CERT-SE:s veckobrev v.11

Veckobrev

Vi har uppdaterat vår artikel kring överbelastningsattacker och nätfiske, läs gärna rekommendationerna och se till att de följs i er organisation.

Vi påminner återigen om vikten av att uppdatera sårbara system, så se över cyberhygienen och rapportera gärna in eventuella avvikelser ni ser i era system.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Cyber Realism in a Time of War (2 mar)
https://www.lawfareblog.com/cyber-realism-time-war

Värnpliktiga cybersoldater testades under intensiv övning (9 mar)
https://www.forsvarsmakten.se/sv/aktuellt/2022/03/varnpliktiga-cybersoldater-testades-under-intensiv-ovning/

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers (9 mar)
https://thehackernews.com/2022/03/emotet-botnets-latest-resurgence.html

Malware disguised as security tool targets Ukraine’s IT Army (10 mar)
https://www.bleepingcomputer.com/news/security/malware-disguised-as-security-tool-targets-ukraines-it-army/

Cyberangrepp ständigt pågående hot mot Sverige (11 mar)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2022-03-11-cyberangrepp-standigt-pagaende-hot-mot-sverige.html

Report: Recent 10x Increase in Cyberattacks on Ukraine (11 mar)
https://krebsonsecurity.com/2022/03/report-recent-10x-increase-in-cyberattacks-on-ukraine/

US Congress Passes Cyber Incident Reporting Mandate (11 mar)
https://www.govinfosecurity.com/us-congress-passes-cyber-incident-reporting-mandate-a-18704

Tre av SVT:s lokala Facebook-sidor hackade (12 mar)
https://www.svt.se/nyheter/tre-av-svt-s-lokala-facebook-sidor-hackade

Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say (12 mar)
https://www.reuters.com/world/europe/exclusive-us-spy-agency-probes-sabotage-satellite-internet-during-russian-2022-03-11/

Debattartikel: ”Sverige måste täppa till hålen i cybersäkerheten” (13 mar)
https://www.dn.se/debatt/sverige-maste-tappa-till-halen-i-cybersakerheten/

Viasat, Rosneft hit by cyberattacks as Ukraine war spills online (14 mar)
https://www.theregister.com/2022/03/14/viasat_rosneft_ukraine_cyberattacks/

CISA Hosts Eighth Cyber Storm Exercise with More than 200 Organizations (14 mar)
https://www.cisa.gov/news/2022/03/14/cisa-hosts-eighth-cyber-storm-exercise-more-200-organizations

Another data-leaking Spectre bug found, smashes Intel, Arm defenses (15 mar)
https://www.theregister.com/2022/03/15/spectre_bti_intel_amd_arm/

Russia faces IT crisis with just two months of data storage left (15 mar)
https://www.bleepingcomputer.com/news/technology/russia-faces-it-crisis-with-just-two-months-of-data-storage-left/

New Linux botnet exploits Log4J, uses DNS tunneling for comms (15 mar)
https://www.bleepingcomputer.com/news/security/new-linux-botnet-exploits-log4j-uses-dns-tunneling-for-comms/

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ (15 mar)
https://threatpost.com/cyberattacks-israeli-government-sites-largest/178927/

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021 (15 mar)
https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html

Germany issues hacking warning for users of Russian anti-virus software Kaspersky (15 mar)
https://www.reuters.com/technology/germany-issues-hacking-warning-users-russian-anti-virus-software-kaspersky-2022-03-15/

BSI warnt vor dem Einsatz von Kaspersky-Virenschutzprodukten (15 mar)
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html

CISA Alert: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability (15 mar)
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it (16 mar)
https://nakedsecurity.sophos.com/2022/03/16/russian-actors-bypass-2fa-story-what-happened-and-how-to-avoid-it/

CaddyWiper to Hermetic Wiper: How malware is being used amid Russia-Ukraine conflict (16 mar)
https://indianexpress.com/article/technology/tech-news-technology/from-candywipe-to-hermetic-heres-how-malwares-are-being-used-as-cyberweapons-7820584/

Analysis of CaddyWiper - Wiper Targeting Ukraine (15 mar)
https://www.truesec.com/hub/blog/analysis-of-caddywiper-wiper-targeting-ukraine

Threat Advisory: CaddyWiper (15 mar)
https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html

The Windows malware on Ukraine CERT’s radar (16 mar)
https://www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/

Säkerhetspolisen intensifierar arbetet mot främmande makt (16 mar)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2022-03-16-sakerhetspolisen-intensifierar-arbetet-mot-frammande-makt.html

Säpo varnar: Ökad risk för ryskt spionage (16 mar)
https://sverigesradio.se/artikel/sapo-okad-hotbild-mot-sverige-sedan-ryska-invasionen

Cyberangrepp största hotet just nu (17 mar)
https://www.forsvarsmakten.se/sv/aktuellt/2022/03/cyberangrepp-storsta-hotet-just-nu/

Microsoft creates tool to scan MikroTik routers for TrickBot infections (17 mar)
https://www.bleepingcomputer.com/news/security/microsoft-creates-tool-to-scan-mikrotik-routers-for-trickbot-infections/

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware (17 mar)
https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/

Why We Haven’t Seen Debilitating Cyberwar in Ukraine (18 mar)
https://www.vice.com/en/article/88gbk5/why-we-havent-seen-debilitating-cyberwar-in-ukraine

Tullingepartiets sida kapad – följ med när partiledaren jagar Facebook (18 mar)
https://www.svt.se/nyheter/lokalt/stockholm/tullingepartiets-sida-kapad-folj-med-nar-partiledaren-jagar-facebook

Informationssäkerhet och blandat

NASA in ‘serious jeopardy’ due to big black hole in security (15 mar)
https://www.theregister.com/2022/03/15/nasa_insider_threat_audit/

NASA’s Insider Threat Program
https://oig.nasa.gov/docs/IG-22-009.pdf

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018 (15 mar)
https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html

NVIDIA staff shouldn’t have chosen passwords like these… (15 mar)
https://grahamcluley.com/nvidia-staff-passwords/

Göteborgs Friidrottsförbund/Göteborgsvarvet (GFIF) | Per­son­uppgiftsincident (15 mar)
https://www.goteborgsvarvet.se/personuppgiftsincedent

CERT-SE i veckan

Kritiska sårbarheter i Veeam-produkter