CERT-SE:s veckobrev v.14

Veckobrev

Bland nyhetshändelserna i veckan finns driftstörningar och överbelastningsangrepp samt rapporter om ett par internationella tillslag mot cyberkriminella. Vi har också inkluderat ett gäng rapporter som vi hoppas lockar till läsning under påskledigheten.

Glad påsk önskar CERT-SE!

Nyheter i veckan

3 tips for creating backups your organization can rely on when ransomware strikes (31 mar)
https://www.malwarebytes.com/blog/news/2023/03/3-tips-for-creating-backups-your-organization-can-rely-on-when-ransomware-strikes

German Police Raid DDoS-Friendly Host ‘FlyHosting’ (31 mar)
https://krebsonsecurity.com/2023/03/german-police-raid-ddos-friendly-host-flyhosting/

Efter två krascher – nu fungerar CSN:s sajt igen (1 apr)
https://www.svt.se/nyheter/inrikes/article39214263.svt

Förseningar i tågtrafiken efter it-strul (1 apr)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1087125

Fake ransomware gang targets U.S. orgs with empty data leak threats (1 apr)
https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

Western Digital suffers cyber attack, shuts down systems (3 apr)
https://www.itpro.co.uk/security/cyber-attacks/370369/western-digital-suffers-cyber-attack-shuts-down-systems

Western Digital Provides Information on Network Security Incident (3 apr)
https://www.businesswire.com/news/home/20230402005076/en/Western-Digital-Provides-Information-on-Network-Security-Incident

Microsoft OneNote Starts Blocking Dangerous File Extensions (3 apr)
https://www.securityweek.com/microsoft-onenote-starts-blocking-dangerous-file-extensions/

3CX Attack Shows The Dangers Of ‘Alert Fatigue’ For Cybersecurity (3 apr)
https://www.crn.com/news/security/3cx-attack-shows-the-dangers-of-alert-fatigue-for-cybersecurity

Överbelastningsattack mot Finlands riksdag och VTT (4 apr)
https://www.hbl.fi/artikel/54846a54-c58a-4637-b700-f3ba74792b67

Helsingforsregionens trafiks webbplats kraschade: Handlar om en överbelastningsattack (4 apr)
https://svenska.yle.fi/a/7-10032016

Pirated Software Compromised Ukrainian Utility Company (4 apr)
https://www.bankinfosecurity.com/pirated-software-compromised-ukrainian-utility-company-a-21618

West Virginia Hospital to Report Breach in ‘Donut’ Data Leak (4 apr)
https://www.bankinfosecurity.com/west-virginia-hospital-to-report-breach-in-donut-data-leak-a-21617

Driftstörning hos Swish (4 apr)
https://www.svt.se/nyheter/inrikes/driftstorning-hos-swish-1

Stor marknadsplats för cyberbrott stängd – 119 gripna (betallänk) (5 apr)
https://www.dn.se/varlden/stor-marknadsplats-for-cyberbrott-stangd-119-gripna/

Illegal marknadsplats stoppad i Europolinsats (5 apr)
https://polisen.se/aktuellt/nyheter/2023/april/illegal-marknadsplats-stoppad-i-europolinsats–hade-tillgang-till-cirka-80-miljoner-inloggningsuppgifter/

Informationssäkerhet och blandat

Study: Women in cybersecurity feel excluded, disrespected (31 mar)
https://www.techrepublic.com/article/women-cybersecurity-excluded-disrespected/

Italy bans ChatGPT for ‘unlawful collection of personal data’ (31 mar)
https://www.theregister.com/2023/03/31/italy_bans_chatgpt_for_unlawful/

National Cyber Force reveals how daily cyber operations protect the UK (4 apr)
https://www.gchq.gov.uk/news/ncf-responsible-cyber-power-in-practice

Shadow data slipping past security teams (4 apr)
https://www.helpnetsecurity.com/2023/04/04/shadow-data-concerns/

Designing Tabletop Exercises That Actually Thwart Attacks (4 apr)
https://www.darkreading.com/edge-articles/designing-tabletop-exercises-truly-help-thwart-cyberattacks

How can organizations bridge the gap between DR and cybersecurity? (4 apr)
https://www.helpnetsecurity.com/2023/04/04/dr-cybersecurity-teams-integration/

Lack of security employees makes SMBs sitting ducks for cyber attacks (4 apr)
https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/

Riksrevisionen sätter digitala journaler under lupp (4 apr)
https://www.dagensmedicin.se/vardens-styrning/digitalisering/riksrevisionen-satter-digitala-journaler-under-lupp/

200 miljoner kronor pumpas in i svensk cybersäkerhetsforskning (5 apr)
https://computersweden.idg.se/2.2683/1.778091/200-miljoner-kronor-pumpas-in-i-svensk-cybersakerhetsforskning

Rapporter

Malicious ISO File Leads to Domain Wide Ransomware (3 apr)
https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/

Förslag på åtgärder för att möta cyberhot mot elsystemet — en rapport (3 apr)
https://www.ri.se/sv/forslag-pa-atgarder-for-att-mota-cyberhot-mot-elsystemet-en-rapport

Rapporten: https://www.ri.se/sites/default/files/2023-04/CfCs_Rapport_Cyberhot-mot-elsystemet_0.pdf

ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access (3 apr)
https://www.mandiant.com/resources/blog/alphv-ransomware-backup

Safe Travels? Check Point Research puts a spotlight on a growing underground market selling flight points, hotel rewards and stolen credential of airline accounts (3 apr)
https://blog.checkpoint.com/security/safe-travels-check-point-research-puts-a-spotlight-on-a-growing-underground-market-selling-flight-points-hotel-rewards-and-stolen-credential-of-airline-accounts/

STYX Marketplace emerged in Dark Web focused on Financial Fraud (3 apr)
https://www.resecurity.com/blog/article/styx-marketplace-emerged-in-dark-web-focused-on-financial-fraud

Rorschach – A New Sophisticated and Fast Ransomware (4 apr)
https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities (4 apr)
https://blog.talosintelligence.com/typhon-reborn-v2-features-enhanced-anti-analysis/

2023 State of Malware Report: What the channel needs to know to stay ahead of threats (4 apr)
https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023

CryptoClippy Speaks Portuguese (5 apr)
https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/

CERT-SE i veckan

Allvarliga sårbarheter i Cisco-produkter
https://www.cert.se/2023/04/allvarliga-sarbarheter-i-cisco-produkter