Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
Spring is in the air, and SonicWall’s media presence is blooming. InformationWeek quoted our threat detection and response strategist, Immanuel Chavoya, on healthcare. MotorTrader cited data from the 2023 Cyber Threat Report.
In industry news, FCW dives into details on the federal governments new program for cybersecurity employees. Data Breach Today has the story on the FBI’s arrest of BreachForum’s notorious administrator. Bleeping Computer breaks down the zero-day attack on General Byte’s Bitcoin ATMs. Hacker News provides insight on bot-based DDoS attacks exploiting vulnerable servers and routers.
Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.
InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.
MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.
HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.
TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.
MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.
Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.
CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.
Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.
Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.
InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.
MSN, SonicWall News: Bob Vankirk, CEO of SonicWall, said: “The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance. While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”
IT Pro, SonicWall News: State-sponsored threat actors are increasingly shifting their focus towards SMBs and smaller enterprises, according to new research. While large enterprises, public services, and critical national infrastructure have traditionally been key targets for state-sponsored threat actors, SonicWall’s 2023 Cyber Threat Report predicted that groups will ‘diversify’ their tactics in 2023 to target SMBs and a “broader set of victims.”
Utah Pulse, SonicWall News: SonicWall reports a 328% YoY increase in healthcare ransomware attacks in 2022, and healthcare and education are expected to be among the most targeted sectors in 2023. The expanding IoT footprint in these sectors is predicted to make them more vulnerable to digital attacks, increasing the risk to critical infrastructure.
FBI Tracks Down, Arrests BreachForum’s Administrator
FBI agents tracked down the apparent administrator of an underground hacker forum this past week. They arrested the man at his home in Peekskill, New York. Federal agents identified him as Conor Brian Fitzpatrick, a 2021 graduate of Peekskill High School. His name on the forum was “Pompompurin.” Beyond being a hub for cybercriminal tools, BreachForums also allows users to advertise searching for members and for targets. According to Data Breach Today, a federal agent disclosed that Fitzpatrick admitted to him that he was the administrator of the criminal forum during the arrest. This will not be the end of BreachForums, as another user – named “Baphomet” – has now taken control and vows that he will not be caught.
Bitcoin ATM Loses $1.5 Million In Zero-day Attack
A popular Bitcoin ATM manufacturer, General Bytes, revealed that threat actors stole $1.5 million worth of cryptocurrency from the company and its customers using a zero-day exploit. The exploit is being tracked as BATM-4780, and it was found in the companies BATM management platform. Bleeping Computer states that General Bytes is now shutting down its cloud services due to the difficulties they’ve faced in securing it. The company has audited its security systems numerous times since 2021 but still failed to identify the zero-day vulnerability that led to this attack. On Twitter, the company urged customers to ensure their servers are running the latest updates to better protect them.
Federal Government Implementing New Program to Address Cybersecurity Skills Gap
The Office of Personnel Management provided an update regarding the Federal Rotational Cyber Workforce Program. The program will give high-performing government cybersecurity employees the option to temporarily work at different agencies to help address the growing cybersecurity skills gap. Participating employees will need signed permission from their current agency to initiate the transfer. According to FCW, those wishing to take on one of these assignments will need to have scored a minimum of “fully successful” on their most recent performance review. These temporary details will last anywhere from six months to a full year. This new program won’t begin until 2027 due to existing laws unless congress intervenes.
Naruto-themed Bot Exploiting Router and Server Vulnerabilities
A GoLang-based bot named HinataBot is wreaking havoc by exploiting security flaws in routers and servers to stage DDoS attacks. The bot is named after a character from the hit anime series “Naruto.” The bot is using vulnerable Hadoop YARN servers and Realtek SDK devices to set up the attacks. The threat actors have been active since December 2022 and have been using their custom HinataBot since January 2023. The bot is apparently still in active development because new functions and analysis-resistance features have been documented as recently as this month. According to Hacker News, DDoS attacks are expected to continue to rise due to new malware strains that can target IoT devices and more.
SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff
New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan
Celebrating 2023 With Expanded “3 & Free” – Matt Brennan
The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman
Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah