CERT-SE:s veckobrev v.38

Veckobrev

Även den italienska maffian har jobbat på distans det senaste året och bytt fokus mot mer cyberorienterade aktiviteter. Om detta och mycket annat - till exempel om statusen på Sveriges it-säkerhet, karaktärsdragen hos olika typer av hackare samt en genomgång av Zero Trust - i veckans nyhetssvep.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

How Hackers Use Open-Source Intelligence to Ransomware Companies (10 sept)
https://infosecwriteups.com/how-hackers-use-open-source-intelligence-to-ransomware-companies-12946a8e6b04

Så identifierar du spionprogramvaran Pegasus från NSO Group (17 sept)
https://kryptera.se/sa-identifierar-du-spionprogramvaran-pegasus-fran-nso-group/

German Election body hit by a cyber attack (17 sept)
https://securityaffairs.co/wordpress/122314/cyber-warfare-2/german-election-body-cyber-attack.html

‘Yes, we are breaking the law:’ An interview with the operator of a marketplace for stolen data (17 sept)
https://therecord.media/yes-we-are-breaking-the-law-an-interview-with-the-operator-of-a-marketplace-for-stolen-data/

Computer vision can help spot cyber threats with startling accuracy (18 sept)
https://thenextweb.com/news/computer-vision-help-spot-cyber-threats-startling-accuracy-syndication

“Squirrelwaffle” Maldoc Analysis (18 sept)
https://security-soup.net/squirrelwaffle-maldoc-analysis/Zero Trust-modellen - En genomgång (19 sept) https://cstromblad.com/posts/zero-trust-modellen-en-genomgang/

Why Edward Snowden is urging users to stop using ExpressVPN? (19 sept)
https://securityaffairs.co/wordpress/122365/intelligence/edward-snowden-expressvpn.html

Experten om svensk it-säkerhet: Det är ganska akut nu (20 sept)
https://www.dn.se/ekonomi/experten-om-svensk-it-sakerhet-det-ar-ganska-akut-nu/

Issues found with REvil decryptor issued by Bitdefender Featured (20 sept)
https://itwire.com/security/issues-found-with-revil-decryptor-issued-by-bitdefender.html

Ransomware still a primary threat as cybercriminals evolve tactics (20 sept)
https://www.helpnetsecurity.com/2021/09/20/ransomware-primary-threat/

Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers (20 sept)
https://www.securityweek.com/cyberattack-alaska-health-department-linked-state-sponsored-hackers

US farmer cooperative hit by $5.9M BlackMatter ransomware attack (20 sept)
https://www.bleepingcomputer.com/news/security/us-farmer-cooperative-hit-by-59m-blackmatter-ransomware-attack/

5 Types of Hackers & Why They Hack (20 sept)
https://blog.sucuri.net/2021/09/5-types-of-hackers-why-they-hack.html

Europol links Italian Mafia to million-dollar phishing scheme (20 sept)
https://www.bleepingcomputer.com/news/security/europol-links-italian-mafia-to-million-dollar-phishing-scheme/

Mafia works remotely, too, it seems: 100+ people suspected of phishing, SIM swapping, email fraud cuffed (21 sept)
https://www.theregister.com/2021/09/21/europol_arrests/

Coop-hackarna är tillbaka: ”Tog bara ledigt ett tag” (21 sept)
https://www.svt.se/nyheter/utrikes/ransomware-ligor-pa-frammarsch

FBI held back ransomware decryption key from businesses to run operation targeting hackers (21 sept)
https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html

FBI Director Questioned Over Kaseya Decryption Key (21 sept)
https://www.govinfosecurity.com/fbi-director-questioned-over-kaseya-decryption-key-a-17584

Report: FBI Had Ransomware Decryption Key for Weeks Before Giving It to Victims (21 sept)
https://gizmodo.com/report-fbi-had-ransomware-decryption-key-for-weeks-bef-1847715916

Yes, the FBI held back REvil ransomware keys (22 sept)
https://www.csoonline.com/article/3633667/yes-the-fbi-held-back-revil-ransomware-keys.html

First half DDoS attacks up 11 percent over last year (21 sept)
https://betanews.com/2021/09/21/ddos-attacks-up-11-percent/

BlackMatter gang ramps up attacks on multiple victims (21 sept)
https://www.computerweekly.com/news/252506951/BlackMatter-gang-ramps-up-attacks-on-multiple-victims

US Treasury sanctions cryptocurrency exchange linked to ransomware operations (21 sept)
https://therecord.media/us-treasury-sanctions-cryptocurrency-exchange-linked-to-ransomware-operations/

Turla hacking group launches new backdoor in attacks against US, Afghanistan (21 sept)
https://www.zdnet.com/article/turla-hacking-group-launches-new-backdoor-in-attacks-against-us-afghanistan/

Russian state hackers use new TinyTurla malware as secondary backdoor (21 sept)
https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/

Lithuania urges people to throw away Chinese phones (22 sept)
https://www.bbc.com/news/technology-58652249

It-haveri drabbade Region Norrbotten – påverkar operationer (22 sept)
https://www.dn.se/sverige/it-haveri-i-region-norrbotten-stoppar-operationer/

De utbildas av hackare – svenska företag i hårdträning i Kista (22 sept)
https://www.svt.se/nyheter/lokalt/stockholm/har-hardtranas-svenska-foretag-i-cybersakerhet-av-hackers

Han jobbar som hackare – här tar han över en robotdammsugare (22 sept)
https://www.svt.se/nyheter/lokalt/stockholm/pontus-jobbar-som-etisk-hacker-tillfredstallande-nar-man-lyckas-bryta-sig-in

Fraudsters steal £4m a day as crime surges (22 sept)
https://www.bbc.com/news/business-58649698

Trojan posing as IT refund attacks bank customers with Android phones (22 sept)
https://www.thehindubusinessline.com/info-tech/trojan-posing-as-it-refund-attacks-bank-customers-with-android-phones/article36605579.ece

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks (22 sept)
https://securityaffairs.co/wordpress/122480/security/conti-ransomware-attacks-escalation.html

Alert (AA21-265A): Conti Ransomware (22 sept)
https://us-cert.cisa.gov/ncas/alerts/aa21-265a

This phishing-as-a-service operation is responsible for many attacks against businesses, says Microsoft (22 sept)
https://www.zdnet.com/article/this-phishing-as-a-service-operation-is-responsible-for-many-attacks-against-businesses-says-microsoft/

DDoS attacks are becoming more prolific and more powerful, warn cybersecurity researchers (22 sept)
https://www.zdnet.com/article/ddos-attacks-are-becoming-more-prolific-and-more-powerful-warn-cybersecurity-researchers/

Google, Microsoft and Oracle generated most vulnerabilities in 2021 (22 sept)
https://www.hackread.com/google-microsoft-oracle-vulnerabilities-2021/

New Zealand’s Critical Infrastructure Vulnerable To Cyber Attacks (23 sept)
https://www.scoop.co.nz/stories/BU2109/S00577/new-zealands-critical-infrastructure-vulnerable-to-cyber-attacks.htm

U.S. Department of the Treasury announces set of actions to counter ransomware (23 sept)
https://www.helpnetsecurity.com/2021/09/23/counter-ransomware/

Så arbetar moderna hotjägare – ”en absolut nödvändighet i ett modernt cyberförsvar” (23 sept)
https://computersweden.idg.se/2.2683/1.752689/taktiktips-for-moderna-cyberhotsjagare

Cost of a Data Breach Report 2021
https://www.ibm.com/se-en/security/data-breach

Researchers finger new APT group, FamousSparrow, for hotel attacks (23 sept)
https://www.theregister.com/2021/09/23/researchers_finger_new_apt_group/

FamousSparrow: A suspicious hotel guest (23 sept)
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/

Ransomware attackers targeted this company. Then defenders discovered something curious (23 sept)
https://www.zdnet.com/article/ransomware-attackers-targeted-this-company-then-defenders-discovered-something-curious/

Ransomware Isn’t Back. It Never Left (23 sept)
https://www.wired.com/story/ransomware-revil-blackmatter-surge/

Cisco Talos Warns of Hacking Campaign On India’s Govt, Military Personnel (23 sept)
https://www.cxotoday.com/news-analysis/cisco-talos-warns-of-hacking-campaign-on-indias-govt-military-staff/

State-sponsored hacking group targets Port of Houston using Zoho zero-day (23 sept)
https://therecord.media/state-sponsored-hacking-group-targets-port-of-houston-using-zoho-zero-day/

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit (23 sept)
https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html

Spyware ‘found on phones of five French cabinet members’ (23 sept)
https://www.theguardian.com/news/2021/sep/23/spyware-found-on-phones-of-five-french-cabinet-members

Government Warns Banking Users of Android Malware That Pretends to Help Generate Income Tax Refunds (23 sept)
https://gadgets.ndtv.com/apps/news/android-malware-drinik-indian-banking-users-income-tax-refund-cert-in-advisory-2551112

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program (24 sept)
https://habr.com/en/post/579714/

Stop worrying that crims could break the ‘net, say cyber-diplomats – only nations have tried (24 sept)
https://www.theregister.com/2021/09/24/gcsc_norm_on_protecting_internet_core/

Flerfaktorsautentisering går att hacka – om man gör så här (24 sept)
https://computersweden.idg.se/2.2683/1.752708/hacka-mfa-flerfaktorsautentisering

Informationssäkerhet och blandat

Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years (16 sept)
https://www.theregister.com/2021/09/16/aviation_phishing_campaign_talos_five_years/

Stulna inloggningsuppgifter sprids via appen Telegram (17 sept)
https://computersweden.idg.se/2.2683/1.755960/stulna-inloggningsuppgifter-sprids-via-appen-telegram

Polisman åtalas för dataintrång – sökte både på släktingar och kollegor (18 sept)
https://sverigesradio.se/artikel/polisman-atalas-for-dataintrang-sokte-bade-pa-slaktingar-och-kollegor

Universitetet utsatt för vaccin-bluffare (19 sept)
https://www.mitti.se/nyheter/universitetet-utsatt-for-vaccin-bluffare/repuip!SQg3sKoJ94tcUpslVGiiQ/

Database containing personal info of 106 million international visitors to Thailand was exposed online (20 sept)
https://www.comparitech.com/blog/information-security/thai-traveler-data-leak/

Epik data breach impacts 15 million users, including non-customers (20 sept)
https://arstechnica.com/information-technology/2021/09/epik-data-breach-impacts-15-million-users-including-non-customers/

Office workers unwilling to change their behavior, despite being aware of the cybersecurity challenges (21 sept)
https://www.helpnetsecurity.com/2021/09/21/office-workers-cybersecurity/

Läcka i Hjärntorget – sårbarhet i Göteborgs skolplattform (21 sept)
https://www.nyteknik.se/sakerhet/lacka-i-hjarntorget-sarbarhet-i-goteborgs-skolplattform-7021227

Myndighetens tipsfunktion läckte personuppgifter (22 sept)
https://sverigesradio.se/artikel/myndighetens-tipsfunktion-lackte-personuppgifter

Hackers leak LinkedIn 700 million data scrape (22 sept)
https://therecord.media/hackers-leak-linkedin-700-million-data-scrape/

CERT-SE i veckan

Kritiska sårbarheter påverkar Ciscos trådlösa produkter

Kritiska sårbarheter i VMware-produkter