Cybersecurity News & Trends for January 13, 2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

SonicWall is leading this news cycle with more company mentions and stories featuring executives and cybersecurity experts like Spencer Starkey, Senior Director, Regional Sales-EMEA, and Terry Greer-King, Vice President, EMEA and APJ Sales.

In industry news, we run the full range of international hacks and highly developed phishing campaigns. The Record reports that a pro-Russian hacktivist group is going after NATO targets. This story has contributions from Sentinel Labs, Reuters, and Cyberscoop. From Cyberwire, a critical hack alert about phishers hitting Microsoft’s Dynamic 365 Customer voice services. Bleeping Computer alerted us about a breach at Norton LifeLock. Dark Reading reports that “sneaky” hackers are wooing corporate workers with fake Zoom downloads. So please watch what you click. CSO Online reports on a developing story about a ransomware group actively exploiting the Citrix (CVE-2022 27510) vulnerability. And Hacker News warns us that tainted VPN installers are spreading EyeSpy surveillance ware.

As always, watch the corners before you cross the road, and remember that cybersecurity is everyone’s business.

SonicWall News

All You Need to Know About The ‘Godfather’ Malware Targeting This Country’s Financial System

AMB Crypto, SonicWall News: “The research titled “2022 SonicWall Cyber Threat Report” from cybersecurity company SonicWall claims that cryptojacking attacks have increased in the banking sector by 269% year-to-date. This figure is nearly five times higher than cyberattacks directed at the retail sector. According to the study from SonicWall, the total number of crypto-jacking incidents increased by 30% to 66.7 million in the first half of 2022.”

An Evolving Landscape: Top 10 Cybersecurity Predictions For 2023

Silicon Republic, SonicWall News: “Spencer Starkey, channel sales EMEA VP for SonicWall, predicts that healthcare and education will be among the sectors most targeted by cyberattacks in 2023. The cybersecurity company claims the healthcare sector saw a 328pc year-on-year increase in ransomware attacks last year.”

Royal Mail’s Export Service Hit with Major Cyber Incident And Is Experiencing ‘Severe Disruption’

City AM, SonicWall News: “Terry Greer-King, Head of EMEA at SonicWall, a cybersecurity firm, linked this cyber incident to declining cyber safety in the UK. Greene told City Am : “The cyber incident at the Royal Mail shows that the public sector, like all other industries, is still vulnerable to mass cyber attack. As legacy IT concerns become more apart across the UK’s public sector, the state of its cybersecurity is still a main topic that must be addressed, especially after 2021 brought a 94% increase in malware on the global government sector. As a service that people and businesses alike depend on day-to-day, ensuring its digital infrastructure remains secure must be a top priority. To truly safeguard national public-sector cybersecurity, the government must take real concerted action now,” he added.

Study Find One in Four SMES Hit By Ransomware Last Year

Technology Magazine, SonicWall News: “Today, cyberattacks continue to present an ever-changing threat to businesses across all sectors. NCC Group’s Annual Threat Monitor report, which indicated ransomware attacks almost doubled in 2021, rising 92.7% on the previous year, while research by SonicWall found that 66% of customers were more concerned about cyberattacks last year.”

All You Need to Know About The ‘Godfather’ Malware Targeting This Country’s Financial System

Leading Cybersecurity Companies for The Food Industry

Just Food, SonicWall News: “Amongst the leading vendors of cybersecurity in food industry are Dragos, Eat IT Drink IT, NCR, Netskope, PDI Software, Preciate, Singtel, SonicWall, TitanHQ, VikingCloud, Auvesy-MDT, Cali Group, and Cardonet.”

Goodbye 2022, Hello 2023: Experts Weigh in With Channel Expectations

MicroScope, SonicWall News: “Matt Brennan, vice-president of North America channel sales at SonicWall, believes the effects of supply chain disruption will continue to have an impact on 2023: “Supply chain challenges have wreaked havoc across most industries around the world. IT has been affected across the board. Because of these challenges, brand loyalty will fade. [Customers] won’t hesitate to make purchases they can get now rather than wait for a specific brand product later – fulfilment is critical, regardless of how long customers have been brand loyal.” Brennan adds that this will lead to a shift in the market as customers learn that “staying brand loyal is not necessary to run their businesses successfully”.

Tips for Health Systems on Managing Legacy Systems to Strengthen Security

HealthTech, SonicWall News: A lack of support from the manufacturer generally means a lack of security patches. As a result, devices running a legacy OS are easy targets for attackers — in fact, malware attacks on internet-connected devices spiked 123 percent in the first half of 2022, according to research from SonicWall.

Cybersecurity for Investors: Why Digital Defenses Require Good Governance

Yahoo! Finance, SonicWall News: Cyberattacks are very costly. In the first half of 2022, at least 2.8 billion malware attacks were recorded globally, an increase of 11% over the previous 12 months, according to cybersecurity company SonicWall.

Remote Monitoring, AI Research and Data at Risk: Healthcare Tech Predictions For 2023

BetaNews, SonicWall News: Healthcare could come under threat from geopolitical attacks believes Immanuel Chavoya, threat detection and response strategist at SonicWall. “When it comes to protecting against threats of geopolitically motivated attacks, the present call to action is to be proactive, rather than reactive, to an assault. Attacks such as targeted malware or vulnerability exploitation could be used to inflict chaos on critical infrastructure such as healthcare, electric utilities, financial institutions, and oil and gas. These attacks tie up resources, cause financial damage, and send a signal. In 2023, organizations and governments will need to be prepared by ensuring that they don’t have any issues that could become low-hanging fruit for attacks and closely monitor their network activity for quick identification of and reaction to any attack.

Future Tech Role of Partners

CRN (India), SonicWall News: Security threats are becoming increasingly sophisticated, and organizations are looking for proactive ways to secure their IT environments. Whether their environment is in the Cloud, on-premises or a hybrid, organizations look to managed security services providers (MSSPs) to provide the best-in-class security to protect their business and mitigate future risk.

SonicWall CEO: Partner Program Revamp on Tap for Early 2023

CRN, SonicWall News: As other vendors are increasing their prices, we’re actually doing the opposite,” he said. If a customer and a partner commit to buying three years of services—services that go with our solutions—what they end up getting is the firewall hardware at no charge. That translates to a double-digit price decrease savings.

Industry News

Pro-Russian Hacktivists Go After NATO

A pro-Russian hacktivist group has been going after targets in NATO countries since the war against Ukraine started. The Record report that group NoName057(16)

used Telegram and GitHub to launch distributed denial-of-service attacks against Ukraine and several NATO countries.

According to researchers at Sentinel Labs, the group targeted candidate websites in the 2023 Czech presidential election and businesses and organizations across Poland and Lithuania. According to Reuters, the group is also responsible for disrupting Denmark’s financial sector earlier this week.

The gang also used GitHub to host their distributed denial of service tools. Cyberscoop reports that GitHub disabled the group’s accounts this Tuesday.

Hack Alert: Microsoft’s Dynamic 365 customer voice service

Threat actors are busy developing new methods to attack companies that use Microsoft’s Dynamic 365 customer voice service.

According to Cyberwire, hackers use Microsoft Customer Voice to send phishing messages to victims in the form of a service notification to the end user. Hackers harvest the password when the victim logs in to view the document. In another attack variant, the end user is enticed to click on the link in the email to print a document. An easy defensive fix is to hover over URLs to validate the sender before clicking links in emails or text messages.

Norton LifeLock Warns That Hackers Breached Password Manager Accounts

Bleeping Computer reports that Gen Digital, previously Symantec Corporation and NortonLifeLock, is now sending customers data breach notifications informing them of hackers’ successful breach of Norton Password Manager accounts through a credential-stuffing attack.

A letter sample was shared with the Office of the Vermont attorney general. It appears that the attackers did not cause a breach at the company but rather account compromises on other platforms. According to the company, their systems were not compromised. However, they claim that an unauthorized third party has used the username and password of user accounts.

Sneaky Hackers Woos Corporate Workers With Fake Zoom Downloads

According to Dark Reading, a sneaky new info stealer is sliding onto user machines via website redirects from Google Ads that pose as download sites for popular remote workforce software, such as Zoom and AnyDesk.

Researchers from Cyble have revealed that the threat actors behind the new malware “Rhadamanthysstealer,” which is available on the Dark Web as a malware-as-a-service model, are using two delivery methods to spread their payload, as disclosed by researchers at Cyble.

Researchers detected several phishing domains that the threat actors created to spread Rhadamanthys, most of which appear to be legitimate installer links for the software above brands. Some of the malicious links they identified include: bluestacks-install[.]com, zoomus-install[.]com, install-zoom[.]com, install-anydesk[.]com, and zoom-meetings-install[.]com.

Ransomware Group Actively Exploiting Citrix Vulnerability

A ransomware group known as Royal is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510, allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.

There were no known instances of the vulnerability being exploited in the wild at the time of disclosure. However, as of the first week of 2023, At-Bay’s cyber researchers claimed new information suggests the Royal ransomware group is now actively exploiting it. Royal, considered one of the more sophisticated ransomware groups, emerged in January 2022 and was particularly active in the second half of last year.

Beware: Tainted VPNs Spreading EyeSpy Surveillanceware

Hackers know how we use VPN services to protect ourselves from… them. According to Hacker News, hackers have created tainted VPN installers to deliver a piece of surveillance ware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses “components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers,” Bitdefender said in an analysis.

A majority of the infections are said to originate in Iran, with smaller detections in Germany and the U.S., the Romanian cybersecurity firm added.

It has many features, including taking screenshots, activating microphones, logging keystrokes, gathering files and saved passwords from web browsers, and remotely controlling the machines to run arbitrary commands.

SecondEye previously came under the radar in August 2022, when Blackpoint Cyber revealed the threat actors’ use of its spyware modules and infrastructure for data and payload storage.