SonicWall's weekly Cybersecurity News and Trends.

Cybersecurity News & Trends – 06-16-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.


It’s the middle of June already – 2023 is flying by. Don’t let the summer fly by without checking out the 2023 Cyber Threat Report: We’ll be releasing the mid-year update at the end of July.

In industry news, Dark Reading has the lowdown on a first-of-its-kind ransomware attack. The LockBit ransomware gang is making headlines this week with Bleeping Computer covering a global report targeting the threat group and CyberScoop shedding light on a recent arrest in Arizona that’s connected to the gang. TechCrunch provided details on a report from the U.S. government about how it purchases and uses commercial data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

0mega Ransomware Gang Pulls Off First-of-its-kind Attack

A ransomware group named 0mega has completed an attack against a company’s SharePoint Online environment without using a compromised endpoint. This is bad news for companies who have been pouring money into endpoint protections in the hopes of thwarting ransomware attacks – this attack proves that these criminals can complete an attack without ever compromising an endpoint. The attack was pulled off by the gang using some weakly secured administrator credentials they acquired. After infiltrating, the threat group exfiltrated data from the company’s SharePoint environment and then used that data to extort them. The CPO at the security firm that discovered the attack said this attack shows that strong endpoint security isn’t enough. With many companies storing data in online Software-as-a-Service (SaaS) programs, this type of attack may become more common although this attack appears to be the first of its kind. 0mega completed the attack by using the stolen credentials to create an Active Directory user named ‘0mega’ and giving it all of the permissions needed to turn the unnamed company’s day upside down. Many cybersecurity researchers are noticing an uptick in SaaS attacks. Organizations can protect themselves by being proactive, creating strict MFA policies and ensuring they have robust risk management tools in place across their SaaS environments.

LockBit Ransomware Gang Extorted Over $90 million from 1,700 Attacks in the US

Cybersecurity authorities from the United States and around the world issued a joint advisory on the notorious LockBit ransomware gang stating that the gang had extorted $91 million in 1,700 attacks on organizations in the U.S. since 2020. The advisory also noted that LockBit was the most deployed ransomware variant in 2022 and continues to be widespread in 2023. According to Bleeping Computer, LockBit has released two major new versions of its Ransomware-as-a-Service (RaaS) tool since 2019 and is currently on LockBit 3.0. Since releasing LockBit 3.0, the gang has committed multiple high-profile attacks using the upgraded tools and extortion tactics in the newest version. The advisory released this week by CISA includes tips, tools and tactics to help organizations protect themselves from LockBit.

Russian Member of LockBit Ransomware Gang Arrested in Arizona

A 20-year-old man named Ruslan Magomedovich Astamirov was arrested in Arizona this week following his involvement in multiple attacks with the LockBit ransomware gang. The man allegedly participated in attacks against the United States, Asia, Europe and Africa. Astamirov’s case will be tried in New Jersey where the cases of two other men involved with LockBit are being handled. Prosecutors filed a complaint accusing Astamirov of owning and controlling IP addresses, email addresses and a cloud services account that were found to be connected to LockBit’s attacks. This is the latest development in what has become a global crackdown on the LockBit ransomware gang with CISA and global law enforcement agencies releasing a joint document this week specifically to combat LockBit. Let’s hope they can continue to have success with bringing these threat actors to justice.

The US Government Buys Your Data in Bulk

A recently declassified government report confirms something people have been wondering about for years now – yes, the United States government does purchase your personal data. The report notes that various U.S. intelligence and spy agencies purchase huge amounts of data on American citizens including web browser data, smartphone data and data from connected vehicles. In the report, the U.S. government itself states that this is a significant issue for citizens’ privacy and civil liberties. While it’s unknown exactly which agencies are buying this data and for what purpose, we do have at least one example. The Internal Revenue Service apparently purchases the location data of millions of Americans in order to catch people cheating on their taxes. The Department of Homeland Security purchases the same type of information to enforce immigration laws. While it isn’t necessarily shocking that the U.S. government is collecting this data, it’s worth noting that typically a search warrant is required for the government to obtain this type of data on an individual. Now it can just load up its proverbial shopping cart with your data and flip through it like the morning news.

SonicWall Blog

The Dangers of Zero-Days in Popular Products – Ken Dang

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Jordan Riddles
Junior Copywriter | SonicWall
Jordan Riddles is a Junior Copywriter for SonicWall. He has a background in content creation and editing, and he lives in Tulsa, Oklahoma. Jordan is a graduate of Northeastern State University in Tahlequah, Oklahoma, with a focus in English and creative writing. In his spare time, he loves reading, cooking and disc golfing.