CERT-SE:s veckobrev v.1
God fortsättning. Denna vecka blir ett uppsamlingsheat av stort och smått som hänt sedan julhelgen. Bland annat om cyberattacken mot finska riksdagen, en ny kryptomask, vilka konsekvenser tumultet vid Kapitolium får för cybersäkerheten, samt ett antal årslistor över de viktigaste händelserna under det gångna året.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Ransomware: Attacks could be about to get even more dangerous and disruptive (23 dec)
https://www.zdnet.com/article/ransomware-why-these-attacks-could-get-even-more-dangerous-and-disruptive/
CISA Releases Free Detection Tool for Azure/M365 Environment (24 dec)
https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment
Several major VPN services taken offline for reportedly offering illegal services (29 dec)
https://www.techradar.com/news/three-established-vpns-taken-down-by-law-enforcement-over-criminal-links
Ransomware Is Headed Down a Dire Path (29 dec)
https://www.wired.com/story/ransomware-2020-headed-down-dire-path/
Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers (29 dec)
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
New Golang-based Crypto worm infects Windows and Linux servers (31 dec)
https://securityaffairs.co/wordpress/112825/malware/golang-based-worm-windows-linux.html
End of Year Traffic Analysis Quiz (31 dec)
https://isc.sans.edu/diary/rss/26940
Brexit Deal Mandates Old Insecure Crypto Algorithms (31 dec)
https://www.schneier.com/blog/archives/2020/12/brexit-deal-mandates-old-insecure-crypto-algorithms.html
Emotet campaign hits Lithuania’s National Public Health Center and several state institutions (31 dec)
https://securityaffairs.co/wordpress/112817/malware/emotet-campaign-hit-lithuania.html
Ransomware 2020: A Year of Many Changes (31 dec)
https://www.govinfosecurity.com/ransomware-2020-year-many-changes-a-15676
FBI warns swatting attacks on owners of smart devices (2 jan)
https://securityaffairs.co/wordpress/112910/cyber-crime/fbi-warns-swatting-iot.html
A closer look at fileless malware, beyond the network (4 jan)
https://www.helpnetsecurity.com/2021/01/04/fileless-malware/
The Darkness and the Light (4 jan)
https://blogs.cisco.com/security/the-darkness-and-the-light
One month after ransomware attack, Metro Vancouver’s transit system still not up to speed (5 jan)
https://hotforsecurity.bitdefender.com/blog/one-month-after-ransomware-attack-metro-vancouvers-transit-system-still-not-up-to-speed-25014.html
Anti-Secrecy Activists Publish a Trove of Ransomware Victims’ Data (6 jan)
https://www.wired.com/story/ddosecrets-ransomware-leaks/
How to customize your sudo password prompt (6 jan)
https://www.techrepublic.com/article/how-to-customize-your-sudo-password-prompt/
SolarWinds
The Sunburst hack was massive and devastating. Here are 5 observations from a cybersecurity expert (30 dec)
https://www.abc.net.au/news/2020-12-30/sunburst-cyber-hack-solarwinds-software-cybersecurity-expert/13021104
SolarWinds hackers gained access to Microsoft source code (31 dec)
https://securityaffairs.co/wordpress/112847/apt/solarwinds-microsoft-source-code.html
Microsoft Says SolarWinds Hackers Also Broke Into Its Source Code (31 dec)
https://gizmodo.com/microsoft-says-solarwinds-hackers-also-broke-into-its-s-1845974783
Microsoft Internal Solorigate Investigation Update (31 dec)
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
The 2020 SolarWinds reality check: As cleanup continues, community considers implications (31 dec)
https://www.scmagazine.com/home/year-in-review/the-2020-solarwinds-reality-check-as-cleanup-continues-community-considers-implications/
SolarWinds hack may be much worse than originally feared (2 jan)
https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity
The biggest espionage plot in history (3 jan)
https://www.archynewsy.com/the-biggest-espionage-plot-in-history/
The SolarWinds attack: A modern-day Pearl Habor? (3 jan)
https://securityboulevard.com/2021/01/the-solarwinds-attack-a-modern-day-pearl-habor/
Finding Targeted SUNBURST Victims with pDNS (4 jan)
https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS
Microsoft doesn’t treat its source code like a trade secret. Is that smart? (4 jan)
https://www.scmagazine.com/home/security-news/data-breach/microsoft-doesnt-treat-its-source-code-like-a-trade-secret-is-that-smart/
SolarWinds: The more we learn, the worse it looks (4 jan)
https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/
CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise (6 jan)
https://us-cert.cisa.gov/ncas/current-activity/2021/01/06/cisa-updates-emergency-directive-21-01-supplemental-guidance-and
How to prepare for and respond to a SolarWinds-type attack (6 jan)
https://www.csoonline.com/article/3602588/how-to-prepare-for-and-respond-to-a-solarwinds-type-attack.html
SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes (6 jan)
https://securityaffairs.co/wordpress/113108/data-breach/solarwinds-hackers-o365-mailboxes.html
Informationssäkerhet och blandat
The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit (20 dec)
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
Trucking giant Forward Air hit by new Hades ransomware gang (21 dec)
https://www.bleepingcomputer.com/news/security/trucking-giant-forward-air-hit-by-new-hades-ransomware-gang/
Farmers get their own security advice as cyberattacks increase (22 dec)
https://www.zdnet.com/article/farmers-get-their-own-security-advice-as-cyberattacks-increase/
U.S. Government Warns of Phishing, Fraud Schemes Using COVID-19 Vaccine Lures (22 dec)
https://www.securityweek.com/us-government-warns-phishing-fraud-schemes-using-covid-19-vaccine-lures
Cyberattack mot riksdagen utreds som spionage (28 dec)
https://www.hbl.fi/artikel/riksdagen-utsatt-for-cyberattack-garningen-har-inte-varit-slumpmassig-eller-ett-misstag/
..
https://www.eduskunta.fi/EN/tiedotteet/Pages/Cyberattack-against-Parliament-of-Finland.aspx
..
https://poliisi.fi/sv/-/centralkriminalpolisen-utreder-dataintrang-mot-riksdagens-datasystem
..
https://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/
Germany: ‘Colossal’ cyberattack knocks out Funke news group (29 dec)
https://www.dw.com/en/germany-colossal-cyberattack-knocks-out-funke-news-group/a-56087804
The strangest cybersecurity events of 2020: a look back (31 dec)
https://blog.malwarebytes.com/security-world/2020/12/the-strangest-cybersecurity-events-of-2020-a-look-back/
Threat actor is selling 368.8 million records from 26 data breaches (31 dec)
https://securityaffairs.co/wordpress/112842/data-breach/data-breaches-records-sale.html
Beware: PayPal phishing texts state your account is ‘limited’ (3 jan)
https://www.bleepingcomputer.com/news/security/beware-paypal-phishing-texts-state-your-account-is-limited/
Top data breaches of 2020 – Security Affairs (3 jan)
https://securityaffairs.co/wordpress/112954/data-breach/top-10-data-breaches-2020.html
Musikorganisationen Sami utsatt för hackerangrepp – 45.000 medlemmar kan vara drabbade (4 jan)
https://www.dn.se/kultur/musikorganisationen-sami-utsatt-for-hackerangrepp-45-000-medlemmar-kan-vara-drabbade/
..
https://www.sami.se/2021/01/dataintrang/
Understanding the impact of cyber breaches on the Pentagon (4 jan)
https://govmatters.tv/understanding-the-impact-of-cyber-breaches-on-the-pentagon/
Fourth breach at T-Mobile puts focus on security post mergers (4 jan)
https://www.scmagazine.com/home/security-news/mobile-security/fourth-breach-at-t-mobile-puts-focus-on-security-of-post-mergers/
Cybercriminals use psychology–cybersecurity pros should, too (5 jan)
https://www.techrepublic.com/article/cybercriminals-use-psychology-cybersecurity-pros-should-too/
After widespread hospital attacks, targeting of health care industry continues to rise (5 jan)
https://www.scmagazine.com/home/security-news/after-widespread-hospital-attacks-targeting-of-health-care-industry-continues-to-rise/
Survey says, women in cyber make 31 percent less than men (5 jan)
https://www.scmagazine.com/women-in-it-security/survey-says-women-in-cyber-make-31-percent-less-than-men/
Rioters Open Capitol’s Doors to Potential Cyberthreats (6 jan)
https://www.bankinfosecurity.com/rioters-open-capitols-doors-to-potential-cyberthreats-a-15715
Post-Riot, the Capitol Hill IT Staff Faces a Security Mess (7 jan)
https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/
Hospitals under siege: 5 ways to boost cybersecurity as the COVID-19 vaccine rolls out (7 jan)
https://www.helpnetsecurity.com/2021/01/07/hospitals-under-siege/