Daily NCSC-FI news followup 2021-01-14

Brand Phishing Report Q4 2020 blog.checkpoint.com/2021/01/14/brand-phishing-report-q4-2020/ According to Check Point Research´s (CPR) analysis, Microsoft still lead the top ten-brand phishing in the last quarter of 2020, with many websites trying to impersonate Microsoft login screens and steal user credentials. Shipping and retail, mainly led by email phishing on DHL and Amazon, are up to the […]

Read More

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Daily NCSC-FI news followup 2021-01-12

Going Rogue a Mastermind Behind Android Malware Returns with a New RAT blog.checkpoint.com/2021/01/12/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/ Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the world around us. There are over 3.5 billion smartphone users worldwide, and it is estimated that over 85% of those devices around […]

Read More

Daily NCSC-FI news followup 2021-01-11

Sunburst backdoor code overlaps with Kazuar securelist.com/sunburst-backdoor-kazuar/99981/ On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named Dark Halo. FireEye did not link […]

Read More

Daily NCSC-FI news followup 2021-01-10

Eilakaisla joutui kyber­hyökkäyksen kohteeksi henkilö­tietojen vuoto ei pois suljettua www.hs.fi/kotimaa/art-2000007731435.html Henkilöstöpalvelualan yritys Eilakaisla joutui viikonloppuna kyberhyökkäyksen kohteeksi. Yritys tiedotti sunnuntaina, että kiristyshaittaohjelmalla perjantaina tehdyn hyökkäyksen vuoksi Eilakaislan palvelin lakkasi sinä päivänä toimimasta. Hyökkäyksen takia on mahdollista, että työnhakijoiden ja työntekijöiden henkilötietoja sekä asiakkaiden laskutustietoja on vaarantunut.. Myös: yle.fi/uutiset/3-11730761. www.is.fi/digitoday/tietoturva/art-2000007731487.html Miten kyber­uhkien torjuntaa pitäisi kehittää? www.tivi.fi/uutiset/tv/1cfc4f24-2da5-4a3a-9d86-26f9f0898f81 […]

Read More

Daily NCSC-FI news followup 2021-01-09

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Incident response investigations dont always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an […]

Read More

Daily NCSC-FI news followup 2021-01-08

Sealed U.S. Court Records Exposed in SolarWinds Breach krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/ The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) […]

Read More

Daily NCSC-FI news followup 2021-01-07

Linux malware authors use Ezuri Golang crypter for zero detection www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use. December 2020’s Most Wanted Malware: Emotet Returns as Top Malware […]

Read More

Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible […]

Read More

Daily NCSC-FI news followup 2021-01-05

Käsikirja tukemaan terveydenhuollon kyberturvallisuutta Suomessa myös koronakriisin aikaisia vaikutuksia käsitelty www.epressi.com/tiedotteet/terveys/kasikirja-tukemaan-terveydenhuollon-kyberturvallisuutta-suomessa-myos-koronakriisin-aikaisia-vaikutuksia-kasitelty.html Jyväskylän ammattikorkeakoulu (JAMK) on julkaissut käsikirjan kyberhäiriöiden hallintaan terveydenhuollon toimijoille. Julkaisu auttaa eri kokoisia terveydenhuollon organisaatioita kehittämään kyberhäiriöiden hallinnan prosesseja ja toimintaohjeita. SolarWinds: The more we learn, the worse it looks www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/ While you’ve been distracted by the holidays, coronavirus, and politics, the more […]

Read More