CERT-SE:s veckobrev v.1

Veckobrev

God fortsättning. Denna vecka blir ett uppsamlingsheat av stort och smått som hänt sedan julhelgen. Bland annat om cyberattacken mot finska riksdagen, en ny kryptomask, vilka konsekvenser tumultet vid Kapitolium får för cybersäkerheten, samt ett antal årslistor över de viktigaste händelserna under det gångna året.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Ransomware: Attacks could be about to get even more dangerous and disruptive (23 dec)
https://www.zdnet.com/article/ransomware-why-these-attacks-could-get-even-more-dangerous-and-disruptive/

CISA Releases Free Detection Tool for Azure/M365 Environment (24 dec)
https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment

Several major VPN services taken offline for reportedly offering illegal services (29 dec)
https://www.techradar.com/news/three-established-vpns-taken-down-by-law-enforcement-over-criminal-links

Ransomware Is Headed Down a Dire Path (29 dec)
https://www.wired.com/story/ransomware-2020-headed-down-dire-path/

Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers (29 dec)
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/

New Golang-based Crypto worm infects Windows and Linux servers (31 dec)
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html

End of Year Traffic Analysis Quiz (31 dec)
https://isc.sans.edu/diary/rss/26940

Brexit Deal Mandates Old Insecure Crypto Algorithms (31 dec)
https://www.schneier.com/blog/archives/2020/12/brexit-deal-mandates-old-insecure-crypto-algorithms.html

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions (31 dec)
https://securityaffairs.co/wordpress/112817/malware/emotet-campaign-hit-lithuania.html

Ransomware 2020: A Year of Many Changes (31 dec)
https://www.govinfosecurity.com/ransomware-2020-year-many-changes-a-15676

FBI warns swatting attacks on owners of smart devices (2 jan)
https://securityaffairs.co/wordpress/112910/cyber-crime/fbi-warns-swatting-iot.html

A closer look at fileless malware, beyond the network (4 jan)
https://www.helpnetsecurity.com/2021/01/04/fileless-malware/

The Darkness and the Light (4 jan)
https://blogs.cisco.com/security/the-darkness-and-the-light

One month after ransomware attack, Metro Vancouver’s transit system still not up to speed (5 jan)
https://hotforsecurity.bitdefender.com/blog/one-month-after-ransomware-attack-metro-vancouvers-transit-system-still-not-up-to-speed-25014.html

Anti-Secrecy Activists Publish a Trove of Ransomware Victims’ Data (6 jan)
https://www.wired.com/story/ddosecrets-ransomware-leaks/

How to customize your sudo password prompt (6 jan)
https://www.techrepublic.com/article/how-to-customize-your-sudo-password-prompt/

SolarWinds

The Sunburst hack was massive and devastating. Here are 5 observations from a cybersecurity expert (30 dec)
https://www.abc.net.au/news/2020-12-30/sunburst-cyber-hack-solarwinds-software-cybersecurity-expert/13021104

SolarWinds hackers gained access to Microsoft source code (31 dec)
https://securityaffairs.co/wordpress/112847/apt/solarwinds-microsoft-source-code.html

Microsoft Says SolarWinds Hackers Also Broke Into Its Source Code (31 dec)
https://gizmodo.com/microsoft-says-solarwinds-hackers-also-broke-into-its-s-1845974783

Microsoft Internal Solorigate Investigation Update (31 dec)
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/

The 2020 SolarWinds reality check: As cleanup continues, community considers implications (31 dec)
https://www.scmagazine.com/home/year-in-review/the-2020-solarwinds-reality-check-as-cleanup-continues-community-considers-implications/

SolarWinds hack may be much worse than originally feared (2 jan)
https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity

The biggest espionage plot in history (3 jan)
https://www.archynewsy.com/the-biggest-espionage-plot-in-history/

The SolarWinds attack: A modern-day Pearl Habor? (3 jan)
https://securityboulevard.com/2021/01/the-solarwinds-attack-a-modern-day-pearl-habor/

Finding Targeted SUNBURST Victims with pDNS (4 jan)
https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS

Microsoft doesn’t treat its source code like a trade secret. Is that smart? (4 jan)
https://www.scmagazine.com/home/security-news/data-breach/microsoft-doesnt-treat-its-source-code-like-a-trade-secret-is-that-smart/

SolarWinds: The more we learn, the worse it looks (4 jan)
https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise (6 jan)
https://us-cert.cisa.gov/ncas/current-activity/2021/01/06/cisa-updates-emergency-directive-21-01-supplemental-guidance-and

How to prepare for and respond to a SolarWinds-type attack (6 jan)
https://www.csoonline.com/article/3602588/how-to-prepare-for-and-respond-to-a-solarwinds-type-attack.html

SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes (6 jan)
https://securityaffairs.co/wordpress/113108/data-breach/solarwinds-hackers-o365-mailboxes.html

Informationssäkerhet och blandat

The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit (20 dec)
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Trucking giant Forward Air hit by new Hades ransomware gang (21 dec)
https://www.bleepingcomputer.com/news/security/trucking-giant-forward-air-hit-by-new-hades-ransomware-gang/

Farmers get their own security advice as cyberattacks increase (22 dec)
https://www.zdnet.com/article/farmers-get-their-own-security-advice-as-cyberattacks-increase/

U.S. Government Warns of Phishing, Fraud Schemes Using COVID-19 Vaccine Lures (22 dec)
https://www.securityweek.com/us-government-warns-phishing-fraud-schemes-using-covid-19-vaccine-lures

Cyberattack mot riksdagen utreds som spionage (28 dec)
https://www.hbl.fi/artikel/riksdagen-utsatt-for-cyberattack-garningen-har-inte-varit-slumpmassig-eller-ett-misstag/ .. https://www.eduskunta.fi/EN/tiedotteet/Pages/Cyberattack-against-Parliament-of-Finland.aspx .. https://poliisi.fi/sv/-/centralkriminalpolisen-utreder-dataintrang-mot-riksdagens-datasystem .. https://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/

Germany: ‘Colossal’ cyberattack knocks out Funke news group (29 dec)
https://www.dw.com/en/germany-colossal-cyberattack-knocks-out-funke-news-group/a-56087804

The strangest cybersecurity events of 2020: a look back (31 dec)
https://blog.malwarebytes.com/security-world/2020/12/the-strangest-cybersecurity-events-of-2020-a-look-back/

Threat actor is selling 368.8 million records from 26 data breaches (31 dec)
https://securityaffairs.co/wordpress/112842/data-breach/data-breaches-records-sale.html

Beware: PayPal phishing texts state your account is ‘limited’ (3 jan)
https://www.bleepingcomputer.com/news/security/beware-paypal-phishing-texts-state-your-account-is-limited/

Top data breaches of 2020 – Security Affairs (3 jan)
https://securityaffairs.co/wordpress/112954/data-breach/top-10-data-breaches-2020.html

Musikorganisationen Sami utsatt för hackerangrepp – 45.000 medlemmar kan vara drabbade (4 jan)
https://www.dn.se/kultur/musikorganisationen-sami-utsatt-for-hackerangrepp-45-000-medlemmar-kan-vara-drabbade/ .. https://www.sami.se/2021/01/dataintrang/

Understanding the impact of cyber breaches on the Pentagon (4 jan)
https://govmatters.tv/understanding-the-impact-of-cyber-breaches-on-the-pentagon/

Fourth breach at T-Mobile puts focus on security post mergers (4 jan)
https://www.scmagazine.com/home/security-news/mobile-security/fourth-breach-at-t-mobile-puts-focus-on-security-of-post-mergers/

Cybercriminals use psychology–cybersecurity pros should, too (5 jan)
https://www.techrepublic.com/article/cybercriminals-use-psychology-cybersecurity-pros-should-too/

After widespread hospital attacks, targeting of health care industry continues to rise (5 jan)
https://www.scmagazine.com/home/security-news/after-widespread-hospital-attacks-targeting-of-health-care-industry-continues-to-rise/

Survey says, women in cyber make 31 percent less than men (5 jan)
https://www.scmagazine.com/women-in-it-security/survey-says-women-in-cyber-make-31-percent-less-than-men/

Rioters Open Capitol’s Doors to Potential Cyberthreats (6 jan)
https://www.bankinfosecurity.com/rioters-open-capitols-doors-to-potential-cyberthreats-a-15715

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess (7 jan)
https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/

Hospitals under siege: 5 ways to boost cybersecurity as the COVID-19 vaccine rolls out (7 jan)
https://www.helpnetsecurity.com/2021/01/07/hospitals-under-siege/

CERT-SE i veckan

Kritisk sårbarhet i Zyxel-produkter