CERT-SE:s veckobrev v.22

Veckobrev

Ett matigt veckobrev med flera läsvärda rapporter, teknisk analys av skadlig kod och fördjupningar om bland annat spionprogrammet Snake, som nyligen stängdes ned.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains (28 maj)
https://www.bleepingcomputer.com/news/security/clever-file-archiver-in-the-browser-phishing-trick-uses-zip-domains/
.. Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims (29 maj)
https://thehackernews.com/2023/05/dont-click-that-zip-file-phishers.html

Hackers hold city of Augusta hostage in a ransomware attack (29 maj)
https://www.csoonline.com/article/3697854/hackers-hold-city-of-augusta-hostage-in-a-ransomware-attack.html

This new malware hijacks Windows WordPad to avoid detection (29 maj)
https://www.techradar.com/news/this-new-malware-hijacks-windows-wordpad-to-avoid-detection

Flash loan attack on Jimbos Protocol steals over $7.5 million (29 maj)
https://www.bleepingcomputer.com/news/security/flash-loan-attack-on-jimbos-protocol-steals-over-75-million/

Android apps containing SpinOk module with spyware features installed over 421,000,000 times (29 maj)
https://news.drweb.com/show/?i=14705

Lessons from Denmark: Why knowledge sharing is the most important weapon against cyber threats (30 maj)
https://www.weforum.org/agenda/2023/05/denmark-knowledge-sharing-key-to-cybersecurity-resilience/

Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme (30 maj)
https://www.welivesecurity.com/2023/05/30/tricks-trade-cybercrime-ring-fraud-scheme/

Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (30 maj)
https://thehackernews.com/2023/05/hackers-win-105000-for-reporting.html

MSB värd för internationell cybersäkerhetsövning i Sverige (31 maj)
https://www.msb.se/sv/aktuellt/nyheter/2023/maj/msb-vard-for-internationell-cybersakerhetsovning-i-sverige/

Ddos-attack lamslår nationella gymnasieprov i Grekland (31 maj)
https://computersweden.idg.se/2.2683/1.779312/ddos-attack-lamslar-nationella-gymnasieprov-i-grekland

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks (31 maj)
https://thehackernews.com/2023/05/dark-pink-apt-group-leverages.html

Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS (31 maj)
https://www.darkreading.com/endpoint/mirai-variant-tenda-zyxel-rce-ddos

SAS Airlines hit by $3 million ransom demand following DDoS attacks (31 maj)
https://www.bitdefender.com/blog/hotforsecurity/sas-airlines-hit-by-3-million-ransom-demand-following-ddos-attacks/
.. Hackare kan orsaka SAS-problemen (2 jun)
https://www.svt.se/nyheter/snabbkollen/hackare-kan-orsaka-sas-problemen

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies (1 jun)
https://securityaffairs.com/146915/cyber-crime/blackcat-ransomware-casepoint.html

Nytt cybersäkerhetscenter öppnar i Stockholm – ska sysselsätta 300 specialister (1 jun)
https://computersweden.idg.se/2.2683/1.779330/nytt-cybersakerhetscenter-oppnar-i-stockholm–ska-sysselsatta-300-specialister

A-kassornas motståndskraft ska utredas (1 jun)
https://www.svd.se/a/JQMkr8/a-kassornas-motstandskraft-ska-utredas
.. A-kassan ska fungera i kris och krig (2 jun)
https://www.regeringen.se/pressmeddelanden/2023/06/a-kassan-ska-fungera-i-kris-och-krig/

Rapporter och fördjupningar

Account Compromise, Financial Theft, and Supply Chain Attacks: Analyzing the Small and Medium Business APT Phishing Landscape in 2023 (24 maj)
https://www.proofpoint.com/us/blog/threat-insight/small-and-medium-business-APT-phishing-landscape-in-2023

Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies (25 maj)
https://www.trendmicro.com/en_us/research/23/e/abusing-web-services-using-automated-captcha-breaking-services-and-residential-proxies.html

What is a web shell? (26 maj)
https://blog.talosintelligence.com/what-is-a-web-shell/

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals (30 maj)
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html

Investigating BlackSuit Ransomware’s Similarities to Royal (31 maj)
https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html

New Horabot campaign targets the Americas (1 jun)
https://blog.talosintelligence.com/new-horabot-targets-americas/

Your web browsing habits may be less private than you think (1 jun)
https://research.ibm.com/blog/browser-fingerprinting

Informationssäkerhet och blandat

E-post från polisen efter intrång hos leverantör (26 maj)
https://polisen.se/aktuellt/nyheter/2023/maj/mail-fran-polismyndigheten-efter-intrang-hos-leverantor/
.. Sökande till polisen kan ha fått personuppgifter röjda efter cyberattack (26 maj)
https://www.svt.se/nyheter/inrikes/sokande-till-polisen-har-fatt-personuppgifter-rojda-efter-lacka
.. Ingen påverkan på IT-miljön efter cyberattack (1 jun)
https://www.kriminalvarden.se/om-kriminalvarden/nyheter/2023/juni/ingen-paverkan-pa-it-miljon-efter-cyberattack/

PyPI announces mandatory use of 2FA for all software publishers (28 maj)
https://www.bleepingcomputer.com/news/security/pypi-announces-mandatory-use-of-2fa-for-all-software-publishers/

MCNA Dental data breach impacts 8.9 million people after ransomware attack (29 maj)
https://www.bleepingcomputer.com/news/security/mcna-dental-data-breach-impacts-89-million-people-after-ransomware-attack/

New hacking forum leaks data of 478,000 RaidForums members (29 maj)
https://www.bleepingcomputer.com/news/security/new-hacking-forum-leaks-data-of-478-000-raidforums-members/

Capita cyber-attack: 90 organisations report data breaches (30 maj)
https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico

FBI-attacken som slog ut ryska spionprogrammet (31 maj)
https://sverigesradio.se/avsnitt/sa-fick-fbi-det-ryska-spionprogrammet-att-forstora-sig-sjalvt

Toyota finds more misconfigured servers leaking customer info (31 maj)
https://www.bleepingcomputer.com/news/security/toyota-finds-more-misconfigured-servers-leaking-customer-info/

FTC Orders Ring to Pay $5.8 Million in Refunds For Surveilling Customers, Failing to Stop Hackers (31 maj)
https://www.vice.com/en/article/5d9375/ftc-orders-ring-to-pay-5-million-in-refunds-failing-stop-hackers

Maryland License Plates Now Inadvertently Advertising Filipino Online Casino (31 maj)
https://www.vice.com/en/article/4a3xe9/maryland-license-plates-now-inadvertently-advertising-filipino-online-casino

Adversaries can reconstruct classified information from unclassified data, warns White House official (31 maj)
https://therecord.media/classified-data-reconstructed-from-unclassified-kemba-walden-cycon

Ethernet (50th Birthday) (1 jun)
https://youtu.be/TkOVgkcrvbg

CERT-SE i veckan

Kritisk sårbarhet i MOVEit Transfer

Nordisk-amerikansk cybersäkerhetsövning i Sverige