Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.
SonicWall finishes an intense week with news articles citing the 2022 Cyber Threat Report, a quote from Bill Conner, and articles written by our frontline cybersecurity experts. From industry news, we have three big reads. One is about the day the Internet died a few hours earlier in the week, compiled from posts by Computer World, Bleeping Computer, and ZDNet. From Bleeping Computer, we learned that Conti was busy with the ARMattack campaign, ransoming 40 organizations in only one month. Finally, from Dark Reading and CSO Online, according to researchers, there are 56 vulnerabilities in operational technology products used in everything from factories to hospitals. Is our technology insecure by design?
Remember, cybersecurity is everyone’s business. Be safe out there!
CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.
CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”
eSecurity Planet, SonicWall Threat Report Mention: Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.
Forbes Colombia, SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).
Tech Radar Pro, Bill Conner Quote: “Ransomware attacks have simply exploded last year. Recent figures from SonicWall recorded more than 600 million ransomware attacks took place across the world in 2021, representing an increase of 105% compared to the year before. Compared to 2019, the figures are even worse, showing a rise of 232%. Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases,” said SonicWall President and CEO Bill Conner.
Oxford Business Group, Threat Report Mention: According to security vendor SonicWall, ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, 755% in the health care sector, 152% in education and 21% in retail.
Enterprise Networking Planet, Product Comparison: Fortinet and SonicWall are both well regarded enterprise wireless LAN vendors. This article will help you decide which solution is best for your business.
Teiss, Published Byline: Immanuel Chavoya at SonicWall describes the dangers of cryptojacking, a damaging and parasitical use of an organization’s computer resources.
Markers (APAC), SonicWall Executive Interview: Digital transformation is disrupting businesses across the globe as digital infrastructure becomes pivotal for the success and survival post-Covid-19. Over the years since the pandemic hit, we have witnessed a huge surge in digital platforms and tools used in business operations which in turn has increased the risk of cyberattacks. At this junction, the role of next-gen cyber security solution provider plays a significant role. Here is an interview with Debasish Mukherjee, Vice President, Regional Sales, APJ at SonicWall sharing his views on the cybersecurity market post-pandemic, threats to businesses, key cybersecurity recommendations, and how SonicWall can help organizations overcome these challenges.
Half of the Internet died earlier this week
Compiled from Multiple Sources: A server outage at Cloudflare’s servers led to many websites and services going down. The resulting blackout affected significant services like Google, AWS and Twitter. Although the online security company quickly identified and fixed the problem (the service was down for a few minutes), it created a flurry of worry and spun up rumors about the cause.
Initially, we were all left in the dark about the nature of the blackout, which was even more worrisome as ComputerWorld reported major disruptions to large areas. Customers trying to access Cloudflare-supported websites experienced ‘500 errors’ (Internal server errors) for approximately two hours before the service was restored around 9 am GMT.
Bleeping Computer reported that the event was reminiscent of another outage when Cloudflare stopped a 26 million request-per-second DDoS attack, which was the most severe ever recorded. The record-breaking attack, which occurred last week, targeted one of Cloudflare’s customers using the Free plan. Experts speculated that the threat actor behind the attack used stolen servers and virtual machines, as it originated from Cloud Service Providers rather than weaker IoT devices from compromised Residential Internet Service Providers.
ZDNet updated the story with a Cloudflare apology that blamed the outage THIS week on a configuration error during a “routine” network upgrade.
Bleeping Computer: Conti is a cybercrime syndicate that runs one of the most aggressive ransomware campaigns. It has become highly organized to the point where affiliates were able to hack more than 40 primarily US-based businesses in just over a month.
Security researchers identified the hacking campaign as “ARMattack” and said it was one of the group’s most productive and effective. ARMattack was also very fast, considering how quickly the group compromised the networks. Additionally, the ransom requested by the attacker is unknown, nor do we know if any victims paid it.
Bleeping Computer also claims Conti is currently the third most frequent ransomware gang in terms of attack frequency.
The number of victims who have not paid Conti ransoms increased to 859; however, this count is based only on publicly available data on the group’s leak site and is probably higher.
This number shows that Conti has published data from at least 35 organizations that did not pay ransom each month.
Dark Reading: A new analysis of data from multiple sources has uncovered 56 vulnerabilities in Operational Technology (OT) products from 10 vendors, including notable ones such as Honeywell, Siemens, and Emerson.
These security issues are collectively called OT.ICEFALL. They stem from insecure cryptographic implementations, weak authentication schemes or weak cryptographic implementations, insecure firmware updates mechanisms and improperly protected native functionality, which hackers can use for remote code execution. CSO Online reports that 14% of the vulnerabilities could lead to remote code execution, and 21% could allow for firmware manipulation.
The problem stems from device vendors not including basic security features like encryption and authentication. Plus, these vulnerable devices are often installed in older products that their owners continue to use, even though there are better options. So now we have the element of false confidence as many vulnerable products have been subject to an audit and are now certified as safe for OT networks.
Researchers compared their findings with those from Project Basecamp, conducted ten years ago. Then as now, they focused on insecure-by design problems in remote terminal units (RTUs), programable logic controllers (PLCs), and other controllers in SCADA (Supervisory Control and Data Acquisition) used in industrial installations.
The bottom line: the vulnerabilities are still present.
In Case You Missed It
SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald
Cybersecurity in the Fifth Industrial Revolution – Ray Wyman
Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff
Four Cybersecurity Actions to Lock it All Down – Ray Wyman
Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran
NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala
CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald
Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff
Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi
Ransomware is Everywhere – Amber Wolff
Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh