Daily NCSC-FI news followup 2021-10-22

Ransomware: Looking for weaknesses in your own network is key to stopping attacks

www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/ Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place. While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter.

Ransomware: Why do backups fail when you need them most?

blog.malwarebytes.com/malwarebytes-news/2021/10/ransomware-why-do-backups-fail-when-you-need-them-most/ It’s widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a ransomware attack is your backups. “We’re also feeling relatively confident, we have a very good backup system and then we find out at about four or five hours after the attack that our backup system is completely gone.”

DarkSide ransomware rushes to cash out $7 million in Bitcoin

www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster. The funds have been moving to multiple new wallets since yesterday, a smaller amount being transferred with each transaction to make the money more difficult to track.

Groove ransomware calls on all extortion gangs to attack US interests

www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/ The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil’s infrastructure last week.

Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

www.theregister.com/2021/10/22/cobalt_strike_virustotal_key_discovery/ Around 1, 500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams’ lives easier by giving them a clue about whether or not Cobalt Strike traffic across their networks is a real threat or an action by an authorised red team carrying out a penetration test.

Crypto-miner found hidden inside three npm libraries

therecord.media/crypto-miner-found-hidden-inside-three-npm-libraries/ DevOps security firm Sonatype has uncovered crypto-mining malware hidden inside three JavaScript libraries uploaded on the official npm package repository.

Terveystietoja ja henkilötunnuksia saattoi päätyä paperinkeräykseen Utajärvellä

yle.fi/uutiset/3-12156589 Mahdollisesti jopa satojen ihmisten terveys- ja henkilötietoja päätyi vahingossa paperinkeräykseen Pohjois-Pohjanmaalla.

Didier Stevens – New tool

blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/ cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon.

You might be interested in …

Daily NCSC-FI news followup 2019-09-23

Dear network operators, please use the existing tools to fix security www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/ Internet routing may well be a screaming car wreck, but a deployathon by the Asia Pacific Network Information Centre (APNIC) has shown how short, focused efforts can make a difference.. Routers use the Border Gateway Protocol (BGP) to tell each other the current […]

Read More

Daily NCSC-FI news followup 2019-08-28

Avast and French police take over malware botnet and disinfect 850,000 computers decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ Cybercrime: Ransomware attacks have more than doubled this year www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/ TrickBot Modifications Target U.S. Mobile Users www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users TrickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims voice and text communications. WootCloud Discovers ARES […]

Read More

Daily NCSC-FI news followup 2021-10-14

Analyzing Email Services Abused for Business Email Compromise www.trendmicro.com/en_us/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html Like a number of online attacks and threats that took advantage of the changing work dynamics, business email compromise (BEC) remains one of the cybercrimes that causes the most financial losses for businesses despite the decrease in number of victims. Our continued monitoring of BEC activities […]

Read More