CERT-SE:s veckobrev v.8
Även denna vecka har överbelastningsangrepp förekommit i nyhetsrapporteringen. I övrigt ett axplock av de senaste nyheterna samt flera rapporter och fördjupningar på området.
Vi passar på att tipsa om vår artikel Råd för att förebygga och hantera överbelastningsangrepp som fick en uppdatering den 21 februari.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
German airports hit by DDoS attack (17 feb)
https://therecord.media/german-airports-hit-by-ddos-attack-anonymous-russia-claims-responsibility/
How Falling Crypto Prices Impacted Cyber Crime (17 feb)
https://securityintelligence.com/articles/cryptocurrency-crash-falling-cyber-crime/
How hackers can cause physical damage to bridges (17 feb)
https://www.helpnetsecurity.com/2023/02/17/how-hackers-can-cause-physical-damage-to-bridges-video/
Ministern: ”En omfattande attack” (19 feb)
https://www.tv4.se/artikel/55bzxDGFtIfyTQAABqujxu/nya-hackerattacker-mot-sverige
Cyberattacker mot flera sajter – SOS Alarm drabbat: ”Påverkar inte larmen” (19 feb)
https://sverigesradio.se/artikel/flera-sajter-har-problem-eller-ligger-nere-hackergrupp-sager-sig-ligga-bakom
If you’re struggling to secure email forwarding, it’s not you, it’s … the protocols (19 feb)
https://www.theregister.com/2023/02/19/forwarding_email_security/
Lockbit ransomware gang hit the Portuguese municipal water utility Aguas do Porto (20 feb)
https://securityaffairs.com/142477/cyber-crime/lockbit-water-utility-aguas-do-porto.html
CERT-SE vid MSB stödjer verksamheter i pågående överbelastningsangrepp (20 feb)
https://www.msb.se/sv/aktuellt/nyheter/2023/februari/cert-se-vid-msb-stodjer-verksamheter-i-pagaende-overbelastningsangrepp/
FBI “Contains” Cyber-Incident on its Network (20 feb)
https://www.infosecurity-magazine.com/news/fbi-contains-cyberincident-on-its/
Microsoft Outlook flooded with spam due to broken email filters (20 feb)
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/
Decoding the Inner Workings of DarkCloud Stealer (20 feb)
https://blog.cyble.com/2023/02/20/decoding-the-inner-workings-of-darkcloud-stealer/
Cyber Attacks on Data Center Organizations (20 feb)
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations
DNA testing biz vows to improve infosec after criminals break into database it forgot it had (20 feb)
https://www.theregister.com/2023/02/20/dna_testing_firm_pays_200k/
Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity (20 feb)
https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/
Dataintrång på Victoriahem – boende drabbas (21 feb)
https://sverigesradio.se/artikel/bostadsbolag-utsatt-for-it-brott
Finska Cybersäkerhetscentrets veckoöversikt (21 feb)
https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/cybersakerhetscentrets-veckooversikt-72023
Sensitive US military emails spill online (21 feb)
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/
HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance (21 feb)
https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/
…https://www.varonis.com/blog/hardbit-2.0-ransomware
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm (21 feb)
https://www.securityweek.com/ai-helps-crack-a-nist-recommended-post-quantum-encryption-algorithm/
Accidental WhatsApp account takeovers? It’s a thing (21 feb)
https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/
Fifth of Brits Have Fallen Victim to Online Scammers (21 feb)
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Activision confirms data breach exposing employee and game info (21 feb)
https://www.bleepingcomputer.com/news/security/activision-confirms-data-breach-exposing-employee-and-game-info/
How NPM Packages Were Used to Spread Phishing Links (21 feb)
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Överbelastningsangrepp på flera samhällsaktörers webbplatser (22 feb)
https://www.ncsc.se/aktuellt/overbelastningsangrepp/
Säpo: Oro i omvärlden ökar hotet mot Sveriges säkerhet (22 feb)
https://www.svt.se/nyheter/inrikes/sapo-oro-i-omvarlden-okar-hotet-mot-sverige
Most vulnerabilities associated with ransomware are old (22 feb)
https://www.helpnetsecurity.com/2023/02/22/vulnerabilities-ransomware-old/
Patient data stolen ahead of CentraState cyberattack, impacting 617K (22 feb)
https://www.scmagazine.com/news/ransomware/patient-data-stolen-centrastate-cyberattack-impacting-617k
NSA shares guidance on how to secure your home network (22 feb)
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-on-how-to-secure-your-home-network/
…https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
Aneby kommun övar på IT-attacker – “Känns väldigt aktuellt” (22 feb)
https://sverigesradio.se/artikel/aneby-kommun-ovar-pa-it-attacker-kanns-valdigt-aktuellt
Experten: Därför byter hackergruppen måltavla (22 feb)
https://www.svt.se/nyheter/inrikes/danska-sajter-utsatta-for-hackerattack-hackergruppen-varnade-innan
Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia (22 feb)
https://thehackernews.com/2023/02/hydrochasma-new-threat-actor-targets.html
Developers beware: Imposter HTTP libraries lurk on PyPI (22 feb)
https://www.reversinglabs.com/blog/beware-impostor-http-libraries-lurk-on-pypi
The Growing Threat of ChatGPT-Based Phishing Attacks (22 feb)
https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/
Hackergruppen ”Anonymous Sudan” fick 61 servrar nedtagna: ”Stoppat dem temporärt” (23 feb)
https://www.svt.se/nyheter/inrikes/hackergruppen-fick-61-servrar-nedtagna
…https://www.svd.se/a/BWwWq0/hackergruppen-stoppad-av-svenskar
Fruit giant Dole suffers ransomware attack impacting operations (23 feb)
https://www.bleepingcomputer.com/news/security/fruit-giant-dole-suffers-ransomware-attack-impacting-operations/
Open source software has its perks, but supply chain risks can’t be ignored (22 feb)
https://www.theregister.com/2023/02/22/open_software_supply_chain_risks/
…https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
Never Trust Your Application’s Supply Chain with Security (22 feb)
https://blog.radware.com/application-security-4/2023/02/never-trust-your-applications-supply-chain-with-security/
Cyber Security Headlines: Dole ransomware attack, stress devours CISOs, new Lazarus backdoor (24 feb)
https://cisoseries.com/cyber-security-headlines-dole-ransomware-attack-stress-devours-cisos-new-lazarus-backdoor/
CERT-EU: Russia’s war on Ukraine: one year of cyber operations (24 feb)
https://cert.europa.eu/static/MEMO/2023/TLP-CLEAR-CERT-EU-1YUA-CyberOps.pdf
Informationssäkerhet och blandat
EU lawmakers argue against signing US data-transfer pact (17 feb)
https://www.theregister.com/2023/02/17/adequacy_decision_us_data_transfer/
Inglis Retires as National Cyber Director Ahead of Biden’s Cybersecurity EO (17 feb)
https://www.darkreading.com/operations/inglis-resigns-national-cyber-director-biden-cybersecurity-eo
Brussels sets out to fix the GDPR (20 feb)
https://www.politico.eu/article/brussels-plans-new-privacy-enforcement-law-by-summer/
Truesec: Anonymous Sudan - Threat Intelligence Report (20 feb)
https://www.truesec.com/hub/report/anonymous-sudan
ENISA: Interoperable EU Risk Management Toolbox (21 feb)
https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-toolbox
Trend Micro: A Deep Dive into the Evolution of Ransomware (21 feb)
https://www.trendmicro.com/en_se/research/23/b/ransomware-evolution-part-1.html
Microsoft: 2022 in review - DDoS attack trends and insights (21 feb)
https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/
Gartner: 1 in 4 CISOs Wants to Say Sayonara to Security (22 feb)
https://www.darkreading.com/risk/1-in-4-cisos-will-leave-cybersecurity-by-2025
…https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaders-will-change-jobs-by-2025
Fler GDPR-ärenden avgjordes 2022 – men färre fick böter (22 feb)
https://computersweden.idg.se/2.2683/1.776634/fler-gdpr-arenden-avgjordes-2022–men-farre-fick-boter
EU-kommissionen förbjuder Tiktok på sina enheter (23 feb)
https://www.dagensps.se/teknik/eu-kommissionen-forbjuder-tiktok-pa-sina-enheter/
…https://securityaffairs.com/142615/breaking-news/european-commission-banned-tiktok.html
CERT-SE i veckan
Fortinets månatliga säkerhetsuppdateringar för februari 2023 (uppdaterad 2023-02-22)