Cybersecurity News & Trends

The 2022 SonicWall Cyber Threat Report found its way into Fitch Ratings this week. The organization is not generally well-known, but it is a well-respected financial ratings firm whose data is highly valued by global investors. SonicWall’s Cyber Threat Report also made it into several other well-known local news outlets and trade publications. In general news, it’s hard to avoid reports about Ukraine. But things seemed to escalate a little when the sometimes-random hacker group known as Anonymous announced a “cyber war” against Russia. Today, Anonymous took credit for a hack of Roscosmos, the Russian space agency and release of confidential data. In other industry news, the Nvidia hack has taken a very unusual turn, Brian Krebs examined the Conti, and beware of eBike phishing.

SonicWall News

Russia/Ukraine War Increases Spillover Risks of Global Cyberattacks

Fitch Ratings: The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with significant financial, reputational and legal risks to issuers. ACCORDING TO SECURITY VENDOR SONICWALL, corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY. In addition, the firm reports a 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%).

Officials Tighten Cybersecurity Measures Amid Potential Threats from Russia

News12 New York: A Russian cyber gang publicly threatened to launch cyberattacks against any country that retaliated against Russia for its invasion of Ukraine. A Team 12 investigation found that this threat should not be taken lightly. But so far, it’s been the Russian hackers who have learned a harsh lesson: cyberwarfare is a two-way street. Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from SonicWall, a leading cybersecurity firm.

Latest Cyberattack on Nvidia Is Just the Tip of The Iceberg

SiliconRepublic: Last week, it was reported that chipmaker Nvidia was investigating a potential cyberattack. The company confirmed yesterday (1 March) that it became aware of a breach on 23 February and that the “threat actor took employee credentials and some Nvidia proprietary information from its systems”. Data was allegedly stolen by ransomware group Lapsus$. The group claims to have files on Nvidia GPU drivers, allowing hackers to turn every Nvidia GPU into a bitcoin mining machine.

According to SonicWall’s VP of Platform Architecture, Dmitriy Ayrapetov, this type of attack is known as cryptojacking. “Cryptojacking victims are usually unaware that their device, whether it be a computer, phone or virtual machine, is being used to mine cryptocurrency,” he said. “The attack has primarily settled into being performed via some executable, whether standalone or part of a larger software package, and is distributed via most common malware distribution methods – malicious emails, attachments, drive-by downloads and, in some cases, embedded cryptojacking browser scripts.”

Why Banks Should Be More Worried About Security

Semiconductor Engineering: Ransomware has emerged as hackers’ top choice for attacking banking systems. In general, ransomware attackers freeze the victim’s operation, demanding money in return for releasing their hold. Last year, the Ryuk ransomware generated $180 million, followed by SamSam with $104 million. Includes chart: “Where ransomware is hitting the hardest”: Source: SonicWall 2022 Cyber Threat Report.

WA Companies Prepare as Threat Of Russian Cyberattacks Increases

Spokesman-Review: Globally, ransomware volume increased 232% in the last two years, according to an annual report from internet security company SonicWall. It reported there were more than 623 million ransomware attacks in 2021. SonicWall found that new types of malware detected also increased 65% year over year.

Manufacturing Is the Most Targeted Sector By Ransomware In Brazil

ZDNet (Brazil): A separate report on cyber threats published by SonicWall earlier this month has found that Brazil is only behind the US, Germany and the UK in ransomware attacks. With over 33 million intrusion attempts in 2021, the country ranked ninth in the same ranking in the prior year, with 3.8 million ransomware attacks.

Industry News

Hacker Collective Anonymous Declares War On Russia

Fortune: The rogue group of hackers known as Anonymous has declared itself to be in “a cyber warfare campaign against Putin & his allies.” Using both Twitter and YouTube, the group urged followers to launch cyberattacks on the country’s websites. The group claims to have already disabled sites, including the state-controlled Russian news agency, the Kremlin’s official site, and Russian internet service providers.

But experts are quick to warn that this is no time to celebrate. Reporters at The Hill warn that while the rest of the world is ramping up sanctions against Russia over its invasion of Ukraine, everyone should be getting ready for retaliation. There is every chance that we will see increased cyber attacks. Right now, the Kremlin won’t risk showing its hand; the most dangerous Russian footholds in US networks require immense resources and time to build, and maximum destructive power comes from using them during a direct conflict with the United States. Moscow won’t burn its best capabilities and anger the United States and its allies. More importantly, exaggerating the threat distracts us from hardening against much more likely Russian assaults that are short of a full cyberwar between the two nations. The New York Times adds that Anonymous’ declared “war” is one where no one is in charge, suggesting chaos in the immediate future for Russia and probable overspill far outside the conflict area.

Anonymous-Linked Group Hacks Russian Space Research Site, Claims to Leak Mission Files

The Verge: In the latest salvo from hacktivists working in support of Ukraine, an Anonymous-linked group has defaced a website belonging to Russia’s Space Research Institute (IKI) and leaked files that allegedly belong to the Russian space agency Roscosmos. As reported by Vice, hackers appear to have breached one subdomain of the IKI website, although other subdomains remain online. The compromised part of the site related to the World Space Observatory Ultraviolet project (WSO-UV), similar to the Hubble Space Telescope and planned for launch in 2025. A popular Twitter account tied to the loosely organized Anonymous movement shared details Thursday morning and attributed the action to a group known as v0g3lSec. Infosecurity Magazine reports that Russia denies the story and warns of a wider war should the attacks continue. Russia has also warned that any cyber-attack on its satellite systems will be treated as an act of war.

Nvidia Hackers Issue One of The Most Unusual Demands Ever

ARS Technica: Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s crown-jewel source code. A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1 TB of data. The group then made the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leaking of stolen data. “We decided to help mining and gaming community,” Lapsus$ members wrote in broken English. “We want [sic] nvidia to push an update for all 30 series firmware that remove every LHR limitations otherwise we will leak [sic] hw folder. If they remove the LHR we will forget about hw folder (it’s a big folder). We both know LHR impact mining and gaming.” PC Magazine also reports that, in the meantime, the hacking group has already dumped a 19 GB archive that allegedly contains source code for Nvidia GPU drivers. The archive also has enough information to help tech-savvy users undermine the Lite Hash Rate limiter.

260,000 Confidential Attorney Discipline Records Published After Data Breach

Orange County Register: On Saturday, a shadowy website removed 260,000 confidential attorney discipline records it had published after a massive data breach at the State Bar of California. An anonymous administrator for said in a note on the website that the records, as well as others it intended to publish, had been deleted in response to the State Bar’s disclosure of the breach and a subsequent Southern California News Group article. The administrator claims the records had been made publicly available on the State Bar’s discipline website, which is now offline. But the State Bar disputes that contention.

Conti Ransomware Group Diaries, Part III: Weaponry

Krebs On Security: The final chapter to a 3-part examination of the Conti ransomware group. This is highly recommended reading for people who want to stay informed about the evolution of international hacker groups. Part I of this series examined newly-leaked internal chats from the Conti ransomware group and how the crime gang dealt with its internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Finally, in today’s Part III, Krebs looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets and how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Hundreds Of eBike Phishing Sites Abuse Google Ads to Push Scams

Bleeping Computer: A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their data to fake investment schemes impersonating genuine brands. The operation relies on the abuse of Google Ads to draw victims to hundreds of fake websites targeting the Indian audience. The campaign was uncovered by Singaporean security firm CloudSEK, which has shared its report exclusively with Bleeping Computer. According to analysts Ankit Dobhal and Aryan Singh, the campaign has caused financial damages of up to $1 million from tens of thousands of victims.

In Case You Missed It

Ransomware is Everywhere

There’s no question that ransomware is on the rise. In the 2022 SonicWall Cyber Threat Report, SonicWall Capture Labs threat researchers reported 623.3 million ransomware attacks globally, a 105% year-over-year increase. And many industries saw triple- and even quadruple-digit spikes, such as government (+1,885%), healthcare (+755%) and education (+152%).

If your organization hasn’t yet dealt with an attack like this, however, it’s easy to see ransomware as an unusual and far-off problem. While this may have been true 10 years ago, today ransomware touches every facet of our lives.

To illustrate both the pervasiveness of ransomware, as well as its ability to disrupt the lives of an average person, we’ve constructed an average day that any business traveler might experience:

At 7 a.m., the alarm on your Apple iPhone jolts you awake to start another day. You suds up with some Avon body wash, pull on your Guess slacks and a Boggi Milano blazer, and grab your Kenneth Cole briefcase before heading out the door.

Once inside your Honda Passport, you tune in to your favorite sports podcast, where they’re recapping last night’s San Francisco 49ers game. You become so immersed in the discussion you almost forget to stop for fuel — you grab a Coke while you’re there, just in case you’re waiting a while for your flight.

Once you get to the airport, you check in, then look for a quiet place to get some work done. Fortunately, at this point the lounge is deserted. You dig out your Bose earbuds and stream some Radiohead from your laptop while you wait for boarding.

Your flight is uneventful, and the crowds at Hartsfield-Jackson International are almost as sparse as the ones at Cleveland Hopkins International. But unfortunately, you’re completely famished by this point. There’s a McDonalds on Concourse A, and you order a cheeseburger.

The evening is young and you consider going out, but it’s been a long day. On your way to check in at the Ritz Carlton, you decide to stop at a Barnes and Noble. You grab a graphic novel and treat yourself to a box of SweeTarts to enjoy during your quiet night in.

According to the cable listings, there’s an NBA game on TV, but it doesn’t start until 9 p.m. — giving you a few minutes to log in to Kronos and get a head start on expense reports. With a full day of meetings ahead of you, you enjoy a hot shower, pull on your pajamas and slippers, and head off to bed.

While the number of organizations affected by ransomware grows every day, yours doesn’t have to be one of them. Part of avoiding ransomware is knowing how ransomware groups operate, what industries they target and where they’re likely to hit next. For a comprehensive look at SonicWall’s exclusive ransomware data for the past year, download the 2022 SonicWall Cyber Threat Report.