Cybersecurity News & Trends for September 30, 2022

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets.

For our big read last week, we covered the ongoing story about the ChromeLoader Malware. This week, we’re covering a possibly bigger story about spear phishing hackers who have also weaponized well-known and widely used open-source software. This story has contributions from Microsoft, ARS Technica, and Infosecurity Magazine. According to Hacker News, attackers hid malware in a Microsoft Windows logo to set off a cyberattack against governments in the Middle East. According to Krebs on Security and Bleeping Computer, two new and previously unknown Zero-Day flaws have cropped up in Exchange Server, and as of this moment, Microsoft does not have a fix ready to deploy. And if the thought of going into the weekend with weaponized open-sourced software was unsettling, how about deepfakes in your email or text messaging? According to TrendMicro (with a bit of help from DarkReading), hackers are ‘this close’ to using deepfake technology.

Meanwhile, you’ll notice in this week’s list of news that SonicWall is doing very well in the global news circuit with good hits in education, healthcare and retail.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Why retail stores are more vulnerable than ever to cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

These steps can help keep colleges from being easy targets for cyberattacks

HigherEd Dive, SonicWall Byline from Immanuel Chavoya, and SonicWall mention: A cybersecurity strategist outlines cultural and technical changes to help institutions stave off attacks like malware or business email compromise. Recent data from SonicWall revealed surging attacks across the board in the first half of the year, with the overall education industry seeing a 110% spike in IoT malware attacks and a 51% increase in ransomware — despite a global decline in ransomware attacks.

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

Elections, A Full Plate for Cybercrime in Brazil

Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.

SonicWall Threat Report Mid-Year Update Highlights Significant Threat Variance

IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.

Defending Against Ransomware Attacks

Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

Industry News

Big Read: Spear Phishing Hackers Weaponizing Open-Source Software

Last week, we covered the ongoing woes from a persistent and malicious malware that assumes the disguise of a Chrome browser extension called ChromeLoader that was likely put into circulation by Russian ransomware gangs. This week, the focus is on open-source software that has been obviously and strategically weaponized by North Korean hackers for pretty much the same reason, and they appear to be very flexible about how they go about their attacks.

According to a report from ARS Technica, researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility to backdoor the network of organizations they want to watch. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. A group Mandiant tracks transmitted the file as UNC4034. Compromised versions of other open-source software include well-known utilities such as KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording (and that list appears to be growing).

Another angle, according to Microsoft, has successfully compromised numerous organizations in acts of corporate espionage, data theft, financial gain and general network mayhem. For example, one group, named ZINC, deploys agents to connect with people over LinkedIn as job recruiters. Once a conversation is established, victims are asked to move away from LinkedIn and switch to WhatsApp, where the victim may receive files that contain malware. Victims include engineers and technical support staff at defense, aerospace, media and IT companies in the US, UK, and India.

ARS Technica reminds us that ZINC is Microsoft’s name for a threat actor group also known as Lazarus, best known for the devastating 2014 compromise of Sony Pictures Entertainment.

Infosecurity Magazine nails the story on the head by headlining the Zinc methodology as “spear phishing” with the added reliance on weaponized apps like PuTTY SSH. In addition, they included a statement from Google subsidiary, Mandiant: “This is likely one of several malware delivery techniques being employed by North Korean actors after a target has responded to a fabricated job lure.” The Mandiant advisory includes several technical indicators to help companies spot UNC4034-related activity. Its publication comes days after US authorities seized $30m in stolen cryptocurrency from North Korea.

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

The Hacker News: An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom’s Symantec Threat Hunter Team attributed the updated tooling to a hacking group known as Witchetty(LookingFrog, and TA410). Intrusions involving TA410 – believed to share connections with a Chinese threat group known as APT10 (aka Cicada, Stone Panda, or TA429) – stand out with a modular implant called LookBack. Attacks that lead to the deployment of Stegmap then weaponize ProxyLogon and ProxyShell vulnerabilities in Exchange Server to drop the China Chopper web shell, that’s then used to carry out credential theft and lateral movement activities before launching the LookBack malware. All from clicking a logo.

Microsoft: Two New Zero-Day Flaws in Exchange Server

KrebsOnSecurity: Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks. In customer guidance released Thursday, Microsoft is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the second zero-day vulnerability — CVE-2022-41082 — which allows remote code execution (RCE) when PowerShell is accessible to the attacker. Bleeping Computer also reports on the same issues here and offers additional perspective on the vulnerabilities and CISA reporting.

Hackers are Ready to Deploy Deepfakes on Your Cybersecurity

TrendMicro, DarkReading: This story was second-place for our big read for the week, with deepfake technology is now poised to be a standard tool for malicious cybersecurity campaigns. For the average person, it isn’t easy to detect and mitigate deepfakes. That means cybercriminals have a considerable upside for deploying it as part of any ransomware campaign.

DarkReading’s reading on TrendMicro’s new study makes it easy to see that all the necessary elements for widespread use of deepfake technology exist today. Many of the basic components and expertise can be found in underground markets and open forums. In addition, the study shows that deepfake-enabled scams such as phishing and business email compromise (BEC) will rapidly change the nature of the threat landscape.

“From hypothetical and proof-of-concept threats, [deepfake-enabled attacks] have moved to the stage where non-mature criminals are capable of using such technologies,” says Vladimir Kropotov, a security researcher with Trend Micro and the principal author of a report on the topic that the security vendor released this week.

“We already see how deepfakes are integrated into attacks against financial institutions, scams, and attempts to impersonate politicians,” he says, adding that what’s scary is that many of these attacks use identities of real people — often scraped from content they post on social media networks.

One of the main takeaways from Trend Micro’s study is the ready availability of tools, images, and videos for generating deepfakes. The security vendor found, for example, that multiple forums, including GitHub, offer source code for developing deepfakes to anyone who wants it. Similarly, enough high-quality images and videos of ordinary individuals and public figures are available for bad actors to create millions of fake identities or impersonate politicians, business leaders, and other famous personalities.