Cybersecurity News & Trends – 04-01-22
Not only did we pick up more news hits for the 2022 SonicWall Cyber Threat Report, SonicWall saw global reports on the fantastic record-breaking year for its channel partners. Industry news in cybersecurity and hacking didn’t take a pause last week. First, the health care equipment manufacturer Philips discovered a vulnerability in products that use an e-alert system. We’ll wait to see if that item gets more airplay next week. Second, Crypto hackers stole more than $600 million from Axie Infinity’s Ronin gaming network – and this is a new record haul. Finally, we found an excellent overview and summary of the “Strengthening American Cybersecurity Act” legislation this month. And in other news, Chinese hackers target VMware with Deep Panda, and hackers are abusing fake emergency subpoenas to force companies to give up important information.
SonicWall News
Apple Forced to Issue Emergency Fixes for Two Zero-Days
IT Wire: Apple issued emergency fixes for two zero-day vulnerabilities that were being exploited in the wild and affected iPhones, iPads, and Macs. In the same report, over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.
Cyber Security Risks and Companies’ Readiness
Financial Times: Research from cyber security company SonicWall supports a more positive outlook [that major business recognizes the risks]. “From mid-2020 to 2021, the number of CEOs who said cyber security risks were the biggest threat to short-term growth nearly doubled,” said SonicWall chief executive Bill Conner in its recent cyber threat report.
Cyber Heroes Prepare for Battle
RED/MSU Denver: The bad guys – cybercriminals, in this case – appear to be winning. Ransomware attacks have risen 62% worldwide since 2019 and by nearly 160% in North America, according to a 2021 SonicWall Cyber Threat Report. Last year’s attack on Colonial Pipeline was among those which crippled energy infrastructure that delivers about 45% of fuel for the East Coast. As for the good guys: There aren’t enough of them.
World Backup Day: Building a Tiered Backup Strategy for Ransomware Recovery
ToolBox: In 2021, SonicWall recorded an alarming 623.3 million ransomware attacks globally, averaging 2,170 attempts per customer. With each attack aimed at exploiting weaknesses in IT networks and endpoint devices to inject ransomware, organizations can’t afford to lower their guard for a moment.
Can The Financial Sector Manage Hybrid Working Security?
Finance Monthly: Ransomware is not the only threat, of course. Today, a wide range of attack methods need to be considered and resisted. For example, SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.
Digital Rights Management Market is Growing at A Rate Of 17% With The Rise In Security Concerns
Globe Newswire (TBRC Business Research): according to the 2021 Cyber Threat Report by SonicWall, there has been a 62% increase in ransomware since 2019. This number is still rising as cybersecurity attacks become more complex and challenging to detect. Digital rights management is also used by healthcare organizations and financial services firms to ensure compliance with data privacy and protection standards such as HIPAA (Health Insurance Portability and Accountability) and the Gramm-Leach-Bliley Act (GLB Act or GLBA). Hence, the rise in security concerns is expected to create avenues for the digital rights management market growth.
Mitigating Security Risks Posed by Hybrid Working
TechRadar Pro: A wide range of attack methods need to be considered and resisted. SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.
SonicWall Posts Record-Breaking Year as Channel Partners Thrive with Unparallel Product Demand
Yahoo Finance (Cision Press Release): Today, SonicWall announced that 2021 was its best year. Propelled by delivering high-demand products, including the evolution of its Generation 7 next-generation firewalls and a laser focus on its customers, SonicWall showed record levels of sales and profitability in 2021.
SonicWall Creció Un 20% En Iberia, Ayudado Por Sus Más De 900 Partners
IT User (Spain): La compañía cuenta a nivel global con más de 17.000 partners activos, que han aumentado su cuota de mercado en franjas de precios y segmentos de mercado clave. SonicWall ha aumentado un 33% su cartera de nuevos clientes y un 45% las ventas en nuevos clientes, y ha registrado un aumento del 10% en los ingresos recurrentes anuales de los partners.
El Canal Ayuda a SonicWall a Cosechar en 2021 El Mejor Resultado De Su Historia
Dealer World (Spain): De histórico se puede calificar el año 2021 para SonicWall, que se ha traducido en los mejores resultados en la historia de la compañía. Resultados que se han visto impulsados por la venta de productos de alta demanda, incluida la evolución de sus firewalls de próxima generación, Generation 7, y un enfoque 100% dirigido al cliente, SonicWall logró niveles récord de ventas y rentabilidad en 2021; y especialmente por el trabajo de su Canal.
SonicWall Hace Frente a Las Ciberamenazas e Incrementa Las Oportunidades De Los Canales
Reseller 15 Años (Mexico): Basado en el Informe de Ciberamenazas 2022 de SonicWall, el fabricante líder en Inteligencia de Amenazas de ransomware, compartió el trabajo que está realizando junto con sus socios para enfrentar el aumento de casi todas las amenazas monitoreadas, ciberataques y ataques digitales maliciosos, donde se incluye el ransomware, las amenazas cifradas, el malware IoT y cryptojacking.
SonicWall Live-Webinar: Meet the Cybersecurity Requirements of Hybrid Working Models
InfoPoint Security (Germany): Join the SonicWall MINDHUNTER series and learn from security expert Stephan Kaiser what business and security challenges this fast-growing and dynamic IT landscape poses for your IT managers.
SonicWall Reports Record Year for Products and Channel Engagement
Channel Life (Australia): SonicWall has reported its best year on record, attributing its new range of products, customer focus and successful channel engagement. Despite challenging economic conditions, the company posted strong financial results, strengthening its pipeline growth. They reported a 33% increase in new customer growth and a 45% increase in recent customer sales.
Industry News
Philips Issues Cybersecurity Warning Over e-Alert MRI Monitoring System
Fierce BioTech: Philips is currently facing a possible hacking risk following discovering a vulnerability in its eAlert MRI monitoring systems. This could be a significant event due to the high use of Philips medical instruments in the U.S. The e-Alert system has sensors that monitor MRI machines and issues alarms when specific parameters are exceeded. These include temperature and humidity in the technical and exam rooms and the status of the machine’s power supply. They also monitor the chiller, cryo-compressor, and helium levels. In addition, magnet placement is also observed.
Hackers Steal Over $600 Million From Video Game Axie Infinity’s Ronin network
CNN: A new crypto-hack has taken out a gaming-oriented blockchain network that supports Axie Infinity. In one of the most significant crypto hacks, hackers stole approximately $625 million in Ethereum and USDC, two currencies. According to a company blog post, attackers stole private keys used to verify transactions on the network. Malicious actors used these keys to create fake withdrawals. The malicious actors were able to forge fake withdrawals. According to the blog post, the network promised to “ensure that no users’ funds were lost.” The company stated that most of the stolen funds are still in the crypto wallet of the hacker.
Three Cybersecurity Fundamentals Businesses Get Wrong
Forbes: What do all businesses, regardless of industry and size, have in common? They are at risk from cybersecurity attacks like ransomware and customer data breaches. These attacks can cause financial ruin for businesses and force them to close. Hiscox, an insurance company, found that cyberattacks had affected one in six companies. At the same time, when businesses spend a lot of money to protect themselves from these types of attacks, they often do it without a plan. Written by a cybersecurity professional who claims to have worked with many financial institutions, this article is well worth reading. It has the perspective of a cybersecurity professional and offers essential insights that many businesses are dealing with today.
An Overview of the Strengthening American Cybersecurity Act
J.D. Supra: President Joe Biden signed the Strengthening American Cybersecurity Act on March 15, 2022. This overview gives us a concise understanding of the act’s provisions and how they may affect business. For instance, the reviewer notes that the act focuses on the need for rapid disclosures and solid protections for private-sector workers in the cybersecurity field. This legislation establishes a cyber incident and ransomware response protocol for businesses that operate in many core sectors of the U.S. economic system. These industries include communications, financial services, chemical, communication, energy, food & agricultural, government facilities and healthcare, transportation and waste management. The law is not only targeted at organizations that are critical infrastructure but will also have wide-reaching consequences for all businesses.
Local Cybersecurity Gaining Traction
S.C. Media: StateScoop reports on local cybersecurity information sharing and resource sharing. Federal support via the $1 billion cybersecurity grant program has led to increased cyber collaboration among local governments, according to Michael Makstman, San Francisco Chief Information Security Officer, and Greg McCarthy, Boston CISO. As a result, they co-founded The Coalition of City CISOs.
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
Hacker News: Deep Panda, a persistent Chinese threat, has been observed exploiting Log4Shell vulnerability on VMware Horizon servers. This was to install a backdoor and a novel rootkit onto infected machines to steal sensitive data. Deep Panda is also known as Shell Crew, KungFu Kattens and Bronze Firestone. Recent attacks “targeting technology providers for command and control infrastructure building,” according to Secureworks.
Hackers Abusing Power of Subpoena Via Fake “Emergency Data Requests”
Krebs on Security: Criminal hackers have discovered a terrifying new “method” to steal sensitive customer data from Internet service providers and phone companies. This involves hacking into email accounts linked to government agencies and police departments, then sending unauthorized requests for subscriber information while claiming that the requested information cannot wait for a court order as it is an urgent matter of life or death. The Verge reported that Apple and Meta gave user data to hackers, who feigned emergency request orders usually sent by law enforcement. Both companies gave out user data to hackers in the middle of the massive surge in hacks SonicWall reported last year.
Suppose federal, state, or local law enforcement agencies want to know who owns a particular account at a social networking firm or which Internet addresses that account has used previously? In that case, they must submit a court-ordered warrant. This notification forges that entire legal process. Most of these bad actors who make these fake requests are teenagers. According to Bloomberg, cybersecurity researchers believe the teen mastermind behind Lapsus$ hacking organization may have inspired the group to take this type of action. Another group called the Recursion Team might be responsible for last year’s string of similar attacks. While the group has since disbanded, they have some members who joined Lapsus$ under different names. Bloomberg was informed by officials involved in the investigation that hackers had accessed accounts in several countries and targeted numerous companies over a few months beginning in January 2021.
In Case You Missed It
- World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff
- CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald
- Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff
- Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman
- Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi
- Ransomware is Everywhere – Amber Wolff
- Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh
- Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran
- 2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff
- Break Free with SonicWall Boundless 2022 – Terri O’Leary
- SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald
- Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi
- Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi
- Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell
- How SonicWall ZTNA protects against Log4j (Log4Shell) – Rishabh Parmar