Tag Archive for: CSIRT

National research agency forms CSIRT to prevent cyber attacks

/in


To this end, strengthening the electronic system security in BRIN is necessary, including in the handling of cyber incidents

Jakarta (ANTARA) – The National Research and Innovation Agency (BRIN) formed and unveiled the Computer Security Incident Response Team (CSIRT) within the agency to protect the electronic system security from cyber threats and attacks.

The CSIRT had actually existed before, but it had not been integrated, Head of BRIN Laksana Tri Handoko stated during the BRIN-CSIRT virtual unveiling on Monday.

BRIN-CSIRT was formed owing to BRIN’s cooperation with the National Cyber and Encryption Agency (BSSN). The agency will continue to boost its capability to bolster cybersecurity within BRIN, he remarked.

Moreover, the BRIN is ready to become BSSN’s partner for cybersecurity from the standpoint of technological, information system, research and innovation result, as well as human resources.

Related news: BRIN, archaeologist studying recently unearthed temple site in Batang

Meanwhile, during the event, Head of BSSN Hinsa Saburian noted that the most frequent attacks occurring in BRIN are malware attacks and traffic anomaly status.

“To this end, strengthening the electronic system security in BRIN is necessary, including in the handling of cyber incidents,” he remarked.

The formation of BRIN-CSIRT is expected to form a safe and orderly electronic system that can support the realization of a reliable, professional, and innovative BRIN with integrity.

Related news: BRIN urges private sector to invest in space sector

Moreover, through the formation of CSIRT, BRIN is also expected to improve its capability in cybersecurity incident handling within its institution. To this end, the BSSN is ready to support the strengthening of the cyber incident handling capability in BRIN.

The high usage of information and communication technology is directly proportional to security risks and threats.

As a result, an organization should always anticipate cyber threats and attacks through cyber incident handling readiness by forming the CSIRT.

The CSIRT should be able to resolve cyber security challenges by improving the capability of the team that has been formed.

Related news: Huawei,…

Source…

NCC CSIRT Discovers Banking App-Targeting Malware –

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT) has discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.

According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions from Europe, has high impact and high vulnerability rate. The main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.

Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimize battery. In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

To avoid early detection or being denied access to the PlayStore, “Fast Cleaner” was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

Once up and running on a victim’s device, Xenomorph can harvest device information and Short Messaging Service (SMS), intercept notifications and new SMS messages, perform overlay attacks, and prevent users from uninstalling it. The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones. Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services.

The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory…

Source…

NCC’s CSIRT warns against banking app-targeting malware | The Guardian Nigeria News

/in


The Computer Security Incident Response Team (CSIRT) of the Nigerian Communications Commission’s (NCC) says it had discovered a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.

NCC’s Director of Public Affairs (DPA), Dr Ikechukwu Adinde, disclosed this in a statement on Sunday, in Abuja.

Adinde explained that the main intent of this malware was to steal credentials, combined with the use of SMS and notification interception to log-in and use potential two-factor authentication tokens.

He said, according to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph”, found to target 56 financial institutions across Europe, had high impact and high vulnerability rate.

“Xenomorph is propagated by an application that was slipped into Google Play store and masquerading as a legitimate application called “Fast Cleaner” ostensibly meant to clear junk, increase device speed and optimise battery.

“In reality, this app is only a means by which the Xenomorph Trojan could be propagated easily and efficiently.

“Fast Cleaner was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.

“This is to avoid early detection or being denied access to the Playstore,” he said.

He further explained that once up and running on a victim’s device, Xenomorph can harvest device information and SMS, intercept notifications and new SMS, perform overlay attacks and prevent users from uninstalling it.

“The threat also asks for Accessibility Services privileges, which allow it to grant itself further permissions.

“The CSIRT said the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.

“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.

“The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” he said.

The DPA said that the commission had advised…

Source…

CyCraft Japan joins the Nippon CSIRT Association

/in


TOKYO, Nov. 3, 2020 /PRNewswire/ — CyCraft Technology, the fastest-growing cybersecurity firm in Asia, today announced that CyCraft JP has officially joined the Nippon CSIRT Association (NCA).

CyCraft Japan joins the Nippon CSIRT Association

CSIRT (Computer Security Incident Response Team, Computer Security Incident Response Team) refers to a team of security analysts that not only deal with and respond to cybersecurity incidents, collect and analyze incident-related vulnerability intelligence, attack tactics, techniques, and procedures (TTP) but also formulate playbooks and carry out responses to security incidents.

In recent years, Japanese organizations have begun building and developing their own internal CSIRTs; however, cyberattacks in the 21st century are becoming more and more sophisticated and frequent, making it more and more difficult for one CSIRT to handle individually. Nippon CSIRT Association (NCA) was established to unify the intelligence, resources, and capability of multiple CSIRTs so that one CSIRT leveraging the intelligence, resources, and capability of other CSIRTs could overcome security incidents and increase Japan’s overall cyber resilience.

NCA is not the first CSIRT organization CyCtaft has joined. Earlier this year, CyCraft Taiwan joined the international CSIRT organization, FIRST (Forum of Incident Response and Security Teams). CyCraft Technology is not just committed to raising the resilience of global organizations but also committed to demonstrating trustworthiness, professionalism, and accurate and actionable threat intelligence, specifically in the APAC market.

About Nippon CSIRT Association

NCA was founded in 2007 with the primary goal of fostering cooperation, intelligence sharing, and strengthening trustworthy relations between CSIRTs in Japan to better facilitate prompt, intelligence-driven responses. NCA provides a secure forum for members to cooperate with each other and solve common problems collectively. NCA CSIRT team, from various organizations across multiple industries and fields, gather regularly at NSA conferences to discuss relevant and current threats and trends, observed attack behavior, attack and defensive playbook modifications, and more.

For more…

Source…