今週の気になるセキュリティニュース - Issue #65

#65・
Weekly newsletter of Masafumi Negishi
94

issues

Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Weekly newsletter of Masafumi Negishi will receive your email address.

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
事件、事故
米財務省が暗号資産のミキシングサービス Blender.io への制裁措置を発表
WASHINGTON – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Blender.io (Blender), which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency. On March 23, 2022, Lazarus Group, a DPRK state-sponsored cyber hacking group, carried out the largest virtual currency heist to date, worth almost $620 million, from a blockchain project linked to the online game Axie Infinity; Blender was used in processing over $20.5 million of the illicit proceeds. Under the pressure of robust U.S. and UN sanctions, the DPRK has resorted to illicit activities, including cyber-enabled heists from cryptocurrency exchanges and financial institutions, to generate revenue for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.
攻擊、脅威
ルーマニアの複数の Web サイトに DDoS 攻擊
The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service (DDoS) attacks targeting several public websites managed by the state entities.
The attack has been claimed by a pro-Russian group calling themselves Killnet. They targeted servers that host public sites with a high number of requests or high volumes of data, essentially depleting their processing resources and causing them to become unavailable.
日本の組織を標的としたスピアフィッシング攻擊について、マクニカが報告
セキュリティ研究センターでは、2022年4月に日本の組織を標的としたスピアフィッシングを確認し、それを起点とする攻撃の分析を行いました。その攻撃はショートカットファイルやISOファイルの悪用、マルウェアの1つは今年3月にリリースされたGo言語 1.18で開発されており解析が困難であるなどの特徴がみられました。分析を通して得た関連情報から今回の攻撃は3月頃から続いている攻撃キャンペーンの1つであると考えています。ここでは、導入済みのセキュリティ対策が今回の攻撃に有効であるかの検討やインシデント対応の参考になるよう分析の詳細結果について共有します。
Mandiant が攻撃者グループ UNC3524 の攻擊活動について報告
In this blog post, we introduce UNC3524, a newly discovered suspected espionage threat actor that, to date, heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. On the surface, their targeting of individuals involved in corporate transactions suggests a financial motivation; however, their ability to remain undetected for an order of magnitude longer than the average dwell time of 21 days in 2021, as reported in M-Trends 2022, suggests an espionage mandate. Part of the group’s success at achieving such a long dwell time can be credited to their choice to install backdoors on appliances within victim environments that do not support security tools, such as anti-virus or endpoint protection. The high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet set this group apart and emphasize the “advanced” in Advanced Persistent Threat. UNC3524 also takes persistence seriously. Each time a victim environment removed their access, the group wasted no time re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign. We are sharing the tools, tactics, and procedures used by UNC3524 to help organizations hunt for and protect against their operations.
Google がウクライナ関連のサイバー攻擊の最新状況について報告
Google’s Threat Analysis Group (TAG) has been closely monitoring the cybersecurity activity in Eastern Europe with regard to the war in Ukraine. Since our last update, TAG has observed a continuously growing number of threat actors using the war as a lure in phishing and malware campaigns. Similar to other reports, we have also observed threat actors increasingly target critical infrastructure entities including oil and gas, telecommunications and manufacturing.
Coveware から 2022年第1四半期のランサムウェアに関するレポート
脆弱性
F5 の BIG-IP に iControl REST 認証をバイパス可能な脆弱性 (CVE-2022-1388)
米 CISA が Known Exploited Vulnerabilities (KEV) カタログに 5個の脆弱性を追加
Avast と AVG の製品に権限昇格の脆弱性
その他
Firefox ブラウザがバージョン 100 に到達
GitHub.com でコードを提供するすべてのユーザを対象に、2023年末までに2要素認証を義務化すると GitHub が発表
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
FIDO Alliance と W3C が 3月に提案したパスワードレス認証の仕組み “Multi-device FIDO Credentials” を Apple、Google、Microsoft の 3社が協力してサポートしていくことを発表
In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.  
毎年 5月の第一木曜日は World Password Day
Passwords are not only hard to remember and keep track of, but they’re also one of the most common entry points for attackers. In fact, there are 921 password attacks every secondnearly doubling in frequency over the past 12 months.
Masafumi Negishi
毎年ほとんど誰も話題にしてませんが、今日 (5月の第一木曜日) は World Password Day です。この機会にご自分のパスワード管理を見直してみてはいかがでしょうか。パスワードなくなる日はいつ来るのかなぁ。
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.