Cyber Security News & Trends

This week, spyware is found in the Android store, maritime cybersecurity protections are considered, and your gas pump could be the next target for a hacker.

SonicWall Spotlight

The CyberWire Daily Podcast – The CyberWire

• SonicWall CEO Bill Conner speaks with The CyberWire for their story on the dangers of side-channel malware attacks. He details how previous big side-channel attacks like Spectre and Meltdown worked and explains that it’s only a matter of time before someone else manages to find a way of exploiting similar chipset vulnerabilities in the wild.

Rich, Smart and Sensibly Grown-Up? You’re the Hackers’ Dream – The Telegraph (UK)

• The Telegraph builds a profile of the standard person who gets hacked and takes a look at the “hacker’s menu” – an itemized list detailing the cost of hacking personal information. To make their case they refer to the SonicWall 2019 Cyber Threat Report Mid-Year Update for information on ransomware.

RB Music Uses Spyware to Steal Sensitive Information From the Infected Device – VARINDIA

• Following up on the SonicWall Alert detailing spyware in the RB Music player on the Android Store, VARINDIA talks to SonicWall’s Debasish Mukherjee. Mukherjee explains that it is common for malware code to be reused by different developers over time and even when an app appears to be legitimate it may contain dangerous code waiting to be activated.

Cybersecurity News

FBI Cyber Warning: Attacks on Key Employees up 100%, as 281 Are Arrested – Forbes

• The FBI has warned that Business Email Compromise attacks have doubled between June 2018 and July 2019, even as a worldwide crackdown on the practice led to 281 arrests worldwide. Learn how you can protect yourself from Business Email Compromise with SonicWall’s Email Security Appliances.

Cyber-Security Incident at US Power Grid Entity Linked to Unpatched Firewalls – ZDNet

• A recently released report has detailed how the “cyber-incident” reported on the US Power Grid in June of this year turned out to be a cyberattack that was able to take place because of unpatched firewalls.

Exploit for Wormable BlueKeep Windows Bug Released Into the Wild – Ars Technica

• A rough but workable exploit for the Bluekeep vulnerability has been coded and released into the wild. While it is highly unlikely that the exploit will be successful in infecting any users in its current form it serves as a proof-of-concept and could be the first step towards bigger problems in the future.

Swedish GDPR Fine Highlights Legal Challenges in Use of Biometrics – Security Week

• A school in Sweden has been fined for using biometrics on its students, even though the school had obtained consent from both the students and their parents. A court ruling decided that due to the imbalance of power between students and the school, freely-given consent could not be possible. The case highlights the possibility of future problems in wider biometric implementation if, for example, it is argued that employees cannot consent to employers using biometrics in the workplace for similar reasons.

The State of Maritime Cybersecurity – WorkBoat

• Maritime magazine WorkBoat interviews the creators of a recent survey on the current state of maritime cybersecurity. They discuss why the survey was created, why many companies are not prepared in the current threat landscape and what needs to be done to prevent another problem like the 2017 ransomware attack on global shipper Maersk.

Think Your iPhone Is Safe From Hackers? That’s What They Want You to Think… – The Guardian

• The Guardian investigates the world of zero-day exploits that are sold on dark web marketplaces and warn that despite Apple’s iOS having a reputation of being close to unhackable, there are, in fact, vulnerabilities in it that have been exploited for years.

And Finally:

IoT Security: Now Dark Web Hackers Are Targeting Internet-Connected Gas Pumps – ZDNet

• As hackers turn their sights on Internet of Things devices, and the number of these devices worldwide grow, hackers online have been turning their sights on web-connected Gas Pumps. It’s early days yet but researchers hypothesize that the reasons for this could range from obtaining cheap fuel to something much more explosive…

In Case You Missed It

• Ransomware Infects 23 Texas Government Agencies – Geoff Blaine
• Podcast: Cloud Application Security Is Your Gateway to Cloud Confidence – Geoff Blaine
• Webinar: Prep Your Business to Face 2019’s Most Advanced Cyber Threats – Geoff Blaine
• Ransomware-as-a-Service, Open-Source Malware Fueling Attack Spikes in 2019 – Geoff Blaine
• Cryptojacking in 2019: Cryptocurrency Value Keeping Attack Vector in Play – Geoff Blaine

SonicWall Staff