Daily NCSC-FI news followup 2021-08-19

Health authorities in 40 countries targeted by COVID19 vaccine scammers

www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/ INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines. The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries.

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

www.databreachtoday.co.uk/does-abandoning-embassy-in-kabul-pose-cybersecurity-risks-a-17309 It’s unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was in place, some security experts say. “Realistically, any cybersecurity impacts from the rapid evacuation are minimal to nonexistent, ” says Jake Williams, a former member of the U.S. National Security Agency’s elite hacking team and co-founder and CTO at BreachQuest. “However, this is only because of lots of planning and practice with equipment and document destruction. Even if the situation on the ground moved faster than anticipated, these facilities would have prioritized lists of what to destroy first.”

Trend-spotting email techniques: How modern phishing emails hide in plain sight

www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/ This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight these techniques based on their observed impact to organizations, their relevance to active email campaigns, and because they are intentionally designed to be difficult to detect.

Dogged Persistence – The Name of the Game for One DDoS Attacker

blogs.akamai.com/2021/08/dogged-persistence-the-name-of-the-game-for-one-ddos-attacker.html DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out. Every now and then, however, we do see extreme examples of DDoS attacker persistence. This was the case starting late last month (July 2021). What made this particular series of DDoS events notable is not only the determination, but also the attack vector sizes targeting multiple IPs across several of the customer’s subnets.

Cobalt Strike: Detect this Persistent Threat

www.intezer.com/blog/malware-analysis/cobalt-strike-detect-this-persistent-threat/ This blog explains Cobalt Strike and practical steps to take if you believe that you are being targeted by Cobalt Strike or already compromised. We will demonstrate some real world examples of Cobalt Strike delivery and steps to detect each.

Wanted: Disgruntled Employees to Deploy Ransomware

krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/ Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action

www.zdnet.com/article/ransomware-this-amateur-attack-shows-how-clueless-criminals-are-trying-to-get-in-on-the-action/ Researchers dissect an email from an attacker asking people to help install ransomware on their company’s network for a cut of the profit. But while this campaign isn’t very successful, it shows how appealing ransomware has become.

US Census Bureau hacked in January 2020 using Citrix exploit

www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/ US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. “The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks, ” the OIG said.

Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers

www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/ In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. “The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process.” The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates. Additionally, Cisco says that its Product Security Incident Response Team (PSIRT) is not aware of any public proof-of-concept exploits for this zero-day or any threat actors exploiting the bug in the wild.

New Google Chrome Security Warning: 7 Serious Flaws Confirmed

www.forbes.com/sites/daveywinder/2021/08/19/new-google-chrome-security-warning-7-serious-flaws-confirmed/ Google has confirmed a whole new bunch of alarmingly serious security vulnerabilities in Chrome 92, just two weeks after the last batch of flaws was fixed. To the best of my knowledge, and having asked around the cybersecurity community, there is no evidence of in-the-wild exploitation of any of these vulnerabilities.

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html Cisco Talos recently observed a new set of campaigns targeting Latin American countries. These campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT.

You might be interested in …

Daily NCSC-FI news followup 2019-09-16

Undersøgelsesrapport: Statsstøttet hackergruppe forsøger at kompromittere netværksudstyr fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/undersoegelsesrapport-hackergruppe-forsoeger-kompromittere-netvaerksudstyr.aspx En statsstøttet aktør har forsøgt at gennemføre flere angreb på udvalgte danske myndigheder med henblik på spionage. CFCS udsendte den 18. april 2018 et offentligt varsel i forbindelse med hændelserne, og CFCS arbejdede efterfølgende videre og håndterede sagerne i samarbejde med relevante myndigheder.. [PDF] fe-ddis.dk/cfcs/publikationer/Documents/Undersoegelsesrapport-kompromittering-netvaerksudstyr.pdf Exclusive: Russia […]

Read More

Daily NCSC-FI news followup 2020-06-15

AWS Hit With a Record 2.3 Tbps DDoS Attack www.cbronline.com/news/record-ddos-attack-aws AWS says it was hit with a record DDoS attack of 2.3 Tbps earlier this year, with the (unsuccessful) attempt to knock cloud services offline continuing for three days in February. To put the scale of the attempt in context, it is nearly double the […]

Read More

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.