FireEye, l’une des plus grandes entreprises de sécurité, piratée par un État-nation #veille (12 déc 2020)

In Carnet de veille
Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Vous retrouverez un développement de certaines d’entre elles dans les prochains articles. Bonne lecture et belle semaine à vous !

Vol / perte de données

FireEye says hackers stole its red-team tools; suggests state-sponsored group is to blame

FireEye, one of the most influential cybersecurity companies in the world, on Tuesday revealed that it had been breached by a suspected state-sponsored hacking group. FireEye CEO Kevin Mandia said that the FBI and security experts at Microsoft were helping investigate the incident, in which attackers accessed the tools FireEye uses to simulate attacks against clients.

As FireEye grapples with breach investigation, questions remain – CyberScoop

FireEye’s announcement this week that hackers breached its systems has sent shockwaves through the cybersecurity community, raising new questions about how one of the most influential security firms in the U.S. grappled with an apparently state-sponsored attack. It also has triggered policy discussions about whether the U.S.

No Title

With the Fireeye breach news coming out, it’s important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9 1/

Agence européenne du médicament piratée : quel impact pour Pfizer ? – Le Monde Informatique

Une enquête est en cours au sein de l’agence européenne du médicament suite à son piratage ayant permis à des cybercriminels d’accéder à des informations relatives au vaccin BNT162b2 contre le Covid-19 de Pfizer et BioNTech. Une mauvaise nouvelle qui ne devrait pas impacter leur livraison.

250,000 stolen MySQL databases for sale on dark web auction site

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers. The entire collection is seven terabytes in size and is part of a database ransom business that registered a sharp rise since October.

Cyberattaques / fraudes

Norwegian police point finger at Fancy Bear for parliament hack

Norwegian authorities on Tuesday got more specific in their accusation of Russian involvement in an August cyberattack on Norwegian parliament, implicating the same notorious group of suspected Russian military intelligence hackers accused of interfering in the 2016 U.S. election.

Randstad victime du ransomware Egregor – Le Monde Informatique

Le géant du travail par interim Randstad a révélé une cyberattaque par rançongiciel ayant impacté un nombre limité de ses serveurs. Des données issues de ses activités en France ont notamment été volées.

Une rançon à près de 35M$ contre Foxconn au Mexique – Le Monde Informatique

Fin novembre 2020, le site mexicain du géant de la sous-traitance informatique Foxconn a été victime du rançongiciel DoppelPaymer. 1 200 serveurs et 100 Go de données auraient été chiffrés et jusqu’à 30 To de sauvegardes effacées. La mécanique des attaques par ransomwares est désormais bien huilée.

Europol: Beware Fake Dark Web #COVID19 Vaccines

As the UK begins preparations to deploy a COVID-19 vaccine, law enforcers are warning of counterfeit versions circulating on the dark web. After passing the UK’s strict regulatory approvals process in record time, the Pfizer/BioNTech vaccine will begin rolling out to vulnerable groups this week.

Ransomware forces hosting provider Netgain to take down data centers

Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. Netgain offers hosting and cloud IT solutions, including managed IT services and desktop-as-a-service environments, to companies in the healthcare and accounting industry.

Dassault Falcon Jet victime du ransomware Ragnar Locker – Le Monde Informatique

La filiale américaine de Dassault Aviation en charge de la commercialisation de jets privés a été touchée par une attaque par rançongiciel revendiquée par l’opérateur malveillant derrière Ragnar Locker. Ce dernier menace de mettre aux enchères des données concernant le tout dernier Falcon 6X.

Subway marketing system hacked to send TrickBot malware emails

Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday. Starting yesterday, Subway UK customers received strange emails from ‘Subcard’ about a Subway order that was placed. Included in the email were links to documents allegedly containing confirmation of the order.

Facebook unmasks Vietnam’s APT32 hacking group

The Facebook security team has revealed today the real identity of APT32, a Vietnam-backed hacking group active in cyberespionage campaigns targeting foreign government, multi-national corporations, and journalists since at least 2014. The APT32 nation-state hackers were linked to Vietnamese IT firm CyberOne Group in a report published earlier today by Nathaniel Gleicher, Facebook’s Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager.

Failles / vulnérabilités

Adobe releases final Flash Player update, warns of 2021 kill switch

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. The first version of Adobe Flash Player was released in January 1996 and was immediately adopted by developers to create interactive content on the web.

Télétravail: les employés suisses insuffisamment sensibilisés aux cybermenaces

Alors que la crise pandémique booste la pratique du télétravail, les PME suisses se protègent-elles suffisamment contre les cyber-risques associés? Oui et non, selon une étude publiée par Digitalswitzerland, qui montre notamment un manque de mesures au niveau humain et organisationnel.

Un hacker a trouvé le moyen d’ouvrir 2732 consignes à distance en Russie

Cette mystérieuse attaque a laissé des milliers de colis à la portée du premier venu. Et encore, l’impact aurait pu être pire si l’entreprise ne l’avait pas détectée ” à un stade précoce “.

Réglementaire / juridique

Ex-Cisco engineer who nuked 16k WebEx accounts goes to prison

Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15,000 fine for shutting down more than 16,000 WebEx Teams accounts and over 450 virtual machines in 2018, A plea agreement filed in July 2020 revealed that the 30-year-old man accessed Cisco’s cloud infrastructure hosted on Amazon Web Services without permission on September 24, 2018, after resigning from the company five months earlier, in April 2018.

Suisse – Accord pour utiliser le numéro AVS afin d’identifier un individu

La loi sur la sécurité de l’information est sous toit. Le National s’est rallié jeudi au Conseil des Etats pour autoriser l’utilisation systématique du numéro AVS pour identifier des personnes. Les députés avaient jusqu’ici toujours refusé que toutes les autorités et organisations concernées par la loi puissent systématiquement se servir du numéro AVS pour identifier des personnes.

Cookies : la Cnil inflige 135 M€ d’amende à Google et Amazon (MAJ) – Le Monde Informatique

La note est salée pour Google et Amazon. Après la constatation de plusieurs manquements relatifs à la politique des cookies des deux acteurs, la Cnil a prononcé une amende de 100 millions d’euros à Google et 35 millions à Amazon. Un petit bout de code, pour une sanction exemplaire.

Italian police arrest suspects in Leonardo military, defense data theft | ZDNet

Italian police have arrested a former employee of Leonardo SpA and another individual in connection to the theft of sensitive corporate and military information. SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic) The Naples Public Prosecutor’s Office said on November 5 that an ongoing cyberattack was maintained against the Aerostructures and Aircraft Division of Leonardo SpA, one of the largest defense contractors worldwide.

Divers

Romania to host the EU’s new cybersecurity research hub | ZDNet

The European Council voted on Wednesday to locate the EU’s future cybersecurity research hub in Bucharest, Romania’s capital. Named the European Cybersecurity Industrial, Technology and Research Competence Centre, or the ECCC, the new hub is set to start operating next year.

Australian intelligence community seeking to build a top-secret cloud | ZDNet

Australia’s national intelligence community (NIC) hopes to build a highly-secure private community cloud service capable of protecting data that is classified all the way to the level of top secret. The Office of National Intelligence (ONI), Australia’s peak intelligence agency, is leading the project, and issued a call for expressions of interest on Friday.

Le Conseil fédéral veut un label Swiss Cloud et une administration cloud-ready en 2025

Le conseil fédéral a adopté la stratégie cloud de l’administration fédérale. La Confédération compte profiter de services cloud pour soutenir la transformation numérique de l’adminisstration, disposer de davantage d’options de sourcing IT, gagner en agilité et en vitesse , développer des plateformes extensibles et résilientes ou encore réduire les coûts.

Police officer abused vehicle database to track down women drivers | ZDNet

A police officer has been sacked after abusing a vehicle registration database to track women drivers. The constable, formerly of Guernsey Police, was fired for gross misconduct in August after being found guilty of inappropriately contacting nine women across social media after accessing their personal data without a genuine legal reason or any form of consent.

La newsletter