Daily NCSC-FI news followup 2022-01-10

OP:n verkkosivut kaataneen kyberhyökkäyksen tekijöistä tai motiivista ei ole vielä tietoa

yle.fi/uutiset/3-12263848 Osuuspankin verkkopalveluissa toimintahäiriön sunnuntaina aiheuttaneen kyberhyökkäyksen mahdollisista tekijöistä tai iskun motiivista ei vielä maanantaina ole saatu mitään tietoa, kertoo pankin tietoturvajohtaja Teemu Ylhäisi STT:lle. – Eilen saatiin hyökkäys torjuttua ja korjaustoimenpiteet tehtyä. Nyt jatketaan teknisiä selvityksiä ja ollaan viranomaisiin yhteydessä. Jatkoselvityksissä menee vielä aikaa, Ylhäisi kertoo. Häiriön aiheutti sovellukseen kohdistuva volumetrinen hyökkäys, jossa palveluun kohdistettiin suuri määrä sovelluskyselyitä. Tämä aiheutti virhetilanteen OP:n verkkosivujen kirjautumissivuilla, minkä vuoksi OP siirsi palvelun huoltotilaan. Häiriö kesti aamukuudesta kello 12.30:een iltapäivällä. myös: www.is.fi/digitoday/tietoturva/art-2000008529880.html

Pakkausjätti Huhtamäki joutui tietomurron kohteeksi jopa 150 gigatavua dataa vääriin käsiin

www.is.fi/digitoday/tietoturva/art-2000008530521.html Suuri suomalainen pakkausalan yritys Huhtamäki on joutunut laajan tietomurron kohteeksi. Yhtiöstä on viety mittava määrä tietoja. – Erääseen Huhtamäen ulkomailla sijaitsevaan yksikköön on kohdistunut tietomurto, jonka yhteydessä on anastettu tietoja. Sosiaalisessa mediassa on kerrottu anastettujen tietojen määräksi 150 Gt, mikä vastaa meidänkin käsitystämme. Asian tutkinta on alkuvaiheessa ja sen vuoksi emme voi vahvistaa tietomurron tekotapaa tai anastettujen tietojen laatua, Huhtamäen mediasuhdejohtaja Katariina Hietaranta vahvistaa. – Toimintamme ja toimitusvarmuutemme ei ole ole uhattuna, Hietaranta toteaa.

Check Point Research: Cyber Attacks Increased 50% Year over Year

blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/ In Q4 of 2021 there was an all-time peak in weekly cyber-attacks per organization, counting over 900 attacks per organization. In 2021, there was a 50% increase in overall attacks per week on corporate networks compared to 2020. Education and Research was the most attacked sector

The blame game: EU criticized for fragmented and slow’ approach to cyber-attack attribution

portswigger.net/daily-swig/the-blame-game-eu-criticized-for-fragmented-and-slow-approach-to-cyber-attack-attribution The European Union lacks coherence when it comes to responding to cyber-attacks because of problems surrounding attribution, a new report warns. In Attribution: A Major Challenge for EU Cyber Sanctions’, Annegret Bendiek and Matthias Schulze of the German Institute for International and Security Affairs analyze the policy responses to the WannaCry, NotPetya, Cloud Hopper, OPCW, and Bundestag cybersecurity incidents and conclude that the process of attribution tends to be fragmented and slow. “Right now, every member state does its own attribution and political and legal assessment of cyber-incidents, ” Schulze tells The Daily Swig. “Since capabilities vary, it is possible that member states assess the same incident quite differently and this leads to a fragmented response. also:

www.swp-berlin.org/en/publication/attribution-a-major-challenge-for-eu-cyber-sanctions#hd-d41750e3739

CISA director: Log4Shell has not resulted in significant’ government intrusions yet

therecord.media/cisa-director-log4shell-has-not-resulted-in-significant-government-intrusions-yet/ Top officials at the US Cybersecurity and Infrastructure Security Agency on Monday said the Log4Shell vulnerability has mostly resulted in cryptomining and other minor incidents at federal agencies, but warned that threat actors may soon start actively exploiting the vulnerability to disrupt critical infrastructure and other assets.

Suomessa toimiva hotelliketju joutui kyberiskun uhriksi selvitti tilanteen erikoisella keinolla

www.tivi.fi/uutiset/tv/3ea960f6-2d2c-4a2a-992c-e3623692d012 Pohjoismaissa ja Baltiassa toimiva norjalainen hotelliketju Nordic Choice Hotels joutui joulukuussa kiristyshaittaohjelman uhriksi. Haittaohjelman poistaminen jokaisesta saastuneesta Windows-koneesta olisi vienyt useita tunteja per kone. Haittaohjelman poistamisen sijaan yhtiö päätti vaihtaa koneiden käyttöjärjestelmän Chrome OS:ään.

It-osaajat harjoittelevat tositilanteen varalle [TILAAJILLE]

www.tivi.fi/uutiset/tv/828f255e-7440-46d8-bfe8-31dabd4ce125 Vapaaehtoisuuteen perustuva Digipooli kannustaa yrityksiä omien kyberhäiriöharjoitusten järjestämiseen.

COVID Omicron Variant Lure Used to Distribute RedLine Stealer

www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer FortiGuard Labs recently came across a curiously named file, “Omicron Stats.exe”, which turned out to be a variant of Redline Stealer malware. This blog will look at the Redline Stealer malware, including what’s new in this variant, its core functions, how it communicates with its C2 server, and how organizations can protect themselves.

Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware

thehackernews.com/2022/01/abcbot-botnet-linked-to-operators-of.html New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. “The same threat actor is responsible for both Xanthe and Abcbot and is shifting its objective from mining cryptocurrency on compromised hosts to activities more traditionally associated with botnets, such as DDoS attacks, ” Cado Security’s Matt Muir said in a report shared with The Hacker News.

URL Parsing Bugs Allow DoS, RCE, Spoofing & More

threatpost.com/url-parsing-bugs-dos-rce-spoofing/177493/ Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service (DoS) conditions, information leaks and remote code execution (RCE) in various web applications, researchers are warning. Claroty report (PDF):

claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf

DDoS Attack Trends for Q4 2021

blog.cloudflare.com/ddos-attack-trends-for-2021-q4/ The second half of the year recorded a growing swarm of one of the most powerful botnets deployed (Meris) and record-breaking HTTP DDoS attacks and network-layer attacks observed over the Cloudflare network.

Europol ordered to erase data on those not linked to crime

www.bleepingcomputer.com/news/security/europol-ordered-to-erase-data-on-those-not-linked-to-crime/ The European Data Protection Supervisor (EDPS), an EU privacy and data protection independent supervisory authority, has ordered Europol to erase personal data on individuals that haven’t been linked to criminal activity. The EU data watchdog issued this order after admonishing Europol in September 2020 for storing large amounts of data on individuals that haven’t been linked to criminal activity, putting their fundamental rights at risk.

Cyber Command partners with US universities to prepare graduates for military cyber roles

therecord.media/cyber-command-partners-with-us-universities-to-prepare-graduates-for-military-cyber-roles/ US Cyber Command announced last week a partnership with 84 colleges and universities from 34 states and the District of Columbia aimed at educating and preparing graduates for cybersecurity roles in the US military.

New macOS vulnerability, “powerdir, ” could lead to unauthorized user data access

www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/ Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir, ” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible.

The Evolution of Patch Management: How and When It Got So Complicated

www.darkreading.com/vulnerabilities-threats/the-evolution-of-patch-management-how-and-when-it-got-so-complicated In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.

China puts Walmart in the naughty corner, citing 19 alleged cybersecurity ‘violations’

www.theregister.com/2022/01/10/walmart_china_security/ American budget retailer Walmart was cited for 19 alleged cybersecurity breaches in China, state-sponsored media reported last week. “It is reported that the public security organs discovered nineteen exploitable network security vulnerabilities in Walmart’s network system on November 25, 2021, and [the company] did not deal with system vulnerabilities in a timely manner, “

You might be interested in …

Daily NCSC-FI news followup 2021-09-29

Russia arrests top cybersecurity executive in treason case www.reuters.com/technology/moscow-office-group-ib-cybersecurity-firm-searched-by-police-company-2021-09-29/ Ilya Sachkov, 35, who founded Group IB, one of Russia’s most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm. DarkHalo after SolarWinds: the Tomiris connection securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/ Tomiris […]

Read More

Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known […]

Read More

Daily NCSC-FI news followup 2021-03-12

Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/ Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its latest observations on exploitation attempts against organizations that it tracks worldwide. myös: www.tivi.fi/uutiset/tv/31187ac4-d460-4a33-be35-0256443bbb11 F-Secure: “Tilanne voi revetä käsiin” Exchange-hyökkäysten hirmumyrsky repii maailmaa […]

Read More