Cybersecurity News & Trends – 06-22-2023
Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
June is rolling right along, and so is SonicWall’s presence in the news. This week, ComputerWeekly quoted our EMEA Vice President Spencer Starkey on how victims of the MOVEit attacks should plan their next moves. StateTech cited ransomware data from the 2023 Cyber Threat Report.
In industry news, Dark Reading has the scoop on a power meter vulnerability that could lead to blackouts. TechCrunch provided details on the Reddit hack and the demands of the gang behind it. Hacker News says over 100,000 stolen ChatGPT credentials have found their way onto the Dark Web. Bleeping Computer spread the word on RepoJacking issues at GitHub.
Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.
SonicWall News
Changes in the Ransomware Threat to State and Local Governments
StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.
Clop’s MOVEit ransom deadline expires
ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.
As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.
How Healthcare Organizations Are Looking at the Big Picture of Device Security
Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.
The Capita data breach explained
Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.
Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.
“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”
How Generative AI Will Remake Cybersecurity
eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.
“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”
Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches
CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.
U.S.-South Korea Forge Strategic Cybersecurity Framework
Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”
Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data
CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.
Cryptomining group traced to Indonesia uses compromised AWS accounts
The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.
Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures
TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.
Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen
ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.
The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”
10 Best Firewalls for Small & Medium Business Networks in 2023
Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.
Industry News
Power Meter Vulnerability Could Cause Blackouts
A security vulnerability in a power meter could give threat actors the ability to cause blackouts in any areas using the meters. The Schneider Electric ION and PowerLogic meters transmit user ID’s and passwords in plaintext with every message. A threat actor could theoretically intercept transmissions including these credentials and use those credentials to change settings or even shut power off. The advisory from Schneider stated that the ION protocol is 30 years old but has been enhanced with support for authentication. The flaw was originally slated to be released in June of last year but was pushed back to now due to patching processes. The patch will create a secure protocol version that includes encryption for the credentials.
Researchers Warn that Millions of GitHub Repositories Vulnerable to RepoJacking
After analyzing a sample of 1.25 million GitHub repositories, security researchers found that 2.95% of those analyzed repositories are vulnerable to RepoJacking. When they extrapolated this data to encompass GitHub’s entire library of over 300 million repositories, they estimated that more than 9 million projects could be affected. On GitHub, it’s not uncommon for users to change their usernames or for organizations to rename their projects. When this happens, GitHub redirects code from the renamed projects to avoid breaking the code of the main project. RepoJacking occurs when a threat actor registers a project with the same name as a renamed project. When this occurs, the redirection is invalidated and the project will begin pulling dependencies from the threat actors repository instead of the renamed repository. GitHub has implemented some defenses against these types of attacks, but the researchers stated that these defenses are incomplete and easy to bypass. This issue isn’t just affecting small projects from people who are simply overlooking some things – the researchers even found a repository managed by Google that’s affected. RepoJacking is widespread and incredibly difficult to prevent. The researchers recommend owners minimize the resources they pull from external repositories whenever able.
BlackCat Ransomware Gang Demands Reddit Reverse Course on API Changes
The BlackCat ransomware gang allegedly stole 80 gigabytes of data from Reddit in February 2023 and is now threatening to release the data unless Reddit both pays a ransom and reverses its API price increase. A spokesperson of Reddit declined to comment on the matter but did confirm that the ransomware gang was involved in an attack on Reddit in February. BlackCat hasn’t shared any evidence supporting their claim, but it’s worth noting that they were involved in another attack in March targeting hardware manufacturer Western Digital. A member of BlackCat said that they are “very confident that Reddit will not pay any money for their data,” noting that the gang expects to leak the data onto the Dark Web. This isn’t Reddit’s first rodeo with a major breach. In 2018, hackers stole a complete copy of Reddit data from 2007 that included vital information like private messages, usernames, hashed passwords and more. Reddit has been under fire recently for their API price hikes that many believe are intended to kill off third-party apps that access Reddit’s data to provide users an alternate experience to the official Reddit app. It doesn’t appear that Reddit intends to reverse the price change or pay the ransom for their data at this time.
Over 100,000 Stolen ChatGPT Credentials Listed on Dark Markets
Between June 2022 and May 2023, over 100,000 stolen credentials for OpenAI’s ChatGPT have been posted for sale on various Dark Web markets. Security researchers who made the discovery said that a majority of the credentials were stolen using the Raccoon info stealer with the Vidar and RedLine info stealers trailing behind. Most of the stolen credentials came from India, Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia and Bangladesh. Since ChatGPT’s default settings save all conversations, these credentials could give threat actors a huge amount of sensitive information. Users should follow basic cyber hygiene and secure their accounts with multi-factor authentication (MFA) to prevent threat actors from taking over their accounts or stealing their information.
SonicWall Blog
SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh
The Dangers of Zero-Days in Popular Products – Ken Dang
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser
NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian
Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald
NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian
The RSA Report: Boots on the Ground – Amber Wolff
The RSA Report – New Tactics, New Technologies – Amber Wolff
The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff
The RSA Report: The Road to RSA – Amber Wolff
RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff
Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr