September is here, which means the great pumpkin spice drought has finally come to an end. Unfortunately, there’s been no such drought in cybercrime. Be sure to read our Mid-Year Update to the 2023 Cyber Threat Report for the latest trends and details on all things concerning cyber threats.
In industry news, PC Magazine covered the FBI’s huge takedown of the Qakbot botnet. Bleeping Computer had the lowdown on the cyber incident at the University of Michigan. Tech Crunch provided details on the massive data breach at Forever 21. Dark Reading broke down a major vulnerability in Openfire’s enterprise messaging application.
Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.
CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.
Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.
Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.
The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”
DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.
ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.
CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.
ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.
Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”
Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.
TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.
VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.
FBI Circulates Uninstaller to Dismantle Qakbot Botnet
Qakbot, which is a Trojan intended to steal bank account information, has been in circulation since 2008. This week, the United States Justice Department and the FBI announced the success of an operation in which they seized control over the Qakbot servers and forced the botnet to send out an uninstaller that removed the program from infected computers. Agents involved in the investigation said the botnet was controlling some 700,000 computers, 200,000 of which were in the U.S. This is a major blow to cybercrime since Qakbot was so widespread and had been around for such a long time. This probably isn’t the absolute end of the malware, but it’s dealt an incredibly hefty blow to it. Not only did Qakbot work to steal bank account information, but it also operated as a botnet. The creators of Qakbot would sell access to the infected computers to other cybercriminal groups. In a YouTube video announcing the operation’s success, FBI director Christopher Wray stated, “The FBI neutralized this far-reaching, criminal supply chain, cutting it off at the knees.” Qakbot has been linked to some of the most notorious ransomware gangs in the world such as Lockbit, Conti, Black Basta, Royal, Revil and more. The losses suffered by victims of Qakbot are thought to be in the hundreds of millions of dollars. The fight against cybercrime is never-ending, but this is a victory worth celebrating.
Cyberattack Forces University of Michigan to Shut Down Network
The University of Michigan, home to some 30,000 staff and 51,000 students, was forced to shut down all of its network services this week to deal with a cybersecurity incident. The incident took place the day before classes were set to start back for the fall semester. The university had to shut down multiple services including Google, Canvas, Wolverine Access and email services. Since disconnecting, many services have now been restored, including Zoom, Adobe Cloud, Dropbox, Slack, Google and Canvas. The U of M is working with law enforcement and external cybersecurity experts to get to the bottom of the incident, but so far, more information hasn’t become available.
539,000 Customers Affected by Forever 21 Data Breach
Mall-staple Forever 21 suffered a data breach earlier this year that’s affected more than half a million customers. The hacking began in January 2023 and lasted for over three months. The threat actors obtained sensitive information such as data on current and former employees. The stolen data included the names, dates of birth, bank account info, Social Security numbers and healthcare information of the employees. Forever 21 released a statement saying, “Forever 21 has taken steps to help assure that the unauthorized third party no longer has access to the data.” Folks at Tech Crunch speculated that this could imply Forever 21 paid the hacker in exchange for the deletion of the stolen data. If that were the case, there’s no way to trust that the cybercriminals actually deleted the data. This is the second major breach at Forever 21, the first coming in 2017 with a massive theft of credit card numbers. Only time will tell the true ramifications for the employees whose data was stolen.
Kinsing Threat Group Targets Openfire Cloud Servers
A vulnerability in Openfire’s enterprise messaging application is being exploited by the Kinsing hacker gang. The vulnerability, tracked as CVE-2023-32315, is being used by the gang to create fake admin users in Openfire cloud servers that are then used by the group to take full control of the instance. Once they have access, they upload malware and a cryptominer to the servers. Security researchers have tallied over 1,000 attacks utilizing this vulnerability in the past two months. The researchers actually created an Openfire server intended to be used as a honeypot in July. It was attacked almost immediately, and they were able to track 91% of the attacks back to the Kinsing hacker gang. Dark Reading ran a Shodan search that showed over 6,000 internet-connected Openfire servers and found that 984 of those were vulnerable to the flaw. The researchers are asking any organization using Openfire servers to check their systems for vulnerabilities and patch them accordingly.
Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain
Why Education is the New Cybercrime Epicenter – Amber Wolff
How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian
Cryptojacking Continues Crushing Records – Amber Wolff
Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian
Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh
If It’s Easy, It’s TZ – Tiju Cherian
Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain
SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald
3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain
Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri
Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari