Daily NCSC-FI news followup 2021-11-30

Kaspersky – APT annual review 2021

securelist.com/apt-annual-review-2021/105127/ In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters. For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last 12 months. This is based on our visibility in the threat landscape and it’s important to note that no single vendor has complete visibility into the activities of all threat actors.

8-year-old HP printer vulnerability affects 150 printer models

www.bleepingcomputer.com/news/security/8-year-old-hp-printer-vulnerability-affects-150-printer-models/ Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard. Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time. HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021.

Detecting SILENT CHOLLIMA’s Custom Tooling

www.crowdstrike.com/blog/how-falcon-overwatch-detected-silent-chollima-custom-tooling/ OverWatch threat hunters detected a burst of suspicious reconnaissance activity in which the threat actor used the Smbexec tool under a Windows service account. Originally designed as a penetration testing tool, Smbexec enables covert execution by creating a Windows service that is then used to redirect a command shell operation to a remote location over Server Message Block (SMB) protocol. This approach is valuable to threat actors, as they can perform command execution under a semi-interactive shell and run commands remotely, ultimately making the activity less likely to trigger automated detections.

Understanding the Adversary: How Ransomware Attacks Happen

securityintelligence.com/posts/how-ransomware-attacks-happen/ IBM Security X-Force Incident Response (IR) has responded to hundreds of ransomware incidents across every geography and industry. As we have taken time to analyze these incidents, a clear pattern has emerged. Although we observe dozens of ransomware groups in operation across the globe, many with multiple affiliate groups working under them, most ransomware actors tend to follow a similar attack flow and set of standard operating procedures.

Hackers all over the world are targeting Tasmania’s emergency services

blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/ Emergency servicesunder which the police, fire, and emergency medical services departments fallis an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well.

DNA testing firm discloses data breach affecting 2.1 million people

www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/ DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2102436 persons.

AT&T takes action against DDoS botnet that hijacked VoIP servers

therecord.media/att-takes-action-against-ddos-botnet-that-hijacked-voip-servers/ AT&T is investigating and has taken steps to mitigate a botnet that infected more than 5, 700 VoIP servers located inside its network, a spokesperson has told The Record earlier today. All the infected devices were EdgeMarc Enterprise Session Border Controllers, a type of Voice-over-IP server designed to balance and reroute internet telephony traffic from smaller enterprise customers to upstream mobile providers. According to Netlab, a network security division of Chinese tech giant Qihoo 360, a threat actor used an old exploit (CVE-2017-6079) to hack into unpatched EdgeMarc servers and install a modular malware strain named EwDoor.

Traficom etsii keinoja kansainvälisten huijaussoittojen estämiseksi

www.epressi.com/tiedotteet/telekommunikaatio/traficom-etsii-keinoja-kansainvalisten-huijaussoittojen-estamiseksi.html Liikenne- ja viestintävirasto Traficom valmistelee yhteistyössä Suomessa toimivien teleoperaattoreiden kanssa keinoja estää huijauspuheluissa yleiseksi muodostunut soittajan numeron väärentäminen. Tavoitteena on kansainvälisten rikollisten toiminnan vaikeuttaminen ja estäminen.

Rights groups petition Israel’s top court over Omicron phone tracking

www.reuters.com/world/middle-east/rights-groups-petition-israels-top-court-over-omicron-phone-tracking-2021-11-29/ Rights groups petitioned Israel’s top court on Monday to repeal new COVID-19 measures that authorise the country’s domestic intelligence service to use counter-terrorism phone tracking technology to contain the spread of the Omicron virus variant. Announcing the emergency measures on Saturday, Prime Minister Naftali Bennett said the phone tracking would be used to locate carriers of the new and potentially more contagious variant in order to curb its transmission to others.

How Decryption of Network Traffic Can Improve Security

threatpost.com/decryption-improve-security/176613/ Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations with a commitment to data privacy aren’t the only ones who see value in obscuring their digital footprint in encrypted traffic. Cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic.

You might be interested in …

Daily NCSC-FI news followup 2019-08-02

LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks Between July 19 and July 25, 2019, several spear phishing emails were identifiedtargeting three US companies in the utilities sector. . The phishing messages were found to contain a Microsoft Word document attachment that uses VBA macros to installLookBack […]

Read More

Daily NCSC-FI news followup 2019-12-01

Data of 21 million Mixcloud users put up for sale on the dark web www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/ A hacker has breached online music streaming service Mixcloud earlier this month, and is now selling the site’s user data online, on a dark web marketplace.. The Mixcloud data is currently sold for a price of $2,000. Short presentation about […]

Read More

Daily NCSC-FI news followup 2020-03-27

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more www.zdnet.com/article/best-password-managers/ Everyone needs a password manager. Period, full stop. It’s the only possible way to maintain unique, hard-to-guess credentials for every secure site you, your family members, and your team access daily. Booz Allen analyzed 200+ Russian hacking operations to better understand their […]

Read More