CERT-SE:s veckobrev v.12
Matigt veckosvep, bland annat med nyheten om en ny nationell cybersäkerhetsstrategi från regeringen.
Vi vill även flagga för MSB:s årliga sammanställning av it-incidentrapporter, samt en fördjupande publikation från NCSC-SE om “Hotaktörers dolda agerande på nätet”https://www.ncsc.se/sv/aktuellt/hotaktorers-dolda-agerande-pa-natet
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Europe’s telecoms sector under increased threat from cyber spies, warns Denmark (14 mar) https://therecord.media/europe-increased-cyber-espionage-telecoms-denmark-report .. https://www.cfcs.dk/da/nyheder/2025/ny-trusselsvurdering---telesektoren
Sportadmin-läckan har publicerats (14 mar) https://sakerhetskollen.se/aktuella-brott/sportadmin-lackan-har-publicerats ..https://www.sportadmin.se/status/
Ransomware gang creates tool to automate VPN brute-force attacks (14 mar) https://www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/
FBI Warning — Gmail, Outlook And VPN Users Need To Act Now (16 mar) https://www.forbes.com/sites/daveywinder/2025/03/16/fbi-warning-enable-2fa-for-gmail-outlook-and-vpns-now/
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks (17 mar) https://www.securityweek.com/microsoft-365-targeted-in-new-phishing-account-takeover-attacks/
MSB-rapport visar: många it-incidenter orsakas fortfarande av systemfel eller misstag (17 mars) https://www.msb.se/sv/aktuellt/nyheter/2025/mars/msb-rapport-visar-manga-it-incidenter-orsakas-fortfarande-av-systemfel-eller-misstag/ …https://computersweden.se/article/3846630/systemfel-och-misstag-bakom-de-flesta-it-incidenter-i-sverige.html
Europas it-bransch vill få EU att agera – ”måste bli mer tekniskt oberoende” (18 mar) https://computersweden.se/article/3846751/europas-it-bransch-vill-fa-eu-att-agera-maste-bli-mer-tekniskt-oberoende.html
Assa Abloy hackat av utpressningsgrupp (18 mar) https://www.dn.se/sverige/assa-abloy-hackat-av-utpressningsgrupp
Sportadmin fortfarande öppet ärende hos IMY (18 mar) https://www.imy.se/nyheter/sportadmin-fortfarande-oppet-arende-hos-imy
Cyberattack mot Skatteverket (18 mar) https://computersweden.se/article/3848003/cyberattack-mot-skatteverket.html ..https://skatteverket.se/omoss/pressochmedia/nyheter/2025/nyheter/skatteverketswebbplatsutsattforoverbelastningsattack.5.25688d121956e35b0c2b28.html
Amazon to kill off local Alexa processing, all voice requests shipped to the cloud (18 mar) https://www.theregister.com/2025/03/17/amazon_kills_on_device_alexa
Länsförsäkringar varnar för falska sms om låneansökningar (19 mar) https://sakerhetskollen.se/aktuella-brott/lansforsakringar-varnar-for-falska-sms-om-laneansokningar
Sverige får ny strategi för cybersäkerhet (20 mar)
https://www.dn.se/direkt/2025-03-20/sverige-far-ny-strategi-for-cybersakerhet
..
https://regeringen.se/rattsliga-dokument/skrivelse/2025/03/skr.-202425121
HellCat hackers go on a worldwide Jira hacking spree (20 mar) https://www.bleepingcomputer.com/news/security/hellcat-hackers-go-on-a-worldwide-jira-hacking-spree/
The DNA of organised crime is changing – and so is the threat to Europe (18 mar) https://www.europol.europa.eu/media-press/newsroom/news/dna-of-organised-crime-changing-and-so-threat-to-europe
Rapporter och analyser
ClickFix: The Social Engineering Technique Hackers Use to Manipulate Victims (13 mar) https://www.group-ib.com/blog/clickfix-the-social-engineering-technique-hackers-use-to-manipulate-victims/
Jailbreaking is (mostly) simpler than you think (13 mar) https://msrc.microsoft.com/blog/2025/03/jailbreaking-is-mostly-simpler-than-you-think
Widespread Fake CAPTCHA Campaign Delivering Malware (13 mar) https://arcticwolf.com/resources/blog/widespread-fake-captcha-campaign-delivering-malware
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs (13 mar) https://tinyhack.com/2025/03/13/decrypting-encrypted-files-from-akira-ransomware-linux-esxi-variant-2024-using-a-bunch-of-gpus/
Off the Beaten Path: Recent Unusual Malware (14 mar) https://unit42.paloaltonetworks.com/unusual-malware
Closing the Chain: How to reduce your risk of being SolarWinds, Log4j, or XZ Utils (15 mar) https://arxiv.org/abs/2503.12192
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft (17 mar) https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
NCSC-SE: Hotaktörers dolda agerande på nätet (18 mar) https://www.ncsc.se/sv/aktuellt/hotaktorers-dolda-agerande-pa-natet/
Hackers target AI and crypto as software supply chain risks grow (18 mar) https://www.helpnetsecurity.com/2025/03/18/software-supply-chain-risks/
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns (18 mar) https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
Threat Spotlight: A million phishing-as-a-service attacks in two months highlight a fast-evolving threat (19 mar) https://blog.barracuda.com/2025/03/19/threat-spotlight-phishing-as-a-service-fast-evolving-threat
Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations (19 mar) https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations
Follow the Adversary: The Top 3 Red Team Exploitation Paths from 2024 (19 mar) https://www.crowdstrike.com/en-us/blog/top-three-red-team-exploitation-paths-from-2024/
Catch Me If You Can: Rooting Tools vs The Mobile Security Industry (20 mar) https://www.zimperium.com/blog/catch-me-if-you-can-rooting-tools-vs-the-mobile-security-industry/
Cisco Introduces The State Of AI Security Report For 2025 (20 mar) https://blogs.cisco.com/security/cisco-introduces-the-state-of-ai-security-report-for-2025
UAT-5918 targets critical infrastructure entities in Taiwan (20 mar) https://blog.talosintelligence.com/uat-5918-targets-critical-infra-in-taiwan/
IT ISAC - IT Sector Cyber Threat Report (21 mar) https://www.it-isac.org/_files/ugd/b9866c_a8fb8f55d6aa4c07871008fea8fceda9.pdf
MSB: Undersökning om OT-säkerhet - Hinder och utmaningar i OT-säkerhetsarbetet för samhällsviktig verksamhet https://www.msb.se/sv/publikationer/undersokning-om-ot-sakerhet--hinder-och-utmaningar-i-ot-sakerhetsarbetet-for-samhallsviktig-verksamhet
Informationssäkerhet och blandat
FCC proposes new cybersecurity mandates for submarine cable operators in major rule review, seeks public input (14 mar) https://industrialcyber.co/regulation-standards-and-compliance/fcc-proposes-new-cybersecurity-mandates-for-submarine-cable-operators-in-major-rule-review-seeks-public-input
RCS Encryption: A Leap Towards Secure and Interoperable Messaging (14 mar) https://www.gsma.com/newsroom/article/rcs-encryption-a-leap-towards-secure-and-interoperable-messaging/
Från cyber till laserdetektion - forskning som skyddar dricksvattensystemet (18 mar) https://www.foi.se/nyheter-och-press/nyheter/2025-03-18-fran-cyber-till-laserdetektion---forskning-som-skyddar-dricksvattensystemet.html
CISA fires, now rehires and immediately benches security crew on full pay (18 mar) https://www.theregister.com/2025/03/18/cisa_rehired_doge/
Google Releases Major Update for Open Source Vulnerability Scanner (18 mar) https://www.securityweek.com/google-releases-major-update-for-open-source-vulnerability-scanner
Weekly review of the National Cyber Security Centre Finland (NCSC-FI)(18 mar) https://www.kyberturvallisuuskeskus.fi/en/news/weekly-review-national-cyber-security-centre-finland-ncsc-fi-112025
NCSC-UK: Cyber chiefs unveil new roadmap for post-quantum cryptography migration (20 mar) https://www.ncsc.gov.uk/news/pqc-migration-roadmap-unveiled
CERT-SE i veckan
Kritiska sårbarheter i Cisco IOS XR (14 mar) https://www.cert.se/2025/03/kritiska-sarbarheter-i-Cisco-IOS-XR.html
Kritisk sårbarhet i Apache Tomcat (18 mar) https://www.cert.se/2025/03/kritisk-sarbarhet-i-apache-tomcat.html
Kritisk sårbarhet i FortiOS utnyttjas aktivt (19 mar) https://www.cert.se/2025/01/Kritisk-sarbarhet-i-FortiOS-utnyttjas-aktivt.html
Kritiska sårbarheter i Node.js-bibliotek (19 mar) https://www.cert.se/2025/03/kritiska-sarbarheter-i-node.js.html