SonicWall's weekly Cybersecurity News and Trends.

Cybersecurity News & Trends – 07-21-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.


Today is National Junk Food Day, so be sure to give your body proper nourishment – “proper nourishment” can be left to interpretation. What can’t be left to interpretation is SonicWall’s great week in the news. Cyber Security Intelligence quoted SonicWall’s Vice President of EMEA Spencer Starkey on healthcare security. ITVoice published an article from our own Vice President of Regional Sales in APAC Debasish Mukherjee.

In industry news, Dark Reading had the lowdown on a hacker’s epic self-own and the strange double breach at Estée Lauder. TechCrunch provided details on the North Korean Lazarus group’s hack of JumpCloud. Bleeping Computer broke down CISA’s new list of free tools and resources.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Industry News

Hacker Accidentally Infects Own Computer, Sells Contents to Threat Researchers

A prolific Russian threat actor has completely played himself in a way we’re unlikely to see again for some time. The hacker known as “La_Citrix” has been operating on Russian language forums since 2020. Their signature move has been to hack organizations using Citrix remote desktop protocol (RDP) and then sell the information on Dark Web forums. That is, until they infected themselves with their own infostealer and then sold their own information (including location, full name and address) to threat researchers posing as hackers. Threat researchers realized something was funky with the data they had bought when they noticed a single user in the data appeared as an employee at almost 300 different companies. From there, they unraveled the bizarre circumstances that led to La_Citrix’s legendary self-own. La_Citrix had been using his own personal computer for all of his nefarious deeds and sold all of his own information to the researchers. They’ve now forwarded the information to relevant authorities, and one can only imagine it’s just a matter of time before the hacker is in custody.

JumpCloud Breached by North Korean Lazarus Group

JumpCloud is a software company that focuses on identity and device verification for large enterprises as well as other authentication services. A wide variety of industries use JumpCloud’s platform, but North Korean state-backed hackers breached JumpCloud in order to gain access to the platform’s cryptocurrency clients. Until this week, JumpCloud didn’t know who was behind the attack, but security researchers have now linked the attack back to the North Korean Lazarus hacking group. Lazarus is well-known for targeting crypto businesses. North Korea uses the stolen crypto assets to fund its nuclear weapons program and other military programs. JumpCloud found that fewer than five customers and 10 devices were compromised during the attack. North Korea has been ramping up cyber attacks over the past several years, so much so that the United States announced new sanctions against North Korea’s “hacker army” in May. The U.S. State Department is also offering a bounty of $10 million for anyone who has information that could help stop the North Korean hackers.

Cl0p and BlackCat Both Hacked Estée Lauder at the Same Time

Cosmetic giant Estée Lauder has come forward as one of the latest victims of the MOVEit exploit, but it appears the cosmetic giant suffered a double whammy. The company was attacked by not one, but two ransomware gangs at the same time – both using the MOVEit exploit. According to Dark Reading, Cl0p and BlackCat both took credit for hacking Estée Lauder on the same day, but they were not working together. BlackCat released a statement clarifying that these were separate incidents, saying, “ELC has been attacked by our colleagues at Cl0p regarding the MOVEit vulnerability attacks. We have reiterated to ELC that we are not associated with them.” Security researchers familiar with the incidents noted that it isn’t totally odd for an organization to experience two breaches at the same time, especially with it being related to the MOVEit vulnerability. For now, Estée Lauder joins a long (and growing) list of victims that have been breached as a result of the MOVEit exploit.

CISA Shares Free Resources for Protecting Cloud Data

The United States Cybersecurity and Infrastructure Security Agency (CISA) has been emphasizing cloud security recently. This week they released a list of completely free tools and strategies for keeping cloud assets secure after making the leap from on-prem to cloud. The factsheet will help cybersecurity professionals better protect their organizations by helping identify and mitigate known vulnerabilities and threats. The tools listed in the sheet work alongside the built-in tools provided by cloud service providers like AWS and Azure. The tools help in a variety of ways including evaluating organizational cybersecurity posture, comparing configurations to baseline recommendations, detecting signs of malicious activity, generating MITRE ATT&CK mapping reports and building memory forensic environments on AWS. CISA has been focusing more on protecting critical infrastructures from cyberattacks, and the release of this factsheet is a continuation of those efforts.

SonicWall Blog

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

Jordan Riddles
Junior Copywriter | SonicWall
Jordan Riddles is a Junior Copywriter for SonicWall. He has a background in content creation and editing, and he lives in Tulsa, Oklahoma. Jordan is a graduate of Northeastern State University in Tahlequah, Oklahoma, with a focus in English and creative writing. In his spare time, he loves reading, cooking and disc golfing.