It’s the weekend before the Fourth of July, and SonicWall has been sparkling in the media this week. Trend Micro cited SonicWall’s data on healthcare, and Venture Beat cited the 2023 Cyber Threat Report on IoT data.
In industry news, researchers told Dark Reading that businesses embracing AI too quickly are putting themselves at risk. Hacker News provided details on the widespread credential theft attacks Microsoft has warned about. Bleeping Computer has the scoop on hundreds of Federal Government devices that aren’t complying with CISA’s new protocols. Ars Technica tells all on an unexpected way that the Reddit protests have affected Google searches.
Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.
TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.
VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.
StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.
ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.
As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.
Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.
Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.
Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.
“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”
eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.
“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”
CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.
Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”
CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.
The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.
Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures
TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.
Enterprises Embracing Generative AI Are Putting Themselves at Risk
Large language model (LLM) technologies are still the talk of the town, but are organizations diving headfirst into the tech too quickly? Some researchers are skeptical. A report released this week showed that projects being developed with generative AI in the open-source space are overall insecure. This means organizations running these projects are greatly increasing their risks by adopting these technologies so quickly. The researchers say that this risk will only increase as more and more companies try to capture lightning-in-a-bottle by fully embracing AI. The research group studied 50 of the most popular LLM-based open-source projects on GitHub to reach their conclusions, determining that the security of most of these projects is lackluster at best. The researchers found four key risk areas to highlight: trust boundary risk, data management risk, inherent model risk and basic security best practices. Their advice to organizations embracing software like ChatGPT and other LLMs is to increase their awareness of the unique challenges and security concerns that come with the LLM territory. They recommend an approach called “secure-by-design,” which involves using existing frameworks like the Secure AI Framework (SAIF), NeMo Guardrails or MITRE ATLAS to mitigate their organizations’ risks. Security risks from AI are only going to increase in the coming months and years. Anyone using AI as a part of their development pipeline should take precautions on top of precautions to mitigate these risks as much as possible.
Microsoft Alerts Users of Widespread Credential Theft by Russian Threat Actors
A Russian hacking group called “Midnight Blizzard” is behind a significant uptick in credential-stealing attacks according to Microsoft. Microsoft’s threat intelligence warned that the attacks are targeting governments, IT service providers, NGOs, critical manufacturing sectors and the defense sector. Midnight Blizzard was formerly known as “Nobelium,” which was the group responsible for the SolarWinds supply-chain compromise in December 2020. Many of these attacks are focused on Ukraine and showcase the determination of Russian threat actors to extract valuable data on various organizations either in Ukraine or across Europe. Many of the attacks focused on Ukraine typically involve wiper malware intended to destroy data. These attacks currently show no signs of slowing down.
Reddit Protests Affect Google Searches for Millions
Reddit’s users have been protesting this month concerning the changes Reddit is making to its API access. In response, many of the specific forums – or subreddits – decided to protest by shutting down. While many of these forums have since come back online, some of them have remained shut down since it doesn’t appear Reddit will be reversing course on its API changes. As it turns out, a lot of people were adding “Reddit” to the end of Google searches to get better search results. With so many parts of Reddit shutting down, Google users took notice, and so did Google. Google CEO Sunder Pichai stated that users who add “Reddit” to the end of their searches are looking for more comprehensive answers than the average searcher. Google is apparently working to make its users less dependent on jumping through hoops like adding “Reddit” to get the results they want, but the clock is ticking as the July 1st date for Reddit’s API changes to take effect quickly approaches.
Hundreds of Federal Agency Devices Aren’t Following New CISA Directive
Security researchers have found hundreds of Internet-exposed devices in U.S. federal agencies that aren’t being secured in accordance with the new CISA Binding Operational Directive. The researchers analyzed 13,000 individual hosts from more than 50 Federal Civilian Executive Branches (FCEBs) and found almost 250 that weren’t following the new protocols. They also found many servers that were using MOVEit, GoAnywhere MFT and SolarWinds Serv-U file transfer tools – softwares known to be heavily targeted by threat actors. According to CISA’s Binding Operational Directive 23-02, the non-complying devices have 14 days to be secured upon identification. CISA will offer assistance to agencies when requested and provide guidance on ensuring strong security for the devices.
Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri
Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari
SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser
The RSA Report: Boots on the Ground – Amber Wolff
The RSA Report – New Tactics, New Technologies – Amber Wolff
The RSA Report: The Road to RSA – Amber Wolff