CERT-SE:s veckobrev v.14
Lite av varje i veckans nyhetssvep: Analyser av wipers och skadlig kod. Röstmeddelanden med nätfiske. Utpressningsattacker mot vindkraftverk. Desinformation. Och vad står egentligen APT för?
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Analysis of BlackGuard - A New Info Stealer Malware Being Sold In A Russian Hacking Forum (30 mar)
https://www.zscaler.com/blogs/security-research/analysis-blackguard-new-info-stealer-malware-being-sold-russian-hacking
AcidRain | A Modem Wiper Rains Down on Europe (31 mar)
https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
–
Viasat confirms report of wiper malware used in Ukraine cyberattack (1 apr)
https://therecord.media/viasat-confirms-report-of-wiper-malware-used-in-ukraine-cyberattack/
Bypassing Two-Factor Authentication (1 apr)
https://www.schneier.com/blog/archives/2022/04/bypassing-two-factor-authentication.html
More charged in UK Lapsus$ investigation (1 apr)
https://www.theregister.com/2022/04/01/lapsus_uk_charges/
New UAC-0056 activity: There’s a Go Elephant in the room (1 apr)
https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/
Blockchains Have a ‘Bridge’ Problem, and Hackers Know It (3 apr)
https://www.wired.com/story/blockchain-network-bridge-hacks/
New Borat remote access malware is no laughing matter (3 apr)
https://www.bleepingcomputer.com/news/security/new-borat-remote-access-malware-is-no-laughing-matter/
–
Deep Dive Analysis – Borat RAT (31 mar)
https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat/
Ukraine: Russian Armageddon phishing targets EU govt agencies (5 apr)
https://www.bleepingcomputer.com/news/security/ukraine-russian-armageddon-phishing-targets-eu-govt-agencies/
Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack (5 apr)
https://www.securityweek.com/wind-turbine-giant-nordex-shuts-down-it-systems-response-cyberattack
–
Nordex Group impacted by cyber security incident (2 apr)
https://www.nordex-online.com/en/2022/04/nordex-group-impacted-by-cyber-security-incident/
Microsoft Details New Security Features for Windows 11 (6 apr)
https://www.darkreading.com/remote-workforce/microsoft-details-new-security-features-for-windows-11
Cyberkrigarna som strider mot Putin (6 apr)
https://sverigesradio.se/avsnitt/cyberkrigarna-som-strider-mot-putin
The Original APT: Advanced Persistent Teenagers (6 apr)
https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/
Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) (6 apr)
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
Myndigheten för samhällsskydd och beredskap genomför bred informationskampanj om informations- och cybersäkerhet (7 apr)
https://regeringen.se/pressmeddelanden/2022/04/myndigheten-for-samhallsskydd-och-beredskap-genomfor-bred-informationskampanj-om-informations–och-cybersakerhet/
BlackCat Ransomware Targets Industrial Companies (7 apr)
https://www.securityweek.com/blackcat-ransomware-targets-industrial-companies
Förhöjd hotbild men inte fler it-incidenter (7 apr)
https://universitetslararen.se/2022/04/07/forhojd-hotbild-men-inte-fler-it-incidenter/
Google boosts Android security with new set of dev policy changes (7 apr)
https://www.bleepingcomputer.com/news/security/google-boosts-android-security-with-new-set-of-dev-policy-changes/
Ukraine now faces cyber threats through Telegram messages (7 apr)
https://www.cybersecurity-insiders.com/ukraine-now-faces-cyber-threats-through-telegram-messages/
Utrikesministeriets och Försvarsministeriets webbplatser har utsatts för överbelastningsattack (8 apr)
https://svenska.yle.fi/a/7-10015213
Informationssäkerhet och blandat
Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” (29 mar)
https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
Food Delivery Leak Unmasks Russian Security Agents (1 apr)
https://www.bellingcat.com/news/rest-of-world/2022/04/01/food-delivery-leak-unmasks-russian-security-agents/
WhatsApp voice message phishing emails push info-stealing malware (4 apr)
https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phishing-emails-push-info-stealing-malware/
Danish data protection watchdog launches criminal case against Danske Bank (5 apr)
https://www.finextra.com/newsarticle/40007/danish-data-protection-watchdog-launches-criminal-case-against-danske-bank/transaction
Ny rapport: Varannan väljare känner stor oro att desinformation ska påverka resultatet i höstens val (5 apr)
https://www.aktuellsakerhet.se/ny-rapport-varannan-valjare-kanner-stor-oro-att-desinformation-ska-paverka-resultatet-i-hostens-val/
–
Svenskarna och internet: Valspecial 2022 (5 apr)
https://svenskarnaochinternet.se/rapporter/svenskarna-och-internet-valspecial-2022/
Barnet skulle skyddas från pappan – Skolplattformen läckte uppgifterna (6 apr)
https://www.dn.se/sverige/barnet-skulle-skyddas-fran-pappan-skolplattformen-lackte-uppgifterna/
The Curious Case of Coulus Coelib (6 apr)
https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
–
Android apps with 45 million installs used data harvesting SDK (7 apr)
https://www.bleepingcomputer.com/news/security/android-apps-with-45-million-installs-used-data-harvesting-sdk/
Disrupting cyberattacks targeting Ukraine (7 apr)
https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/