CERT-SE:s veckobrev v.11

VECKOBREV

I veckan har MSB:s årsrapport för föregående års it-incidentrapportering släppts. Till skillnad från tidigare år, där majoriteten av de rapporterade it-incidenterna har berott på systemfel och misstag, vår cyberangrepp den vanligaste orsaken 2023. Ökningen av cyberangrepp kopplas till att fler överbelastningsangrepp rapporterades under första halvan av året. I veckan har det även varit patchtisdag, så se till att era system är uppdaterade. Veckobrevet bjuder dessutom på en hel del spännande fördjupande artiklar, så som Brittish Librarys utvärdering av sin tidigare incident.

Nyheter i veckan

Attack wrangles thousands of web users into a password-cracking botnet (7 mar)https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet/

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard (8 mar)https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

CISA forced to take two systems offline last month after Ivanti compromise (8 mar)https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise

Incognito Darknet Market Mass-Extorts Buyers, Sellers (11 mar)https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/

Belgian village whose brewery was hit by cyberattack faces another on its coffee roastery (11 mar)https://therecord.media/koffie-beyers-cyberattack-coffee-roaster-duvel-belgium

Franska myndigheter utsatta för it-attack (11 mar)https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1226344

New network code on cybersecurity for EU electricity sector (11 mar)https://energy.ec.europa.eu/news/new-network-code-cybersecurity-eu-electricity-sector-2024-03-11_en

Over 12 million auth secrets and keys leaked on GitHub in 2023 (12 mar)https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/

Sophiahemmet betalar inte lösensumma till hackarna (12 mar)https://www.mitti.se/nyheter/sophiahemmet-betalar-inte-losensumma-till-hackarna-6.3.209636.d86253e919

Fastighetsbolaget Örebroporten utsatt för dataintrång (12 mar)https://www.svt.se/nyheter/lokalt/orebro/fastighetsbolaget-orebroporten-utsatt-for-dataintrang

Cyberattack on U.S. health care system could be biggest in sector’s history (12 mar)https://www.youtube.com/watch?v=g1daKX_eke8

Förbättringar i välfärdens informationssäkerhetsarbete (12 mar)https://skr.se/skr/tjanster/pressrum/nyheter/nyhetsarkiv/forbattringarivalfardensinformationssakerhetsarbete.79730.html

Så förbereder du dig mot cyberattacker (12 mar)https://www.svt.se/nyheter/inrikes/sa-forbereder-du-dig-for-cyberattacker

Expert varnar för AI inför EU-valet: Har inte rätt verktyg (13 mar)https://sverigesradio.se/artikel/expert-varnar-for-ai-infor-eu-valet-har-inte-ratt-verktyg

Stanford University Hacked – Attackers Breached The Internal Network (13 mar)https://cybersecuritynews.com/stanford-university-hacked/

Tidigare Must-chef ska utreda cyberattack (13 mar)https://tt.omni.se/tidigare-must-chef-ska-utreda-cyberattack/a/Q7nljR

Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub (13 mar)https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html

Antalet cyberangrepp ökade kraftigt 2023 (14 mar)https://www.svt.se/nyheter/inrikes/antalet-cyberangrepp-okade-kraftigt-2023.. Antalet cyberangrepp ökade kraftigt under 2023 (14 mar)https://www.msb.se/sv/aktuellt/nyheter/2024/mars/antalet-cyberangrepp-okade-kraftigt-under-2023/

Nissan Hack: 10K+ Users Data Stolen by Hackers (14 mar)https://cybersecuritynews.com/nissan-hack-10k-users-data-stolen-by-hackers/

Stort kabelhaveri stör internet i Afrika (15 mar)https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1227609

McDonald’s bekräftar it-haveri – stora problem (15 mar)https://www.svt.se/nyheter/inrikes/problem-pa-mcdonalds-restauranger-stangda

Millions of users may have had data leaked in new French government agency security breach (15 mar)https://www.techradar.com/pro/security/millions-of-users-may-have-had-data-leaked-in-new-french-government-agency-security-breach

Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (15 mar)https://therecord.media/scottish-nhs-cyberattack-healthcare-dumfries-galloway

Recent Ivanti Vulnerabilities: 4 Lessons Security Leaders Can Learn (15 mar)https://www.informationweek.com/cyber-resilience/recent-ivanti-vulnerabilities-4-lessons-security-leaders-can-learn

Informationssäkerhet och blandat

TA577’s Unusual Attack Chain Leads to NTLM Data Theft (4 mar)https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft

LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review (8 mar)https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf

February 2024’s Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign (11 mar)https://blog.checkpoint.com/research/february-2024s-most-wanted-malware-wordpress-websites-targeted-by-fresh-fakeupdates-campaign/

FakeBat delivered via several active malvertising campaigns (12 mar)https://www.malwarebytes.com/blog/threat-intelligence/2024/03/fakebat-delivered-via-several-active-malvertising-campaigns

The 2024 Sophos Threat Report: Cybercrime on Main Street (12 mar)https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report/

Threat actors leverage document publishing sites for ongoing credential and session token theft (13 mar)https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data (13 mar)https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

SVG Files Abused in Emerging Campaigns (13 mar)https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/

A patched Windows attack surface is still exploitable (14 mar)https://securelist.com/windows-vulnerabilities/112232/

New email standards: what you need to knowhttps://www.techradar.com/pro/new-email-standards-what-you-need-to-know

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för mars 2024 (14 mar)https://www.cert.se/2024/03/microsofts-manatliga-sakerhetsuppdateringar-for-mars-2024.html

Adobes månatliga säkerhetsuppdateringar för mars 2024 (14 mar)https://www.cert.se/2024/03/adobes-manatliga-sakerhetsuppdateringar-for-mars-2024.html

SAP:s månatliga säkerhetsuppdateringar för mars 2024 (14 mar)https://www.cert.se/2024/03/saps-manatliga-sakerhetsuppdateringar-for-mars-2024.html

Kritiska sårbarheter i FortiOS, FortiProxy och FortiClientEMS (Uppdaterad 15 mar)https://www.cert.se/2024/03/kritiska-sarbarheter-i-fortios-och-fortiproxy.html

Kritisk sårbarhet i Arcserve UDP (15 mar)https://www.cert.se/2024/03/Kritisk-sarbarhet-i-Arcserve-UDP.html

Kritisk sårbarhet i Juniper Secure Analytics (15 mar)https://www.cert.se/2024/03/Kritisk-sarbarhet-i-juniper-secure-analytics.html