SonicWall's weekly Cybersecurity News and Trends.

Cybersecurity News & Trends – 04-14-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

By

Today is National Reach As High As You Can Day, and SonicWall is still reaching high points in the headlines. Zawya (UAE) cited the 2023 Cyber Threat Report, noting a 14% drop in malware attacks for the UAE during 2022. The San Francisco Examiner and Unleashed included quotes from the threat report citing SonicWall ransomware data.

In industry news, TechCrunch has the lowdown on U.S. intelligence leaks from an Air National Guardsman. Dark Reading provided details on Microsoft’s uncovering of an Israel-based Private-Sector Offensive Actor (PSOA). The Yum! Brands breach was broached by Bleeping Computer. Hacker News covered the malware debacle at WordPress and a Russia-linked hacker gang carrying out a cyber espionage campaign.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, Ransomware-as-a-Service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

FBI warning: Don’t use public phone charging stations

San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, Ransomware-as-a-Service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

UAE residents can insure phones, other gadgets against cyberattacks, economic losses

Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Hackers Are Cashing in With Hijacked IP Addresses

TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.

Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report — due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report, the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

Industry News

US National Secrets Leaked by Air National Guardsman in Discord Server

A 21-year-old member of the Massachusetts Air National Guard has been identified as the person responsible for leaking classified government and military intelligence on a private Discord server. Attorney General Merrick Garland stated, “Today the Justice Department arrested Jack Douglas Teixeira in connection with an investigation into alleged unauthorized removal, retention and transmission of classified national defense information.” Teixeira originally leaked the documents solely to the private server, but the documents later appeared in several other Discord servers including a large Minecraft server with thousands of members. The intelligence included sensitive information about the war in Ukraine and much more. It was making the rounds on Discord for months before the proper authorities caught on. Teixeira will soon have his first court appearance in the U.S. District Court for the District of Massachusetts.

Microsoft Catches Israel-based Threat Group Selling Mobile Spyware

Threat intelligence researchers at Microsoft stated this week that a threat group they’ve been tracking as DEV-0196 is actually a Private-Sector Offensive Actor (PSOA) known as QuaDream. QuaDream, which is based in Israel, sells a malicious software suite called REIGN to governments around the world. REIGN consists of malware, exploits and a mobile data exfiltration tool. According to Dark Reading, the actions of the group have been in-line with another Israel-based threat group known as NSO group. NSO group has been blacklisted for peddling the Pegasus iOS spyware to hostile governments. Oddly, QuaDream does not have a website, but they have allegedly been active since 2016. A winter 2022 report from Meta claimed QuaDream was performing tests to exfiltrate data from both Android and iOS devices. The software QuaDream is selling utilizes zero-click exploits which can be difficult to protect against. The Microsoft researchers recommended following basic cyber hygiene practices to minimize risks.

Yum! Brands Discloses Data Breach

Fast food giant Yum! was the victim of a data breach in mid-January. The KFC, Pizza Hut and Taco Bell brand owner has started sending out notifications to some individuals whose personal information was stolen. The notifications disclosed that the names, driver’s license numbers and other ID numbers of some persons had been stolen by the attackers. According to Bleeping Computer, Yum! temporarily shut down approximately 300 restaurants in the United Kingdom as a result of the attack. No customer information was stolen during the attack. All of the stolen personal information belonged to employees of Yum! Brands. The total number of affected individuals is unknown at this time.

Russian Hacker Gang Linked to Espionage Effort

A Russia-linked hacker gang named Nobelium has been linked to attacks on foreign ministries and diplomatic entities in multiple NATO, European Union and African nations. The connection to Nobelium was made when Polish intelligence agencies noticed similarities between the group carrying out these attacks and the group that carried out a major attack on SolarWinds in 2020. The Polish agencies noted that Nobelium is using both new and old tools to carry out these attacks. Hacker News stated that the attacks typically begin with spear-phishing emails to diplomats disguised as invitations to meetings. If the victim opens the included booby-trapped PDF file, an HTML dropper is deployed and releases multiple previously unknown malware strains onto the victim’s device.

WordPress Hit by Balada Injector Malware Campaign

A malware campaign has infected more than a million WordPress websites with a malware that redirects visitors to scam sites. The campaign was designed to deploy a malicious program called Balada Injector. The malware targets vulnerabilities in outdated plugins and themes, and it’s been active on WordPress since 2017. The threat actors initiate the attacks, and once the attackers successfully infiltrate the sites, they then insert malicious JavaScript code that redirects visitors to fake tech support sites, fake CAPTCHA pages and more. Hacker News stated that the attacks usually come in waves once every few weeks. Researchers warned that the malware could expose visitors to more nefarious threats, such as identity theft and ransomware.  All WordPress site owners have been advised to update their themes and plugins to the latest versions.

SonicWall Blog

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Jordan Riddles
Copywriter | SonicWall
Jordan Riddles is a Copywriter for SonicWall. Prior to joining the SonicWall team, he was an editor and copywriter for a publishing house as well as a poetry journal. Jordan is a graduate of Northeastern State University in Tahlequah, Oklahoma. In his spare time, he enjoys cooking, reading and disc golfing.