CERT-SE:s veckobrev v.19

Veckobrev

I veckans nyhetsflöde syns flera fall av ransomware och dataintrång. Dessutom blir det en hel del lite mer tekniska artiklar, lite goda råd från NCSC-UK och annat gott och blandat.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Software security starts with the developer: Securing developer accounts with 2FA (4 maj)
https://github.blog/2022-05-04-software-security-starts-with-the-developer-securing-developer-accounts-with-2fa/

Ransomware Payments: Just 46% of Victims Now Pay a Ransom (5 maj)
https://www.bankinfosecurity.com/blogs/ransomware-payments-just-46-victims-now-pay-ransom-p-3225

Förstärkt samverkan gällande it-incidenter (5 maj)
https://www.regeringen.se/pressmeddelanden/2022/05/forstarkt-samverkan-gallande-it-incidenter/

Russia hammered by pro-Ukrainian hackers following invasion (6 maj)
https://arstechnica.com/information-technology/2022/05/russia-hammered-by-pro-ukrainian-hackers-following-invasion/

Data breach Discovered at IKEA Canada impacts 95,000 Customers (6 maj)
https://www.infosecurity-magazine.com/news/data-breach-ikea-canada/

AGCO Announces Ransomware Attack (6 maj)
https://news.agcocorp.com/news/agco-announces-ransomware-attack

Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice (6 maj)
https://www.state.gov/reward-offers-for-information-to-bring-conti-ransomware-variant-co-conspirators-to-justice/

Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins (5 maj)
https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/

Your Phone May Soon Replace Many of Your Passwords (7 maj)
https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/

India’s ongoing outrage over Pegasus malware tells a bigger story about privacy law problems (8 maj)
https://www.theregister.com/2022/05/08/pegasus_india_data_law_controversy/

Illinois college, hit by ransomware attack, to shut down (9 maj)
https://www.nbcnews.com/tech/security/ransomware-attack-covid-combine-shutter-illinois-college-rcna24905

Sällsynt med cyberattacker under falsk flagg (9 maj)
https://computersweden.idg.se/2.2683/1.765839/sallsynt-med-cyberattacker-under-falsk-flagg

Costa Rica declares national emergency after Conti ransomware attacks (9 maj)
https://www.bleepingcomputer.com/news/security/costa-rica-declares-national-emergency-after-conti-ransomware-attacks/

Undantagstillstånd efter hackerattack i Costa Rica (12 maj)
https://www.dn.se/varlden/undantagstillstand-efter-hackerattack-i-costa-rica/

Ransomware has gone down because sanctions against Russia are making life harder for attackers (10 maj)
https://www.zdnet.com/article/ransomware-has-gone-down-because-sanctions-against-russia-are-making-life-harder-for-attackers/

Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion (10 maj)
https://www.gov.uk/government/news/russia-behind-cyber-attack-with-europe-wide-impact-an-hour-before-ukraine-invasion

Healthcare Technology Provider Omnicell Discloses Ransomware Attack (11 maj)
https://www.securityweek.com/healthcare-technology-provider-omnicell-discloses-ransomware-attack

21 Million Records of VPN Users Leaked on Telegram (11 maj)
https://gbhackers.com/21-million-records-of-vpn-users/

Protecting Against Cyber Threats to Managed Service Providers and their Customers (11 maj)
https://www.cisa.gov/uscert/ncas/alerts/aa22-131a

Eternity malware kit offers stealer, miner, worm, ransomware tools (12 maj)
https://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/

Russia is after YOUR personal data: Experts warn internet users not to download latest online craze New Profile Pic that hoovers up your details and sends them to Moscow (12 maj)
https://www.dailymail.co.uk/news/article-10802211/NewProfilePic-Warning-issued-viral-app-hoover-data-sends-Moscow.html

Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals (12 maj)
https://www.infosecurity-magazine.com/news/oklahoma-city-indian-clinic-data/

Emotet rockets to the top of the malware charts in Q1 (13 maj)
https://betanews.com/2022/05/13/emotet-rockets-to-the-top-of-the-malware-charts-in-q1/

HP Wolf Security Threat Insights Report Q1 2022 (12 maj)
https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q1-2022/

Lite mer tekniskt

Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (4 maj)
https://www.cybereason.com/blog/operation-cuckoobees-cybereason-uncovers-massive-chinese-intellectual-property-theft-operation

Raspberry Robin gets the worm early (5 maj)
https://redcanary.com/blog/raspberry-robin/

BPFDoor — an active Chinese global surveillance tool (7 maj)
https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896

Examining the Black Basta Ransomware’s Infection Routine (9 maj)
https://www.trendmicro.com/en_us/research/22/e/examining-the-black-basta-ransomwares-infection-routine.html

REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence (9 maj)
https://www.secureworks.com/blog/revil-development-adds-confidence-about-gold-southfield-reemergence

npm supply chain attack targets Germany-based companies with dangerous backdoor malware (10 maj)
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/

APT34 targets Jordan Government using new Saitama backdoor (10 maj)
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/

Please Confirm You Received Our APT (11 maj)
https://www.fortinet.com/blog/threat-research/please-confirm-you-received-our-apt

Info-stealer Campaign targets German Car Dealerships and Manufacturers (10 maj)
https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/

Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques (11 maj)
https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques

Massive WordPress JavaScript Injection Campaign Redirects to Ads (11 maj)
https://blog.sucuri.net/2022/05/massive-wordpress-javascript-injection-campaign-redirects-to-ads.html

COBALT MIRAGE Conducts Ransomware Operations in U.S. (12 maj)
https://www.secureworks.com/blog/cobalt-mirage-conducts-ransomware-operations-in-us

Network Footprints of Gamaredon Group (12 maj)
https://blogs.cisco.com/security/network-footprints-of-gamaredon-group

Informationssäkerhet och blandat

DN Debatt. ”Bank-id och e-legitimation behöver få statlig tillsyn” (8 maj)
https://www.dn.se/debatt/bank-id-och-e-legitimation-behover-fa-statlig-tillsyn/

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself (9 maj)
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/

UK joins international cyber agency partners to release supply chain guidance (11 maj)
https://www.ncsc.gov.uk/news/uk-joins-international-cyber-agency-partners-to-release-supply-chain-guidance

Relaunching the NCSC’s Cloud security guidance collection (12 maj)
https://www.ncsc.gov.uk/blog-post/relaunching-the-ncscs-cloud-security-guidance-collection

Why are DDoS attacks so easy to launch and so hard to defend against? (13 maj)
https://www.helpnetsecurity.com/2022/05/13/mitigate-ddos-attacks-video/

CERT-SE i veckan

Flera sårbarheter i SAP-produkter

Kritiska sårbarheter i F5 Networks-produkter (uppdaterad 2022-05-11)

Adobes månatliga säkerhetsuppdateringar för maj

Microsofts månatliga säkerhetsuppdateringar för maj 2022

SMS-trojanen FluBot är aktiv igen (uppdaterad 2022-05-09)