Cybersecurity News & Trends – 09-24-21
SonicWall is in the news in Europe this week, with announcements about a support center in Romania and SonicWall’s country manager, Sergio Martinez, participating in regional discussions about cybersecurity. The FBI reportedly held onto a vital encryption key for three weeks before handing it to victims tops our industry news list. Plus, recent research reveals that multi-party breaches cause 26-times more damage than single-party breaches, SUEX is sanctioned, Biden and hackers debate “critical,” seven countries are being spoofed, and TinyTurla weighs in for big damage.
SonicWall in the News
SonicWall to open customer support centre in Romania
- Telecompaper (NL): US cyber-security specialist SonicWall is in the process of opening a technical support centre in Romania, writes local paper Ziarul Financiar citing SonicWall sales director for Southeast Europe, Cosmin Vilcu. According to the news outlet, the operation has already recruited staff and begun regional marketing activities.
European recovery funds: a good way to improve corporate cybersecurity
- Dealer World (Spain): Sergio Martínez, our country manager, participated in a special issue about the European recovery funds: “The rain comes, the European rain in the form of millions. Millions that will allow many companies to improve deficit aspects to be more competitive. Will cybersecurity be one of them?
SonicWall continues to expand its offering to combat cyberattacks
- Director TIC.es (Spain): In an interview with Sergio Martínez, SonicWall’s country manager, the publication discusses the layered security promoted by SonicWall based on a comprehensive portfolio of solutions. Martinez explains the latest developments in SonicWall’s offer, including its new generation of firewalls and solutions for secure access and protecting credentials.
IBM Launches New Lto-9 Tape Drives with More Density, Performance And Resiliency
- TiBahia (Portugal): IBM is launching tape drives that give systems more resilience to cyberattack. Additionally, the company has repeatedly cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the marketplace’s need for such products. In this release, they cite the Threat Report, noting ransomware is one of the costlier types of breaches, with an average cost of $4.62M per breach and one of the most common.
Industry News
FBI Held Back Ransomware Decryption Key from Businesses to Run Operation Targeting Hackers
- Washington Post: After a devastating ransomware attack this summer, the FBI’s investigations uncovered the digital key needed to unlock maliciously encrypted computer systems. However, the FBI held onto the digital key for almost three weeks, knowing that the attack hobbled the computers of hundreds of businesses and institutions. According to the report, investigators discovered the digital key through access to servers operated by the Russia-based cybercrime gang behind the attack. Deploying the digital key immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.
Multi-party breaches cause 26-times the financial damage of the worst single-party breach
- ZDNet: The researchers found that when a ripple event triggers a loss of income, it can lead to losses of $36 million per event. RiskRecon, a Mastercard company, and the Cyentia Institute released a study on Tuesday showing that some multi-party data breaches cause 26-times the financial damage of the worst single-party breach. The researchers used Advisen Cyber Loss Database to investigate cybersecurity incidents since 2008. They report that nearly 900 multi-party breach incidents have been recorded in the database, with 147 newly uncovered “ripple incidents” across the entire data set, with 108 occurring within the last three years.
US Sanctions Crypto Exchange Accused of Catering to Ransomware Criminals
- Wall Street Journal: The Biden administration blacklisted a Russian-owned cryptocurrency exchange – SUEX OTC – for allegedly helping launder ransomware payments. This is a genuinely unprecedented action meant to deter future cyber-extortion attacks by disrupting their primary means of profit. By targeting a digital currency platform, the Treasury Department is also renewing its warning to the private sector that businesses risk high penalties and fines for paying ransoms and – more importantly – that the Department is watching.
Biden Cybersecurity Leaders Back Incident Reporting Legislation As ‘Absolutely Critical’
- Senior Biden administration officials are backing congressional efforts to enact new cyber incident reporting requirements for critical infrastructure operators and other companies, as well as other measures to entrench further the Cybersecurity and Infrastructure Security Agency (CISA) at the center of the civilian executive branch’s digital security apparatus. CISA Director Jen Easterly said that incident reporting is “absolutely critical” and called CISA’s “superpower” its ability to share cyberthreat information across agencies and critical infrastructure sectors.
After Biden Warning, Hackers Define ‘Critical’ as They See Fit
- Bloomberg: After a furious run of ransomware attacks in the first half of the year, President Joe Biden in July warned his Russian counterpart, Vladimir Putin, that Russia-based hacking groups should steer clear of 16 critical sectors of the US economy. But if a recent attack on a grain cooperative in Iowa is any indication, apparently hackers will define what should be considered “critical.”
Alaskan health department still struggling to recover after ‘nation-state sponsored’ cyberattack
- CNN: Alaska is still dealing with the fallout of a hack. Many of their systems are offline after foreign government-backed hackers breached the department in May, a spokesperson told CNN on Monday. As the department continued to warn Alaskans that hackers might have stolen their personal data, the department’s spokesperson declined to comment on which foreign government was behind the intrusions or their motives. However, Alaskan officials now say that hackers exploited a vulnerability in the health department’s website to access department data. The hackers may have accessed Alaskans’ Social Security numbers and health and financial information.
Republican Governors Association email server breached by state hackers
- Bleeping Computer: The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. This attack follows a breach on Synnex back in July, a network management contractor for the Republican National Committee (RNC).
BlackMatter Ransomware Has Infected Marketron’s Marketing Services
- Cyber Intel: The BlackMatter ransomware group targeted Marketron, a cloud-based revenue and traffic management tools supplier. The company has a customer base of over 6,000 and reportedly manages about $5 billion in advertising revenue per year. This was the second ransomware attack by BlackMatter in so many days. Another one involved a ransom of $5.9 million when this group attacked the NEW Cooperative United States Farmers organization.
Epik data breach impacts 15 million users, including non-customers
- Ars Technica: Epik has now confirmed that an “unauthorized intrusion” did, in fact, occur into its systems. The announcement follows last week’s incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company’s initial response to the data breach claims, Anonymous had altered Epik’s official knowledge base, as reported by Ars.
TinyTurla: New Malware by Russian Turla
- Cyware: According to Cisco Talos, TinyTurla is a previously unknown malware backdoor from the Turla APT group, in use since at least 2020. The malware got the attention of researchers when it targeted Afghanistan before the Taliban’s recent takeover of the government. Now, it is suspected in recent attacks against the U.S., Germany, and other countries.
Ongoing Phishing Campaign Targets APAC, EMEA Governments
- Security Week: Government departments in at least seven countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions have been targeted in a phishing campaign that has been ongoing since spring 2020. The attacks appear to be focused on credential harvesting. During the first half of 2020, operators transferred the phishing domains used as part of the campaign to their current host. In addition, investigators have found at least 15 active “spoofing” pages, posing as various ministries within the targeted country’s governments, including energy, finance, and foreign affairs departments. The spoofed pages target Belarus, Georgia, Kyrgyzstan, Pakistan, Turkmenistan, Ukraine, and Uzbekistan. Other pages posed as the Pakistan Navy, the Main Intelligence Directorate of Ukraine, and the Mail.ru email service.
In Case You Missed It
- Living in the Wild West of the IoT – SonicWall Staff
- IoT Devices: If You Connect It, Protect It – Amber Wolff
- The Halfway Point: How Cybercrime Has Impacted Government in 2021 – Amber Wolff
- Elevating SonicWall to the Cloud – Jayant Thakre
- How Cybercrime Impacted Education in 2021 – Amber Wolff
- From Sonic Systems to SonicWall: 30 Years of Cybersecurity Evolution – Amber Wolff
- The Top 12 Cybersecurity Books – Recommendations from SonicWall Leadership and Employees – Ray Wyman
- SonicWall Earns Another Perfect Score from ICSA Labs for Q2 — Amber Wolff
- SonicWall President and CEO Bill Conner Recognized on CRN’s 2021 Top 100 Executives List — SonicWall Staff
- Latest Cyber Threat Intelligence Shows Ransomware Skyrocketing – Amber Wolff
- SonicWall Fortifies Cloud Edge Secure Access with Device Compliance Check and Network Traffic Control – SonicWall Staff
- New SonicWall NSsp 13700 Firewall: Security for Large Enterprises – Ajay Uggirala