CERT-SE:s veckobrev v.14
Bland nyhetshändelserna i veckan finns driftstörningar och överbelastningsangrepp samt rapporter om ett par internationella tillslag mot cyberkriminella. Vi har också inkluderat ett gäng rapporter som vi hoppas lockar till läsning under påskledigheten.
Glad påsk önskar CERT-SE!
Nyheter i veckan
3 tips for creating backups your organization can rely on when ransomware strikes (31 mar)
https://www.malwarebytes.com/blog/news/2023/03/3-tips-for-creating-backups-your-organization-can-rely-on-when-ransomware-strikes
German Police Raid DDoS-Friendly Host ‘FlyHosting’ (31 mar)
https://krebsonsecurity.com/2023/03/german-police-raid-ddos-friendly-host-flyhosting/
Efter två krascher – nu fungerar CSN:s sajt igen (1 apr)
https://www.svt.se/nyheter/inrikes/article39214263.svt
Förseningar i tågtrafiken efter it-strul (1 apr)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1087125
Fake ransomware gang targets U.S. orgs with empty data leak threats (1 apr)
https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/
Western Digital suffers cyber attack, shuts down systems (3 apr)
https://www.itpro.co.uk/security/cyber-attacks/370369/western-digital-suffers-cyber-attack-shuts-down-systems
Western Digital Provides Information on Network Security Incident (3 apr)
https://www.businesswire.com/news/home/20230402005076/en/Western-Digital-Provides-Information-on-Network-Security-Incident
Microsoft OneNote Starts Blocking Dangerous File Extensions (3 apr)
https://www.securityweek.com/microsoft-onenote-starts-blocking-dangerous-file-extensions/
3CX Attack Shows The Dangers Of ‘Alert Fatigue’ For Cybersecurity (3 apr)
https://www.crn.com/news/security/3cx-attack-shows-the-dangers-of-alert-fatigue-for-cybersecurity
Överbelastningsattack mot Finlands riksdag och VTT (4 apr)
https://www.hbl.fi/artikel/54846a54-c58a-4637-b700-f3ba74792b67
Helsingforsregionens trafiks webbplats kraschade: Handlar om en överbelastningsattack (4 apr)
https://svenska.yle.fi/a/7-10032016
Pirated Software Compromised Ukrainian Utility Company (4 apr)
https://www.bankinfosecurity.com/pirated-software-compromised-ukrainian-utility-company-a-21618
West Virginia Hospital to Report Breach in ‘Donut’ Data Leak (4 apr)
https://www.bankinfosecurity.com/west-virginia-hospital-to-report-breach-in-donut-data-leak-a-21617
Driftstörning hos Swish (4 apr)
https://www.svt.se/nyheter/inrikes/driftstorning-hos-swish-1
Stor marknadsplats för cyberbrott stängd – 119 gripna (betallänk) (5 apr)
https://www.dn.se/varlden/stor-marknadsplats-for-cyberbrott-stangd-119-gripna/
Illegal marknadsplats stoppad i Europolinsats (5 apr)
https://polisen.se/aktuellt/nyheter/2023/april/illegal-marknadsplats-stoppad-i-europolinsats–hade-tillgang-till-cirka-80-miljoner-inloggningsuppgifter/
Informationssäkerhet och blandat
Study: Women in cybersecurity feel excluded, disrespected (31 mar)
https://www.techrepublic.com/article/women-cybersecurity-excluded-disrespected/
Italy bans ChatGPT for ‘unlawful collection of personal data’ (31 mar)
https://www.theregister.com/2023/03/31/italy_bans_chatgpt_for_unlawful/
National Cyber Force reveals how daily cyber operations protect the UK (4 apr)
https://www.gchq.gov.uk/news/ncf-responsible-cyber-power-in-practice
Shadow data slipping past security teams (4 apr)
https://www.helpnetsecurity.com/2023/04/04/shadow-data-concerns/
Designing Tabletop Exercises That Actually Thwart Attacks (4 apr)
https://www.darkreading.com/edge-articles/designing-tabletop-exercises-truly-help-thwart-cyberattacks
How can organizations bridge the gap between DR and cybersecurity? (4 apr)
https://www.helpnetsecurity.com/2023/04/04/dr-cybersecurity-teams-integration/
Lack of security employees makes SMBs sitting ducks for cyber attacks (4 apr)
https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/
Riksrevisionen sätter digitala journaler under lupp (4 apr)
https://www.dagensmedicin.se/vardens-styrning/digitalisering/riksrevisionen-satter-digitala-journaler-under-lupp/
200 miljoner kronor pumpas in i svensk cybersäkerhetsforskning (5 apr)
https://computersweden.idg.se/2.2683/1.778091/200-miljoner-kronor-pumpas-in-i-svensk-cybersakerhetsforskning
Rapporter
Malicious ISO File Leads to Domain Wide Ransomware (3 apr)
https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/
Förslag på åtgärder för att möta cyberhot mot elsystemet — en rapport (3 apr)
https://www.ri.se/sv/forslag-pa-atgarder-for-att-mota-cyberhot-mot-elsystemet-en-rapport
Rapporten: https://www.ri.se/sites/default/files/2023-04/CfCs_Rapport_Cyberhot-mot-elsystemet_0.pdf
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access (3 apr)
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Safe Travels? Check Point Research puts a spotlight on a growing underground market selling flight points, hotel rewards and stolen credential of airline accounts (3 apr)
https://blog.checkpoint.com/security/safe-travels-check-point-research-puts-a-spotlight-on-a-growing-underground-market-selling-flight-points-hotel-rewards-and-stolen-credential-of-airline-accounts/
STYX Marketplace emerged in Dark Web focused on Financial Fraud (3 apr)
https://www.resecurity.com/blog/article/styx-marketplace-emerged-in-dark-web-focused-on-financial-fraud
Rorschach – A New Sophisticated and Fast Ransomware (4 apr)
https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities (4 apr)
https://blog.talosintelligence.com/typhon-reborn-v2-features-enhanced-anti-analysis/
2023 State of Malware Report: What the channel needs to know to stay ahead of threats (4 apr)
https://www.malwarebytes.com/blog/business/2023/04/top-5-cyberthreats-facing-msps-and-vars-in-2023
CryptoClippy Speaks Portuguese (5 apr)
https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/
CERT-SE i veckan
Allvarliga sårbarheter i Cisco-produkter
https://www.cert.se/2023/04/allvarliga-sarbarheter-i-cisco-produkter