This week, the SonicWall Threat Report, Microsoft vs Chinese hackers, Israeli hack tools, a $10 million reward, and more zero-days than we really want to hear about. Also, railroad hacks in Iran and UK, indictments for Chinese hacking group, Apple’s “five-alarm fire,” and Microsoft’s battle against “homoglyphs.”
SonicWall in the News
- IBM cites data from SonicWall’s annual threat report in an announcement about enhancements to their FlashSytem data protection. One bit of data that got everyone’s attention: ransomware attacks rose to 304.6 million in 2020, up 62% over 2019, mainly due to the highly distributed workforces caused by the pandemic.
- If cybercrime was a country, it would be the world’s third largest in terms of GDP, according to Cybersecurity Ventures. This year, the total cost to the global economy is predicted to top $6 trillion (£4 trillion). SonicWall’s 2021 Threat Report was also included: 304.5 million ransomware attacks in total in 2020 – up 62% over 2019 – and the deluge of attacks shows no signs of slowing down.
- The question of your company or organization facing a ransomware attack is not an “if” but rather “when.” Most likely, you may have already faced several. SonicWall’s annual threat report was part of this story too, citing through May of 2021, a reported 226.3 ransomware attacks, up 116% year to date over 2020.
Tulsa warns of data breach after Conti ransomware leaks police citations — Bleeping Computer
- The city of Tulsa, Okla., is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.
Saudi Aramco data breach sees 1 TB stolen data for sale — Bleeping Computer
- Attackers stole 1 TB of proprietary data belonging to Saudi Aramco and are selling it on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the world’s largest public petroleum and natural gas companies. The sales price of the data, albeit negotiable, is set at $5 million.
Details Emerge on Iranian Railroad Cyberattack — Security Week
- More details about the cyberattack on Iran’s railroad system emerged over the weekend. On July 9, Iran International reported that a system-wide disruption of Iran’s railroads was probably due to a cyberattack, citing the Revolutionary Guard-backed FARS news agency. Now it appears that the attackers had penetrated the system at least a month earlier.
- A suspected ransomware cyberattack targeted northern rail’s new self-service ticket machines. The system was offline for a week, and an investigation is underway. It comes just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at the cost of £17 million (about $23m).
The US Formally Accuses China of Hacking Microsoft – The New York Times
- To bolster the accusations, the Biden administration may organize a broad group of allies to condemn Beijing for global cyberattacks. However, most analysts believe that such an effort will probably stop short of taking concrete punitive steps against China.
The US indicts members of the Chinese-backed hacking group APT40 – Bleeping Computer
- The US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018.
$10 million rewards bolster White House anti-ransomware bid – Associated Press
- The State Department will offer rewards up to $10 million for information leading to identifying anyone engaged in a foreign state-sanctioned malicious cyber activity, including ransomware attacks, against critical US infrastructure. In addition, a task force set up by the White House will coordinate efforts to stem the rise of ransomware.
- Cyber-sleuths from digital rights watchdog Citizen Lab recently released a study that reveals government hackers from several countries are using spyware made by Candiru, an Israeli-based spyware vendor, to target victims all over the world. The spyware leverages two unknown Windows vulnerabilities for zero-day exploitation. As far as we know, this is the first time anyone has published an analysis of Candiru’s malware with targeted individuals.
- As if we can’t get enough of zero-days, Google’s Threat Analysis Group published a new report that offers details about several hacking campaigns that leverage a series of zero-day exploits. A quick read shows that there are several reasons for the uptick in zero-day incidents. For one, the industry is getting better at detecting and disclosing attacks. For another, cyber-criminals are taking full advantage of vulnerabilities while they still can.
Fighting an emerging cybercrime trend – Microsoft
- Microsoft’s Digital Crimes Unit (DCU) recently secured another court order to take down malicious infrastructure used by cybercriminals. They filed the case to target the use of “homoglyph” – imposter domains – used in an increasing number of attacks. A judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable service on malicious domains used to impersonate Microsoft customers and commit fraud.
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack – Dark Reading
- Campbell Conroy & O’Neil, a major law firm based in Boston, MA, reported an attack that compromised personal data, including Social Security numbers, passport numbers, and payment card data for some individuals. The firm discovered unusual activity on its network earlier this year. An investigation revealed its network was hit with ransomware and prompted Campbell to hire third-party forensics investigators to determine the information affected.
Apple’s iPhone has a “five-alarm fire” security problem with iMessage – Business Insider
- Apple’s iPhone isn’t as secure as Apple says it is according to this report from Amnesty International. The quote that caught our eye: “Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security,” said Bill Marczak, a senior research fellow at Citizen Lab. The threat is related to a tool called Pegasus, created by NSO Group.
- Microsoft on Monday announced that it is buying cybersecurity firm RiskIQ to help companies better protect themselves from the unique risks created by remote work and relying on cloud computing amid “the increasing sophistication and frequency of cyberattacks.” RiskIQ’s software allows organizations to monitor their entire networks — including operations running on various cloud providers.
- Cloudstar, a Florida-based company IT provider, announced that it suffered a “highly sophisticated ransomware attack” that forced it to take down the vast majority of its services. A critical flaw in a Cloudflare service said to be used by 12.7 percent of all websites could have been hijacked by a malicious user-controlled package to compromise a good number of web pages. The company said it was negotiating with the crooks that infected its computers.
In Case You Missed It
- SonicWall Fortifies Cloud Edge Secure Access with Device Compliance Check and Network Traffic Control – Sony Kogin
- New SonicWall NSsp 13700 Firewall: Security for Large Enterprises – Ajay Uggirala
- SonicWall Announces Capture Labs Portal – Brook Chelmo
- SonicWall NSa 4700 and 6700: The Newest Next-Generation Firewalls for Medium Enterprises – Ajay Uggirala
- Three New Firewalls with Triple the Performance, Plus Three Powerful Updates – Atul Dhablania