CERT-SE:s veckobrev v.35

Veckobrev

Återigen en hel del ransomware i veckans sammanställning, både faktiska incidenter men även några rapporter med analys och rådgivning om hur man kan arbeta för att göra verksamheten mer motståndskraftig mot olika typer av angrepp.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Is Your Business Prepared to Operate After a Ransomware Attack? (26 aug)
https://www.networkcomputing.com/interop/your-business-prepared-operate-after-ransomware-attack

Eight-Year Study Shows the Dark Side of WordPress Plugins (26 aug)
https://www.cc.gatech.edu/news/eight-year-study-shows-dark-side-wordpress-plugins

‘MagicWeb’ gives Nobelium threat group persistent access to compromised systems (26 aug)
https://www.scmagazine.com/news/network-security/magicweb-gives-nobelium-threat-group-persistent-access-to-compromised-systems

Cisa vill redan nu se bättre skydd mot cyberhot från kvantdatorer (27 aug)
https://computersweden.idg.se/2.2683/1.769729/cisa-vill-redan-nu-se-battre-skydd-mot-cyberhot-fran-kvantdatorer

Preparing Critical Infrastructure for Post-Quantum Cryptography
https://www.cisa.gov/sites/default/files/publications/cisa_insight_post_quantum_cryptography_508.pdf

LockBit ransomware gang gets aggressive with triple-extortion tactic (28 aug)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/

SD: Vi har utsatts för hackerattack (29 aug)
https://www.svt.se/nyheter/snabbkollen/sd-vi-har-utsatts-for-hackerattack

Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications (29 aug)
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/

Montenegro says Russian cyberattacks threaten key state functions (29 aug)
https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/

Pirate sites ban in Austria took down Cloudflare CDNs by mistake (29 aug)
https://www.bleepingcomputer.com/news/security/pirate-sites-ban-in-austria-took-down-cloudflare-cdns-by-mistake/

Cyber Signals: 3 strategies for protection against ransomware (30 aug)
https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/

Underscores and DNS: The Privacy Story (31 aug)
https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002

Migration policy org confirms cyberattack after extortion group touts theft (31 aug)
https://therecord.media/migration-policy-org-confirms-cyberattack-after-extortion-group-touts-theft/

Ransomware Gang Accessed Water Supplier’s Control System (31 aug)
https://www.vice.com/en/article/4axaeq/ransomware-gang-accessed-water-suppliers-control-system

Hackers Hit Italian Oil Giant Eni’s Computer Network (31 aug)
https://www.bloomberg.com/news/articles/2022-08-31/hackers-hit-italian-oil-giant-eni-s-internal-computer-network

Ragnar Locker ransomware claims attack on Portugal’s flag airline (31 aug)
https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/

Advanced cyber-attack: NHS doctors’ paperwork piles up (31 aug)
https://www.bbc.com/news/technology-62725363

Threat Analysis Report: Ragnar Locker Ransomware Targeting the Energy Sector (1 sept)
https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector

New ransomware hits Windows, Linux servers of Chile govt agency (1 sept)
https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/

Over 1,000 iOS apps found exposing hardcoded AWS credentials (1 sept)
https://www.bleepingcomputer.com/news/security/over-1-000-ios-apps-found-exposing-hardcoded-aws-credentials/

Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws

NSA and CISA share tips to secure the software supply chain (1 sept)
https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-tips-to-secure-the-software-supply-chain/

Securing the software supply chain: Recommended practices guide for developers
https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_DEVELOPERS.PDF

Informationssäkerhet och blandat

Nato investigates hacker sale of missile firm data (26 aug)
https://www.bbc.com/news/technology-62672184

COVID-19 data put for sale on Dark Web (29 aug)
https://securityaffairs.co/wordpress/134952/deep-web/covid-19-data-dark-web.html

Gigantisk nätfiskekampanj har angripit hundratals företag (29 aug)
https://computersweden.idg.se/2.2683/1.769728/gigantisk-natfiskekampanj-har-gatt-pa-over-hundra-organisationer

Roasting 0ktapus: The phishing campaign going after Okta identity credentials (25 aug)
https://blog.group-ib.com/0ktapus

How 1-Time Passcodes Became a Corporate Liability (30 aug)
https://krebsonsecurity.com/2022/08/how-1-time-passcodes-became-a-corporate-liability/

British Airways customers targeted in lost luggage Twitter scam (30 aug)
https://www.malwarebytes.com/blog/news/2022/08/steer-clear-of-lost-luggage-scams-on-twitter

How and Why Do Teens Become Cyber Criminals? (30 aug)
https://securityintelligence.com/articles/why-teens-become-cyber-criminals/

Mobile Health Apps Are Falling Behind In Cybersecurity, Report Finds (30 aug)
https://medtech.pharmaintelligence.informa.com/MT145768/Mobile-Health-Apps-Are-Falling-Behind-In-Cybersecurity-Report-Finds

Hackers target politicians with fake news website (31 aug)
https://www.bbc.com/news/62728084

Introducing our new machine learning security principles (31 aug)
https://www.ncsc.gov.uk/blog-post/introducing-our-new-machine-learning-security-principles

Defending the expanding attack surface (31 aug)
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report

CERT-SE i veckan

Genomgång av CERT-SE CTF2021 (snart dags igen!)