CERT-SE:s veckobrev v.11
Vi har uppdaterat vår artikel kring överbelastningsattacker och nätfiske, läs gärna rekommendationerna och se till att de följs i er organisation.
Vi påminner återigen om vikten av att uppdatera sårbara system, så se över cyberhygienen och rapportera gärna in eventuella avvikelser ni ser i era system.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Cyber Realism in a Time of War (2 mar)
https://www.lawfareblog.com/cyber-realism-time-war
Värnpliktiga cybersoldater testades under intensiv övning (9 mar)
https://www.forsvarsmakten.se/sv/aktuellt/2022/03/varnpliktiga-cybersoldater-testades-under-intensiv-ovning/
Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers (9 mar)
https://thehackernews.com/2022/03/emotet-botnets-latest-resurgence.html
Malware disguised as security tool targets Ukraine’s IT Army (10 mar)
https://www.bleepingcomputer.com/news/security/malware-disguised-as-security-tool-targets-ukraines-it-army/
Cyberangrepp ständigt pågående hot mot Sverige (11 mar)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2022-03-11-cyberangrepp-standigt-pagaende-hot-mot-sverige.html
Report: Recent 10x Increase in Cyberattacks on Ukraine (11 mar)
https://krebsonsecurity.com/2022/03/report-recent-10x-increase-in-cyberattacks-on-ukraine/
US Congress Passes Cyber Incident Reporting Mandate (11 mar)
https://www.govinfosecurity.com/us-congress-passes-cyber-incident-reporting-mandate-a-18704
Tre av SVT:s lokala Facebook-sidor hackade (12 mar)
https://www.svt.se/nyheter/tre-av-svt-s-lokala-facebook-sidor-hackade
Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say (12 mar)
https://www.reuters.com/world/europe/exclusive-us-spy-agency-probes-sabotage-satellite-internet-during-russian-2022-03-11/
Debattartikel: ”Sverige måste täppa till hålen i cybersäkerheten” (13 mar)
https://www.dn.se/debatt/sverige-maste-tappa-till-halen-i-cybersakerheten/
Viasat, Rosneft hit by cyberattacks as Ukraine war spills online (14 mar)
https://www.theregister.com/2022/03/14/viasat_rosneft_ukraine_cyberattacks/
CISA Hosts Eighth Cyber Storm Exercise with More than 200 Organizations (14 mar)
https://www.cisa.gov/news/2022/03/14/cisa-hosts-eighth-cyber-storm-exercise-more-200-organizations
Another data-leaking Spectre bug found, smashes Intel, Arm defenses (15 mar)
https://www.theregister.com/2022/03/15/spectre_bti_intel_amd_arm/
Russia faces IT crisis with just two months of data storage left (15 mar)
https://www.bleepingcomputer.com/news/technology/russia-faces-it-crisis-with-just-two-months-of-data-storage-left/
New Linux botnet exploits Log4J, uses DNS tunneling for comms (15 mar)
https://www.bleepingcomputer.com/news/security/new-linux-botnet-exploits-log4j-uses-dns-tunneling-for-comms/
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ (15 mar)
https://threatpost.com/cyberattacks-israeli-government-sites-largest/178927/
Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021 (15 mar)
https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html
Germany issues hacking warning for users of Russian anti-virus software Kaspersky (15 mar)
https://www.reuters.com/technology/germany-issues-hacking-warning-users-russian-anti-virus-software-kaspersky-2022-03-15/
BSI warnt vor dem Einsatz von Kaspersky-Virenschutzprodukten (15 mar)
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
CISA Alert: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability (15 mar)
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it (16 mar)
https://nakedsecurity.sophos.com/2022/03/16/russian-actors-bypass-2fa-story-what-happened-and-how-to-avoid-it/
CaddyWiper to Hermetic Wiper: How malware is being used amid Russia-Ukraine conflict (16 mar)
https://indianexpress.com/article/technology/tech-news-technology/from-candywipe-to-hermetic-heres-how-malwares-are-being-used-as-cyberweapons-7820584/
Analysis of CaddyWiper - Wiper Targeting Ukraine (15 mar)
https://www.truesec.com/hub/blog/analysis-of-caddywiper-wiper-targeting-ukraine
Threat Advisory: CaddyWiper (15 mar)
https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html
The Windows malware on Ukraine CERT’s radar (16 mar)
https://www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/
Säkerhetspolisen intensifierar arbetet mot främmande makt (16 mar)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2022-03-16-sakerhetspolisen-intensifierar-arbetet-mot-frammande-makt.html
Säpo varnar: Ökad risk för ryskt spionage (16 mar)
https://sverigesradio.se/artikel/sapo-okad-hotbild-mot-sverige-sedan-ryska-invasionen
Cyberangrepp största hotet just nu (17 mar)
https://www.forsvarsmakten.se/sv/aktuellt/2022/03/cyberangrepp-storsta-hotet-just-nu/
Microsoft creates tool to scan MikroTik routers for TrickBot infections (17 mar)
https://www.bleepingcomputer.com/news/security/microsoft-creates-tool-to-scan-mikrotik-routers-for-trickbot-infections/
Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware (17 mar)
https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/
Why We Haven’t Seen Debilitating Cyberwar in Ukraine (18 mar)
https://www.vice.com/en/article/88gbk5/why-we-havent-seen-debilitating-cyberwar-in-ukraine
Tullingepartiets sida kapad – följ med när partiledaren jagar Facebook (18 mar)
https://www.svt.se/nyheter/lokalt/stockholm/tullingepartiets-sida-kapad-folj-med-nar-partiledaren-jagar-facebook
Informationssäkerhet och blandat
NASA in ‘serious jeopardy’ due to big black hole in security (15 mar)
https://www.theregister.com/2022/03/15/nasa_insider_threat_audit/
NASA’s Insider Threat Program
https://oig.nasa.gov/docs/IG-22-009.pdf
Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018 (15 mar)
https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html
NVIDIA staff shouldn’t have chosen passwords like these… (15 mar)
https://grahamcluley.com/nvidia-staff-passwords/
Göteborgs Friidrottsförbund/Göteborgsvarvet (GFIF) | Personuppgiftsincident (15 mar)
https://www.goteborgsvarvet.se/personuppgiftsincedent