CERT-SE:s veckobrev v.20

En händelserik vecka där Sverige har medverkat i världens största cybersäkerhetsövning LockedShields 2025, NCSC-SE har bokat 20-21 oktober för Cybersäkerhetskonferensen 2025 och MSB/CERT-SE har lanserat en ny funktion i ANTS. ANTS är vår automatiska notifieringstjänst som hjälper svenska organisationer upptäcka sårbarheter i system. Den nya funktionen innebär att ANTS flaggar om en enhet misstänks ha blivit komprometterad.

Mer information finns här:

• https://www.cert.se/rad-och-stod/ants/
• https://www.msb.se/sv/aktuellt/nyheter/2025/maj/ny-tjanst-fran-msb-ska-gor-sverige-mer-cybersakert/

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Fler attacker mot betaltjänster – bankerna vill se lagändring (10 maj) https://www.sverigesradio.se/artikel/fler-attacker-mot-betaltjanster-bankerna-vill-se-lagandring

You think ransomware is bad now? Wait until it infects CPUs (11 maj) https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/

Sverige deltog i världens största cybersäkerhetsövning (12 maj) https://www.forsvarsmakten.se/sv/aktuellt/2025/05/sverige-deltog-i-varldens-storsta-cybersakerhetsovning/

Cyberhoten växer – uppkopplade prylar bakom överbelastningsattacker (12 maj) https://www.sverigesradio.se/artikel/cyberhoten-vaxer-uppkopplade-prylar-bakom-overbelastningsattacker

US Announces Botnet Takedown, Charges Against Russian Administrators (12 maj) https://www.securityweek.com/us-announces-botnet-takedown-charges-against-russian-administrators/

Trafikverket upptäckte inte hackare – kom åt systemen i flera veckor (13 maj) https://www.sverigesradio.se/artikel/trafikverket-upptackte-inte-hackare-kom-at-systemen-i-flera-veckor

Consult the European Vulnerability Database to enhance your digital security! (13 maj) https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security

Labb för cybersäkerhet invigt – tränar på skadliga virus (14 maj) https://www.sverigesradio.se/artikel/labb-for-cybersakerhet-invigt-tranar-pa-skadliga-virus

Metal maker meltdown: Nucor stops production after cyber-intrusion (14 maj) https://www.theregister.com/2025/05/14/nucor_steel_attack/

CISA Reverses Decision on Cybersecurity Advisory Changes (14 maj) https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ .. https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications

Mejl från it eller hr – då går vi i nätfiskarnas fälla (14 maj) https://computersweden.se/article/3985067/mejl-fran-it-eller-hr-da-gar-vi-i-natfiskarnas-falla.html

Rogue communication devices found in Chinese solar power inverters(14 maj) https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/

Coinbase offers $20 million bounty after extortion attempt with stolen data (15 maj) https://therecord.media/coinbase-extortion-attempt-company-offers-20million-reward

Ny tjänst från MSB ska gör Sverige mer cybersäkert (15 maj) https://www.msb.se/sv/aktuellt/nyheter/2025/maj/ny-tjanst-fran-msb-ska-gor-sverige-mer-cybersakert/

Rapporter och analyser

Svenska Bankföreningen: Hotbildsbedömning för Sveriges banker 2025 (12 maj) https://www.financesweden.se/om-oss/aktuellt/aktuellt-fran-bankforeningen/hotbildsbedomning-for-sveriges-banker-2025

Check Point Research – Threat Intelligence Report (12 maj) https://research.checkpoint.com/2025/12th-may-threat-intelligence-report/

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan (13 maj) https://www.trendmicro.com/en_us/research/25/e/earth-ammit.html

Redefining IABs: Impacts of compartmentalization on threat tracking and modeling (13 maj) https://blog.talosintelligence.com/redefining-initial-access-brokers/

Threat Advisory: Inside the DPRK: Spotting Malicious Remote IT Applicants (14 maj) https://www.dtexsystems.com/resources/i3-threat-advisory-inside-the-dprk/

The recent ransomware attacks on UK retailers all targeted gaps in identity (14 maj) https://www.scworld.com/perspective/time-for-retailers-to-treat-identity-as-a-core-strategy

SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons (15 maj) https://cyberscoop.com/sap-cyberattack-widens-drawing-salt-typhoon-and-volt-typhoon-comparisons/ … https://www.forescout.com/blog/threat-analysis-sap-vulnerability-exploited-in-the-wild-by-chinese-threat-actor/

Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts (15 maj) https://hackread.com/fileless-remcos-rat-attack-antivirus-powershell-scripts/

Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 (15 maj) https://www.veracode.com/resources/sophisticated-npm-attack-leveraging-unicode-steganography-and-google-calendar-c2

Disguised Cyber Risks On The Colombian Shore: The Insurance Trap (15 maj) https://www.group-ib.com/blog/colombian-cybertrap/

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT (15 maj) https://blog.qualys.com/vulnerabilities-threat-research/2025/05/15/fileless-execution-powershell-based-shellcode-loader-executes-remcos-rat

From Firmware to Factory Floor: Why Made in America Depends on CVE Security (15 maj) https://www.forescout.com/blog/from-firmware-to-factory-floor-why-made-in-america-depends-on-cve-security/

Beyond the kill chain: What cybercriminals do with their money (Part 1) (15 maj) https://news.sophos.com/en-us/2025/05/15/beyond-the-kill-chain-what-cybercriminals-do-with-their-money-part-1/

Kraft-CERT Norge: Trusselvurdering 2025 https://www.kraftcert.no/filer/KraftCERT-Trusselvurdering2025.pdf

Informationssäkerhets och blandat

A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches (12 maj) https://www.tripwire.com/state-of-security/subtle-form-siege-ddos-smokescreens-cover-quiet-data-breaches

The Vatican’s cyber crusaders (12 maj) https://www.politico.eu/article/vatican-cyber-group-vigilantes-digital-attacks-pope/

NCSC-SE: Cybersäkerhetskonferensen 2025 (14 maj) https://www.ncsc.se/sv/aktuellt/cybersakerhetskonferensen-2025/

Säkerhetskollen: ATG varnar för bluff-sms (15 maj) https://sakerhetskollen.se/aktuella-brott/atg-varnar-for-bluff-sms

Säkerhetskollen: Polisen varnar för sms och samtal (15 maj) https://sakerhetskollen.se/aktuella-brott/polisen-varnar-for-sms-och-samtal

NCSC-SE: Kvantsäker kryptografi (15 maj) https://www.ncsc.se/sv/aktuellt/kvantsaker-kryptografi/

Putting EU resilience to the test: ENISA handbook on cyber stress testing (15 maj) https://enisa.europa.eu/news/putting-eu-resilience-to-the-test-enisa-handbook-on-cyber-stress-testing

CERT-SE i veckan

Sårbarheter i Ivanti EPMM (uppdaterad 14 maj) https://www.cert.se/2025/05/sarbarheter-i-ivanti-epmm.html

Patchtisdag maj 2025 - samlad information om månadens säkerhetsuppdateringar (14 maj) https://www.cert.se/2025/05/patchtisdag-maj-2025-samlad-information-om-manadens-sakerhetsuppdateringar.html