Daily NCSC-FI news followup 2021-09-11

The Week in Ransomware – September 10th 2021 – REvil returns

www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-10th-2021-revil-returns/ This week marked the return of the notorious REvil ransomware group, who disappeared in July after conducting a massive attack using a Kaseya zero-day vulnerability. Their July attack affected over 1, 500 businesses and drew the full attention of international law enforcement and the White House, who demanded that Russia do something about these attacks. Soon after, REvil shut down all of its servers and mysteriously disappeared. That is until this week when REvil’s servers started back up, and a new sample of their ransomware was spotted on VirusTotal.

Top Steps for Ransomware Recovery and Preparation

threatpost.com/top-steps-ransomware-recovery-preparation/169378/ When it comes to ransomware attacks, it’s no longer a question of if or even when, but how often. A business falls victim to a ransomware attack every 11 seconds, making ransomware the fastest-growing type of cybercrime. Businesses today need to not only think about strategies to prevent ransomware, but how to protect and recover their data should they fall victim to an attack. After all, it’s not just your data that goes down it’s your entire business. The attack on the Scottish Environment Protection Agency (SEPA) is one of many examples of the importance of a proper backup and recovery strategy. SEPA had more than 4, 000 digital files stolen by hackers. Though it had backup systems in place, the agency has been unable to recover all of its data sets. It could take years for it to fully recover. But recovering from a ransomware attack doesn’t have to be so uncertain, nor such a laborious process. With the right strategies in place, businesses can quickly and safely recover from a ransomware attack and get back up and running without significant downtime. Outlined below are the key steps businesses should keep in mind.

Bail services affected in South Africa after ransomware attack

therecord.media/bail-services-affected-in-south-africa-after-ransomware-attack/ A ransomware attack has taken down several IT services for the Department of Justice and Constitutional Development of South Africa, including systems handling the department’s emails and national bail services. The incident took place on the evening of September 6, this past Monday, the department said in a public statement. “This has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public, ” DOJCD officials finally revealed on Thursday, after days of keeping citizens in the dark about a prolonged outage. “As a result, all electronic services provided by the Department are affected, including, issuing of letters of authority, bail services, email, and the departmental website, ” officials added.

New Dridex Variant Being Spread By Crafted Excel Document

www.fortinet.com/blog/threat-research/new-dridex-variant-being-spread-by-crafted-excel-document Dridex is a Trojan malware, also known as Bugat or Cridex, which is capable of stealing sensitive information from infected machines and delivering and executing malicious modules (dll). FortiGuard Labs recently captured new phishing email campaigns in the wild that included a specially crafted Excel document attachment. FortiGuard Labs did a deep research on one of them and discovered that once the malicious Excel document is opened on a victim’s machine, it downloads a new variant of Dridex. In this analysis, FortiGuard Labs will elaborate how the Excel document downloads Dridex, how this version of Dridex runs on a victim’s device, what sensitive information it collects, and how it delivers malicious modules (dll).

Fujitsu confirms stolen data not connected to cyberattack on its systems

www.zdnet.com/article/fujitsu-confirms-stolen-data-marketed-on-dark-web-not-connected-to-cyberattack-on-its-systems/ Criminal marketplace Marketo claimed to have 4GB of data from Fujitsu last month and began marketing it widely. At the time, Fujitsu said it was investigating a potential breach and told ZDNet that “details of the source of this information, including whether it comes from our systems or environment, are unknown.”. Marketo claimed to have confidential customer information, company data, budget data, reports and other company documents, including project information. But now both sides have confirmed that the data stolen is not connected to Fujitsu and is instead related to one of the company’s partners in Japan. Fujitsu spokesperson Andrew Kane sent an update to ZDNet confirming that an investigation revealed the stolen data was not from their systems and he noted that even Marketo has since changed how they are marketing the stolen data.

WhatsApp to offer end-to-end encrypted backups in iCloud, Google Drive with user-managed keys

www.theregister.com/2021/09/11/whatsapp_cloud_encryption/ Facebook’s WhatsApp on Friday said users will soon be able to store end-to-end (E2E) encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key. The move makes encryption-enforced message privacy typically rather complicated more viable for consumer-oriented messaging services, if you take for granted the technical integrity of WhatsApp’s encryption and the company’s claims about its privacy practices.

Apple iOS 15: Stunning New iPhone Privacy Features Coming Next Week

www.forbes.com/sites/kateoflahertyuk/2021/09/11/apple-ios-15-stunning-new-iphone-privacy-features-coming-next-week/ Apple’s iOS 15 is finally here. Well nearlyas it’s now been confirmed that the iPhone 13 launch is on September 14. If we go by previous Apple releases, that means the new iOS 15 operating system will probably start to roll out to iPhones on September 15. With the launch of iOS 15 just days away, there is a bunch of stuff to get excited about, not least the stunning new iPhone privacy features that will hurt the likes of Facebook. Over the last few weeks, Apple’s controversial new CSAM features had put a bit of a black cloud over iPhone privacy, but now these have been delayed. Apple’s iOS 14 really doubled down on iPhone privacy, particularly with the launch of App Tracking Transparency, which has impacted data hungry tech giants such as Google and Facebook by making tracking on your iPhone opt in only. The new iPhone operating system, iOS 15, will build on this further with a privacy dashboard which shows which permissions you have given apps and how often they have accessed them (for example, your camera). You can then revoke these if you like. In a later iOS 15 version, this dashboard will include the apps tracking you too.

New York State fixes vulnerability in COVID-19 passport app that allowed storage of fake vaccine credentials

www.zdnet.com/article/new-york-state-fixes-vulnerability-in-covid-19-passport-app-that-allowed-storage-of-fake-vaccine-credentials/ New York state has fixed an issue with the Excelsior Pass Wallet that allows users to acquire and store COVID-19 vaccine credentials. The issue — discovered by researchers at the NCC Group — allows someone “to create and store fake vaccine credentials in their NYS Excelsior Pass Wallet that might allow them to gain access to physical spaces (such as businesses and event venues) where they would not be allowed without a vaccine credential, even when they have not received a COVID-19 vaccine.”. The researchers found that the application did not validate vaccine credentials added to it, allowing forged credentials to be stored by users. A patch solving the issue was released on August 20.

You might be interested in …

Daily NCSC-FI news followup 2021-06-18

Ransomware Actors Evolved Their Operations in 2020 www.crowdstrike.com/blog/ransomware-actors-evolved-operations-in-2020/ The year 2020 was marked by the trend continuing at an accelerated rate. The advancements by eCrime actors include refinement and application of high-pressure extortion tactics on victim organizations and the sharing or copying of new techniques among different ransomware groups, in addition to a marked increase […]

Read More

Daily NCSC-FI news followup 2021-03-20

Office 365 Phishing Attack Targets Financial Execs threatpost.com/office-365-phishing-attack-financial-execs/164925/ Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. Also: www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/ Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10 arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/ As if the mass-exploitation of Exchange servers wasn’t enough, now there’s BIG-IP. Last week, F5 disclosed and patched […]

Read More

[NCSC-FI News] Google SMTP relay service abused for sending phishing emails

Phishing actors abuse Google’s SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.