SonicWall's weekly Cybersecurity News and Trends.

Cybersecurity News & Trends – 09-22-2023

CISA and the FBI issued a warning on an RaaS operation. The International Criminal Court was breached. A hacker out-pizza’d the Hut.

By

Today is National Ice Cream Cone Day, but that’s not the only scoop. This week SonicWall announced its revamped SecureFirst Partner Program to much acclaim. The changes are a culmination of actively listening to our partner community and implementing changes that put partners first, as reported on by eChannel News, MSSP Alert, Channel Futures and CRN. In other SonicWall news, CSO spoke with SonicWall Vice President of Strategic Partner Enablement and Integration Bobby Cornwell about his thoughts on the cyberattack at MGM.

In industry news, Dark Reading reported on CISA and the FBI’s alert on ‘Snatch’ ransomware-as-a-service (RaaS). Bleeping Computer had the lowdown on the breach at Pizza Hut Australia and the cyberattack on the International Criminal Court in the Netherlands. Hacker News provided details on a hacker named ‘Sandman’ using a strange Lua-based malware to breach telecom companies.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall: ‘Complacency is the enemy in the cybersecurity game’

Unleash, SonicWall News: SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.” Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million). However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million. Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.

Liongard Expands SonicWall Relationship to Enhance Configuration Change Detection and Response with Capture Client Platform to Mitigate Cybersecurity Risk

Business Wire, SonicWall News: “Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard, “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes, both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

Industry News

CISA and FBI Sound the Alarm on Snatch Ransomware Service

This week, CISA and the FBI issued a joint advisory on a ransomware-as-a-service (RaaS) operation called “Snatch.” Snatch has been active since at least 2018, and the group’s RaaS software is known for forcing Windows computers to boot into safe mode and then encrypting files. The advisory issued by both agencies warns that the group is turning its eyes to critical infrastructure sectors such as IT, defense and agriculture. Snatch has been more active over the past year, which may explain the timing of this advisory. Snatch infiltrates organizations in a variety of different ways including using stolen credentials and targeting vulnerabilities in Remote Desktop Protocol (RDP). Once inside, the group uses a mixture of legitimate and malicious tools to exfiltrate sensitive data before encrypting the files. Cybersecurity experts noted that a majority of these attacks have been focused on organizations in North America. Any organizations in the listed critical sectors should be paying extra attention as Snatch continues its spree.

193,000 Customers Affected by Pizza Hut Australia Breach

Customers of Pizza Hut Australia are being notified this week of a cybersecurity incident that allowed threat actors to nab their personal information. Pizza Hut Australia’s servers that store customer’s sensitive data were accessed by hackers earlier this month. The notification stated that the breached data included customer record details and online order information. It includes full names, delivery addresses, delivery instructions, email addresses, phone numbers, masked credit card data and encrypted passwords. Despite the encryption of the passwords, Pizza Hut Australia did suggest customers consider changing their passwords. A threat actor named ‘ShinyHunters’ who breached Pizza Hut Australia in early September stated that they gained access to Pizza Hut Australia via an unprotected Amazon Web Services (AWS) endpoint. It’s unclear so far if the attack by ShinyHunter is the same attack Pizza Hut Australia is notifying customers of at this stage, but it does seem like a possibility. All Pizza Hut Australia customers should be watching their emails vigilantly for any suspicious communications.

European, African and South Asian Telecom Providers Targeted by ‘Sandman’ Hacker

Security researchers have linked a threat actor named “Sandman” to a series of cyberattacks targeting telecom providers in three continents. The hacker is utilizing a just-in-time (JIT) compiler called LuaJIT, which is used for coding in the programming language Lua, to deploy a novel implant called ‘LuaDream.’ While no known threat group has taken credit for the attacks, researchers implied this didn’t seem like a one-man show. The security researchers stated that the way LuaDream is executed indicates it’s a “well-executed, maintained and actively developed project of considerable scale.” According to Hacker News, seeing Lua used in the threat landscape isn’t very common. In fact, it’s only been observed three times since 2012. Researchers aren’t entirely certain how the threat actors are gaining initial access, but they do know it involves stealing administrative credentials and obtaining information to breach workstations and deliver the malware. Researchers should learn more as the threat actor(s) continue attacks throughout the three continents, but this does seem to be a strange tool.

International Criminal Court Suffers Cyberattack

The International Criminal Court (ICC) released a statement concerning a cyberattack that took place last week. The ICC noticed its systems had been breached and immediately took measures to address the incident. The ICC is hosted by the Netherlands, and Dutch authorities are now involved in the investigation. While the ICC didn’t release further information on the damage that had been done during the cyberattack, the organization did state that it will be making greater efforts to strengthen its cybersecurity. The ICC typically investigates and prosecutes the worst of the worst crimes affecting international communities, such as war crimes, genocide and more. This year, the ICC issued an arrest warrant for Russian President Vladimir Putin for war crimes in Ukraine. It’s unclear what the threat actors’ goals were for this attack, but the investigation should shed light on that.

SonicWall Blog

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Jordan Riddles
Copywriter | SonicWall
Jordan Riddles is a Copywriter for SonicWall. Prior to joining the SonicWall team, he was an editor and copywriter for a publishing house as well as a poetry journal. Jordan is a graduate of Northeastern State University in Tahlequah, Oklahoma. In his spare time, he enjoys cooking, reading and disc golfing.