In today’s installment, SonicWall is still picking up outlets from last year’s Threat Reports. There was also a friendly nudge from Australia on our new line-up of Gen-7 NGFWs. Industry news shows that there’s no break for cybersecurity. Ukraine was hit today with a massive cyber-attack that took down almost the entire network of government websites. A ransomware attack on school districts in Albuquerque, NM, resulted in the cancellation of classes for 75,000 students. In two reports, we found that SMEs (small to medium-sized businesses) are not taking the risk of cyberattacks seriously. FSB, the Russian intelligence bureau, arrested most or all the REvil ransomware gang members. Ending with this eye-opener: Norton 360 is now shipping a program that allows customers to make money from cryptomining.
SonicWall in the News
ARN-IDG (Australia): Filling an urgent need for greater cybersecurity, SonicWall gets 17 new Gen-7 firewalls ready in less than 18 months. With 70% of full-time workers working remotely in hybrid multi-cloud environments, there has been an unprecedented surge of malware and ransomware – and everyone is more vulnerable than ever.
SC Media: The latest numbers on hidden malware are out, and there’s good news to report. The number of new malicious file attacks was down in 2020 for the first time in five years, and the decline continued for most of 2021. SonicWall Capture Labs recorded 2.5 billion malware attempts in the first six months of 2021, down from 3.2 billion at this time last year — a decrease of 22%. That’s a significant improvement from where we stood in 2018, when malware attacks peaked at 10.5 billion.
Venture Beat: 2021 is the worst year on record for ransomware attacks, with schools, colleges, universities, and hospitals being among the most attacked organizations globally. Bad actors prioritize them first because they have the smallest cybersecurity budgets and weakest defense. In the first six months of 2021, global ransomware volume reached a record 304.7 million attempted attacks, surpassing the 304.6 million attempted attacks throughout all of 2020, according to the 2021 SonicWall Cyber Threat Report, Mid-Year Update.
HashOut: Last year, SonicWall reported that ransomware increased from 78.3 million attacks in Q3 2020 to 190.4 million attacks in Q3 2021. According to their report, at the end of Q3 2021, the year was “the most costly and dangerous year on record” regarding ransomware attacks. Suppose 2022 is anything like last year, and cybercriminals continue to profit on the backs of companies lacking solid defenses. In that case, it’s all but guaranteed this upward trend in ransomware will continue.
The Guardian: First to report the massive cyberattack today, the Guardian says that Russian-based attackers have repeatedly targeted Ukraine since 2014. Still, many observers note that this attack has a more ominous feel. The websites of several government departments, including the ministry of foreign affairs and the education ministry, were knocked out. Hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land.” The Guardian also reports that Ukrainian officials say it is too early to conclude that this attack is in any way related to the stalemated security talks between Moscow and the US and its allies this week. Nearly all major news organizations posted follow-up stories.
NPR: When the superintendent of Albuquerque Public Schools announced earlier this week that a cyberattack would lead to the cancellation of classes for around 75,000 students, he noted that the district’s technology department had been fending off attacks “for the last few weeks.” Albuquerque is not alone, as five school districts in the state have suffered major cyberattacks in the past two years, including one district that’s still wrestling with a cyberattack that hit just after Christmas. But it’s the first reporting of a cyberattack that required cancellation of classes, made all the more disruptive as schools try to keep in-person learning going during the pandemic.
Norwegian media company Amedia suffered a cyberattack that shut down its computer systems, preventing printing newspapers. According to the company, the incident also affected its advertising and subscription systems, preventing advertisers from ordering new ads and subscribers from enrolling or canceling their subscriptions. The company also said that the incident forced it to shut down systems administered by Amedia Teknologi.
InfoSecurity: It’s a common misconception among small to medium enterprises (SMBs) that large businesses, with their sizable financial assets, are the sole target for ransomware attacks. But SMBs ought to note that the US Department of Homeland Security reports that upwards of 70% of ransomware attacks are aimed at small and medium-sized companies. And yet, a surprising number of small business owners do not seriously see themselves at risk. A recent study shows that 63% of small business owners think they are immune to a cyber-attack. Technically, however, they are anything but invulnerable as most businesses operate on connected data and cloud operations. The more connectivity the business uses, the greater their vulnerability to various cyber-attacks, from ransomware to social engineering and data breaches. So, the question is not if, but when, your small business will be subject to a cyber-attack.
Medscape: Ransomware attacks are driving some small practices out of business. After a ransomware attack, Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019. However, several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, which may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to their backup files and the resources to rebuild their computer systems and stay in business. The author is offering the same advice that security managers make to all SMEs: take the threats and risks seriously and then act on a secure or backup systems plan.
BBC News: Authorities in Russia say they have dismantled the ransomware crime group REvil and charged several of its members. The United States had offered a reward of up to $10m (£7.3m) for information leading to the gang members following ransomware attacks. However, Russia’s intelligence bureau FSB said the group had “ceased to exist.” The agency said it had acted after being provided with information about the REvil gang by the US. Still, it does not appear that Russia will extradite gang members to the US.
Wall Street Journal: The FSB operation is one of the first major publicly disclosed Russian law-enforcement actions against cybercriminal gangs. “It’s very surprising that the Russians started to play ball in the ransomware fight,” said Alexandru Cosoi, chief security strategist at cybersecurity company Bitdefender Inc., which tracks REvil activity. In September, Bitdefender released a tool to decrypt data locked up by REvil malware. The scale of the FSB’s operation may signal a more permanent end to REvil, said Raj Samani, a chief scientist at McAfee Corp. However, analysts say it is too early to tell whether this will discourage other gangs from launching attacks.
CPO: Glupteba, a botnet used for cryptojacking, has taken a significant blow from Google, whose free cloud-based services it relied on to propagate. The company has identified and removed thousands of accounts, hosted files and ad accounts used to spread malicious files. Glupteba has been operating for months and is believed to have compromised thousands of people per day at its peak. The cryptojacking botnet spread via Google advertisements promising software cracks and phishing emails linking to malicious files hosted with Google Docs. Google cautions that though the Glupteba botnet’s operations have been disrupted, it is not out of commission.
Krebs: Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program that lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor. For example, Avira antivirus — with a base of 500 million users worldwide — was recently bought by the same company that owns Norton 360.
In Case You Missed It
- Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell
- How SonicWall ZTNA protects against Log4j (Log4Shell) – Rishabh Parmar
- 10 Tips for a Safe and Happy Holiday – Amber Wolff
- The Rise and Growth of Malware-as-a-Service – Ray Wyman
- A Record-Breaking Year for SonicWall’s Boundless Future – Ray Wyman
- Cybersecurity is Infrastructure – Ray Wyman
- Frost & Sullivan Commend SonicWall for Security Excellence – Kayvon Sadeghi
- SonicWall Answers the Call with New NGFWs – Ajay Uggirala
- Illuminating Cybersecurity with Unified Insights – Suroop Chandran
- How Unified Cloud Simplifies Network Switch Management – Tiju Cherian
- Cyber Threat Alert: Ransomware Breaks Another Record – Ray Wyman
- Why Cybersecurity Must be First – Ray Wyman
- How to Protect Multi-Cloud Environments with a NSv Virtual Firewall – Tiju Cherian
- What’s driving job growth in cybersecurity? – Ray Wyman