CERT-SE:s veckobrev v.2

Veckobrev

God fortsättning! I årets första veckobrev tipsar vi bland annat om diverse sammanställningar om det gångna cybersäkerhetsåret, men även senaste nytt om sårbarheten i Log4j och några matnyttiga presentationer från årets upplaga av Folk och Försvars Rikskonferens.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

IVAs cybersäkerhetsprojekt lanserar hot- och lägesbild (22 dec)
https://www.iva.se/publicerat/cybersakerhet-hot-och-lagesbild/

Cyber Threats to Critical Manufacturing Sector Industrial Control Systems (ICS) (23 dec)
https://www.cisa.gov/sites/default/files/publications/CISA%20Insight%20Control%20Systems%2023Dec2021_508%20Updated.pdf

The Worst Hacks of 2021 (24 dec)
https://www.wired.com/story/worst-hacks-2021/

University loses 77TB of research data due to backup error (30 dec)
https://www.bleepingcomputer.com/news/security/university-loses-77tb-of-research-data-due-to-backup-error/

Cyber-attack on UK’s Defence Academy caused ‘significant’ damage (2 jan)
https://www.theguardian.com/uk-news/2022/jan/02/cyber-attack-on-uks-defence-academy-caused-significant-damage

Feds Step Up Cybersecurity Support for State Governments (4 jan)
https://www.nextgov.com/cybersecurity/2022/01/feds-step-cybersecurity-support-state-governments/360323/

Forskare ska studera cybersäkerheten i kommuner (5 jan)
https://www.aktuellsakerhet.se/forskare-ska-studera-cybersakerheten-i-kommuner/

How ransomware gangs went pro (5 jan)
https://www.theregister.com/2022/01/05/how_ransomware_went_pro/

Rapport: 2021 Ransomware Threat Report
https://www.darktrace.com/en/resources/wp-ransomware-threat-report.pdf

Banktrojan utnyttjar Microsofts digitala verifiering av filsignaturer (5 jan)
https://www.aktuellsakerhet.se/banktrojan-utnyttjar-microsofts-digitala-verifiering-av-filsignaturer/

Night Sky, a new ransomware operation in the threat landscape (7 jan)
https://securityaffairs.co/wordpress/126400/malware/night-sky-ransomware-operation.html

New ZLoader malware campaign hit more than 2000 victims across 111 countries (10 jan)
https://securityaffairs.co/wordpress/126513/malware/zloader-new-campaign.html

Ministry of Justice caught up in multiple cyber incidents (10 jan)
https://www.computerweekly.com/news/252511731/Ministry-of-Justice-caught-up-in-multiple-cyber-incidents

SecurityWeek Cyber Insights 2022: Ransomware (10 jan)
https://www.securityweek.com/securityweek-cyber-insights-2022-ransomware

Ransomware warning: Cyber criminals are mailing out USB drives that install malware (10 jan)
https://www.zdnet.com/article/fbi-cybercriminals-are-mailing-out-usb-drives-that-will-install-ransomware/

Cybercrime group Elephant Beetle lurks inside networks for months (11 jan)
https://www.csoonline.com/article/3646613/cybercrime-group-elephant-beetle-lurks-inside-networks-for-months.html

Cybersecurity: Last year was a record year for attacks, and Log4j made it worse (11 jan)
https://www.zdnet.com/article/report-increased-log4j-exploit-attempts-leads-to-all-time-peak-in-weekly-cyberattacks-per-org/

Check Point Research: Cyber Attacks Increased 50% Year over year (10 jan)
https://blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/

What are 2022’s biggest cyber threats? We asked the experts (11 jan)
https://www.trustedreviews.com/news/what-are-2022s-biggest-cyber-threats-4195110

Is cybersecurity the weakest NHS supply chain link? (11 jan)
https://www.raconteur.net/public-sector/cybersecurity-nhs-supply-chain/

Cryptominers threaten GCP virtual servers (11 jan)
https://www.kaspersky.co.uk/blog/attacks-on-google-cloud-platform/24023/

WordPress Bugs Exploded in 2021, Most Exploitable (11 jan)
https://threatpost.com/wordpress-bugs-exploded-2021-exploitable/177553/

Hacking group accidentally infects itself with Remote Access Trojan horse (11 jan)
https://grahamcluley.com/hacking-group-accidentally-infects-itself-with-remote-access-trojan-horse/

CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure (11 jan)
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/cisa-fbi-and-nsa-release-cybersecurity-advisory-russian-cyber

A ransomware attack took a New Mexico jail offline, leaving inmates in lockdown (11 jan)
https://www.theverge.com/2022/1/11/22878471/ransomware-attack-new-mexico-jail-lockdown-cameras-bernalillo-county

European Space Agency: Come on, hack our satellite if you think you’re hard enough (11 jan)
https://www.theregister.com/2022/01/11/ops_sat_hack/

Skadlig kod kan upptäckas med elektromagnetiska vågor (11 jan)
https://computersweden.idg.se/2.2683/1.761341/skadlig-kod-kan-upptackas-med-elektromagnetiska-vagor

Initiation of consultation on introduction of cyberattack reporting obligation (12 jan)
https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-86768.html

Maryland officials confirm ransomware attack shut down Department of Health (12 jan)
https://www.zdnet.com/article/maryland-officials-confirm-ransomware-attack-shut-down-department-of-health/

Security researcher claims to have hacked into over 25 Teslas in 13 countries (12 jan)
https://europe.autonews.com/automakers/teen-hacker-claims-ability-control-25-teslas-worldwide

Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation (13 jan)
https://www.theregister.com/2022/01/13/ukraine_arrests_five_ransomware_suspects/

Stor hackerattack mot ukrainska regeringssajter (14 jan)
https://www.dn.se/varlden/stor-hackerattack-mot-ukrainska-regeringssajter/

Ukraine hit by ‘massive’ cyber-attack on government websites (14 jan)
https://www.theguardian.com/world/2022/jan/14/ukraine-massive-cyber-attack-government-websites-suspected-russian-hackers

Log4Shell

FTC warns companies to remediate Log4j security vulnerability (4 jan)
https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability

You better have patched those Log4j holes or we’ll see what a judge has to say – FTC (5 jan)
https://www.theregister.com/2022/01/05/ftc_log4j_fix/

The FTC Wants Companies to Find Log4j Fast. It Won’t Be Easy (10 jan)
https://www.wired.com/story/lo4j-ftc-vulnerability/

CISA director: ‘We have not seen significant intrusions’ from Log4j – yet (10 jan)
https://www.zdnet.com/article/cisa-director-we-have-not-seen-significant-intrusions-from-log4j/

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (11 jan)
https://www.bleepingcomputer.com/news/security/night-sky-ransomware-uses-log4j-bug-to-hack-vmware-horizon-servers/

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz (11 jan)
https://www.theregister.com/2022/01/11/outdated_log4j_downloads/

Almost half of Log4j downloads still dangerously exposed (11 jan)
https://www.computerweekly.com/news/252511846/Almost-half-of-Log4j-downloads-still-dangerously-exposed

Folk och Försvars Rikskonferens 2022

ÖB: Sverige är i en allvarlig säkerhetssituation (11 jan)
https://sverigesradio.se/artikel/ob-sverige-ar-i-en-allvarlig-sakerhetssituation

“Det internationella samarbetet är absolut väsentligt” Charlotte Petri Gornitzka, GD MSB (11 jan)
https://www.youtube.com/watch?v=UpgBTGDtpvI

“Hoten ökar i mängd, komplexitet och i antal aktörer” Henrik Landerholm, GD MPF (11 jan)
https://www.youtube.com/watch?v=Y66xolnHQRE

Informationssäkerhet och blandat

Report: 60% of U.S. infosec professionals believe ransomware is as serious as terrorism (1 jan)
https://venturebeat.com/2022/01/01/report-60-of-u-s-infosec-professionals-believe-ransomware-is-as-serious-as-terrorism/

US Police Warn of Parking Meters with Phishing QR Codes (5 jan)
https://www.bitdefender.com/blog/hotforsecurity/us-police-parking-meters-phishing-qr-codes/

Salesforce mandates MFA by default (7 jan)
https://www.theregister.com/2022/01/07/salesforce_mandates_mfa_by_default/

A data ‘black hole’: Europol ordered to delete vast store of personal data (10 jan)
https://www.theguardian.com/world/2022/jan/10/a-data-black-hole-europol-ordered-to-delete-vast-store-of-personal-data

Info-saturated techie builds bug alert service that phones you to warn of new vulns (12 jan)
https://www.theregister.com/2022/01/12/bugalert_matt_sullivan_interview/

CERT-SE i veckan

Sårbarheter i Cisco-produkter samt uppdatering gällande Apache Log4j

Kritiska sårbarheter i SAP-produkterAllvarlig sårbarhet påverkar VMware-produkter

Adobes månatliga säkerhetsuppdateringar för januari

Microsofts månatliga säkerhetsuppdateringar för januari 2022

Datumproblem påverkar Microsoft Exchange Server