CERT-SE:s veckobrev v.18
Ransomware som borrat sig in hos tandläkare och kommuner, en ny APT-grupp, flera intressanta rapporter om hotbilden mot såväl elnät som appbutiker samt analyser av det rådande världsläget ur ett cybersäkerhetsperspektiv.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
The Package Analysis Project: Scalable detection of malicious open source packages (28 apr)
https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html
Report: 95% of IT leaders say Log4shell was ‘major wake-up call’ for cloud security (29 apr)
https://venturebeat.com/2022/04/29/report-95-of-it-leaders-say-log4shell-was-major-wake-up-call-for-cloud-security/
Interpol: We can’t arrest our way out of cybercrime (29 apr)
https://www.theregister.com/2022/04/29/interpol_cybercrime_partnerships/
Analysis on recent wiper attacks: examples and how wiper malware works (2 maj)
https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works
Digging up Sandworm: The Biggest Threat to the U.S. Power Grid (2 maj)
https://workplacetablet.com/2022/05/02/digging-up-sandworm-the-biggest-threat-to-the-u-s-power-grid/
Spanish prime minister’s phone ‘targeted with Pegasus spyware’ (2 maj)
https://www.theguardian.com/world/2022/may/02/spain-prime-minister-pedro-sanchez-phone-pegasus-spyware
Hack of Spanish PM’s phone deepens Europe’s spyware crisis (2 maj)
https://www-politico-eu.cdn.ampproject.org/c/s/www.politico.eu/article/pegasus-hacking-spyware-spain-government-prime-minister-pedro-sanchez-margarita-robles-digital-espionage-crisis/amp/
New Black Basta Ransomware Possibly Linked to Conti Group (2 maj)
https://www.securityweek.com/new-black-basta-ransomware-possibly-linked-conti-group
Congress wants to study the cybersecurity of satellites after Viasat hack (2 maj)
https://www.scmagazine.com/analysis/device-security/congress-wants-to-study-the-cybersecurity-of-satellites-after-viasat-hack
How ransomware shut down an English council (2 maj)
https://www.newstatesman.com/spotlight/2022/05/how-ransomware-shut-down-an-english-council
Bedragare utnyttjar Swedbanks it-haveri: ”Lägg på” (2 maj)
https://www.svt.se/nyheter/inrikes/bedragare-utnyttjar-swedbanks-it-haveri-lagg-pa
Security is a pain for American Dental Association: Ransomware infection feared (2 maj)
https://www.theregister.com/2022/05/02/in_brief_security/
UNC3524: Eye Spy on Your Email (2 maj)
https://www.mandiant.com/resources/unc3524-eye-spy-email
Botnet that hid for 18 months boasted some of the coolest tradecraft ever (3 maj)
https://arstechnica.com/information-technology/2022/05/how-hackers-used-smarts-and-a-novel-iot-botnet-to-plunder-email-for-months/
SolarWinds hackers set up phony media outlets to trick targets (3 maj)
https://www.cyberscoop.com/solarwinds-recorded-future-nobelium-apt29/
German Finance Watchdog Sees ‘Very Big’ Risk of Cyberattacks (3 maj)
https://www.securityweek.com/german-finance-watchdog-sees-very-big-risk-cyberattacks
Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol (3 maj)
https://www.securityweek.com/deepfakes-are-growing-threat-cybersecurity-and-society-europol
Update on cyber activity in Eastern Europe (3 maj)
https://blog-google.cdn.ampproject.org/c/s/blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/amp/
Data Broker Is Selling Location Data of People Who Visit Abortion Clinics (3 maj)
https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood
Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims (3 maj)
https://thehackernews.com/2022/05/experts-analyze-conti-and-hive.html
Healthcare and Education Sectors Most Susceptible to Cyber Incidents (4 maj)
https://www.infosecurity-magazine.com/news/healthcare-education-cyber/
Attackers Use Event Logs to Hide Fileless Malware (4 maj)
https://threatpost.com/attackers-use-event-logs-to-hide-fileless-malware/179484/
US Cyber Command shored up nine nations’ defenses last year (4 maj)
https://www.theregister.com/2022/05/04/us_cyber_hunt_forward/
Threat report on application stores (4 maj)
https://www.ncsc.gov.uk/report/threat-report-on-application-stores
Australian state transport agency hit by cyber attack (4 maj)
https://www.itpro.co.uk/security/cyber-attacks/367572/australian-state-transport-agency-hit-by-cyber-attack
Närmare 2000 fängelseår – resultat från info i krypterade appar (5 maj)
https://polisen.se/aktuellt/nyheter/2022/maj/narmare-2000-fangelsear—resultat-fran-info-i-krypterade-appar-hittills/
New NetDooka malware spreads via poisoned search results (5 maj)
https://www.bleepingcomputer.com/news/security/new-netdooka-malware-spreads-via-poisoned-search-results/
Ransomware Payments: Just 46% of Victims Now Pay a Ransom (5 maj)
https://www.bankinfosecurity.com/blogs/ransomware-payments-just-46-victims-now-pay-ransom-p-3225
FBI: Cyber-scams cost victims $6.9b-plus worldwide in 2021 (5 maj)
https://www.theregister.com/2022/05/05/fbi_cyber_scams/
Is voluntary cybersecurity enough for NZ’s critical infrastructure? (6 maj)
https://securitybrief.co.nz/story/is-voluntary-cybersecurity-enough-for-nz-s-critical-infrastructure
Ransomware: April 2022 review (6 maj)
https://blog.malwarebytes.com/threat-intelligence/2022/05/ransomware-april-2022-review/
CERT-SE i veckan
Kritisk sårbarhet i Cisco Enterprise NFV Infrastructure Software