View profile

今週の気になるセキュリティニュース - Issue #37

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
ポッドキャスト収録用のメモですよ。(今週は収録お休み)

事件、事故
米海軍の原子力エンジニアが原子力潜水艦に関する情報を外国政府に売り渡そうとしたとして FBI に逮捕される
“The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation,” said Attorney General Merrick B. Garland. “The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice.”
OVHcloud でネットワーク障害。増加する DDoS 攻撃への対策として実施したネットワーク設定の変更に起因するもの。
米ミズーリ州の St. Louis Post-Dispatch 紙の記者が、州政府のサイト上で教員の社会保障番号が露呈していることを発見し報告したところ、州知事がこの行為を非難し告訴すると脅迫。
(コメント) 正直ちょっと何言っているかわからない
攻撃、脅威
Microsoft が 8月に Azure の顧客に対する 2.4Tbps の DDoS 攻撃を観測
In early August, we shared Azure’s Distributed Denial-of-Service (DDoS) attack trends for the first half of 2021. We reported a 25 percent increase in the number of attacks compared to Q4 of 2020, albeit a decline in maximum attack throughput, from one terabit per second (Tbps) in Q3 of 2020 to 625 Mbps in the first half of 2021.
The last week of August, we observed a 2.4 Tbps DDoS attack targeting an Azure customer in Europe. This is 140 percent higher than 2020’s 1 Tbps attack and higher than any network volumetric event previously detected on Azure.
イランに関係した攻撃者グループによる米国やイスラエルの防衛産業に対するパスワードスプレー攻撃について、Microsoft から注意喚起
DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology companies, Persian Gulf ports of entry, or global maritime transportation companies with business presence in the Middle East. Less than 20 of the targeted tenants were successfully compromised, but DEV-0343 continues to evolve their techniques to refine its attacks. MSTIC noted that Office 365 accounts with multifactor authentication (MFA) enabled are resilient against password sprays.
CISA や FBI などが共同で、米国の上下水道のシステムに対するサイバー攻撃に関する注意喚起
WWS Sector cyber intrusions from 2019 to early 2021 include:
In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
In March 2021, cyber actors used an unknown ransomware variant against a Nevada-based WWS facility. The ransomware affected the victim’s SCADA system and backup systems. The SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).
In September 2020, personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.
In March 2019, a former employee at Kansas-based WWS facility unsuccessfully attempted to threaten drinking water safety by using his user credentials, which had not been revoked at the time of his resignation, to remotely access a facility computer.
米財務省の FinCEN が 2021年上半期の米国内におけるランサムウェアの活動状況に関する報告書を公開
FinCEN analysis of ransomware-related SARs filed during the first half of 2021 indicates that ransomware is an increasing threat to the U.S. financial sector, businesses, and the public. The number of ransomware-related SARs filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between 1 January 2021 and 30 June 2021 (“the review period”), up 30 percent from the total of 487 SARs filed for the entire 2020 calendar year.3 The total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million). 
脆弱性
Apple の iOS および iPadOS に任意のコード実行が可能な脆弱性が見つかり修正。すでに悪用が確認されている。
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30883: an anonymous researcher
(コメント) Apple 製品に関して今年 17個目のゼロデイ脆弱性とのこと。いやはや…
Catalin Cimpanu
Today's patch represents the 17th actively exploited zero-day patched this year.

There were some publicly disclosed vulnerabilities (which some also called zero-days) that were also patched this year, but which I didn't include in this table. https://t.co/NtKuQRgMqv
Microsoft が 2021年10月の月例パッチを公開。すでに悪用が確認されている CVE-2021-40449 などを修正
Windows (Win32k) の脆弱性 CVE-2021-40449 は、限定的な脆弱性の悪用を確認しています。早急にセキュリティ更新プログラムを適用してください。
Windows の脆弱性 CVE-2021-41335, Windows AppContainer の脆弱性 CVE-2021-41338、Windows DNS Server の脆弱性 CVE-2021-40469は、現時点では悪用は確認されていませんが、脆弱性の内容が一般に公開されています。早急にセキュリティ更新プログラムを適用してください。
Yurika
今日はマイクロフトパッチの日です。今月も早期の適用のほど、どうぞよろしくお願いいたします。
すでに悪用を確認している脆弱性1件 (Windows (Win32k) EoP CVE-2021-40449 ) です。こちらは何卒特に早期に適用をお願いいたします https://t.co/cSYuwQUycf
その他
Google が攻撃を受ける可能性の高い 1万人以上のユーザにセキュリティキーを無料配布すると発表
Users who enroll in APP are protected against a wide variety of online threats, including sophisticated phishing attacks (through the use of security keys), malware and other malicious downloads on Chrome and Android, and unauthorized access to their personal account data (such as Gmail, Drive or Photos). As new threats are discovered, APP evolves to provide the latest protections.
As part of our work to keep our users safer and increase awareness of APP, we partnered with organizations across the globe to provide free security keys to over 10,000 high risk users throughout 2021.
(コメント) 一般ユーザの我々は自分でセキュリティキーを購入して、APP に登録しましょう
米政府が 10/13, 14 に、ランサムウェア対策に関して EU および世界 30ヶ国とオンラインでの国際会議を開催。日本の内閣サイバーセキュリティセンター (NISC) はランサムウェア特設ページを開設した。
Having gathered virtually on October 13 and 14 to discuss the escalating global security threat from ransomware, we the Ministers and Representatives of Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States recognize that ransomware is an escalating global security threat with serious economic and security consequences.
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.