Security News

The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack.

Believed to be part of the elite Russian hacking group known as “Sandworm”, the indictment states that all six individuals are part of the Russian Main Intelligence Directorate known as GRU.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.

The US indicted Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko , 27; and Petr Nikolayevich Pliskin, 32.

They are all charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.

Read more »

Why ISPs?

1. Protecting ISPs is today an high priority from a nation’s national security perspective.

2. Internal research activities have shown that all the ISP-related intrusions that are attributable to organized adversaries (or APT) are aimed at digital espionage operations towards third parties or at  accessing customer data / database.

3. In 2019 there has been an increase in activities against this sector by threat groups suspected by industry of operating on behalf of the China, Russia and the DPRK interests. Locally, activities in the Middle-East have been observed by groups suspected of operating on behalf of the Iranian government.

4. In 2019, I participated in the analysis of “DeadlyKiss”. According to what observed, it’s an uncommon piece of malware family active since at least 2016. Its victims appears to be exclusively entities operating in the telecommunications sector. The ability of this threat to remain so in the shadows for all these years (prior to publication its detection rate was extremely low with only one vendor able to
detect it via ML algorithms) makes us reflect on how some threat actors can use specific digital weapons exclusively for the compromise of specific sectors / targets.

Read more »

Microsoft is working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication security and integrity.

Once MTA-STS is available in Office 365 Exchange Online, emails sent by users via Exchange Online will only one delivered using connections with both authentication and encryption, protecting against both email interception and attacks.

Protection against MITM and downgrade attacks

MTA-STS strengthens Exchange Online email security and solves multiple SMTP security problems including the lack of support for secure protocols, expired TLS certificates, and certs not issued by trusted third parties or matching server domain names.

Given that mail servers will still deliver emails even though a properly secured TLS connection can’t be created, SMTP connections are exposed to various attacks including downgrade and man-in-the-middle attacks. Read more »

Norway’s Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament (Stortinget).

“On 24 August, the Storting announced a data breach in their e-mail systems,” Søreide said in a press release published earlier today after a briefing that also included Minister of Defense Frank Bakke-Jensen.

“Based on the information base the government possesses, it is our assessment that Russia is behind this activity.”

“This is a serious incident that affects our most important democratic institution,” Søreide added.

Read more »

Αρχή Ψηφιακής Ασφάλειας – Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων:

Από την Τετάρτη 30/09/2020 οι πελάτες Τραπεζικών Ιδρυμάτων της Κύπρου δέχονται επιθέσεις Ηλεκτρονικού Ψαρέματος (Phishing).

Οι πελάτες (χρήστες) των τραπεζικών ιδρυμάτων προτρέπονται μέσω κακόβουλων ηλεκτρονικών μηνυμάτων, κυρίως ηλεκτρονικού ταχυδρομείου στα οποία υπάρχουν λογότυπα και διακριτικά τραπεζικών ιδρυμάτων, να ακολουθήσουν κακόβουλο σύνδεσμο που δήθεν ανήκει στα τραπεζικά ιδρύματα με σκοπό να υποκλέψουν διαπιστευτήρια σύνδεσης.

Από την Τετάρτη 30/09/2020 η Αρχή Ψηφιακής Ασφάλειας – Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων έχει ενημερώσει όλες τις Κρίσιμες Πληροφοριακές Υποδομές της Κυπριακής Δημοκρατίας καθώς και τις Αρμόδιες Αρχές και βρίσκεται σε επικοινωνία με τις Αστυνομικές Αρχές.

Παρακαλείται το κοινό όπως ευαισθητοποιηθεί στον έλεγχο των μηνυμάτων ηλεκτρονικού ταχυδρομείου που λαμβάνει και όπως ενημερώνεται από τις σχετικές ανακοινώσεις της Αστυνομίας και της Αρχής.