Iranian gas station paralyzed by cyber attack, babuk blackmail software source code leaked ｜ global network security hotspot

Safety information report

The e-mail leak caused losses to British companies 1.4 Hundred million pounds

According to the National Centre for economic crime (NECC) The latest data , in the past 12 Months , Reported commercial email leaks (BEC) The event has reached 4600 rise , To individuals and businesses 1.38 A billion pound loss .

The government agency is working with the National Crime Agency (NCA)、 The metropolitan police 、 Banking group UK financial and fraud prevention Nonprofit Cifas Cooperate to launch a new activity , To raise awareness of crime , Also known as “ Forced fraud ” or “ payment ”.

It claims that this 4600 The average amount of loss in the cases is 30,000 pound , Criminals often impersonate others and create or modify invoices to trick victims into transferring funds to accounts they control .

NECC Claims of fraud usually peak at 3 The month and 11 month , Coincides with the end of the financial year .

According to the FBI call ,BEC It is the type of cybercrime with the highest income in the past two years . According to the FBI's annual Internet crime report , Last year the victims reported about 19,300 The loss caused by the incident is nearly 19 Billion dollars . During this period, cyber crime caused 42 Of the total loss of $billion , This accounts for almost half .

Need to pay attention to BEC Signs include urgent transfer requests 、 New payment details from the supplier and misspelled or inconsistent language in the sender's email .

News source ： 

https://www.infosecurity-magazine.com/news/bec-costs-uk-firms-140m-past-year/

Iran's cyber attacks have paralyzed gas stations across the country

A cyber attack in Iran has paralyzed gas stations across the country , Fuel sales were disrupted , Electronic billboards were defaced to show messages challenging the regime's ability to distribute gasoline .

Posts and videos circulating on social media show ,“ Khamenei ！ Where's our gasoline ？” Referring to the country's Supreme Leader Ayatollah Ali Khamenei . According to the semi official Iranian student news agency （ISNA） reports , Other signs say “Jamaran Free gas at the gas station ”, When trying to buy fuel , The fuel pump will display “ Network attack 64411” word .

The chairman of Iran's supreme cyberspace Committee, abhosan · Feruzabadi (Abolhassan Firouzabadi) Express , These attacks “ Probably ” It is supported by the state , But he added that it was too early to determine which country had invaded .

Although no country or organization has claimed responsibility for this incident so far , But this attack marks the second time that digital billboards have been changed to display similar messages .

News source ： 

https://thehackernews.com/2021/10/cyber-attack-in-iran-reportedly.html

Three major measures are taken to implement the security protection of key information infrastructure

No network security, no national security , No information, no modernization . The CPC Central Committee 、 The State Council attaches great importance to the security protection of key information infrastructure , To further improve the security protection system of key information infrastructure , Formulated and issued 《 Key information infrastructure security regulations 》（ hereinafter referred to as 《 Regulations 》）.

First class inspector of the Network Security Bureau of the Ministry of public security 、 Deputy director of 、 Chief engineer guoqiquan pointed out , insist “ Problem oriented 、 Actual combat leads 、 Systematic defense ” principle , Hold the key , Keep the key , Guide and supervise the security protection of key information infrastructure , Establish a security protection system for key information infrastructure with relevant departments , Guide and supervise operators to implement the network security classification protection system 《 Regulations 》, Effectively maintain the security of critical information infrastructure .

The next key work of the public security organs in establishing and implementing the security protection system for key information infrastructure ：

First of all , Public security organs organize and identify key information infrastructure .

• Make rules

To guide the protection departments in important industries and fields , Develop the industry 、 Identification rules for key information infrastructure in this field , And report to the Ministry of public security for the record ;

• Identify and identify

Guide the operator to cooperate with the protection department , Key business carried around key information infrastructure , Conduct business dependency identification 、 Identification of key assets 、 Risk identification and other activities , Identify critical information infrastructure ;

• To the point

The basic network that meets the recognition conditions 、 Large private network 、 Core business system 、 Cloud platform 、 Big data platform 、 The Internet of things 、 The new Internet and other key protected objects are included in the key information infrastructure ;

• Identify and report

The protection department shall organize the identification of the industry according to the identification rules 、 Key information infrastructures in this field , Notify relevant operators of the determination results in time and report to the Ministry of public security ;

• Dynamic adjustment

The list of key information infrastructures shall be dynamically adjusted , The adjustment result shall be reported to the Ministry of public security .

second , The public security organ organizes the operators to carry out the security protection of key information infrastructure .

• Take enhanced protective measures

Based on dealing with the threat of large-scale network attacks , In the implementation of network security level protection system and national standards 、 Satisfy “ Compliance ” Protection requirements , Take enhanced special protection measures , Vigorously improve the ability of risk identification 、 Attack resistance 、 Resilience , Ensure the stable operation of critical infrastructure .

• Focus on protecting key business and operational security , Change single point protection into overall prevention and control

Systematic security design for one or more networks and information systems involved in the business , Build an overall security prevention and control system for key information infrastructure .

• Risk management oriented , Change static protection to dynamic protection

According to the change of security threat situation , Dynamically adjust monitoring and safety control measures , Form a dynamic security protection mechanism , Enhance protection elasticity , Effectively respond to security risks and threats .

• Based on information sharing , Change single protection into joint prevention and control

Establish cooperation with the national network security supervision department 、 Protect the information sharing of the work department and other relevant departments 、 Coordination 、 Common protection mechanism , Improve the ability to deal with large-scale network attacks .

• Supported by core technologies such as trusted computing , Turn passive defense into active defense

Based on Trusted Computing 、 Artificial intelligence 、 Big data analysis 、 Password and other core technologies , Build a security framework , Combined with Threat Intelligence 、 Situational awareness , Discover and deal with unknown threats in a timely manner , Improve endogenous safety and active immunity 、 Active defense capability .

• By means of inter domain isolation , Change single layer protection to defense in depth

The network is managed in different areas , Safe isolation and certification between areas ; Implement pre monitoring , Contain and block in the process , Follow up and recovery afterwards , Realize layer upon layer blocking 、 Defense in depth .

• Focus on core asset data , Change extensive protection to precise protection

Automated asset based management , Coordinated Threat Intelligence , Detect unknown threats 、 Abnormal behavior, etc , Achieve accurate protection of core assets , Ensure big data 、 Central nervous system safety .

• Implement physical facilities protection and power and telecommunication guarantee measures

Protect the machine room 、 Big data center 、 Cloud platform and other physical facilities are secure , Take strict precautions against earthquakes 、 Flood and other damages , Ensure the normal operation of the network 、 Data is protected from corruption .

• Cooperate closely with the public security organs , Establish a network security joint operation mechanism , Fight a whole battle 、 Synthetic warfare .
• Depending on the “ Cyberspace geography ” laboratory , Carry out theoretical research and technical research , Research on Intelligent cognition in cyberspace 、 Asset mapping 、 Visual expression and other core technologies , Support actual combat .
• Strengthen confidentiality management

Under construction 、 Operation and maintenance 、 Purchase products and services 、 Bidding, etc , Confidentiality management should be strengthened , It is strictly prohibited to participate in bidding and other activities , Divulge the secrets of key information infrastructure .

Third , The public security organs have made great efforts to strengthen the security of key information infrastructure .

• Strengthen the construction of network security threat information system , Organize forces to carry out threat intelligence work .
• Build network security protection platform and situation awareness system , Build a platform smart brain , Draw a network map , Realization “ Wall map operation ”.
• Around network attack intrusion 、 Penetration control 、 Stealing secrets and other destructive activities , Keep a close watch on 、 We will severely crack down on illegal and criminal activities that endanger critical information infrastructure .
• Give full play to the role of the national network and information security information notification mechanism , Build and improve internal and external coordination 、 An all-weather and all-round network security monitoring and early warning system coordinated by the upper and lower levels , Vigorously carry out network security real-time monitoring 、 Alert 、 Emergency disposal, etc , Provide important guarantee for operators .
• For units and individuals that fail to fulfill their legal obligations for network security , Strengthen administrative law enforcement ; Establish a system of listing and supervising major risks and hidden dangers of network security , The problem of network security is prominent 、 Units and departments with serious potential risks shall be listed for supervision .
• For supply chain security 、 Mail system security 、 Website security 、 Data security 、 Internet enterprise network security 、 New technology, new application, network security and other outstanding problems , Timely organize and carry out special rectification actions .

News source ： 

https://www.chinanews.com/gn/2021/10-26/9595646.shtml

The head of British intelligence ： The reason for the proliferation of ransomware is that there is no coordination to prevent it from making profits

British signal intelligence agency GCHQ Director Jeremy · Sir Fleming (SirJeremy Fleming) Express , If you want to know why extortion software has proliferated in recent years , That's because it hasn't been challenged until recently .

“ What we saw in Britain this year “ Blackmail Software ” The attacks are twice as many as last year , But the reason it has exploded is because it works ,” Fleming said at the US Code briefing threat Conference . Criminals make a lot of money from it , And often feel that this is largely indisputable ...... We have to figure out what this means , Only recently have we left a lot of this game space. Those criminals will actually spread and make a lot of money .

Last month, , Britain has set up a national cyber force (NCF), This is an offensive organization , Will come from the Ministry of defense (MoD)、GCHQ、 Secret service (MI6) And the national defense science and technology laboratory (DSTL) The people of .

Fleming said ：“ In my submission , Excessive militarization is very dangerous , Give due respect to all my military colleagues on both sides of the pond .” However , He added ：“ For decades, , This has always been GCHQ Part of the mission , We need our policy makers , In some aspects of the mission , Our military leaders are able to use their cyber capabilities .”

Fleming suggested , The solution to extortion of software profits is to regulate and control cryptocurrencies .

“ I can see the policy debate in the United States , I see the policy debate here , You will soon learn how criminals make money —— You will soon be dabbling in cryptocurrencies and how they are regulated and controlled ,” He said .

Although most countries support the idea of destroying blackmail software operators and the overall business model , But some countries have developed policies , Provides an exception to ransomware attacks on critical infrastructure .

News source ： 

https://www.zdnet.com/article/ransomware-has-proliferated-because-its-largely-uncontested-says-gchq-boss/

China has organized the formulation of national standards for network security 332 term

The first plenary meeting of the third National Information Security Standardization Technical Committee was held in Beijing a few days ago . Founded on 2002 National Information Security Standardization Technical Committee in , It has organized the formulation of national standards for network security 332 term .

Vice minister of publicity department of the CPC central committee 、 Zhuangrongwen, director of the central Internet Information Office, said , Do a good job in the standardization of network security in the new era , It is an important support to promote the construction of a network power , It is an important way to enhance the international discourse power and influence in cyberspace .

Zhuang rongwen said , Facing the new situation, new tasks and new requirements , Stick to the problem orientation , Actively promote the innovative development of standardization work ; Practice the purpose of serving the people , Try to make the people have more sense of gain 、 happiness 、 A sense of security ; We will strengthen the rule of law , Accelerate the implementation of laws and regulations in the field of e-mail ; Expand the global perspective , Actively participate in the formulation of international standards and rules for cyberspace .

Zhanggong, director of the State Administration of market supervision, said , We should have a deep understanding of the importance of strengthening network security standardization to overall development and security 、 Strengthen, optimize and expand the digital economy 、 The important strategic significance of building a community of shared future in cyberspace , Actively promote the standardization of network security to create a new situation .

It is reported that , The meeting read out the change of the third National Information Security Standardization Technical Committee and its member composition plan , Reviewed the articles of association of the third information security and Standardization Commission 、 Standard preparation and revision procedures 、 Technical documents, working procedures, etc .

News source ： 

http://www.chinanews.com/gn/2021/10-27/9596329.shtml

“ Guangdong shield -2021” The network security attack and defense drill ended

10 month 25 On the afternoon of Sunday , For a week “ Guangdong shield -2021” The Guangdong Digital government network security attack and defense drill ended in Guangzhou .

According to introducing ,“ Guangdong shield -2021” Guangdong Digital government network security attack and defense drill to “ Focus on data security to escort digital development ” The theme of , It is a large-scale real network attack and defense drill covering the whole field of Guangdong provincial government system . To ensure that the drill always revolves around the actual combat , All aspects of service guarantee actual work , Urge the formation of a more efficient and accurate data security protection solution mechanism , This drill will also focus on water affairs 、 Gas 、 Electric power 、 Transportation 、 Some information systems in public services such as health and epidemic prevention are included in the scope of the exercise .

Drill activities to discover and eliminate the e-government system of the whole province in time 32 class 982 A network security risk , Related to 3300 More than 10000 pieces of personal privacy data , Hundreds of millions of enterprises 、 Government business related data , Effectively excluded 499 Servers 、 Network devices 、 Network security risks such as security equipment , Send to all departments 81 A safety bulletin .

Through practical exercises , The security protection capability of online government and public service systems in Guangdong Province has been improved as a whole , When people use online government and public services , More effective data security can be ensured .

News source ： 

https://www.sohu.com/a/497351667_120091004

Singapore's e-commerce phishing scams cost victims at least 764,000 SGD

Singapore police on Tuesday （10 month 26 Japan ） warned , E-mails involving fraudsters posing as e-commerce marketing staff 、 Phishing scams involving SMS and phone calls are on the rise .

Police said in a statement ,9 There is at least... In the month 764,000 SGD （235 Wan LINGJI ） Losses from non bank related phishing scams .

Victims of such fraud often receive calls from fraudsters who pretend to be e-commerce market workers , Claim to have found the victim's account problems or payment differences in their purchases .

The fraudster used the excuse of helping to solve the problem , Trick the victim into providing credit or debit card details and a one-time password (OTP).

Only when the victim finds an unauthorized transaction using a credit or debit card , They will realize that they have been cheated .

The police advise the public to take the following measures to prevent such crimes ：

• Do not provide your personal information to unknown callers over the phone , Including financial data .
• Always verify the authenticity of any information through the official website or official sources .
• Do not disclose your personal or online banking details and OTP.
• Report any fraudulent credit or debit card charges to your bank and immediately cancel your card .

News source ： 

https://www.thestar.com.my/tech/tech-news/2021/10/27/e-commerce-phishing-scams-in-spore-cost-victims-at-least-s764000-rm235mil

Microsoft ： Password injection attacks are on the rise

lately , Microsoft has observed that an emerging Iranian hacker organization uses password spray on key infrastructure targets in Israel and the United States operating in the Persian Gulf .

Microsoft estimates that , More than a third of account leaks are password injection attacks , Although the success rate of such attacks on accounts is 1%, Unless the organization uses Microsoft “ Password protection ” To avoid incorrect passwords .

Microsoft explained last year ：“ They are not trying multiple passwords for one user , Instead, try to unlock and detect a password by trying multiple users .” This approach helps to avoid rate limitations , Because too many failed password attempts can lead to locking .

Microsoft Detection and response team (DART) Two main password injection technologies are summarized , The first of these technologies is called “ Low speed and slow speed ”. ad locum , A determined attacker deployed a complex password spray , Use “ Several separate IP Address attacks multiple accounts simultaneously with a limited number of planned password guesses ”.

Another technology ,“ Availability and reuse ”, Take advantage of leaked vouchers previously published and sold on the dark web . Microsoft explained ：“ An attacker can take advantage of this strategy , Also known as ‘ Credential padding ’, Easy access to , Because it relies on people reusing passwords and usernames across sites .”

“ lately ,DART It is found that the number of cloud administrator accounts targeted by password injection attacks has increased ,” Microsoft points out .

For the Security Administrator 、Exchange Service Administrator 、 Global administrator 、 Conditional access Administrator 、SharePoint Administrators 、 Help desk Administrator 、 Billing administrator 、 User administrator 、 When configuring security control for roles such as authentication administrator and company administrator , Extra care should also be taken . Microsoft said , Such as C High profile identities such as senior executives or specific roles with access to sensitive data are also popular targets .

News source ：

https://www.zdnet.com/article/microsoft-warns-over-uptick-in-password-spraying-attacks/

Babuk The complete source code of blackmail software is leaked

A blackmail software attack participant leaked the information on the Russian hacker forum Babuk Blackmail software complete source code .

BabukLocker, Internal is also called Babyk, It is a kind of blackmail software operation , On 2021 Start at the beginning of the year , At that time, it began to target enterprises to steal and encrypt their data in the double blackmail attack .

At the metropolitan police station in Washington, D.C (MPD) And feel the pressure from the US law enforcement authorities , Extortion software gangs claim to have shut down their businesses . But the members of the same group split , Other members restart blackmail software BabukV2, To this day, they continue to encrypt the victim's data .

As the security research group vx-underground First noticed ,Babuk An alleged member of the group posted the complete source code of their blackmail software on a popular Russian hacker forum . The member claimed to have advanced cancer , And decided that before they had to “ Live like a man ” Release the source code at the same time . The shared file contains for VMware ESXi、NAS and Windows Different encryptors Visual Studio Babuk Blackmail software project .

EmsisoftCTO And blackmail software experts Fabian Wosar as well as McAfee Enterprise Of researchers have told BleepingComputer, The leak seems legal .Wosar Also said , The leak may contain the decryption key of past victims .Babuk Ransomware uses elliptic curve encryption (ECC) As part of its encryption program . The leak included folders containing encryptors and decryptors compiled for specific victims of the extortion software gang .

News source ：

https://www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum/

Security vulnerabilities threaten

CISA：Discourse There is a Remote Code Execution Vulnerability

CISA Urge developers to update in the notification issued on Sunday Discourse edition 2.7.8 And earlier , Warning remote code execution vulnerability is marked as “ serious ”,CVSS score 10.

The problem was fixed on Friday , The developers explained CVE-2021-41163 involve “ The upstream aws-sdk-snsgem Validation error in ”, Probably “ A maliciously crafted request results in Discourse Medium RCE”.

Developers point out that , To solve this problem without updating ,“ Can be blocked by an upstream agent /webhooks/aws The beginning of the path request .”

This popular open source discussion platform attracts millions of users every month , prompt CISA Send a message , Push updates .

The researchers detailed the problem in a blog post , And reported the problem to Discourse, The latter did not respond to requests for comment .

News source ： 

https://www.zdnet.com/article/cisa-warns-of-remote-code-execution-vulnerability-with-discourse/