CERT-SE:s veckobrev v.36
Bekanta namn Babuk, Conti och REvil gör sig tyvärr påminda den här veckan. Vi informerar även om ny chef för Nationellt cybersäkerhetscenter, den största DDoS-attacken hittills, avslöjanden från en ransomwareförhandlare samt hur man bör prata cybersäkerhet med äldre släktingar.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Confessions of a ransomware negotiator: Well, somebody’s got to talk to the criminals holding data hostage (3 sept)
https://www.theregister.com/2021/09/03/how_to_be_a_ransomware/
Chinese hackers behind July 2021 SolarWinds zero-day attacks (3 sept)
https://therecord.media/chinese-hackers-behind-july-2021-solarwinds-zero-day-attacks/
Babuk ransomware’s full source code leaked on hacker forum (3 sept)
https://www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum/
Conti ransomware now hacking Exchange servers with ProxyShell exploits (3 sept)
https://www.bleepingcomputer.com/news/security/conti-ransomware-now-hacking-exchange-servers-with-proxyshell-exploits/
Conti ransomware gang is targeting unpatched Microsoft Exchange servers (5 sept)
https://siliconangle.com/2021/09/05/conti-ransomware-gang-targeting-unpatched-microsoft-exchange-servers/
Irish police seize Conti domains used in HSE ransomware attack (6 sept)
https://www.itpro.co.uk/security/ransomware/360786/irish-police-seize-conti-domains-used-in-hse-ransomware-attack
FBI Warns Ransomware Attack Could Disrupt Food Supply Chain (6 sept)
https://www.securityweek.com/fbi-warns-ransomware-attack-could-disrupt-food-supply-chain
Ransomware attacks increased by 288% in H1 2021 (6 sept)
https://www.helpnetsecurity.com/2021/09/06/ransomware-attacks-increased-2021/
Ransomware gangs target companies using these criteria (6 sept)
https://www.bleepingcomputer.com/news/security/ransomware-gangs-target-companies-using-these-criteria/
This is the perfect ransomware victim, according to cybercriminals (6 sept)
https://www.zdnet.com/article/this-is-the-perfect-ransomware-victim-according-to-cybercriminals/
Therese Naess blir chef för Nationellt cybersäkerhetscenter (7 sept)
https://www.forsvarsmakten.se/sv/aktuellt/2021/09/therese-naess-blir-chef-for-nationellt-cybersakerhetscenter/
Nu bygger vi det svenska ramverket för NIST – är du med oss? (7 sept)
https://www.sis.se/utbildningar/alla-utbildningar/nu-bygger-vi-det-svenska-ramverket-for-nist–ar-du-med-oss/
Bostäder i Borås utsatta för kryptovirus – “Utpressningssyfte” (7 sept)
https://sverigesradio.se/artikel/omfattande-dataintrang-pa-ab-bostader-paverkar-alla-hyresgaster
US Department of Justice to take bite out of cybercrime (7 sept)
https://blog.barracuda.com/2021/09/07/us-department-of-justice-to-take-bite-out-of-cybercrime/
–
https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-monaco-announces-creation-new-cyber-fellows-positions
REvil ransomware gang’s servers are mysteriously online again (7 sept)
https://securityaffairs.co/wordpress/121952/cyber-crime/revil-ransomware-gang-servers-back-online.html
Patch now? Why enterprise exploits are still partying like it’s 1999 (8 sept)
https://www.theregister.com/2021/09/08/patch_now_why_enterprise_exploits/
IoT Attacks Skyrocket, Doubling in 6 Months (8 sept)
https://threatpost.com/iot-attacks-doubling/169224/
Coops cio efter den stora it-attacken: ”Verkligheten något annat än träning” (8 sept)
https://cio.idg.se/2.1782/1.755436/coops-cio-efter-attacken-verkligheten-nagot-annat-an-traning
Diversity in cybersecurity is a ‘national security’ issue, congresswoman says (9 sept)
https://therecord.media/diversity-in-cybersecurity-is-a-national-security-issue/
More Detail on the Juniper Hack and the NSA PRNG Backdoor (9 sept)
https://www.schneier.com/blog/archives/2021/09/more-detail-on-the-juniper-hack-and-the-nsa-prng-backdoor.html
Stora störningar i vården – bokade norrbottningar uppmanades att stanna hemma (9 sept)
https://www.svt.se/nyheter/lokalt/norrbotten/stora-driftstorningar-paverkar-varden-i-norrbotten
KTH-professorn: ”Jag är rätt pessimistisk för framtiden inom cybersäkerhet” (9 sept)
https://www.nyteknik.se/sakerhet/kth-professorn-jag-ar-ratt-pessimistisk-for-framtiden-inom-cybersakerhet-7020504
National Cyber Director Sees Ransomware As Continuing Threat (9 sept)
https://www.bankinfosecurity.com/national-cyber-director-sees-ransomware-as-continuing-threat-a-17499
Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet (9 sept)
https://therecord.media/meet-meris-the-new-250000-strong-ddos-botnet-terrorizing-the-internet/
Russia’s Yandex says it repelled biggest DDoS attack in history (10 sept)
https://www.reuters.com/technology/russias-yandex-says-it-repelled-biggest-ddos-attack-history-2021-09-09/
Informationssäkerhet och blandat
Fired NY credit union employee nukes 21GB of data in revenge (1 sept)
https://www.bleepingcomputer.com/news/security/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge/
A Roadmap to Secure Connected Cars (2 sept)
https://www.trendmicro.com/vinfo/se/security/news/internet-of-things/a-roadmap-to-secure-connected-cars
Fed up with constant cyberattacks, one country is about to make some big changes (3 sept)
https://www.zdnet.com/article/fed-up-with-constant-cyberattacks-one-country-is-about-to-make-some-big-changes/
Småföretagen sämst rustade mot cyberattacker (3 sept)
https://www.di.se/nyheter/smaforetagen-samst-rustade-mot-cyberattacker/
Kriminalvårdare misstänks för dataintrång (4 sept)
https://sverigesradio.se/artikel/kriminalvardare-misstanks-for-dataintrang
Protonmail lämnade ut aktivists IP-adress (6 sept)
https://nikkasystems.com/2021/09/06/protonmail-lamnade-ut-aktivists-ip-adress/
Enterprises are missing the warning signs of insider threats (6 sept)
https://www.helpnetsecurity.com/2021/09/06/insider-threats-warning-signs/
Healthcare cybersecurity under attack: How the pandemic affected rural hospitals (6 sept)
https://www.helpnetsecurity.com/2021/09/06/rural-hospitals-cybersecurity/
The Latest Work from the SEI: Coordinated Vulnerability Disclosure, Cybersecurity Research, Cyber Risk and Resilience, and the Importance of Fostering Diversity in Software Engineering (6 sept)
https://insights.sei.cmu.edu/blog/the-latest-work-from-the-sei-coordinated-vulnerability-disclosure-cybersecurity-research-cyber-risk-and-resilience-and-the-importance-of-fostering-diversity-in-software-engineering/
Government cyber security agency CERT NZ says a distributed denial of service attack is targeting a number of New Zealand organisations (8 sept)
https://www.interest.co.nz/index.php/news/112157/government-cyber-security-agency-cert-nz-says-%C2%A0distributed-denial-service-attack
Enhancing cybersecurity skills for the entire workforce must be a priority for cyber-resilience (8 sept)
https://www.techrepublic.com/article/enhancing-cybersecurity-skills-for-the-entire-workforce-must-be-a-priority-for-cyber-resilience/
MSB ska förbereda nationellt samordningscenter för cybersäkerhetsforskning och innovation (9 sept)
https://www.mynewsdesk.com/se/msb/pressreleases/msb-ska-foerbereda-nationellt-samordningscenter-foer-cybersaekerhetsforskning-och-innovation-3125556
Hälsomyndigheten hackad efter VM-kvalstrulet (9 sept)
https://www.svd.se/halsomyndigheten-hackad-efter-vm-kvalstrulet
HP Wolf Security Rebellions and Rejections Report Uncovers Remote Workforce Security Trends (9 sept)
https://threatresearch.ext.hp.com/hp-wolf-security-rebellions-and-rejections-report/
How to Talk to Your Grandparents About Cybersecurity (9 sept)
https://www.mcafee.com/blogs/enterprise/how-to-talk-to-your-grandparents-about-cybersecurity/
United Nations Says Intruders Breached Its Systems (10 sept)
https://www.healthcareinfosecurity.com/united-nations-says-intruders-breached-its-systems-a-17503