CERT-SE:s veckobrev v.35
Den här veckan samlar vi nyheter om så vitt skilda ämnen som dataintrång, kryptovalutor och strategier för 5G. Vi tipsar även möjligheten att göra ett virtuellt besök på The National Museum of Computing i Storbritannien, nu när det ändå ska regna i helgen… Trevlig helg önskar CERT-SE!
Nyheter i veckan
Lazarus Group: Campaign targeting the cryptocurrency vertical (18 aug) https://www.f-secure.com/content/dam/f-secure/en/consulting/our-thinking/collaterals/digital/f-secureLABS_tlp-white-lazarus-threat-intel-report.pdf
The National Museum of Computing: 3D Virtual Tour (19 aug) https://www.tnmoc.org/3d-virtual-tour
Lucifer’s Spawn (19 aug) https://www.netscout.com/blog/asert/lucifers-spawn
AI ska hjälpa polisen hitta misstänkta i övervakningsfilmer (19 aug) https://sverigesradio.se/avsnitt/1554179
The NCCC at the NSDC of Ukraine has detected signs of preparation for a large-scale coordinated attack on state authorities of Ukraine and critical infrastructure on the eve of the Independence Day (19 aug) https://www.rnbo.gov.ua/en/Diialnist/4669.html
APT Hackers for Hire Used for Industrial Espionage (20 aug) https://labs.bitdefender.com/2020/08/apt-hackers-for-hire-used-for-industrial-espionage/
How Four Brothers Allegedly Fleeced $19 Million From Amazon (20 aug) https://www.wired.com/story/how-four-brothers-allegedly-fleeced-19-million-amazon/
Cryptominer Found Embedded in AWS Community AMI (21 aug) https://www.darkreading.com/cloud/cryptominer-found-embedded-in-aws-community-ami/d/d-id/1338713
Researchers Sound Alarm Over Malicious AWS Community AMIs (21 aug) https://threatpost.com/malicious-aws-community-amis/158555/
Chromium’s impact on root DNS traffic (21 aug) https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware (22 aug) https://thehackernews.com/2020/08/google-drive-file-versions.html
(Heads Up) DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars (23 aug) https://blog.knowbe4.com/heads-up-darkside-sophisticated-new-customized-ransomware-strain-demands-million-of-dollars
Här är de tre vanligaste attackvektorerna för gisslanprogram (24 aug) https://techworld.idg.se/2.2524/1.738498/attackvektorer-gisslanprogram
Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme (24 aug) https://www.zdnet.com/article/top-exploits-used-by-ransomware-gangs-are-vpn-bugs-but-rdp-still-reigns-supreme/
Google Researcher Reported 3 Flaws in Apache Web Server Software (24 aug) https://thehackernews.com/2020/08/apache-webserver-security.html
Triada (24 aug) https://lab.secure-d.io/triada/
SourMint: malicious code, ad fraud, and data leak in iOS (24 aug) https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/
Lifting the veil on DeathStalker, a mercenary triumvirate (24 aug) https://securelist.com/deathstalker-mercenary-triumvirate/98177/
Identifying People by Their Browsing Histories (25 aug)
https://www.schneier.com/blog/archives/2020/08/identifying_peo_9.html
..
https://www.usenix.org/system/files/soups2020-bird.pdf
Phishing Attack Used Box to Land in Victim Inboxes (25 aug) https://www.darkreading.com/attacks-breaches/phishing-attack-used-box-to-land-in-victim-inboxes/d/d-id/1338754
As Classes Resume, Schools Face Ransomware Risk (26 aug) https://www.bankinfosecurity.com/as-classes-resume-schools-face-ransomware-risk-a-14895
New Zealand stock exchange hit by cyber attack for second day (26 aug)
https://www.theguardian.com/technology/2020/aug/26/new-zealand-stock-exchange-hit-by-cyber-attack-for-second-day
..
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
..
http://www.straitstimes.com/business/companies-markets/cyber-attacks-halt-new-zealand-stock-exchange-for-4th-day
Internationellt tillslag mot filmpirater – svenska servrar beslagtagna (26 aug) https://www.dn.se/kultur/internationellt-tillslag-mot-filmpirater-svenska-servrar-beslagtagna/
Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts (26 aug) https://www.theregister.com/2020/08/26/former_cisco_engineer_aws_webex_teams/
Belarus Turned Off the Internet. Its Citizens Hot-Wired It. (26 aug) https://gizmodo.com/belarus-turned-off-the-internet-its-citizens-hot-wired-1844853575
Is the electric grid closer to a devastating cyberattack that could mean lights out? (26 aug) https://www.scmagazine.com/home/security-news/is-the-electric-grid-closer-to-a-devastating-cyberattack-that-could-mean-lights-out/
Dracula’s Botnet (26 aug) https://graphika.com/posts/draculas-botnet/
Huawei mobile mast installed next to secret MI5 data centre in London has 7 years to do whatever it is Huawei does (26 aug) https://www.theregister.com/2020/08/26/huawei_mobile_mast_secret_mi5_data_centre/
Malicious Excel Sheet with a NULL VT Score (26 aug)
https://isc.sans.edu/diary/rss/26506Facing gender bias in facial recognition technology (27 aug) https://www.helpnetsecurity.com/2020/08/27/facial-recognition-bias/
Svart marknadsplats på nätet kan ha försvunnit för gott (27 aug) https://computersweden.idg.se/2.2683/1.738665/empire-market-nedplockad
DDoS extortionists target NZX, Moneygram, Braintree, and other financial services (27 aug) https://www.zdnet.com/article/ddos-extortionists-target-nzx-moneygram-braintree-and-other-financial-services/
Dataguise unveils method for enterprises to report impact of data breach faster and more accurately (27 aug) https://www.helpnetsecurity.com/2020/08/27/dataguise-data-discovery-and-protection-software/
Informationssäkerhet och blandat
How one attack campaign steals and sells RDP credentials (17 aug) https://www.techrepublic.com/article/how-one-attack-campaign-steals-and-sells-rdp-credentials/
Tens of suspects arrested for cashing-out Santander ATMs using software glitch (19 aug) https://www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/
FBI, CISA Echo Warnings on ‘Vishing’ Threat (20 aug)
https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/
..
https://krebsonsecurity.com/wp-content/uploads/2020/08/fbi-cisa-vishing.pdf
Freepik data breach: Hackers stole 8.3M records via SQL injection (21 aug) https://www.bleepingcomputer.com/news/security/freepik-data-breach-hackers-stole-83m-records-via-sql-injection/
Yet Another Biometric: Bioacoustic Signatures (21 aug) https://www.schneier.com/blog/archives/2020/08/yet_another_bio_1.html
Iranian hackers attack exposed RDP servers to deploy Dharma ransomware (24 aug) https://www.bleepingcomputer.com/news/security/iranian-hackers-attack-exposed-rdp-servers-to-deploy-dharma-ransomware/
Hur skolor kan garantera att data förblir säkra i en tidsepok av digital inlärning och ransomware (24 aug) https://www.aktuellsakerhet.se/hur-skolor-kan-garantera-att-data-forblir-sakra-i-en-tidsepok-av-digital-inlarning-och-ransomware/
Cyber attacks: Several Canadian government services disrupted (24 aug) https://www.welivesecurity.com/2020/08/24/cyber-attacks-canada-revenue-agency-government/
CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure In Our Nation (24 aug)
https://www.cisa.gov/news/2020/08/24/cisa-releases-5g-strategy-secure-and-resilient-critical-infrastructure
..
https://www.cisa.gov/sites/default/files/publications/cisa_5g_strategy_508.pdf
Lazarus Group hackers target cryptocurrency in global campaign (25 aug) https://betanews.com/2020/08/25/hackers-target-cryptocurrency/
Hack-for-Hire Group Targets Financial Sector Since 2012 (25 aug) https://www.securityweek.com/hack-hire-group-targets-financial-sector-2012
Hackers are exploiting the ‘Internet of Things’ (25 aug) https://www.itproportal.com/features/hackers-are-exploiting-the-internet-of-things/
En organiserad IT-attack anmäld till Säpo (25 aug)
https://www.gunnebogroup.com/Press/Pressmeddelanden/details?postId=8278E09F6A9FA82E
..
https://www.svt.se/nyheter/inrikes/gunnebo-anmaler-organiserd-it-attack-till-sapo
How to Be a Cyber Criminal: Phishing Email Scams (25 aug) https://www.proofpoint.com/us/blog/cybersecurity-essentials/how-be-cyber-criminal-phishing-email-scams
Säkrare inloggning för SJs kunder (25 aug)
http://nyhetsrum.sj.se/pressreleases/saekrare-inloggning-foer-sjs-kunder-3028503
..
https://computersweden.idg.se/2.2683/1.738597/sj-inloggning-sms
(Bakom betalvägg) Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database (25 aug) https://hotforsecurity.bitdefender.com/blog/almost-235-million-youtube-tiktok-and-instagram-profiles-exposed-online-by-unsecured-database-23987.html
Dataspelare bestulen på virtuellt vapen (26 aug) https://www.hd.se/2020-08-26/dataspelare-bestulen-pa-virtuellt-vapen
Estonia ambassador to connect dots from cyberwar to security culture (26 aug) https://www.scmagazine.com/home/events/risksec-2020/estonia-ambassador-to-connect-dots-from-cyberwar-to-security-culture/
Using Artificial Intelligence to Fight Money Laundering (26 aug) https://www.bankinfosecurity.com/using-artificial-intelligence-to-fight-money-laundering-a-14893
Säkerhetsbrist i Safari – enkelt att komma åt känsliga filer (26 aug) https://macworld.idg.se/2.1038/1.738632/sakerhetsbrist-i-safari–enkelt-att-komma-at-kansliga-filer
Confessions of an ID Theft Kingpin, Part I & II (26 aug)
https://krebsonsecurity.com/2020/08/confessions-of-an-id-theft-kingpin-part-i/
..
https://krebsonsecurity.com/2020/08/confessions-of-an-id-theft-kingpin-part-ii/
What a year of penetration testing data can reveal about the state of cybersecurity (26 aug) https://www.techrepublic.com/article/what-a-year-of-penetration-testing-data-can-reveal-about-the-state-of-cybersecurity/
Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware (26 aug) https://thehackernews.com/2020/08/russian-extortion-malware.html
Researchers develop AI technique to protect medical devices from anomalous instructions (27 aug) https://www.helpnetsecurity.com/2020/08/27/ai-protect-medical-devices/
Förre Karlskronarektorn anmäld för dataintrång (27 aug) https://sverigesradio.se/artikel/7541695