CERT-SE:s veckobrev v.37

Veckobrev

Valdagen 2022 och drottning Elizabeth II:s bortgång. Två mycket uppmärksammade händelser under veckan som gått, som även gett avtryck i cyberrymden i form av överbelastningsangrepp och nätfiske. Vi tipsar även om ett par läsvärda rapporter, bland annat om angrepp mot energisektorn. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Cyber attacks against European energy & utility companies (5 sept) https://energicert.dk/publikationer/https://energicert.dk/wp-content/uploads/2022/09/Attacks-against-European-energy-and-utility-companies-2020-09-05-v3.pdfLazarus and the tale of three RATs (8 sept) https://blog.talosintelligence.com/2022/09/lazarus-three-rats.htmlLampion malware returns in phishing attacks abusing WeTransfer (9 sept) https://www.bleepingcomputer.com/news/security/lampion-malware-returns-in-phishing-attacks-abusing-wetransfer/Ransomware gangs switching to new intermittent encryption tactic (10 sept) https://www.bleepingcomputer.com/news/security/ransomware-gangs-switching-to-new-intermittent-encryption-tactic/Recommended reading before the end of 2022 (10 sept) https://www.osintme.com/index.php/2022/09/10/recommended-reading-before-the-end-of-2022/Dead or Alive? An Emotet Story (12 sept) https://thedfirreport.com/2022/09/12/dead-or-alive-an-emotet-story/New Linux Cryptomining Malware (12 sept) https://www.schneier.com/blog/archives/2022/09/new-linux-cryptomining-malware.htmlUnpatched and Outdated Medical Devices Provide Cyber Attack Opportunities (12 sept) https://www.aha.org/cybersecurity-government-intelligence-reports/2022-09-12-fbi-pin-tlp-white-unpatched-and-outdated112 procent ökning av cyberattacker mot Ukrainas regering och militär (12 sept) https://www.aktuellsakerhet.se/112-procent-okning-av-cyberattacker-mot-ukrainas-regering-och-militar/ – Weaponized cybercrime: What organizations can learn from the conflict in Ukraine https://blog.checkpoint.com/2022/09/08/weaponized-cybercrime-what-organizations-can-learn-from-the-conflict-in-ukraine/Montenegro and its allies are working to recover from the massive cyber attack (13 sept) https://securityaffairs.co/wordpress/135667/hacking/montenegro-massive-cyber-attack.htmlTekniska problem för Sveriges Radio – hemsidan låg nere (13 sept) https://www.svt.se/nyheter/inrikes/tekniska-problem-for-sveriges-radio-sajten-ligger-nereOriginLogger: A Look at Agent Tesla’s Successor (13 sept) https://unit42.paloaltonetworks.com/originlogger/Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO (13 sept) https://www.proofpoint.com/us/blog/threat-insight/ta453-uses-multi-persona-impersonation-capitalize-fomoNew PsExec spinoff lets hackers bypass network security defenses (13 sept) https://www.bleepingcomputer.com/news/security/new-psexec-spinoff-lets-hackers-bypass-network-security-defenses/FBI om attacken mot Kaseya 2021: ”De skötte sig utmärkt” (14 sept) https://www.aktuellsakerhet.se/fbi-om-attacken-mot-kaseya-2021-de-skotte-sig-utmarkt/Mystiska meddelandet ännu en gåta: ”Aldrig varit med om något liknande” (14 sept) https://www.dn.se/sverige/mystiska-meddelandet-annu-en-gata-aldrig-varit-med-om-nagot-liknande/SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor (14 sept) https://thehackernews.com/2022/09/sparklinggoblin-apt-hackers-using-new.html – You never walk alone: The SideWalk backdoor gets a Linux variant (14 sept) https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices (14 sept) https://www.securityweek.com/passengers-exposed-hacking-vulnerabilities-airplane-wi-fi-devicesMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, Macs (14 sept) https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/FBI: Hackers steal millions from healthcare payment processors (14 sept) https://www.bleepingcomputer.com/news/security/fbi-hackers-steal-millions-from-healthcare-payment-processors/ – Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses (14 sept) https://www.ic3.gov/Media/News/2022/220914-2.pdfF5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech (15 sept) https://blogs.jpcert.or.jp/en/2022/09/bigip-exploit.htmlWebworm hackers modify old malware in new attacks to evade attribution (15 sept) https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ – Webworm: Espionage Attackers Testing and Using Older Modified RATs (15 sept) https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-ratsSelf-spreading stealer attacks gamers via YouTube (15 sept) https://securelist.com/self-spreading-stealer-attacks-gamers-via-youtube/107407/Malicious Word Document with a Frameset (15 sept) https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052Akamai stopped new record-breaking DDoS attack in Europe (15 sept) https://www.bleepingcomputer.com/news/security/akamai-stopped-new-record-breaking-ddos-attack-in-europe/

Val 2022

Tre överbelastningsattacker mot Valmyndigheten: ”Mycket allvarligt” (11 sept) https://www.svt.se/nyheter/inrikes/tre-overbelastningsattacker-mot-valmyndigheten-mycket-allvarligtNyhetssajter drabbades av it-attack under valkvällen (12 sept) https://sverigesradio.se/artikel/nyhetssajter-drabbades-av-it-attack-under-valkvallenFlera cyberattacker vid valet – oklart om de har samband (12 sept) https://computersweden.idg.se/2.2683/1.770287/flera-cyberattacker-vid-valetBonnier News utsatt för överbelastningsattack under valkvällen (12 sept) https://www.bonniernews.se/nyhet/7wfvRkMK7QoYT31LvIxQue/bonnier_news_utsatt_for_overbelastningsattack_under_valkvallen

Informationssäkerhet och blandat

Cisco confirms Yanluowang ransomware leaked stolen company data (12 sept) https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/Why is healthcare a top target for cybersecurity threats? (13 sept) https://www.securitymagazine.com/articles/98324-why-is-healthcare-a-top-target-for-cybersecurity-threatsNCSC warns public of potential Queen-related phishing attacks (14 sept) https://www.computerweekly.com/news/252524890/NCSC-warns-public-of-potential-Queen-related-phishing-attacks – Potential phishing activity update (13 sept) https://www.ncsc.gov.uk/news/potential-phishing-activity-updateDeath of Queen Elizabeth II exploited to steal Microsoft credentials (14 sept) https://www.bleepingcomputer.com/news/security/death-of-queen-elizabeth-ii-exploited-to-steal-microsoft-credentials/Third‑party cookies: How they work and how to stop them from tracking you across the web (15 sept) https://www.welivesecurity.com/2022/09/15/third-party-cookies-how-work-stop-tracking-across-web/Sveriges officiella Twitter-konto hackat – delade Putin-tweet (15 sept) https://www.svt.se/nyheter/inrikes/sveriges-officiella-twitter-konto-hackatUber reels from ‘security incident’ in which cloud systems seemingly hijacked (16 sept) https://www.theregister.com/2022/09/16/uber_security_incident/

CERT-SE i veckan

Adobes månatliga säkerhetsuppdateringar för septemberMicrosofts månatliga säkerhetsuppdateringar för september 2022 (uppdaterad 2022-09-15)