CERT-SE:s veckobrev v.12

Veckobrev

Blandade nyheter från veckan som gått, bland annat flera it-relaterade störningar i samhällsviktig verksamhet. I veckobrevet har vi även samlat ihop ett antal intressanta rapporter för fördjupning.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

NBA alerts fans of a data breach exposing personal information (17 mar)
https://www.bleepingcomputer.com/news/security/nba-alerts-fans-of-a-data-breach-exposing-personal-information/

Emotet malware now distributed in Microsoft OneNote files to evade defenses (18 mar)
https://www.bleepingcomputer.com/news/security/emotet-malware-now-distributed-in-microsoft-onenote-files-to-evade-defenses/

Emotet resumes spam operations, switches to OneNote (22 mar)
https://blog.talosintelligence.com/emotet-switches-to-onenote/

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (19 mar)
https://www.bleepingcomputer.com/news/security/new-hinatabot-botnet-could-launch-massive-33-tbps-ddos-attacks/

Play ransomware gang hit Dutch shipping firm Royal Dirkzwager (20 mar)
https://securityaffairs.com/143714/cyber-crime/play-ransomware-royal-dirkzwager.html

2023-03: ACSC Ransomware Profile – Lockbit 3.0 (20 mar)
https://www.cyber.gov.au/acsc/view-all-content/advisories/2023-03-acsc-ransomware-profile-lockbit-30

Ferrari Says Ransomware Attack Exposed Customer Data (20 mar)
https://www.securityweek.com/ferrari-says-ransomware-attack-exposed-customer-data/

Cyber Incident in Ferrari (20 mar)
https://www.ferrari.com/en-EN/corporate/articles/cyber-incident-in-ferrari

It-attack hos Västtrafik påverkar sjukresor och färdtjänst (20 mar)
https://www.gp.se/nyheter/g%C3%B6teborg/it-attack-hos-v%C3%A4sttrafik-p%C3%A5verkar-sjukresor-och-f%C3%A4rdtj%C3%A4nst-1.94991552

Efter IT-attacken: Problemen hos Västtrafik blir kvar över helgen (21 mar)
https://sverigesradio.se/artikel/tekniskt-problem-drabbar-sjuk-och-fardtjanstresor

Nu fungerar resorna igen hos Västtrafiks anropsstyrda trafik (23 mar)
https://www.vasttrafik.se/om-vasttrafik/presstjanst/pressmeddelande/3343201/

Skylink hit by hacker attack (22 mar)
https://www.broadbandtvnews.com/2023/03/22/skylink-hit-by-hacker-attack/

Royal Mail-owned logistics company GLS hit by infostealing cyberattack (22 mar)
https://techmonitor.ai/technology/cybersecurity/gls-cyberattack-royal-mail

New victims come forward after mass-ransomware attack (22 mar)
https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

Bogus ChatGPT extension steals Facebook cookies (23 mar)
https://www.theregister.com/2023/03/23/chatgpt_fake_chrome_extension/

Varning för bluffmejl i deklarationstider (23 mar)
https://sakerhetskollen.se/aktuella-brott/varning-for-bluffmejl-i-deklarationstider

Driftstörningar på Sveriges Radio (23 mar)
https://www.dn.se/sverige/driftstorningar-pa-sveriges-radio/

Trygghetslarm ligger nere i 150 kommuner (23 mar)
https://sverigesradio.se/artikel/trygghetslarm-ligger-nere-i-150-kommuner

Konstaterad cyberattack bakom gårdagens utslagna trygghetslarm (24 mar)
https://sverigesradio.se/artikel/konstaterad-cyberattack-bakom-gardagens-utslagna-trygghetslarm

Informationssäkerhet och blandat

Why You Should Opt Out of Sharing Data With Your Mobile Provider (20 mar)
https://krebsonsecurity.com/2023/03/why-you-should-opt-out-of-sharing-data-with-your-mobile-provider/

NCSC launches flagship new services to help millions of small organisations stay safe online (21 mar)
https://www.ncsc.gov.uk/news/ncsc-launches-new-services-help-small-organisations-online

Cybersecurity rules: Only 15 entities reported incidents within the stipulated 6 hours, RTI reveals (21 mar)
https://www.medianama.com/2023/03/223-cybersecurity-incident-reporting-six-hour-window-rti/

ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practices for Administrators (21 mar)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3336001/esf-partners-nsa-and-cisa-release-identity-and-access-management-recommended-be/

Norska nationella säkerhetsmyndigheten: Anbefaler ikke Tiktok eller Telegram på tjenesteenheter (21 mar)
https://nsm.no/aktuelt/anbefaler-ikke-tiktok-eller-telegram-pa-tjenesteenheter

”Den största utmaningen är att en stor mängd okänd utrustning ansluter till vårt nät” (22 mar)
https://www.aktuellsakerhet.se/den-storsta-utmaningen-ar-att-en-stor-mangd-okand-utrustning-ansluter-till-vart-nat/

Lionsgate streaming platform with 37m subscribers leaks user data (22 mar)
https://cybernews.com/security/lionsgate-data-leak/

Nytt verktyg från CISA: Untitled Goose Tool (23 mar)
https://www.cisa.gov/resources-tools/resources/untitled-goose-tool-fact-sheet

Regeringen uppdrar till MSB att erbjuda effektivare informationssäkerhetsarbete till näringslivet (23 mars)
https://www.regeringen.se/pressmeddelanden/2023/03/regeringen-uppdrar-till-msb-att-erbjuda-effektivare-informationssakerhetsarbete-till-naringslivet/

Rapporter

A Look at The 2023 Global Automotive Cybersecurity Report (20 mar)
https://www.tripwire.com/state-of-security/global-automotive-cybersecurity-report

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace (20 mar)
https://www.mandiant.com/resources/blog/zero-days-exploited-2022

Mitigating SSRF in 2023 (20 mar)
https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023/

A look at a Magecart skimmer using the Hunter obfuscator (21 mar)
https://www.malwarebytes.com/blog/threat-intelligence/2023/03/hunter-skimmer

Understanding Cyber Threats in Transport (21 mar)
https://www.enisa.europa.eu/news/understanding-cyber-threats-in-transport

Rapporten: https://www.enisa.europa.eu/publications/enisa-transport-threat-landscape

We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems (22 mar)
https://www.mandiant.com/resources/blog/hacktivists-targeting-ot-systems

Stopping Vendor Email Compromise in Action: Threat Actors Request Invoice for $36 Million (22 mar)
https://intelligence.abnormalsecurity.com/blog/36-million-vendor-fraud

Malicious JavaScript Injection Campaign Infects 51k Websites (23 mar)
https://unit42.paloaltonetworks.com/malicious-javascript-injection/

UK Ransomware Trends: Lessons for 2023
https://www.jumpsec.com/uk-ransomware-trends-lessons-for-2023/

CERT NZ: 2022 Report summary
https://www.cert.govt.nz/about/quarterly-report/2022-report-summary/