CERT-SE:s veckobrev v.50
Samtidigt som världen kraftsamlar för att hantera sårbarheten Log4Shell fortsätter den vanliga angreppen med oförminskad styrka. Veckans nyhetsbrev är fullt med exempel på lyckade intrång som fått stora verksamhetskonsekvenser. CERT-SE har publicerat två artiklar om Log4Shell som uppdateras löpande.
Det är oerhört viktigt att sårbarheten hanteras omgående. CERT-SE:s bedömning är att det bara är en tidsfråga innan vi kommer se flera fall av lyckade intrång. Ni hittar artiklarna längst ner i veckobrevet.
Nästa vecka kommer veckobrevet ut lite tidigare i veckan. Därefter tar vi uppehåll till den 14 januari.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Powerful but short-lived: one third of phishing pages cease to be active after a day (9 dec)
https://www.kaspersky.com/about/press-releases/2021_powerful-but-short-lived-one-third-of-phishing-pages-cease-to-be-active-after-a-day
Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes (10 dec)
https://www.zdnet.com/article/brazilian-ministry-of-health-suffers-cyberattack-and-covid-19-vaccination-data-vanishes/
Brazilian Ministry of Health hit by second cyberattack in less than a week (14 dec)
https://www.zdnet.com/article/brazilian-ministry-of-health-hit-by-second-cyberattack-in-less-than-a-week/
Notice of cyber security breach by third party (10 dec)
https://www.media.volvocars.com/global/en-gb/media/pressreleases/292817/notice-of-cyber-security-breach-by-third-party-1
Microsoft launches center for reporting malicious drivers (10 dec)
https://therecord.media/microsoft-launches-center-for-reporting-malicious-drivers/
Ransomwared payroll provider leaks data on 38,000 Australian government workers (10 dec)
https://www.theregister.com/2021/12/10/frontier_software_ransomware_incindent/
German logistics giant Hellmann reports cyberattack (10 dec)
https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/
Kronos ransomware attack may cause weeks of HR solutions downtime (13 dec)
https://www.bleepingcomputer.com/news/security/kronos-ransomware-attack-may-cause-weeks-of-hr-solutions-downtime/
UKG expects weeks of downtime after ransomware attack (13 dec)
https://therecord.media/ukg-expects-weeks-of-downtime-after-ransomware-attack/
Arrest in Romania of a ransomware affiliate scavenging for sensitive data (13 dec)
https://www.europol.europa.eu/media-press/newsroom/news/arrest-in-romania-of-ransomware-affiliate-scavenging-for-sensitive-data
Germany jails operators of ‘cyberbunker’ darknet hub (13 dec)
https://www.thelocal.de/20211213/germany-jails-operators-of-cyberbunker-darknet-hub/
Hundreds of SPAR stores forced to shut following a major cyber incident (13 dec)
https://www.teiss.co.uk/spar-supermarket-cyber-incident/
”Tidsfråga innan system slås ut” – stora brister i Malmö stads IT-säkerhet (15 dec)
https://www.svt.se/nyheter/lokalt/skane/malmo-stads-it-system-kan-slas-ut-bara-en-tidsfraga
Storbank saknar ett av grundskydden mot bluffmejl (15 dec)
https://sverigesradio.se/artikel/storbank-saknar-grundskydd-mot-bluffmejl
Fyra myndigheter kan bli statens it-jättar (15 dec)
https://www.svd.se/fyra-myndigheter-kan-bli-statens-it-jattar
Slutbetänkande av It-driftsutredningen (15 dec)
https://www.regeringen.se/rattsliga-dokument/statens-offentliga-utredningar/2021/12/sou-202197/
Emotet starts dropping Cobalt Strike again for faster attacks (15 dec)
https://www.bleepingcomputer.com/news/security/emotet-starts-dropping-cobalt-strike-again-for-faster-attacks/
Svenska företag betalar allt mer till hackare (16 dec)
https://www.svt.se/nyheter/inrikes/svenska-foretag-betalar-allt-mer-till-hackare
It-attack mot Kalix: ”Kan utvidgas till fler kommuner” (16 dec)
https://www.dn.se/sverige/it-attack-mot-kalix-kan-utvidgas-till-fler-kommuner/
Säkerhetsexperten om it-attacken i Kalix: Betala inte lösen – risk att bli attackerad igen (16 dec)
https://www.svt.se/nyheter/lokalt/norrbotten/sakerhetsexperten-om-it-attacken-i-kalix-betala-inte-losen-risk-att-bli-attackerad-igen
It-attack lamslår Kalix: ”Inte en chans att vi betalar lösesumman” (16 dec)
https://www.svt.se/nyheter/lokalt/norrbotten/driftstorning-staller-till-det-rejalt-i-kalix-det-har-som-vi-fruktat-allra-mest
This company was hit with ransomware, but didn’t have to pay up. Here’s how they did it (17 dec)
https://www.zdnet.com/article/this-company-was-hit-with-ransomware-but-didnt-have-to-pay-up-heres-how-they-did-it/
Log4Shell
What’s the Deal with the Log4Shell Security Nightmare? (10 dec)
https://www.lawfareblog.com/whats-deal-log4shell-security-nightmare
‘The Internet Is on Fire’ (12 dec)
https://www.wired.com/story/log4j-flaw-hacking-internet/
Log4Shell explained – how it works, why you need to know, and how to fix it (13 dec)
https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/
Miljontals it-system drabbade av stor säkerhetslucka (13 dec)
https://sverigesradio.se/artikel/miljontals-it-system-drabbade-av-stor-sakerhetslucka
Log4j RCE latest: In case you hadn’t noticed, this is Really Very Bad, exploited in the wild, needs urgent patching (13 dec)
https://www.theregister.com/2021/12/13/log4j_rce_latest/
The Log4J Vulnerability Will Haunt the Internet for Years (13 dec)
https://www.wired.com/story/log4j-log4shell/
CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices (13 dec)
https://www.cyberscoop.com/log4j-cisa-easterly-most-serious/
40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j (13 dec)
https://www.darkreading.com/application-security/40-of-corporate-networks-targeted-by-attackers-seeking-to-exploit-log4j
US warns Log4j flaw puts hundreds of millions of devices at risk (14 dec)
https://www.zdnet.com/article/log4j-flaw-puts-hundreds-of-millions-of-devices-at-risk-says-us-cybersecurity-agency/
MSB går ut med extra varning om Log4j-hålet – fler måste agera (16 dec)
https://computersweden.idg.se/2.2683/1.760389/msb-larmar-igen–alla-it-ansvariga-maste-stoppa-log4shell
TellYouThePass ransomware via Log4Shell exploitation (16 dec)
https://www.curatedintel.org/2021/12/tellyouthepass-ransomware-via-log4shell.html
Log4j vulnerability: what should boards be asking? (17 dec)
https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking
Informationssäkerhet och blandat
Conti cyber attack on the HSE (3 dec)
https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf
The Graphoscope has been released (14 dec)
https://cert.lv/en/2021/12/the-graphoscope-has-been-released
Graphoscope på GitHub
https://github.com/cert-lv/graphoscopeGebyr til Grindr (15 dec)
Storbritanien: National Cyber Strategy 2022 (15 dec)
https://www.gov.uk/government/publications/national-cyber-strategy-2022/national-cyber-security-strategy-2022
Large-scale phishing study shows who bites the bait more often (15 dec)
https://www.bleepingcomputer.com/news/security/large-scale-phishing-study-shows-who-bites-the-bait-more-often/
Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
https://arxiv.org/pdf/2112.07498.pdf
Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions (16 dec)
https://research.checkpoint.com/2021/phorpiex-botnet-is-back-with-a-new-twizt-hijacking-hundreds-of-crypto-transactions/
PseudoManuscrypt: a mass-scale spyware attack campaign (16 dec)
https://ics-cert.kaspersky.com/reports/2021/12/16/pseudomanuscrypt-a-mass-scale-spyware-attack-campaign/
CERT-SE i veckan
Uppdatering om det allvarliga läget gällande sårbarheten i Log4j (“Log4Shell”)
BM21-004: Kritisk sårbarhet i vanligt förekommande Apache-biblioteket Log4j (uppdaterad 2021-12-17)
Adobes månatliga säkerhetsuppdateringar för december
Microsofts månatliga säkerhetsuppdateringar för december 2021