The 2022 SonicWall Cyber Threat Report found its way into Fitch Ratings this week. The organization is not generally well-known, but it is a well-respected financial ratings firm whose data is highly valued by global investors. SonicWall’s Cyber Threat Report also made it into several other well-known local news outlets and trade publications. In general news, it’s hard to avoid reports about Ukraine. But things seemed to escalate a little when the sometimes-random hacker group known as Anonymous announced a “cyber war” against Russia. Today, Anonymous took credit for a hack of Roscosmos, the Russian space agency and release of confidential data. In other industry news, the Nvidia hack has taken a very unusual turn, Brian Krebs examined the Conti, and beware of eBike phishing.
Fitch Ratings: The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with significant financial, reputational and legal risks to issuers. ACCORDING TO SECURITY VENDOR SONICWALL, corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY. In addition, the firm reports a 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%).
News12 New York: A Russian cyber gang publicly threatened to launch cyberattacks against any country that retaliated against Russia for its invasion of Ukraine. A Team 12 investigation found that this threat should not be taken lightly. But so far, it’s been the Russian hackers who have learned a harsh lesson: cyberwarfare is a two-way street. Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from SonicWall, a leading cybersecurity firm.
SiliconRepublic: Last week, it was reported that chipmaker Nvidia was investigating a potential cyberattack. The company confirmed yesterday (1 March) that it became aware of a breach on 23 February and that the “threat actor took employee credentials and some Nvidia proprietary information from its systems”. Data was allegedly stolen by ransomware group Lapsus$. The group claims to have files on Nvidia GPU drivers, allowing hackers to turn every Nvidia GPU into a bitcoin mining machine.
According to SonicWall’s VP of Platform Architecture, Dmitriy Ayrapetov, this type of attack is known as cryptojacking. “Cryptojacking victims are usually unaware that their device, whether it be a computer, phone or virtual machine, is being used to mine cryptocurrency,” he said. “The attack has primarily settled into being performed via some executable, whether standalone or part of a larger software package, and is distributed via most common malware distribution methods – malicious emails, attachments, drive-by downloads and, in some cases, embedded cryptojacking browser scripts.”
Semiconductor Engineering: Ransomware has emerged as hackers’ top choice for attacking banking systems. In general, ransomware attackers freeze the victim’s operation, demanding money in return for releasing their hold. Last year, the Ryuk ransomware generated $180 million, followed by SamSam with $104 million. Includes chart: “Where ransomware is hitting the hardest”: Source: SonicWall 2022 Cyber Threat Report.
Spokesman-Review: Globally, ransomware volume increased 232% in the last two years, according to an annual report from internet security company SonicWall. It reported there were more than 623 million ransomware attacks in 2021. SonicWall found that new types of malware detected also increased 65% year over year.
ZDNet (Brazil): A separate report on cyber threats published by SonicWall earlier this month has found that Brazil is only behind the US, Germany and the UK in ransomware attacks. With over 33 million intrusion attempts in 2021, the country ranked ninth in the same ranking in the prior year, with 3.8 million ransomware attacks.
Fortune: The rogue group of hackers known as Anonymous has declared itself to be in “a cyber warfare campaign against Putin & his allies.” Using both Twitter and YouTube, the group urged followers to launch cyberattacks on the country’s websites. The group claims to have already disabled sites, including the state-controlled Russian news agency, the Kremlin’s official site, and Russian internet service providers.
But experts are quick to warn that this is no time to celebrate. Reporters at The Hill warn that while the rest of the world is ramping up sanctions against Russia over its invasion of Ukraine, everyone should be getting ready for retaliation. There is every chance that we will see increased cyber attacks. Right now, the Kremlin won’t risk showing its hand; the most dangerous Russian footholds in US networks require immense resources and time to build, and maximum destructive power comes from using them during a direct conflict with the United States. Moscow won’t burn its best capabilities and anger the United States and its allies. More importantly, exaggerating the threat distracts us from hardening against much more likely Russian assaults that are short of a full cyberwar between the two nations. The New York Times adds that Anonymous’ declared “war” is one where no one is in charge, suggesting chaos in the immediate future for Russia and probable overspill far outside the conflict area.
The Verge: In the latest salvo from hacktivists working in support of Ukraine, an Anonymous-linked group has defaced a website belonging to Russia’s Space Research Institute (IKI) and leaked files that allegedly belong to the Russian space agency Roscosmos. As reported by Vice, hackers appear to have breached one subdomain of the IKI website, although other subdomains remain online. The compromised part of the site related to the World Space Observatory Ultraviolet project (WSO-UV), similar to the Hubble Space Telescope and planned for launch in 2025. A popular Twitter account tied to the loosely organized Anonymous movement shared details Thursday morning and attributed the action to a group known as v0g3lSec. Infosecurity Magazine reports that Russia denies the story and warns of a wider war should the attacks continue. Russia has also warned that any cyber-attack on its satellite systems will be treated as an act of war.
ARS Technica: Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s crown-jewel source code. A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1 TB of data. The group then made the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leaking of stolen data. “We decided to help mining and gaming community,” Lapsus$ members wrote in broken English. “We want [sic] nvidia to push an update for all 30 series firmware that remove every LHR limitations otherwise we will leak [sic] hw folder. If they remove the LHR we will forget about hw folder (it’s a big folder). We both know LHR impact mining and gaming.” PC Magazine also reports that, in the meantime, the hacking group has already dumped a 19 GB archive that allegedly contains source code for Nvidia GPU drivers. The archive also has enough information to help tech-savvy users undermine the Lite Hash Rate limiter.
Orange County Register: On Saturday, a shadowy website removed 260,000 confidential attorney discipline records it had published after a massive data breach at the State Bar of California. An anonymous administrator for judyrecords.com said in a note on the website that the records, as well as others it intended to publish, had been deleted in response to the State Bar’s disclosure of the breach and a subsequent Southern California News Group article. The administrator claims the records had been made publicly available on the State Bar’s discipline website, which is now offline. But the State Bar disputes that contention.
Krebs On Security: The final chapter to a 3-part examination of the Conti ransomware group. This is highly recommended reading for people who want to stay informed about the evolution of international hacker groups. Part I of this series examined newly-leaked internal chats from the Conti ransomware group and how the crime gang dealt with its internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Finally, in today’s Part III, Krebs looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets and how the team’s leaders strategized for the upper hand in ransom negotiations with victims.
Bleeping Computer: A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their data to fake investment schemes impersonating genuine brands. The operation relies on the abuse of Google Ads to draw victims to hundreds of fake websites targeting the Indian audience. The campaign was uncovered by Singaporean security firm CloudSEK, which has shared its report exclusively with Bleeping Computer. According to analysts Ankit Dobhal and Aryan Singh, the campaign has caused financial damages of up to $1 million from tens of thousands of victims.
In Case You Missed It
- Ransomware is Everywhere – Amber Wolff
- Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh
- Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran
- 2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff
- Break Free with SonicWall Boundless 2022 – Terri O’Leary
- SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald
- Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi
- Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi
- Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell
- How SonicWall ZTNA protects against Log4j (Log4Shell) – Rishabh Parmar
- 10 Tips for a Safe and Happy Holiday – Amber Wolff
- The Rise and Growth of Malware-as-a-Service – Ray Wyman
- A Record-Breaking Year for SonicWall’s Boundless Future – Ray Wyman
- Cybersecurity is Infrastructure – Ray Wyman
- Frost & Sullivan Commend SonicWall for Security Excellence – Kayvon Sadeghi