CERT-SE:s veckobrev v.19
Även detta veckobrev domineras av ransomware, framför allt cyberattacken mot oljeledningen i USA och vilka följder den får. I övrigt finns en hel del läsvärda artiklar om allt från etiska hackare till om huruvida cybersäkerhet bör läras ut till barn i lågstadieåldern.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Experter varnar för våg av deepfake-attacker (4 maj)
https://computersweden.idg.se/2.2683/1.750462/experter-varnar-for-vag
Cyberattack mot Belgien – myndigheter slogs ut (5 maj)
https://computersweden.idg.se/2.2683/1.750502/cyberattack-mot-belgien
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software (6 maj)
https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/
Joint advisory: Further TTPs associated with SVR cyber actors (7 maj)
https://www.ncsc.gov.uk/news/joint-advisory-further-ttps-associated-with-svr-cyber-actors
..
FactSheet: Russian SVRActivitiesRelated to SolarWinds Compromise (7 maj)
https://us-cert.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Russian_SVR_Activities_Related_to_SolarWinds_Compromise_508C.pdf
Cuba Ransomware partners with Hancitor for spam-fueled attacks (7 maj)
https://www.bleepingcomputer.com/news/security/cuba-ransomware-partners-with-hancitor-for-spam-fueled-attacks/
Insurer AXA says it will no longer cover ransomware payments in France (7 maj)
https://hotforsecurity.bitdefender.com/blog/insurer-axa-says-it-will-no-longer-cover-ransomware-payments-in-france-25793.html
DevOps is getting code released faster than ever. But security is lagging behind (7 maj)
https://www.techrepublic.com/article/devops-is-getting-code-released-faster-than-ever-but-security-is-lagging-behind/
Google will make you use two-step verification to login (7 maj)
https://www.theregister.com/2021/05/07/google_password_purge/
Millions put at risk by old, out of date routers (7 maj)
https://blog.malwarebytes.com/awareness/2021/05/millions-put-at-risk-by-old-out-of-date-routers/
SolarWinds says fewer than 100 customers were impacted by supply chain attack (8 maj)
https://therecord.media/solarwinds-says-fewer-than-100-customers-were-impacted-by-supply-chain-attack/
An Award-Winning iPhone Hack Used by China to Spy on Uyghur Muslims (9 maj)
https://www.ehackingnews.com/2021/05/an-award-winning-iphone-hack-used-by.html
Amazon Fake Reviews Scam Exposed in Data Breach (9 maj)
https://www.ehackingnews.com/2021/05/amazon-fake-reviews-scam-exposed-in.html
Thousands of Tor exit nodes attacked cryptocurrency users over the past year (9 maj)
https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year/
Regeringens säkra nät får fler användare (10 maj)
https://www.securityuser.com/se/Nyheter/Samhalle/fler-anvandare-sakra-regeringens-intranat1
Defending against Windows RDP attacks (10 maj)
https://www.helpnetsecurity.com/2021/05/10/windows-rdp-attacks/
A picture is worth a thousand words, but to hackers, it’s worth much more (10 maj)
https://www.helpnetsecurity.com/2021/05/10/image-steganography/
Wave of Avaddon ransomware attacks triggers ACSC, FBI warning (10 maj)
https://therecord.media/wave-of-avaddon-ransomware-attacks-triggers-acsc-fbi-warning/
New method to protect critical infrastructures against cyberattacks (10 maj)
https://www.chalmers.se/en/departments/cse/news/Pages/PASAD-.aspx
City of Tulsa Struck by Ransomware Attack (10 maj)
https://hotforsecurity.bitdefender.com/blog/city-of-tulsa-struck-by-ransomware-attack-25798.html
Mikael Damberg och Peter Hultqvist träffar vinnarna i en internationell cybersäkerhetstävling (11 maj)
https://www.regeringen.se/artiklar/2021/05/mikael-damberg-och-peter-hultqvist-traffar-vinnarna-i-en-internationell-cybersakerhetstavling/
Facebook banned from processing WhatsApp user data in Germany (11 maj)
https://thenextweb.com/news/german-regulator-bans-facebook-from-processing-whatsapp-user-data
USA:s försvarsdepartement utökar sitt program för etiska hackare (11 maj)
https://computersweden.idg.se/2.2683/1.750768/usas-forsvarsdepartement-utokar-sitt-program-for-etiska-hackare
Ransomware tracker: Threat groups focus on vulnerable targets (11 maj)
https://therecord.media/ransomware-tracker-threat-groups-focus-on-vulnerable-targets/
A Closer Look at the DarkSide Ransomware Gang (11 maj)
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
A defender’s view inside a DarkSide ransomware attack (11 maj)
https://news.sophos.com/en-us/2021/05/11/a-defenders-view-inside-a-darkside-ransomware-attack/
Shining a Light on DARKSIDE Ransomware Operations (11 maj)
https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
Github tänker ersätta lösenord med säkerhetsnycklar (11 maj)
https://computersweden.idg.se/2.2683/1.750809/github-tanker-ersatta-losenord-med-sakerhetsnycklar
Security keys are now supported for SSH Git operations (10 maj)
https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/
Var fjärde utgångsrelä för Tor spionerade på användares aktivitet (11 maj)
https://computersweden.idg.se/2.2683/1.750765/var-fjarde-utgangsrela-for-tor-spionerade-pa-anvandares-aktivitet
Threat Actor Compromised More than 25 Percent of Tor Network Relays, Research Shows (11 maj)
https://hotforsecurity.bitdefender.com/blog/threat-actor-compromised-more-than-25-percent-of-tor-network-relays-research-shows-25805.html
Active Cyber Defence (ACD) - the fourth year (10 maj)
https://www.ncsc.gov.uk/report/acd-report-year-four
Send My: Arbitrary data transmission via Apple’s Find My network (12 maj) https://positive.security/blog/send-my
Conti Ransomware (12 maj)
https://thedfirreport.com/2021/05/12/conti-ransomware/
UK government releases free cyber-threat warning tool at annual CyberUK conference (12 maj)
https://portswigger.net/daily-swig/uk-government-releases-free-cyber-threat-warning-tool-at-annual-cyberuk-conference
Ofwat reveals it has received 20,000 spam and phishing emails so far this year (13 maj)
https://www.tripwire.com/state-of-security/featured/muddy-waters-ofwat-received-20000-spam-and-phishing-emails/
Why MITRE ATT&CK matters—Choosing alert quality over quantity (13 maj)
https://blog.malwarebytes.com/malwarebytes-news/2021/05/why-mitre-attck-matters-choosing-alert-quality-over-quantity/
Privacy Breakdown of Mobile Phones (14 maj)
https://ssd.eff.org/en/playlist/privacy-breakdown-mobile-phones
Irish health service hit by cyber attack (14 maj)
https://www.bbc.com/news/world-europe-57111615
Researchers design a way to make encrypted keys harder to crack (14 maj)
https://www.helpnetsecurity.com/2021/05/14/encrypted-keys/
Attacken mot Colonial Pipelines
Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel (8 maj)
https://www.zdnet.com/article/colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45-of-east-coasts-fuel/
Pipeline cyberattack comes after years of government warnings (8 maj)
https://therecord.media/pipeline-cyberattack-comes-after-years-of-government-warnings/
Colonial Pipeline Struggles to Restart After Ransomware Attack (9 maj)
https://www.securityweek.com/colonial-pipeline-struggles-restart-after-ransomware-attack
FBI Statement on Network Disruption at Colonial Pipeline (9 maj)
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline
Cyberhotet större än någonsin (9 maj)
https://tt.omni.se/cyberhotet-storre-an-nagonsin/a/Vqm2bd
Cyberattack on US pipeline is linked to criminal gang (10 maj)
https://apnews.com/article/europe-hacking-government-and-politics-technology-business-333e47df702f755f8922274389b7e920
White House: Colonial should be its own ‘first line of defense’ against attacks (10 maj)
https://www.scmagazine.com/home/security-news/white-house-colonial-should-be-its-own-first-line-of-defense-against-attacks/
FBI confirmed that Darkside ransomware gang hit Colonial Pipeline (10 maj)
https://securityaffairs.co/wordpress/117760/security/colonial-pipeline-darkside.html
Ransomware Shuts Down US Pipeline (10 maj)
https://www.schneier.com/blog/archives/2021/05/ransomware-shuts-down-us-pipeline.html
US fuel pipeline hackers ‘didn’t mean to create problems’ (11 maj)
https://www.bbc.com/news/business-57050690
Energy Tech Firm Hit in Ransomware Attack (11 maj)
https://www.wsj.com/articles/energy-tech-firm-hit-in-ransomware-attack-11620764034
DarkSide’s Pipeline Ransomware Hit: Strictly Business? (11 maj)
https://www.bankinfosecurity.com/blogs/darksides-pipeline-ransomware-hit-strictly-business-p-3043
Nytt center ska bemöta cyberattacker mot Sverige (12 maj)
https://www.dn.se/ekonomi/nytt-center-ska-bemota-cyberattacker-mot-sverige/
How to prevent another Colonial Pipeline ransomware attack (12 maj)
https://www.techrepublic.com/article/how-to-prevent-another-colonial-pipeline-ransomware-attack/
Biden signs executive order to improve federal cybersecurity (12 maj)
https://thehill.com/policy/cybersecurity/553243-biden-signs-executive-order-to-improve-federal-cybersecurity-following
Executive Order on Improving the Nation’s Cybersecurity (12 maj)
https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Biden’s Cybersecurity Executive Order: 4 Key Takeaways (13 maj)
https://www.bankinfosecurity.com/bidens-cybersecurity-executive-order-4-key-takeaways-a-16592
Viktiga oljeledningen i gång igen – men fortsatt bensinbrist i flera delstater (13 maj)
https://www.dn.se/varlden/viktiga-oljeledningen-i-gang-igen-men-fortsatt-bensinbrist-i-flera-delstater/
Efter cyberattacken – miljoner utbetalt i lösensumma (13 maj)
https://sverigesradio.se/artikel/efter-hackerattacken-bolaget-har-betalt-losensumma
Colonial Pipeline paid close to $5 million in ransomware blackmail payment (13 maj)
https://www.zdnet.com/article/colonial-pipeline-paid-close-to-5-million-in-ransomware-blackmail-payment/
Colonial Pipeline Attack: ‘We’re Simply Unprepared’ (13 maj)
https://www.govinfosecurity.com/colonial-pipeline-attack-were-simply-unprepared-a-16581
Informationssäkerhet och blandat
Tesla Remotely Hacked from a Drone (4 maj)
https://www.schneier.com/blog/archives/2021/05/tesla-remotely-hacked-from-a-drone.html
The Wages of Password Re-use: Your Money or Your Life (4 maj)
https://krebsonsecurity.com/2021/05/the-wages-of-password-re-use-your-money-or-your-life/
Fertilitetsappar delar känsliga uppgifter: ”Mycket osäkert” (5 maj)
https://www.nyteknik.se/sakerhet/fertilitetsappar-delar-kansliga-uppgifter-mycket-osakert-7014346
Teaching Cybersecurity to Children (7 maj)
https://www.schneier.com/blog/archives/2021/05/teaching-cybersecurity-to-children.html
Cybersecurity and Compliance for Healthcare Organizations (9 maj)
https://www.tripwire.com/state-of-security/healthcare/cybersecurity-and-compliance-for-healthcare-organizations/
Train firm’s ‘worker bonus’ email is actually cybersecurity test (10 maj)
https://www.theguardian.com/uk-news/2021/may/10/train-firms-worker-bonus-email-is-actually-cyber-security-test
85% of Data Breaches Involve Human Interaction: Verizon DBIR (13 maj)
https://www.darkreading.com/operations/85–of-data-breaches-involve-human-interaction-verizon-dbir/d/d-id/1341012