CERT-SE:s veckobrev v.50

Veckobrev

Samtidigt som världen kraftsamlar för att hantera sårbarheten Log4Shell fortsätter den vanliga angreppen med oförminskad styrka. Veckans nyhetsbrev är fullt med exempel på lyckade intrång som fått stora verksamhetskonsekvenser. CERT-SE har publicerat två artiklar om Log4Shell som uppdateras löpande.

Det är oerhört viktigt att sårbarheten hanteras omgående. CERT-SE:s bedömning är att det bara är en tidsfråga innan vi kommer se flera fall av lyckade intrång. Ni hittar artiklarna längst ner i veckobrevet.

Nästa vecka kommer veckobrevet ut lite tidigare i veckan. Därefter tar vi uppehåll till den 14 januari.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Powerful but short-lived: one third of phishing pages cease to be active after a day (9 dec)
https://www.kaspersky.com/about/press-releases/2021_powerful-but-short-lived-one-third-of-phishing-pages-cease-to-be-active-after-a-day

Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes (10 dec)
https://www.zdnet.com/article/brazilian-ministry-of-health-suffers-cyberattack-and-covid-19-vaccination-data-vanishes/

Brazilian Ministry of Health hit by second cyberattack in less than a week (14 dec)
https://www.zdnet.com/article/brazilian-ministry-of-health-hit-by-second-cyberattack-in-less-than-a-week/

Notice of cyber security breach by third party (10 dec)
https://www.media.volvocars.com/global/en-gb/media/pressreleases/292817/notice-of-cyber-security-breach-by-third-party-1

Microsoft launches center for reporting malicious drivers (10 dec)
https://therecord.media/microsoft-launches-center-for-reporting-malicious-drivers/

Ransomwared payroll provider leaks data on 38,000 Australian government workers (10 dec)
https://www.theregister.com/2021/12/10/frontier_software_ransomware_incindent/

German logistics giant Hellmann reports cyberattack (10 dec)
https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/

Kronos ransomware attack may cause weeks of HR solutions downtime (13 dec)
https://www.bleepingcomputer.com/news/security/kronos-ransomware-attack-may-cause-weeks-of-hr-solutions-downtime/

UKG expects weeks of downtime after ransomware attack (13 dec)
https://therecord.media/ukg-expects-weeks-of-downtime-after-ransomware-attack/

Arrest in Romania of a ransomware affiliate scavenging for sensitive data (13 dec)
https://www.europol.europa.eu/media-press/newsroom/news/arrest-in-romania-of-ransomware-affiliate-scavenging-for-sensitive-data

Germany jails operators of ‘cyberbunker’ darknet hub (13 dec)
https://www.thelocal.de/20211213/germany-jails-operators-of-cyberbunker-darknet-hub/

Hundreds of SPAR stores forced to shut following a major cyber incident (13 dec)
https://www.teiss.co.uk/spar-supermarket-cyber-incident/

”Tidsfråga innan system slås ut” – stora brister i Malmö stads IT-säkerhet (15 dec)
https://www.svt.se/nyheter/lokalt/skane/malmo-stads-it-system-kan-slas-ut-bara-en-tidsfraga

Storbank saknar ett av grundskydden mot bluffmejl (15 dec)
https://sverigesradio.se/artikel/storbank-saknar-grundskydd-mot-bluffmejl

Fyra myndigheter kan bli statens it-jättar (15 dec)
https://www.svd.se/fyra-myndigheter-kan-bli-statens-it-jattar

Slutbetänkande av It-driftsutredningen (15 dec)
https://www.regeringen.se/rattsliga-dokument/statens-offentliga-utredningar/2021/12/sou-202197/

Emotet starts dropping Cobalt Strike again for faster attacks (15 dec)
https://www.bleepingcomputer.com/news/security/emotet-starts-dropping-cobalt-strike-again-for-faster-attacks/

Svenska företag betalar allt mer till hackare (16 dec)
https://www.svt.se/nyheter/inrikes/svenska-foretag-betalar-allt-mer-till-hackare

It-attack mot Kalix: ”Kan utvidgas till fler kommuner” (16 dec)
https://www.dn.se/sverige/it-attack-mot-kalix-kan-utvidgas-till-fler-kommuner/

Säkerhetsexperten om it-attacken i Kalix: Betala inte lösen – risk att bli attackerad igen (16 dec)
https://www.svt.se/nyheter/lokalt/norrbotten/sakerhetsexperten-om-it-attacken-i-kalix-betala-inte-losen-risk-att-bli-attackerad-igen

It-attack lamslår Kalix: ”Inte en chans att vi betalar lösesumman” (16 dec)
https://www.svt.se/nyheter/lokalt/norrbotten/driftstorning-staller-till-det-rejalt-i-kalix-det-har-som-vi-fruktat-allra-mest

This company was hit with ransomware, but didn’t have to pay up. Here’s how they did it (17 dec)
https://www.zdnet.com/article/this-company-was-hit-with-ransomware-but-didnt-have-to-pay-up-heres-how-they-did-it/

Log4Shell

What’s the Deal with the Log4Shell Security Nightmare? (10 dec)
https://www.lawfareblog.com/whats-deal-log4shell-security-nightmare

‘The Internet Is on Fire’ (12 dec)
https://www.wired.com/story/log4j-flaw-hacking-internet/

Log4Shell explained – how it works, why you need to know, and how to fix it (13 dec)
https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/

Miljontals it-system drabbade av stor säkerhetslucka (13 dec)
https://sverigesradio.se/artikel/miljontals-it-system-drabbade-av-stor-sakerhetslucka

Log4j RCE latest: In case you hadn’t noticed, this is Really Very Bad, exploited in the wild, needs urgent patching (13 dec)
https://www.theregister.com/2021/12/13/log4j_rce_latest/

The Log4J Vulnerability Will Haunt the Internet for Years (13 dec)
https://www.wired.com/story/log4j-log4shell/

CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices (13 dec)
https://www.cyberscoop.com/log4j-cisa-easterly-most-serious/

40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j (13 dec)
https://www.darkreading.com/application-security/40-of-corporate-networks-targeted-by-attackers-seeking-to-exploit-log4j

US warns Log4j flaw puts hundreds of millions of devices at risk (14 dec)
https://www.zdnet.com/article/log4j-flaw-puts-hundreds-of-millions-of-devices-at-risk-says-us-cybersecurity-agency/

MSB går ut med extra varning om Log4j-hålet – fler måste agera (16 dec)
https://computersweden.idg.se/2.2683/1.760389/msb-larmar-igen–alla-it-ansvariga-maste-stoppa-log4shell

TellYouThePass ransomware via Log4Shell exploitation (16 dec)
https://www.curatedintel.org/2021/12/tellyouthepass-ransomware-via-log4shell.html

Log4j vulnerability: what should boards be asking? (17 dec)
https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking

Informationssäkerhet och blandat

Conti cyber attack on the HSE (3 dec)
https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf

The Graphoscope has been released (14 dec)
https://cert.lv/en/2021/12/the-graphoscope-has-been-released

Graphoscope på GitHub
https://github.com/cert-lv/graphoscopeGebyr til Grindr (15 dec)

https://www.datatilsynet.no/regelverk-og-verktoy/lover-og-regler/avgjorelser-fra-datatilsynet/2021/gebyr-til-grindr/

Storbritanien: National Cyber Strategy 2022 (15 dec)
https://www.gov.uk/government/publications/national-cyber-strategy-2022/national-cyber-security-strategy-2022

Large-scale phishing study shows who bites the bait more often (15 dec)
https://www.bleepingcomputer.com/news/security/large-scale-phishing-study-shows-who-bites-the-bait-more-often/

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
https://arxiv.org/pdf/2112.07498.pdf

Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions (16 dec)
https://research.checkpoint.com/2021/phorpiex-botnet-is-back-with-a-new-twizt-hijacking-hundreds-of-crypto-transactions/

PseudoManuscrypt: a mass-scale spyware attack campaign (16 dec)
https://ics-cert.kaspersky.com/reports/2021/12/16/pseudomanuscrypt-a-mass-scale-spyware-attack-campaign/

CERT-SE i veckan

Uppdatering om det allvarliga läget gällande sårbarheten i Log4j (“Log4Shell”)

BM21-004: Kritisk sårbarhet i vanligt förekommande Apache-biblioteket Log4j (uppdaterad 2021-12-17)

Adobes månatliga säkerhetsuppdateringar för december

Microsofts månatliga säkerhetsuppdateringar för december 2021