Cybersecurity News & Trends for September 16, 2022

A curated collection of the top stories about cybersecurity news and trends that really matter most.

Healthcare cybersecurity continues to be plagued by unpatched, internet-connected IoT devices, which presents a significant vulnerability, according to an FBI Bulletin, and reported by Healthcare Innovation, with additional data from The Register and the Mid-Year Update on the SonicWall Cyber Threat Report. Uber was hacked today, with internal systems breached and vulnerability reports stolen, as reported by Bleeping Computer. According to Reuters, three Iranians have been charged with trying to extort hundreds of thousands of dollars from women’s shelters and other organizations. FCW found that cybercriminals increasingly rely on ransomware-as-a-service and other malware-free intrusion methods. TechRadar discovered that ransomware gangs had deployed intermittent encryption methods to evade security protections. Hacker News says that hackers armed with self-spreading malware are targeting gamers searching for gamers looking for cheats on YouTube. And finally, Krebs on Security’s ongoing watch on ATM security reveals “crazy thin” deep insert credit card skimmers.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on e-commerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

Industry News

Big Read: FBI Issues Another Cybersecurity Warning about Unhealthy IoT Devices Plaguing Healthcare

The FBI is worried about unpatched, internet-connected medical devices running on outdated software. The agency is concerned that the nation’s healthcare organizations are increasingly being exploited by threat actors, according to a recent bulletin from the FBI. The agency issued a “private industry” flyer that warned hospital administrators that patient safety and the confidentiality of personal health data is at risk.

According to Healthcare Innovation, healthcare providers face challenges that include securely configuring medical devices, devices that lack security features and devices with customized software that needs special patching procedures. Devices at risk include insulin pumps, intracardiac defibrillators, pacemakers and pumps that deliver pain medication.

The newsletter also points out that medical IT administrators must protect connected devices with antivirus software, if possible, to encrypt medical device data and to ensure devices can only be accessed through complex passwords. In addition, if a device is disconnected from an IT network for service, integrity verification must be verified before it is re-connected.

A story from The Register shows the risks involved; a ransomware gang is threatening to release the records of 1 million patients taken in an attack from Texas-based OakBend Medical Center last September 1. causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. The criminals claim to have stolen more than a million records, including names, dates of birth, Social Security numbers, and patient treatment information.

The Mid-Year Update on the SonicWall Cyber Threat Report released earlier this year saw a global decrease in traditional ransomware attacks. However, researchers also observed a 123% increase in IoT malware attack volume in healthcare.

Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen

Bleeping Computer: In a story that broke very early Thursday AM, Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company’s internal systems, email dashboard, and Slack server. The screenshots shared by the hacker show what appears to be full access to many critical Uber IT systems, including the company’s security software and Windows domain. Other systems the hacker accessed include the company’s Amazon Web Services console, VMware ESXi virtual machines, Google Workspace email admin dashboard, and Slack server, to which the hacker posted messages. Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available.

Three Iranians Charged with Ransomware Attacks on Women’s Shelters and Businesses

Reuters: Three Iranians have been charged with trying to extort hundreds of thousands of dollars from organizations in the United States, Europe, Iran and Israel, including a domestic violence shelter, by hacking into their computer systems, U.S. officials said on Wednesday. According to charges filed by the U.S. Justice Department, other targets included local U.S. governments, regional utilities in Mississippi and Indiana, accounting firms and a state lawyers’ association.

Cybercriminals are Increasingly Relying on RaaS and Other Malware-Free Intrusion Methods

FCW: Cybercriminals are increasingly leaning on ransomware-as-a-service (RaaS) and malware-free intrusion methods while evading widespread detection and mitigation techniques employed across the public and private sectors, according to a new report. CrowdStrike published the 2022 OverWatch Threat Hunting Insights report on Tuesday. The report details a 50% increase in interactive intrusion campaigns mainly targeting the technology, telecommunications, manufacturing and healthcare industries, as well as the federal government. In addition, the team identified at least 36 threat actors conducting interactive intrusion activity across Russia, North Korea, Iran, China and Turkey, including eCrime and targeted intrusions, from July 2021 to June 2022.

Ransomware Gangs Using Intermittent Encryption to “Dance” Past Security Protections

TechRadar: Researchers have found that ransomware operators have come up with a new encryption method that makes locking files faster and less likely to be noticed by some antivirus and cybersecurity solutions. According to researchers, a rising number of ransomware operators (including Black Basta, BlackCat, PLAY, and others) have adopted a method called “intermittent encryption,” encrypting files partially instead of completely. That way, the files are still rendered useless (unless the owners get a decryption key). Still, the encryption process takes significantly less time, with researchers adding that they expect more groups to adopt the technique in the future.

Self-Spreading Malware Targeting Gamers Looking for Cheats on YouTube

The Hacker News: Gamers looking for cheats on YouTube might want to take care. They’re being targeted with links to rogue password-protected archive files designed to install crypto miners and information-stealing malware such as RedLine Stealer on compromised machines. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published today. Games mentioned in the videos are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others.

Say Hello to ‘Crazy Thin’ Deep Insert ATM Skimmers

Krebs on Security: Several financial institutions in and around New York City are dealing with a rash of “crazy thin” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras cleverly disguised as part of the cash machine. Check out the article on Kreb’s site to see images of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild. The insert skimmer pictured is approximately .68 millimeters tall. This leaves more than enough space to accommodate most payment cards (~.54 mm) without interrupting the machine’s ability to grab and return the customer’s card. For comparison, the flexible skimmer is about half the height of a U.S. dime (1.35 mm). These skimmers do not attempt to siphon chip-card data or transactions but are after the cardholder data still stored in plain text on the magnetic stripe on the back of most payment cards issued to Americans.