SonicWall's weekly Cybersecurity News and Trends.

Cybersecurity News & Trends – 05-05-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.


Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

It’s the beginning of May, which brings warm weather, rain showers and Star Wars jokes. Happy “Revenge of the Fifth” to all of our Sith Lords and Ladies. SonicWall channeled the force in the media this week with GovInfoSecurity quoting SonicWall CEO Bob VanKirk on SMBs and ChannelPro, CRN and Channel Futures spreading the news of SonicWall’s new channel chief for North America, Michelle Ragusa-McBain.

In industry news, Dark Reading covered a new tool to help companies keep their data safe from AI. Bleeping Computer provided details on operation “SpecTor” and Google’s takedown of CryptBot. TechCrunch had the lowdown on the City of Dallas’ ransomware attack.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

The Most Pressing Security Needs of the SMB and Midmarket

GovInfoSecurity, SonicWall News: Bob VanKirk, president and CEO, SonicWall, highlighted the need for SMBs to have access to the right set of tools and resources to defend their companies and protect their brands. In order to ensure cybersecurity, VanKirk said, organizations must have all the threat data at their fingertips, whether it be a firewall, endpoint or remote access, and have analytics across all those areas.

SonicWall Names North American Channel Chief

ChannelPro, SonicWall News: SonicWall has named Michelle Ragusa-McBain its new channel chief for North America. The hiring is one of several measures, along with the forthcoming introduction of a revamped partner program, aimed at expanding the company’s MSP channel, according to Jason Carter, SonicWall’s CRO.

SonicWall Hires Cisco Vet Michelle Ragusa-McBain as North America Channel Chief

CRN, SonicWall News: SonicWall has hired Cisco Systems veteran Michelle Ragusa-McBain to oversee its large North America channel, as the cybersecurity vendor looks to “reimagine” its business with the help of partners, she said in an interview with CRN.

Cisco Vet Joins SonicWall Channel Team as North America Leader

ChannelFutures, SonicWall News: Ragusa-McBain’s goal is to enable partners to grow and profit with the “boundless shift to cybersecurity.” SonicWall announced her appointment at this week’s Channel Partners Conference & Expo, co-located with MSP Summit.

CIA 2023: Top Solution Providers

Channel Daily News, SonicWall News: It helps customers by delivering integrated technology solutions and services that include security, cloud, data centre, networking, collaboration and digital transformation. This year it singled out HPE, Cisco, Veeam and SonicWall as its partners of the year.

SonicWall Partner Program Updates Coming

Channel Futures (Slide 4), SonicWall News: “We’ll be updating our partner program,” VanKirk said. “We’ve seen incredible growth out of what we have called our MSSP program in the past. We’re redoing that program altogether so that it will allow a much broader set of partners to participate and take advantage of, for example, monthly billing and if the number of users goes up or down, you’re only paying for that number. So we’re expanding that program, allowing a lot more partners in. We’ll be expanding that offering. It was just a few solutions. Now what we’re doing with all the changes, it used to be OK after the products were out, hey, what can we send through the MSSP program and service provider program. Now at the front end before a product even is going into the life cycle development, the PMs have to justify why or where is that going to fit in the partner program and the service provider program, which is a whole different approach that contributes to our seeing so much strength there.”

Malware attacks on the rise in higher ed

EdScoop, SonicWall News: Malware attacks against higher education institutions rose by 26% last year, according to SonicWall’s 2023 Cyber Threat Report. The report, published earlier this month, found that while malware attacks rose, ransomware attacks targeting higher education institutions declined 29% last year.

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

FBI warning: Don’t use public phone charging stations

San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

UAE residents can insure phones, other gadgets against cyberattacks, economic losses

Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Industry News

International Effort Nabs 288 Dark Web Drug Dealers and Buyers

Hundreds of drug dealers and purchasers who were active on a Dark Web marketplace known as “Monopoly Market” were arrested following an international law enforcement effort. The operation was dubbed “SpecTor” and resulted in police seizing over $55 million in cash and cryptocurrency. According to Bleeping Computer, police seized the website in late 2021, but many users believed that this was an exit scam by the site creators. It was only confirmed this week that police had indeed actually seized the website. Operation “SpecTor” targeted high-volume sellers and purchasers specifically – many of the arrested individuals were also active on other Dark Web marketplaces, making this a significant bust.  Along with the cash and cryptocurrency, police also seized over 1,800 pounds of drugs and 117 firearms. A majority of those arrested resided in the United States, United Kingdom and Germany. The operation was headed by Europol and the Federal Bureau of Investigation, but it also included police from the UK, France, Poland, Germany, Austria, Brazil and Switzerland.

PrivateGPT Launches Redaction Tool to Reduce Risk of AI Data Exposure

There have been a lot of discussions lately about what information employees may be entering into AI tools like ChatGPT – many companies have asked employees to not enter any company information or data into the tools. Private AI has introduced a new platform called PrivateGPT that integrates with ChatGPT to automatically redact over 50 types of personally identifiable information. PrivateGPT acts as a middleman between users and the AI, removing sensitive information like birth dates, credit card numbers and much more. Many users of ChatGPT don’t seem to realize that all information they enter into ChatGPT is absorbed into OpenAI’s LLM data set that they use to train the AI. OpenAI notes in its user guide that users should not share personal or sensitive information with the AI because OpenAI cannot delete that information from a user’s history once it’s been entered. With AI rapidly advancing, tools like PrivateGPT may become necessary for both regular users and corporate entities to safely use the tool. For now, users should continue to be careful of what they share with AI.

City of Dallas Hit by Royal Ransomware Gang

The Royal ransomware gang took credit for an attack on the City of Dallas this week. The attack took down key services in the Dallas metropolitan area including 911 dispatch services and some systems at local courthouses – the courthouses were forced to close amid the chaos. A spokesperson for the Dallas Police Department (DPD) told TechCrunch that 911 dispatchers had to write down instructions for officers instead of entering them into their digital systems during the outage. DPD noted that the outage did not affect police response. City officials realized something was amiss when printers on the City of Dallas network began printing out ransom notes on Wednesday morning. The notes stated that Royal had stolen the city’s data and would release it on the Dark Web unless the group’s demands were met. The full scope of the attack is still unknown at this time, but city officials did say they are currently working to isolate and remove the ransomware from infected servers.

Google Takes on CryptBot Malware Operation, Sues Threat Actors

Google has sued some threat actors using the CryptBot malware to steal information from Google Chrome users. The court has now granted Google a restraining order, which allows Google to begin disrupting the CryptBot credential stealing operation. The lawsuit specifically targets the infrastructure and distribution network being used to spread the malware, which will slow the malware’s spread significantly. Google now has court-granted authority to take down domains that have been linked to the spread of the malware. According to Bleeping Computer, CryptBot is a Windows malware that is used to steal sensitive information from a user’s computer. The stolen data obtained by CryptBot can be used to steal identities, commit fraud and more. Google stated that recent versions of the malware have targeted Chrome specifically, which is why Google’s CyberCrime Investigation Group (CCIG) and Threat Analysis Group (TAG) got involved. With the courts backing their efforts, Google should be able to deal a serious blow to the CryptBot operation.

SonicWall Blog

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Jordan Riddles
Junior Copywriter | SonicWall
Jordan Riddles is a Junior Copywriter for SonicWall. He has a background in content creation and editing, and he lives in Tulsa, Oklahoma. Jordan is a graduate of Northeastern State University in Tahlequah, Oklahoma, with a focus in English and creative writing. In his spare time, he loves reading, cooking and disc golfing.