CERT-SE:s veckobrev v.27

Veckobrev

‘Raspberry Robin’ har hittats i hundratals företagsnätverk. Nya ransomware att hålla koll på. NCSC-UK har en vägledning om hur organisationer kan undvika personalutbrändhet under en längre period av ökat cyberhot.

Passa på att vila när tillfälle ges eller testa FOI:s självstudieuppgifter och träna på tekniker och verktyg.

Trevlig helg!

Nyheter i veckan

Facebook 2FA phish arrives just 28 minutes after scam domain created (1 jul)
https://nakedsecurity.sophos.com/2022/07/01/facebook-2fa-phish-arrives-just-28-minutes-after-scam-domain-created/

Microsoft finds Raspberry Robin worm in hundreds of Windows networks (2 jul)
https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/

Hacker claims to have stolen data on 1 billion Chinese citizens (4 jul)
https://www.bleepingcomputer.com/news/security/hacker-claims-to-have-stolen-data-on-1-billion-chinese-citizens/

NATO to Develop Rapid Cyber Response Capabilities (4 jul)
https://www.infosecurity-magazine.com/news/nato-rapid-cyber-response/

Ukrainian police takes down phishing gang behind payments scam (5 jul)
https://www.zdnet.com/article/ukrainian-police-takes-down-phishing-gang-behind-payments-scam/

Dutch University retrieves Bitcoin ransomware payment and makes a profit (5 jul)
https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/

Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug (5 jul)
https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/

New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (5 jul)
https://www.bleepingcomputer.com/news/security/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers/

Dålig it-beredskap på svenska företag – bara tre av tio klarar krig (5 jul)
https://computersweden.idg.se/2.2683/1.768138/dalig-it-beredskap-pa-svenska-foretag–bara-tre-av-tio-klarar-krig

President’s official website hit by major cyber attack on Saturday (5 jul)
https://news.err.ee/1608648340/president-s-official-website-hit-by-major-cyber-attack-on-saturday

VSingle malware that obtains C2 server information from GitHub (5 jul)
https://blogs.jpcert.or.jp/en/2022/07/vsingle.html

YamaBot Malware Used by Lazarus (5 jul)
https://blogs.jpcert.or.jp/en/2022/07/yamabot.html

Germany unveils plan to tackle cyberattacks on satellites (5 jul)
https://www.theregister.com/2022/07/05/bsi_satellite_baseline/

OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow (6 jul)
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/

QNAP: Checkmate ransomware group targeting customers through SMB Services (7 jul)
https://therecord.media/qnap-checkmate-ransomware-group-targeting-customers-through-smb-services/

This Is the Code the FBI Used to Wiretap the World (7 jul)
https://www.vice.com/en/article/v7veg8/anom-app-source-code-operation-trojan-shield-an0m

Rapporter

API security grows more critical, even as organizations lack means to address the risk (5 jul)
https://www.scmagazine.com/research-article/application-security/api-security-grows-more-critical-even-as-organizations-lack-means-to-address-the-risk

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors (5 jul)
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

Hive ransomware gets upgrades in Rust (5 jul)
https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/

The Active Adversary Playbook 2022 (7 jul)
https://news.sophos.com/en-us/2022/06/07/active-adversary-playbook-2022/

Händelser i Sverige

Försvarets radioanstalt får bredare uppdrag (2 jul)
https://www.regeringen.se/artiklar/2022/06/forsvarets-radioanstalt-far-bredare-uppdrag/

Micael Bydén: ”Vi utesluter ingenting” (4 jul)
https://www.expressen.se/nyheter/almedalen/micael-byden-vi–utesluter-ingenting/

Uppdrag till Myndigheten för samhällsskydd och beredskap och Försvarsmakten att pröva förmågan att rapportera och ta fram lägesbilder under höjd beredskap (7 jul)
https://www.regeringen.se/pressmeddelanden/2022/07/uppdrag-till-myndigheten-for-samhallsskydd-och-beredskap-och-forsvarsmakten-att-prova-formagan-att-rapportera-och-ta-fram-lagesbilder-under-hojd-beredskap/

Risk för cyberangrepp mot svenska valet (7 jul)
https://sverigesradio.se/artikel/risk-for-cyberangrepp-mot-svenska-valet

Informationssäkerhet och blandat

Rogue HackerOne employee steals bug reports to sell on the side (2 jul)
https://www.bleepingcomputer.com/news/security/rogue-hackerone-employee-steals-bug-reports-to-sell-on-the-side/

What to do about inherent security flaws in critical infrastructure? (3 jul)
https://www.theregister.com/2022/07/03/inherent_security_flaws_ics/

PTS och Digg får ökat ansvar för samhällets krisberedskap (4 jul)
https://www.aktuellsakerhet.se/pts-och-digg-far-okat-ansvar-for-samhallets-krisberedska/

Hacking wind turbines— Explained. (5 jul)
https://harmvandenbrink.medium.com/hacking-wind-turbines-explained-230997db62f6

Maintaining a sustainable strengthened cyber security posture (5 jul)
https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture

Förslaget: Organisera ett cyberhemvärn för frivilliga (7 jul)
https://www.dn.se/sverige/forslaget-organisera-ett-cyberhemvarn-for-frivilliga/

Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats (5 jul)
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum

Latvia and Canada join forces in a national information and communication technology threat hunting operation (5 jul)
https://cert.lv/en/2022/07/latvia-and-canada-join-forces-in-a-national-information-and-communication-technology-threat-hunting-operation

Marriott says hackers attempted to extort company with Baltimore hotel data theft (6 jul)
https://therecord.media/marriott-says-hackers-attempted-to-extort-company-with-baltimore-hotel-data-theft/

Lockdown Mode in iOS 16 will protect your iPhone from spyware (6 jul)
https://bgr.com/tech/lockdown-mode-in-ios-16-will-protect-your-iphone-from-spyware/

Phishing Attacks Are Getting Trickier (6 jul)
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier/

Självstudieuppgifter - Träna på tekniker och verktyg
https://www.foi.se/forskning/informationssakerhet/crate/sjalvstudieuppgifter—trana-pa-tekniker-och-verktyg.html