CERT-SE:s veckobrev v.49

Veckobrev

Det har varit en intensiv vecka vad gäller cybersäkerhetsrelaterade händelser. Se nedan ett axplock av de senaste nyheterna och fördjupningarna på temat.

Trevlig läsning och helg önskar CERT-SE!

Nyheter i veckan

Misstänkt cyberattack slår mot kreditupplysning och tvättstugebokningar (2 dec)
https://www.svt.se/nyheter/inrikes/cyber

MSB om it-angreppen: Ser inget samband (2 dec)
https://tt.omni.se/msb-om-it-angreppen-ser-inget-samband/a/VPgJll

Spanish police arrest 55 people involved in wide-ranging cyberscam operation (2 dec)
https://therecord.media/spanish-police-arrest-55-people-involved-in-wide-ranging-cyberscam-operation/

Open source software host Fosshost shutting down as CEO unreachable (4 dec)
https://www.bleepingcomputer.com/news/technology/open-source-software-host-fosshost-shutting-down-as-ceo-unreachable/

Android malware apps with 2 million installs spotted on Google Play (4 dec)
https://www.bleepingcomputer.com/news/security/android-malware-apps-with-2-million-installs-spotted-on-google-play/

French hospital cancels operations after cyberattack (5 dec)
https://techxplore.com/news/2022-12-french-hospital-cancels-cyberattack.html

Pehrson om cyberattacken: ”Sätt att visa att det finns en hotbild” (5 dec)
https://www.svt.se/nyheter/inrikes/pehrson-om-cyberattackerna-en-fraga-for-sakerhetspolisen

Ministern om it-attacken: Allvarlig hotbild (5 dec)
https://www.gp.se/ekonomi/ministern-om-it-attacken-allvarlig-hotbild-1.87184200

Cyberpolisen utreder it-brottet – klassas som grovt dataintrång (6 dec)
https://sverigesradio.se/artikel/cyberpolisen-utreder-it-brottet-klassas-som-grovt-dataintrang

Grovt dataintrång mot företag i Växjö (6 dec)
https://sverigesradio.se/artikel/grovt-dataintrang-mot-foretag-i-vaxjo

Datahaveri i flera regioner (6 dec)
https://www.svt.se/nyheter/inrikes/datahaveri-i-flera-regioner

Ransomware Toolkit Cryptonite turning into an accidental wiper (6 dec)
https://securityaffairs.co/wordpress/139336/cyber-crime/cryptonite-ransomware-toolkit-wiper.html

KmsdBot botnet is down after operator sends typo in command (6 dec)
https://www.theregister.com/2022/12/06/botnet_kmsdbot_typo_code/

Massive DDoS attack takes Russia’s second-largest bank VTB offline (6 dec)
https://www.bleepingcomputer.com/news/security/massive-ddos-attack-takes-russia-s-second-largest-bank-vtb-offline/

Antwerp’s city services down after hackers attack digital partner (6 dec)
https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/

Multiple government departments in New Zealand affected by ransomware attack on IT provider (6 dec)
https://therecord.media/multiple-government-departments-in-new-zealand-affected-by-ransomware-attack-on-it-provider/

Efter flera angrepp – MSB uppmanar till ökad bevakning av it-miljön (7 dec)
https://computersweden.idg.se/2.2683/1.773991/efter-flera-angrepp–msb-uppmanar-till-okad-bevakning-av-it-miljon

Ännu en cyberattack mot Ekerö – kommunen i stabsläge (7 dec)
https://sverigesradio.se/artikel/annu-en-cyberattack-mot-ekero-kommunen-i-stabslage

Ingen attack bakom it-strul i region Sörmland (7 dec)
https://www.dn.se/sverige/ingen-attack-bakom-it-strul-i-region-sormland/

Fantasy – a new Agrius wiper deployed through a supply‑chain attack (7 dec)
https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network (7 dec)
https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html

Cyberattack on Top Indian Hospital Highlights Security Risk (7 dec)
https://www.securityweek.com/cyberattack-top-indian-hospital-highlights-security-risk

Apple finally adds encryption to iCloud backups (7 dec)
https://www.computerworld.com/article/3682649/apple-finally-adds-encryption-to-icloud-backups.html

EU Council moves to exclude software-as-a-service from new cybersecurity law (7 dec)
https://www.euractiv.com/section/cybersecurity/news/eu-council-moves-to-exclude-software-as-a-service-from-new-cybersecurity-law/

Rackspace confirms it suffered a ransomware attack (8 dec)
https://www.malwarebytes.com/blog/news/2022/12/rackspace-confirms-it-suffered-a-ransomware-attack

IT-attack mot danska försvaret – hemsidor låg nere (8 dec)
https://www.svt.se/nyheter/utrikes/it-attack-mot-danska-forsvaret-hemsidor-nere

A-kassorna fungerar igen (8 dec)
https://www.gp.se/ekonomi/a-kassorna-fungerar-igen-1.87423005

Inga attacker mot Region Sörmland och Västra Götalandsregionen (8 dec)
https://lakartidningen.se/aktuellt/nyheter/2022/12/inga-attacker-mot-sormland-och-vgr/

Säkerhetsbrister i nytt it-system – personal ”panikutbildas” (8 dec)
https://www.svt.se/nyheter/inrikes/sakerhetsbrister-i-trafikverkets-nya-it-system-personal-panikutbildas

Informationssäkerhet och övrigt

Exercise Cyber Coalition 2022 Concludes in Estonia (2 dec)
https://act.nato.int/articles/exercise-cyber-coalition-2022-concludes-estoniaGartner analysts reveal 8 cybersecurity predictions for 2023 (2 dec) https://venturebeat.com/security/cybersecurity-predictions-gartner/

Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies (2 dec)
https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/

To fill the cybersecurity skills gap, the sector needs to boost diversity (2 dec)
https://www.weforum.org/agenda/2022/12/how-boosting-diversity-cybersecurity-skills-gap/

Federal Council submits dispatch on mandatory reporting of cyberattacks on critical infrastructures to Parliament (2 dec)
https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-92030.html

PTS övade cyberförsvar (5 dec)
https://www.aktuellsakerhet.se/pts-ovade-cyberforsvar/

NCSC driver pilotprojekt med finansiella aktörer (5 dec)
https://www.ncsc.se/aktuellt/NCSC_driver_pilotprojekt_med_finansiella_aktorer/

Amnesty International Canada target of sophisticated cyber-attack linked to China (5 dec)
https://www.amnesty.ca/news/news-releases/cyber-breach-statement/

Defcon Skimming: A new batch of Web Skimming attacks (5 dec)
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks

DDoS Protection: 8 Simple Tactics (5 dec)
https://blogs.blackberry.com/en/2022/11/ddos-attack-8-simple-prevention-and-mitigation-strategies

Want to detect Cobalt Strike on the network? Look to process memory (6 dec)
https://www.theregister.com/2022/12/06/cobalt_strike_memory_unit_42/

Cyber-Terror In The Skies (6 dec)
https://www.forbes.com/sites/emilsayegh/2022/12/06/cyber-terror-in-the-skies/

Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Router (6 dec)
https://isc.sans.edu/diary/Mirai+Botnet+and+Gafgyt+DDoS+Team+Up+Against+SOHO+Routers/29304

Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide (6 dec)
https://thehackernews.com/2022/12/darknets-largest-mobile-malware.html

Vice Society: Profiling a Persistent Threat to the Education Sector (6 dec)
https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/

4 cybersecurity predictions for 2023 — SANS analysts look ahead (7 dec)
https://venturebeat.com/security/sans-cybersecurity-predictions/

10 Cybersecurity Predictions for 2023 (7 dec)
https://www.dbta.com/Editorial/News-Flashes/10-Cybersecurity-Predictions-for-2023-156268.aspx

Breaking the silence - Recent Truebot activity (8 dec)
https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/

Compromised Cloud Compute Credentials: Case Studies From the Wild (8 dec)
https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/

CISA: Phishing infographics (8 dec)
https://www.cisa.gov/phishing-infographic

CERT-SE i veckan

Ny Metasploit-modul möjliggör utnyttjande av ProxyNotShell-sårbarheter

Kritisk sårbarhet i Sophos Firewall (uppdaterad 2022-12-08)