CERT-SE:s veckobrev v.4
Med anledning av den senaste veckans händelser har detta veckobrev ett tydligt ransomware-tema. Läs det nationella cybersäkerhetscentrets publicering med information om incidentkoordinering, råd och rekommendationer och CERT-SE:s nya temasida med råd gällande förebyggande och hantering av Ransomware.
Trevlig helg!
Nyheter i veckan
UPPDATERING: Ransomware-attack påverkar Tietoevrys tjänster för vissa kunder i Sverige (21 jan)
https://www.tietoevry.com/se/nyhetsrum/alla-nyheter-och-pressmeddelanden/ovriga-nyheter/2024/01/uppdatering-kring-ransomware-attack-i-ett-av-tietoevrys-svenska-datacenter/
..
Tietoevry: Det systematiska återställningsarbetet fortsätter efter ransomware-attacken – de första kundsystemen är igång igen (25 jan)
https://www.tietoevry.com/se/nyhetsrum/alla-nyheter-och-pressmeddelanden/pressmeddelande/2024/01/tietoevry-det-systematiska-aterstallningsarbetet-fortsatter-efter-ransomware-attacken--de-forsta-kundsystemen-ar-igang/
IT-störningar hos Region Uppsala (21 jan) https://regionuppsala.se/politik-och-paverkan/pressrum/2024/januari/it-storningar-hos-region-uppsala/
Cyberattack påverkar Tietoevrys tjänster till ett antal kunder i Sverige (21 jan)
https://www.statenssc.se/nyheter/nyhetsarkiv/2024-01-21-cyberattack-paverkar-tietoevrys-tjanster-till-ett-antal-kunder-i-sverige
..
Lönesystem för över 120 myndigheter utslaget (22 jan)
https://www.dn.se/ekonomi/fortsatta-problem-efter-omfattande-it-attack/
Due to a ransomware attack at a hosting provider Munters releases preliminary fourth quarter and full year results 2023 (22 jan) https://www.munters.com/en/media/press-releases/20242/due-to-a-ransomware-attack-at-a-hosting-provider-munters-releases-preliminary-fourth-quarter-and-full-year-results-2023/
Cyberattack mot Tietoevry slår hårt – många drabbade (22 jan) https://computersweden.idg.se/2.2683/1.780796/cyberattack-mot-tietoevry-slar-hart-manga-drabbade
Trello API abused to link email addresses to 15 million accounts (23 jan) https://www.bleepingcomputer.com/news/security/trello-api-abused-to-link-email-addresses-to-15-million-accounts/
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver (23 jan) https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
Water services giant Veolia North America hit by ransomware attack (23 jan) https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/
Warning As 26 Billion Records Leak: Dropbox, LinkedIn, Twitter Named (23 jan) https://www.forbes.com/sites/daveywinder/2024/01/23/massive-26-billion-record-leak-dropbox-linkedin-twitterx-all-named/amp/
Miljoner lösenord till Facebook och Netflix läckta: ”Saftig siffra” (24 jan) https://www.svt.se/nyheter/inrikes/miljontals-losenord-till-facebook-och-netflix-har-lackt
Another Phobos Ransomware Variant Launches Attack – FAUST (25 jan) https://www.fortinet.com/blog/threat-research/phobos-ransomware-variant-launches-attack-faust
Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware (25 jan) https://therecord.media/local-governments-across-us-dealing-with-ransomware
Ukrainian energy giant, postal service, transportation agencies hit by cyberattacks (25jan) https://therecord.media/ukraine-cyberattacks-energy-postal-transportation
Kansas State, Clackamas Community College respond to cyberattacks (25 jan) https://therecord.media/kansas-state-university-ccc-oregon-cyberattacks
Midnight Blizzard: Guidance for responders on nation-state attack (25 jan) https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
Informationssäkerhet och blandat
Ransomware Cases Increased by 73% in 2023 showing our actions have not been enough to thwart the threat (15 jan) https://www.sans.org/blog/ransomware-cases-increased-greatly-in-2023/
Water and Wastewater Sector - Incident Response Guide (18 jan) https://www.cisa.gov/resources-tools/resources/water-and-wastewater-sector-incident-response-guide-0
Inside the SYSTEMBC Command-and-Control Server (19 jan) https://www.kroll.com/en/insights/publications/cyber/inside-the-systembc-malware-server
Många myter kring rysk cyberkrigföring mot Ukraina (19 jan)
https://www.foi.se/nyheter-och-press/nyheter/2023-12-19-manga-myter-kring-rysk-cyberkrigforing-mot-ukraina.html
..
Rapporten: https://www.foi.se/rapporter/rapportsammanfattning.html?reportNo=FOI-R--5513--SE
Engaging with Artificial Intelligence (AI) (24 jan) https://www.cyber.gov.au/resources-business-and-government/governance-and-user-education/governance/engaging-with-artificial-intelligence
Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (24 jan) https://blog.talosintelligence.com/talos-ir-quarterly-report-q4-2023/
Global ransomware threat expected to rise with AI, NCSC warns (24 jan) https://www.ncsc.gov.uk/news/global-ransomware-threat-expected-to-rise-with-ai
WaterISAC: 15 Security Fundamentals You Need to Know (24 jan) https://www.tripwire.com/state-of-security/waterisac-security-fundamentals
Fighting insider threats is tricky but essential work (25 jan) https://www.helpnetsecurity.com/2024/01/25/external-internal-threats/
QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams (25jan) https://www.hackread.com/qr-code-phishing-social-engineering-scams/
Säkerhetskollen: Är min mejladress säker? https://sakerhetskollen.se/testa-din-sakerhet/ar-din-mejladress-saker
Yearly Intel Trend Review: 2023 https://redsense.com/publications/yearly-intel-trend-review-2023/
CERT-SE i veckan
Kritisk sårbarhet i Juniper Secure Analytics (19 jan) https://www.cert.se/2024/01/Kritisk-sarbarhet-i-juno-secure-analytics.html
Kritisk sårbarhet i Cisco-produkter (25 jan) https://www.cert.se/2024/01/kritisk-sarbarhet-i-cisco-produkter.html
Uppdaterade råd kring utpressningsvirus (25 jan) https://www.cert.se/2024/01/uppdaterade-rad-kring-utpressningsvirus.html
Uppdaterade publiceringar
Kritiska sårbarheter i Confluence-produkter (23 jan) https://www.cert.se/2024/01/kritiska-sarbarheter-i-confluence-produkter.html
Kritiska sårbarheter i Ivanti Connect Secure och Policy Secure (24 jan) https://www.cert.se/2024/01/kritiska-sarbarheter-i-ivanti-connect-secure-och-policy-secure.html