CERT-SE:s veckobrev v.5

Veckobrev DDoS nätfiske

Veckans nyhetsflöde bjuder på blandad läsning och två nypublicerade artiklar från CERT-SE, CERT-SE uppmanar till uppmärksamhet mot DDoS och Flera fall av nätfiske med liknande angreppssätt

Trevlig läsning och helg önskar CERT-SE!

Nyheter i veckan

Computer Sweden fyller 40 år (27 jan)
https://computersweden.idg.se/2.2683/1.775516/grattis-computer-sweden-40

Polisen hackade hackare – internationell insats knäckte ökänt ransomwaregäng (27 jan)
https://computersweden.idg.se/2.2683/1.775532/polisen-hackade-hackare–internationell-insats-knackte-okant-ransomwaregang

KFC, Pizza Hut, and Taco Bell Ransomware Attack Shuts Down 300 Restaurants in the UK (27 jan)
https://www.cpomagazine.com/cyber-security/kfc-pizza-hut-and-taco-bell-ransomware-attack-shuts-down-300-restaurants-in-the-uk/

PlugX malware hides on USB devices to infect new Windows hosts (27 jan)
https://www.bleepingcomputer.com/news/security/plugx-malware-hides-on-usb-devices-to-infect-new-windows-hosts/

Could hackers change the daily Wordle? Researchers are torn (28 jan)
https://therecord.media/could-hackers-change-the-daily-wordle-researchers-are-torn/

Russisk hackergruppe truer norske sykehus - som merker «unormal trafikk» (28 jan)
https://www.tv2.no/nyheter/russisk-hackergruppe-truer-norske-sykehus-som-merker-unormal-trafikk/15464144/

Shady reward apps on Google Play amass 20 million downloads (29 jan)
https://www.bleepingcomputer.com/news/security/shady-reward-apps-on-google-play-amass-20-million-downloads/

Danska centralbankens hemsida utsatt för överbelastningsattack (30 jan)
https://www.affarsvarlden.se/artikel/danska-centralbankens-hemsida-utsatt-for-overbelastningsattack

https://www.bt.dk/krimi/nationalbanken-under-angreb

British retailer JD Sports reveals 2-year-old intrusion affecting data of 10 million customers (30 jan)
https://therecord.media/british-retailer-jd-sports-reveals-2-year-old-intrusion-affecting-data-of-10-million-customers/

Realtek flaw accounted for 40% of attempts between August and December (30 jan)
https://www.scmagazine.com/news/device-security/realtek-flaw-accounted-for-40-of-attempts-between-august-and-december

Porsche halts NFT launch, phishing sites fill the void (30 jan)
https://www.bleepingcomputer.com/news/security/porsche-halts-nft-launch-phishing-sites-fill-the-void/

10 million customers exposed in JD Sports cyber attack (30 jan)
https://www.itpro.co.uk/security/cyber-attacks/369968/10-million-customers-exposed-in-jd-sports-cyber-attack

GitHub revokes code signing certificates stolen in repo hack (30 jan)
https://www.bleepingcomputer.com/news/security/github-revokes-code-signing-certificates-stolen-in-repo-hack/

U.S. No Fly list shared on a hacking forum, government investigating (30 jan)
https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/

QNAP fixes critical bug letting hackers inject malicious code (30 jan)
https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-letting-hackers-inject-malicious-code/

Facebook Bug Allows 2FA Bypass Via Instagram (30 jan)
https://www.darkreading.com/application-security/facebook-bug-2fa-bypass-instagram

Russia’s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (30 jan)
https://www.darkreading.com/attacks-breaches/russia-sandworm-apt-swarm-wiper-attacks-ukraine

U.S. No Fly list shared on a hacking forum, government investigating (30 jan)
https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/

En röra av 371 system fördröjde återstarten efter it-haveri i vården (31 jan)
https://computersweden.idg.se/2.2683/1.775697/en-rora-av-371-system-fordrojde-aterstarten-efter-it-haveri-i-varden

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector (31 jan)
https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html

New US ransomware strategy prioritizes victims but could make it harder to catch cybercriminals (31 jan)
https://edition.cnn.com/2023/01/31/politics/ransomware-disruption-hive-cybercrime/index.html

Circle K US spills partial credit card details, among other sensitive data (31 jan)
https://cybernews.com/security/circlek-leak-credit-card-exposed/

Microsoft: Over 100 threat actors deploy ransomware in attacks (31 jan)
https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

PoS malware can block contactless payments to steal credit cards (31 jan)
https://www.bleepingcomputer.com/news/security/pos-malware-can-block-contactless-payments-to-steal-credit-cards/

Pro-Russia group Killnet targets US healthcare with DDoS attacks (31 jan)
https://securityaffairs.com/141598/hacktivism/killnet-ddos-us-healthcare.html

Microsoft disables verified partner accounts used for OAuth phishing (31 jan)
https://www.bleepingcomputer.com/news/security/microsoft-disables-verified-partner-accounts-used-for-oauth-phishing/

New DDoS-as-a-Service platform used in recent attacks on hospitals (1 feb)
https://www.bleepingcomputer.com/news/security/new-ddos-as-a-service-platform-used-in-recent-attacks-on-hospitals/

Nevada Ransomware Has Released Upgraded Locker (1 feb)
https://securityaffairs.com/141668/cyber-crime/nevada-ransomware-upgraded-locker.html

https://www.bleepingcomputer.com/news/security/new-nevada-ransomware-targets-windows-and-vmware-esxi-systems/

Google Fi Data Breach Reportedly Led to SIM Swapping (1 feb)
https://www.securityweek.com/google-fi-data-breach-reportedly-led-to-sim-swapping/

Danmark höjer cyberhot – även Sverige utsatt (1 feb)
https://www.gp.se/nyheter/sverige/danmark-h%C3%B6jer-cyberhot-%C3%A4ven-sverige-utsatt-1.91193468

https://www.dr.dk/nyheder/seneste/center-cybersikkerhed-haever-trusselsniveauet

Turkiska hackergruppens nya hot: Då släpper vi känslig data om svenskar (1 feb)
https://www.svt.se/nyheter/utrikes/efter-koran-branningen-och-nato-turkiska-hackergruppens-nya-hot-da-slapper-vi-kanslig-data-om-svenskar

Skyview Networks Suffers Security Incident (1 feb)
https://radioink.com/2023/02/01/skyview-networks-suffers-security-incident/

‘Global markets’ impacted by ransomware attack on financial software company (1 feb)
https://therecord.media/global-markets-impacted-by-ransomware-attack-on-financial-software-company/

Attackers abuse Microsoft’s ‘verified publisher’ status to steal data (1 feb)
https://www.theregister.com/2023/02/01/microsoft_oauth_attack_proofpoint/

Ransomware Leads to Nantucket Public Schools Shutdown (1 feb)
https://www.securityweek.com/ransomware-leads-to-nantucket-public-schools-shutdown/

Cybersecurity organizations fight back against rise of emotet and omnatuor malvertising (1 feb)
https://venturebeat.com/security/cybersecurity-sees-rise-of-emotet-and-the-omnatuor-malvertising/

DDoS attacks against financial firms and banks sees huge rise (1 feb)
https://www.techradar.com/news/ddos-attacks-against-financial-firms-and-banks-sees-huge-rise

Singapore, EU digital pact to cover ‘all areas’ of bilateral cooperation (1 feb)
https://www.zdnet.com/article/singapore-eu-digital-pact-to-cover-all-areas-of-bilateral-cooperation/

Maryland Hospital Suffers Ransomware Attack (1 feb)
https://healthitsecurity.com/news/maryland-hospital-suffers-ransomware-attack

LockBit ransomware goes ‘Green,’ uses new Conti-based encryptor (1 feb)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/

Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms (2 feb)
https://www.darkreading.com/ics-ot/lazarus-group-rises-again-gather-intelligence-energy-healthcare-firms

Super Bock says ‘cyber’ nasty ‘disrupting computer services’ (2 feb)
https://www.theregister.com/2023/02/02/super_bock_cyberattack/

City of London on High Alert After Ransomware Attack (2 feb)
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

New GOOTLOADER Malware Uses Fileless Technique to Deploy Ransomware (2 feb)
https://cybersecuritynews.com/fileless-technique-to-deploy-ransomware/

Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware (2 feb)
https://securityboulevard.com/2023/02/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (2 feb)
https://www.csoonline.com/article/3686580/apt-groups-use-ransomware-ttps-as-cover-for-intelligence-gathering-and-sabotage.html

Last year was the worst on record for crypto hacks, as North Korean groups cash in (2 feb)
https://therecord.media/last-year-was-the-worst-on-record-for-crypto-hacks-as-north-korean-groups-cash-in/

Ransomware gang attempts to extort UK school by posting files about at-risk children (2 feb)
https://therecord.media/vice-society-ransomware-guildford-school-student-data-extortion/

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (3 feb)
https://thehackernews.com/2023/02/cisa-alert-oracle-e-business-suite-and.html

IT Leaders Reveal Cyber Fears Around ChatGPT (3 feb)
https://www.infosecurity-magazine.com/news/it-leaders-fears-chatgpt/

Switzerland’s largest university confirms ‘serious cyberattack’ (3 feb)
https://therecord.media/switzerlands-largest-university-confirms-serious-cyberattack/

Informationssäkerhet och blandat

DIGG (Myndigheten för digital förvaltning): En e-legitimation för alla är en uppgift för staten (30 jan)
https://digg.se/om-oss/nyheter/nyheter/2023-01-30-debatt-en-e-legitimation-for-alla-ar-en-uppgift-for-staten

AT&T: Stories from the SOC - RapperBot, Mirai Botnet - C2, CDIR Drop over SSH (31 jan)
https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-rapperbot-mirai-botnet-c2-cdir-drop-over-ssh

CERT-EU: Cyber Security Brief January 2023 (1 feb)
https://cert.europa.eu/static/MEMO/2023/TLP-CLEAR-CB-23-02.pdf

SANS: Detecting (Malicious) OneNote files (1 feb)
https://isc.sans.edu/diary/rss/29494

Check Point: TrickGate, a packer used by malware to evade detection since 2016 (1 feb)
https://securityaffairs.com/141650/malware/trickgate-packer.html

Microsoft: Cyber attacks work because CISOs don’t do basic security (1 feb)
https://www.itworldcanada.com/article/cyber-attacks-work-because-cisos-dont-do-basic-security-microsoft/524809

AFCEA: Europe To Tackle Cyber in New Law (1 feb)
https://www.afcea.org/signal-media/cyber-edge/europe-tackle-cyber-new-law

MSB: 5G-nät viktigt för Sveriges totalförsvar (2 feb)
https://www.msb.se/sv/aktuellt/nyheter/2023/februari/5g-nat-viktigt-for-sveriges-totalforsvar/

Trend Micro: What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits (2 feb)
https://www.trendmicro.com/en_us/research/23/b/what-socs-need-to-know-about-water-dybbuk.html

Microsoft: Unpatched and exposed: the unique security risk of IoT/OT devices
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5e93n

CERT-SE i veckan

CERT-SE uppmanar till uppmärksamhet mot DDoS

Flera fall av nätfiske med liknande angreppssätt