Cybersecurity News & Trends

This week, ransomware attacks on U.S. governments, the energy sector, sports teams and smartwatch maker Garmin made headlines — and with cryptocurrency on the rise, more may be in store.


SonicWall Spotlight

Malware is Down, But IoT and Ransomware Attacks Are Up — TechRepublic

  • Malicious attacks disguised as Microsoft Office files increased 176%, according to SonicWall’s midyear threat report.

Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers — ThreatPost

  • COVID-19 has changed the face of cybercrime, as the latest malware statistics show.

Inactive wear! Smartwatch maker Garmin suffers widespread outages after ‘ransomware attack’ – leaving thousands unable to track their workouts — Daily Mail

  • According to Bill Conner, the combination of remote internet connections and less secure personal computers has increased organizations’ risk of being compromised.

Smartwatch maker Garmin suffers outage after ransomware attack — The Telegraph

  • SonicWall found that there had been a 20% increase in the number of ransomware attacks in the first half of the year, to more than 120 million.

HoJin Kim Named as part of CRN‘s Top 100 Executives Of 2020 list, we highlight 25 sales executives leading the channel charge — CRN Award

  • Kim has revolutionized pricing for MSSPs, with a pay-as-you-go model for SonicWall’s software products that delivers a cost savings of 20% over buying an annual license.

Cybersecurity News

FBI warns of Netwalker ransomware targeting US government and orgs — Bleeping Computer

  • The FBI has issued a security alert about Netwalker ransomware operators, advising victims not to pay the ransom and to report incidents to their local FBI field offices.

Russia’s GRU Hackers Hit US Government and Energy Targets — Wired

  • A previously unreported Fancy Bear campaign persisted for well over a year — suggesting the notorious group behind the attacks has broadened its focus.

UK govt warns of ransomware, BEC attacks against sports sector — Bleeping Computer

  • The UK National Cyber Security Centre has highlighted the increasing number of ransomware, phishing and BEC schemes targeting sports organizations.

Bitcoin rises above $10,000 for first time since early June — Reuters

  • After several weeks of trading in narrow ranges, Bitcoin has breached $10,000 for the first time since early June.

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux — Bleeping Computer

  • Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP.

CISO concern grows as ransomware plague hits close to home — ZDNet

  • An increasing wave of cybercrime targeting Fortune 500 companies is starting to ring alarm bells.

BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows — Bleeping Computer

  • When properly exploited, a severe vulnerability in almost all signed versions of GRUB2 bootloader could enable compromise of an operating system’s booting process even if the Secure Boot verification mechanism is active.

OkCupid: Hackers want your data, not a relationship — ZDNet

  • Researchers have discovered a way to steal the personal and sensitive data of users on the popular dating app.

US defense contractors targeted by North Korean phishing attacks — Bleeping Computer

  • Employees of U.S. defense and aerospace contractors were targeted in a large-scale spearphishing campaign designed to infect their devices and to exfiltrate defense tech intelligence.

In Case You Missed It

SonicWall SMA Added to the Department of Defense Approved Products List

Building on our history of partnering with the federal government on cybersecurity initiatives, SonicWall is pleased to announce that the SonicWall Secure Mobile Access (SMA) Series 6210 and 7210 have been added to the U.S. Department of Defense Information Network (DoDIN) Approved Products List (APL) — previously known as UC APL — as  “Virtual Private Network Concentrators (VPN).” The DoDIN APL is made up of products that have completed federal Cybersecurity and Interoperability Certification — an involved, 37-step testing process for products that affect communication and collaboration across the DoDIN. The list is used as an acquisition support tool for DoD organizations interested in purchasing equipment to support their mission.

DoDIN operations underpin nearly every aspect of military operations, and the Department of Defense relies on a protected DoDIN to coordinate sustainment of forces. The DoDIN is made up of all of DoD cyberspace, including both classified and unclassified networks, DoD-owned smartphones, RFID tags, industrial control systems, and the hardware and software that involves the mission performance of systems, including weapon systems. Nearly every military and civilian employee of DoD uses the DoDIN to accomplish some portion of their mission or duties, making its protection crucial to national security.

As a result of the ongoing COVID-19 pandemic, organizations are increasingly looking for ways to secure remote and mobile work, and the federal government is no exception. SonicWall SMA Series, a unified secure access gateway, enables anytime, anywhere and any device access to any application. The SMA Series’ granular access control policy engine, context-aware device authorization, application-level VPN and advanced authentication with single sign-on enable organizations to embrace BYOD and mobility in a hybrid IT environment.

SonicWall SMA Series is not the first SonicWall product to be part of the DoDIN APL. SonicWall NSA and SuperMassive 9000 series were added in November 2015, and in July 2016 they were joined by the SonicWall TZ Series firewall appliances. Both products were approved under the categories “Data Firewall” and “Intrusion Protection Systems and Intrusion Detection Systems.

SonicWall is proud of its tradition of protecting United States federal cybersecurity, and with the addition of the SMA Series to the DoDIN APL, SonicWall looks forward to carrying on this legacy in an expanded capacity.

To learn more about how SonicWall’s federal government-certified cybersecurity solutions, click here.

Cybersecurity News & Trends

This week, SonicWall reveals what the “new business normal” looks like for cybercriminals in the mid-year update to the 2020 Cyber Threat Report.


SonicWall Spotlight

SonicWall Report: COVID-19 Has Created ‘Boon’ For Criminals — ZDNet

  • In an article on SonicWall’s Mid-Year Threat Report, ZDNet highlights findings that hackers have shifted their strategies due to COVID-19.

The 2020 Rising Female Stars Of The IT Channel — CRN

  • SonicWall is proud to announce one of its own, Tiffany Haselhorst, has joined other leaders within the IT channel community on CRN’s esteemed 2020 list of 100 Rising Female Stars.

Cyberthreat landscape changes to meet new business normal of Work From Home: SonicWall — Channelbuzz.ca

  • In an article on SonicWall’s Mid-Year Threat Report, Channelbuzz highlights how cybercriminals have evolved their tactics to better exploit remote work environments during the pandemic.

Malware Attacks Down As Ransomware Increases — BetaNews

  • In an article on SonicWall’s Mid-Year Threat Report, BetaNews highlights findings that malware has dropped 24% and ransomware has increased 20% globally and 109% in the U.S.

Cybersecurity News

Using Robust Tools, Cybercriminals Accelerate Their Own Digital Transformation — SiliconANGLE

  • In the online underground, crime not only pays, but attackers are rapidly developing tools and networks that rival those of legitimate enterprises today.

Blackbaud Hack: Universities lose data to ransomware attack — BBC

  • At least seven universities in the UK and Canada have had student data stolen after hackers attacked a cloud computing provider.

Ongoing Meow attack has nuked >1,000 databases without telling anyone why — Ars Technica

  • Just hours after a world-readable database exposed a wealth of sensitive user information, UFO made the news again, this time because a database that stored user details was destroyed in an attack.

Apple’s Hackable iPhones Are Finally Here — Wired

  • Last year, Apple announced a special device just for hackers. The phone — for approved researchers only — will soon go into circulation.

New cryptojacking botnet uses SMB exploit to spread to Windows systems — Bleeping Computer

  • A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol.

Ransomware attack locked a football club’s turnstiles — ZDNet

  • Cyber criminals are targeting sports teams, leagues and organizational bodies — and in many cases, their attacks are successful, warns the NCSC.

Lazarus hackers deploy ransomware, steal data using MATA malware — Bleeping Computer

  • A recently discovered malware framework, known as MATA and linked to the North Korean-backed Lazarus hacking group, was used in attacks targeting corporate entities from multiple countries.

House-passed defense spending bill includes provision establishing White House cyber czar — The Hill

  • The House version of the annual National Defense Authorization Act included a provision establishing a national cyber director, a role that would help coordinate federal cybersecurity efforts.

Hackers use recycled backdoor to keep a hold on hacked e-commerce server — Ars Technica

  • Easy-to-miss script can give attackers new access should they ever be booted out.

Twitter Hack Revives Concerns Over Its Data Security — The Wall Street Journal

  • The alleged perpetrator, who called himself ‘Kirk,’ was part of a subculture where hackers trade in coveted social-media accounts.

In Case You Missed It

New Cyber Threat Intelligence Finds Malicious Office Files Spiking, Ransomware Up during COVID-19 Pandemic

Explore the Mid-Year Update to the 2020 SonicWall Cyber Threat Report

With the arrival of the COVID-19 pandemic in the first half of 2020, cybersecurity entered uncharted territory. As organizations worked to connect and secure millions of new remote workers, opportunistic attackers began seizing on the distraction, confusion and lack of preparedness surrounding the pandemic.

We may know how we plan to respond to the “new business normal,” but how are cybercriminals responding? To find out, SonicWall Capture Labs threat researchers have been investigating, analyzing and exploring new threat trends, tactics, strategies and attacks.

“This latest cyber threat data shows that cybercriminals continue to morph their tactics to sway the odds in their favor during uncertain times,” said SonicWall President and CEO Bill Conner. “With everyone more remote and mobile than ever before, businesses are highly exposed and the cybercriminal industry is very aware of that.”

To shed some light on what cybercrime’s new business normal looks like, SonicWall Capture Labs threat researchers are sharing exclusive threat intelligence in the mid-year update to the 2020 SonicWall Cyber Threat Report.

Download the exclusive mid-year report to explore the stories, behaviors and trends that are helping shape our new IT reality from the ground up.

COVID-19 the perfect backdrop for chaos.

SonicWall Capture Labs threat researchers found no shortage of cybercriminals leveraging the fear and uncertainty around the COVID-19 pandemic to get the upper hand. COVID-19 sparked malware across all continents in March, pushing the chance an organization would see a malware attack above 35%. SonicWall began seeing attacks, scams and exploits specifically based around COVID-19 on Feb. 4, and since then have detailed at least 20 different types of attacks across just about every category.

Malware volume dips again.

In 2019, fresh off the previous year’s all-time record high of 10.52 billion attacks, malware dropped 20%, to 4.8 billion malware attacks. Fortunately, during the first six months of 2020, that trend accelerated. SonicWall recorded 3.2 billion malware attacks in the first half of 2020, a 33% drop compared to the same time period last year.

Ransomware continues to climb.

As malware falls, ransomware appears to be taking up the slack. By comparing the first halves of 2019 and 2020 ransomware data, we see that not only is ransomware rising, it’s also rising faster.

Attacks against non-standard ports reach new highs.

For the first half of 2020, both Q1 and Q2 set records for number of attacks going through non-standard ports. In February, non-standard port attacks reached a record of 26% before climbing to an unprecedented 30% in May. The updated report explains why this is a critical issue for organizations.

Office files leveraged for malicious agenda.

In the first half of 2020, Office files and PDFs made up a third of all new malicious files identified by SonicWall Capture Advanced Threat Protection (ATP). What’s more concerning? Malicious Office files are up a staggering 176% this year.

Cryptojacking is alive and well.

After Coinhive closed in March 2019 and attacks plummeted in the second half of the year, the death of cryptojacking seemed imminent. But readily available alternatives and an increase in the value of cryptocurrencies have pushed cryptojacking in North America far above the levels recorded in the second half of 2019.

IoT attacks spike.

With a massive increase in the number of people working from home, criminals now have a potential back door to corporate networks through employees’ (often poorly secured) home IoT devices. Combined with an increase in the number of IoT devices in use and other factors, this has led to a huge increase in the number of IoT attacks.

SonicWall’s Tiffany Haselhorst Joins 2020 CRN 100 Rising Female Stars List

SonicWall is proud to announce one of its own, Tiffany Haselhorst, joins an esteemed list along with other leaders within the IT channel community. Today, CRN, a brand of The Channel Company, named her to its 2020 list of 100 Rising Female Stars.

“CRN’s 2020 100 Rising Female Stars list honors leaders who are poised to impact the industry for many years. They are accelerating the growth of their companies through excellent direction and innovation in their field,” said Blaine Raddon, CEO of The Channel Company. “The accomplishments of these women are reshaping the IT channel, and we are proud to honor their achievements.”

The 100 Rising Female Stars list is making its debut this year with channel leadership candidates selected by the CRN editorial team. The final honorees are chosen based on their demonstrated leadership, expertise, innovation and ongoing dedication to the IT channel.

This talented group of women contribute to the development and strategies of their organization’s channel partner programs and exude excellence in areas such as partner engagement, program management and marketing.

“Threat intelligence solutions have never been more vital for an organization’s online safety. I look forward to my continued work with partners to ensure they have the answers to the problems their customers seek to fix,” said Tiffany Haselhorst, Senior Sales Manager at SonicWall. “I’m honored to be recognized amongst so many of these women who I know work as equally hard to provide partners with the support, education and tools they need to exceed their goals and achieve success.”

SonicWall is home to the award-winning SecureFirst Partner program designed to help partners build a highly profitable security practice and offers a range of partnership tiers with varied requirements and associated benefits. It includes SonicWall University, a convenient online learning platform designed to help SecureFirst Partner sales representatives, sales engineers and support engineers stay at the forefront of today’s cyber threats and critical cybersecurity solutions.

The 2020 list of 100 Rising Female Stars will be featured in a special July issue of CRN Magazine and online at www.CRN.com/risingstars.

Cybersecurity News & Trends

This week, between breaches at Twitter, compromise at Citrix and cyberattacks against COVID-19 vaccine manufacturers, the case for a U.S. national cyber director got even stronger.


SonicWall Spotlight

Russian Cyber Espionage Group is Trying to Steal U.S. COVID-19 Vaccine Research — Newsweek International

  • SonicWall CEO and GCHQ advisor Bill Conner said, “Russia happens to be the first country placed in the spotlight, but it was only a matter of time before a nation state resorted to cybercrime to influence or control global healthcare during a time of great need. … [Cyber] criminals tend to follow the money trail, thus putting a massive bounty on anything vaccine-related.”

Cybersecurity News

Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption — Security Week

  • Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems.

Malware adds online sandbox detection to evade analysis — Bleeping Computer

  • Malware developers are now using Any.Run malware analysis service in an attempt to prevent their malware from being easily analyzed by researchers.

This botnet has surged back into action spreading a new ransomware campaign via phishing emails — ZDNet

  • There’s been a big jump in Phorpiex botnet activity – but it’s a trojan malware attack that was the most common malware campaign in June.

New AgeLocker Ransomware uses Googler’s utility to encrypt files — Bleeping Computer

  • A new and targeted ransomware named AgeLocker utilizes the ‘Age’ encryption tool created by a Google employee to encrypt victims’ files.

The case for a National Cyber Director — Cyberscoop

  • Although the effects of COVID-19 will last for years, it’s already clear that shifting more activity online has increased our society’s digital dependence even faster than expected.

‘DdoS-For-Hire’ Is Fueling a New Wave of Attacks — Wired

  • Turf wars are heating up over routers that fuel distributed DDoS attacks.

New Mirai Variant Surfaces with Exploits for 9 Vulnerabilities Products — Dark Reading

  • Impacted products include routers, IP cameras, DVRs, and smart TVs.

TrickBot malware mistakenly warns victims that they are infected — Bleeping Computer

  • The notorious TrickBot malware accidentally included a test module that’s warning victims that they are infected and should contact their administrator.

Russian Hackers Blamed for Attacks on Vaccine-Related Targets — The Wall Street Journal

  • U.S. and U.K. government officials said a prominent state-backed Russian hacking group is responsible for ongoing cyberattacks against organizations involved in the development of coronavirus vaccines and other healthcare-related work.

A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam — The New York Times

  • In a major show of force, hackers breached some of the site’s most prominent accounts, a Who’s Who of Americans in politics, entertainment and tech.

Citrix: No breach, hacker stole business info from third party — Bleeping Computer

  • Citrix has published an official statement to deny claims that the company’s network was breached by a malicious actor who says that he was also able to steal customer information.

In Case You Missed It

Cybersecurity News & Trends

This week, phishing dominated the headlines, as threat actors targeted Office 365 users and senior executives.


SonicWall Spotlight

Contact tracing apps: “It’s better to do it right than quick” — Verdict

  • This podcast on contact tracing technology includes commentary from Bill Conner, who discusses different types of security policies and why security and privacy are of paramount importance.

‘Our direct-touch approach is disrupting the market’ – SonicWall’s new Ireland boss on becoming more than just a firewall vendor — Channel Partner Insight (UK)

  • Ireland Country Manager Tristan Bateup said SonicWall’s channel team in Ireland has been restructured to bring more roles into the country. “We’ve now got people in place in country from a sales and marketing, sales and engineering and obviously a country lead perspective.”

Cybersecurity News

Over 5 Billion Unique Credentials Offered on Cybercrime Marketplaces — Security Week

  • More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials.

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms — The Register

  • New report puts a microscope on Evilnum, including its tools, techniques and potential ties to other cyberattackers.

Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption — ZDNet

  • The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data for encryption.

Persuasive Office 365 phishing uses fake Zoom suspension alerts — Bleeping Computer

  • A new phishing campaign targets Microsoft Office 365 corporate users with notices that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.

Citrix tells everyone not to worry too much over its latest security patches. NSA’s former top hacker disagrees — The Register

  • Rob Joyce, former head of the NSA’s Tailored Access Operations elite hacking team, warns it’s time for admins to get busy to ensure protection from several exploitable issues, including unauthenticated access and RCE.

Vast Phishing Campaign Hits Microsoft Users in 62 Countries — Bloomberg

  • Microsoft Corp. customers were targeted in a massive phishing campaign that has sought to defraud users in 62 countries since December, with recent emails attempting to exploit the pandemic.

North Korean hackers linked to web skimming (Magecart) attacks, report says — ZDNet

  • After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.

Cerberus Banking Trojan Unleashed on Google Play — Threat Post

  • The Cerberus malware can steal banking credentials, bypass security measures and access text messages.

Looks Like Russian Hackers Are on an Email Scam Spree — Wired

  • A group dubbed “Cosmic Lynx” uses surprisingly sophisticated methods — and targets big game.

Hackers are trying to steal admin passwords from F5 BIG-IP devices — ZDNet

  • Threat actors have already started exploiting the F5 BIG-IP mega-bug, attempting to steal administrator passwords from the hacked devices

New Mac ransomware is even more sinister than it appears – Ars Technica

  • ThiefQuest or EvilQuest can grab passwords and credit card numbers.

In Case You Missed It

Cybersecurity News & Trends

This week, the U.S. government brought up cybersecurity legislation, while the U.S. judicial system handed down cybercriminal incarceration.


SonicWall Spotlight

Hackers used ransomware to take over parts of UC San Francisco’s network and extorted $1.14million in exchange for returning access to their files — Daily Mail

  • UC San Francisco hasn’t said what files were affected nor how the ransomware entered the system, but the FBI has opened an investigation into the incident.

Sonicwall Lands In Ireland, Expands Channel Partner Strategy — SonicWall Press Release

  • SonicWall today announced that it has appointed Tristan Bateup as country manager for Ireland.

UCSF pays $1 million ransom to recover medical school data from hackers — The Mercury News

  • The UCSF School of Medicine was the third targeted by cyberattacks in the past two months, but a spokesperson said the attack did not affect patient care or ongoing COVID-19 research.

Cybersecurity News

Russian Criminal Group Finds New Target: Americans Working at Home — The New York Times

  • A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise — Cyberscoop

  • This year, U.S. Cyber Command convened with allied countries for what appeared to be a straightforward simulation of an attack against a European airbase — but then a global pandemic changed all the rules.

Russian cybercriminal gets 9 years for online fraud website — The Washington Times

  • A Russian computer hacker who facilitated $20 million in credit card fraud and ran a sophisticated clearinghouse for international cybercriminals was sentenced Friday to nine years in prison.

Lawmakers introduce legislation to establish national cybersecurity director — The Hill

  • A bipartisan group of lawmakers has introduced legislation in the House that would establish a national cybersecurity director to lead government efforts on cybersecurity.

DDoS botnet coder gets 13 months in prison — ZDNet

  • Kenneth Schuchman, known as Nexus Zeta, created multiple DDoS botnets, including Satori, Okiru, Masuta, and Fbot/Tsunami.

An embattled group of leakers picks up the WikiLeaks mantle — Ars Technica

  • DDoSecrets was banned from Twitter after releasing what they claim is the largest-ever cache of hacked U.S. police data, a leak some say positions the group as the heir apparent of WikiLeaks’ early, idealistic mission.

Senators move to boost state and local cybersecurity as part of annual defense bill — The Hill

  • A group of Senate Democrats on Monday introduced as part of the annual National Defense Authorization Act (NDAA) a measure that would strengthen cybersecurity protections for states vulnerable to malicious cyberattacks.

U.S. FCC issues final orders declaring Huawei, ZTE national security threats — Reuters

  • The FCC has formally designated China’s Huawei Technologies Co and ZTE Corp as posing threats to national security, barring U.S. firms from tapping an $8.3 billion government fund to purchase equipment from the companies.

Schools Already Struggled With Cybersecurity. Then Came Covid-19 — Wired

  • A lack of dedicated funding and resources made it hard to keep data secure — and that was before classes moved almost entirely online.

Things that happen every four years: Olympic Games, presidential elections, and now new Mac ransomware — The Register

  • Known as EvilQuest, the brand-new strain of Mac ransomware was spotted spreading via Russian piracy and torrent sites.

DDoS Attacks Jump 542% from Q4 2019 to Q1 2020 — Dark Reading

  • The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.

Tax software used by Chinese bank clients installs GoldenSpy backdoor — SC Magazine

  • A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers system-level privileges, researchers warn.

In Case You Missed It