Cybersecurity News & Trends -08-18-2023
Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
Roses are red, violets are blue, today is National Bad Poetry Day, too. While our poetry might be bad, our Mid-Year Update to the 2023 Cyber Threat Report is excellent. Be sure to give it a read to stay on top of the latest trends and intelligence surrounding cyber threats.
In industry news, Dark Reading had the lowdown on a QR code phishing campaign that targeted a U.S. energy giant. Tech Crunch covered the new Citrix ShareFile bug that CISA is sounding the alarm on. Bleeping Computer provided details on the Discord.io hack and the ongoing LinkedIn account stealing debacle.
Remember to keep your passwords close and your eyes peeled: cybersecurity is everyone’s responsibility.
SonicWall News
SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief
CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.
SonicWall Promotes Cisco Vet to Global Channel Leader
Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.
Ransomware Attacks Skyrocket in Q2 2023
Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.
The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”
How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe
DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.
Cryptojacking attacks surge 399% globally as threat actors diversify tactics
ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.
SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics
CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.
Evolving Threats – Evolved Strategy
ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.
Britain’s Biggest Hospital Held To Ransom
Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”
Hackers claim breach is the ‘biggest ever’ in NHS history
Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.
How to Reach Compliance with HIPAA
TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.
Why Attackers Love to Target IoT Devices
VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.
Industry News
Major US Energy Company Targeted by QR Code Phishing Campaign
Security researchers discovered a QR code phishing campaign sending thousands of emails to employees of a major energy company in the United States as well as other industries. The lures sent out by the hackers included PNG attachments and redirect links that claimed to be associated with either Microsoft, Salesforce or CloudFlare. The emails included urgent messages telling employees to update their Microsoft account security settings, with the ultimate goal of credential theft. The campaign did target multiple industries, but a majority of the emails were sent to an unnamed top U.S. energy company. Other affected industries included manufacturing, insurance, tech and finance. The campaign is by no means over – it’s ongoing. According to researchers, it’s growing 270% each month. QR codes aren’t a traditional method of delivery for phishing lures, but the researchers noted that they’re more likely to reach inboxes due to limitations on Secure Email Gateways (SEGs). Most SEGs can scan links for malicious intent, but they can’t scan QR codes. That gives the attackers an advantage. Workers in the affected industries should stay vigilant and be cautious should they receive a QR code claiming they need to update security settings.
CISA Sounds the Alarm on New Citrix ShareFile Bug
It seems like filesharing tools are a prime target for threat actors in 2023, as CISA has issued a warning that hackers are now exploiting a bug in Citrix ShareFile. The bug, tracked as CVE-2023-24489, could spell bad news for federal enterprises which CISA noted are at significant risk from this particular vulnerability. The bug was discovered in June and given a severity rating of 9.8 out of 10. The flaw is concerning Citrix ShareFile’s “storage zones controller” feature that allows on-premise file storage as well as storage on supported cloud platforms. Threat actors could exploit the vulnerability to compromise these instances without needing a password. Security researchers noted that they’ve already found 6,000 publicly exposed instances as of July. Since we’re now in the middle of August, that number has likely increased. Organizations utilizing the vulnerable feature should work to patch this as soon as possible to mitigate risks. This vulnerability comes on the heels of the Cl0p ransomware gang’s exploitation of a bug in MOVEit’s files transfer tool that’s affected more than 200 organizations around the globe.
LinkedIn Accounts Hijacked, Some Even Asked to Pay Ransom
LinkedIn users are having a rough time this week as many users find themselves either locked out of their accounts or with their accounts completely hijacked. On top of that, LinkedIn support seems totally overwhelmed with users reporting lengthy response times and little to no resolutions. Some users have even experienced being asked to pay a ransom to get back their accounts. Dismayed users took to Reddit and Twitter to sound the alarm on both the breach and LinkedIn’s lack of response. LinkedIn still hasn’t made an official announcement despite some users reporting breaches as long as ten days ago. Bleeping Computer reported that the hackers are likely using stolen credentials or brute forcing to steal accounts. Users who have multi-factor authentication (MFA) enabled have faced lockouts as part of LinkedIn’s security policy. It’s unclear if it’s a hacking group or multiple individuals carrying out the attacks, but one common theme in the attacks is that the hackers replace the real owners’ email addresses with an email address ending in “rambler.ru”. If you frequent LinkedIn, it may be a good idea to go ahead and enable MFA and change your password just in case.
Data of 760,000 Discord.io Users Stolen, Service Shuts Down
A custom invite service for the popular communication application Discord has been shut down after an attacker managed to steal the data of 760,000 users. To be clear, the website that was hacked (Discord.io) is a third-party service that isn’t associated with the real Discord. The third-party service is widely used by people who own or manage Discord servers. This week, a hacker by the name ‘Akhirah’ began offering the data for sale on hacking forums and provided proof that the data was legitimate. The data included mainly usernames and email addresses, but it also included a small number of billing addresses as well as salted and hashed passwords. Discord.io’s response was to cease all operations for an indefinite period of time. Bleeping Computer spoke with the hacker, who claimed that this hack isn’t just about money. The hacker claims that some of the servers that Discord.io oversees link to illegal and harmful content and seemed to imply that that was at least part of their reason for the attack. Any users of Discord.io should be treating the situation as if their data will be abused. Since email addresses were included in the breach, they should keep a watchful eye out for emails attempting to get them to enter passwords or obtain other information.
SonicWall Blog
Cryptojacking Continues Crushing Records – Amber Wolff
Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian
Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh
First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff
If It’s Easy, It’s TZ – Tiju Cherian
Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain
SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald
3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain
Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri
Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari
SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser
NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian