CERT-SE:s veckobrev v.45
Den här veckan har handlat mycket om ransomware efter att amerikanska myndigheter publicerade en varning om att hälso- och sjukvårdssektorn är en måltavla.
Nyheter i veckan
Home Depot Confirms Data Breach in Order Confirmation SNAFU (29 okt) https://threatpost.com/home-depot-data-breach-order-confirmation/160728/Advisory 2020-017: Resumption of Emotet malware campaign (30 okt) https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-017-resumption-emotet-malware-campaignLazada confirms 1.1M accounts compromised in RedMart security breach (30 okt) https://www.zdnet.com/article/lazada-confirms-1-1m-accounts-compromised-in-redmart-security-breach/Google patches second Chrome zero-day in two weeks (2 nov) https://www.zdnet.com/article/google-patches-second-chrome-zero-day-in-two-weeks/US officials confirm Iranian hackers stole voter data (2 nov) https://www.al-monitor.com/pulse/originals/2020/11/iran-tehran-washington-election-trump-biden-hacking-vote.htmlCharming Kitten APT Launched Spoofing Attacks Against Key Personalities (2 nov) https://cyware.com/news/charming-kitten-apt-launched-spoofing-attacks-against-key-personalities-c8152b35North Korean Group Kimsuky Targets Government Agencies With New Malware (2 nov) https://www.securityweek.com/north-korean-group-kimsuky-targets-government-agencies-new-malwareMSB: Hotet mot demokratin en av de största riskerna i samhället (2 nov) https://www.dn.se/sverige/msb-hotet-mot-demokratin-en-av-de-storsta-riskerna-i-samhallet/New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service (2 nov) https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.htmlRussian National Sentenced to 8 Years in Prison for Role in Botnet Operation (2 nov) https://www.darkreading.com/attacks-breaches/russian-national-sentenced-to-8-years-in-prison-for-role-in-botnet-operation/d/d-id/1339352A massive hacking network that Microsoft and the US military tried to stop last month is already back — and it could be a bad sign for Election Day (2 nov) https://www.businessinsider.com/trickbot-election-microsoft-botnet-malware-hackers-2020-11?r=US&IR=TThe NCSC Annual Review 2020 (3 nov) https://www.ncsc.gov.uk/news/annual-review-2020 .. Report: https://www.ncsc.gov.uk/files/Annual-Review-2020.pdfA new APT uses DLL side-loads to “KilllSomeOne” (4 nov) https://news.sophos.com/en-us/2020/11/04/a-new-apt-uses-dll-side-loads-to-killlsomeone/Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file (5 nov) https://www.theregister.com/2020/11/05/deloitte_hacker_test/Operation North Star: Behind The Scenes (5 nov) https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization (5 nov) https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/Rackspace Hosted Email Flaw Actively Exploited by Attackers (5 nov) https://www.bankinfosecurity.com/rackspace-hosted-email-flaw-actively-exploited-by-attackers-a-153097,500 educational organizations hacked, access being sold on Russian hacker forums (5 nov) https://cybernews.com/security/7500-educational-organizations-hacked-access-being-sold-on-russian-hacker-forums/
Ranomware
Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021. (2 nov) https://www.techrepublic.com/article/hackers-have-only-just-wet-their-whistle-expect-more-ransomware-and-data-breaches-in-2021/Vården varnas för cyberattacker: ”Ökad aktivitet” (2 nov) https://www.svt.se/nyheter/inrikes/varden-varnas-for-cyberhot-okad-aktivitet .. CISA Alert (AA20-302A)| Ransomware Activity Targeting the Healthcare and Public Health Sector (uppdaterad 2 nov) https://us-cert.cisa.gov/ncas/alerts/aa20-302aHow to protect backups from ransomware (2 nov) https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.htmlNew RegretLocker ransomware targets Windows virtual machines (3 nov) https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/REvil ransomware gang ‘acquires’ KPOT malware (4 nov) https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues (4 nov) https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report23,600 hacked databases have leaked from a defunct ‘data breach index’ site (4 nov) https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor (4 nov) https://www.zdnet.com/article/as-maze-ransomware-group-retires-clients-turn-to-sekhmet-ransomware-spin-off-egregor/Global ransomware attacks surged by 110% at 34 million Year-on-Year (5 nov) https://atlasvpn.com/blog/global-ransomware-attacks-surged-by-110-at-34-million-year-on-yearRyuk Speed Run, 2 Hours to Ransom (5 nov) https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/
Informationssäkerhet och blandat
ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected (20 okt) https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020 .. Rapport: https://www.enisa.europa.eu/publications/year-in-reviewAPT trends report Q3 2020 (3 nov) https://securelist.com/apt-trends-report-q3-2020/99204/Folksam har delat personuppgifter för en miljon personer med Facebook och Google (3 nov) https://computersweden.idg.se/2.2683/1.742108/folksam-personuppgifter-facebook-googleHär får barnen lära sig att surfa säkert (4 nov) https://www.dn.se/sverige/har-far-barnen-lara-sig-att-surfa-sakert/University of Surrey adopts people-centric blueprint for cyber security (6 nov) https://www.ukauthority.com/articles/university-of-surrey-adopts-people-centric-blueprint-for-cyber-security/November 2020 Ouch! Newsletter: Social Engineering Attacks https://www.sans.org/security-awareness-training/resources/social-engineering-attacks
CERT-SE i veckan
Allvarliga sårbarheter i Cisco-produkterAllvarliga sårbarheter i Adobe Acrobat och ReaderNy sårbarhet i Oracle WebLogic ServerÖkad hotbild mot hälso- och sjukvårdssektorn