Daily NCSC-FI news followup 2021-10-22

Ransomware: Looking for weaknesses in your own network is key to stopping attacks

www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/ Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place. While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter.

Ransomware: Why do backups fail when you need them most?

blog.malwarebytes.com/malwarebytes-news/2021/10/ransomware-why-do-backups-fail-when-you-need-them-most/ It’s widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a ransomware attack is your backups. “We’re also feeling relatively confident, we have a very good backup system and then we find out at about four or five hours after the attack that our backup system is completely gone.”

DarkSide ransomware rushes to cash out $7 million in Bitcoin

www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster. The funds have been moving to multiple new wallets since yesterday, a smaller amount being transferred with each transaction to make the money more difficult to track.

Groove ransomware calls on all extortion gangs to attack US interests

www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/ The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil’s infrastructure last week.

Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

www.theregister.com/2021/10/22/cobalt_strike_virustotal_key_discovery/ Around 1, 500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams’ lives easier by giving them a clue about whether or not Cobalt Strike traffic across their networks is a real threat or an action by an authorised red team carrying out a penetration test.

Crypto-miner found hidden inside three npm libraries

therecord.media/crypto-miner-found-hidden-inside-three-npm-libraries/ DevOps security firm Sonatype has uncovered crypto-mining malware hidden inside three JavaScript libraries uploaded on the official npm package repository.

Terveystietoja ja henkilötunnuksia saattoi päätyä paperinkeräykseen Utajärvellä

yle.fi/uutiset/3-12156589 Mahdollisesti jopa satojen ihmisten terveys- ja henkilötietoja päätyi vahingossa paperinkeräykseen Pohjois-Pohjanmaalla.

Didier Stevens – New tool

blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/ cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon.

You might be interested in …

[NCSC-FI News] Russian Invasion of Ukraine and Sanctions Portend Rise in Card Fraud

The Russian invasion of Ukraine has created a humanitarian crisis and caused immeasurable human suffering. In response, Western countries have imposed sanctions on Russia, and many global companies have chosen to cease or severely limit the scope of their operations in Russia These measures have drastically limited the flow of financial transactions between Russia and […]

Read More

[NCSC-FI News] Threat report on application stores – the risks associated with the use of official and third party app stores

Over the last decade there has been an enormous increase in the availability and use of smartphones and smart devices. Many of these devices feature application stores (‘app stores’), which allow users to download additional applications and content. The vast majority of users, particularly on mobile platforms, download apps via these app stores Since there […]

Read More

[NCSC-FI News] Näin Venäjä voisi iskeä tällaisia ovat Suomeen kohdistuvat verkkouhat

Asiantuntijoiden mukaan Suomen kyky puolustautua kyberhyökkäyksiä vastaan on hyvä, mutta puolustettavaa on paljon. Suomessa harjoitellaan uhkia varten koko ajan. Source: Read More (NCSC-FI daily news followup)

Read More