CERT-SE:s veckobrev v.5

Denna veckan blir det ransomware och några incidenter. Dessutom fortsätter rapporteringen om SolarWinds och MSB har släppt statliga myndigheters it-incidentrapportering 2020.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

The rise of ransomware (29 jan) https://www.ncsc.gov.uk/blog-post/rise-of-ransomware

Danske energiselskaber ramt af cyberangreb (30 jan) https://jyllands-posten.dk/indland/ECE12722218/danske-energiselskaber-ramt-af-cyberangreb/ .. Danska energibolag drabbade i omfattande hackerangrepp (1 feb) https://www.nyteknik.se/sakerhet/danska-energibolag-drabbade-i-omfattande-hackerangrepp-7008848

Cyberspies Delivered Malware to Gamers via Supply Chain Attack (1 feb) https://www.securityweek.com/cyberspies-delivered-malware-gamers-supply-chain-attack

Hijacked Perl.com Domain Hosted on IP Address Linked to Malicious Activity (1 feb) https://www.securityweek.com/hijacked-perlcom-domain-hosted-ip-address-linked-malicious-activity

CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds (1 feb) https://www.securityweek.com/cisa-says-many-victims-solarwinds-hackers-had-no-direct-link-solarwinds

British Mensa website hacked after directors quit over ‘data protection failures’ (1 feb) https://portswigger.net/daily-swig/british-mensa-website-hacked-after-directors-quit-over-data-protection-failures

Exposed Azure bucket leaked passports, IDs of volleyball reporters (1 feb) https://www.bleepingcomputer.com/news/security/exposed-azure-bucket-leaked-passports-ids-of-volleyball-reporters/

Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks (2 feb) https://www.zdnet.com/article/ransomware-gangs-are-abusing-vmware-esxi-exploits-to-encrypt-virtual-hard-disks/

Ransomware payments are going down as more victims decide not to pay up (2 feb) https://www.zdnet.com/article/ransomware-payments-are-going-down-as-more-victims-decide-not-to-pay-up/

Kobalos – A complex Linux threat to high performance computing infrastructure (2 feb) https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/

Cyberattack läckte data om 1,6 miljoner amerikaner (3 feb) https://computersweden.idg.se/2.2683/1.746324/cyberattack-data-washington

Recent root-giving Sudo bug also impacts macOS (3 feb) https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/

Lack of visibility into remote endpoints leaves companies vulnerable to ransomware (3 feb) https://www.helpnetsecurity.com/2021/02/03/remote-endpoints-visibility/

Major Vulnerabilities discovered and patched in Realtek RTL8195A Wi-Fi Module (3 feb) https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered

Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains (4 feb) https://blog.chainalysis.com/reports/ransomware-connections-maze-egregor-suncrypt-doppelpaymer

Trucking Giant Says Ransomware Attack Had $7.5M Impact (4 feb) https://www.securityweek.com/trucking-giant-says-ransomware-attack-had-75m-impact

Android devices ensnared in DDoS botnet (4 feb) https://www.zdnet.com/article/android-devices-ensnared-in-ddos-botnet

Informationssäkerhet och blandat

Fake Office 365 Used for Phishing Attacks on C-Suite Targets (25 jan) https://www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html

A deeper dive into our May 2019 security incident (25 jan) https://stackoverflow.blog/2021/01/25/a-deeper-dive-into-our-may-2019-security-incident/

Post Office Phishing Hits Credit Card Users in 26 Countries (26 jan) https://www.trendmicro.com/en_us/research/21/a/post-office-phishing-hits-credit-card-users-in-26-countries.html

Läste i patientjournal – Region Gävleborg polisanmäler (29 jan) https://www.svt.se/nyheter/lokalt/gavleborg/anstalld-vid-region-gavleborg-polisanmald-laste-i-patientjournaler

Trickbot masrv Module (1 feb) https://www.kryptoslogic.com/blog/2021/02/trickbot-masrv-module/

Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests (3 feb) https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/

SOLARWINDS – A SANS Lightning Summit (4 feb) https://www.youtube.com/watch?v=4X7CDAOPtIs

Statliga myndigheters it-incidentrapportering 2020 https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/it-incidentrapportering-for-statliga-myndigheter/it-incidentrapportering-2020

Business-Email-Compromise-Guide https://github.com/PwC-IR/Business-Email-Compromise-Guide

CERT-SE i veckan

Kritiska sårbarheter i Cisco Small Business routrarKritisk zero day-sårbarhet i SonicWall SMA 100 Series 10.X (Uppdaterad)