Cybersecurity News & Trends for August 5, 2022

Top curated cybersecurity news and trends from leading news outlets and bloggers in the IT security industry.

No sooner than the mid-year update to the 2022 SonicWall Cyber Threat Report was published, news outlets were punching out dozens of articles citing its many surprising findings. The big hits came from Bloomberg and Financial Times, joined by articles by Axios and CoinDesk.

In Industry News, we found an excellent cross-section of stories you may have missed in the mainstream media. CyberNews reports that the Apple network traffic was somehow routed through Russia for about 12 hours. Dark Reading and Security Week reported on a data breach and possible ransomware event with OneTouchPoint. Dark Reading reports on a school-age kid who uploaded ransomware scripts to school repository as a “fun” project. From Krebs on Security, scammers send an Uber car to take an elderly woman to the bank – literally. Fortune reports that cybersecurity hiring remains red hot and that the industry will likely surpass $400 billion by 2027. And for our Big Read of the week, from Bleeping Computer, The Markup, Healthcare Innovation and Healthcare Dive: are US Internet users being targeted by ads relating to confidential medical conditions mentioned on Facebook?

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Weary Cybercriminals Turn to Cryptojacking Banks

InfoRisk Today, Threat Report Feature: That group, AstraLocker, may well not be alone, says threat intelligence firm SonicWall. The company reports detecting 66.7 million cryptojacking attacks during the first half of 2020, a 30% year-on-year increase. Ransomware attempts during that period dropped 23%, the company says.

The Four Cybersecurity Lessons to Teach Schools

FE News, Immanuel Chavoya Byline: With schools out for summer, the education sector can’t quite switch off yet. Several high-profile cyber attacks have put education systems on edge. The Kellogg Community College cyberattack in Michigan, which severely disrupted IT services, cancelling classes and exams in the process, shows there is still much to be done to protect the education sector.

SonicWall – Global Ransomware Volume Shrinks

MSSP Alert, Threat Report Feature: How pervasive is ransomware? Consider this: While digital hijackings declined by 23% worldwide, the mid-year 2022 volume still exceeds full year totals for 2017, 2018 and 2019, according to data compiled by SonicWall in the latest release of its 2022 Cyber Threat Report.

Ransomware Gangs Are Hitting Roadblocks, But Aren’t Stopping (Yet)

HelpNetSecurity, SonicWall Threat Report: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: “It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.”

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

‘Cryptojacking’ Attacks on Financial Firms Surge, Report Says

Bloomberg, SonicWall News: The number of so-called cryptojacking attacks on financial companies more than tripled in the first half from a year earlier, SonicWall said in a report published Tuesday. The overall number of such events rose 30% to 66.7 million, the report found.”

Ransomware Less Popular This Year, But Malware Up: SonicWall Cyber Threat Report

The Register, SonicWall News: “SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022. The decline in ransomware, down 23 percent worldwide but up 63 percent in Europe, is a welcome blip, even if the volume still exceeds the full year totals of 2017, 2018 and 2019. Sadly, it looks like the relief might be short lived.

No More Ransom Initiative Helps 1.5 million People in Six Years

ComputerWeekly, SonicWall News: SonicWall, which also has a half-yearly threat report out this week, said that June 2022 saw the lowest monthly ransomware volumes worldwide in two years, attributable to a combination of government sanctions, supply chain deficiencies, cratering cryptocurrency prices and limited availability of needed infrastructure making life much harder for ransomware gangs.

Geopolitical Strife Impacting Shift in Ransomware Attacks – SonicWall

Insurance Times, SonicWall News: Geopolitical strife and the associated cyber arms race has caused a shift in global ransomware volumes, according to new research by American cyber security company SonicWall published today.

Hackers Are Targeting Businesses With ‘Cryptojacking’ Schemes, Report Finds

Consumer Affairs, SonicWall News: A new report from SonicWall shows that cybercriminals have increasingly been trying to break into the computer systems of financial institutions to install ransomware and mine for cryptocurrency.

‘Cryptojacking’ in Financial Sector Has Risen 269% This Year, SonicWall Says

CoinDesk, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to a report by cybersecurity firm SonicWall.

Industry News

Apple Network Traffic Went Through Russia for 12 Hours

CyberNews: Internet traffic of some Apple users ran through Russia for 12 hours last week, according to an analysis conducted by an internet routing agency known as MANRS. The traffic was redirected to the main Russian digital services provider, Rostelecom. Was this a conspiracy? Was it a tactic in the Russia-Ukraine cyber war? Commentators at the SANS Institute, an IT training provider, say we shouldn’t ascribe malice to something that a simple typo could explain. They also say the incident is another reason why everyone should use end-to-end encryption for all communications. MANRS also says it shows why Apple and other network providers should use Route Origin Authorizations to ensure internet traffic goes where it’s supposed to go.

OneTouchPoint, Inc. Notifies Customers of Data Privacy “Event”

Dark Reading: A U.S.-based marketing platform, OneTouchPoint, used by many health insurers and medical providers, posted a notification that it suffered a cyber attack in April that encrypted some files. While Dark Reading avoided calling it a ransomware attack, Security Week decided that they knew enough to classify it as such. OneTouchPoint can’t say exactly what the hacker accessed personal data, but it could include a patient’s name and health assessment information. Thirty-five organizations, including Blue Cross insurance providers in several states, the Humana health insurance company and the Kaiser Permanente healthcare provider, have been notified.

School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project

Dark Reading: A school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories. The young hacker recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment. The packages were named “requesys,” “requesrs,” and “requesr,” which are all common typosquats of “requests” — a legitimate and widely used HTTP library for Python.

According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times — presumably by developers who made typographical errors when attempting to download the actual “requests” package. The package had scripts for traversing folders such as Documents, Downloads, and Pictures on Windows systems and encrypting them.

One version of the requesys package contained the encryption and decryption code in plaintext Python. But a subsequent version had a Base64-obfuscated executable that made analysis a little more complicated, according to Sonatype.

Scammers Sent Uber to Take an Elderly Lady to the Bank – Literally

Krebs on Security: Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking on a trip to the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.

The victim reportedly replied to an email regarding an appliance installation from BestBuy/GeekSquad. Apparently, the email coincided as the victim was waiting for appliance delivery.

The abuse of ride-sharing services to scam the elderly is not exactly new. Authorities in Tampa, Fla., say they’re investigating an incident from December 2021 where fraudsters who’d stolen $700,000 from elderly grandparents used Uber rides to pick up bundles of cash from their victims.

Cybersecurity Hiring Remains Red-Hot—The Industry to Surpass $400 Billion Market Size By 2027

Fortune: In 2017, the global cybersecurity industry had an approximate market size of $86.4 billion, according to research data from Gartner. But a decade later, the market is expected to grow by nearly 80%. By 2027, market research company BrandEssence expects the global cybersecurity market to reach $403 billion, with a compound annual growth rate of 12.5% between 2020 and 2027.

Why is the cybersecurity industry growing so much? Simply put, there are more cyber attacks happening each year (see: Mid-year update to the 2022 SonicWall Cyber Threat Report)

For that reason, adequate cybersecurity measures are becoming necessary for companies of all shapes and sizes. In addition, new technology is multiplying; however, artificial intelligence and machine learning are just starting to awaken, with only a few showing promise with good third-party test results.

With massive industry growth comes the need for more trained cybersecurity professionals. But the industry in the US is short-staffed, which has to do with the fact that there simply aren’t enough people trained and qualified to work on some of these complex systems. In the US, there are about 1 million cybersecurity workers. Still, there were around 715,000 jobs yet to be filled as of November 2021, according to Emsi Burning Glass, a market research company. Furthermore, according to Cybersecurity Ventures, the number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million.

As a result, the market for advanced cybersecurity technologies could end up being more significant than the projected target of $400 billion by 2027. One commenter in the story noted that we’re in the eye of the storm for the rapid and exponential growth of all the tech industries.

BIG READ: Are US Internet Users Targeted by Ads Relating To Confidential Medical Conditions?

Multiple Sources: First, some background. This story has threads going back several years, but it seems something happened. More and more internet users in the US are upset that they’re getting targeted ads relating to their confidential medical conditions. And they’re blaming Facebook parent Meta.

According to BleepingComputer, an individual filed a class action lawsuit last month against Meta and two California medical institutions. The suit alleges that the plaintiff’s health information had been captured from hospital websites in violation of federal and state laws by Meta’s “Pixel” tracking tool that can be injected into any website to aid visitor profiling, data collection, and targeted advertising. The software takes up the space of a single pixel, hence the name and stealthiness, and helps collect data such as button clicks, scrolling patterns, data entered in forms, IP addresses, and more. This data collection takes place for all users, even if they don’t have a Facebook account. However, the collected data for Facebook users is linked to their accounts for better correlation.

The Markup conducted an extensive background on Meta Pixel activity and found Meta Pixel in 30% of the top 80,000 most popular websites, including several anti-abortion clinics and other healthcare providers. In one instance, they found the app’s fingerprints on the websites of hundreds of anti-abortion clinics in the form of cookies, keyloggers, and other types of user-tracking technology. They also analyzed nearly 2,500 crisis pregnancy centers and found that at least 294 of them shared visitor information with Facebook. In many cases, the information was extremely sensitive—for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

Healthcare Innovation reported that if the lawsuit is successful, damages may be payable to any patient whose PII and PHI data was scraped by Meta Pixel. The crux of the suit (and any future decisions) will ascertain if Facebook’s parent company Meta and several US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits claim.

HealthcareDive.com pointed out that in 2017 another class action lawsuit against Facebook for allegedly collecting and using health data for targeted ads without people’s permission was dismissed. However, that decision is being appealed.