CERT-SE:s veckobrev v.7
Knäckebrödets dag idag! Det firar vi med en samling nyheter: om risken för falska jordbävningar, uppdateringar om SolarWinds, ransomwareattacker, några intressanta FOI-rapporter samt tips på en kryptisk Alla hjärtans dag-utmaning från CISA. Trevlig läsning och helg önskar CERT-SE!
Nyheter i veckan
Mjukvarudefinierade nätverk. En introduktion (5 feb) https://www.foi.se/rapportsammanfattning?reportNo=FOI-R–5053–SE
MSB föreslår ersättare till radiokommunikationssystemet Rakel (12 feb) https://www.msb.se/sv/aktuellt/nyheter/2021/februari/msb-foreslar-ersattare-till-radiokommunikationssystemet-rakel/
The Long Hack: How China Exploited a U.S. Tech Supplier (12 feb) https://www.bloomberg.com/features/2021-supermicro/
Water plant’s missteps illustrate need for critical infrastructure security controls (12 feb) https://www.scmagazine.com/home/security-news/network-security/water-plants-missteps-illustrates-need-for-critical-infrastructure-security-controls/
Water Treatment Hack Prompts Warning From CISA (12 feb)
https://www.bankinfosecurity.com/water-treatment-hack-prompts-warning-from-cisa-a-15988
..
https://us-cert.cisa.gov/ncas/alerts/aa21-042a
Chinese Supply-Chain Attack on Computer Systems (13 feb) https://www.schneier.com/blog/archives/2021/02/chinese-supply-chain-attack-on-computer-systems.html
The devil entered the stage! (13 feb) https://0x434b.dev/the-devil-entered-the-stage/
12-Year-Old vulnerability in Windows Defender risked 1 billion devices (13 feb) https://www.hackread.com/12-year-old-vulnerability-in-windows-defender/
What is DNS Poisoning? (aka DNS Spoofing) | Keyfactor (13 feb) https://securityboulevard.com/2021/02/what-is-dns-poisoning-aka-dns-spoofing-keyfactor/
Egregor ransomware affiliates arrested by Ukrainian, French police (14 feb) https://www.bleepingcomputer.com/news/security/egregor-ransomware-affiliates-arrested-by-ukrainian-french-police/
Suspected Egregor Ransomware Affiliates Busted in Ukraine (15 feb) https://www.bankinfosecurity.com/suspected-egregor-ransomware-affiliates-busted-in-ukraine-a-15992
France: Russian state hackers targeted Centreon servers in years-long campaign (15 feb) https://www.zdnet.com/article/france-russian-state-hackers-targeted-centreon-servers-in-years-long-campaign/
Sandworm intrusion set campaign targeting Centreon systems (15 feb) https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-005/ .. https://cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-002/ .. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
Skadlig programvara övervakar via Android-appar (15 feb) https://www.aktuellsakerhet.se/skadlig-programvara-overvakar-via-android-appar/
How ransomware negotiations work (15 feb) https://www.csoonline.com/article/3607689/how-ransomware-negotiations-work.html
US Cyber Command Valentine’s Day Cryptography Puzzles (15 feb) https://www.schneier.com/blog/archives/2021/02/us-cyber-command-valentines-day-cryptography-puzzles.html .. https://www.cybercom.mil/Portals/56/Documents/Valentines2021Challenge.pdf
Could an ex-employee be planting ransomware on your firm’s network? (15 feb) https://grahamcluley.com/ex-employee-ransomware/
Dax-Côte d’Argent hospital in France hit by ransomware attack (15 feb) https://portswigger.net/daily-swig/dax-cote-dargent-hospital-in-france-hit-by-ransomware-attack
Securing AV: The SolarWinds Attack of 2020 (Actually 2019) (15 feb) https://www.ravepubs.com/securing-av-the-solarwinds-attack-of-2020-actually-2019/
The malicious code in SolarWinds attack was the work of 1,000+ developers (15 feb) https://securityaffairs.co/wordpress/114598/apt/solarwinds-supply-chain-effort.html
Bluetooth Overlay Skimmer That Blocks Chip (15 feb) https://krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/
North Korea accused of hacking Pfizer for Covid-19 vaccine data (16 feb) https://www.bbc.com/news/technology-56084575
Seoul: Nordkorea försökte hacka Pfizer (16 feb) https://www.svd.se/seoul-nordkorea-forsokte-hacka-pfizer
Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801] (16 feb) https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
The world’s most dangerous state-sponsored hacker groups (16 feb) https://cybernews.com/editorial/the-worlds-most-dangerous-state-sponsored-hacker-groups/
More weirdness on TCP port 26 (16 feb) https://isc.sans.edu/diary/rss/27106
DDoS attacks in Q4 2020 (16 feb) https://securelist.com/ddos-attacks-in-q4-2020/100650/
Targeting Process for the SolarWinds Backdoor (17 feb) https://www.netresec.com/?page=Blog&month=2021-02&post=Targeting-Process-for-the-SolarWinds-Backdoor
Malware increased by 358% in 2020 (17 feb) https://www.helpnetsecurity.com/2021/02/17/malware-2020/
‘Spy pixels in emails have become endemic’ (17 feb) https://www.bbc.com/news/technology-56071437
Dutch police post ‘friendly’ warnings on hacking forums (17 feb) https://www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums/
57% of vulnerabilities in 2020 were classified as critical or high severity (17 feb) https://www.helpnetsecurity.com/2021/02/17/cves-2020/
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware (17 feb) https://us-cert.cisa.gov/ncas/alerts/aa21-048a
Browser Tracking Using Favicons (17 feb) https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html
Omvärldsbevakning statsattribuerade cyberoperationer 2020 (18 feb) https://www.foi.se/rapportsammanfattning?reportNo=FOI%20Memo%207422
Cyberfysiska sårbarheter i tunga fordon (18 feb) https://www.foi.se/rapportsammanfattning?reportNo=FOI-R–5067–SE
IT Vulnerabilities in the healthcare system - the example of Wannacry and the cyberattack on the British National Health Service (18 feb) https://www.foi.se/rapportsammanfattning?reportNo=FOI%20Memo%207434
Pandemin bedöms påverkat it-incidenter (18 feb) https://www.tjugofyra7.se/artiklar/Nyhet/it-incidenter/
Ökning av it-incidenter inom samhällsviktig verksamhet (18 feb) https://www.tjugofyra7.se/artiklar/Nyhet/it-incidenter2/
Microsoft wraps SolarWinds probe, nudges companies toward zero trust (18 feb) https://www.scmagazine.com/home/security-news/apts-cyberespionage/microsoft-wraps-solarwinds-probe-nudges-companies-toward-zero-trust/
February 2021 Malware Trends Report (18 feb) https://www.varonis.com/blog/february-2021-malware-trends-report/
EU must deter cyber attacks against ‘essential services,’ internal documents say (19 feb) https://www.euractiv.com/section/digital/news/eu-must-deter-cyber-attacks-against-essential-services-internal-documents-say/
M1 Macs face first recorded malware (19 feb) https://www.macworld.co.uk/news/first-malware-m1-macs-3801935/
Informationssäkerhet och blandat
Cyberoperationer, en slutrapport (3 feb) https://www.foi.se/rapportsammanfattning?reportNo=FOI-R–5072–SE
FOI: Små grupper får stort ansvar för cybersäkerheten (11 feb) https://www.youtube.com/watch?v=ff4TFfRlsbQ
Medieval Security Techniques (12 feb) https://www.schneier.com/blog/archives/2021/02/medieval-security-techniques.html
How the SolarWinds hack and COVID-19 are changing cybersecurity spending (13 feb) https://siliconangle.com/2021/02/13/solarwinds-hack-covid-19-changing-cybersecurity-spending/
Kvinnor döms för journalslagningar på patient (14 feb) https://sverigesradio.se/artikel/kvinnor-doms-for-journalslagningar-pa-patient
Allt fler betalar för att surfa anonymt (14 feb) https://www.dn.se/ekonomi/allt-fler-betalar-for-att-surfa-anonymt/
Microsoft asks government to stay out of its cyber attack response in Australia (14 feb) https://www.zdnet.com/article/microsoft-asks-government-to-stay-out-of-its-cyber-attack-response-in-australia/
This phishing email promises you a bonus - but actually delivers this Windows trojan malware (15 feb) https://www.zdnet.com/article/this-phishing-email-promises-you-a-bonus-but-actually-delivers-this-windows-trojan-malware/
Polisen varnar äldre inför vaccinationsbokningar: ”Öppnar för bedragare” (15 feb) https://www.dn.se/sverige/polisen-varnar-aldre-infor-vaccinationsbokningar-oppnar-for-bedragare/
Länkar för vaccinering spreds – fel personer fick vaccin (15 feb) https://www.svt.se/nyheter/lokalt/vast/lankar-for-vaccinering-sprids-fel-personer-far-vaccin
Cybersecurity Challenges for the European Railways (15 feb) https://www.tripwire.com/state-of-security/ics-security/cybersecurity-challenges-for-the-european-railways/ .. https://www.enisa.europa.eu/publications/railway-cybersecurity
Cyberattack on Dutch Research Council (NWO) suspends research grants (15 feb) https://www.bleepingcomputer.com/news/security/cyberattack-on-dutch-research-council-nwo-suspends-research-grants/
The cybersecurity issues of seismic monitoring devices (16 feb) https://www.helpnetsecurity.com/2021/02/16/seismic-monitoring-devices-cybersecurity/
Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn (16 feb) https://hotforsecurity.bitdefender.com/blog/hackers-could-cause-fake-earthquakes-by-exploiting-vulnerable-seismic-equipment-researchers-warn-25331.html
Anställd vid Västerviks sjukhus misstänks för dataintrång (16 feb) https://sverigesradio.se/artikel/anstalld-vid-vasterviks-sjukhus-misstanks-for-dataintrang
Cybercrooks Rake in $304M in Romance Scams (17 feb) https://threatpost.com/cybercrooks-304m-romance-scams/163972/
Misconfigured baby monitors exposing video stream online (17 feb) https://www.hackread.com/misconfigured-baby-monitors-exposing-video-stream-online/
Cybersecurity risks connected to AI in autonomous vehicles (17 feb) https://www.helpnetsecurity.com/2021/02/17/cybersecurity-autonomous-vehicles/
Säkerhetsriskerna har flyttat hem (18 feb) https://www.dagenssamhalle.se/nyhet/sakerhetsriskerna-har-flyttat-hem-35395
USB-sticka med 2000 patientuppgifter slängdes i tvättkorgen (19 feb) https://sverigesradio.se/artikel/usb-sticka-med-2000-patientuppgifter-slangdes-i-tvattkorgen