CERT-SE:s veckobrev v.25

Veckobrev

Under veckan som gått har vi sett ett antal allvarliga dataintrång, DDoS- och ransomwareattacker mot olika sektorer och branscher i Sverige och runtom i världen. EU planerar en gemensam cyberenhet som ska jobba med storskaliga cyberattacker. Och här hemma har Sveriges första cybersoldater muckat efter 11 månaders utbildning. Trevlig läsning och glad midsommar önskar CERT-SE!

Nyheter i veckan

Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority (16 jun) https://www.theregister.com/2021/06/16/baltimore_ryuk_ransomware_dollars_8_1m_recovery_cost/

Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened (17 jun) https://www.vice.com/en/article/4avnan/bombshell-report-finds-phone-network-encryption-was-deliberately-weakened

Hit by a Ransomware Attack? Your Payment May be Deductible (19 jun) https://www.securityweek.com/hit-ransomware-attack-your-payment-may-be-deductible

The Polish Prime Minister asked the Sejm to hold a closed meeting on cyber attacks (19 jun) https://www.ehackingnews.com/2021/06/the-polish-prime-minister-asked-sejm-to.html

Fake DarkSide Ransomware Gang Targets Energy, Food Sectors (20 jun) https://www.bankinfosecurity.com/fake-darkside-ransomware-gang-targets-energy-food-sectors-a-16911

Most organizations would pay in the event of a ransomware attack (21 jun) https://www.helpnetsecurity.com/2021/06/21/pay-ransomware-attack/

Georgia fertility clinic discloses breach of patient SSNs and medical info after ransomware attack (21 jun) https://www.zdnet.com/article/georgia-fertility-clinic-discloses-breach-of-patient-ssns-and-medical-info-after-ransomware-attack/

Resenärer fick sms av ”Putin” – Länstrafiken i Norrbotten stänger tjänst (21 jun) https://www.svt.se/nyheter/lokalt/norrbotten/resenarer-fick-sms-av-putin-nu-stanger-lanstrafiken-i-norrbotten-tjansten

South Korea’s nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group (21 jun) https://www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/

50% of misconfigured containers hit by botnets in under an hour (21 jun) https://www.scmagazine.com/data-leakage-prevention-dlp/50-of-misconfigured-containers-hit-by-botnets-in-under-an-hour/ .. Aqua Security’s Cloud Native Threat Report Reveals Sophisticated New Attacks in the Wild on Container Supply Chains and Infrastructure (21 jun) https://www.aquasec.com/news/2021-cloud-native-threat-report-reveals-new-threats/

Best practices for IT teams to prevent ransomware attacks (22 jun) https://www.helpnetsecurity.com/2021/06/22/best-practices-prevent-ransomware-attacks/

ADATA ransomware attack saw 700GB of data stolen (22 jun) https://www.techradar.com/news/adata-ransomware-attack-saw-700gb-of-data-stolen

En milstolpe i förstärkningen av cyberförsvaret (22 jun) https://www.forsvarsmakten.se/sv/aktuellt/2021/06/en-milstolpe-i-forstarkningen-av-cyberforsvaret/

City of Liege, Belgium hit by ransomware (22 jun) https://therecord.media/city-of-liege-belgium-hit-by-ransomware/

A ‘Digital Vaccine’ for Battling Ransomware Epidemic (22 jun) https://www.bankinfosecurity.com/interviews/digital-vaccine-for-battling-ransomware-epidemic-i-4919

Brave launches search engine that doesn’t track users and searches (22 jun) https://therecord.media/brave-launches-search-engine-that-doesnt-track-users-and-searches/

How to be prepared for a ransomware attack: Check your data and backups (22 jun) https://www.techrepublic.com/article/how-to-be-prepared-for-a-ransomware-attack-check-your-data-and-backups/

SEC still digging into SolarWinds fallout, nudges undeclared victims (22 jun) https://www.theregister.com/2021/06/22/sec_continues_to_probe_solarwinds/

Ransomware Gang Cl0p Announces New Victim After Police Bust (22 jun) https://www.vice.com/en/article/88n5j3/ransomware-gang-cl0p-announces-new-victim-after-police-bust

EU wants emergency team for ‘nightmare’ cyber-attacks (23 jun) https://www.bbc.com/news/technology-57583158 .. EU Cybersecurity: Commission proposes a Joint Cyber Unit to step up response to large-scale security incidents (23 jun) https://ec.europa.eu/commission/presscorner/detail/en/IP_21_3088

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework (23 jun) https://therecord.media/mitre-releases-d3fend-defensive-measures-complimentary-to-its-attck-framework/ .. NSA Funds Development, Release of D3FEND (22 jun) https://www.nsa.gov/news-features/press-room/Article/2665993/nsa-funds-development-release-of-d3fend/

May 2021 witnessed over 223.7 million ransomware attacks (23 jun) https://www.cybersecurity-insiders.com/may-2021-witnessed-over-223-7-million-ransomware-attacks/

Ransomware decreases as cybercriminals hit more lucrative targets (23 jun) https://www.helpnetsecurity.com/2021/06/23/ransomware-decreases/

Tulsa ransomware hackers leak 18,000 files on dark web (23 jun) https://www.itpro.co.uk/security/ransomware/359970/tulsa-ransomware-attackers-publish-18000-files-on-dark-web

70pc of devices back in use following HSE cyberattack (23 jun) https://www.siliconrepublic.com/enterprise/hse-cyberattack-decryption

John McAfee: Anti-virus creator found dead in prison cell (23 jun) https://www.bbc.com/news/world-europe-57589822

Microsoft warns: Now attackers are using a call centre to trick you into downloading ransomware (23 jun) https://www.zdnet.com/article/microsoft-warns-now-attackers-are-using-a-call-centre-to-trick-you-into-downloading-ransomware/

ChaChi: a new GoLang Trojan used in attacks against US schools (23 jun) https://www.zdnet.com/article/chachi-golang-a-new-go-trojan-focuses-on-attacking-us-schools/

Informationssäkerhet och blandat

50,000 security disasters waiting to happen: The problem of America’s water supplies (17 jun) https://www.nbcnews.com/tech/security/hacker-tried-poison-calif-water-supply-was-easy-entering-password-rcna1206

Inrättandet av Nationellt cybersäkerhetscenter pågår (17 jun) https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2021-06-17-inrattandet-av-nationellt-cybersakerhetscenter-pagar.html

Inglis confirmed as first national cyber director (18 jun) https://www.scmagazine.com/home/security-news/government-and-defense/inglis-confirmed-as-first-national-cyber-director/

Nu vaknar Sverige om cybersäkerheten (19 jun) https://www.dagensarena.se/opinion/nu-vaknar-sverige-om-cybersakerheten/

Threat actors using Google Docs exploit to spread phishing links (19 jun) https://www.hackread.com/threat-actors-google-docs-exploit-phishing-links/

Uppbyggnaden av Nationellt cybersäkerhetscenter fortsätter (20 jun) https://www.securityuser.com/se/Nyheter/Samhalle/uppbyggnaden-av-nationellt-cybersakerhetscenter-fortsatter1

Cybersecurity firm exposes 5 billion data breach records (20 jun) https://www.hackread.com/cybersecurity-firm-expose-data-breach-records/

The Future of Machine Learning and Cybersecurity (21 jun) https://www.schneier.com/blog/archives/2021/06/the-future-of-machine-learning-and-cybersecurity.html

How Cyber Safe is Your Drinking Water Supply? (21 jun) https://krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/

Millions of medical images, patient data remain exposed via PACS flaws (21 jun) https://www.scmagazine.com/featured/millions-of-medical-images-patient-data-remain-exposed-via-pacs-flaws/

Hackerattack mot covidportal (21 jun) https://sverigesradio.se/artikel/hackerattack-mot-covidlabb .. Covidtester pausas efter misstänkt dataintrång (21 jun) https://www.dagensmedicin.se/vardens-styrning/patientsakerhet/covidtester-pausas-efter-misstankt-dataintrang/ .. Region Skåne utsatta för intrång i databas för självprovtagning (22 jun) https://www.svt.se/nyheter/lokalt/skane/region-skane-utsatta-for-intrang-i-databas-for-egenprovtagning .. Viktig information gällande intrång i LabPortalen och eRemiss. (21 jun) https://infosolutions.se/2021/06/21/viktig-information-gallande-personuppgiftsincident-i-samband-med-intrang-i-labportalen-och-eremiss/

Could better cyber hygiene have prevented the SolarWinds attack? (22 jun) https://www.scmagazine.com/home/security-news/could-better-cyber-hygiene-have-prevented-the-solarwinds-attack/

Hotellen tillbaka efter förra veckans hackerattack (22 jun) https://sverigesradio.se/artikel/hotellen-tillbaka-pa-benen-efter-forra-veckans-hackerattack

Detaljhandeln hårt drabbad av hackerattacker (22 jun) https://www.svd.se/detaljhandeln-hart-drabbad-av-hackerattacker .. IT-attack bakom Bauhaus stängda e-handel – ”allt annat än kul” (23 jun) https://www.ehandel.se/it-attack-bakom-bauhaus-stangda-e-handel-allt-annat-an-kul

Biblioteker over hele landet utsatt for dataangrep (23 jun) https://www.ba.no/bas-nyhetsstudio/s/5-8-1245854?p=lc-2498284-7073-bergensavisen

CERT-SE i veckan

Kritisk sårbarhet i Palo Alto Cortex XSOAR