Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.15

Ransomware drabbar många branscher och i veckans nyhetssvep kan du ta del av hur såväl rederier som ostälskare drabbas av dessa attacker. Plus det senaste om läckorna från diverse sociala plattformar och en sammanställning av vilka konsekvenser pandemin haft på cybersäkerheten i Sverige. Och en glad nyhet om cyberförsvarsövningen Locked Shields, där det svenska laget placerade sig överst på prispallen. Trevlig helg önskar CERT-SE!

Nyheter i veckan

OMX 30 – Ny unik undersökning om cyberbrott (31 mar)
https://www.svensktnaringsliv.se/sakomraden/sakerhet-och-risk/omx-30-ny-unik-undersokning-om-cyberbrott_1168785.html

A very modern form of piracy: Cybercrime against the shipping industry – Part 2: Ransomware (7 apr)
https://www.clydeco.com/en/insights/2021/04/a-very-modern-form-of-piracy-cybercrime-against-th

Nation States, Cyberconflict and the Web of Profit (8 apr)
https://threatresearch.ext.hp.com/web-of-profit-nation-state-report/

Pwn2Own 2021 hacking contest ends with a three-way tie (8 apr)
https://therecord.media/pwn2own-2021-hacking-contest-ends-with-a-three-way-tie/
--
Ny sårbarhet i Zoom medger Remote Code Execution (RCE) (9 apr)
https://kryptera.se/ny-sarbarhet-i-zoom-medger-remote-code-execution-rce/

UK businesses are being hit with thousands of new cyberattacks each day (9 apr)
https://www.itproportal.com/news/uk-businesses-are-being-hit-with-thousands-of-new-cyberattacks-each-day/

Maze/Egregor ransomware cartel estimated to have made $75 million (9 apr)
https://therecord.media/maze-egregor-ransomware-cartel-estimated-to-have-made-75-million/

SAP: Det tar cirka 72 timmar för hackare att göra om våra patchar till vapen (9 apr)
https://computersweden.idg.se/2.2683/1.749248/sap-72-timmar-fran-patch-till-attack
--
https://onapsis.com/active-cyberattacks-mission-critical-sap-applications

Android malware found on Huawei’s official app store (9 apr)
https://therecord.media/android-malware-found-on-huaweis-official-app-store/

Microsoft: Malware gang uses website contact forms for distribution (10 apr)
https://therecord.media/microsoft-malware-gang-uses-website-contact-forms-for-distribution/

New REvil Ransomware Version Automatically Logs Windows into Safe Mode (11 apr)
https://www.ehackingnews.com/2021/04/new-revil-ransomware-version.html

Cyberattacks are the number-one threat to the global financial system, Fed chair says (12 apr)
https://edition.cnn.com/2021/04/12/business/jerome-powell-cyberattacks-global-threat/index.html

Security researcher drops Chrome and Edge exploit on Twitter (12 apr)
https://therecord.media/security-researcher-drops-chrome-and-edge-zero-day-on-twitter/

‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails (12 apr)
https://therecord.media/they-knew-i-was-running-late-to-meetings-former-dhs-chief-on-reports-that-solarwinds-hackers-targeted-his-emails/

Google URLs are being used to disguise malware sent through contact forms (12 apr)
https://www.techradar.com/news/google-urls-are-being-used-to-disguise-malware-sent-through-contact-forms

Son of Stuxnet? (12 apr)
https://gizmodo.com/son-of-stuxnet-1846661852

How ransomware gangs are connected, sharing resources and tactics (13 apr)
https://blog.malwarebytes.com/ransomware/2021/04/how-ransomware-gangs-are-connected-and-sharing-resources-and-tactics/

Tomma ostdiskar efter ransomwareattack (13 apr)
https://computersweden.idg.se/2.2683/1.749452/tomma-ostdiskar-efter-ransomwareattack

March 2021’s Most Wanted Malware: IcedID Banking Trojan Enters Top 10 Following Covid-Related Campaign (13 apr)
https://blog.checkpoint.com/2021/04/13/march-2021s-most-wanted-malware-icedid-banking-trojan-enters-top-10-following-covid-related-campaign/

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins (14 apr)
https://www.theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/

FireEye: More than 1,900 distinct hacking groups are active today (14 apr)
https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/

The FBI got a court order to delete backdoors from hacked Exchange servers (14 apr)
https://www.engadget.com/fbi-hafnium-exchange-server-060721872.html

IcedID malware gang positioning itself as one of the Emotet replacements (14 apr)
https://therecord.media/icedid-malware-gang-positioning-itself-as-one-of-the-emotet-replacements/

New Linux research division launches to explore open source ecosystems (14 apr)
https://sdtimes.com/open-source/new-linux-research-division-launches-to-explore-open-source-ecosystems/

Cyberhotet underskattas (14 apr)
https://www.offentligaaffarer.se/2021/04/14/cyberhotet-underskattas/

DDoS attacks increased by 20% in 2020, meaning everyone should consider themselves at risk (14 apr)
https://www.techrepublic.com/article/ddos-attacks-increased-by-20-in-2020-meaning-everyone-should-consider-themselves-at-risk/

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks (15 apr)
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied

CISA and CNMF Analysis of SolarWinds-related Malware (15 apr)
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/cisa-and-cnmf-analysis-solarwinds-related-malware

Microsoft Continues to be Most Imitated Brand for Phishing Attempts in Q1 2021 (15 apr)
https://blog.checkpoint.com/2021/04/15/microsoft-continues-to-be-most-imitated-brand-for-phishing-attempts-in-q1-2021/

It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US (15 apr)
https://www.theregister.com/2021/04/15/solarwinds_hack_russia_apt29_positive_technologies_sanctions/

SolarWinds hack affected six EU agencies (15 apr)
https://therecord.media/solarwinds-hack-affected-six-eu-agencies/

Celsius email system breach leads to phishing attack on customers (15 apr)
https://www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/

IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain (15 apr)
https://www.securityweek.com/ibm-44-organizations-targeted-attacks-aimed-covid-19-vaccine-cold-chain

Hackare försöker förgifta sökmotorer med över 100 000 skadliga webbsidor (16 apr)
https://computersweden.idg.se/2.2683/1.749568/hackare-dumpar-over-100-000-sidor-skadliga-pdfs-pa-webben

Informationssäkerhet och blandat

Implementing Cybersecurity Best Practices (9 apr)
https://www.bankinfosecurity.com/interviews/implementing-cybersecurity-best-practices-i-4864

Sårbara vpn-servrar används i ny gisslanattack (9 apr)
https://computersweden.idg.se/2.2683/1.749249/cyberkriminella-gar-efter-sarbara-vpn

LinkedIn confirms leak of 500 million profiles online, maintains incident was not a breach (9 apr)
https://www.scmagazine.com/home/security-news/phishing/linkedin-confirms-leak-of-500-million-profiles-online-maintains-incident-was-not-a-breach/

Visa Describes New Skimming Attack Tactics (9 apr)
https://www.bankinfosecurity.com/visa-describes-new-skimming-attack-tactics-a-16372

Anställd hos polisen döms för dataintrång (10 apr)
https://sverigesradio.se/artikel/anstalld-hos-polisen-doms-for-dataintrang

LinkedIn denies 500 million user data breach (11 apr)
https://therecord.media/linkedin-denies-500-million-user-data-breach/

It-säkerhetsexpert: Svenska politiker och kändisar drabbade i Facebookläckan (11 apr)
https://www.svt.se/nyheter/inrikes/it-sakerhetsexpert-svenska-politiker-och-kandisar-drabbade-i-facebooklackan

Så använder cyberkriminella dina uppgifter (11 apr)
https://www.svt.se/nyheter/inrikes/sa-anvander-hackare-dina-uppgifter

Israel pekas ut för attacken mot Irans kärnanläggning (11 apr)
https://www.dn.se/varlden/iran-pekar-ut-terrorister-bakom-olycka-pa-karnanlaggning/

The Story of the EC-Council Gender Survey Scandal: Survey Creator Says "It Was Written by Women so it Can't be Sexist" (11 apr)
https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/

Scraped data of 1.3 million Clubhouse users published online (12 apr)
https://www.hackread.com/scraped-clubhouse-database-leaked-online/

White House announces leadership picks for CISA and National Cyber Director role (12 apr)
https://therecord.media/white-house-announces-leadership-picks-for-cisa-and-national-cyber-director-role/

Check Point’s Mobile Security Report 2021: Almost Every Organization Experienced a Mobile-related Attack in 2020 (12 apr)
https://blog.checkpoint.com/2021/04/12/check-points-mobile-security-report-2021-almost-every-organization-experienced-a-mobile-related-attack-in-2020/

Kommunen polisanmäler dataintrång (13 apr)
https://sverigesradio.se/artikel/kommunen-polisanmaler-dataintrang

McAfee reports 648 cyber security threats per minute in Q4 (13 apr)
https://infotechlead.com/security/mcafee-reports-648-cyber-security-threats-per-minute-in-q4-66170

Grovt ryskt dataintrång mot RF – förundersökning läggs ned (13 apr)
https://www.dn.se/sport/grovt-ryskt-dataintrang-mot-rf-forundersokning-laggs-ner/
--
Ryssland om cyberattackerna: ”Vi ska titta på det” (14 apr)
https://www.dn.se/sport/ryssland-om-cyberattackerna-vi-ska-titta-pa-det/
--
Sweden: Russians Behind Sports Confederation Hack (14 apr)
https://www.govinfosecurity.com/sweden-russians-behind-sports-confederation-hack-a-16404

Singapore’s deputy cyber chief on how the city-state became a laboratory for security initiatives (14 apr)
https://therecord.media/singapores-deputy-cyber-chief-on-how-the-city-state-became-a-laboratory-for-security-initiatives/

Ireland opens GDPR investigation into Facebook leak (14 apr)
https://techcrunch.com/2021/04/14/ireland-opens-gdpr-investigation-into-facebook-leak/
--
Facebook faces investigation over data breach (15 apr)
https://www.bbc.com/news/technology-56745734

Twitter will study ‘unintentional harms’ caused by its algorithms (14 apr)
https://www.engadget.com/twitter-will-study-algorithms-for-unintentional-harm-182722681.html
--
Twitter Is Ramping Up Its Initiative To Stop Harm Caused By Its AI (14 apr)
https://www.androidheadlines.com/2021/04/twitter-ai-algorithms-bias-initiative-rmli.html

Dataintrång i patientjournaler polisanmäls (14 apr)
https://sverigesradio.se/artikel/dataintrang-i-patientjournaler-polisanmals

Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested (14 apr)
https://www.securityweek.com/cybersecurity-vc-funding-hit-record-2020-78-billion-invested

University of Hertfordshire's entire IT system offline after cyber attack (15 apr)
https://www.itpro.co.uk/security/cyber-attacks/359222/university-of-hertfordshire-hit-by-cyber-attack

DNI’s Annual Threat Assessment (15 apr)
https://www.schneier.com/blog/archives/2021/04/dnis-annual-threat-assessment.html

Stockholms stad polisanmäler Öppna skolplattformen för dataintrång (15 apr)
https://computersweden.idg.se/2.2683/1.749563/stockholms-stad-polisanmaler-oppna-skolplattformen-for-dataintrang

Cybersäkerhet i pandemitider (16 apr)
https://www.msb.se/sv/aktuellt/nyheter/2021/april/rapport-om-cybersakerhet-i-pandemitider/

Sweden Scored Highest at the Cyber Defence Exercise Locked Shields 2021 (16 apr)
https://ccdcoe.org/news/2021/sweden-scored-highest-at-the-cyber-defence-exercise-locked-shields-2021/

CERT-SE i veckan

Kritiska sårbarheter i Juniper-produkter

Kritiska sårbarheter i SAP-produkter

Microsofts månatliga säkerhetsuppdateringar för april 2021