisuuskeskukseen. Lue myös: yle.fi/uutiset/3-11707606 Google OAuth incident – 14.12.2020 status.cloud.google.com/incident/zall/20013 On Monday 14 December, 2020, for a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.