CERT-SE:s veckobrev v.5

Veckobrev

Cyberattacker mot drivmedelsleverantörer och chipstillverkare, MSB:s årsrapport om it-incidenter, en genomgång av cybersäkerhetsarbetet under sommar-OS i Tokyo samt senaste nytt om BlackCat och CosyBear får sammanfatta den gångna veckan.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Spreading Knowledge of Cyber Defense from the Tokyo 2020 Olympics to the World (26 jan)
https://japan-forward.com/spreading-knowledge-of-cyber-defense-from-the-tokyo-2020-olympics-to-the-world/

A Look Back on Cybersecurity for the Tokyo 2020 Games
https://www.nisc.go.jp/eng/pdf/LB_CS_Tokyo2020.pdf

Facebook credential phishing via Facebook Messenger (27 jan)
https://www.kyberturvallisuuskeskus.fi/en/ttn_20012022

Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign (27 jan)
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/

Microsoft mitigates largest DDoS attack ‘ever reported in history’ (27 jan)
https://www.bleepingcomputer.com/news/security/microsoft-mitigates-largest-ddos-attack-ever-reported-in-history/

Who Wrote the ALPHV/BlackCat Ransomware Strain? (28 jan)
https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/

Ministry for Foreign Affairs has solved suspected espionage case (28 jan)
https://um.fi/current-affairs/-/asset_publisher/gc654PySnjTX/content/ulkoministerio-on-saanut-selvitettya-siihen-kohdistuneen-vakoilutapauksen

NSO Group Pegasus Spyware Aims at Finnish Diplomats (31 jan)
https://threatpost.com/nso-group-pegasus-spyware-finnish-diplomats/178113/

Local schoolgirls poised to battle for title of country’s cyber champions (31 jan)
https://news.causewaycoastcommunity.co.uk/schoolgirls-in-northern-ireland-poised-to-battle-for-title-of-countrys-cyber-champions/

Reasons Why Every Business is a Target of DDoS Attacks (31 jan)
https://thehackernews.com/2022/01/reasons-why-every-business-is-target-of.html

OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks (31 jan)
https://www.securityweek.com/ot-data-stolen-ransomware-gangs-can-facilitate-cyber-physical-attacks

Study on Domain Name System (DNS) abuse (31 jan)
https://op.europa.eu/en/publication-detail/-/publication/7d16c267-7f1f-11ec-8c40-01aa75ed71a1/language-en/

FBI urges athletes to keep personal devices at home, use burners during Beijing Winter Olympics (31 jan)
https://www.zdnet.com/article/fbi-urges-olympic-athletes-to-keep-personal-devices-at-home-use-burners/

FBI warns of fake job postings used to steal money, personal info (1 feb)
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-job-postings-used-to-steal-money-personal-info/

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks (1 feb)
https://thehackernews.com/2022/02/iranian-hackers-using-new-powershell.html

German petrol supply firm Oiltanking paralyzed by cyber attack (1 feb)
https://www.bleepingcomputer.com/news/security/german-petrol-supply-firm-oiltanking-paralyzed-by-cyber-attack/

BlackCat ransomware implicated in attack on German oil companies (2 feb)
https://www.zdnet.com/article/blackcat-ransomware-implicated-in-attack-on-german-oil-companies/

European Oil Port Terminals Hit by Cyberattack (3 feb)
https://www.securityweek.com/european-oil-port-terminals-hit-cyberattack

European oil facilities hit by cyber-attacks (3 feb)
https://www.bbc.com/news/technology-60250956

En inblick i Sveriges cybersäkerhet : årsrapport it-incidentrapportering 2021 (2 feb)
https://www.msb.se/sv/publikationer/en-inblick-i-sveriges-cybersakerhet–arsrapport-it-incidentrapportering-2021/

MSB om cybersäkerheten i Sverige (2 feb)
https://sverigesradio.se/artikel/msb-om-cybersakerheten-i-sverige

Mörkertal döljer problem med it-haverier (2 feb)
https://www.msn.com/sv-se/ekonomi/marknader/m%C3%B6rkertal-d%C3%B6ljer-problem-med-it-haverier/ar-AATnJeD

FRA: Cyberattacker mot mjukvaruleverantörer allt vanligare (2 feb)
https://www.svt.se/nyheter/inrikes/fra-cyberattacker-mot-mjukvaruforetag-allt-vanligare-efter-coops-nodstangningar

Finding Vulnerabilities in Open Source Projects (2 feb)
https://www.schneier.com/blog/archives/2022/02/finding-vulnerabilities-in-open-source-projects.html

U.S. Statement on the Hack of the ICRC (2 feb)
https://www.state.gov/u-s-statement-on-the-hack-of-the-icrc/

Wormhole cryptocurrency platform hacked to steal $326 million (2 feb)
https://www.bleepingcomputer.com/news/cryptocurrency/wormhole-cryptocurrency-platform-hacked-to-steal-326-million/

Log4j Updates: Flaw Challenges Global Security Leaders (2 feb)
https://www.bankinfosecurity.com/log4j-updates-flaw-challenges-global-security-leaders-a-18142

Shortage of KP Nuts and Hula Hoops looms after cyber-attack (3 feb)
https://www.theguardian.com/business/2022/feb/03/shortage-of-kp-nuts-and-hula-hoops-looms-after-cyber-attack

A new report shows RaaS dominates, but defences are gaining the upper hand (3 feb)
https://securitybrief.co.nz/story/a-new-report-shows-raas-dominates-but-defences-are-gaining-the-upper-hand

Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks (3 feb)
https://www.securityweek.com/financially-motivated-hackers-use-leaked-conti-ransomware-techniques-attacks

Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (3 feb)
https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/

Codex Exposed: Helping Hackers in Training? (3 feb)
https://www.trendmicro.com/en_us/research/22/a/codex-exposed-helping-hackers-in-training.html

2021 NSA Cybersecurity Year in Review (3 feb)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2921744/nsa-releases-2021-cybersecurity-year-in-review/

Informationssäkerhet och blandat

Miljonböter till Region Uppsala för okrypterade mejl och bristande it-säkerhet (28 jan)
https://www.nyteknik.se/digitalisering/miljonboter-till-region-uppsala-for-okrypterade-mejl-och-bristande-it-sakerhet-7028025

German Court Rules Websites Embedding Google Fonts Violates GDPR (31 jan)
https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html

Dark Overlord Collaborator Sentenced to Three Years (31 jan)
https://www.bankinfosecurity.com/dark-overlord-collaborator-sentenced-to-three-years-a-18409

CERT-SE i veckan

Kritiska sårbarheter i Cisco Small Business RV Series Router

Kritisk sårbarhet i Samba