CERT-SE:s veckobrev v.43

Veckobrev

Hurra, hurra för internet, som har sin alldeles egna dag idag. Fira genom att läsa vårt kusliga veckobrev, bland annat finns flera spännande cyberrapporter med rysligt innehåll att ta del av. Och nu är det sista chansen att delta i årets upplaga av CERT-SE:s CTF, som ligger ute till och med söndag.

Trevlig helg i höstmörkret!

Nyheter i veckan

MSB tar nästa steg i storsatsning på ett modernt kommunikationssystem (21 okt)
https://www.aktuellsakerhet.se/msb-tar-nasta-steg-i-storsatsning-pa-ett-modernt-kommunikationssystem/

Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks (21 okt)
https://therecord.media/cybercrime-gang-sets-up-fake-company-to-hire-security-experts-to-aid-in-ransomware-attacks/

New activity from Russian actor Nobelium (24 okt)
https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/

Large DDoS attack shuts down KT’s nationwide network (24 okt)
https://www.zdnet.com/article/large-ddos-attack-shuts-down-south-korean-telcos-nationwide-network/

Threat actors offer for sale data for 50 millions of Moscow drivers (24 okt)
https://securityaffairs.co/wordpress/123711/data-breach/moscow-drivers-data-leak.html

Breaking the News (24 okt)
https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/

How an NYT reporter was targeted by an invisible iPhone hack (25 okt)
https://bgr.com/tech/how-an-nyt-reporter-was-targeted-by-an-invisible-iphone-hack/

Decrypter announced for past BlackMatter ransomware victims (24 okt)
https://therecord.media/free-decrypter-announced-for-past-blackmatter-ransomware-victims/

Ransomware criminals have feelings too: BlackMatter abuse caused crims to shut down negotiation portal (25 okt)
https://www.theregister.com/2021/10/25/blackmatter_portal_emsisoft/

SolarWinds attacker on the move: Russia’s Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft (25 okt)
https://www.theregister.com/2021/10/25/nobelium_russia_svr_msp_warning_microsoft/

Tesco website and app back up after hack attempt (25 okt)
https://www.bbc.com/news/business-59027423

Conti Ransom Gang Starts Selling Access to Victims (25 okt)
https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/

Kansas Man Admits Hacking Public Water Facility (25 okt)
https://www.securityweek.com/kansas-man-admits-hacking-public-water-facility

Cyberattack mot Eberspächer – personalen hemskickad (25 okt)
https://sverigesradio.se/artikel/cyberattack-mot-eberspacher-personalen-hemskickad

Decrypting Cobalt Strike Traffic With a “Leaked” Private Key (25 okt)
https://isc.sans.edu/diary/rss/27968

5 Cybersecurity Considerations for the Auto Industry (25 okt)
https://www.tripwire.com/state-of-security/security-data-protection/iot/5-cybersecurity-considerations-for-the-auto-industry/

Digital Shadows: Ransomware Q3 Roll Up (25 okt)
https://www.digitalshadows.com/blog-and-research/ransomware-q3-2021-roll-up/

Ransomware gangs are abusing a zero-day in EntroLink VPN appliances (25 okt)
https://therecord.media/ransomware-gangs-are-abusing-a-zero-day-in-entrolink-vpn-appliances/

SOS Alarm: Störningar i trygghetslarm (26 okt)
https://www.svt.se/nyheter/snabbkollen/sos-alarm-storningar-i-trygghetslarm

North Korean state hackers start targeting the IT supply chain (26 okt)
https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/

Iranian gas stations out of service after distribution network hacked (26 okt)
https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/

Nio av tio oroliga för sin integritet på nätet (26 okt)
https://www.svd.se/oro-praglar-svenskarnas-digitala-liv

Rapport | Svenskarna och internet 2021
https://svenskarnaochinternet.se/rapporter/svenskarna-och-internet-2021/?gclid=EAIaIQobChMI69D9oNDs8wIVogV7Ch3ZQAKcEAAYASAAEgLbUfD_BwE

Kaspersky: APT trends report Q3 2021 (26 okt)
https://securelist.com/apt-trends-report-q3-2021/104708/

These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords (27 okt)
https://www.zdnet.com/article/these-phishing-emails-use-qr-codes-to-bypass-defences-and-steal-microsoft-365-usernames-and-passwords/

Hackers-for-Hire drive the Evolution of the New ENISA Threat Landscape (27 okt)
https://www.enisa.europa.eu/news/enisa-news/hackers-for-hire-drive-the-evolution-of-the-new-enisa-threat-landscape

Ramverket ATT&CK version 10 nu släppt (27 okt)
https://kryptera.se/ramverket-attck-version-10-nu-slappt/NRA responds to reports of Grief ransomware attack (27 okt) https://www.zdnet.com/article/nra-responds-to-reports-of-grief-ransomware-attack/

TA551 Using Silver Red-Teaming Tool to Penetrate Networks (27 okt)
https://cyware.com/news/ta551-using-silver-red-teaming-tool-to-penetrate-networks-e5c83e78

Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year (27 okt)
https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year/

Free decryptor released for Atom Silo and LockFile ransomware (27 okt)
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-atom-silo-and-lockfile-ransomware/

Babuk ransomware decryptor released to recover files for free (27 okt)
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/

Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast (28 okt)
https://grahamcluley.com/free-decryption-tools-for-atomsilo-babuk-and-lockfire-ransomware-released-by-avast/

Nasjonalt digitalt risikobilde 2021 (28 okt)
https://nsm.no/aktuelt/nasjonalt-digitalt-risikobilde-2021

NSA warns of threat actors compromising entire 5G networks via cloud systems (28 okt)
https://therecord.media/nsa-warns-of-threat-actors-compromise-entire-5g-networks-via-cloud-systems/

Ransomware gangs use SEO poisoning to infect visitors (28 okt)
https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/

Core member of ransomware gang identified (28 okt)
https://www.zeit.de/digital/internet/2021-10/ransomware-group-revil-member-hacker-russia-investigation

12 targeted for involvement in ransomware attacks against critical infrastructure (29 okt)
https://www.europol.europa.eu/newsroom/news/12-targeted-for-involvement-in-ransomware-attacks-against-critical-infrastructure

Informationssäkerhet och blandat

Darktrace: 2021 Ransomware Threat Report (25 okt)
https://www.darktrace.com/en/resources/wp-ransomware-threat-report.pdf

SANS #SecureTheFamily (26 okt)
https://www.sans.org/security-awareness-training/mlp/secure-the-family-2021/

Microsoft Digital Defense Report October (26 okt)
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi

CERT-SE i veckan

Flera kritiska sårbarheter i Adobe-produkterSkadlig kod i UA-Parser-js