It’s the beginning of June, and today is National Donut Day – donut forget to celebrate if you’re craving something sweet. SonicWall had a sweet week in the news with eSecurity Planet talking to our Chief Product Officer Peter Burke and Verdict speaking with Senior Manager of Product Security Immanuel Chavoya.
In industry news, Bleeping Computer had the lowdown on the disaster with the MOVEit Transfer zero-day exploit and Android’s malware troubles. TechCrunch covered the biggest healthcare breach of the year so far. Security Week provided details on Gigabyte’s backdoor problem.
Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.
Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.
Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.
Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.
“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”
eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.
“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”
CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.
Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”
CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.
The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.
Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures
TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.
ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.
The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”
Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.
Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals
Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.
SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.
MOVEit Transfer Zero-day Exploit Results in Tons of Stolen Data
A vulnerability in the Progress MOVEit Transfer file transfer software is allowing hackers to mass-download data from organizations. At this time, it’s unclear which threat actors are using the exploit. According to Bleeping Computer, this is a zero-day exploit and many organizations have been breached and had their data stolen. A security advisory from Progress said, “If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.” Progress advises all MOVEit Transfer customers to block external traffic to ports 80 and 443 on the MOVEit Transfer server to avoid exploitation. Until a complete patch is released, Progress also advises that organizations stop all MOVEit Transfers and investigate their servers. While many organizations have been attacked already, the threat actors have not yet started to extort them. We likely won’t know who is behind the attacks until the extortion begins.
Gigabyte Motherboards Compromised by Wide Open Backdoor
The computer hardware manufacturer Gigabyte has a big problem – hundreds of motherboard models from the hardware giant have backdoors that are major risks. Researchers at Eclypsium were the first to discover the backdoor and how it functions. They determined that systems using a Gigabyte motherboard download files from an unsecured Gigabyte server on startup which leaves a door wide open for threat actors or other nefarious purposes. So far there is zero indication that this flaw has actually been exploited. The researchers couldn’t determine if the backdoor was placed by a malicious Gigabyte employee or if it was a result of compromised systems. Regardless of how it got there, it can easily be exploited by someone with the knowledge to do so. The security researchers noted that they’re currently working with Gigabyte to resolve this issue.
LockBit Ransomware Gang Responsible for Largest Health Data Breach of 2023
One of the largest dental health insurers in the United States has been hit with a huge data breach. Managed Care of North America (MCNA) in Atlanta lost the personal and health information of almost 9 million patients between February 26 and March 7 of this year. The hackers were none other than the notorious LockBit ransomware gang. The threat group infiltrated the healthcare provider to access and copy its data and demanded a $10 million payment to delete the stolen data. MCNA refused to pay the ransom, and the hacker gang then leaked all of MCNA’s data onto its Dark Web leak site. According to TechCrunch, the leaked data included names, addresses, dates of birth, phone numbers, email addresses, Social Security Numbers, driver’s licenses, health insurance data, plan information and Medicaid ID numbers. To say that LockBit was thorough is an understatement. Some of the leaked data belonged to the insured’s children, parents, grandparents and guarantors. This is by far the largest breach of health data in 2023. LockBit has claimed several high-profile attacks in recent months despite its leader being arrested in November 2022. The full impact of the MCNA breach remains to be seen, but it’s surely devastating for those whose information has been exposed.
Android Malware Hidden in Play Store Apps Downloaded Over 400 million Times
Security researchers have discovered a new Android malware posing as an advertisement SDK in multiple apps. Many of the apps are on Google Play and have been downloaded over 400 million times collectively. The researchers who discovered the spyware have tracked it as “SpinOk,” and note that it can extract private user data and export it to a remote server. The malware is hidden under the facade of a mini-game that lures users in by promising daily rewards and prizes. The researchers at Dr. Web stated that the app uses a trojan SDK to make sure it isn’t opened in a sandbox environment before it searches the user’s device and steals the user’s personal data including private images, videos and documents. It hasn’t yet been determined if the malware was knowingly included by the developers of the compromised apps, but most of the apps have now been removed from Google’s Play Store. A full list of the apps can be found here, and it’s recommended that any of these apps be uninstalled from your devices immediately.
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser
The RSA Report: Boots on the Ground – Amber Wolff
The RSA Report – New Tactics, New Technologies – Amber Wolff
The RSA Report: The Road to RSA – Amber Wolff
RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff
Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr