Cybersecurity News & Trends

Bringing you curated cybersecurity news and trends from leading news outlets and bloggers that monitor IT security worldwide.

The Mid-Year Update to the 2022 SonicWall Cyber Threat Report was released and ink was flying off the presses. Among the highlights were stories by the Financial Times, Axios and CoinDesk. We also got excellent coverage in Dubai and India.

Industry News is always extremely active. Tech Radar revealed that hackers are hijacking Microsoft servers to boost their proxies. According to The Verge, Microsoft is blocking macros on one of their older mainstay products by default. Hacker News reports that critical Atlassian Confluence vulnerability is under active exploitation. According to Bank Info Security, phishing-as-a-service just turned into a cut-rate business deal. Tech Republic says new variants of “infostealer malware” target Facebook-LinkedIn business accounts to harvest sensitive data. CRN and Bleeping Computer suspect there’s more going on with the Entrust data breach than has been released. And finally, for our Big Read from Dark ReadingHacker News and Bleeping Computer, we are witnessing the rise of the container attacks.

Stay cautious. And remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

What Is Cryptojacking, The Cyber Attack Carried Out by Crypto Miners?

IndianExpress, SonicWall News: ‘Cryptojacking’ attacks on computer systems have gone up by 30% to 66.7 million in the first half of 2022 compared to the first half of last year, according to a report by SonicWall, a US-based cybersecurity firm. “While volume increases were widespread, some business sectors were hit harder than others, such as the finance industry, which saw a rise of 269%,” the report said.

Record Number Of ‘Never-Before-Seen’ Malware Variants Discovered

IPT-Net (Dubai), SonicWall News: SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI) technology identified 270,228 never-before-seen malware variants during the first half of 2022 — a 45% increase year-to-date. The first quarter of 2022 marked a record-high in never-before-seen malware discoveries (147,851), with March 2022 being the most ever on record (59,259).

A Seismic Shift in Cyber Arms Race

MenaFN (Dubai), SonicWall News: SonicWall, publisher of the world’s most quoted ransomware threat intelligence, today released the mid-year update to the 2022 SonicWall Cyber Threat Report. The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

IoT Malware Attack Volume Up 123% in Healthcare

Health IT Security, Threat Report: SonicWall’s newly released mid-year report saw a global decrease in traditional ransomware attacks, but researchers also observed a 123% increase in IoT malware attack volume in healthcare. “Cybercrime has been a global phenomenon for decades,” Bill Conner, president and CEO of SonicWall, stated in the report.

“But with geopolitical forces accelerating the reconfiguration of the world’s cyber frontlines, the true danger presented by threat actors is coming to the fore — particularly among those that once saw the smallest share of attacks.”

India’s Malware Hits Are Up By 34%, 2nd Highest Globally

The Hans India, SonicWall News, Bill Conner quoted: The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity. “In the cyber arms race, cybersecurity and geopolitics have always been inseparably linked, and in the last six months we have seen that play out across the cyber landscape,” said SonicWall President and CEO Bill Conner.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

Everything You Need to Know About Crypto-Jacking as It Surges to Record High

Proactive Investors, SonicWall News: Global crypto-jacking volumes rose by US$66.7mln, compared with the first half of 2021, to its highest level on record, according to American cybersecurity company SonicWall.

Ransomware Attacks Decline Amid Crypto Downturn

Axios, Immanuel Chavoya Quote: For ransomware, we’re seeing correlation that’s in line with crypto markets,” said Immanuel Chavoya, threat detection and response strategist at SonicWall, tells Axios. “Someone has changed the locks on your house, and you have to pay a fee to get back in,” he said, describing a typical ransomware attack.

Cryptojacking On the Rise Despite Market Slump

Cryptopolitan, SonicWall News: Over the years, cryptojacking has been used as one of the few methods to mine illegal crypto from unsuspecting users. This is because the hackers chance upon back door access via hacking the computer to mine crypto. However, in the last few months, reports have claimed that cryptojacking has skyrocketed to new highs. In a new report that SonicWall uploaded, crimes associated with cryptojacking worldwide have touched $66.7 million in the first half of this year.

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

Industry News

Hackers are Hijacking Microsoft Servers to Boost Proxies

TechRadar: Hackers are installing malware on Microsoft SQL servers to monetize the endpoints’ bandwidth. Findings from Ahnlab and researchers at the South Korean firm ASEC, this type of malware, called proxyware, allows the hacker to not re-sell the bandwidth to other people but also access the victim’s email account. In addition, hackers can install another strain on vulnerable Microsoft SQL servers where threat actors can use it to steal corporate data. IT departments are being advised to find ways to verify legitimate processes are using all their bandwidth. Individuals tempted to earn money from installing proxyware on their systems are also being cautioned that they risk being abused by cybergangs and freelancers.

Microsoft Office Is Blocking Macros by Default

The Verge: There’s been a bit of back and forth since Microsoft made the original announcement. Still, this week they made it clear with an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents. The company had temporarily stopped the security precaution to prevent infected macros from automatically running. Now the new default setting is rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and it’s blocked. The move applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site admins have marked as safe. And as of now, Microsoft isn’t changing anything on other platforms like Mac, Office on Android / iOS, or Office on the web.

Critical Atlassian Confluence Vulnerability Under Active Exploitation

Hacker News: Atlassian, which makes the Confluence team collaboration suite, issued warnings to customers that there’s a significant vulnerability in the ‘Questions For Confluence’ app. However, not all companies use this capability. Readers can find details of the vulnerability here: CVE-2022-26138, and concerns the use of a hard-coded password in the app that a remote, unauthenticated attacker could exploit to gain unrestricted access to all pages in Confluence. In layperson’s language, companies migrating data to the Confluence Cloud create an account that includes a hardcoded password to the users’ group. The process also reveals where to find the password to view and edit non-restricted messages.

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Bank Info Security: A rising cybercrime syndicate has decided it’s easier to sell phishing kits than teach other cybercriminals to hook victims themselves, charging as little as $50 a month for a simple campaign. Calling themselves “Robin Banks,” – the novel phishing-as-a-service platform targets financial institutions in Canada, the U.S., the U.K. and Australia. Researchers at IronNet say the site not only has email and text phishing kits aimed at Bank of America, CapitalOne, Citibank, Lloyds Bank and Wells Fargo, but it also has templates customers can use to phish and steal Google, Microsoft, T-Mobile and Netflix users passwords. One example of a scam is a text message sent to people purporting to be from a bank alleging unusual activity on their debit card. Victims are asked to click on a link to very their identity. Hackers can sign up for the service for around $200 a month.

Infostealer Malware Targets Facebook Business Accounts to Capture Sensitive Data

TechRepublic: Facebook is often in the crosshairs of malware campaigns. A new attack analyzed by cybersecurity provider WithSecure Intelligence targets Facebook business users with the intent of stealing their sensitive data and taking over their accounts. Organizations that use Facebook’s Ads and Business platforms are being cautioned, according to researchers at WithSecure. The report says the hackers are targeting and phishing employees on LinkedIn who likely have high-level access to their company’s Facebook Business account. Those employees are tricked into downloading malware, which the hackers use to get into Facebook Business accounts. Victims may have managerial, digital marketing and HR titles. Employees need to be cautious about clicking attachments in LinkedIn messages. In addition, administrators need to watch their Facebook Business accounts closely for suspicious downloading activity.

Hackers Stole ‘Some Files’ During Recent Data Breach

CRN: Security vendor Entrust is confirming that hackers breached its network last month, accessing its systems used for internal operations and stealing some files. Minneapolis-based Entrust, which describes itself as a global leader in identities, payments, and data protection, was conspicuously quiet on Tuesday about what exactly was stolen during the June 18 breach. Entrust customers, which include governments and businesses, were told earlier this month. However, it isn’t known if only Entrust corporate data was stolen or if customer data was also involved in the data breach.

In a startling revelation for the Entrust breach, Bleeping Computer claims that a well-known ransomware gang is behind the attack and that they purchased compromised Entrust credentials and used them to breach their internal network. If Entrust does not pay the ransom demand, we will likely learn what ransomware operation was behind the attack and other details when the hackers publish the stolen data.

BIG READ: Rise of the Container Attacks

Multiple Sources: Dark Reading reports that hackers have sharply reduced the use of one of their favorite malware distribution tactics following Microsoft’s decision earlier this year to disable Office macros in documents downloaded from the internet. However, container files have risen to help cyber attackers get around the issue. This pivot is clear: In the months since Microsoft’s Oct. 21 announcement that it would disable macros by default, there’s been a 66% decline in threat actor use of VBA and XL4 macros, according to Proofpoint.

As proof of the emerging tactic, Hacker News notes a flurry of previously unknown variants of the Qakbot malware that appears to be a Microsoft write file but can also appear with multiple URLs as well as unknown file extensions (ex: OCX, ooccxx, dat, gyp) to deliver the payload. Other methods adopted by the group include code obfuscation and introducing new layers in the attack chain from initial compromise to execution. The package can also go under several other names, including QBot, QuackBot, or Pinkslipbot. The core has been a recurring threat since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads.

Bleeping Computer says the QakBot series and its variants have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software. When the executable is launched, it will find the malicious version with the same name in the same folder, loading that instead and infecting the computer. Victims fooled into clicking on an infected attachment will download a password-protected zip file that appears to be an Acrobat PDF document. Hackers provide the victim with passwords to view the file. When clicked, the package delivers the malware.

We’re constantly reminding managers and employees about the dangers of clicking unexpected attachments and email links (add social media). There are tools out there now that can easily spot these kinds of attacks.

In Case You Missed It

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner

SonicWall’s mid-year update to its 2022 SonicWall Cyber Threat Report is creating some serious buzz – especially when it comes to cryptocurrency. The data reveals that global cryptojacking volumes increased by 66.7 million hits in the first half of 2022 – representing a 30% increase when compared to its 2021 levels over the same period.

In cryptojacking attacks, criminals use malware to gain access to computer networks. They then use the system’s computing power to mine cryptocurrencies like Bitcoin — a process that typically requires investing in costly state-of-the-art equipment and consumes vast amounts of electricity. The victim is often unaware of the intrusion.

Today, SonicWall CEO and President Bill Conner was interviewed by Coin Desk TV to discuss the meteoric rise of this criminal act.

“We are seeing a major shift as cybercriminals are using cryptojacking as a means to an end,” explained Conner. “Bad guys are getting into servers, computers, and laptops to take over the compute engine and run in the background to mine for crypto. The financial sector has been hit the hardest over the last six months, and I don’t anticipate that to slow down any time soon.”

Cryptojacking cases across the financial sector rose 269% in the first half of 2022 – that’s five times higher than attacks on retail. SonicWall registered record growth in total cryptojacking volume but unevenly distributed across 2022. In January this year, the metric stood at 18.4 million hits, a new all-time high surpassing previous record levels, taking the total Q1 attacks to 45.1 million.

As criminals continue to have success leveraging compute power to mine for crypto currency, you can expect the problem to increase.

“I think as the economy gets a little shaky, you will see cryptojacking and other malicious cyber activities increase – especially the second half of the year,” said Conner. “It’s really important to segment your networks to protect your data and valuable business assets.”

To learn more about the trends of cryptojacking, ransomware, malware and other cyber threats download the mid-year update to the 2022 SonicWall Cyber Threat Report now.

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines

The mid-year update to the 2022 SonicWall Cyber Threat Report reveals changing trends and shifts in global cybercrime hotspots.

Cybersecurity and geopolitics have always been inseparably linked, and in the past six months we’ve seen this increasingly play out across the threat landscape. Based on data from the mid-year update to the 2022 SonicWall Cyber Threat Report, the United States, the U.K. and other cybercrime hotspots are seeing decreases in cybercriminal activity, while many less-affected regions are seeing an uptick in threats.

“The international threat landscape is now seeing an active migration that is profoundly changing the challenges not only in Europe, but the United States as well,” said SonicWall expert on emerging threats Immanuel Chavoya. “Cybercriminals are working harder than ever to be ahead of the cybersecurity industry, and unlike many of the businesses they target, threat actors often have no shortage of skills, motivation, expertise and funding within their organizations.”

But it isn’t only the targets that are changing in the first half of 2022 — it’s the trends as well. Malware and ransomware have both reversed course, and for the first time in years we’re seeing increases in malware and decreases in ransomware. The threat data also revealed accelerations in certain trends, such as the spikes we’re seeing in IoT malware and other threat types. Here are some of the highlights:

Malware Makes a Comeback

After trending downward for several quarters, malware rose 11% worldwide during the first half of 2022. While a drop in ransomware helped temper this increase, a rise in cryptojacking and skyrocketing rates of IoT malware were more than enough to propel a double-digit increase.

Very few cyberthreat trends apply uniformly across the board, and the rise in malware is no exception. But the fact that places that usually see a lot of malware — such as the U.S., the U.K. and Germany — all saw decreases suggest that these global hotspots may be beginning to shift.

Ransomware Falls by Nearly a Quarter

Ransomware has risen dramatically over the past two years, but in the first half of 2022, global attack volume fell 23%. This long-awaited reversal seems largely a result of geopolitical factors, as ransomware groups in Russia struggle to keep up their previous pace amid the ongoing conflict with Ukraine.

Unfortunately, based on larger ongoing global trends, this reprieve isn’t expected to last.

“As bad actors diversify their tactics, and look to expand their attack vectors, we expect global ransomware volume to climb — not only in the next six months, but in the years to come,” said SonicWall President and CEO Bill Conner. “With so much turmoil in the geopolitical landscape, cybercrime is increasingly becoming more sophisticated and varying in the threats, tools, targets and locations.”

Ransomware is also shifting, however, resulting in some areas recording significantly different outcomes than usual. North America, which typically sees the bulk of ransomware attacks, experienced a 42% decrease in attack volume, while Europe recorded a 63% increase.

RTDMI Detections Rise Dramatically

In the first six months of 2022, SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) identified 270,228 never-before-seen malware variants — a 45% increase over the same period in 2021.

Included with the Capture Advanced Threat Protection sandbox service, this technology leverages machine learning to become highly effective at identifying new and advanced threats, and it continues to get better each year: Since it was introduced in early 2018, the number of new variants discovered by RTDMI has risen 2,079%.

IoT Malware Up 77%

With more IoT devices coming online than ever, it’s no surprise that opportunistic cybercriminals are increasingly flocking to IoT malware attacks. Since the beginning of the year, IoT malware volume has risen 77% to 57 million — more than at any point since SonicWall began tracking these attacks, and nearly as many as were recorded for the entire year of 2021.

Encrypted Threats Show Triple-Digit Increase

In the first half of 2022, encrypted threats spiked 132% over the same time period last year. This was based on an unusually high number of attacks in Q2 — attack volume rose so high in May that it became the second-highest month for encrypted threat volume SonicWall had ever seen.

Cybersecurity News & Trends

Curated cybersecurity news and trends from leading news outlets that monitor IT security and safety around the world.

SonicWall continues to move headlines with industry publications and general news outlets. More quotes from SonicWall’s President and CEO, Bill Conner and mentions from SonicWall’s ongoing threat reports.

The industry’s big hits this week mainly were focused on ransomware activity. From Dark Reading, CloudMensis emerged as a previously unknown macOS spyware that exfiltrates documents, keystrokes, and screen captures, among other things. Bleeping Computer reports that the Black Basta ransomware gang targeted the giant construction corporation Knauf Group. From the gamer publication Destructoid, Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. Threat Post reports on the unusual hiring practices of the hacking group AIG. From Hacker News, Evilnum malware is being deployed to target cryptocurrency and commodities platforms. And from a gamer fan magazine, Kotaku, someone hacked the NeoPets platform, stole data for 69 million accounts and is selling it for Bitcoin.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication Of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

French MVNO Left Crippled by Ransomware Attack

Total Telecom, SonicWall News: The scale and severity of ransomware attacks in the telecoms industry and beyond has been rising steadily in recent years, with SonicWall recording 495 million ransomware incidents globally in 2021, a 148% increase on 2020.

Best VPN services for SMBs

TechRepublic, SonicWall News: While hardware platforms — including equipment fromCisco, Fortinet and SonicWall — are often used, software-only VPN services are growing in popularity due to their simplicity, flexibility and capacity to provide protection when users connect to third-party applications and resources outside the organization’s network. Here’s how five leading VPN services for SMBs stack up.

Cyber Defense: Bill Conner of SonicWall on the 5 Things Every American Business Leader Should Do to Shield Themselves from A Cyberattack

Authority Magazine, Bill Conner Q&A: As a part of this series, I had the pleasure of interviewing Bill Conner, President and CEO of SonicWall, one of the world’s most trusted network security companies. With a career spanning more than 30 years across high-tech industries — previously leading key divisions of AT&T and managing Nortel’s $9 billion acquisition of Bay Networks and CEO of Entrust — Bill Conner is a corporate turnaround expert and global leader in cybersecurity, data protection and network infrastructure.

Marriott Hotels Super Another Data Breach

Intelligent CIO, SonicWall Mention: Bill Conner, CEO and President at SonicWall, also a GCHQ and NCSC advisor, has stated the criticality of this trend: “The recent breach of Marriott International is a stark example of the tireless work cybercriminals undertake to steal personal information. Not only does the Marriott breach damage brand reputation, but it also puts customers in a vulnerable position when sensitive information is comprised like passport numbers, credit card details and more.”

34 top UK Vendor Leaders Outline Channel Priorities

CRN UK, SonicWall Mention: While ConnectWise (2,500), Cisco (2,000), Fujitsu (1,500), Adobe (1,400) and SonicWall (1,200) all work with over 1,000 UK partners, others have narrower UK channels, with Check Point, F5 Networks and Mitel all working with 400 or fewer partners.

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack in History’

The Independent, Bill Conner Quote: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

Industry News

Cloud-Enabled macOS Spyware Blows onto the Scene

Dark Reading: A previously unknown macOS spyware has surfaced in a highly targeted campaign, which exfiltrates documents, keystrokes, screen captures, and more from Apple machines. Interestingly, it exclusively uses public cloud-storage services for housing payloads and command-and-control (C2) communications — an unusual design choice that makes it difficult to trace and analyze the threat.

Dubbed CloudMensis by the researchers at ESET who discovered it, the backdoor was developed in Objective-C. ESET’s analysis of the malware released this week shows that the cyberattackers behind the campaign gain code execution and privilege escalation using known vulnerabilities after the initial compromise. Then, they install a first-stage loader component that retrieves the actual spyware payload from a cloud storage provider. In the sample the firm analyzed, pCloud was used to store and deliver the second stage, but the malware also supports Dropbox and Yandex as cloud repositories.

Building Materials Giant Knauf Hit by Black Basta Ransomware Gang

Bleeping Computer: The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

The cyberattack took place on the night of June 29, and at the time of writing this, Knauf is still in forensic investigation, incident response, and remediation. Emails seen by BleepingComputer warned that email systems were shut down as part of the response to the attack, but that mobile phones and Microsoft Teams were still working for communication.

Knauf is a German-based multinational building and construction materials producer that holds approximately 81% of the world’s wallboard market. The firm operates 150 production sites worldwide and owns U.S.-based Knauf Insulation and USG Corporation. Notably, Knauf Insulation has also posted a notice about the cyberattack on its site, so that entity has been impacted too.

Bandai Namco Data Leaked Following Alleged Ransomware Attack

Destructoid: Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. It is suspected that the developer/publisher behind brands such as Tekken, Elden Ring, Dragon Ball FighterZ, and Soulcalibur has had data about its future releases, DLC, and reveals leaked online in the wake of the attack. Malware source code monitors VX-underground discovered and reported the news.

While some of the information has surfaced online this morning, the full extent of the data obtained by the hacking group is unknown. It could contain the personal details of company employees, as well as source code for the company’s current and upcoming releases and potentially data about the users of Bandai Namco games. As for supposed leaked games, don’t believe everything you see floating around.

This attack is the latest in a series of massive data thefts that, in recent years, have ransacked the digital vaults of various big-name video game companies such as Capcom, EA, and, perhaps most famously, CD Projekt RED, the latter of which lead to the release of the entire source code of smash hit Cyberpunk 2077.

Hackers for Hire: Adversaries Employ’ Cyber Mercenaries’

Threat Post: A for-hire cybercriminal group is feeling the talent drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks as part of more extensive criminal campaigns.

Known as Atlas Intelligence Group (AIG) or Atlantis Cyber-Army, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its campaigns. AIG functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services.

According to the report, AIG is unique in its outsourcing approach to committing cybercrimes. Organized threat groups tend to recruit individuals with specific capabilities that they can reuse and incent them with profit sharing. For example, RasS (ransomware-as-a-service) campaigns can involve multiple threat actors who get a cut of stolen funds or digital assets. What makes AIG different is it outsources specific aspects of an attack to mercenaries who have no further involvement in an attack.

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

Hacker News: The advanced persistent threat (APT) actor tracked as Evilnum is again exhibiting renewed activity aimed at European financial and investment entities.

Evilnum is a backdoor that can be used for data theft or to load additional payloads. Malware includes multiple components to evade detection and modify infection paths based on identified antivirus software.

Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks is said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the UK.

Neopets Hacker Steals 69 Million Accounts, Tries To Sell Them For Bitcoin

Kotaku: A rogue hacker has reportedly stolen over 69 million Neopets accounts and is currently attempting to sell the information for roughly $92,000 in bitcoin. Neopets is a long-running virtual pet website where users can dress up their pets, play minigames, participate in a virtual economy, and socialize with other community members. While Neopets has existed since 1999, the website still has nearly 4 million visitors per month as of April this year.

The community fansite Jellyneo reported that the hacker could obtain “the complete data and source code” of the website, which means that all accounts’ emails and passwords are potentially compromised. Jellyneo claimed that email addresses, passwords, gender, IP addresses, countries, and birthdays were being sold on a “hacker website” for four bitcoin (about $92,072 based on current values). Although bitcoin is traceable, hackers prefer to use it for criminal activities because wallets don’t require identifying information and law enforcement can’t freeze the accounts. However, it was reported that Neopets is working with a forensics firm and law enforcement to investigate the breach.

In Case You Missed It

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

2022 CRN Rising Female Star

CRN Names Danielle Dacey of SonicWall as a Rising Female Star

SonicWall is thrilled to announce that CRN, a brand of The Channel Company, has chosen Danielle Dacey, Senior Sales Manager, for its 2022 Rising Female Stars list. This annual list honors 100 up-and-coming, dedicated, driven women who are leaving their mark and making a difference for solution providers throughout the IT channel.

Featuring a powerhouse list of nominees, hand-selected by the CRN editorial team based in large part on the recommendations from channel chiefs and other channel management executives across the industry, this third annual list of Rising Female Stars represents extraordinary women who are working hard to help their channel partners find success. These IT channel standouts demonstrate an aptitude for growing their respective channel partner programs and initiatives through a variety of disciplines, including marketing, channel program management and partner engagement, to name a few.

“CRN’s 2022 Rising Female Stars list highlights the women poised to become tomorrow’s channel leaders and luminaries who consistently demonstrate dedication to IT channel innovation and excellence. All of these women are helping to create a brighter future for the IT industry,” said Blaine Raddon, CEO of The Channel Company. “On behalf of The Channel Company and CRN, I want to congratulate all of the honorees. The change these rising leaders are helping to enact today will define the IT channel for many years to come.”

Image of Danielle Dacey

“Danielle is an incredible colleague, a hard worker and has an outstanding business acumen,” said Matt Brennan, Vice President, North America Channel Sales at SonicWall. “She’s respected by her colleagues and easy to work with and is an asset to the entire SonicWALL team. We’re pleased and proud that CRN has chosen to include her on its annual list of rising female stars.”

The 2022 list of Rising Female Stars will be featured online at www.CRN.com/risingstars starting July 25 and in a special July issue of CRN Magazine.

This award marks yet another earned by SonicWall who has been included in the following CRN 2022 Awards: Channel Chiefs, Women of the Channel, Security 100 and a 5-Star Rating Program Guide.

Cybersecurity News & Trends

Cybersecurity news and trends curated from major news outlets, trade pubs and infosec bloggers.

SonicWall had an excellent news week. The highlight was a report by BBC on over-qualified workers struggling to find jobs, with a quote from Terry Greer-King, SonicWall vice-president for EMEA operations. There were also articles quoting Bill Conner, bylined articles by Immanuel Chavoya, articles citing the 2022 Cyber Threat Report, plus US Representative Elissa Slotkin, from Michigan, who mentioned SonicWall threat data.

Industry news was also very busy. We found a report from ZDNet about crooks using deepfakes to apply for remote work tech jobs. From Bleeping Computer, an alert about the PwnKit exploit on Linux. There was a fascinating report from New York Times about how North Korea used stolen cryptocurrency to keep the country afloat. We have a consolidated report from Dark ReadingWAFB News and Health IT Security on cyberattacks on US healthcare organizations. ZDNet (again) reported on the UK government warning businesses that paying ransoms will not keep their data safe. From HackerNews, Google blocks dozens of malicious domains operated by hack-for-hire groups. And finally, from The Star, the massive AMD breach was aided by “terrible passwords” used by employees.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Here Today, gone to Maui: That’s Your Data Captured By North Korean Ransomware

The Register, Threat Report Mention: “According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.”

Over-Qualified Workers Struggling to Find a Job

BBC, Terry Greer-King Quoted: “They move towards the peak of a pyramid,” explains Terry Greer-King, vice-president of EMEA at cybersecurity firm SonicWall. “As employees gain greater experience, there’s less breadth in terms of opportunities: trying something different would require scaling back down the pyramid.”

Staying Protected Amidst the Cyber Weapons Arms Race

Information Age, Immanuel Chavoya Byline: “Immanuel Chavoya, emerging threat detection expert at SonicWall, discusses how businesses can stay protected against customizable ransomware and the wider cyber weapons arms race.”

Ransomware Gangs Are Turning to Cryptojacking For A Quieter Life

TechMonitor, Terry Greer-King Quoted: “The toolkits from big RaaS gangs such as REvil are becoming much cheaper and easier to use, agrees Terry Greer-King, vice president for EMEA at SonicWall. “Only a few years ago, they needed to write their own malicious code. Now, anyone with bad intentions can buy a ransomware kit for as little as $50 on the dark web,” he says.”

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack In History’

The Independent, Bill Conner Quoted: ““Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent. Personal information that does not change as easily as a credit card or bank account number drives a high price on the dark web. This kind of personally identifiable information is highly sought after by cybercriminals for monetary gain. Companies should be implementing security best practices such as a layered approach to protection, as well as proactively updating any out-of-date security devices, as a matter of course.”

Cloud Security Best Practices: A Summer School District To-Do List

Security Boulevard, Threat Report Mention: “According to research from SonicWall, cyber threats of nearly all types are increasing at breakneck speed. Ransomware, for example, has increased 232% since 2019. With the rate of attack accelerating, it’s only logical that school districts close their data protection gap and identify an adequate cloud platform.”

Russian Hackers Claim Responsibility for Ongoing Lithuania Cyberattacks

Silicon Republic, Bill Conner Quoted: “Speaking about the latest cyberattacks on Lithuania, Bill Conner, CEO of cybersecurity firm SonicWall, said threat actors have gotten more efficient in their attacks. He added that these groups are leveraging cloud tools to reduce costs and expand their scope in targeting additional attack vectors. “We are dealing with an escalating arms race,” Conner said. “It’s a cyber arms race that will likely never slow, so we can never slow in our efforts to protect organizations. The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations. There’s better cooperation between the public and private sectors, and greater transparency in many areas.”

CISA Reiterates Two-Year Timeline to Implement Breach-Reporting Rules

SC Magazine, US Representative cites threat report: “Rep. Elissa Slotkin, D-Mich., chair of the Homeland Subcommittee on Intelligence and Counterterrorism, cited research from private cybersecurity company SonicWall claiming a 98% increase in observed ransomware attacks over the past year, while she also noted “we heard from [Michigan] state officials …that ransomware attacks have doubled since last year.”

Lethal Drinking Water, Runs on Banks And Panic Buying: What A Real Undeclared War Cyber Attack Could Mean

iNews, Bill Conner Quoted: “Bill Conner, who has advised GCHQ, Interpol and Nato on cyber security and is president and CEO of SonicWall, told: “When you look at what’s happened here in the States, like Colonial Pipeline, our water system, our electrical grids – even though our electrical grids are very different than the UK – they’re still very vulnerable. Our healthcare systems are vulnerable.”

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

Industry News

FBI Warns: Crooks Use Deepfakes for Remote Tech Jobs

ZDNet: According to the FBI, scammers and criminals use deepfakes to steal personally identifiable information when they apply for remote jobs. Deepfakes, synthetic audio, video and image content created using AI or machine-learning technology have been a concern for phishing threats for many years.

The FBI’s Internet Crime Complaint Center (IC3) says they have seen increased complaints about deepfakes and stolen personally identifiable information used to apply for remote roles in tech. Some offices are asking employees to return to work. Information technology is one job category that has seen a lot of remote work. Reports to IC3 primarily concern remote vacancies in information technology programming, database, or software-related job function functions.

The FBI highlights the dangers of an organization hiring fraudulent applicants by noting that some of the positions reported include access to financial data and customer PII.

CISA Issues Warnings About Hackers Exploiting PwnKit Linux Security

Bleeping Computer: Cybersecurity and Infrastructure Security Agency has added PwnKit, a severe Linux vulnerability, to its bug list.

CVE-2021-4034 was identified as the security flaw in Polkit’s Polkit’s Pkexec component, which is used by all major distributions, including Ubuntu, Fedora and CentOS. PwnKit is a memory corruption bug that unprivileged people can exploit to gain full root rights on Linux systems with default configurations.

It was discovered by researchers at Qualys Information Security, who also found its source in the original commit of pkexec. This means that it affects all Polkit versions. It has been hidden in plain sight since May 2009, when pkexec was first released. The proof-of-concept (PoC) exploit code was posted online within three hours of Qualys publishing technical details about PwnKit.

How North Korea used Crypto to Hack its Way Through the Pandemic

New York Times: North Korea has suffered severe economic damage from the United Nations sanctions and coronavirus pandemic. The government warned of severe food shortages. Unidentified intestinal diseases began to spread among the population in June.

Yet, the country has conducted more missile tests than any other year. The government is providing luxury homes for party elites. North Korea’s leader Kim Jong-un has pledged to create advanced technology for its growing arsenal of weapons. The country will likely conduct a new nuclear test, its seventh, in the not-too-distant future.

Where did the money come from?

In April, the United States publicly accused North Korean hackers of stealing $620 million in cryptocurrency from Axie Infinity. This theft, the largest of its kind, is the most substantial evidence that North Korea’s use of cryptocurrency heists to raise money to support its regime during the pandemic and fund its weapon development and maintenance was highly profitable.

According to Chainalysis, North Korean hackers could have taken home nearly $400 million worth of cryptocurrency last year. North Korea’s total haul this year is just under $1 billion. These figures are to be viewed in context. According to South Korea’s statistical agency, $89 million was earned in official exports for the country in 2020.

North Korean State Agents Launch Cyberattacks on US Healthcare Orgs

Dark Reading: The FBI, US Cybersecurity and Infrastructure Security Agency and Treasury Department warned Wednesday about North Korean state-sponsored threat agents targeting US healthcare and public-health organizations. These attacks are using a new, unusually operated ransomware tool called Maui.

Multiple incidents have occurred since May 2021 in which threat actors using the malware have encrypted servers critical to healthcare services. They have also attacked digital diagnostic devices and electronic health records servers.

In a related story from WAFB News and Health IT Security, hospitals in Wisconsin, Georgia, and Louisiana reported separate healthcare cyberattacks. Reports of healthcare cyberattacks continue to roll in as threat actors advance their tactics and narrow in on widespread vulnerabilities in the sector. For example, at Baton Rouge General, LA, a Mayo Clinic care network member, reports of a cyberattack emerged on June 28. As of this report, the hospital has reverted to paper records. Other hospitals report various damage from system lockouts to compromised patient and employee records.

Paying Up Will Not Keep Your Data Secure, NCSC

ZD Net: The number of businesses paying a ransom following a ransomware attack is increasing. The UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) are asking attorneys to remind their clients that paying up may not keep their data safe.

In a joint letter, The NCSC and ICO noted a rise in ransomware payments. Also, they reasoned that some attorneys may have advised clients to pay ransoms to keep their data safe or avoid a financial penalty from ICO. However, both agencies warn that not only are ransom payments not condoned; such payments only serve to encourage hackers to push on with more attacks.

The joint letter also reminds UK businesses and organizations that ransom payment offers no guarantee that hackers will return data or keep it safe. They note that even though hackers provided an encryption key, some do not work correctly. It is also possible that cyber criminals may not keep their word and delete data stolen in a ‘double-extortion’ attack to intimidate victims into paying.

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

The Hacker News: Google’s Threat Analysis Group (TAG), Thursday’s disclosure by the Hacker News, revealed that it had blocked as many as 36 malicious websites operated by hacker-for-hire groups from India, Russia, or the UAE.

Hack-for-hire companies allow their clients to launch targeted attacks against corporates, activists, journalists, and other high-risk users like the surveillance ware environment. These operators are known to carry out intrusions on behalf of clients anxious to hide their roles in the attack.

One hack-for-hire operator allegedly launched a recent attack on an IT company in Cyprus, a financial technology company in the Balkans, a Nigerian education institution, and an Israeli shopping company to demonstrate the breadth of the victims affected.

An identical set of credential theft attacks against journalists, European politicians and non-profits was linked to a Russian threat actor named Void Balaur.

The same group may have also been working for the past five years to target individual accounts at major webmail providers such as Gmail, Hotmail and Yahoo! plus regional webmail providers such as abv.bg, mail.ru, inbox.lv and UKR.

AMD Breach was Due to Terrible Passwords

The Star: The Silicon Valley tech giant AMD was hit by a data breach last week. But that’s no big news. According to this story, what’s utterly amazing is that the hackers had help from employees using terrible passwords such as “password” and “123456.

According to SF Gate, AMD, a microchip manufacturer, was attacked by RansomHouse hackers.

In a statement, the semiconductor giant confirmed that there was a digital breach. But the company had no answers asked why employees of multinational manufacturers aren’t subject to standard password protection rules such as regularly changing passwords and including numbers and symbols in passwords.

Lesson learned: breaches are increasing — time has long since passed to take the threat seriously.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman