Tomorrow is Big Word Day, which should please any of our sesquipedalian readers. SonicWall will have a booth at the RSA Conference in San Francisco next week. If you’re going to be at RSAC, we’d love for you to stop by!
In industry news, TechCrunch spoke with the Western Digital hackers about their demands. Dark Reading covered the early prison release of a convicted Nintendo hacker with a thematic last name. Bleeping Computer provided details about the Google red teaming tool that’s being used for nefarious purposes. Hacker News dug into the breach at Kodi.
Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.
Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.
San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.
Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).
DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.
TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.
American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.
TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.
Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the go-to-market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.
Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.
InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.
MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.
HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.
Western Digital Hackers Claim to Have Customer Information
Western Digital is in a bind as the hackers responsible for the breach on the data storage giant are seeking a minimum eight-figure payment to stop the release of massive amounts of information. The bad actors claim to have over 10 terabytes of Western Digital’s data including heaps of customer information. TechCrunch spoke with one of the hackers to attempt to verify their claims. The hackers were in possession of Western Digital’s code-signing certificate and are therefore capable of forging Western Digital’s digital signature. TechCrunch had two security researchers view the signature, and they verified it is indeed the company’s signature. The threat actors also proved to TechCrunch that they were in possession of multiple Western Digital executives’ phone numbers – numbers that are not public. The hackers sent Western Digital an email outlining their demands, and they have stated that they are prepared to start publishing the stolen data if Western Digital does not get back to them soon.
User Data and Private Messages Stolen in Kodi Breach
A threat actor group breached the developers of an open-source media player stealing over 400,000 user records and private messages. The hackers infiltrated Kodi using the stolen credentials of an administrator and stole it’s entire MyBB forum database including backups. Kodi noted that the account that stole the information has now been deactivated after it accessed the databases twice in February. According to Hacker News, Kodi is working on rolling out a global password reset out of an abundance of caution. The company has also taken down the breached forum for the time being and is working on implementing several other security measures.
Nintendo Hacker Named Bowser Earns Early Prison Release
A man named Gary Bowser has been released from prison early for his good behavior. Gary Bowser was sentenced to 40 months in prison in 2021 for his part in hacking Nintendo. Mr. Bowser was part of a hacker group called Team Xecuter that sold hacked chips to allow users to play pirated games on Nintendo consoles including the Nintendo Switch. On top of the prison sentence, Mr. Bowser was ordered to pay $14.5 million to Nintendo for his part in the $65 million dollars in losses he and Team Xecutor caused Nintendo over the course of a decade. Mr. Bowser has already paid off $175 (0.00001%) of the $14.5 million he owes to Nintendo thanks to his prison library job. Dark Reading stated that the extreme punishment for Mr. Bowser was doled out to deter other cyber criminals from committing similar crimes.
Chinese State-sponsored Hackers Abuse Google Command and Control
Data theft attacks on Taiwanese media and an Italian job search company have been linked to the Chinese state-sponsored hacking group known as APT41. The threat group, also known as HOODOO, was abusing the Google Command and Control (GC2) red teaming tool to commit the attacks. GC2 is an open-source tool designed specifically for red teaming activities. It was Google’s own Threat Analysis Group (TAG) that discovered HOODOO was abusing GC2 for nefarious purposes. HOODOO is known to target a wide range of industries typically in the United States, Asia and Europe. The attacks were brought to light in Google’s April 2023 Threat Horizons Report, which was released late last week. TAG interfered in a HOODOO phishing campaign where HOODOO was trying to bait users into clicking links that led to a protected file in Google Drive. Users who fell for the sham emails would inadvertently install GC2 effectively compromising their systems. It’s unclear which malware was offloaded in the attacks, all that is known so far is that GC2 was used to deploy it. According to Bleeping Computer, this isn’t the first instance of threat actors using red teaming tools. Recently, some groups have been using other red teaming tools like Brute Ratel and Sliver to avoid detection. The reality is that any tool that can be used for red teaming activities can also be used for criminal activities.
The RSA Report: The Road to RSA – Amber Wolff
RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff
Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr
SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff
New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan