CERT-SE:s veckobrev v.43

Veckobrev

Denna vecka bjuder CERT-SE på bland annat lite ransomeware och lite DDoS. Dessutom blir det ett par rapporter, några incidenter lite annat blandat.Trevlig helg önskar CERT-SE!

Nyheter i veckan

Interplanetary Storm Botnet Shows Signs of Anonymization-Purpose Proxy-for-Hire Infrastructure (15 okt) https://securityboulevard.com/2020/10/interplanetary-storm-botnet-shows-signs-of-anonymization-purpose-proxy-for-hire-infrastructure/New Emotet attacks use fake Windows Update lures (15 okt) https://www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site (16 okt) https://www.bleepingcomputer.com/news/security/thunderx-ransomware-rebrands-as-ranzy-locker-adds-data-leak-site/Exponential growth in DDoS attack volumes (16 okt) https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacksHackers now abuse BaseCamp for free malware hosting (17 okt) https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/Ryuk in 5 Hours (18 okt) https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/This new malware uses remote overlay attacks to hijack your bank account (19 okt) https://www.zdnet.com/article/this-new-malware-uses-remote-overlay-attacks-to-hijack-your-bank-account/Three reasons the ‘moving target defense’ can stop bot attacks (19 okt) https://www.scmagazine.com/perspectives/three-reasons-the-moving-target-defense-can-stop-bot-attacks/GravityRAT: The spy returns (19 okt) https://securelist.com/gravityrat-the-spy-returns/When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube (19 okt) https://www.theregister.com/2020/10/19/google_cookie_wipe/$1M Cyber Resiliency Fund launched to support security operations impacted by pandemic (19 okt) https://www.scmagazine.com/home/sc-corporate-news/1m-cyber-resiliency-fund-launched-to-support-security-operations-impacted-by-pandemic/A Closer Look at the Attempted Ransomware Attack on Tesla (19 okt) https://securityboulevard.com/2020/10/a-closer-look-at-the-attempted-ransomware-attack-on-tesla/Microsoft is Most Imitated Brand for Phishing Attempts in Q3 2020 (19 okt) https://www.checkpoint.com/press/2020/microsoft-is-most-imitated-brand-for-phishing-attempts-in-q3-2020/Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace (19 okt) https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and .. UK and partners condemn GRU cyber attacks against Olympic and Paralympic Games (19 okt) https://www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-gamesMysterious ‘Robin Hood’ hackers donating stolen money (20 okt) https://www.bbc.com/news/technology-54591761Is poor cyber hygiene crippling your security program? (20 okt) https://www.helpnetsecurity.com/2020/10/20/vulnerabilities-remote-work/An update on disruption of Trickbot (20 okt) https://blogs.microsoft.com/on-the-issues/2020/10/20/trickbot-ransomware-disruption-update/Cyberattack mot Badanstalten (21 okt) https://www.stromstadstidning.se/nyheter/str%C3%B6mstad/cyberattack-mot-badanstalten-1.35866211SVT avslöjar: Allvarliga brister i trygghetslarm – kommuner informerades inte (22 okt) https://www.svt.se/nyheter/inrikes/svt-avslojar-allvarliga-brister-i-trygghetslarm-kommuner-informerades-inteMobileIron enterprise MDM servers under attack from DDoS gangs, nation-states (21 okt) https://www.zdnet.com/article/mobileiron-enterprise-mdm-servers-under-attack-from-ddos-gangs-nation-states/MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability (21 okt) https://cybernews.com/security/street-mobster-game-leaking-data-of-2-million-players/Unsecured Voice Transcripts Expose Health Data - Again (21 okt) https://www.govinfosecurity.com/unsecured-voice-transcripts-expose-health-data-again-a-15219

Informationssäkerhet och blandat

Opinion: How Ransomware Puts Your Hospital at Risk (17 okt) https://www.nytimes.com/2020/10/17/opinion/hospital-internet-security-ransomware.htmlHär lär sig soldater hacka för att hindra cyberattacker (19 okt) https://universitetslararen.se/2020/10/19/har-lar-sig-soldater-hacka-for-att-hindra-cyberattacker/Here’s a five-step security plan for industrial environments (20 okt) https://www.scmagazine.com/perspectives/heres-a-five-step-cybersecurity-plan-for-industrial-environments/Deepfake bots on Telegram make the work of creating fake nudes dangerously easy (20 okt) https://www.theverge.com/2020/10/20/21519322/deepfake-fake-nudes-telegram-bot-deepnude-sensity-reportViktigt för enskilda hur deras personuppgifter hanteras (20 okt) https://www.datainspektionen.se/nyheter/viktigt-for-enskilda-hur-deras-personuppgifter-hanteras/EU Threat Landscape Report: Cyber attacks are becoming more sophisticated, targeted and widespread (20 okt) https://ec.europa.eu/digital-single-market/en/news/eu-threat-landscape-report-cyber-attacks-are-becoming-more-sophisticated-targeted-andCERT-EU: Direct Threats to EU Institutions, Bodies and Agencies https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-2020Q3-Threat_Landscape_Report-Executive-Summary-v1.0.pdf

CERT-SE i veckan

Oracle Critical Patch Update