CERT-SE:s veckobrev v.49
Det har varit en intensiv vecka vad gäller cybersäkerhetsrelaterade händelser. Se nedan ett axplock av de senaste nyheterna och fördjupningarna på temat.
Trevlig läsning och helg önskar CERT-SE!
Nyheter i veckan
Misstänkt cyberattack slår mot kreditupplysning och tvättstugebokningar (2 dec)
https://www.svt.se/nyheter/inrikes/cyber
MSB om it-angreppen: Ser inget samband (2 dec)
https://tt.omni.se/msb-om-it-angreppen-ser-inget-samband/a/VPgJll
Spanish police arrest 55 people involved in wide-ranging cyberscam operation (2 dec)
https://therecord.media/spanish-police-arrest-55-people-involved-in-wide-ranging-cyberscam-operation/
Open source software host Fosshost shutting down as CEO unreachable (4 dec)
https://www.bleepingcomputer.com/news/technology/open-source-software-host-fosshost-shutting-down-as-ceo-unreachable/
Android malware apps with 2 million installs spotted on Google Play (4 dec)
https://www.bleepingcomputer.com/news/security/android-malware-apps-with-2-million-installs-spotted-on-google-play/
French hospital cancels operations after cyberattack (5 dec)
https://techxplore.com/news/2022-12-french-hospital-cancels-cyberattack.html
Pehrson om cyberattacken: ”Sätt att visa att det finns en hotbild” (5 dec)
https://www.svt.se/nyheter/inrikes/pehrson-om-cyberattackerna-en-fraga-for-sakerhetspolisen
Ministern om it-attacken: Allvarlig hotbild (5 dec)
https://www.gp.se/ekonomi/ministern-om-it-attacken-allvarlig-hotbild-1.87184200
Cyberpolisen utreder it-brottet – klassas som grovt dataintrång (6 dec)
https://sverigesradio.se/artikel/cyberpolisen-utreder-it-brottet-klassas-som-grovt-dataintrang
Grovt dataintrång mot företag i Växjö (6 dec)
https://sverigesradio.se/artikel/grovt-dataintrang-mot-foretag-i-vaxjo
Datahaveri i flera regioner (6 dec)
https://www.svt.se/nyheter/inrikes/datahaveri-i-flera-regioner
Ransomware Toolkit Cryptonite turning into an accidental wiper (6 dec)
https://securityaffairs.co/wordpress/139336/cyber-crime/cryptonite-ransomware-toolkit-wiper.html
KmsdBot botnet is down after operator sends typo in command (6 dec)
https://www.theregister.com/2022/12/06/botnet_kmsdbot_typo_code/
Massive DDoS attack takes Russia’s second-largest bank VTB offline (6 dec)
https://www.bleepingcomputer.com/news/security/massive-ddos-attack-takes-russia-s-second-largest-bank-vtb-offline/
Antwerp’s city services down after hackers attack digital partner (6 dec)
https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/
Multiple government departments in New Zealand affected by ransomware attack on IT provider (6 dec)
https://therecord.media/multiple-government-departments-in-new-zealand-affected-by-ransomware-attack-on-it-provider/
Efter flera angrepp – MSB uppmanar till ökad bevakning av it-miljön (7 dec)
https://computersweden.idg.se/2.2683/1.773991/efter-flera-angrepp–msb-uppmanar-till-okad-bevakning-av-it-miljon
Ännu en cyberattack mot Ekerö – kommunen i stabsläge (7 dec)
https://sverigesradio.se/artikel/annu-en-cyberattack-mot-ekero-kommunen-i-stabslage
Ingen attack bakom it-strul i region Sörmland (7 dec)
https://www.dn.se/sverige/ingen-attack-bakom-it-strul-i-region-sormland/
Fantasy – a new Agrius wiper deployed through a supply‑chain attack (7 dec)
https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/
New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network (7 dec)
https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html
Cyberattack on Top Indian Hospital Highlights Security Risk (7 dec)
https://www.securityweek.com/cyberattack-top-indian-hospital-highlights-security-risk
Apple finally adds encryption to iCloud backups (7 dec)
https://www.computerworld.com/article/3682649/apple-finally-adds-encryption-to-icloud-backups.html
EU Council moves to exclude software-as-a-service from new cybersecurity law (7 dec)
https://www.euractiv.com/section/cybersecurity/news/eu-council-moves-to-exclude-software-as-a-service-from-new-cybersecurity-law/
Rackspace confirms it suffered a ransomware attack (8 dec)
https://www.malwarebytes.com/blog/news/2022/12/rackspace-confirms-it-suffered-a-ransomware-attack
IT-attack mot danska försvaret – hemsidor låg nere (8 dec)
https://www.svt.se/nyheter/utrikes/it-attack-mot-danska-forsvaret-hemsidor-nere
A-kassorna fungerar igen (8 dec)
https://www.gp.se/ekonomi/a-kassorna-fungerar-igen-1.87423005
Inga attacker mot Region Sörmland och Västra Götalandsregionen (8 dec)
https://lakartidningen.se/aktuellt/nyheter/2022/12/inga-attacker-mot-sormland-och-vgr/
Säkerhetsbrister i nytt it-system – personal ”panikutbildas” (8 dec)
https://www.svt.se/nyheter/inrikes/sakerhetsbrister-i-trafikverkets-nya-it-system-personal-panikutbildas
Informationssäkerhet och övrigt
Exercise Cyber Coalition 2022 Concludes in Estonia (2 dec)
https://act.nato.int/articles/exercise-cyber-coalition-2022-concludes-estoniaGartner analysts reveal 8 cybersecurity predictions for 2023 (2 dec)
https://venturebeat.com/security/cybersecurity-predictions-gartner/
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies (2 dec)
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/
To fill the cybersecurity skills gap, the sector needs to boost diversity (2 dec)
https://www.weforum.org/agenda/2022/12/how-boosting-diversity-cybersecurity-skills-gap/
Federal Council submits dispatch on mandatory reporting of cyberattacks on critical infrastructures to Parliament (2 dec)
https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-92030.html
PTS övade cyberförsvar (5 dec)
https://www.aktuellsakerhet.se/pts-ovade-cyberforsvar/
NCSC driver pilotprojekt med finansiella aktörer (5 dec)
https://www.ncsc.se/aktuellt/NCSC_driver_pilotprojekt_med_finansiella_aktorer/
Amnesty International Canada target of sophisticated cyber-attack linked to China (5 dec)
https://www.amnesty.ca/news/news-releases/cyber-breach-statement/
Defcon Skimming: A new batch of Web Skimming attacks (5 dec)
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
DDoS Protection: 8 Simple Tactics (5 dec)
https://blogs.blackberry.com/en/2022/11/ddos-attack-8-simple-prevention-and-mitigation-strategies
Want to detect Cobalt Strike on the network? Look to process memory (6 dec)
https://www.theregister.com/2022/12/06/cobalt_strike_memory_unit_42/
Cyber-Terror In The Skies (6 dec)
https://www.forbes.com/sites/emilsayegh/2022/12/06/cyber-terror-in-the-skies/
Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Router (6 dec)
https://isc.sans.edu/diary/Mirai+Botnet+and+Gafgyt+DDoS+Team+Up+Against+SOHO+Routers/29304
Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide (6 dec)
https://thehackernews.com/2022/12/darknets-largest-mobile-malware.html
Vice Society: Profiling a Persistent Threat to the Education Sector (6 dec)
https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/
4 cybersecurity predictions for 2023 — SANS analysts look ahead (7 dec)
https://venturebeat.com/security/sans-cybersecurity-predictions/
10 Cybersecurity Predictions for 2023 (7 dec)
https://www.dbta.com/Editorial/News-Flashes/10-Cybersecurity-Predictions-for-2023-156268.aspx
Breaking the silence - Recent Truebot activity (8 dec)
https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/
Compromised Cloud Compute Credentials: Case Studies From the Wild (8 dec)
https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/
CISA: Phishing infographics (8 dec)
https://www.cisa.gov/phishing-infographic
CERT-SE i veckan
Ny Metasploit-modul möjliggör utnyttjande av ProxyNotShell-sårbarheter