Cybersecurity News & Trends for December 9, 2022

Bringing you curated cybersecurity news and trends from leading news outlets and bloggers that monitor IT security worldwide.

It’s the end of the year, and SonicWall still manages to produce headlines, including big news that its next-generation firewalls were a winner in CRN’s prestigious 2022 Products of the Year Awards.

From industry news, Dark Reading reports three ways attackers bypass cloud security. Then, Hacker News published a report about a new ‘Truebot’ malware variant that leverages the Netwrix auditor bug and the Raspberry Robin worm. From SC Magazine, we learned that most US defense contractors are failing basic cybersecurity requirements. Bleeping Computer reports that Rackspace confirms a ransomware attack caused the outage they experienced earlier this week. Krebs on Security lays out a new and devious attack strategy that targets executives of telemedicine companies. Finally, CyberNews reveals the weakest (and worst) passwords of 2022, with a retrospect from a report from Forbes. Despite all the news and the warnings, people are still using simple and very hackable passwords. Read these lists to see if your password is one of them.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

The Art of Cyberwarfare: Sun Tzu and Cybersecurity

Solutions Numeriques (FR), Reprint from SonicWall Blog: SonicWall is organizing an event on this theme of the Art of War: December 15, presented by Guillaume Sevrin, SonicWall EMEA pre-sales manager.

Ransomware Gang Makes $100 Million

Cyber Security Intelligence, SonicWall News: The retail sector is a specific target for Hive ransom attacks and this confirmed by an authoritative threat report by SonicWall, which found that retailers saw a 90% increase in ransomware attacks in 2022, whereby hackers attempt to cripple their day-to-day infrastructure.

Why The Race to Deliver Products Faster Could Be Hampering Product Security

Business Reporter, SonicWall News: Combining these factors with the avalanche of cyber-attacks on connected devices makes the challenge even more insurmountable. According to SonicWall, the total number of malware attacks on IoT-enabled devices rose by 77 per cent in the first half of 2022 to an alarming 57 million. The number of “never-before-seen” malware variants, that are the hardest to defend against, also rose by 45 per cent in the period.

SonicWall Earns Multiple Channel Awards, Delivers More Value and Savings to Global Partner Community

PR Newswire, SonicWall News: SonicWall today announced that its next generation firewalls were a winner in CRN’s prestigious 2022 Products of the Year Awards, notching yet another award in an impressive run for the company that is diligently driving new and innovative strategies to its partners offset rising costs industry-wide.

Infinigate To ‘Take Breath’ Before Shifting M&A Focus to Bolt-On Deals, UK Boss Reveals

CRN UK, SonicWall News: “Looking at the enlarged UK business, Griffiths said that Nuvias hands it “scale and power”. While Infinigate’s largest vendors were Progress Software and SonicWall, Nuvias held bigger partnerships with the likes of Juniper Networks.”

Chartered Status and Aligned Standards Are Crucial for The UK’s Cyber Sector

Computer Weekly, SonicWall News: SonicWall’s 2022 Cyber threat report states that ransomware incidents on governments across the globe increased by 1,885% last year, with the healthcare industry alone suffering a 755% increase.

Benefits Of VPN For Small Businesses

GIS User, SonicWall News: We recommend using a reliable VPN service that uses military-grade encryption, such as SonicWall VPN. It has a wide range of features and is very affordable. It is important to note that not all VPN services are created equal, so it is essential to do your research before choosing one.

Cyber Predictions for 2023

Cyber Magazine, SonicWall News: We can expect smaller scale attacks, for lower amounts of money, but which target a much broader base. The trend will probably hit education providers hard: education is already the sector most likely to be targeted by a malware, cryptojacking or encrypted attack, according to SonicWall’s 2022 Cyber Threat Report.

7 Steps to Future-Proof Your MSP Business and Stay Relevant

G2, SonicWall News: In 2021, SonicWall recorded 623.2 million ransomware attempts globally, an increase of 105% year-over-year. Just ransomware attacks.

Firewall Cybersecurity Providers You Should Know

Channel Futures, SonicWall News: Montenegro said SonicWall is a top NGFW provider. In March, SonicWall announced that 2021 was its best year on record. Propelled by the delivery of high-demand products, including the evolution of its Generation 7 NGFWs and a focus on its customers, SonicWall delivered record levels of sales and profitability in 2021.

How Remote Working Impacts Security Incident Reporting

CSO Online, SonicWall News: System- and endpoint-based security incident reporting and response can be negatively impacted by remote working too, says Immanuel Chavoya, emerging threat detection expert at SonicWall. “For instance, if the system flagged a user’s machine for a malware intrusion, there may be some delay in the security team being able to make any necessary updates, whereas, in person, the security engineer can immediately access the device and take any necessary action.

Malware, Spyware, and Ransomware: How They Differ and How to Respond

JD Supra, SonicWall News: Data from SonicWall Capture Labs revealed that the first half of 2022 saw an 11% increase in malware attacks compared to 2021, totaling around 2.8 billion attacks globally. Furthermore, over 2022, 35% of respondents have stated that poor preparedness was to blame when they experienced business-disrupting cyberattacks. Therefore, it is essential to take the necessary precautions to secure your device by installing the appropriate malware protection and recognizing the signs of an infected system.

Cybersecurity For Investors – Why Digital Defenses Require Good Governance

Seeking Alpha, SonicWall News: Cyberattacks are very costly. In the first half of 2022, at least 2.8 billion malware attacks were recorded globally, an increase of 11% over the previous 12 months, according to cybersecurity company SonicWall.

Study Shows the Worrying Human Cost of Cyber Attacks

Technology Magazine, SonicWall News: Research by SonicWall recently found there is growing concern regarding cyberattacks. Amongst 66% of organizations surveyed; ransomware leads the distress as 91% of all customers cited it as their biggest concern. Phishing and spear-phishing (76%), as well as encrypted malware (66%), comprised the top three concerns.

Ransomware Is the Biggest Concern for Most Organizations

HelpNetSecurity, SonicWall News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Industry News

3 Ways Attackers Bypass Cloud Security

Dark Reading reporting from the “Black Hat Europe” conference held in London this year focused on one presentation that discusses how recent cloud-focused malware campaigns demonstrate that adversary groups have intimate knowledge of cloud technologies and their security mechanisms. And not only that, but they are also using that knowledge to their advantage. Attackers, being very opportunistic, are capitalizing on mistakes committed by the cloud customer. So, the article proposes that successful attacks in the cloud have more to do with the user than the [cloud] service provider, per se. Perhaps the most interesting development with these attacks is that they target serverless computing and containers. The ease with which hackers can compromise cloud resources makes many people very uneasy.

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

According to Hacker News, cybersecurity researchers reported an increase in TrueBot infections. These attacks primarily target Mexico, Brazil and Pakistan. Cisco Talos says the attackers behind the operation have moved from using malicious emails to alternative delivery methods, such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor that was exploited by the Raspberry Robin worm. Data theft and Clop ransomware execution were some of the significant aspects of the monitored activities. TrueBot is a Windows malware downloader. It’s been attributed to a threat actor identified by Group-IB Silence; a Russian-speaking crew believed to share an association with Evil Corp (aka DEV-0443) and T505.

Most US defense contractors fail basic cybersecurity requirements.

SC Magazine reports that nearly nine out of ten US defense contractors fail to meet bare cybersecurity minimums. The new stats are the product of a study conducted by CyberSheath where they surveyed 300 US-based Department of Defense (DoD) contractors. The survey found that just 13% of respondents score 70 or above in the Supplier Performance Risk System (SPRS), the Department of Defense’s primary system for assessing supplier and product risk for contractors who handle unclassified information. According to the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance.

Rackspace confirms outage was caused by ransomware attack

Bleeping Computer reports that the cloud computing provider Rackspace Technology, Inc. (NASDAQ: RXT) confirmed that a ransomware attack is behind an ongoing Hosted Exchange outage described as an “isolated disruption.” Rackspace says that the investigation, led by a cyber defense firm and its internal security team, is in its early stages with no info on “what, if any, data was affected.”

The cloud service provider says it will notify customers if it finds evidence that the attackers gained access to their sensitive information. The company also revealed during a press release and in their public 8-K SEC filing that it expects a loss of revenue due to the ransomware attack’s impact on its $30 million Hosted Exchange business.

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups constantly invent new ways to attack victims and convince them to pay. Krebs on Security reports that the new crop of strategies that have surfaced recently is particularly devious.

First, the ransomware group targets healthcare providers that offer online consultations and sends them booby-trapped records. The second one involves carefully editing executives’ emails at public companies to make it appear they were involved in insider trading.

The US Department of Health and Human Services (HHS) warned last month that Venus ransomware attacks had been detected against several US healthcare providers. Venus was first discovered in mid-August 2022. The group is also well-known for hacking into victims’ Remote Desktop services to encrypt Windows computers.

Venus group members have demonstrated a high-level ability to access victim agencies. However, the group has had difficulty getting paid. That’s why the change in strategies, Krebs believes, has led to attempted blackmail to frame public company executives for insider trading. Venus said it had recently succeeded in using a method that involved carefully editing email inboxes at victim firms to insert messages discussing plans for trading large volumes of company stock based on non-public information.

The Weakest (and worst) Passwords of 2022

We learned that despite growing cybersecurity awareness, old habits die hard. CyberNews reports that people still use weak passwords. They examined 56 million breached and leaked passwords in 2022 and discovered the password “123456” was used in 111,417 cases. Forbes ran a similar report in 2020 and found that the top two passwords on their list was found in 6,452,650 accounts. They also reported that many of these passwords take less than one second to crack. We recommend you click through to see if you use any of these passwords. If you are, then it is worth worrying about.

While most hacks are the product of phishing or ransomware attacks, a weak password opens you to a brute force attack that breaks into your account by guessing your password. Every password on both lists appears in a common database shared by hackers on the open web. That means the database is so common that a teenager with little knowledge can use automated software to probe thousands of accounts until they find yours.

Of the passwords scrutinized by the CyberNews report, around half (28 million) were ‘specific’ – consisting of a single simple name or word such as “dell.” About 5.5 million of these unique or specific passwords occurred multiple times. For instance, some use names of capital cities like “lima” (17,466) and “Rome” (17,407) and animal species such as “cat” (122,392) and “rat” (103,284). Again, whether these were chosen because of any personal significance to users or merely selected for their simplicity is unclear. These passwords can be just as easily hacked as well.

What’s clear from these two reports is that – despite all the terrible news about cyber threats and ransomware – there’s still a legion of ‘culprits’ out there who can’t be bothered to use password-managing apps or spend more time and effort creating complex combinations. And with this lack of attention or concern, cybersecurity takes a hit. These passwords not only spell bad news for users who abuse their cybersecurity but everyone else they associate with and communicate with.