CERT-SE:s veckobrev v.12
Efter en vecka fullspäckad med nyheter kommer här en liten sammanställning från CERT-SE. Bland annat har Lapsus$ i veckan skapat många rubriker, men även det säkerhetspolitiska läget och spridandet av skadlig kod i öppen källkod har fått mycket uppmärksamhet. Idag blev det även klart att Regeringen vill ge Finansinspektionen i uppdrag att ta fram åtgärdsförslag för att stärka finanssektorns motståndskraft mot cyberangrepp.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Browser In The Browser (BITB) Attack (15 mar)
https://mrd0x.com/browser-in-the-browser-phishing-attack/
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate (17 mar)
https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
Indicators of Compromise Associated with AvosLocker Ransomware (17 mar)
https://www.ic3.gov/Media/News/2022/220318.pdf
CISOs face ‘perfect storm’ of ransomware and state-supported cybercrime (18 mar)
https://www.theregister.com/2022/03/18/ciso_security_storm/
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus (18 mar)
https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/
Developer Sabotages Open-Source Software Package (21 mar)
https://www.schneier.com/blog/archives/2022/03/developer-sabotages-open-source-software-package.html
Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware (17 mar)
https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/
BIG sabotage: Famous npm package deletes files to protest Ukraine war (17 mar)
https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/
Free decryptor released for TrickBot gang’s Diavol ransomware (18 mar)
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-trickbot-gangs-diavol-ransomware/
Hackers claim to breach TransUnion South Africa with ‘Password’ password (18 mar)
https://www.bleepingcomputer.com/news/security/hackers-claim-to-breach-transunion-south-africa-with-password-password/
Update: South Africa Cyber Incident (24 mar)
https://newsroom.transunion.co.za/update-south-africa-cyber-incident/
Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure (18 mar)
https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/
EASA publishes SIB to warn of intermittent GNSS outages near Ukraine conflict areas (17 mar)
https://www.easa.europa.eu/newsroom-and-events/news/easa-publishes-sib-warn-intermittent-gnss-outages-near-ukraine-conflict
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain (21 mar)
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
How legacy IPv6 addresses can spoil your network privacy (22 mar)
https://www.theregister.com/2022/03/22/legacy_ipv6_addressing_standard_enables/
One Bad Apple Can Spoil Your IPv6 Privacy (16 mar)
https://arxiv.org/abs/2203.08946
Trots larm – Ekot kan fortfarande mejla som försvarsministern (22 mar)
https://sverigesradio.se/artikel/trots-larm-ekot-kan-fortfarande-mejla-som-forsvarsministern
Scottish mental health charity SAMH targeted in cyber attack (22 mar)
https://www.bbc.com/news/uk-scotland-60826263
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (23 mar)
https://thehackernews.com/2022/03/over-200000-microtik-routers-worldwide.html
DeadBolt Ransomware Resurfaces to Hit QNAP Again (23 mar)
https://threatpost.com/deadbolt-ransomware-qnap-again/179057/
Ransomware Encrypts Nearly 100,000 Files in Under 45 Minutes (23 mar)
https://www.splunk.com/en_us/blog/security/ransomware-encrypts-nearly-100-000-files-in-under-45-minutes.html
IT outage at Scotland’s Heriot-Watt University enters second week (24 mar)
https://www.theregister.com/2022/03/24/heriot_watt_outage/
Driftstörning hos Bank-id: “Jobbar för fullt” (24 mar)
https://tt.omni.se/driftstorning-hos-bank-id-jobbar-for-fullt/a/7dGJg8
Uppdrag till Finansinspektionen för stärkt cybersäkerhet (25 mar)
https://www.regeringen.se/pressmeddelanden/2022/03/uppdrag-till-finansinspektion-for-starkt-cybersakerhet/
Okta och Lapsus$
Updated Okta Statement on LAPSUS$ (22 mar)
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
Okta’s Investigation of the January 2022 Compromise (23 mar)
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
The Lapsus$ Hacking Group Is Off to a Chaotic Start (15 mar)
https://www.wired.com/story/lapsus-hacking-group-extortion-nvidia-samsung/
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction (22 mar)
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
A Closer Look at the LAPSUS$ Data Extortion Group (23 mar)
https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/
Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind (23 mar)
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind
Det säkerhetspolitiska läget
Nytt radioprogram ska motverka rysk propaganda – från Stockholm (16 mar)
https://www.svt.se/kultur/nytt-radioprogram-ska-motverka-propaganda-i-ryssland-fran-stockholm
Double header: IsaacWiper and CaddyWiper (18 mar)
https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/
Anonymous: How hackers are trying to undermine Putin (20 mar)
https://www.bbc.com/news/technology-60784526
Russia is exploring options for cyberattacks, and companies must be ready, says Biden (21 mar)
https://www.cnbc.com/2022/03/21/biden-russia-exploring-cyberattacks-companies-must-be-ready.html
Sandworm: A tale of disruption told anew (21 mar)
https://www.welivesecurity.com/2022/03/21/sandworm-tale-disruption-told-anew/
Informationssäkerhet och blandat
Privacy Tips For Mobile & Desktop https://medium.com/duckduckgo-privacy-blog/privacy-tips/home
FBI Internet Crime Report 2021
https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
What Data Do The Google Dialer and Messages Apps On Android Send to Google? (28 feb)
https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf
8 Tips for Securing Networks When Time Is Scarce (22 mar)
https://www.rapid7.com/blog/post/2022/03/22/8-tips-for-securing-networks-when-time-is-scarce/
Svenskar försiktigare med att lämna ifrån sig personlig information (22 mar)
https://computersweden.idg.se/2.2683/1.764174/integritetsfragor-allt-viktigare-for-svenska-folket
CERT-SE i veckan
Kritiska sårbarheter i VMware Carbon Black App ControlCERT-SE uppmanar alla organisationer att skärpa uppmärksamheten kring nätfiske och DDoS