CERT-SE:s veckobrev v.5
Veckans nyhetsflöde bjuder på blandad läsning och två nypublicerade artiklar från CERT-SE, CERT-SE uppmanar till uppmärksamhet mot DDoS och Flera fall av nätfiske med liknande angreppssätt
Trevlig läsning och helg önskar CERT-SE!
Nyheter i veckan
Computer Sweden fyller 40 år (27 jan)
https://computersweden.idg.se/2.2683/1.775516/grattis-computer-sweden-40
Polisen hackade hackare – internationell insats knäckte ökänt ransomwaregäng (27 jan)
https://computersweden.idg.se/2.2683/1.775532/polisen-hackade-hackare–internationell-insats-knackte-okant-ransomwaregang
KFC, Pizza Hut, and Taco Bell Ransomware Attack Shuts Down 300 Restaurants in the UK (27 jan)
https://www.cpomagazine.com/cyber-security/kfc-pizza-hut-and-taco-bell-ransomware-attack-shuts-down-300-restaurants-in-the-uk/
PlugX malware hides on USB devices to infect new Windows hosts (27 jan)
https://www.bleepingcomputer.com/news/security/plugx-malware-hides-on-usb-devices-to-infect-new-windows-hosts/
Could hackers change the daily Wordle? Researchers are torn (28 jan)
https://therecord.media/could-hackers-change-the-daily-wordle-researchers-are-torn/
Russisk hackergruppe truer norske sykehus - som merker «unormal trafikk» (28 jan)
https://www.tv2.no/nyheter/russisk-hackergruppe-truer-norske-sykehus-som-merker-unormal-trafikk/15464144/
Shady reward apps on Google Play amass 20 million downloads (29 jan)
https://www.bleepingcomputer.com/news/security/shady-reward-apps-on-google-play-amass-20-million-downloads/
Danska centralbankens hemsida utsatt för överbelastningsattack (30 jan)
https://www.affarsvarlden.se/artikel/danska-centralbankens-hemsida-utsatt-for-overbelastningsattack
https://www.bt.dk/krimi/nationalbanken-under-angreb
British retailer JD Sports reveals 2-year-old intrusion affecting data of 10 million customers (30 jan)
https://therecord.media/british-retailer-jd-sports-reveals-2-year-old-intrusion-affecting-data-of-10-million-customers/
Realtek flaw accounted for 40% of attempts between August and December (30 jan)
https://www.scmagazine.com/news/device-security/realtek-flaw-accounted-for-40-of-attempts-between-august-and-december
Porsche halts NFT launch, phishing sites fill the void (30 jan)
https://www.bleepingcomputer.com/news/security/porsche-halts-nft-launch-phishing-sites-fill-the-void/
10 million customers exposed in JD Sports cyber attack (30 jan)
https://www.itpro.co.uk/security/cyber-attacks/369968/10-million-customers-exposed-in-jd-sports-cyber-attack
GitHub revokes code signing certificates stolen in repo hack (30 jan)
https://www.bleepingcomputer.com/news/security/github-revokes-code-signing-certificates-stolen-in-repo-hack/
U.S. No Fly list shared on a hacking forum, government investigating (30 jan)
https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/
QNAP fixes critical bug letting hackers inject malicious code (30 jan)
https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-letting-hackers-inject-malicious-code/
Facebook Bug Allows 2FA Bypass Via Instagram (30 jan)
https://www.darkreading.com/application-security/facebook-bug-2fa-bypass-instagram
Russia’s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (30 jan)
https://www.darkreading.com/attacks-breaches/russia-sandworm-apt-swarm-wiper-attacks-ukraine
U.S. No Fly list shared on a hacking forum, government investigating (30 jan)
https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/
En röra av 371 system fördröjde återstarten efter it-haveri i vården (31 jan)
https://computersweden.idg.se/2.2683/1.775697/en-rora-av-371-system-fordrojde-aterstarten-efter-it-haveri-i-varden
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector (31 jan)
https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html
New US ransomware strategy prioritizes victims but could make it harder to catch cybercriminals (31 jan)
https://edition.cnn.com/2023/01/31/politics/ransomware-disruption-hive-cybercrime/index.html
Circle K US spills partial credit card details, among other sensitive data (31 jan)
https://cybernews.com/security/circlek-leak-credit-card-exposed/
Microsoft: Over 100 threat actors deploy ransomware in attacks (31 jan)
https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/
PoS malware can block contactless payments to steal credit cards (31 jan)
https://www.bleepingcomputer.com/news/security/pos-malware-can-block-contactless-payments-to-steal-credit-cards/
Pro-Russia group Killnet targets US healthcare with DDoS attacks (31 jan)
https://securityaffairs.com/141598/hacktivism/killnet-ddos-us-healthcare.html
Microsoft disables verified partner accounts used for OAuth phishing (31 jan)
https://www.bleepingcomputer.com/news/security/microsoft-disables-verified-partner-accounts-used-for-oauth-phishing/
New DDoS-as-a-Service platform used in recent attacks on hospitals (1 feb)
https://www.bleepingcomputer.com/news/security/new-ddos-as-a-service-platform-used-in-recent-attacks-on-hospitals/
Nevada Ransomware Has Released Upgraded Locker (1 feb)
https://securityaffairs.com/141668/cyber-crime/nevada-ransomware-upgraded-locker.html
Google Fi Data Breach Reportedly Led to SIM Swapping (1 feb)
https://www.securityweek.com/google-fi-data-breach-reportedly-led-to-sim-swapping/
Danmark höjer cyberhot – även Sverige utsatt (1 feb)
https://www.gp.se/nyheter/sverige/danmark-h%C3%B6jer-cyberhot-%C3%A4ven-sverige-utsatt-1.91193468
https://www.dr.dk/nyheder/seneste/center-cybersikkerhed-haever-trusselsniveauet
Turkiska hackergruppens nya hot: Då släpper vi känslig data om svenskar (1 feb)
https://www.svt.se/nyheter/utrikes/efter-koran-branningen-och-nato-turkiska-hackergruppens-nya-hot-da-slapper-vi-kanslig-data-om-svenskar
Skyview Networks Suffers Security Incident (1 feb)
https://radioink.com/2023/02/01/skyview-networks-suffers-security-incident/
‘Global markets’ impacted by ransomware attack on financial software company (1 feb)
https://therecord.media/global-markets-impacted-by-ransomware-attack-on-financial-software-company/
Attackers abuse Microsoft’s ‘verified publisher’ status to steal data (1 feb)
https://www.theregister.com/2023/02/01/microsoft_oauth_attack_proofpoint/
Ransomware Leads to Nantucket Public Schools Shutdown (1 feb)
https://www.securityweek.com/ransomware-leads-to-nantucket-public-schools-shutdown/
Cybersecurity organizations fight back against rise of emotet and omnatuor malvertising (1 feb)
https://venturebeat.com/security/cybersecurity-sees-rise-of-emotet-and-the-omnatuor-malvertising/
DDoS attacks against financial firms and banks sees huge rise (1 feb)
https://www.techradar.com/news/ddos-attacks-against-financial-firms-and-banks-sees-huge-rise
Singapore, EU digital pact to cover ‘all areas’ of bilateral cooperation (1 feb)
https://www.zdnet.com/article/singapore-eu-digital-pact-to-cover-all-areas-of-bilateral-cooperation/
Maryland Hospital Suffers Ransomware Attack (1 feb)
https://healthitsecurity.com/news/maryland-hospital-suffers-ransomware-attack
LockBit ransomware goes ‘Green,’ uses new Conti-based encryptor (1 feb)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms (2 feb)
https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms
Super Bock says ‘cyber’ nasty ‘disrupting computer services’ (2 feb)
https://www.theregister.com/2023/02/02/super_bock_cyberattack/
City of London on High Alert After Ransomware Attack (2 feb)
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/
New GOOTLOADER Malware Uses Fileless Technique to Deploy Ransomware (2 feb)
https://cybersecuritynews.com/fileless-technique-to-deploy-ransomware/
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware (2 feb)
https://securityboulevard.com/2023/02/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (2 feb)
https://www.csoonline.com/article/3686580/apt-groups-use-ransomware-ttps-as-cover-for-intelligence-gathering-and-sabotage.html
Last year was the worst on record for crypto hacks, as North Korean groups cash in (2 feb)
https://therecord.media/last-year-was-the-worst-on-record-for-crypto-hacks-as-north-korean-groups-cash-in/
Ransomware gang attempts to extort UK school by posting files about at-risk children (2 feb)
https://therecord.media/vice-society-ransomware-guildford-school-student-data-extortion/
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (3 feb)
https://thehackernews.com/2023/02/cisa-alert-oracle-e-business-suite-and.html
IT Leaders Reveal Cyber Fears Around ChatGPT (3 feb)
https://www.infosecurity-magazine.com/news/it-leaders-fears-chatgpt/
Switzerland’s largest university confirms ‘serious cyberattack’ (3 feb)
https://therecord.media/switzerlands-largest-university-confirms-serious-cyberattack/
Informationssäkerhet och blandat
DIGG (Myndigheten för digital förvaltning): En e-legitimation för alla är en uppgift för staten (30 jan)
https://digg.se/om-oss/nyheter/nyheter/2023-01-30-debatt-en-e-legitimation-for-alla-ar-en-uppgift-for-staten
AT&T: Stories from the SOC - RapperBot, Mirai Botnet - C2, CDIR Drop over SSH (31 jan)
https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-rapperbot-mirai-botnet-c2-cdir-drop-over-ssh
CERT-EU: Cyber Security Brief January 2023 (1 feb)
https://cert.europa.eu/static/MEMO/2023/TLP-CLEAR-CB-23-02.pdf
SANS: Detecting (Malicious) OneNote files (1 feb)
https://isc.sans.edu/diary/rss/29494
Check Point: TrickGate, a packer used by malware to evade detection since 2016 (1 feb)
https://securityaffairs.com/141650/malware/trickgate-packer.html
Microsoft: Cyber attacks work because CISOs don’t do basic security (1 feb)
https://www.itworldcanada.com/article/cyber-attacks-work-because-cisos-dont-do-basic-security-microsoft/524809
AFCEA: Europe To Tackle Cyber in New Law (1 feb)
https://www.afcea.org/signal-media/cyber-edge/europe-tackle-cyber-new-law
MSB: 5G-nät viktigt för Sveriges totalförsvar (2 feb)
https://www.msb.se/sv/aktuellt/nyheter/2023/februari/5g-nat-viktigt-for-sveriges-totalforsvar/
Trend Micro: What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits (2 feb)
https://www.trendmicro.com/en_us/research/23/b/what-socs-need-to-know-about-water-dybbuk.html
Microsoft: Unpatched and exposed: the unique security risk of IoT/OT devices
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5e93n