Daily NCSC-FI news followup 2021-11-06

N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert

www.cbc.ca/news/canada/newfoundland-labrador/nl-cyber-attack-worst-canada-1.6236210 One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security. David Shipley, the CEO of a cybersecurity firm in Fredericton, said he’s seen similar breaches before, but usually on a smaller scale. “We’ve never seen a health-network takedown this large, ever, ” Shipley said in an interview with CBC News. “The severity of this is what really sets it apart.”

Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware

blogs.blackberry.com/en/2021/11/zebra2104 The BlackBerry Research & Intelligence Team has uncovered an unusual connection between the actions of three distinct threat groups, including those behind financially-motivated ransomware such as MountLocker and Phobos, as well as the espionage-related advanced persistent threat (APT) group known as StrongPity. While it might seem implausible for criminal groups to be sharing resources, we found these groups had a connection that is enabled by a fourth; a threat actor we have dubbed Zebra2104, which we believe to be an Initial Access Broker (IAB). In this post, we will discuss what led us to these findings, what an IAB is, and how each piece fits into the puzzle. Once we look at each piece in context, we can better assess the full ramifications of these discoveries, and project what is yet to come.

DDoS Attack Trends for Q3 2021

blog.cloudflare.com/ddos-attack-trends-for-2021-q3/ The third quarter of 2021 was a busy quarter for DDoS attackers. Cloudflare observed and mitigated record-setting HTTP DDoS attacks, terabit-strong network-layer attacks, one of the largest botnets ever deployed (Meris), and more recently, ransom DDoS attacks on voice over IP (VoIP) service providers and their network infrastructure around the world.

It-palveluista on tullut liian nopeita ja helppokäyttöisiä

www.tivi.fi/blogit/it-palveluista-on-tullut-liian-nopeita-ja-helppokayttoisia/3f72d0ff-c0b5-4b0a-b092-c418c46afd12 LÄHES VIIKOITTAIN saamme lukea uutisista, miten huijarit ovat onnistuneet höynäyttämään verkkopankin asiakkaita. Uhrit ovat menettäneet jopa kymmeniätuhansia euroja, vaikka verkkopankin pitäisi olla täysin turvallinen ja älypuhelimeen sidotun tunnistamisen pomminvarmaa. Rahojen siirtäminen ulkomaille ei saisi olla näin helppoa ja nopeaa. Ulkomaansiirroissa pitäisi olla 24 tunnin viive, jota ei voi ohittaa. Jos tämä tuottaa joillekin käyttäjille ongelmia, he voisivat poistaa sen käytöstä asioimalla pankin konttorissa tai puhelinpalvelussa.

A Drone Tried to Disrupt the Power Grid. It Won’t Be the Last

www.wired.com/story/drone-attack-power-substation-threat/ IN JULY OF last year, a DJI Mavic 2 drone approached a Pennsylvania power substation. Two 4-foot nylon ropes dangled from its rotors, a thick copper wire connected to the ends with electrical tape. The device had been stripped of any identifiable markings, as well as its onboard camera and memory card, in an apparent effort by its owner to avoid detection. Its likely goal, according to a joint security bulletin released by DHS, the FBI, and the National Counterterrorism Center, was to “disrupt operations by creating a short circuit.”

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/ In this diary entry, I will show how to decrypt Cobalt Strike network traffic with AES keys extracted from the beacon’s process memory.

Senators add CISA cyberattack/ransomware reporting amendment to defense bill

www.zdnet.com/article/bipartisan-group-of-senators-add-cisa-cyberattackransomware-reporting-amendment-to-defense-bill/ The amendment only covers confirmed cyberattacks and not ones that are suspected. But it forces all federal contractors to report attacks. There is no fine component in the amendment, one of the many provisions senators had been fighting over for months. Victims organizations will have 72 hours to report attacks, another hotly debated topic among government cybersecurity experts. Some wanted it to be within 24 hours and others said it should be within a week.. But the 72 hour limit does not apply to all organizations. Some — which the senators said included businesses, nonprofits and state and local governments — would be forced to report ransomware payments to the federal government within 24 hours of payment being made.

1.8 TB of Police Helicopter Surveillance Footage Leaks Online

www.wired.com/story/ddosecrets-police-helicopter-data-leak/ DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement’s eye has become, and how lax its data protection can be.

Hacker steals $55 million from bZx DeFi platform

therecord.media/hacker-steals-55-million-from-bzx-defi-platform/ A hacker has stolen an estimated $55 million worth of cryptocurrency assets from bZx, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.

US defense contractor Electronic Warfare hit by data breach

www.bleepingcomputer.com/news/security/us-defense-contractor-electronic-warfare-hit-by-data-breach/ US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information.

You might be interested in …

Daily NCSC-FI news followup 2021-10-19

Kyberturvallisuuskeskus kartoittaa jälleen suojaamattomia automaatiojärjestelmiä www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kartoitus2021 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus etsii tietoverkoista suojaamattomia automaatiolaitteita. Työn tavoitteena on parantaa tilannekuvaa ja kyberturvallisuutta Suomessa. Saatuja tuloksia verrataan aikaisempien vuosien tuloksiin. Oraclen lokakuun 2021 kriittiset korjaukset www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_33/2021 Oracle on julkaissut ennakkotiedotteen 418 tietoturvapäivityksestä yhteensä 29 eri tuotteeseensa. Mukana on myös useita kymmeniä pienemmän kriittisyysluokan päivityksiä. Suosittelemme päivittämään […]

Read More

Daily NCSC-FI news followup 2020-08-28

Is China the World’s Greatest Cyber Power? www.darkreading.com/threat-intelligence/is-china-the-worlds-greatest-cyber-power/d/d-id/1338778 The nation’s aggressive approach to using cyber operations to achieve political and national aims has set its cyber strategy apart from the more cautious and considered approaches of most other nations. Attackers linked to China have vacuumed up personally identifiable information on US and European citizens, stolen […]

Read More

Daily NCSC-FI news followup 2019-07-07

Libra Cryptocurrency Scams Already Active Ahead Of 2020 Launch www.bleepingcomputer.com/news/security/libra-cryptocurrency-scams-already-active-ahead-of-2020-launch/ No sooner had Facebook announced Libra cryptocurrency and the matching digital Calibra wallet that cybercriminals tried to get a head start on a new phishing theme. Europe Built a System to Fight Russian Meddling. Its Struggling. www.nytimes.com/2019/07/06/world/europe/europe-russian-disinformation-propaganda-elections.html TWITTER’S DISINFORMATION DATA DUMPS ARE HELPFULTO A POINT […]

Read More