Cybersecurity News & Trends for November 18, 2022

Approaching the year’s close, SonicWall is still surging among news organizations and bloggers. We see numerous mentions of our marketing initiatives, the Cyber Threat Reports and the 2022 SonicWall Threat Mindset Survey.

And it’s also quite a week for Cybersecurity news. For our big read, we focus on renewed warnings from CISA about the Log4j2 vulnerability compiled from reports by CISA, MSSP Alert, and Hacker News. Next up, Krebs on Security reports on the Disneyland Team, a financial cybercrime group that spoofs bank brands with a dab of Punycode. According to Dark Reading, thousands of RDS snapshots are getting leaked to the public, possibly exposing personal information. Now we have poisoned Google search results to worry about? Bleeping Computer reveals that threat actors are using a new tactic to boost search results for illicit websites. And finally, as Twitter troubles mount, TechCrunch and NBC News speculate that it may not be safe to use the platform anymore.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Malware, Spyware, and Ransomware: How They Differ and How to Respond

JD Supra, SonicWall News: Data from SonicWall Capture Labs revealed that the first half of 2022 saw an 11% increase in malware attacks compared to 2021, totaling around 2.8 billion attacks globally. Furthermore, over 2022, 35% of respondents have stated that poor preparedness was to blame when they experienced business-disrupting cyberattacks. Therefore, it is essential to take the necessary precautions to secure your device by installing the appropriate malware protection and recognizing the signs of an infected system.

Cybersecurity For Investors – Why Digital Defenses Require Good Governance

Seeking Alpha, SonicWall News: Cyberattacks are very costly. In the first half of 2022, at least 2.8 billion malware attacks were recorded globally, an increase of 11% over the previous 12 months, according to cybersecurity company SonicWall.

Study Shows the Worrying Human Cost of Cyber Attacks

Technology Magazine, SonicWall News: Research by SonicWall recently found there is growing concern regarding cyberattacks. Amongst 66% of organizations surveyed; ransomware leads the distress as 91% of all customers cited it as their biggest concern. Phishing and spear-phishing (76%), as well as encrypted malware (66%), comprised the top three concerns.

Ransomware Is the Biggest Concern for Most Organizations

HelpNetSecurity, SonicWall News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

The Four Biggest Security Risks Facing Retailers in The Next Five Years

Retail Week, SonicWall News: Research shows the retail sector has been one of the top targets among cybercriminals, with a surge of more than 200% in ransomware attacks over the past year, according to SonicWall. Many retailers went through a digital transformation during the pandemic to allow customers to switch from in-store to online purchasing, which created more vulnerabilities and avenues for cybercrime.

Weekly Roundup

Channel Pro Network, SonicWall News: The recent 2022 SonicWall Cyber Threat Mindset Survey, including third quarter information, reported that customers saw an average of 1,014 ransomware attempts, a flood even though the total dropped 31% below attempts in 2021. 91% reported they were most concerned about ransomware attacks, a rising source of anxiety for security professionals. Ransomware-as-a-Service offerings make it easy to attack, and perpetrators are increasingly targeting financial firms with cryptojacking attempts, which were up 35% in the quarter. SonicWall’s Real-Time Deep Memory Inspection tools identified 375,756 malware variants never seen before during the first three quarters of 2022.

Latest SonicWall Intelligence Reveals Unstable Cyber Threat Landscape

European Business, SonicWall News: Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organizations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geo-political landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed. Armed with the latest cybersecurity tools, SonicWall partners can play a vital role in helping customers stay secure in even the most dynamic threat environments.

Report: Ransomware Attacks Trending Down in the United States

Security Today, SonicWall News: SonicWall recently released new threat data through the third quarter of 2022. SonicWall recorded more than 4 billion malware attempts globally while year-to-date ransomware attempts in 2022 have already exceeded full-year totals from four of the last five years. In the recent 2022 SonicWall Cyber Threat Mindset Survey, 91% of organizations reported that they are most concerned about ransomware attacks, indicating a rise of anxiety among security professionals.

Ransomware on the decrease and the ghost of ransom past?

IT Canada, SonicWall News: SonicWall’s 2022 Cyber Threat report was published this week. It claims that ransomware attacks shrunk by 23 per cent on a year-to-date worldwide basis over 2021. That’s good news, perhaps, but to put it in perspective, there were still over 236 million attacks so far in 2022. Moreover, the reduced 2022 number is still larger than the full year totals of 2017, 2018 and 2019.

2022 Cyber Threat Report Details Growing Trends

TechRepublic, SonicWall News: The cyberthreat landscape is constantly evolving, with new attacks developing every day. In their new report, SonicWall explores some of the most dangerous trends that security professionals need to have on their radar.

Economic Strife Fuels Cyber Anxiety

HelpNetSecurity, SonicWall News: The 2022 SonicWall Threat Mindset Survey found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Industry News

Big Read: Log4j2 – the Threat CISA Doesn’t Want You to Forget

A little over a year ago, everyone was shocked by the Apache Log4j2 vulnerability because it affected any applications that use its extensive logging libraries. Log4j touches most Java applications and has a wide range of configuration options. As a result, an attacker could exploit a system running Log4j2 (or previous iterations) and execute arbitrary code.

This week, the US Cybersecurity and Infrastructure Security Agency (CISA) returned with a new reminder of the trouble Log4j2 vulnerabilities can still cause. In the latest report, the agency lays out details relating to MITRE ATT&CK tactics and techniques with guidance on what IT and security professionals can do to protect their systems.

MSSP Alert issued a report in August about a warning issued by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team about an Iran-based threat actor calling themselves Mercury (aka “MuddyWater”) and exploiting Log4j 2 vulnerabilities in SysAid applications. MSPs use SysAid for IT service management (ITSM), ticket automation, task automation, asset management and patch management.

As reported in August by Hacker News, Mercury left no stone unturned to exploit unpatched systems running Log4j. They targeted Israeli entities but also other organizations, which gives some indication of the vulnerability’s ’long tail’ for ongoing and continuing attacks. The attacks were notable for using SysAid Server instances unsecured against the Log4Shell flaw as an approach for access. Prior to this method, threat actors leveraged VMware applications to breach target environments.

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security reports on the Disneyland Team, a financial cybercrime group that spoofs bank brands using Punycode, an internet standard that allows browsers to render domain names with non-Latin alphabets such as Cyrillic. The tactic makes confusing-looking domains appear more legitimate. Click the link to the original report to see the ‘defanged’ version of the actual URLs. As a feature of the tactic, you may see extra dots or other characters in the URL, but they might not register as real input.

According to the report, the gang had been operating numerous Punycode-based Phishing domains for much of this year. They’re Russian-speaking and may be based in Russia — but they’re not a phishing gang per se. Rather, this group uses phony bank domains with malicious software already secretly installed on a victim’s computer.

The group steals money from victims infected with a potent strain of Microsoft Windows-based banking malware known as Gozi 2.0/Ursnif (Gozi). Gozi specializes in collecting credentials and is mainly used for attacks on client-side online banking to facilitate fraudulent bank transfers. Gozi also allows attackers to connect to a bank’s website using the victim’s computer.

Thousands of Amazon RDS Snapshots Are Leaking Out to the Public

Dark Reading report that Amazon’s Relationship Database Service (RDS) may be a target for hackers. Researchers at Mitiga discovered a way to scan and clone sensitive data from RDS storage volume snapshots. Administrators typically store these image files separately in a database. Hackers could copy the images if the database is shared with others or exposed to the internet. In addition, researchers said that hackers could find the source of the images and threaten to release them if the organization doesn’t pay them. The researchers discovered 2,783 images from around the globe, of which 810 were public. Mitiga suggests that RDS administrators and users take security precautions to encrypt their RDS volume snapshots.

Poisoned Google Search Results?

BleepingComputer reveals that threat actors abuse Google’s Looker Studio (formerly Google Data Studio) to boost search engine rankings for illicit websites that promote spam, torrents, and pirated content. The SEO poisoning attack analyzed by BleepingComputer uses Google’s datastudio.google.com subdomain to lend credibility to malicious domains. BleepingComputer says they came across several pages of Google search results flooded with datastudio.google.com links after a concerned reader reported seeing the erratic behavior. These links, rather than representing a legitimate Google Data Studio project, are minisites that host links to pirated content. For example, one search result sends users looking to “Download Terrifier 2 (2022)” to bit.ly links that redirect them multiple times to land on spammy websites. Additionally, the poisoning campaign uses a keyword stuffing technique, often considered a form of ‘spamdex’ to boost rankings of illicit domains.

Twitter Troubles

TechCrunch reports that Cybercriminals quickly capitalized on Twitter’s ongoing verification chaos by sending phishing emails designed to steal the passwords of unwitting users. Soon after the verification chaos ensued, hackers launched a phishing email campaign to lure Twitter users into posting their usernames and password on an attacker’s website disguised as a Twitter help form. Additionally, an email was sent from a Gmail account to a Google Doc with another link to a Google Site, which lets users host web content. The fact that they set this up within hours of the launch of Twitter’s new verification program speaks to the hackers’ agility and ability to take advantage of emerging threats.

After a series of layoffs and resignations by critical executives at Twitter, NBC News asked if it is still safe even to use Twitter. Cybersecurity experts they interviewed said that the firings and resignations at Twitter had made the platform more vulnerable to attacks from scammers, organized crime and hostile governments. Others opined that Twitter was quickly becoming a dangerous place for scams and that the theft of personal information added to a growing sense of chaos around the service, which Elon Musk purchased last month for $44 billion.