Cybersecurity News & Trends for July 22, 2022

Curated cybersecurity news and trends from leading news outlets that monitor IT security and safety around the world.

SonicWall continues to move headlines with industry publications and general news outlets. More quotes from SonicWall’s President and CEO, Bill Conner and mentions from SonicWall’s ongoing threat reports.

The industry’s big hits this week mainly were focused on ransomware activity. From Dark Reading, CloudMensis emerged as a previously unknown macOS spyware that exfiltrates documents, keystrokes, and screen captures, among other things. Bleeping Computer reports that the Black Basta ransomware gang targeted the giant construction corporation Knauf Group. From the gamer publication Destructoid, Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. Threat Post reports on the unusual hiring practices of the hacking group AIG. From Hacker News, Evilnum malware is being deployed to target cryptocurrency and commodities platforms. And from a gamer fan magazine, Kotaku, someone hacked the NeoPets platform, stole data for 69 million accounts and is selling it for Bitcoin.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication Of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

French MVNO Left Crippled by Ransomware Attack

Total Telecom, SonicWall News: The scale and severity of ransomware attacks in the telecoms industry and beyond has been rising steadily in recent years, with SonicWall recording 495 million ransomware incidents globally in 2021, a 148% increase on 2020.

Best VPN services for SMBs

TechRepublic, SonicWall News: While hardware platforms — including equipment fromCisco, Fortinet and SonicWall — are often used, software-only VPN services are growing in popularity due to their simplicity, flexibility and capacity to provide protection when users connect to third-party applications and resources outside the organization’s network. Here’s how five leading VPN services for SMBs stack up.

Cyber Defense: Bill Conner of SonicWall on the 5 Things Every American Business Leader Should Do to Shield Themselves from A Cyberattack

Authority Magazine, Bill Conner Q&A: As a part of this series, I had the pleasure of interviewing Bill Conner, President and CEO of SonicWall, one of the world’s most trusted network security companies. With a career spanning more than 30 years across high-tech industries — previously leading key divisions of AT&T and managing Nortel’s $9 billion acquisition of Bay Networks and CEO of Entrust — Bill Conner is a corporate turnaround expert and global leader in cybersecurity, data protection and network infrastructure.

Marriott Hotels Super Another Data Breach

Intelligent CIO, SonicWall Mention: Bill Conner, CEO and President at SonicWall, also a GCHQ and NCSC advisor, has stated the criticality of this trend: “The recent breach of Marriott International is a stark example of the tireless work cybercriminals undertake to steal personal information. Not only does the Marriott breach damage brand reputation, but it also puts customers in a vulnerable position when sensitive information is comprised like passport numbers, credit card details and more.”

34 top UK Vendor Leaders Outline Channel Priorities

CRN UK, SonicWall Mention: While ConnectWise (2,500), Cisco (2,000), Fujitsu (1,500), Adobe (1,400) and SonicWall (1,200) all work with over 1,000 UK partners, others have narrower UK channels, with Check Point, F5 Networks and Mitel all working with 400 or fewer partners.

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack in History’

The Independent, Bill Conner Quote: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

Industry News

Cloud-Enabled macOS Spyware Blows onto the Scene

Dark Reading: A previously unknown macOS spyware has surfaced in a highly targeted campaign, which exfiltrates documents, keystrokes, screen captures, and more from Apple machines. Interestingly, it exclusively uses public cloud-storage services for housing payloads and command-and-control (C2) communications — an unusual design choice that makes it difficult to trace and analyze the threat.

Dubbed CloudMensis by the researchers at ESET who discovered it, the backdoor was developed in Objective-C. ESET’s analysis of the malware released this week shows that the cyberattackers behind the campaign gain code execution and privilege escalation using known vulnerabilities after the initial compromise. Then, they install a first-stage loader component that retrieves the actual spyware payload from a cloud storage provider. In the sample the firm analyzed, pCloud was used to store and deliver the second stage, but the malware also supports Dropbox and Yandex as cloud repositories.

Building Materials Giant Knauf Hit by Black Basta Ransomware Gang

Bleeping Computer: The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

The cyberattack took place on the night of June 29, and at the time of writing this, Knauf is still in forensic investigation, incident response, and remediation. Emails seen by BleepingComputer warned that email systems were shut down as part of the response to the attack, but that mobile phones and Microsoft Teams were still working for communication.

Knauf is a German-based multinational building and construction materials producer that holds approximately 81% of the world’s wallboard market. The firm operates 150 production sites worldwide and owns U.S.-based Knauf Insulation and USG Corporation. Notably, Knauf Insulation has also posted a notice about the cyberattack on its site, so that entity has been impacted too.

Bandai Namco Data Leaked Following Alleged Ransomware Attack

Destructoid: Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. It is suspected that the developer/publisher behind brands such as Tekken, Elden Ring, Dragon Ball FighterZ, and Soulcalibur has had data about its future releases, DLC, and reveals leaked online in the wake of the attack. Malware source code monitors VX-underground discovered and reported the news.

While some of the information has surfaced online this morning, the full extent of the data obtained by the hacking group is unknown. It could contain the personal details of company employees, as well as source code for the company’s current and upcoming releases and potentially data about the users of Bandai Namco games. As for supposed leaked games, don’t believe everything you see floating around.

This attack is the latest in a series of massive data thefts that, in recent years, have ransacked the digital vaults of various big-name video game companies such as Capcom, EA, and, perhaps most famously, CD Projekt RED, the latter of which lead to the release of the entire source code of smash hit Cyberpunk 2077.

Hackers for Hire: Adversaries Employ’ Cyber Mercenaries’

Threat Post: A for-hire cybercriminal group is feeling the talent drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks as part of more extensive criminal campaigns.

Known as Atlas Intelligence Group (AIG) or Atlantis Cyber-Army, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its campaigns. AIG functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services.

According to the report, AIG is unique in its outsourcing approach to committing cybercrimes. Organized threat groups tend to recruit individuals with specific capabilities that they can reuse and incent them with profit sharing. For example, RasS (ransomware-as-a-service) campaigns can involve multiple threat actors who get a cut of stolen funds or digital assets. What makes AIG different is it outsources specific aspects of an attack to mercenaries who have no further involvement in an attack.

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

Hacker News: The advanced persistent threat (APT) actor tracked as Evilnum is again exhibiting renewed activity aimed at European financial and investment entities.

Evilnum is a backdoor that can be used for data theft or to load additional payloads. Malware includes multiple components to evade detection and modify infection paths based on identified antivirus software.

Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks is said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the UK.

Neopets Hacker Steals 69 Million Accounts, Tries To Sell Them For Bitcoin

Kotaku: A rogue hacker has reportedly stolen over 69 million Neopets accounts and is currently attempting to sell the information for roughly $92,000 in bitcoin. Neopets is a long-running virtual pet website where users can dress up their pets, play minigames, participate in a virtual economy, and socialize with other community members. While Neopets has existed since 1999, the website still has nearly 4 million visitors per month as of April this year.

The community fansite Jellyneo reported that the hacker could obtain “the complete data and source code” of the website, which means that all accounts’ emails and passwords are potentially compromised. Jellyneo claimed that email addresses, passwords, gender, IP addresses, countries, and birthdays were being sold on a “hacker website” for four bitcoin (about $92,072 based on current values). Although bitcoin is traceable, hackers prefer to use it for criminal activities because wallets don’t require identifying information and law enforcement can’t freeze the accounts. However, it was reported that Neopets is working with a forensics firm and law enforcement to investigate the breach.