Cybersecurity News & Trends Blog Cover

Cybersecurity News & Trends – 12-10-21


As the year winds down, SonicWall’s threat reports stand out as reliable sources for US and European news organizations wanting to show the scope of attacks this year. Industry News proves that the crisis continues, and IT managers worldwide are on alert. The International Monetary Fund (IMF) and ten countries conducted a simulated global attack on the global financial system (and the results were awful). In other news, a post-attack assessment reveals that the hackers saved the Irish Health System, Chinese hackers almost shut down power for three million Australians, and Lloyds of London quits cybersecurity insurance policies.

SonicWall in the News

Why Cybersecurity Must Be First

ARN Net (Australia): Why cybersecurity first should resonate with everyone is all over the news. Ransomware attacks rose to 304.6 million during the first six months in 2020, up 62% over 2019, according to our own widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report.

Retail’s Looming Holiday Threat: Ransomware

Politico: Part of a trend: Malware has long been a Black Friday and Cyber Monday concern. In 2019, security threat researchers at SonicWall estimated that cybergangs and individuals deployed 129.3 million malware attacks during the week of Thanksgiving, a 63 percent increase from the year before.

At EvCC, ‘The Wall’ Teaches Students How to Thwart Cybercrime

Herald NET: Everett college is the first in the nation to have a tool that can model cyber attacks aimed at vital infrastructure. During the first six months of 2021, there were more than 305 million attempted ransomware attacks compared to 306 million attempts in all of 2020, according to a mid-year 2021 SonicWall Cyber Threat report. Some three-quarters of those attempts targeted US organizations, the report said. “It’s gotten so bad that insurance companies are raising their rates on cyber liability coverage or dropping coverage altogether,” Hellyer said. “This sort of training is very important to our national and local security and economic interests.”

Do You Know Who is Responsible for Disaster Recovery in the Cloud?

MeriTalk: Ransomware is a disaster that isn’t rare. The 2021 SonicWall Cyber Threat Report found a 158% increase in ransomware attacks in North America in 2020. As a result, agencies that may have been slow to migrate to the cloud are now looking to the cloud as a cost-effective backup and disaster recovery solution to protect Federal systems against cyberattacks and data loss.

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (Australia): Dmitriy Ayrapetov, Vice President Platform Architecture for SonicWall, offered expert commentary on cybercrime activity. He cited data from SonicWall’s recent threat reports, including 495 million global ransomware attacks logged this year to date, an increase of 148%.

12 Days of Phish-mas: A Festive Look at Phishing

Hashed Out: Experimenting with phishing examples using Microsoft products, the author received a fake request for a quote that contains a potentially malicious Microsoft Office file attachment. Office files, including Word docs and Excel spreadsheets, commonly spread malware and embedded phishing links via email. The author notes that SonicWall’s research shows that weaponized Microsoft Office files increased 67% in 2020.

Cybersecurity Terms & Definitions Integrators Should Know

CEPro: In the first six months of 2021, globally, the education sector saw a 615% spike in ransomware incidents compared to 151% across all industries, according to a study from SonicWall.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.

Industry News

IMF, 10 Countries Simulate Cyberattack on Global Financial System

Reuters: The International Monetary Fund (IMF) along with the national banks from 10-countries simulated a major cyberattack on the global financial system. The program, called “Collective Strength,” was intended to increase global cooperation that could help minimize any potential damage to financial markets and banks. The simulated “war game,” as Israel’s Finance Ministry called it, was planned over the past year and evolved over ten days. The simulation result ended with sensitive financial data emerging on the Dark Web and resulted in fake news reports that caused chaos in global markets and a run on banks. Participants in the initiative included treasury officials from Israel, the United States, the United Kingdom, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand, as well as representatives from the International Monetary Fund, World Bank and Bank of International Settlements.

New Policy Gives Some Federal Agencies 24 Hours to Assess Major Cyberattacks

The Hill: A new policy recently rolled out by the White House gives certain federal agencies as little as 24 hours to assess the impact of a cyberattack and report the attack if it rises to a significant level of concern. According to a copy of the memo issued by the White House National Security Council (NSC), the policy applies to national security and intelligence agencies, including the FBI. The new policy gives agencies only 24 hours to report a cyberattack they assess as “a national security concern” to the White House.

The Irish Health System Was Saved By The Hackers

BBC: In March, someone working in the offices of the Irish Health Service Executive (HSE) opened a spreadsheet that had been sent to them by email two days earlier. The file was compromised with malware, and the gang behind it spent the next two months hacking their way through the networks and laying out data traps. There were multiple warning signs at work, but no investigation was launched, which meant IT managers missed a crucial opportunity to intervene. So, when the criminals unleashed their ransomware, the impact was devastatingly total. However, three months later, the attackers posted a link to a key so that the department managers could decrypt their files. The hackers gave no reasons, nor did they make any statements. Maybe the hackers had a change of heart; perhaps it was a test for something much worse. Nevertheless, this one act of mercy by the hackers allowed Irish health to embark on the road to recovery. According to an independent assessment report, without the decryption key, “it is unknown whether systems could have been recovered fully, or how long it would have taken to recover systems from back-ups, but it is highly likely that the recovery timeframe would have been considerably longer.”

Krebs: Cyberattacks Could Be Used To “Disrupt” Decision-Making

Axios: Former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told Axios at an event Thursday that America’s adversaries could use cyberattacks in the future to “disrupt” US decision-making. The big picture: Krebs, using China as an example, said that future cyber attacks could be part of “a larger, more complex approach by an adversary.” What he’s saying: “If things get hot in Taiwan, there’s a possibility that the Chinese government could use some sort of cyber capability to make us focus here rather than over there.”

Chinese Cyberattack Almost Shut Off Power for THREE MILLION Australians

Daily Mail: Chinese hackers came within minutes of shutting off power to three million Australian homes but were thwarted at the final hurdle. The Communist regime launched a ‘sustained’ ransomware attack on CS Energy’s two thermal coal plants in Queensland on November 27 – showing what Beijing could be capable of in a wartime scenario. There were panic stations within the energy firm as employees lost access to their emails and other critical internal data. IT specialists came up with a brilliant last-minute move to stop Beijing from gaining access by separating its corporate and operational computer systems. Once IT managers cut the network in half, hackers had no way of seizing control of the generators. Sources with knowledge of the hack attempt said the cyber-attackers were less than 30 minutes away from shutting down power.

Lloyd’s of London Calls it Quits for Cyber Insurance

CPO Magazine: Major insurance firm Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyberattacks exchanged between nation-states. The insurer said last week that they would no longer cover damages from “cyber war” between countries and that this definition extends to operations that have a “major detrimental impact on the functioning of a state.” So, the looming question, if the cyber insurance firm no longer covers the fallout of digital war, do attacks infrastructure count? Quick to answer from Lloyd’s: No. The firm says that it no longer wants to deal in losses that result from “cyber war,” which the firm includes attacks that have a “major detrimental impact” on a state’s function, implying attacks on critical infrastructure.

The Top Data Breaches Of 2021

Security Magazine: A list of 2021’s top 10 data breaches and exposures and a few other noteworthy mentions. Particularly important is how the manufacturing and utilities sector was deeply impacted, with 48 compromises and a total of 48,294,629 victims. The healthcare sector followed, with 78 compromises resulting in more than 7 million victims. Other sectors that were hit resulted in 3.5 million victims, including financial services (1.6 million victims), government (1.4 million victims) and professional services (1.5 million victims). As SonicWall threat data has also shown, this is the year of the ransomware, and we still have four weeks to go!

In Case You Missed It

SonicWall Staff