A curated collection of the top cybersecurity news and trends from leading bloggers and news outlets.
Our big cybersecurity read this week is a developing story over the ChromeLoader Malware that seems to be getting worse and worse, with contributions from Red Canary, Bleeping Computer, the Register, VMware, and Dark Reading. Please note that it’s a strongly recommended read for anyone using Google Chrome. Next is a big hack of the 2K gaming platform, which was apparently hit by hackers earlier this week. As reported by Engadget, the company was very quick to acknowledge the hack and is warning the public not to open any emails from its support department. Next, Dark Reading dug up evidence of the mysterious ‘Metador’ cyber-espionage group infecting multiple telecommunications company services, internet service providers, and universities in Africa and the Middle East. And saving the best for last, back to Dark Reading, was it an angry developer who worked for the hackers? We’ll probably never know, but whoever it was probably helped develop LockBit’s latest ransomware encryptor (LockBit 3.0) and then released the decoder to the public.
And you will notice that SonicWall continues to run the global circuit with new developments and more corporate mentions, and always on the front lines protecting your networks and properties.
Remember that cybersecurity is everyone’s business. Be safe out there!
CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.
Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.
Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.
IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.
Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.
IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.
Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.
Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.
TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.
CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.
ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.
AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.
The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.
Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.
Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.
Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”
Big Read: ChromeLoader Malware Headaches Spreading into Ransomware and More Pain
By now, you’ve heard (or should have heard) about the malware that’s been making the rounds in millions of desktops and laptops all over the world. It’s literally THAT kind of problem. ChromeLoader, a malicious Chrome browser extension, is classified as a pervasive hijacker. It modifies the browser settings to hijack search queries to popular engines such as Google, Yahoo!, and Bing. The malicious code can also use PowerShell to insert itself into the browser. We found a report from Red Canary about a malicious campaign to spread the ChromeLoader malware, which hijacks victims’ browsers. And it looks like it got worse from there.
Bleeping Computer reports that VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. Chromeloader infections surged in Q1 2022, with warnings about advertising fraud. They’re reporting says that the malware infected Chrome with a malicious extension that redirected user traffic to advertising sites to perform click fraud and generate income for the threat actors.
The “worse part”? The Register reports that nasty variants of the software are now dropping in on Windows PCs and Macs, according to researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team. The unit’s report this week about the rapidly growing number of more dangerous ChromeLoader variants dovetails with what other cybersecurity researchers have detected.
That development comes on the heels of a warning from Microsoft late last week, reported by Dark Reading, about a click-fraud campaign by a threat group called DEV-0796 and likely using an infected ChromeLoader to hit victims’ computers with malware. According to Dark Reading, the Windows port of ChromeLoader is typically delivered as ISO image files that victims are tricked into downloading.
Engadget: Video game publisher 2K is warning the public not to open any emails from its support account after confirming it had been hacked. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the official 2K Support Twitter account posted on Tuesday.
News of the security breach broke yesterday after Bleeping Computer shared screenshots of phishing emails sent to 2K customers. The emails took the form of unsolicited support tickets. Those who opened the message were subsequently sent a second email prompting them to download “the new 2K games launcher.” Putting the 107MB executable through VirusTotal and Any.Run, Bleeping Computer found it contained malware designed to steal any passwords its target may have stored on their browser.
2K recommends immediately changing any passwords stored in your browser, enabling two-factor authentication where possible, installing anti-virus software and checking that the forwarding settings on your email accounts haven’t been changed.
Dark Reading: A new threat actor infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa is responsible for two “extremely complex” malware platforms. Still, a lot about the group remains shrouded in mystery, according to current research.
SentintelLabs researchers shared their findings at LabsCon. They named the group Metador based on the phrase “I am meta” in the malicious code and the fact that server messages are often in Spanish. Although the group has appeared active since December 2020, it has flown under the radar for the past few years. Juan Andres Guerrero–Saade is the senior director at SentinelLabs. He said the team shared information about Metador with researchers from other security firms and government partners, but before this discovery, no one knew anything.
MetaMain, a backdoor, can log mouse and keyboard activity and take screenshots to exfiltrate files and data. Hackers can also use it for installing Mafalda. This highly modular framework gives attackers the ability to gather system and network information and other capabilities. Both MetaMain, as well as Mafalda work entirely in memory. They do not need to be installed on the hard drive.
Bleeping Computer: A new and interesting twist in the game of ransomware has been reported, and it’s probably not what you think. The LockBit ransomware operation has suffered a breach, and even that’s not what you think. An allegedly disgruntled hacker developer has apparently leaked the gang’s newest encryptor. Yes. We told you this was interesting.
Back in June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. According to Bleeping Computer, the new version promised to ‘Make Ransomware Great Again,’ adding new anti-analysis features, a ransomware bug bounty program, and new extortion methods. All seemed fabulous for the crime gang, but then the gang itself suffered a breach when two people (or maybe the same person) leaked the LockBit 3.0 builder on Twitter. As the story goes, a newly created Twitter account called ‘Ali Qushji’ posted that team hacked LockBits servers and found a builder for the LockBit 3.0 ransomware encryptor.
In Case You Missed It
Why 5G Needs to Start with Secure Network Access – Rishabh Parmar
Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield
Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald
SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald
CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald
2022 CRN Rising Female Star – Bret Fitzgerald
SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald
Cybersecurity in the Fifth Industrial Revolution – Ray Wyman