今週の気になるセキュリティニュース - Issue #38

本事象は、この機能が、Google社にて運営されている一部のサービスにおいて「電子証明書の有効期限切れ」を検知し、端末を保護するべくこの機能が働き、結果として、お客様の意図しない形でローカルロックされたものです。なお、Google社によって当該電子証明書の問題は解消されており、その問題が発生していた期間が一時的であったことから、本事象の影響は限定的であったものと推測されます。

The Commerce Department’s Bureau of Industry and Security (BIS) has released an interim final rule, establishing controls on the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities. The rule also creates a new License Exception Authorized Cybersecurity Exports (ACE) and requests public comments on the projected impact of the proposed controls on U.S. industry and the cybersecurity community. 

東京2020大会におけるサイバーセキュリティについては、過去大会以上に脅威にさらされるともみなされていた中、NTTは大会期間中、通信サービスにおけるネットワークセキュリティや、様々なサイバーセキュリティ対応を実施しました。大会期間中、約4.5億回に及ぶ様々なセキュリティイベントを観測しましたが、全て適切に対処・ブロックし、大会運営・競技運営に影響のあるセキュリティインシデントを発生させませんでした。

The npm package ua-parser-js had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Google’s Threat Analysis Group tracks actors involved in disinformation campaigns, government backed hacking, and financially motivated abuse. Since late 2019, our team has disrupted financially motivated phishing campaigns targeting YouTubers with Cookie Theft malware.

The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.

The average ransom payment amount remained relatively constant in Q3, while the median increased by over 50%. We attribute this shift to less large outlier ransom payments from a small subset of large companies, versus a higher proportion of payments coming from mid-market sized victims. Ever since the pipeline attacks this spring, we have seen statistical evidence and intelligence showing that ransomware actors are trying to avoid larger targets that may evoke a national political or law enforcement response. This shift from ‘Big Game Hunting’ to ‘Mid Game Hunting’ is personified in both the ransom amount statistics but also the victim size demographics from the quarter. 

At least three email service providers have been hit by large distributed denial of service (DDoS) attacks on Friday, resulting in prolonged outages, The Record has learned.

The attacks have hit Runbox (a privacy email provider based in Norway), Posteo (a secure email provider based in Germany), and Fastmail (a privacy-first email provider based in Australia).

On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive.  

21 October 2021 was the first ever Global Encryption Day. We’re asking people to Make the Switch to strong encrypted services and defend their right to privacy and security.