Cybersecurity News & Trends

This week, the U.S. cyber czar gets new powers, a video game giant gets breached, and Robinhood gets sued.

SonicWall in the News

Defending Against SolarWinds Attacks: What Can Be Done? — TechTarget: SearchSecurity

  • Dmitriy’s zero-trust commentary was included in this article on how zero-trust and behavioral monitoring can be useful against nation-state attacks like the SolarWinds attack.

Cybersecurity Sales: Do You Have What It Takes to Succeed — Help Net Security

  • An interview with Terry Geer-King on his career growth was shared on Help Net Security.

Industry News

CISA Warns Organizations About Attacks on Cloud Services — Security Week

  • In light of successful cyberattacks targeting organizations’ cloud services, the U.S. Cybersecurity and Infrastructure Security Agency has published a series of recommendations on how businesses can improve their cloud security.

Scam-as-a-Service operation made more than $6.5 million in 2020 — ZDNet

  • The “Classiscam” operation is made up of around 40 groups operating in the U.S. and across several European countries.

Iranian cyberspies behind major Christmas SMS spear-phishing campaign — ZDNet

  • Iranian hackers managed to successfully hide URLs to phishing sites behind legitimate links.

Hackers’ Attack on Email Security Company Raises New Red Flags — The New York Times

  • A breach at email security provider Mimecast underscores that Russia-linked hackers appear to have targeted victims along multiple avenues of attack.

Data Breach at ‘Resident Evil’ Gaming Company Widens — Threat Post

  • Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

Hacker sells Aurora Cannabis files stolen in Christmas cyberattack — Bleeping Computer

  • A hacker is selling data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas.

State Department sets up new bureau for cybersecurity and emerging technologies — The Hill

  • The new Bureau of Cyberspace Security and Emerging Technologies (CSET) will help lead diplomatic efforts in cyberspace, including working to prevent cyber conflicts with potentially adversarial nations.

Ryuk gang estimated to have made more than $150 million from ransomware attacks — ZDNet

  • Most of the Ryuk gang’s “earnings” are being cashed out through accounts at crypto-exchanges Binance and Huobi.

Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security

  • The ongoing SolarWinds breach may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo.

Cyber czar to draw on new powers from defense bill — The Hill

  • New authorities from the recently enacted defense bill are expected to help the U.S. government in its response to the SolarWinds hack believed to be perpetrated by Russia.

Robinhood Hacking Victim Sues Trading Platform Over Security — Bloomberg

  • Siddharth Mehta said in a complaint provided by his lawyer that his account was looted of “tens of thousands of dollars” in July.

In Case You Missed It

SonicWall CEO Talks Federal Cybersecurity, Resiliency and Ryuk

Every industry has its own considerations when it comes to cybersecurity.

And then there’s the federal space.

From stringent regulations to the heightened risks associated with failing to secure some of the world’s most sensitive information, there’s no industry where the effects of a cyberattack could be further-reaching — or have the potential to be as devastating.

Due to its long history of working with federal agencies, SonicWall President and CEO Bill Conner has become recognized as an expert in government cybersecurity. He’s frequently invited to share his insight on new trends, advances and threats facing those charged with securing U.S. federal government networks, most recently as a guest on the Federal Tech Talk podcast.

While secure remote work has been a hot topic since the beginning of the COVID-19 pandemic, comparatively little has been said about how this has affected federal departments and agencies. But in his conversation with host John Gilroy, Conner explained that federal agencies have gone through much the same process of looking for ways to secure remote and mobile work.

“Government agencies and departments, whether it’s intel, procurement, etc., are now trying to figure out how to keep the business on, and at the same time, how to keep information protected,” Conner explained.

Despite the sensitive information these agencies deal with, they still have to contend with the same remote work risks as any other industry. Without a means of securing mobile workforces, employees working from home may be connecting to sensitive government data and applications via an unsecured home network or unsecured devices.

“Government agencies and departments, whether it’s intel, procurement, etc., are now trying to figure out how to keep the business on, and at the same time, how to keep information protected.”

“We got very comfortable in work, segmenting our networks and segmenting the security cameras, climate systems and other office IT. But when people go home, they aren’t considering the fact that they have devices such as Alexa, door chimes, home security systems, gaming consoles and even refrigerators that can connect back to their employers’ network,” Conner said.

And all of these new exposure points can lead to a variety of threats. Ransomware, in particular, has been on a steep upward trajectory since the beginning of the pandemic, and attacks against federal, state and local governments in particular have spiked over the past couple years.

“We know federal agencies are defending against hundreds of thousands of ransomware attacks each day, both from people simply trying to gain access and people looking for money,” Connor explained.

And with ransomware in the U.S. up 140% through the first nine months of 2020 (versus only 40% globally), it’s clear that, as cybercriminals step up their attacks on governments around the world, the U.S. government in particular will continue to face an unprecedented barrage of laser-targeted, highly sophisticated attacks.

A portion of this growth is being fueled by Ryuk, a relatively new ransomware strain. Ryuk is dangerous because it’s targeted, manual and often leveraged via a multistage attack (Emotet > Trickbot > Ryuk). In late January 2020, Virginia-based Electronic Warfare Associates (EWA), a well-known U.S. government contractor, was infected with Ryuk ransomware. And just a few months prior to that, Ryuk was implicated in an attack that took down 23 local government agencies in the state of Texas.

Based on SonicWall’s Q3 2020 threat research, since Q3 2019 Ryuk attacks increased a mind-blowing 1,275,245%, representing more than a third of all ransomware attacks recorded by SonicWall thus far in 2020.

As attacks like these continue to increase, Conner says, federal agencies will need to broaden their focus from cybersecurity to cyberresiliency. According to Conner, this means expecting that you’ll eventually be compromised and preparing for it, not just in terms of your security effectiveness, but also the security vulnerability that your infrastructure and supply chain could introduce. That includes an emphasis on securing remote work, which Conner says is less a temporary aberration and more a permanent reframing of what it means to both do business and to secure business.

“The new reality is here, and we have to accept it, embrace it and prepare for it,” Conner said. “This is not a one-time event. When I talk to my friends at the DoD, they get it. It’s never going to go back to the way it was. They have to be more mobile. Businesses change, government is changing, people are changing. So that’s what we’ve got to get our heads around. And knowing that, how do we secure in this new norm, and also ensure privacy?”

To hear the rest of the insights Conner shared, on APT attacks, endpoint security and automation, listen to the full Federal Tech Talk podcast.

Cybersecurity News & Trends

This week, the massive SolarWinds breach made headlines around the world, but that doesn’t mean other hackers took a holiday.

SonicWall in the News

Zero Trust Against Nation-State Attacks: Expert Explains Why it is Vital — Information Security Buzz

  • The fallout of the SolarWinds breach continues to reverberate across the industry, and the conversation is shifting to how to mitigate and defend against the next attack on this scale. Dmitriy Ayrapetov weighs in.

Reasons To Believe — Or Not Believe — in IoT — IoT Agenda

  • Data from SonicWall’s Threat Report on the increase in IoT attacks was included in an article on the benefits and challenges of IoT.

AI and ML: Is it a boon or bane for cyber security?” — VAR India

  • SonicWall VP of Regional Sales Debasish Mukherjee, talks about BYOD and the number of malicious attacks and cyber frauds across the globe due to the pandemic.

Industry News

North Korean hackers launch RokRat Trojan in campaigns against the South — ZDNet

  • A VBA self-decoding technique is being used to hide the malware on impacted systems.

Widely Used Software Company May Be Entry Point for Huge U.S. Hacking — The New York Times

  • Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.

Babuk Locker is the first new enterprise ransomware of 2021 — Bleeping Computer

  • It’s a new year, and with it comes a new ransomware. This one is called Babuk Locker, and it targets corporate victims in human-operated attacks.

Cyberattacks on Healthcare Spike 45% Since November — Threat Post

  • The relentless rise in COVID-19 cases is battering already-frayed healthcare systems — and ransomware criminals are taking the opportunity to strike.

Top admiral: SolarWinds computer hack didn’t harm U.S.-based nukes — The Washington Times

  • America’s nuclear arsenal wasn’t compromised by a recent cyberattack targeting computer networks used by government agencies and private companies, the Navy admiral at the helm of the U.S. Strategic Command said.

Severe SolarWinds Hacking: 250 Organizations Affected? — Bank Info Security

  • Investigators are finding that the campaign appears to have compromised more than the 50 organizations originally suspected—and a Russian-linked hacking group may be responsible.

This malware uses a crafty new technique to establish the location of victims — Tech Radar 

  • A newly discovered form of malware grabs and queries the MAC address of the wireless router, enabling it to geo-locate its victim’s machine more accurately.

Cross-platform ElectroRAT malware drains cryptocurrency wallets — Bleeping Computer

  • Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.

Major Gaming Companies Hit with Ransomware Linked to APT27 — Threat Post 

  • A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat (APT) is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says.

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud — Cybersecurity Trends

  • Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email — ZDNet

  • With millions of us waiting for our place in the vaccine queue, criminals are already trying to cash in.

In Case You Missed It