Cybersecurity News & Trends Blog Cover
SonicWall Staff

Cybersecurity News & Trends – 04-15-22

By

SonicWall continues to generate a steady flow of hits from various industry and trade publications and bloggers. In general cybersecurity news, some folks in the cyber security community are uncomfortable with a loophole found in the Cybersecurity Act of 2022. Another news item raises more concern for a rapidly developing threat for US energy companies. Meanwhile, the feds shut down a hacker’s marketplace; a UK government office apologized for an email breach; more malware grief for Microsoft windows and the hacker group NB65 claims they used Russian malware tools to hack the Russian space agency.

SonicWall News

Ransomware Response: 5 steps to Protect Your Business

Security Boulevard: Last year was the most costly and dangerous year on record for businesses dealing with ransomware attacks. That’s according to network security experts, SonicWall, who by Q3 2021 were reporting an almost 150% year-on-year increase in ransomware attacks worldwide.

Russia-Ukraine Conflict: The Time for Cyber Security Is Now

Seeking Alpha: “According to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to a total of 623.3M attacks. Encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.”

Panasonic Canadian Operations Suffer Data Breach

Security Magazine: According to SonicWall’s 2022 Cyber Threat Report, governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

Clumio Protect releases turnkey ransomware protection solution for Amazon DynamoDB

VentureBeat: The announcement comes as ransomware attacks are on the rise, with SonicWall researchers recording 623.2 million ransomware attempts in 2021, an increase of 105% from the year before.

Cyber Threats And Ransomware Attacks Surge As The Government And Private Industry Try To Keep Up

Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and is up 232% since 2019. We hear from a cybersecurity expert about what’s being done by the government and the private sector to push back against the flood of digital and online threats.

Enterprise Infrastructure VPN: Which solution is best?

IDG Connect: In a review of SonicWall Netextender, the author says that SonicWall “enforces granular access policies and extends network access through native clients. It also enhances firewall encryption and security by redirecting all client traffic through VPN.”

Rise of RaaS

Professional Security Magazine: In fact, the number of ransomware attacks has been so frequent that SonicWall’s 2022 Cyber Threat Report revealed governments worldwide saw an 1,885 per cent increase in 2021.

Industry News

Cybersecurity Act of 2022: A Step in the Right Direction with a Significant Loophole

Dark Reading: Recently, the Strengthening American Cybersecurity Act 2022 passed without any partisan debate, such are the cyberthreats facing the United States and the rest of the world. Most cybersecurity communities were pleased to see Congress quickly act on this critical issue. However, some were alarmed by a loophole in the legislation that may hinder a basic tenet of the bill to share cyber security information across all platforms to increase cybersecurity. This loophole includes a complete exclusion of DNS services from reporting requirements and other obligations required of all other companies and entities. This article explains what appears to be an astonishing and deliberate omission in detail. MeriTalk posted a related story. The CISA will roll out a new protected Domain Name System technology (DNS) in 2022 under the Trusted Internet Connections program. Although the new DNS technology will strengthen protections, there are no provisions to share WHOIS or other DNS operations or make cyber security incidents easier to report and track.

US Warns Energy Firms of A Rapidly Advancing Hacking Threat

EnergyWire/E&E News: US intelligence services and the Department of Energy reported that “custom-made malware” was discovered targeting electricity and natural gas infrastructure systems. The FBI and CISA issued a joint alert urging energy companies to strengthen their cybersecurity defenses against a possible attack that could gain “full system access.” This news comes after the Ukrainian government announced Tuesday that it had stopped an attack by the “Sandworm,” an elite Russian hacking group, to disrupt industrial control systems (ICS) that run high-voltage substations. It is possible that the attack would have caused temporary power outages to 2 million people if it had been successful (MIT Technology Review). ARS Technica reports that the FBI and CISA have discovered a “Swiss Army Knife” that can hack industrial control systems. The hack tool, dubbed “Pipedream”, is a versatile malware toolkit designed explicitly for refineries and power grids. This report follows a CISA “shields-up” alert regarding cybersecurity awareness that Forbes reported in February.

Feds Shut Down RaidForums Hacking Marketplace

ThreatPost: US law enforcement shut down the largest cybercriminal online forum in the world and announced federal charges against 21-year-old Portuguese citizen Diogo Santos Coelho on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. Security professionals pointed out that hackers will still be able to buy and sell data stolen from cyber-attacks. However, this takedown is unlikely to cause a lasting disruption. Tuesday, the Department of Justice (DoJ) announced that it had seized three domains to shut down RaidForums, an English-language online marketplace used by cybercriminals to purchase and sell databases taken from companies through ransomware or other cyber-attacks. According to a Tuesday press release, the domains that federal agents seized after they obtained judicial authorization were “raidforums.com,” “Rf.ws” and “Raid.lol”.

Home Office’s Visa Service Apologizes for Email Address Data Breach

The Guardian: The UK’s Home Office’s Visa Service has apologized for a data breach that saw the email addresses of over 170 people accidentally copied into an email sent last week. On 7 April 2022, a message was sent to more than 170 addresses about the need to change the location of a visa appointment with the UK Visa and Citizenship Application Service. Private contractor Sopra Steria manages the UKVCAS on behalf of the Home Office. Some email addresses looked like personal Gmail accounts, while others were associated with lawyers from various firms.

Investigation Into A Computer Breach Involves City Officials And Employees

Fox News (Cleveland): An investigation is ongoing into a computer security breach in the City of Cleveland. Multiple sources claimed it occurred on Saturday. A message was sent to officials and employees of the city, stating that it had been reported. The message said, “We have identified an account compromised on our network trying to harvest log-in passwords.”

Advisory: Hackers Are Using a Simple Trick To Hide Their Windows Malware

ZDNet: Microsoft exposed Tarrask as malware likely to have been created by a state-sponsored hacking organization in China. The program targets Windows computers and makes invisible software updates. The malware was attributed to Hafnium by the Windows maker, the same hacking group that the US and UK blamed for the Exchange Server hacks last year. Tarrask malware causes Windows to run unscheduled tasks and can be installed on Windows machines and remain there undetected after a reboot. The malware uses the Windows Task Scheduler, which admins can use to automate tasks like software updates for browsers or other apps. However, in this instance, the attackers are the ones using it.

Anonymous-Affiliated Hacking Group Used Russia’s Own Ransomware Against Russian Space Agency

Daily Mail (UK): Last month, Anonymous-affiliated Network Battalion 65 claimed it had stolen files from Russia’s space agency Roscosmos. It claimed it also had taken down Roscosmos satellites. Dmitry Rogozin, the head of the Agency, denied that it had lost control over its systems and called out the group’s claims as a scam. However, according to a wide swath of cybersecurity experts, Russia-watchers, and verified by several news outlets, the ransomware ‘Conti’ was indeed used by the NB65 group in a successful hack of Roscosmos. This draws us to the last bit of irony: Conti originates from a Russian cyber-crime organization of the same name.

In Case You Missed It

SonicWall Staff
Recommended Cyber Security Stories
SonicWall's weekly Cybersecurity News and Trends. Cybersecurity News & Trends - 12-02-2022
Inside the Modern Phishing Campaigns of 2019
Think Before You Click: Spotting and Stopping a Phish
SonicWall's weekly Cybersecurity News and Trends. Cybersecurity News & Trends - 09-14-2023
Cyber Security News & Trends – 10-18-19
SonicWall's weekly Cybersecurity News and Trends. Cybersecurity News & Trends - 07-29-22
Ransomware Can Cost You Millions; Is Your Network Secure?
SonicWall's weekly Cybersecurity News and Trends. Cybersecurity News & Trends - 06-17-22