Daily NCSC-FI news followup 2021-10-14

Analyzing Email Services Abused for Business Email Compromise

www.trendmicro.com/en_us/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html Like a number of online attacks and threats that took advantage of the changing work dynamics, business email compromise (BEC) remains one of the cybercrimes that causes the most financial losses for businesses despite the decrease in number of victims. Our continued monitoring of BEC activities showed a consistent increase in numbers during the year

Google analysed 80 million ransomware samples: Here’s what it found

www.zdnet.com/article/google-analysed-80-million-ransomware-samples-heres-what-it-found/ Google has published a new ransomware report, revealing Israel was far and away the largest submitter of samples during that period. The tech giant commissioned cybersecurity firm VirusTotal to conduct the analysis, which entailed reviewing 80 million ransomware samples from 140 countries. Lisäksi: the report

storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf. Lisäksi:

www.darkreading.com/threat-intelligence/virustotal-shares-data-on-ransomware-activity. Lisäksi:

thehackernews.com/2021/10/virustotal-releases-ransomware-report.html

Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

thehackernews.com/2021/10/google-were-tracking-270-state.html Google’s Threat Analysis Group (TAG) on Thursday said it’s tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50, 000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. Lisäksi:

blog.google/threat-analysis-group/countering-threats-iran/

A Telegram Bot Told Iranian Hackers When They Got a Hit

www.wired.com/story/apt35-iran-hackers-phishing-telegram-bot/ When the Iranian hacking group APT35 wants to know if one of its digital lures has gotten a bite, all it has to do is check Telegram. Whenever someone visits one of the copycat sites they’ve set up, a notification appears in a public channel on the messaging service, detailing the potential victim’s IP address, location, device, browser, and more. It’s not a push notification; it’s a phish notification.

DocuSign phishing campaign targets low-ranking employees

www.bleepingcomputer.com/news/security/docusign-phishing-campaign-targets-low-ranking-employees/ Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level.

Brazilian e-commerce firm Hariexpress leaks 1.75 billion sensitive files

www.zdnet.com/article/brazilian-e-commerce-firm-hariexpress-leaks-1-75-billion-sensitive-files Around 1.75 billion sensitive files were leaked by a Brazilian e-commerce integrator that provides services to some of the country’s largest online shopping websites.

Acer confirms breach of after-sales service systems in India

www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/ Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called “an isolated attack.”

University of Sunderland announces outage following cyberattack

www.bleepingcomputer.com/news/security/university-of-sunderland-announces-outage-following-cyberattack/ IT systems down, attributing the problem to a cyber-attack. The first signs of disruption for the university’s IT systems appeared in Tuesday morning, but remain widely impactful and unresolved.

Microsoft releases Linux version of the Windows Sysmon tool

www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/ Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity.

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

thehackernews.com/2021/10/experts-warn-of-unprotected-prometheus.html A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.

Passengers couldn’t fly after NHS vaccine passport went offline

arstechnica.com/information-technology/2021/10/passengers-couldnt-fly-after-nhs-vaccine-passport-went-offline/ England’s COVID Pass system went offline for hours on Wednesday, causing British travelers to remain stranded at airports. Some passengers couldn’t board their flights, while others suffered delays as both the National Health Service (NHS) website and app experienced issues.

Thieves abused Apple’s enterprise app programs to steal $1.4 million in crypto

appleinsider.com/articles/21/10/14/thieves-abused-apples-enterprise-app-programs-to-steal-14-million-in-crypto A scam circulating for six months has evolved to impact iOS users. The CryptoRom fraud implementation is fairly straight-forward after gaining a victim’s trust through social media or existing data apps, users are fooled into installing a modified version of a cryptocurrency exchange, baited into investing, and then defrauded out of cash.

Varo, Wilman käyttäjä käyttäjien tietoja kalastellaan

www.is.fi/digitoday/tietoturva/art-2000008331529.html Wilman tunnuksia kalastetaan väärennetyn sivun kautta. Järvenpään kaupunki varoittaa vanhempia. Hyökkääjä pyrkii keräämään käyttäjien käyttäjätunnuksia ja salasanoja. Sivusto on verkkorikollisen tekemä.

You might be interested in …

[NCSC-FI News] Germany takes down Hydra, world’s largest darknet market

The servers of Hydra Market, the most prominent Russian darknet platform for selling drugs and money laundering, have been seized by the German police The police were also able to seize 543 bitcoins from the profits of Hydra, which are currently worth a little over $25 million The confiscated money indicate the size of the […]

Read More

Daily NCSC-FI news followup 2021-09-08

Government still gauging impact of Wednesday’s denial-of-service attacks www.stuff.co.nz/business/300402182/government-still-gauging-impact-of-wednesdays-denialofservice-attacks ANZ and Kiwibank appear to have made progress recovering from a cyber attack that made their online services inaccessible for many New Zealanders on Wednesday. AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle www.theregister.com/2021/09/08/att_alien_labs_warns_of/ Now, AT&T’s Alien Labs has shone […]

Read More

Daily NCSC-FI news followup 2019-10-06

HildaCrypt Ransomware Developer Releases Decryption Keys www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ The developer behind the HildaCrypt Ransomware has decided to release the ransomware’s private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.. BleepingComputer had a conversation with the ransomware developer last night and was told […]

Read More