CERT-SE:s veckobrev v.7

Ett matigt och varierat nyhetssvep från veckan som gått. Vi vill passa på att tacka Försvarshögskolan för årets Cyber Challenge och tipsa om MUST nysläppta årsöversikt för 2024.

Hjärtliga hälsningar och trevlig helg önskar CERT-SE!

Nyheter i veckan

“Cyber Challenge är viktigare än någonsin” (7 feb) https://www.fhs.se/arkiv/nyhetsarkiv/2025/2025-02-07-cyber-challenge-ar-viktigare-an-nagonsin.html ..
NCSC-SE medarrangör av Cyber Challenge 2025 (7 feb) https://www.ncsc.se/sv/aktuellt/nscs-medarrangor-av-cyber-challenge-2025/

UK Engineering Giant IMI Hit by Cyberattack (7 feb) https://www.securityweek.com/uk-engineering-giant-imi-hit-by-cyberattack/

Europol body: Banks should prepare for quantum computer risk now (7 jan) https://www.reuters.com/technology/cybersecurity/europol-body-banks-should-prepare-quantum-computer-risk-now-2025-02-07/

Hackare skjuter upp läckan från Sportadmin 9 feb) https://www.dn.se/direkt/2025-02-09/hackare-skjuter-upp-lackan-fran-sportadmin-2

Stora störningar i busstrafiken efter it-haveri (10 feb) https://computersweden.se/article/3820664/stora-storningar-i-busstrafiken-efter-it-haveri.html ..
Nobinas it-haveri avhjälpt: ”Inget som tyder på cyberattack” (10 feb) https://www.di.se/nyheter/nobinas-it-haveri-avhjalpt-inget-som-tyder-pa-cyberattack/

West London council ‘very alive to threat’ as it reveals 20,000 cyber attacks are attempted daily (10 feb) https://www.mylondon.news/news/west-london-news/west-london-council-very-alive-30959866

New cyberattack severity classification scale unveiled by UK org (10 feb) https://www.scworld.com/brief/new-cyberattack-severity-classification-scale-unveiled-by-uk-org

Ransomware Payouts Tumbled Last Year (10 feb) https://www.thedailyupside.com/technology/ransomware-payouts-tumbled-last-year/

Port of Ostend targeted by cyberattack (11 feb) https://www.brusselstimes.com/belgium/1438978/port-of-ostend-targeted-by-cyberattack

Penetration Testers Arrested by Police During Authorized Physical Penetration Testing (10 feb) https://cybersecuritynews.com/penetration-testers-arrested-by-police-during-authorized-physical-penetration-testing/

Bedragare påstår sig arbeta för Finansinspektionen (10 feb) https://sakerhetskollen.se/aktuella-brott/bedragare-pastar-sig-arbeta-for-finansinspektionen

Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown (11 feb) https://www.europol.europa.eu/media-press/newsroom/news/key-figures-behind-phobos-and-8base-ransomware-arrested-in-international-cybercrime-crackdown

US sanctions LockBit ransomware’s bulletproof hosting provider (11 feb) https://www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/

Lee Enterprises investigating cyberattack that disrupted operations across multiple news outlets (11 feb) https://www.cybersecuritydive.com/news/lee-enterprises-cyberattack-disrupting/739790/

Hackerattacken som skakade samhället (12 feb) https://lakartidningen.se/aktuellt/nyheter/2025/02/hackerattacken-som-skakade-samhallet/

Ransomware isn’t always about the money: Government spies have objectives, too (12 feb) https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/

Vid byte av journalsystem – ställ krav på cybersäkerheten (12 feb) https://lakartidningen.se/aktuellt/nyheter/2025/02/vid-byte-av-journalsystem-stall-krav-pa-cybersakerheten/

Försvarsmakten använder appen signal för öppen kommunikation med mobiltelefoner (13 feb) https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsmakten-anvander-appen-signal-for-oppen-kommunikation-med-mobiltelefoner/

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (13 feb) https://www.bleepingcomputer.com/news/legal/dutch-police-seizes-127-xhost-servers-dismantles-bulletproof-hoster/

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance (13 feb) https://www.helpnetsecurity.com/2025/02/13/uk-government-icloud-backdoor-request/

Japan Goes on Offense With New ‘Active Cyber Defense’ Bill (13 feb) https://www.darkreading.com/cybersecurity-operations/japan-offense-new-cyber-defense-bill

Trump’s return freezes Western cyber plans to counter Russia, China (13 feb) https://www.politico.eu/article/donald-trump-return-freeze-western-cyber-plan-counter-russia-china/

Rapporter och analyser

Since Stuxnet: A Brief History of Critical Infrastructure Attacks (6 feb) https://www.forescout.com/blog/since-stuxnet-a-brief-history-of-critical-infrastructure-attacks/

The hidden cyber threat lurking in your supply chain (10 feb) https://www.accountancyage.com/2025/02/10/the-hidden-cyber-threat-lurking-in-your-supply-chain/

CES 2025 - A Comprehensive Look at AI Digital Assistants and Their Security Risks (10 feb) https://www.trendmicro.com/vinfo/se/security/news/security-technology/ces-2025-a-comprehensive-look-at-ai-digital-assistants-and-their-security-risks

Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags (10 feb) https://www.proofpoint.com/us/blog/threat-insight/emerging-threats-updates-improve-metadata-including-mitre-attck-tags

Checkpoint Threat Intelligence Report (10 feb) https://research.checkpoint.com/2025/10th-february-threat-intelligence-report/

Tracking ransomware (10 feb) https://www.cyfirma.com/research/tracking-ransomware-january-2025

Phishing Season 2025: The Latest Predictions Unveiled (10 feb) https://www.zscaler.com/blogs/security-research/phishing-season-2025-latest-predictions-unveiled

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks (11 feb) https://www.infosecurity-magazine.com/news/ransomware-gangs-prioritize-speed/ ..
Huntress’s 2025 Cyber Threat Report (11 feb) https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/67ab833a53946f19de09a0c9_Huntress-2025-Cyber-Threat-Report.pdf

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation (12 feb) https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control (12 feb) https://cybersecuritynews.com/mirai-botnet-exploiting-router-vulnerabilities/

Password managers are the new target for hackers (12 feb) https://www.digitaltrends.com/computing/password-managers-are-the-new-target-for-hackers/

Cybercrime: A Multifaceted National Security Threat (12 feb) https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/

Ransomware in Healthcare: Lessons Learned from Interlock Attacks (13 feb) https://www.forescout.com/blog/ransomware-in-healthcare-lessons-learned-from-interlock-attacks/

Unusual attack linked to Chinese APT group combines espionage and ransomware (13 feb) https://www.csoonline.com/article/3824177/unusual-attack-linked-to-chinese-apt-group-combines-espionage-and-ransomware.html

Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications (13 feb) https://cybersecuritynews.com/hackers-using-pyramid-pentesting-tool/

Intelligence agencies must explain what they do, says UK’s former cyber spy chief (13 feb) https://therecord.media/intel-agencies-must-explain-what-they-do-fleming-gchq

RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers (13 feb) https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices ..
RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers https://go.recordedfuture.com/hubfs/reports/cta-cn-2025-0213.pdf ..
Chinas Salt Typhoon still hacking telecoms now by exploiting cisco routers (13 feb) https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/

Årsöversikt 2024 MUST https://www.forsvarsmakten.se/siteassets/2-om-forsvarsmakten/dokument/musts-arsoversikter/must-arsoversikt-2024.pdf

Informationssäkerhet och blandat

Understanding Hacktivists - The Overlap of Ideology and Cybercrime (4 feb) https://www.trendmicro.com/vinfo/se/security/news/cybercrime-and-digital-threats/understanding-hacktivists-the-overlap-of-ideology-and-cybercrime

The pioneers of hacking: legendary groups that shaped hacker culture (9 feb) https://cybernews.com/editorial/legendary-groups-shaped-hacker-culture/

World’s Longest and Strongest WiFi Passwords From 31 Million Passwords List (10 feb) https://cybersecuritynews.com/worlds-longest-and-strongest-wifi-passwords/

Europol varnar banker för riskerna med kvantdatorer (11 feb) https://computersweden.se/article/3820821/europol-varnar-banker-for-riskerna-med-kvantdatorer.html

CERT-SE i veckan

Palo Alto Networks rättar säkerhetsbrist i PAN-OS (14 feb) https://www.cert.se/2025/02/palo-alto-networks-rattar-sakerhetsbrist-i-pan-os.html

Uppdaterad: Kritisk sårbarhet i FortiOS utnyttjas aktivt (13 feb) https://www.cert.se/2025/01/Kritisk-sarbarhet-i-FortiOS-utnyttjas-aktivt.html

Microsofts månatliga säkerhetsuppdateringar för februari 2025 (13 feb) https://www.cert.se/2025/02/microsofts-manatliga-sakerhetsuppdateringar-for-februari-2025.html

Ivantis månatliga säkerhetsuppdateringar för februari 2025 (13 feb) https://www.cert.se/2025/02/ivantis-manatliga-sakerhetsuppdateringar-for-februari-2025.html

SAP:s månatliga säkerhetsuppdateringar för februari 2025 (12 feb) https://www.cert.se/2025/02/saps-manatliga-sakerhetsuppdateringar-for-februari-2025.html