Cybersecurity News & Trends – 08-04-2023
Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
August is here, and today we’re celebrating National Chocolate Chip Cookie Day – you should consider doing the same. SonicWall has had a great week in the news following last week’s release of our Mid-Year Update to the 2023 Cyber Threat Report, as well as this week’s announcement of Michelle Ragusa-McBain’s promotion to SonicWall Global Channel Chief, which was covered by both CRN and Channel Futures.
In industry news, TechCrunch covered a Russian state-backed Microsoft Teams attack. Nextgov broke down the Biden administration’s new National Cyber Workforce and Education Strategy. Dark Reading provided details on Tesla jailbreaks that could put more drivers in the hot seat – literally. Bleeping Computer had the lowdown on Chinese hackers breaching air-gapped computers in Eastern Europe.
Remember to keep your passwords close and your eyes peeled: cybersecurity is everyone’s responsibility.
SonicWall News
SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief
CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.
SonicWall Promotes Cisco Vet to Global Channel Leader
Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.
Ransomware Attacks Skyrocket in Q2 2023
Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.
The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”
How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe
DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.
Cryptojacking attacks surge 399% globally as threat actors diversify tactics
ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.
SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics
CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.
Evolving Threats – Evolved Strategy
ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.
Britain’s Biggest Hospital Held To Ransom
Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”
Hackers claim breach is the ‘biggest ever’ in NHS history
Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.
How to Reach Compliance with HIPAA
TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.
Why Attackers Love to Target IoT Devices
VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.
Industry News
US Cyber Workforce to Expand Under New White House Strategy
The new National Cyber Workforce and Education Strategy was released by the Biden administration this week. The plan centers around making cybersecurity education more affordable and accessible and also making cybersecurity concepts more of a focus in early childhood education. The plan was released by the Office of the National Cyber Director, which is currently occupied by Camille Stewart Gloster while Harry Coker Jr awaits confirmation. Stewart Gloster explained that the plan is upheld by four pillars – teach every American foundational cyber skills, strengthen and grow America’s cyber workforce, transform cyber education and strengthen the federal cyber workforce. Obviously, not every American will end up working in cybersecurity, but having those foundational skills will still be a huge benefit to the country as a whole. Demand for skilled cybersecurity workers is higher than ever currently. Under the Biden administration’s plan, some of the barriers to breaking into the cyber workforce will be lowered or broken down to allow more diverse workers and workers coming from lower-income backgrounds to get a foot in the door. This plan will not create changes overnight, but it’s a positive step forward in a world increasingly jostled by cyberattacks.
Russian Threat Actors Hack Government Agencies Using Microsoft Teams
A social-engineering attack from Russian state-sponsored hackers has left dozens of organizations across the globe feeling vulnerable, including some government agencies in the United States. The Russian hacker group ‘Cozy Bear’ posed as technical support staff on Microsoft Teams in order to steal user credentials and infiltrate organizations. The threat actors used already compromised Microsoft 365 accounts to make the phony accounts and sent messages to Teams users trying to get them to approve multi-factor authentication prompts. Once they got in, they then exfiltrated sensitive data. Microsoft didn’t name any of the organizations or agencies that fell victim to these attacks, but they did state that the targets indicated “specific espionage activities” from the hackers.
Researchers Have Figured Out How to Jailbreak Teslas
Where there is a feature locked behind a paywall, there are people who want to find a way to get past it, and Teslas are no different. Researchers have found that it’s possible to jailbreak a Tesla to unlock paywalled features like heated seats, faster acceleration and even faster internet speeds. The jailbreak can even unlock self-driving features that are against the law in certain parts of the world. The researchers were doctoral students from Technical University Berlin, and they’ll present their research at Black Hat USA next week. One of the students claimed that the attack they’ve discovered can be pulled off by anyone with an electrical engineering background, a soldering iron and around $100. Using the attack, the students were able to take it a step further and reverse-engineer the boot flow to extract a “vehicle-unique, hardware-bound RSA key” that is used to authenticate the car to Tesla’s network. It’s that key that can allow users to implement region-locked features like maps and self-driving. The researchers did note that this attack could also be used for more nefarious purposes such as stealing private data and personal information. The full scope of the attack should be unveiled at Black Hat USA in the session titled, “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater.”
Air-gapped Devices in Eastern Europe Breached by New Malware
Industrial organizations in Eastern Europe have been under fire recently from a Chinese state-sponsored hacking group known as ‘Zirconium.’ Zirconium has been developing a new type of attack to steal data from air-gapped computers, which are typically responsible for critical functions and holding an organization’s most sensitive data. The attack works by using a complex system of implants and modules in stages to profile the systems, infect them, steal data and finally export data. The stolen files are actually archived using WinRAR and then uploaded to Dropbox. The entire attack took over a year, beginning in April 2022 and involving three separate stages. Bleeping Computer has a more in-depth analysis of exactly how the attack works from beginning to end.
SonicWall Blog
Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh
First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff
If It’s Easy, It’s TZ – Tiju Cherian
Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain
SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald
3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain
Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri
Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari
SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser
NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian
Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald
NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian