CERT-SE:s veckobrev v.8

Veckobrev

Även denna vecka har överbelastningsangrepp förekommit i nyhetsrapporteringen. I övrigt ett axplock av de senaste nyheterna samt flera rapporter och fördjupningar på området.

Vi passar på att tipsa om vår artikel Råd för att förebygga och hantera överbelastningsangrepp som fick en uppdatering den 21 februari.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

German airports hit by DDoS attack (17 feb)
https://therecord.media/german-airports-hit-by-ddos-attack-anonymous-russia-claims-responsibility/

How Falling Crypto Prices Impacted Cyber Crime (17 feb)
https://securityintelligence.com/articles/cryptocurrency-crash-falling-cyber-crime/

How hackers can cause physical damage to bridges (17 feb)
https://www.helpnetsecurity.com/2023/02/17/how-hackers-can-cause-physical-damage-to-bridges-video/

Ministern: ”En omfattande attack” (19 feb)
https://www.tv4.se/artikel/55bzxDGFtIfyTQAABqujxu/nya-hackerattacker-mot-sverige

Cyberattacker mot flera sajter – SOS Alarm drabbat: ”Påverkar inte larmen” (19 feb)
https://sverigesradio.se/artikel/flera-sajter-har-problem-eller-ligger-nere-hackergrupp-sager-sig-ligga-bakom

If you’re struggling to secure email forwarding, it’s not you, it’s … the protocols (19 feb)
https://www.theregister.com/2023/02/19/forwarding_email_security/

Lockbit ransomware gang hit the Portuguese municipal water utility Aguas do Porto (20 feb)
https://securityaffairs.com/142477/cyber-crime/lockbit-water-utility-aguas-do-porto.html

CERT-SE vid MSB stödjer verksamheter i pågående överbelastningsangrepp (20 feb)
https://www.msb.se/sv/aktuellt/nyheter/2023/februari/cert-se-vid-msb-stodjer-verksamheter-i-pagaende-overbelastningsangrepp/

FBI “Contains” Cyber-Incident on its Network (20 feb)
https://www.infosecurity-magazine.com/news/fbi-contains-cyberincident-on-its/

Microsoft Outlook flooded with spam due to broken email filters (20 feb)
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/

Decoding the Inner Workings of DarkCloud Stealer (20 feb)
https://blog.cyble.com/2023/02/20/decoding-the-inner-workings-of-darkcloud-stealer/

Cyber Attacks on Data Center Organizations (20 feb)
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations

DNA testing biz vows to improve infosec after criminals break into database it forgot it had (20 feb)
https://www.theregister.com/2023/02/20/dna_testing_firm_pays_200k/

Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity (20 feb)
https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

Dataintrång på Victoriahem – boende drabbas (21 feb)
https://sverigesradio.se/artikel/bostadsbolag-utsatt-for-it-brott

Finska Cybersäkerhetscentrets veckoöversikt (21 feb)
https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/cybersakerhetscentrets-veckooversikt-72023

Sensitive US military emails spill online (21 feb)
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/

HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance (21 feb)
https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/https://www.varonis.com/blog/hardbit-2.0-ransomware

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm (21 feb)
https://www.securityweek.com/ai-helps-crack-a-nist-recommended-post-quantum-encryption-algorithm/

Accidental WhatsApp account takeovers? It’s a thing (21 feb)
https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/

Fifth of Brits Have Fallen Victim to Online Scammers (21 feb)
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

Activision confirms data breach exposing employee and game info (21 feb)
https://www.bleepingcomputer.com/news/security/activision-confirms-data-breach-exposing-employee-and-game-info/

How NPM Packages Were Used to Spread Phishing Links (21 feb)
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/

Överbelastningsangrepp på flera samhällsaktörers webbplatser (22 feb)
https://www.ncsc.se/aktuellt/overbelastningsangrepp/

Säpo: Oro i omvärlden ökar hotet mot Sveriges säkerhet (22 feb)
https://www.svt.se/nyheter/inrikes/sapo-oro-i-omvarlden-okar-hotet-mot-sverige

Most vulnerabilities associated with ransomware are old (22 feb)
https://www.helpnetsecurity.com/2023/02/22/vulnerabilities-ransomware-old/

Patient data stolen ahead of CentraState cyberattack, impacting 617K (22 feb)
https://www.scmagazine.com/news/ransomware/patient-data-stolen-centrastate-cyberattack-impacting-617k

NSA shares guidance on how to secure your home network (22 feb)
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-on-how-to-secure-your-home-network/https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF

Aneby kommun övar på IT-attacker – “Känns väldigt aktuellt” (22 feb)
https://sverigesradio.se/artikel/aneby-kommun-ovar-pa-it-attacker-kanns-valdigt-aktuellt

Experten: Därför byter hackergruppen måltavla (22 feb)
https://www.svt.se/nyheter/inrikes/danska-sajter-utsatta-for-hackerattack-hackergruppen-varnade-innan

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia (22 feb)
https://thehackernews.com/2023/02/hydrochasma-new-threat-actor-targets.html

Developers beware: Imposter HTTP libraries lurk on PyPI (22 feb)
https://www.reversinglabs.com/blog/beware-impostor-http-libraries-lurk-on-pypi

The Growing Threat of ChatGPT-Based Phishing Attacks (22 feb)
https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/

Hackergruppen ”Anonymous Sudan” fick 61 servrar nedtagna: ”Stoppat dem temporärt” (23 feb)
https://www.svt.se/nyheter/inrikes/hackergruppen-fick-61-servrar-nedtagnahttps://www.svd.se/a/BWwWq0/hackergruppen-stoppad-av-svenskar

Fruit giant Dole suffers ransomware attack impacting operations (23 feb)
https://www.bleepingcomputer.com/news/security/fruit-giant-dole-suffers-ransomware-attack-impacting-operations/

Open source software has its perks, but supply chain risks can’t be ignored (22 feb)
https://www.theregister.com/2023/02/22/open_software_supply_chain_risks/https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/

Never Trust Your Application’s Supply Chain with Security (22 feb)
https://blog.radware.com/application-security-4/2023/02/never-trust-your-applications-supply-chain-with-security/

Cyber Security Headlines: Dole ransomware attack, stress devours CISOs, new Lazarus backdoor (24 feb)
https://cisoseries.com/cyber-security-headlines-dole-ransomware-attack-stress-devours-cisos-new-lazarus-backdoor/

CERT-EU: Russia’s war on Ukraine: one year of cyber operations (24 feb)
https://cert.europa.eu/static/MEMO/2023/TLP-CLEAR-CERT-EU-1YUA-CyberOps.pdf

Informationssäkerhet och blandat

EU lawmakers argue against signing US data-transfer pact (17 feb)
https://www.theregister.com/2023/02/17/adequacy_decision_us_data_transfer/

Inglis Retires as National Cyber Director Ahead of Biden’s Cybersecurity EO (17 feb)
https://www.darkreading.com/operations/inglis-resigns-national-cyber-director-biden-cybersecurity-eo

Brussels sets out to fix the GDPR (20 feb)
https://www.politico.eu/article/brussels-plans-new-privacy-enforcement-law-by-summer/

Truesec: Anonymous Sudan - Threat Intelligence Report (20 feb)
https://www.truesec.com/hub/report/anonymous-sudan

ENISA: Interoperable EU Risk Management Toolbox (21 feb)
https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-toolbox

Trend Micro: A Deep Dive into the Evolution of Ransomware (21 feb)
https://www.trendmicro.com/en_se/research/23/b/ransomware-evolution-part-1.html

Microsoft: 2022 in review - DDoS attack trends and insights (21 feb)
https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/

Gartner: 1 in 4 CISOs Wants to Say Sayonara to Security (22 feb)
https://www.darkreading.com/risk/1-in-4-cisos-will-leave-cybersecurity-by-2025https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaders-will-change-jobs-by-2025

Fler GDPR-ärenden avgjordes 2022 – men färre fick böter (22 feb)
https://computersweden.idg.se/2.2683/1.776634/fler-gdpr-arenden-avgjordes-2022–men-farre-fick-boter

EU-kommissionen förbjuder Tiktok på sina enheter (23 feb)
https://www.dagensps.se/teknik/eu-kommissionen-forbjuder-tiktok-pa-sina-enheter/https://securityaffairs.com/142615/breaking-news/european-commission-banned-tiktok.html

CERT-SE i veckan

Fortinets månatliga säkerhetsuppdateringar för februari 2023 (uppdaterad 2023-02-22)

Kritisk sårbarhet i Ciscos open source-produkt ClamAV