CERT-SE:s veckobrev v.11
I veckan har MSB:s årsrapport för föregående års it-incidentrapportering släppts. Till skillnad från tidigare år, där majoriteten av de rapporterade it-incidenterna har berott på systemfel och misstag, vår cyberangrepp den vanligaste orsaken 2023. Ökningen av cyberangrepp kopplas till att fler överbelastningsangrepp rapporterades under första halvan av året. I veckan har det även varit patchtisdag, så se till att era system är uppdaterade. Veckobrevet bjuder dessutom på en hel del spännande fördjupande artiklar, så som Brittish Librarys utvärdering av sin tidigare incident.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Attack wrangles thousands of web users into a password-cracking botnet (7 mar) https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet/
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard (8 mar) https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
CISA forced to take two systems offline last month after Ivanti compromise (8 mar) https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise
Incognito Darknet Market Mass-Extorts Buyers, Sellers (11 mar) https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/
Belgian village whose brewery was hit by cyberattack faces another on its coffee roastery (11 mar) https://therecord.media/koffie-beyers-cyberattack-coffee-roaster-duvel-belgium
Franska myndigheter utsatta för it-attack (11 mar) https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1226344
New network code on cybersecurity for EU electricity sector (11 mar) https://energy.ec.europa.eu/news/new-network-code-cybersecurity-eu-electricity-sector-2024-03-11_en
Over 12 million auth secrets and keys leaked on GitHub in 2023 (12 mar) https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/
Sophiahemmet betalar inte lösensumma till hackarna (12 mar) https://www.mitti.se/nyheter/sophiahemmet-betalar-inte-losensumma-till-hackarna-6.3.209636.d86253e919
Fastighetsbolaget Örebroporten utsatt för dataintrång (12 mar) https://www.svt.se/nyheter/lokalt/orebro/fastighetsbolaget-orebroporten-utsatt-for-dataintrang
Cyberattack on U.S. health care system could be biggest in sector’s history (12 mar) https://www.youtube.com/watch?v=g1daKX_eke8
Förbättringar i välfärdens informationssäkerhetsarbete (12 mar) https://skr.se/skr/tjanster/pressrum/nyheter/nyhetsarkiv/forbattringarivalfardensinformationssakerhetsarbete.79730.html
Så förbereder du dig mot cyberattacker (12 mar) https://www.svt.se/nyheter/inrikes/sa-forbereder-du-dig-for-cyberattacker
Expert varnar för AI inför EU-valet: Har inte rätt verktyg (13 mar) https://sverigesradio.se/artikel/expert-varnar-for-ai-infor-eu-valet-har-inte-ratt-verktyg
Stanford University Hacked – Attackers Breached The Internal Network (13 mar) https://cybersecuritynews.com/stanford-university-hacked/
Tidigare Must-chef ska utreda cyberattack (13 mar) https://tt.omni.se/tidigare-must-chef-ska-utreda-cyberattack/a/Q7nljR
Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub (13 mar) https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html
Antalet cyberangrepp ökade kraftigt 2023 (14 mar) https://www.svt.se/nyheter/inrikes/antalet-cyberangrepp-okade-kraftigt-2023 .. Antalet cyberangrepp ökade kraftigt under 2023 (14 mar) https://www.msb.se/sv/aktuellt/nyheter/2024/mars/antalet-cyberangrepp-okade-kraftigt-under-2023/
Nissan Hack: 10K+ Users Data Stolen by Hackers (14 mar) https://cybersecuritynews.com/nissan-hack-10k-users-data-stolen-by-hackers/
Stort kabelhaveri stör internet i Afrika (15 mar) https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1227609
McDonald’s bekräftar it-haveri – stora problem (15 mar) https://www.svt.se/nyheter/inrikes/problem-pa-mcdonalds-restauranger-stangda
Millions of users may have had data leaked in new French government agency security breach (15 mar) https://www.techradar.com/pro/security/millions-of-users-may-have-had-data-leaked-in-new-french-government-agency-security-breach
Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (15 mar) https://therecord.media/scottish-nhs-cyberattack-healthcare-dumfries-galloway
Recent Ivanti Vulnerabilities: 4 Lessons Security Leaders Can Learn (15 mar) https://www.informationweek.com/cyber-resilience/recent-ivanti-vulnerabilities-4-lessons-security-leaders-can-learn
Informationssäkerhet och blandat
TA577’s Unusual Attack Chain Leads to NTLM Data Theft (4 mar) https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft
LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review (8 mar) https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf
February 2024’s Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign (11 mar) https://blog.checkpoint.com/research/february-2024s-most-wanted-malware-wordpress-websites-targeted-by-fresh-fakeupdates-campaign/
FakeBat delivered via several active malvertising campaigns (12 mar) https://www.malwarebytes.com/blog/threat-intelligence/2024/03/fakebat-delivered-via-several-active-malvertising-campaigns
The 2024 Sophos Threat Report: Cybercrime on Main Street (12 mar) https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report/
Threat actors leverage document publishing sites for ongoing credential and session token theft (13 mar) https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/
Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data (13 mar) https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data
SVG Files Abused in Emerging Campaigns (13 mar) https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/
A patched Windows attack surface is still exploitable (14 mar) https://securelist.com/windows-vulnerabilities/112232/
New email standards: what you need to know https://www.techradar.com/pro/new-email-standards-what-you-need-to-know
CERT-SE i veckan
Microsofts månatliga säkerhetsuppdateringar för mars 2024 (14 mar) https://www.cert.se/2024/03/microsofts-manatliga-sakerhetsuppdateringar-for-mars-2024.html
Adobes månatliga säkerhetsuppdateringar för mars 2024 (14 mar) https://www.cert.se/2024/03/adobes-manatliga-sakerhetsuppdateringar-for-mars-2024.html
SAP:s månatliga säkerhetsuppdateringar för mars 2024 (14 mar) https://www.cert.se/2024/03/saps-manatliga-sakerhetsuppdateringar-for-mars-2024.html
Kritiska sårbarheter i FortiOS, FortiProxy och FortiClientEMS (Uppdaterad 15 mar) https://www.cert.se/2024/03/kritiska-sarbarheter-i-fortios-och-fortiproxy.html
Kritisk sårbarhet i Arcserve UDP (15 mar) https://www.cert.se/2024/03/Kritisk-sarbarhet-i-Arcserve-UDP.html
Kritisk sårbarhet i Juniper Secure Analytics (15 mar) https://www.cert.se/2024/03/Kritisk-sarbarhet-i-juniper-secure-analytics.html