CERT-SE:s veckobrev v.35
Återigen en hel del ransomware i veckans sammanställning, både faktiska incidenter men även några rapporter med analys och rådgivning om hur man kan arbeta för att göra verksamheten mer motståndskraftig mot olika typer av angrepp.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Is Your Business Prepared to Operate After a Ransomware Attack? (26 aug)
https://www.networkcomputing.com/interop/your-business-prepared-operate-after-ransomware-attack
Eight-Year Study Shows the Dark Side of WordPress Plugins (26 aug)
https://www.cc.gatech.edu/news/eight-year-study-shows-dark-side-wordpress-plugins
‘MagicWeb’ gives Nobelium threat group persistent access to compromised systems (26 aug)
https://www.scmagazine.com/news/network-security/magicweb-gives-nobelium-threat-group-persistent-access-to-compromised-systems
Cisa vill redan nu se bättre skydd mot cyberhot från kvantdatorer (27 aug)
https://computersweden.idg.se/2.2683/1.769729/cisa-vill-redan-nu-se-battre-skydd-mot-cyberhot-fran-kvantdatorer
Preparing Critical Infrastructure for Post-Quantum Cryptography
https://www.cisa.gov/sites/default/files/publications/cisa_insight_post_quantum_cryptography_508.pdf
LockBit ransomware gang gets aggressive with triple-extortion tactic (28 aug)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/
SD: Vi har utsatts för hackerattack (29 aug)
https://www.svt.se/nyheter/snabbkollen/sd-vi-har-utsatts-for-hackerattack
Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications (29 aug)
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
Montenegro says Russian cyberattacks threaten key state functions (29 aug)
https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/
Pirate sites ban in Austria took down Cloudflare CDNs by mistake (29 aug)
https://www.bleepingcomputer.com/news/security/pirate-sites-ban-in-austria-took-down-cloudflare-cdns-by-mistake/
Cyber Signals: 3 strategies for protection against ransomware (30 aug)
https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/
Underscores and DNS: The Privacy Story (31 aug)
https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002
Migration policy org confirms cyberattack after extortion group touts theft (31 aug)
https://therecord.media/migration-policy-org-confirms-cyberattack-after-extortion-group-touts-theft/
Ransomware Gang Accessed Water Supplier’s Control System (31 aug)
https://www.vice.com/en/article/4axaeq/ransomware-gang-accessed-water-suppliers-control-system
Hackers Hit Italian Oil Giant Eni’s Computer Network (31 aug)
https://www.bloomberg.com/news/articles/2022-08-31/hackers-hit-italian-oil-giant-eni-s-internal-computer-network
Ragnar Locker ransomware claims attack on Portugal’s flag airline (31 aug)
https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/
Advanced cyber-attack: NHS doctors’ paperwork piles up (31 aug)
https://www.bbc.com/news/technology-62725363
Threat Analysis Report: Ragnar Locker Ransomware Targeting the Energy Sector (1 sept)
https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector
New ransomware hits Windows, Linux servers of Chile govt agency (1 sept)
https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/
Over 1,000 iOS apps found exposing hardcoded AWS credentials (1 sept)
https://www.bleepingcomputer.com/news/security/over-1-000-ios-apps-found-exposing-hardcoded-aws-credentials/
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
NSA and CISA share tips to secure the software supply chain (1 sept)
https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-tips-to-secure-the-software-supply-chain/
Securing the software supply chain: Recommended practices guide for developers
https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_DEVELOPERS.PDF
Informationssäkerhet och blandat
Nato investigates hacker sale of missile firm data (26 aug)
https://www.bbc.com/news/technology-62672184
COVID-19 data put for sale on Dark Web (29 aug)
https://securityaffairs.co/wordpress/134952/deep-web/covid-19-data-dark-web.html
Gigantisk nätfiskekampanj har angripit hundratals företag (29 aug)
https://computersweden.idg.se/2.2683/1.769728/gigantisk-natfiskekampanj-har-gatt-pa-over-hundra-organisationer
Roasting 0ktapus: The phishing campaign going after Okta identity credentials (25 aug)
https://blog.group-ib.com/0ktapus
How 1-Time Passcodes Became a Corporate Liability (30 aug)
https://krebsonsecurity.com/2022/08/how-1-time-passcodes-became-a-corporate-liability/
British Airways customers targeted in lost luggage Twitter scam (30 aug)
https://www.malwarebytes.com/blog/news/2022/08/steer-clear-of-lost-luggage-scams-on-twitter
How and Why Do Teens Become Cyber Criminals? (30 aug)
https://securityintelligence.com/articles/why-teens-become-cyber-criminals/
Mobile Health Apps Are Falling Behind In Cybersecurity, Report Finds (30 aug)
https://medtech.pharmaintelligence.informa.com/MT145768/Mobile-Health-Apps-Are-Falling-Behind-In-Cybersecurity-Report-Finds
Hackers target politicians with fake news website (31 aug)
https://www.bbc.com/news/62728084
Introducing our new machine learning security principles (31 aug)
https://www.ncsc.gov.uk/blog-post/introducing-our-new-machine-learning-security-principles
Defending the expanding attack surface (31 aug)
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report