Cybersecurity News & Trends for September 23, 2022

A curated collection of the top cybersecurity news and trends from leading bloggers and news outlets.

Our big cybersecurity read this week is a developing story over the ChromeLoader Malware that seems to be getting worse and worse, with contributions from Red Canary, Bleeping Computer, the Register, VMware, and Dark Reading. Please note that it’s a strongly recommended read for anyone using Google Chrome. Next is a big hack of the 2K gaming platform, which was apparently hit by hackers earlier this week. As reported by Engadget, the company was very quick to acknowledge the hack and is warning the public not to open any emails from its support department. Next, Dark Reading dug up evidence of the mysterious ‘Metador’ cyber-espionage group infecting multiple telecommunications company services, internet service providers, and universities in Africa and the Middle East. And saving the best for last, back to Dark Reading, was it an angry developer who worked for the hackers? We’ll probably never know, but whoever it was probably helped develop LockBit’s latest ransomware encryptor (LockBit 3.0) and then released the decoder to the public.

And you will notice that SonicWall continues to run the global circuit with new developments and more corporate mentions, and always on the front lines protecting your networks and properties.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

Elections, A Full Plate for Cybercrime in Brazil

Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.

SonicWall Threat Report Mid-Year Update Highlights Significant Threat Variance

IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.

Defending Against Ransomware Attacks

Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

Industry News

Big Read: ChromeLoader Malware Headaches Spreading into Ransomware and More Pain

By now, you’ve heard (or should have heard) about the malware that’s been making the rounds in millions of desktops and laptops all over the world. It’s literally THAT kind of problem. ChromeLoader, a malicious Chrome browser extension, is classified as a pervasive hijacker. It modifies the browser settings to hijack search queries to popular engines such as Google, Yahoo!, and Bing. The malicious code can also use PowerShell to insert itself into the browser. We found a report from Red Canary about a malicious campaign to spread the ChromeLoader malware, which hijacks victims’ browsers. And it looks like it got worse from there.

Bleeping Computer reports that VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. Chromeloader infections surged in Q1 2022, with warnings about advertising fraud. They’re reporting says that the malware infected Chrome with a malicious extension that redirected user traffic to advertising sites to perform click fraud and generate income for the threat actors.

The “worse part”? The Register reports that nasty variants of the software are now dropping in on Windows PCs and Macs, according to researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team. The unit’s report this week about the rapidly growing number of more dangerous ChromeLoader variants dovetails with what other cybersecurity researchers have detected.

That development comes on the heels of a warning from Microsoft late last week, reported by Dark Reading, about a click-fraud campaign by a threat group called DEV-0796 and likely using an infected ChromeLoader to hit victims’ computers with malware. According to Dark Reading, the Windows port of ChromeLoader is typically delivered as ISO image files that victims are tricked into downloading.

2K Confirms Its Support Desk Was Hacked to Send Malware to Gamers

Engadget: Video game publisher 2K is warning the public not to open any emails from its support account after confirming it had been hacked. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the official 2K Support Twitter account posted on Tuesday.

News of the security breach broke yesterday after Bleeping Computer shared screenshots of phishing emails sent to 2K customers. The emails took the form of unsolicited support tickets. Those who opened the message were subsequently sent a second email prompting them to download “the new 2K games launcher.” Putting the 107MB executable through VirusTotal and Any.Run, Bleeping Computer found it contained malware designed to steal any passwords its target may have stored on their browser.

2K recommends immediately changing any passwords stored in your browser, enabling two-factor authentication where possible, installing anti-virus software and checking that the forwarding settings on your email accounts haven’t been changed.

Researchers Uncover Mysterious ‘Metador’ Cyber-Espionage Group

Dark Reading: A new threat actor infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa is responsible for two “extremely complex” malware platforms. Still, a lot about the group remains shrouded in mystery, according to current research.

SentintelLabs researchers shared their findings at LabsCon. They named the group Metador based on the phrase “I am meta” in the malicious code and the fact that server messages are often in Spanish. Although the group has appeared active since December 2020, it has flown under the radar for the past few years. Juan Andres Guerrero–Saade is the senior director at SentinelLabs. He said the team shared information about Metador with researchers from other security firms and government partners, but before this discovery, no one knew anything.

MetaMain, a backdoor, can log mouse and keyboard activity and take screenshots to exfiltrate files and data. Hackers can also use it for installing Mafalda. This highly modular framework gives attackers the ability to gather system and network information and other capabilities. Both MetaMain, as well as Mafalda work entirely in memory. They do not need to be installed on the hard drive.

LockBit Ransomware Builder Leaked Online By “Angry Developer”

Bleeping Computer: A new and interesting twist in the game of ransomware has been reported, and it’s probably not what you think. The LockBit ransomware operation has suffered a breach, and even that’s not what you think. An allegedly disgruntled hacker developer has apparently leaked the gang’s newest encryptor. Yes. We told you this was interesting.

Back in June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. According to Bleeping Computer, the new version promised to ‘Make Ransomware Great Again,’ adding new anti-analysis features, a ransomware bug bounty program, and new extortion methods. All seemed fabulous for the crime gang, but then the gang itself suffered a breach when two people (or maybe the same person) leaked the LockBit 3.0 builder on Twitter. As the story goes, a newly created Twitter account called ‘Ali Qushji’ posted that team hacked LockBits servers and found a builder for the LockBit 3.0 ransomware encryptor.