CERT-SE:s veckobrev v.15
Ransomware drabbar många branscher och i veckans nyhetssvep kan du ta del av hur såväl rederier som ostälskare drabbas av dessa attacker. Plus det senaste om läckorna från diverse sociala plattformar och en sammanställning av vilka konsekvenser pandemin haft på cybersäkerheten i Sverige. Och en glad nyhet om cyberförsvarsövningen Locked Shields, där det svenska laget placerade sig överst på prispallen. Trevlig helg önskar CERT-SE!
Nyheter i veckan
OMX 30 – Ny unik undersökning om cyberbrott (31 mar) https://www.svensktnaringsliv.se/sakomraden/sakerhet-och-risk/omx-30-ny-unik-undersokning-om-cyberbrott_1168785.html
A very modern form of piracy: Cybercrime against the shipping industry – Part 2: Ransomware (7 apr) https://www.clydeco.com/en/insights/2021/04/a-very-modern-form-of-piracy-cybercrime-against-th
Nation States, Cyberconflict and the Web of Profit (8 apr) https://threatresearch.ext.hp.com/web-of-profit-nation-state-report/
Pwn2Own 2021 hacking contest ends with a three-way tie (8 apr) https://therecord.media/pwn2own-2021-hacking-contest-ends-with-a-three-way-tie/ .. Ny sårbarhet i Zoom medger Remote Code Execution (RCE) (9 apr) https://kryptera.se/ny-sarbarhet-i-zoom-medger-remote-code-execution-rce/
UK businesses are being hit with thousands of new cyberattacks each day (9 apr) https://www.itproportal.com/news/uk-businesses-are-being-hit-with-thousands-of-new-cyberattacks-each-day/
Maze/Egregor ransomware cartel estimated to have made $75 million (9 apr) https://therecord.media/maze-egregor-ransomware-cartel-estimated-to-have-made-75-million/
SAP: Det tar cirka 72 timmar för hackare att göra om våra patchar till vapen (9 apr) https://computersweden.idg.se/2.2683/1.749248/sap-72-timmar-fran-patch-till-attack .. https://onapsis.com/active-cyberattacks-mission-critical-sap-applications
Android malware found on Huawei’s official app store (9 apr) https://therecord.media/android-malware-found-on-huaweis-official-app-store/
Microsoft: Malware gang uses website contact forms for distribution (10 apr) https://therecord.media/microsoft-malware-gang-uses-website-contact-forms-for-distribution/
New REvil Ransomware Version Automatically Logs Windows into Safe Mode (11 apr) https://www.ehackingnews.com/2021/04/new-revil-ransomware-version.html
Cyberattacks are the number-one threat to the global financial system, Fed chair says (12 apr) https://edition.cnn.com/2021/04/12/business/jerome-powell-cyberattacks-global-threat/index.html
Security researcher drops Chrome and Edge exploit on Twitter (12 apr) https://therecord.media/security-researcher-drops-chrome-and-edge-zero-day-on-twitter/
‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails (12 apr) https://therecord.media/they-knew-i-was-running-late-to-meetings-former-dhs-chief-on-reports-that-solarwinds-hackers-targeted-his-emails/
Google URLs are being used to disguise malware sent through contact forms (12 apr) https://www.techradar.com/news/google-urls-are-being-used-to-disguise-malware-sent-through-contact-forms
Son of Stuxnet? (12 apr) https://gizmodo.com/son-of-stuxnet-1846661852
How ransomware gangs are connected, sharing resources and tactics (13 apr) https://blog.malwarebytes.com/ransomware/2021/04/how-ransomware-gangs-are-connected-and-sharing-resources-and-tactics/
Tomma ostdiskar efter ransomwareattack (13 apr) https://computersweden.idg.se/2.2683/1.749452/tomma-ostdiskar-efter-ransomwareattack
March 2021’s Most Wanted Malware: IcedID Banking Trojan Enters Top 10 Following Covid-Related Campaign (13 apr) https://blog.checkpoint.com/2021/04/13/march-2021s-most-wanted-malware-icedid-banking-trojan-enters-top-10-following-covid-related-campaign/
FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins (14 apr) https://www.theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/
FireEye: More than 1,900 distinct hacking groups are active today (14 apr) https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/
The FBI got a court order to delete backdoors from hacked Exchange servers (14 apr) https://www.engadget.com/fbi-hafnium-exchange-server-060721872.html
IcedID malware gang positioning itself as one of the Emotet replacements (14 apr) https://therecord.media/icedid-malware-gang-positioning-itself-as-one-of-the-emotet-replacements/
New Linux research division launches to explore open source ecosystems (14 apr) https://sdtimes.com/open-source/new-linux-research-division-launches-to-explore-open-source-ecosystems/
Cyberhotet underskattas (14 apr) https://www.offentligaaffarer.se/2021/04/14/cyberhotet-underskattas/
DDoS attacks increased by 20% in 2020, meaning everyone should consider themselves at risk (14 apr) https://www.techrepublic.com/article/ddos-attacks-increased-by-20-in-2020-meaning-everyone-should-consider-themselves-at-risk/
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks (15 apr) https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied
CISA and CNMF Analysis of SolarWinds-related Malware (15 apr) https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/cisa-and-cnmf-analysis-solarwinds-related-malware
Microsoft Continues to be Most Imitated Brand for Phishing Attempts in Q1 2021 (15 apr) https://blog.checkpoint.com/2021/04/15/microsoft-continues-to-be-most-imitated-brand-for-phishing-attempts-in-q1-2021/
It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US (15 apr) https://www.theregister.com/2021/04/15/solarwinds_hack_russia_apt29_positive_technologies_sanctions/
SolarWinds hack affected six EU agencies (15 apr) https://therecord.media/solarwinds-hack-affected-six-eu-agencies/
Celsius email system breach leads to phishing attack on customers (15 apr) https://www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/
IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain (15 apr) https://www.securityweek.com/ibm-44-organizations-targeted-attacks-aimed-covid-19-vaccine-cold-chain
Hackare försöker förgifta sökmotorer med över 100 000 skadliga webbsidor (16 apr) https://computersweden.idg.se/2.2683/1.749568/hackare-dumpar-over-100-000-sidor-skadliga-pdfs-pa-webben
Informationssäkerhet och blandat
Implementing Cybersecurity Best Practices (9 apr) https://www.bankinfosecurity.com/interviews/implementing-cybersecurity-best-practices-i-4864
Sårbara vpn-servrar används i ny gisslanattack (9 apr) https://computersweden.idg.se/2.2683/1.749249/cyberkriminella-gar-efter-sarbara-vpn
LinkedIn confirms leak of 500 million profiles online, maintains incident was not a breach (9 apr) https://www.scmagazine.com/home/security-news/phishing/linkedin-confirms-leak-of-500-million-profiles-online-maintains-incident-was-not-a-breach/
Visa Describes New Skimming Attack Tactics (9 apr) https://www.bankinfosecurity.com/visa-describes-new-skimming-attack-tactics-a-16372
Anställd hos polisen döms för dataintrång (10 apr) https://sverigesradio.se/artikel/anstalld-hos-polisen-doms-for-dataintrang
LinkedIn denies 500 million user data breach (11 apr) https://therecord.media/linkedin-denies-500-million-user-data-breach/
It-säkerhetsexpert: Svenska politiker och kändisar drabbade i Facebookläckan (11 apr) https://www.svt.se/nyheter/inrikes/it-sakerhetsexpert-svenska-politiker-och-kandisar-drabbade-i-facebooklackan
Så använder cyberkriminella dina uppgifter (11 apr) https://www.svt.se/nyheter/inrikes/sa-anvander-hackare-dina-uppgifter
Israel pekas ut för attacken mot Irans kärnanläggning (11 apr) https://www.dn.se/varlden/iran-pekar-ut-terrorister-bakom-olycka-pa-karnanlaggning/
The Story of the EC-Council Gender Survey Scandal: Survey Creator Says “It Was Written by Women so it Can’t be Sexist” (11 apr) https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/
Scraped data of 1.3 million Clubhouse users published online (12 apr) https://www.hackread.com/scraped-clubhouse-database-leaked-online/
White House announces leadership picks for CISA and National Cyber Director role (12 apr) https://therecord.media/white-house-announces-leadership-picks-for-cisa-and-national-cyber-director-role/
Check Point’s Mobile Security Report 2021: Almost Every Organization Experienced a Mobile-related Attack in 2020 (12 apr) https://blog.checkpoint.com/2021/04/12/check-points-mobile-security-report-2021-almost-every-organization-experienced-a-mobile-related-attack-in-2020/
Kommunen polisanmäler dataintrång (13 apr) https://sverigesradio.se/artikel/kommunen-polisanmaler-dataintrang
McAfee reports 648 cyber security threats per minute in Q4 (13 apr) https://infotechlead.com/security/mcafee-reports-648-cyber-security-threats-per-minute-in-q4-66170
Grovt ryskt dataintrång mot RF – förundersökning läggs ned (13 apr) https://www.dn.se/sport/grovt-ryskt-dataintrang-mot-rf-forundersokning-laggs-ner/ .. Ryssland om cyberattackerna: ”Vi ska titta på det” (14 apr) https://www.dn.se/sport/ryssland-om-cyberattackerna-vi-ska-titta-pa-det/ .. Sweden: Russians Behind Sports Confederation Hack (14 apr) https://www.govinfosecurity.com/sweden-russians-behind-sports-confederation-hack-a-16404
Singapore’s deputy cyber chief on how the city-state became a laboratory for security initiatives (14 apr) https://therecord.media/singapores-deputy-cyber-chief-on-how-the-city-state-became-a-laboratory-for-security-initiatives/
Ireland opens GDPR investigation into Facebook leak (14 apr) https://techcrunch.com/2021/04/14/ireland-opens-gdpr-investigation-into-facebook-leak/ .. Facebook faces investigation over data breach (15 apr) https://www.bbc.com/news/technology-56745734
Twitter will study ‘unintentional harms’ caused by its algorithms (14 apr) https://www.engadget.com/twitter-will-study-algorithms-for-unintentional-harm-182722681.html .. Twitter Is Ramping Up Its Initiative To Stop Harm Caused By Its AI (14 apr) https://www.androidheadlines.com/2021/04/twitter-ai-algorithms-bias-initiative-rmli.html
Dataintrång i patientjournaler polisanmäls (14 apr) https://sverigesradio.se/artikel/dataintrang-i-patientjournaler-polisanmals
Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested (14 apr) https://www.securityweek.com/cybersecurity-vc-funding-hit-record-2020-78-billion-invested
University of Hertfordshire’s entire IT system offline after cyber attack (15 apr) https://www.itpro.co.uk/security/cyber-attacks/359222/university-of-hertfordshire-hit-by-cyber-attack
DNI’s Annual Threat Assessment (15 apr) https://www.schneier.com/blog/archives/2021/04/dnis-annual-threat-assessment.html
Stockholms stad polisanmäler Öppna skolplattformen för dataintrång (15 apr) https://computersweden.idg.se/2.2683/1.749563/stockholms-stad-polisanmaler-oppna-skolplattformen-for-dataintrang
Cybersäkerhet i pandemitider (16 apr) https://www.msb.se/sv/aktuellt/nyheter/2021/april/rapport-om-cybersakerhet-i-pandemitider/
Sweden Scored Highest at the Cyber Defence Exercise Locked Shields 2021 (16 apr) https://ccdcoe.org/news/2021/sweden-scored-highest-at-the-cyber-defence-exercise-locked-shields-2021/
CERT-SE i veckan
Kritiska sårbarheter i Juniper-produkter