Publicerad: 2021-05-21 14:23

CERT-SE:s veckobrev v.20

Efter en nyhetsrik vecka kommer här ett lite extra spännande veckobrev. Det rapporteras bland annat om Darkside efter attacken mot Colonial Pipelines och om attackerna mot den irländska sjukvårdssektorn.

Några uppiggande nyheter blir det också, MSB har lanserat verktyget Infosäkkollen som ska förbättra informationssäkerhetsarbetet och CERT-SE har fått ett bättre samarbete med Have I Been Pwned.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Trading scheme resulting in €30 million in losses uncovered (12 maj)
https://www.europol.europa.eu/newsroom/news/trading-scheme-resulting-in-%E2%82%AC30-million-in-losses-uncovered

Ransomware Is Getting Ugly (14 maj)
https://www.schneier.com/blog/archives/2021/05/ransomware-is-getting-ugly.html

Insurer AXA hit by ransomware after dropping support for ransom payments (16 maj)
https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/

47% of Criminals Buying Exploits Target Microsoft Products (17 maj)
https://www.darkreading.com/vulnerabilities—threats/47–of-criminals-buying-exploits-target-microsoft-products/d/d-id/1341037

Överbelastningsattacker mot Region Gotland kostade 1,6 miljoner kronor (17 maj)
https://sverigesradio.se/artikel/overbelastningsattacker-mot-region-gotland-kostade-1-6-miljoner-kronor

Welcoming the Swedish Government to Have I Been Pwned (18 maj)
https://www.troyhunt.com/welcoming-the-swedish-government-to-have-i-been-pwned/

Gov reveals plans to boost supply chain cyber resilience (18 maj)
https://nationaltechnology.co.uk/Gov_Explores_Measures_To_Boost_Supply_Chain_Cyber_Reslience.php

Irish internet service providers hit by cyber attacks (18 maj)
https://www.independent.ie/business/technology/irish-internet-service-providers-hit-by-cyber-attacks-40441177.html

Email attachment believed to have opened door to cyber-attack on Waikato hospitals (19 maj)
https://www.stuff.co.nz/national/125175283/email-attachment-believed-to-have-opened-door-to-cyberattack-on-waikato-hospitals

Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public (19 maj)
https://www.zdnet.com/article/cybercriminals-scanned-for-vulnerable-microsoft-exchange-servers-within-five-minutes-of-news-going-public/

Rapport: 2021 Cortex Xpanse Attack Surface Threat Report
https://start.paloaltonetworks.com/asm-report

This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals (19 maj)
https://www.zdnet.com/article/this-is-how-the-cobalt-strike-penetration-testing-tool-is-being-abused-by-cybercriminals/

SolarWinds CEO apologizes for blaming an intern, says attack may have started in January 2019 (19 maj)
https://therecord.media/solarwinds-ceo-apologizes-for-blaming-an-intern-says-attack-may-have-started-in-january-2019/

The future of Internet Explorer on Windows 10 is in Microsoft Edge (19 maj)
https://blogs.windows.com/windowsexperience/2021/05/19/the-future-of-internet-explorer-on-windows-10-is-in-microsoft-edge/

SVT avslöjar: Polisen kan inte söka fingeravtryck i sitt eget register (19 maj)
https://www.svt.se/nyheter/inrikes/svt-avslojar-polisen-kan-inte-soka-fingeravtryck

MountLocker ransomware uses Windows API to worm through networks (19 maj)
https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/

Nätbankens säkerhetsmiss – gick att identifiera kunder (20 maj)
https://sverigesradio.se/artikel/natbankens-sakerhetsmiss-gick-att-identifiera-kunder

The Full Story of the Stunning RSA Hack Can Finally Be Told (20 maj)
https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times (20 maj)
https://www.theregister.com/2021/05/20/amex_fine_50m_spam/

Bizarro Banking Trojan (20 maj)
https://www.schneier.com/blog/archives/2021/05/bizarro-banking-trojan.html

US insurer paid $40 million ransom after March cyber attack: report (20 maj)
https://thehill.com/policy/cybersecurity/554635-us-insurer-paid-40-million-ransom-after-march-cyber-attack-report

Mobile app developers’ misconfiguration of third party services leave personal data of over 100 million exposed (20 maj)
https://research.checkpoint.com/2021/mobile-app-developers-misconfiguration-of-third-party-services-leave-personal-data-of-over-100-million-exposed/

DarkSide och Colonial Pipelines

Darkside ransomware gang says it lost control of its servers & money a day after Biden threat (14 maj)
https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/

DarkSide Ransomware Gang Says It Has Shut Down (14 maj)
https://www.bankinfosecurity.com/darkside-ransomware-gang-says-has-shut-down-a-16620

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized (14 maj)
https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized (17 maj)
https://thehackernews.com/2021/05/us-pipeline-ransomware-attackers-go.html

DarkSide Hits Toshiba; XSS Forum Bans Ransomware (17 maj)
https://threatpost.com/darkside-toshiba-xss-bans-ransomware/166210/

Cyber attack on European subsidiaries of the Toshiba Tec Group (14 maj)
https://www.toshibatec.com/information/20210514_01.html

Hacker gangs show few signs of slowing after pipeline attack (18 maj)
https://www.nbcnews.com/tech/security/hacker-gangs-show-signs-slowing-pipeline-attack-rcna951

Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware (19 maj)
https://us-cert.cisa.gov/ncas/current-activity/2021/05/19/update-cisa-fbi-joint-cybersecurity-advisory-darkside-ransomware

Colonial Pipeline boss confirms $4.4m ransom payment (20 maj)
https://www.bbc.com/news/business-57178503

Colonial-hackarna har utpressat många fler – dragit in hundratals miljoner (20 maj)
https://computersweden.idg.se/2.2683/1.751144/colonial-hackarna-har-pressat-ut-manga-fler–dragit-in-hundratals-miljoner

Attackerna mot irländska sjukvårdssektorn

NCSC Alert: Ransomware Attack on Health Sector - UPDATE (16 maj)
https://www.ncsc.gov.ie/pdfs/HSE_Conti_140521_UPDATE.pdf

HSE cyber attack: Govt says risk data will be abused (17 maj)
https://www.rte.ie/news/ireland/2021/0517/1222019-cyber-attack/

Conti ransomware also targeted Ireland’s Department of Health (17 maj)
https://www.bleepingcomputer.com/news/security/conti-ransomware-also-targeted-irelands-department-of-health/

What’s going on with the HSE cyberattack? (18 maj)
https://www.siliconrepublic.com/enterprise/hse-cyberattack-explainer-conti-ransomware

Informationssäkerhet och blandat

CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise (14 maj)
https://us-cert.cisa.gov/ncas/current-activity/2021/05/14/cisa-publishes-eviction-guidance-networks-affected-solarwinds-and

Verktyget Infosäkkollen ska förbättra informationssäkerhetsarbetet (17 maj)
https://www.msb.se/sv/aktuellt/nyheter/2021/maj/nya-verktyget-infosakkollen-ska-forbattra-informationssakerhetsarbetet/

CVE-2021-31166: A Wormable Code Execution Bug in HTTP.sys (18 maj)
https://www.zerodayinitiative.com/blog/2021/5/17/cve-2021-31166-a-wormable-code-execution-bug-in-httpsys

Recycle Your Phone, Sure, But Maybe Not Your Number (19 maj)
https://krebsonsecurity.com/2021/05/recycle-your-phone-sure-but-maybe-not-your-number/

Ransomware attacks are not a matter of if, but when (19 maj)
https://www.techrepublic.com/article/ransomware-attacks-are-not-a-matter-of-if-but-when/

BazarCall Method: Call Centers Help Spread BazarLoader Malware (19 maj)
https://unit42.paloaltonetworks.com/bazarloader-malware/

Ransomware: Should paying hacker ransoms be illegal? (20 maj)
https://www.bbc.com/news/technology-57173096

How to gain added security in Firefox with the site isolation feature, Fission (20 maj)
https://www.techrepublic.com/article/how-to-gain-added-security-in-firefox-with-the-site-isolation-feature-fission/

Phishing for Finance
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-phishing-for-finance-report-2021.pdf

CERT-SE i veckan

Allvarlig sårbarhet i Pulse Connect Secure

Microsofts månatliga säkerhetsuppdateringar för maj 2021 (uppdaterad 2021-05-18)

Sårbarhet i Dell-produkter - avinstallera nu!

Kontakta oss - dygnet runt

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

telefon

010-240 40 40

e-post

cert@cert.se

Fler nyheter

2024-04-19 14:07

CERT-SE:s veckobrev v.16

Denna vecka gick CERT-SE ut med årets andra blixtmeddelande, gällande en kritisk sårbarhet i Palo Alto...

Veckobrev
2024-04-19 13:06 Uppdaterad

Kritiska sårbarheter i Ivanti Avalanche

Ivanti har rättat flera sårbarheter i Avalanche, varav två bedöms som kritiska. De kan kan orsaka...

Sårbarhet Ivanti Avalanche
2024-04-18 16:25

Oracles kvartalsvisa säkerhetsuppdatering för april 2024

Oracle har publicerat sina kvartalsvisa säkerhetsuppdateringar för april. Säkerhetsuppdateringarna berör ett stort antal produkter. Totalt publiceras...

Sårbarhet Oracle
2024-04-18 15:16

Allvarlig sårbarhet i Cisco IMC

En sårbarhet i CLI (command line interface) i Cisco IMC möjliggör för en autentiserad användare att...

Sårbarhet Cisco
2024-04-18 14:00 Uppdaterad Blixtmeddelande

BM24-002 Kritisk sårbarhet i PAN-OS

Palo Alto varnar om en kritisk sårbarhet i PAN-OS. Sårbarheten har fått maximal CVSS-klassning, 10 av...

Blixtmeddelande PAN-OS Palo Alto

Nyheter