CERT-SE:s veckobrev v.9
Äntligen fredag och äntligen veckobrev. Vi vill särskillt uppmärksamma sårbarheterna i Microsoft Exchange Server som offentliggjordes i veckan. När systemen är undersökta och uppdaterade finns här en mängd spännande nyheter att fördjupa sig i. Så fram med ostbågarna och hugg in!
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Lazarus, advanced persistent threat group, targets the defense industry (25 feb) https://www.kaspersky.com.au/about/press-releases/2021_lazarus-advanced-persistent-threat-group-targets-the-defense-industry
Hospitals, Schools Get a Crucial Break From Ransomware Attacks (25 feb) https://therecord.media/hospitals-schools-get-a-crucial-break-from-ransomware-attacks/
Hackers tied to Russia’s GRU targeted the US grid for years (27 feb) https://arstechnica.com/information-technology/2021/02/hackers-tied-to-russias-gru-targeted-the-us-grid-for-years/
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions (28 feb) https://www.recordedfuture.com/redecho-targeting-indian-power-sector/
The Hijacking of Perl.com (28 feb) https://www.perl.com/article/the-hijacking-of-perl-com/
Social network Gab hacked, hit with $500,000 ransom demand (1 mar) https://www.cnet.com/news/social-network-gab-hacked-hit-with-500000-ransom-demand/
Ryuk Ransomware With Worm-Like Capabilities Spotted in the Wild (1 mar) https://www.securityweek.com/ryuk-ransomware-worm-capabilities-spotted-wild
“Gootloader” expands its payload delivery options (1 mar) https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
FI: Brister i Swedbanks cybersäkerhet (1 mar) https://www.dn.se/ekonomi/fi-brister-i-swedbanks-cybersakerhet/
The Ursnif banking Trojan has hit over 100 Italian banks (2 mar) https://blog.avast.com/ursnif-victim-data
ObliqueRAT Trojan now lurks in images on compromised websites (2 mar) https://www.zdnet.com/article/obliquerat-trojan-now-hides-in-images-on-compromised-websites/
ENISA and CERT-EU sign Agreement to start their Structured Cooperation (2 mar) https://www.enisa.europa.eu/news/enisa-news/enisa-and-cert-eu-sign-agreement-to-start-their-structured-cooperation
MSB om riskerna med nya journalsystemet (3 mar) https://www.svt.se/nyheter/lokalt/orebro/msb-om
It-attacker växande problem i Region Gotland (3 mar) https://www.svd.se/it-attacker-vaxande-problem-i-region-gotland/i/senaste
Three Top Russian Cybercrime Forums Hacked (4 mar) https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/ .. Breaking: Elite Cybercrime Forum “Maza” Breached by Unknown Attacker (4 mar) https://www.flashpoint-intel.com/blog/breelite-cybercrime-forum-maza-breached-by-unknown-attacker/
Kommuner anmäler sig själva efter Ekots granskning (5 mar) https://sverigesradio.se/artikel/kommuner-anmaler-sig-sjalva-efter-ekots-granskning
Informationssäkerhet och blandat
An Exploration of JSON Interoperability Vulnerabilities (25 feb) https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
Molntjänster och FISA 702 (26 feb) https://kryptera.se/molntjanster-och-fisa-702/
Is Your Browser Extension a Botnet Backdoor? (1 mar) https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/
Cybersäkerhet – nu är det allvar (1 mar) https://www.svt.se/nyheter/svtforum/cybersakerhet-nu-ar-det-allvar
Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web (1 mar) https://www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
March 1st – Threat Intelligence Report (1 mar) https://research.checkpoint.com/2021/march-1st-threat-intelligence-report/
Inside the Ransomware Economy (1 mar) https://www.securityweek.com/inside-ransomware-economy
Cybercriminals continue to target trusted cloud apps (2 mar) https://www.helpnetsecurity.com/2021/03/02/cybercriminals-target-trusted-cloud-apps/
Eugene Kaspersky says cyber-crooks coined it during COVID and will take a break to spend their loot (3 mar) https://www.theregister.com/2021/03/03/eugene_kaspersky_post_covid_security_predictions/
Create your Cyber Action Plan https://www.ncsc.gov.uk/cyberaware/actionplan
Etterretningstjenesten: Focus 2021 https://www.forsvaret.no/aktuelt-og-presse/publikasjoner/fokus/rapporter/Focus2021-english.pdf/_/attachment/inline/450b1ed0-1983-4e6b-bc65-4aa7631aa36f:21c5241a06c489fa1608472c3c8ab855c0ac3511/Focus2021-english.pdf
CERT-SE i veckan
BM21-001, BM21-002 - Aktiva skanningar efter sårbara Microsoft Exchange-servrar