Cybersecurity News & Trends

A summary of curated cybersecurity news and trends from leading media and security bloggers in the IT industry.

The mid-year update to the 2022 SonicWall Cyber Threat Report was quoted in dozens of news publications, namely the Washington Post and the Financial Times, plus several other professional journals serving a wide range of industries. From Industry News, we focused on big stories from Washington Post on the drop in ransomware this year. But cybersecurity professionals are extremely cautious against calling this a victory. A story from Bleeping Computer reports a shocking discovery of Android malware apps with more than two million installs. Wall Street Journal and Radio Free Europe reported that a Russian accused of money laundering for the Ryuk ransomware gang was extradited to the US. And finally, this week’s Big Read: DDoS attacks are on the rise, with contributions from Al JazeeraCyberwireBleeping Computer and Hacker News.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods. See additional comments in “Industry News.”

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Dutch Authorities Arrest Suspected Developer of Crypto Mixer Tornado Cash

The Financial Times, Bill Conner Quote: “If you look at this mixing capability . . . all [the government] is doing is inserting itself in the crypto supply chain to say, look, it can be used for good, for privacy, correct, but it can also be used for bad, which is what is alarming,” said Bill Conner, executive chair of SonicWall, a US cyber security group.

The Importance of Tech in Safeguarding Patient Health Information

CIO & Leader (India), SonicWall Byline: Patient care is shifting from treating acute medical problems to a new model: fostering ongoing wellness and quality of life. This transition is significantly transforming healthcare operational norms: today, there are many digital health innovations helping make patient-provider engagements more interactive, personalized and flexible throughout the patient-care continuum.

Cybersecurity: “Potentially real life or death situations”

Unleashed, Bill Conner Q&A: One of the report’s most shocking statistics was that there has been a 775% increase in global ransomware attacks in the health sector. Conner warns that this number of incidents is likely to go up again in the next 12 months before adding context into what is happening: ”COVID-19 challenged the resilience of the health care information systems – and bad actors were aware of this fact.”

ICYMI: Our Chanel News Roundup

ChannelProNetwork, Threat Report Feature: The midyear update to the 2022 SonicWall Cyber Threat Report charts the rise of global malware, including a 77% spike in IoT attacks, and a 132% rise in encrypted threats. The report found that cybercriminal activity increased at least partly in response to geopolitical strife. That meant a 63% increase in ransomware attacks in Europe with a focus on financial sector companies, despite a 23% reduction in attack volume worldwide.

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Industry News

Is the drop in ransomware numbers an illusion?

The Washington Post: Ransomware has been a major problem in cyberspace for years. Ripping off from victims billions of dollars is widely reported, but it can also cause panics about food, fuel, and possibly even the death of a child. However, ransomware has been showing signs of decline over the past few months. So, what’s behind these diminishing figures? As mentioned earlier, Washington Post notes SonicWall, among other companies, as sources for their story. While the story doesn’t quote the Mid-Year Update to the 2022 SonicWall Cyber Threat Report, it echoes a few key points from the report.

First, the changing geopolitical landscape have undoubtedly complicated cybercriminal activity, along with volatile cryptocurrency prices, and increased pressure from international law enforcement. However, while a decrease in ransomware volume is unquestionably good news, keeping this drop in perspective is essential. The amount of ransomware we’ve seen in the first half of 2022 has already eclipsed the full-year totals for each of the years 2017, 2018 and 2019, meaning we’re still far above pre-pandemic levels. The bottom line: ransomware may be down, but it certainly isn’t out.

Android malware apps with 2 million installs found on Google Play

Bleeping Computer: A new batch of thirty-five malware Android apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims’ mobile devices. The apps were found by security researchers at Bitdefender, who employed a real-time behavior-based analysis method to discover the potentially malicious applications. Following standard tactics, the apps lure users into installing them by pretending to offer some specialized functionality but change their name and icon immediately after installation, making them difficult to find and uninstall.

Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang is Extradited to the US

Wall Street Journal: A Russian national who was extradited from the Netherlands to Portland, Ore., this week pleaded not guilty to charges of allegedly laundering cryptocurrency proceeds from ransomware attacks in the U.S. and abroad, the Justice Department said. Denis Dubnikov, a 29-year-old Russian, was arraigned in federal court in Portland, Ore., where he was arraigned and pleaded not guilty. If he is convicted, Dubnikov faces a maximum sentence of 20 years in federal prison; three years supervised release and a fine of $500,000. He and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the U.S. and abroad.

According to Radio Free Europe/Radio Liberty, Dubnikov owns small crypto exchanges in Russia. In November, he was detained in the Netherlands after being denied entry to Mexico and put on a plane back to the EU country. The arrest has been one of U.S. law enforcement’s first potential blows to the Ryuk ransomware gang, which is suspected of being behind a rash of cyberattacks on U.S. healthcare organizations.

BIG READ: DDoS Are on the Rise

Various Sources: It’s not your imagination; distributed denial-of-service (DDoS) attacks are growing in frequency and in size.

Google Cloud just reported one attack that clocked 46 million requests per second (rps) which is the largest Layer 7 DDoS reported to date – more than 76% larger than the largest reported by Cloudflare earlier this year.

Not only do threat actors use infected routers, servers, and computers to launch a flood of requests to a website in denial-of-service attacks, they use the attacks to harass and divert the attention of IT security teams from cyber-attacks elsewhere on the network. For example, this attack on Google was carried out by a threat actor who assembled a botnet of more than 5,000 devices distributed across 132 countries.

Al Jazeera reported that Estonia repelled a wave of cyberattacks shortly after its government opted to remove Soviet monuments in a region with an ethnic Russian majority. According to government sources, the attack was the most extensive the country has faced in more than ten years and targeted both public and private organizations but was stopped, and hackers did not disrupt services.

Cyberwire reported a DDoS attack against Energoatom, the Ukrainian state operator of the country’s four nuclear power plants. Energoatom described the incident, which took place this week, as “powerful,” and that it was mounted from “the territory of the Russian Federation” and carried out by the Russian group Narodnaya Kiberarmya, the “popular cyber army,” a hacktivist front organization. Energoatom said the attack used 7.25 million bots and lasted about three hours.

According to Bleeping Computer, in September 2021, the Mēris botnet hammered Russian internet giant Yandex with an attack peaking at 21.8 million requests per second. Previously, the same botnet pushed 17.2 million RPS against a Cloudflare customer. And last November, Microsoft’s Azure DDoS protection platform mitigated a massive 3.47 terabits per second attack with a packet rate of 340 million packets per second.

To top it off, Hacker News reports that a new service called ‘Dark Utilities’ has already attracted 3,000 users for its ability to provide command-and-control (C2) services to commandeer compromised systems. The service offers remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems. Hacker News also reports that Dark Utilities emerged earlier this year, advertised as a “C2-as-a-Service” (C2aaS), offering access to infrastructure hosted on the clearnet and the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99 or $10USD.

In Case You Missed It

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter

In third-party ICSA Labs testing, Capture ATP with RTDMI™ once again correctly identified 100% of malicious samples — validating SonicWall’s position as an industry leader in threat prevention.

Cybercrime is on the rise — and it’s on the move. As we noted in the mid-year update to the 2022 SonicWall Cyber Threat Report, the first half of 2022 not only brought an increase in malware, but also year-to-date spikes in cryptojacking and IoT malware, which rose 30% and 77% respectively. Worst, there’s been a shift in targets, with attackers eschewing established hotspots in favor of areas that typically see much less cybercrime.

As geopolitical forces continue to shake up longstanding trends, the consistency and reliability that comes with third-party certification has never been more important. That’s why we’re proud to announce that SonicWall Capture Advanced Threat Protection (ATP) has received yet another 100% threat detection score during ICSA Labs Advanced Threat Defense certification for Q2 2022 — the sixth consecutive perfect threat detection score earned by SonicWall’s advanced security solution in a row, and the tenth consecutive ICSA Labs ATD certification for Capture ATP overall.

Capture ATP uses patented RTDMI™ (Real-Time Deep Memory Inspection) technology to catch more malware faster than traditional behavior-based sandboxing methods, with fewer false positives. The results of the most recent testing cycle are a testament to this effectiveness: Capture ATP detected 100% of new and little-known threats while issuing just a single false positive.

During 35 days of comprehensive and continuous evaluation, SonicWall Capture ATP was subjected to 1,060 total test runs, which included 448 malicious samples — 203 of them three hours old or less.

Not only did Capture ATP identify all these malicious samples, it had the lowest false-positive rate of any vendor with a perfect threat detection score. According to the report, “SonicWall Capture ATP was 100% effective during the Q2 2022 test cycle, detecting all of the new and little-known malicious threats in the test set.”

These results are just one sign of Capture ATP’s continuous improvement. This technology continually grows faster, more vigilant and more intelligent. According to SonicWall’s own data, each year Capture ATP with RTDMI has shown a substantial increase in threats identified: Since the introduction of RTDMI in early 2018 through June 2022, the number of new variants discovered have skyrocketed 2,079%.

Read the full ICSA Labs ATD certification report. Or learn about the range of other SonicWall products that have also received valuable third-party ICSA Labs certification.

What is ICSA Advanced Threat Defense?
Standard ICSA Labs Advanced Threat Defense (ATD) testing evaluates vendor solutions designed to detect new threats that traditional security products miss. In testing, ICSA delivers malicious threats with the primary threat vectors that lead to enterprise breaches according to Verizon’s Data Breach Investigations Report. The test cycles evaluate how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives.

Ten Cybersecurity Books for Your Late Summer Reading List

While you probably aren’t headed back to school this fall, that doesn’t mean it’s not a great time to hit the books.

August 9 is National Book Lovers Day. While there’s really no bad time for a good book, we know it’s often hard to find space in your schedule to stop and read. If this is you, we’ve put together ten compelling reasons to get back into the habit — including two that were released just this past year.

The Hacker and the State: Cyberattacks and The New Normal of Geopolitics
Ben Buchanan, 2020
In the recently released mid-year update to the 2022 SonicWall Cyber Threat Report, we outline the growing role the geopolitical environment plays in cybercrime and cybersecurity. In “The Hacker and the State: Cyberattacks and The New Normal of Geopolitics,” author Ben Buchanan explores how the world’s superpowers use cyberattacks in a relentless struggle for dominance.

Women Know Cyber: 100 Fascinating Females Fighting Cybercrime
Steve Morgan, 2019
Women are still underrepresented in cybersecurity, but their numbers — as well as their mark on the industry — is growing. This book outlines the contributions of 100 women from every corner of cybersecurity, including government digital forensics, corporate risk assessment, law and more, and argues that encouraging and recruiting women will be key to closing the cybersecurity skills gap.

American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road 
Nick Bilton, 2018
Detailing the saga of the notorious Dark Web destination for hacking tools, drugs, forged passports and more, “American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road” is endlessly compelling. It follows founder Ross Ulbricht on his journey from boy-next-door programmer, to head of a sprawling illegal empire, to fugitive and captive, and tracks the growth and legacy of the Silk Road.

The Wires of War: Technology and the Global Struggle for Power (Oct 12 2021)
Jacob Helberg, October 2021
There’s a high-stakes global cyberwar brewing between Western democracies and authoritarian regimes — and the latter have a major advantage. Author Jacob Helberg headed efforts to combat misinformation and foreign influence at Google from 2016 to 2020, and “The Wires of War” draws upon this experience to expose the various means used to destabilize nations. In it, he explains why we’re fighting enemies of freedom both over the information we receive and how we receive it, as well as what’s at stake if democratic nations lose this war.

Click Here to Kill Everybody: Security and Survival in a Hyperconnected World
Bruce Schneier, 2018
As we’ve detailed numerous times before, smart devices aren’t necessarily, well, smart. As the world increases its reliance on internet-connected devices, author Bruce Schneier argues, the risks from bad actors will continue to increase in tandem — and if cybersecurity measures don’t keep up, the results could be fatal.

This Is How They Tell Me The World Ends
Nicole Perlroth, 2021
For years, the U.S. government became a major collector of zero-days. But when that cache was compromised, these vulnerabilities fell into the hands of cybercriminals and hostile nations. In her book, “This Is How They Tell Me the World Ends,” author Nicole Perlroth gives a journalistic account of how these vulnerabilities could endanger our democracy, our infrastructure and our lives.

Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore
Joe Payne, Jadee Hanson, Mark Wojtasiak, 2020
While greater access and collaboration are necessary for modern organizations, they bring with them greater risk — not just from cybercriminals, but also from employees and business partners. “Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can’t Ignore” details the main types of insider risk, and provides ways to combat them without hampering productivity.

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
Kevin Mitnick, 2019
Kevin Mitnick was once the FBI’s most wanted hacker. In his recent book, “The Art of Invisibility,” he uses what he learned through years of successfully sneaking into networks to offer readers tips on how to be invisible in a world where privacy is a vanishing commodity: everything from smart Wi-Fi usage, password protection and more. While you may already be familiar with some of the guidance offered, Mitnik’s experience, as well as his account of how we got here in the first place, make this well worth a read.

The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity
Christian Espinoza, 2021
Having the best cybersecurity tools to protect your organization is only one piece of the puzzle. In “The Smartest Person in the Room,” cybersecurity expert Christian Espinosa outlines the extent to which your cybersecurity team impacts your ability to protect your organization — and offers ways to help upskill even your most intelligent employees.

Cybersecurity Is Everybody’s Business: Solve the Security Puzzle for Your Small Business and Home
Scott N. Schober, 2019
Not all cybersecurity professionals work in a SOC or safeguard huge enterprises — many work to defend millions of small organizations or home offices. If this is you (or someone you know), you know how challenging it can be to find cybersecurity information geared to your security environment. In his most recent book, “Hacked Again” author Scott Schober explains why small businesses are becoming cybercriminals’ biggest targets, and what they can do to protect against threats like identity theft, phishing and ransomware.

Happy Book Lovers Day, and happy reading!

Cybersecurity News & Trends

Top curated cybersecurity news and trends from leading news outlets and bloggers in the IT security industry.

No sooner than the mid-year update to the 2022 SonicWall Cyber Threat Report was published, news outlets were punching out dozens of articles citing its many surprising findings. The big hits came from Bloomberg and Financial Times, joined by articles by Axios and CoinDesk.

In Industry News, we found an excellent cross-section of stories you may have missed in the mainstream media. CyberNews reports that the Apple network traffic was somehow routed through Russia for about 12 hours. Dark Reading and Security Week reported on a data breach and possible ransomware event with OneTouchPoint. Dark Reading reports on a school-age kid who uploaded ransomware scripts to school repository as a “fun” project. From Krebs on Security, scammers send an Uber car to take an elderly woman to the bank – literally. Fortune reports that cybersecurity hiring remains red hot and that the industry will likely surpass $400 billion by 2027. And for our Big Read of the week, from Bleeping Computer, The Markup, Healthcare Innovation and Healthcare Dive: are US Internet users being targeted by ads relating to confidential medical conditions mentioned on Facebook?

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Weary Cybercriminals Turn to Cryptojacking Banks

InfoRisk Today, Threat Report Feature: That group, AstraLocker, may well not be alone, says threat intelligence firm SonicWall. The company reports detecting 66.7 million cryptojacking attacks during the first half of 2020, a 30% year-on-year increase. Ransomware attempts during that period dropped 23%, the company says.

The Four Cybersecurity Lessons to Teach Schools

FE News, Immanuel Chavoya Byline: With schools out for summer, the education sector can’t quite switch off yet. Several high-profile cyber attacks have put education systems on edge. The Kellogg Community College cyberattack in Michigan, which severely disrupted IT services, cancelling classes and exams in the process, shows there is still much to be done to protect the education sector.

SonicWall – Global Ransomware Volume Shrinks

MSSP Alert, Threat Report Feature: How pervasive is ransomware? Consider this: While digital hijackings declined by 23% worldwide, the mid-year 2022 volume still exceeds full year totals for 2017, 2018 and 2019, according to data compiled by SonicWall in the latest release of its 2022 Cyber Threat Report.

Ransomware Gangs Are Hitting Roadblocks, But Aren’t Stopping (Yet)

HelpNetSecurity, SonicWall Threat Report: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: “It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.”

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

‘Cryptojacking’ Attacks on Financial Firms Surge, Report Says

Bloomberg, SonicWall News: The number of so-called cryptojacking attacks on financial companies more than tripled in the first half from a year earlier, SonicWall said in a report published Tuesday. The overall number of such events rose 30% to 66.7 million, the report found.”

Ransomware Less Popular This Year, But Malware Up: SonicWall Cyber Threat Report

The Register, SonicWall News: “SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022. The decline in ransomware, down 23 percent worldwide but up 63 percent in Europe, is a welcome blip, even if the volume still exceeds the full year totals of 2017, 2018 and 2019. Sadly, it looks like the relief might be short lived.

No More Ransom Initiative Helps 1.5 million People in Six Years

ComputerWeekly, SonicWall News: SonicWall, which also has a half-yearly threat report out this week, said that June 2022 saw the lowest monthly ransomware volumes worldwide in two years, attributable to a combination of government sanctions, supply chain deficiencies, cratering cryptocurrency prices and limited availability of needed infrastructure making life much harder for ransomware gangs.

Geopolitical Strife Impacting Shift in Ransomware Attacks – SonicWall

Insurance Times, SonicWall News: Geopolitical strife and the associated cyber arms race has caused a shift in global ransomware volumes, according to new research by American cyber security company SonicWall published today.

Hackers Are Targeting Businesses With ‘Cryptojacking’ Schemes, Report Finds

Consumer Affairs, SonicWall News: A new report from SonicWall shows that cybercriminals have increasingly been trying to break into the computer systems of financial institutions to install ransomware and mine for cryptocurrency.

‘Cryptojacking’ in Financial Sector Has Risen 269% This Year, SonicWall Says

CoinDesk, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to a report by cybersecurity firm SonicWall.

Industry News

Apple Network Traffic Went Through Russia for 12 Hours

CyberNews: Internet traffic of some Apple users ran through Russia for 12 hours last week, according to an analysis conducted by an internet routing agency known as MANRS. The traffic was redirected to the main Russian digital services provider, Rostelecom. Was this a conspiracy? Was it a tactic in the Russia-Ukraine cyber war? Commentators at the SANS Institute, an IT training provider, say we shouldn’t ascribe malice to something that a simple typo could explain. They also say the incident is another reason why everyone should use end-to-end encryption for all communications. MANRS also says it shows why Apple and other network providers should use Route Origin Authorizations to ensure internet traffic goes where it’s supposed to go.

OneTouchPoint, Inc. Notifies Customers of Data Privacy “Event

Dark Reading: A U.S.-based marketing platform, OneTouchPoint, used by many health insurers and medical providers, posted a notification that it suffered a cyber attack in April that encrypted some files. While Dark Reading avoided calling it a ransomware attack, Security Week decided that they knew enough to classify it as such. OneTouchPoint can’t say exactly what the hacker accessed personal data, but it could include a patient’s name and health assessment information. Thirty-five organizations, including Blue Cross insurance providers in several states, the Humana health insurance company and the Kaiser Permanente healthcare provider, have been notified.

School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project

Dark Reading: A school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories. The young hacker recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment. The packages were named “requesys,” “requesrs,” and “requesr,” which are all common typosquats of “requests” — a legitimate and widely used HTTP library for Python.

According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times — presumably by developers who made typographical errors when attempting to download the actual “requests” package. The package had scripts for traversing folders such as Documents, Downloads, and Pictures on Windows systems and encrypting them.

One version of the requesys package contained the encryption and decryption code in plaintext Python. But a subsequent version had a Base64-obfuscated executable that made analysis a little more complicated, according to Sonatype.

Scammers Sent Uber to Take an Elderly Lady to the Bank – Literally

Krebs on Security: Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking on a trip to the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.

The victim reportedly replied to an email regarding an appliance installation from BestBuy/GeekSquad. Apparently, the email coincided as the victim was waiting for appliance delivery.

The abuse of ride-sharing services to scam the elderly is not exactly new. Authorities in Tampa, Fla., say they’re investigating an incident from December 2021 where fraudsters who’d stolen $700,000 from elderly grandparents used Uber rides to pick up bundles of cash from their victims.

Cybersecurity Hiring Remains Red-Hot—The Industry to Surpass $400 Billion Market Size By 2027

Fortune: In 2017, the global cybersecurity industry had an approximate market size of $86.4 billion, according to research data from Gartner. But a decade later, the market is expected to grow by nearly 80%. By 2027, market research company BrandEssence expects the global cybersecurity market to reach $403 billion, with a compound annual growth rate of 12.5% between 2020 and 2027.

Why is the cybersecurity industry growing so much? Simply put, there are more cyber attacks happening each year (see: Mid-year update to the 2022 SonicWall Cyber Threat Report)

For that reason, adequate cybersecurity measures are becoming necessary for companies of all shapes and sizes. In addition, new technology is multiplying; however, artificial intelligence and machine learning are just starting to awaken, with only a few showing promise with good third-party test results.

With massive industry growth comes the need for more trained cybersecurity professionals. But the industry in the US is short-staffed, which has to do with the fact that there simply aren’t enough people trained and qualified to work on some of these complex systems. In the US, there are about 1 million cybersecurity workers. Still, there were around 715,000 jobs yet to be filled as of November 2021, according to Emsi Burning Glass, a market research company. Furthermore, according to Cybersecurity Ventures, the number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million.

As a result, the market for advanced cybersecurity technologies could end up being more significant than the projected target of $400 billion by 2027. One commenter in the story noted that we’re in the eye of the storm for the rapid and exponential growth of all the tech industries.

BIG READ: Are US Internet Users Targeted by Ads Relating To Confidential Medical Conditions?

Multiple Sources: First, some background. This story has threads going back several years, but it seems something happened. More and more internet users in the US are upset that they’re getting targeted ads relating to their confidential medical conditions. And they’re blaming Facebook parent Meta.

According to BleepingComputer, an individual filed a class action lawsuit last month against Meta and two California medical institutions. The suit alleges that the plaintiff’s health information had been captured from hospital websites in violation of federal and state laws by Meta’s “Pixel” tracking tool that can be injected into any website to aid visitor profiling, data collection, and targeted advertising. The software takes up the space of a single pixel, hence the name and stealthiness, and helps collect data such as button clicks, scrolling patterns, data entered in forms, IP addresses, and more. This data collection takes place for all users, even if they don’t have a Facebook account. However, the collected data for Facebook users is linked to their accounts for better correlation.

The Markup conducted an extensive background on Meta Pixel activity and found Meta Pixel in 30% of the top 80,000 most popular websites, including several anti-abortion clinics and other healthcare providers. In one instance, they found the app’s fingerprints on the websites of hundreds of anti-abortion clinics in the form of cookies, keyloggers, and other types of user-tracking technology. They also analyzed nearly 2,500 crisis pregnancy centers and found that at least 294 of them shared visitor information with Facebook. In many cases, the information was extremely sensitive—for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

Healthcare Innovation reported that if the lawsuit is successful, damages may be payable to any patient whose PII and PHI data was scraped by Meta Pixel. The crux of the suit (and any future decisions) will ascertain if Facebook’s parent company Meta and several US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits claim.

HealthcareDive.com pointed out that in 2017 another class action lawsuit against Facebook for allegedly collecting and using health data for targeted ads without people’s permission was dismissed. However, that decision is being appealed.

In Case You Missed It

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

Cybersecurity News & Trends

Bringing you curated cybersecurity news and trends from leading news outlets and bloggers that monitor IT security worldwide.

The Mid-Year Update to the 2022 SonicWall Cyber Threat Report was released and ink was flying off the presses. Among the highlights were stories by the Financial Times, Axios and CoinDesk. We also got excellent coverage in Dubai and India.

Industry News is always extremely active. Tech Radar revealed that hackers are hijacking Microsoft servers to boost their proxies. According to The Verge, Microsoft is blocking macros on one of their older mainstay products by default. Hacker News reports that critical Atlassian Confluence vulnerability is under active exploitation. According to Bank Info Security, phishing-as-a-service just turned into a cut-rate business deal. Tech Republic says new variants of “infostealer malware” target Facebook-LinkedIn business accounts to harvest sensitive data. CRN and Bleeping Computer suspect there’s more going on with the Entrust data breach than has been released. And finally, for our Big Read from Dark ReadingHacker News and Bleeping Computer, we are witnessing the rise of the container attacks.

Stay cautious. And remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

What Is Cryptojacking, The Cyber Attack Carried Out by Crypto Miners?

IndianExpress, SonicWall News: ‘Cryptojacking’ attacks on computer systems have gone up by 30% to 66.7 million in the first half of 2022 compared to the first half of last year, according to a report by SonicWall, a US-based cybersecurity firm. “While volume increases were widespread, some business sectors were hit harder than others, such as the finance industry, which saw a rise of 269%,” the report said.

Record Number Of ‘Never-Before-Seen’ Malware Variants Discovered

IPT-Net (Dubai), SonicWall News: SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI) technology identified 270,228 never-before-seen malware variants during the first half of 2022 — a 45% increase year-to-date. The first quarter of 2022 marked a record-high in never-before-seen malware discoveries (147,851), with March 2022 being the most ever on record (59,259).

A Seismic Shift in Cyber Arms Race

MenaFN (Dubai), SonicWall News: SonicWall, publisher of the world’s most quoted ransomware threat intelligence, today released the mid-year update to the 2022 SonicWall Cyber Threat Report. The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

IoT Malware Attack Volume Up 123% in Healthcare

Health IT Security, Threat Report: SonicWall’s newly released mid-year report saw a global decrease in traditional ransomware attacks, but researchers also observed a 123% increase in IoT malware attack volume in healthcare. “Cybercrime has been a global phenomenon for decades,” Bill Conner, president and CEO of SonicWall, stated in the report.

“But with geopolitical forces accelerating the reconfiguration of the world’s cyber frontlines, the true danger presented by threat actors is coming to the fore — particularly among those that once saw the smallest share of attacks.”

India’s Malware Hits Are Up By 34%, 2nd Highest Globally

The Hans India, SonicWall News, Bill Conner quoted: The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity. “In the cyber arms race, cybersecurity and geopolitics have always been inseparably linked, and in the last six months we have seen that play out across the cyber landscape,” said SonicWall President and CEO Bill Conner.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

Everything You Need to Know About Crypto-Jacking as It Surges to Record High

Proactive Investors, SonicWall News: Global crypto-jacking volumes rose by US$66.7mln, compared with the first half of 2021, to its highest level on record, according to American cybersecurity company SonicWall.

Ransomware Attacks Decline Amid Crypto Downturn

Axios, Immanuel Chavoya Quote: For ransomware, we’re seeing correlation that’s in line with crypto markets,” said Immanuel Chavoya, threat detection and response strategist at SonicWall, tells Axios. “Someone has changed the locks on your house, and you have to pay a fee to get back in,” he said, describing a typical ransomware attack.

Cryptojacking On the Rise Despite Market Slump

Cryptopolitan, SonicWall News: Over the years, cryptojacking has been used as one of the few methods to mine illegal crypto from unsuspecting users. This is because the hackers chance upon back door access via hacking the computer to mine crypto. However, in the last few months, reports have claimed that cryptojacking has skyrocketed to new highs. In a new report that SonicWall uploaded, crimes associated with cryptojacking worldwide have touched $66.7 million in the first half of this year.

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

Industry News

Hackers are Hijacking Microsoft Servers to Boost Proxies

TechRadar: Hackers are installing malware on Microsoft SQL servers to monetize the endpoints’ bandwidth. Findings from Ahnlab and researchers at the South Korean firm ASEC, this type of malware, called proxyware, allows the hacker to not re-sell the bandwidth to other people but also access the victim’s email account. In addition, hackers can install another strain on vulnerable Microsoft SQL servers where threat actors can use it to steal corporate data. IT departments are being advised to find ways to verify legitimate processes are using all their bandwidth. Individuals tempted to earn money from installing proxyware on their systems are also being cautioned that they risk being abused by cybergangs and freelancers.

Microsoft Office Is Blocking Macros by Default

The Verge: There’s been a bit of back and forth since Microsoft made the original announcement. Still, this week they made it clear with an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents. The company had temporarily stopped the security precaution to prevent infected macros from automatically running. Now the new default setting is rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and it’s blocked. The move applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site admins have marked as safe. And as of now, Microsoft isn’t changing anything on other platforms like Mac, Office on Android / iOS, or Office on the web.

Critical Atlassian Confluence Vulnerability Under Active Exploitation

Hacker News: Atlassian, which makes the Confluence team collaboration suite, issued warnings to customers that there’s a significant vulnerability in the ‘Questions For Confluence’ app. However, not all companies use this capability. Readers can find details of the vulnerability here: CVE-2022-26138, and concerns the use of a hard-coded password in the app that a remote, unauthenticated attacker could exploit to gain unrestricted access to all pages in Confluence. In layperson’s language, companies migrating data to the Confluence Cloud create an account that includes a hardcoded password to the users’ group. The process also reveals where to find the password to view and edit non-restricted messages.

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Bank Info Security: A rising cybercrime syndicate has decided it’s easier to sell phishing kits than teach other cybercriminals to hook victims themselves, charging as little as $50 a month for a simple campaign. Calling themselves “Robin Banks,” – the novel phishing-as-a-service platform targets financial institutions in Canada, the U.S., the U.K. and Australia. Researchers at IronNet say the site not only has email and text phishing kits aimed at Bank of America, CapitalOne, Citibank, Lloyds Bank and Wells Fargo, but it also has templates customers can use to phish and steal Google, Microsoft, T-Mobile and Netflix users passwords. One example of a scam is a text message sent to people purporting to be from a bank alleging unusual activity on their debit card. Victims are asked to click on a link to very their identity. Hackers can sign up for the service for around $200 a month.

Infostealer Malware Targets Facebook Business Accounts to Capture Sensitive Data

TechRepublic: Facebook is often in the crosshairs of malware campaigns. A new attack analyzed by cybersecurity provider WithSecure Intelligence targets Facebook business users with the intent of stealing their sensitive data and taking over their accounts. Organizations that use Facebook’s Ads and Business platforms are being cautioned, according to researchers at WithSecure. The report says the hackers are targeting and phishing employees on LinkedIn who likely have high-level access to their company’s Facebook Business account. Those employees are tricked into downloading malware, which the hackers use to get into Facebook Business accounts. Victims may have managerial, digital marketing and HR titles. Employees need to be cautious about clicking attachments in LinkedIn messages. In addition, administrators need to watch their Facebook Business accounts closely for suspicious downloading activity.

Hackers Stole ‘Some Files’ During Recent Data Breach

CRN: Security vendor Entrust is confirming that hackers breached its network last month, accessing its systems used for internal operations and stealing some files. Minneapolis-based Entrust, which describes itself as a global leader in identities, payments, and data protection, was conspicuously quiet on Tuesday about what exactly was stolen during the June 18 breach. Entrust customers, which include governments and businesses, were told earlier this month. However, it isn’t known if only Entrust corporate data was stolen or if customer data was also involved in the data breach.

In a startling revelation for the Entrust breach, Bleeping Computer claims that a well-known ransomware gang is behind the attack and that they purchased compromised Entrust credentials and used them to breach their internal network. If Entrust does not pay the ransom demand, we will likely learn what ransomware operation was behind the attack and other details when the hackers publish the stolen data.

BIG READ: Rise of the Container Attacks

Multiple Sources: Dark Reading reports that hackers have sharply reduced the use of one of their favorite malware distribution tactics following Microsoft’s decision earlier this year to disable Office macros in documents downloaded from the internet. However, container files have risen to help cyber attackers get around the issue. This pivot is clear: In the months since Microsoft’s Oct. 21 announcement that it would disable macros by default, there’s been a 66% decline in threat actor use of VBA and XL4 macros, according to Proofpoint.

As proof of the emerging tactic, Hacker News notes a flurry of previously unknown variants of the Qakbot malware that appears to be a Microsoft write file but can also appear with multiple URLs as well as unknown file extensions (ex: OCX, ooccxx, dat, gyp) to deliver the payload. Other methods adopted by the group include code obfuscation and introducing new layers in the attack chain from initial compromise to execution. The package can also go under several other names, including QBot, QuackBot, or Pinkslipbot. The core has been a recurring threat since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads.

Bleeping Computer says the QakBot series and its variants have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software. When the executable is launched, it will find the malicious version with the same name in the same folder, loading that instead and infecting the computer. Victims fooled into clicking on an infected attachment will download a password-protected zip file that appears to be an Acrobat PDF document. Hackers provide the victim with passwords to view the file. When clicked, the package delivers the malware.

We’re constantly reminding managers and employees about the dangers of clicking unexpected attachments and email links (add social media). There are tools out there now that can easily spot these kinds of attacks.

In Case You Missed It

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner

SonicWall’s mid-year update to its 2022 SonicWall Cyber Threat Report is creating some serious buzz – especially when it comes to cryptocurrency. The data reveals that global cryptojacking volumes increased by 66.7 million hits in the first half of 2022 – representing a 30% increase when compared to its 2021 levels over the same period.

In cryptojacking attacks, criminals use malware to gain access to computer networks. They then use the system’s computing power to mine cryptocurrencies like Bitcoin — a process that typically requires investing in costly state-of-the-art equipment and consumes vast amounts of electricity. The victim is often unaware of the intrusion.

Today, SonicWall CEO and President Bill Conner was interviewed by Coin Desk TV to discuss the meteoric rise of this criminal act.

“We are seeing a major shift as cybercriminals are using cryptojacking as a means to an end,” explained Conner. “Bad guys are getting into servers, computers, and laptops to take over the compute engine and run in the background to mine for crypto. The financial sector has been hit the hardest over the last six months, and I don’t anticipate that to slow down any time soon.”

Cryptojacking cases across the financial sector rose 269% in the first half of 2022 – that’s five times higher than attacks on retail. SonicWall registered record growth in total cryptojacking volume but unevenly distributed across 2022. In January this year, the metric stood at 18.4 million hits, a new all-time high surpassing previous record levels, taking the total Q1 attacks to 45.1 million.

As criminals continue to have success leveraging compute power to mine for crypto currency, you can expect the problem to increase.

“I think as the economy gets a little shaky, you will see cryptojacking and other malicious cyber activities increase – especially the second half of the year,” said Conner. “It’s really important to segment your networks to protect your data and valuable business assets.”

To learn more about the trends of cryptojacking, ransomware, malware and other cyber threats download the mid-year update to the 2022 SonicWall Cyber Threat Report now.

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines

The mid-year update to the 2022 SonicWall Cyber Threat Report reveals changing trends and shifts in global cybercrime hotspots.

Cybersecurity and geopolitics have always been inseparably linked, and in the past six months we’ve seen this increasingly play out across the threat landscape. Based on data from the mid-year update to the 2022 SonicWall Cyber Threat Report, the United States, the U.K. and other cybercrime hotspots are seeing decreases in cybercriminal activity, while many less-affected regions are seeing an uptick in threats.

“The international threat landscape is now seeing an active migration that is profoundly changing the challenges not only in Europe, but the United States as well,” said SonicWall expert on emerging threats Immanuel Chavoya. “Cybercriminals are working harder than ever to be ahead of the cybersecurity industry, and unlike many of the businesses they target, threat actors often have no shortage of skills, motivation, expertise and funding within their organizations.”

But it isn’t only the targets that are changing in the first half of 2022 — it’s the trends as well. Malware and ransomware have both reversed course, and for the first time in years we’re seeing increases in malware and decreases in ransomware. The threat data also revealed accelerations in certain trends, such as the spikes we’re seeing in IoT malware and other threat types. Here are some of the highlights:

Malware Makes a Comeback

After trending downward for several quarters, malware rose 11% worldwide during the first half of 2022. While a drop in ransomware helped temper this increase, a rise in cryptojacking and skyrocketing rates of IoT malware were more than enough to propel a double-digit increase.

Very few cyberthreat trends apply uniformly across the board, and the rise in malware is no exception. But the fact that places that usually see a lot of malware — such as the U.S., the U.K. and Germany — all saw decreases suggest that these global hotspots may be beginning to shift.

Ransomware Falls by Nearly a Quarter

Ransomware has risen dramatically over the past two years, but in the first half of 2022, global attack volume fell 23%. This long-awaited reversal seems largely a result of geopolitical factors, as ransomware groups in Russia struggle to keep up their previous pace amid the ongoing conflict with Ukraine.

Unfortunately, based on larger ongoing global trends, this reprieve isn’t expected to last.

“As bad actors diversify their tactics, and look to expand their attack vectors, we expect global ransomware volume to climb — not only in the next six months, but in the years to come,” said SonicWall President and CEO Bill Conner. “With so much turmoil in the geopolitical landscape, cybercrime is increasingly becoming more sophisticated and varying in the threats, tools, targets and locations.”

Ransomware is also shifting, however, resulting in some areas recording significantly different outcomes than usual. North America, which typically sees the bulk of ransomware attacks, experienced a 42% decrease in attack volume, while Europe recorded a 63% increase.

RTDMI Detections Rise Dramatically

In the first six months of 2022, SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) identified 270,228 never-before-seen malware variants — a 45% increase over the same period in 2021.

Included with the Capture Advanced Threat Protection sandbox service, this technology leverages machine learning to become highly effective at identifying new and advanced threats, and it continues to get better each year: Since it was introduced in early 2018, the number of new variants discovered by RTDMI has risen 2,079%.

IoT Malware Up 77%

With more IoT devices coming online than ever, it’s no surprise that opportunistic cybercriminals are increasingly flocking to IoT malware attacks. Since the beginning of the year, IoT malware volume has risen 77% to 57 million — more than at any point since SonicWall began tracking these attacks, and nearly as many as were recorded for the entire year of 2021.

Encrypted Threats Show Triple-Digit Increase

In the first half of 2022, encrypted threats spiked 132% over the same time period last year. This was based on an unusually high number of attacks in Q2 — attack volume rose so high in May that it became the second-highest month for encrypted threat volume SonicWall had ever seen.

Cybersecurity News & Trends

Curated cybersecurity news and trends from leading news outlets that monitor IT security and safety around the world.

SonicWall continues to move headlines with industry publications and general news outlets. More quotes from SonicWall’s President and CEO, Bill Conner and mentions from SonicWall’s ongoing threat reports.

The industry’s big hits this week mainly were focused on ransomware activity. From Dark Reading, CloudMensis emerged as a previously unknown macOS spyware that exfiltrates documents, keystrokes, and screen captures, among other things. Bleeping Computer reports that the Black Basta ransomware gang targeted the giant construction corporation Knauf Group. From the gamer publication Destructoid, Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. Threat Post reports on the unusual hiring practices of the hacking group AIG. From Hacker News, Evilnum malware is being deployed to target cryptocurrency and commodities platforms. And from a gamer fan magazine, Kotaku, someone hacked the NeoPets platform, stole data for 69 million accounts and is selling it for Bitcoin.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication Of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

French MVNO Left Crippled by Ransomware Attack

Total Telecom, SonicWall News: The scale and severity of ransomware attacks in the telecoms industry and beyond has been rising steadily in recent years, with SonicWall recording 495 million ransomware incidents globally in 2021, a 148% increase on 2020.

Best VPN services for SMBs

TechRepublic, SonicWall News: While hardware platforms — including equipment fromCisco, Fortinet and SonicWall — are often used, software-only VPN services are growing in popularity due to their simplicity, flexibility and capacity to provide protection when users connect to third-party applications and resources outside the organization’s network. Here’s how five leading VPN services for SMBs stack up.

Cyber Defense: Bill Conner of SonicWall on the 5 Things Every American Business Leader Should Do to Shield Themselves from A Cyberattack

Authority Magazine, Bill Conner Q&A: As a part of this series, I had the pleasure of interviewing Bill Conner, President and CEO of SonicWall, one of the world’s most trusted network security companies. With a career spanning more than 30 years across high-tech industries — previously leading key divisions of AT&T and managing Nortel’s $9 billion acquisition of Bay Networks and CEO of Entrust — Bill Conner is a corporate turnaround expert and global leader in cybersecurity, data protection and network infrastructure.

Marriott Hotels Super Another Data Breach

Intelligent CIO, SonicWall Mention: Bill Conner, CEO and President at SonicWall, also a GCHQ and NCSC advisor, has stated the criticality of this trend: “The recent breach of Marriott International is a stark example of the tireless work cybercriminals undertake to steal personal information. Not only does the Marriott breach damage brand reputation, but it also puts customers in a vulnerable position when sensitive information is comprised like passport numbers, credit card details and more.”

34 top UK Vendor Leaders Outline Channel Priorities

CRN UK, SonicWall Mention: While ConnectWise (2,500), Cisco (2,000), Fujitsu (1,500), Adobe (1,400) and SonicWall (1,200) all work with over 1,000 UK partners, others have narrower UK channels, with Check Point, F5 Networks and Mitel all working with 400 or fewer partners.

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack in History’

The Independent, Bill Conner Quote: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

Industry News

Cloud-Enabled macOS Spyware Blows onto the Scene

Dark Reading: A previously unknown macOS spyware has surfaced in a highly targeted campaign, which exfiltrates documents, keystrokes, screen captures, and more from Apple machines. Interestingly, it exclusively uses public cloud-storage services for housing payloads and command-and-control (C2) communications — an unusual design choice that makes it difficult to trace and analyze the threat.

Dubbed CloudMensis by the researchers at ESET who discovered it, the backdoor was developed in Objective-C. ESET’s analysis of the malware released this week shows that the cyberattackers behind the campaign gain code execution and privilege escalation using known vulnerabilities after the initial compromise. Then, they install a first-stage loader component that retrieves the actual spyware payload from a cloud storage provider. In the sample the firm analyzed, pCloud was used to store and deliver the second stage, but the malware also supports Dropbox and Yandex as cloud repositories.

Building Materials Giant Knauf Hit by Black Basta Ransomware Gang

Bleeping Computer: The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

The cyberattack took place on the night of June 29, and at the time of writing this, Knauf is still in forensic investigation, incident response, and remediation. Emails seen by BleepingComputer warned that email systems were shut down as part of the response to the attack, but that mobile phones and Microsoft Teams were still working for communication.

Knauf is a German-based multinational building and construction materials producer that holds approximately 81% of the world’s wallboard market. The firm operates 150 production sites worldwide and owns U.S.-based Knauf Insulation and USG Corporation. Notably, Knauf Insulation has also posted a notice about the cyberattack on its site, so that entity has been impacted too.

Bandai Namco Data Leaked Following Alleged Ransomware Attack

Destructoid: Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. It is suspected that the developer/publisher behind brands such as Tekken, Elden Ring, Dragon Ball FighterZ, and Soulcalibur has had data about its future releases, DLC, and reveals leaked online in the wake of the attack. Malware source code monitors VX-underground discovered and reported the news.

While some of the information has surfaced online this morning, the full extent of the data obtained by the hacking group is unknown. It could contain the personal details of company employees, as well as source code for the company’s current and upcoming releases and potentially data about the users of Bandai Namco games. As for supposed leaked games, don’t believe everything you see floating around.

This attack is the latest in a series of massive data thefts that, in recent years, have ransacked the digital vaults of various big-name video game companies such as Capcom, EA, and, perhaps most famously, CD Projekt RED, the latter of which lead to the release of the entire source code of smash hit Cyberpunk 2077.

Hackers for Hire: Adversaries Employ’ Cyber Mercenaries’

Threat Post: A for-hire cybercriminal group is feeling the talent drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks as part of more extensive criminal campaigns.

Known as Atlas Intelligence Group (AIG) or Atlantis Cyber-Army, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its campaigns. AIG functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services.

According to the report, AIG is unique in its outsourcing approach to committing cybercrimes. Organized threat groups tend to recruit individuals with specific capabilities that they can reuse and incent them with profit sharing. For example, RasS (ransomware-as-a-service) campaigns can involve multiple threat actors who get a cut of stolen funds or digital assets. What makes AIG different is it outsources specific aspects of an attack to mercenaries who have no further involvement in an attack.

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

Hacker News: The advanced persistent threat (APT) actor tracked as Evilnum is again exhibiting renewed activity aimed at European financial and investment entities.

Evilnum is a backdoor that can be used for data theft or to load additional payloads. Malware includes multiple components to evade detection and modify infection paths based on identified antivirus software.

Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks is said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the UK.

Neopets Hacker Steals 69 Million Accounts, Tries To Sell Them For Bitcoin

Kotaku: A rogue hacker has reportedly stolen over 69 million Neopets accounts and is currently attempting to sell the information for roughly $92,000 in bitcoin. Neopets is a long-running virtual pet website where users can dress up their pets, play minigames, participate in a virtual economy, and socialize with other community members. While Neopets has existed since 1999, the website still has nearly 4 million visitors per month as of April this year.

The community fansite Jellyneo reported that the hacker could obtain “the complete data and source code” of the website, which means that all accounts’ emails and passwords are potentially compromised. Jellyneo claimed that email addresses, passwords, gender, IP addresses, countries, and birthdays were being sold on a “hacker website” for four bitcoin (about $92,072 based on current values). Although bitcoin is traceable, hackers prefer to use it for criminal activities because wallets don’t require identifying information and law enforcement can’t freeze the accounts. However, it was reported that Neopets is working with a forensics firm and law enforcement to investigate the breach.

In Case You Missed It

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

2022 CRN Rising Female Star

CRN Names Danielle Dacey of SonicWall as a Rising Female Star

SonicWall is thrilled to announce that CRN, a brand of The Channel Company, has chosen Danielle Dacey, Senior Sales Manager, for its 2022 Rising Female Stars list. This annual list honors 100 up-and-coming, dedicated, driven women who are leaving their mark and making a difference for solution providers throughout the IT channel.

Featuring a powerhouse list of nominees, hand-selected by the CRN editorial team based in large part on the recommendations from channel chiefs and other channel management executives across the industry, this third annual list of Rising Female Stars represents extraordinary women who are working hard to help their channel partners find success. These IT channel standouts demonstrate an aptitude for growing their respective channel partner programs and initiatives through a variety of disciplines, including marketing, channel program management and partner engagement, to name a few.

“CRN’s 2022 Rising Female Stars list highlights the women poised to become tomorrow’s channel leaders and luminaries who consistently demonstrate dedication to IT channel innovation and excellence. All of these women are helping to create a brighter future for the IT industry,” said Blaine Raddon, CEO of The Channel Company. “On behalf of The Channel Company and CRN, I want to congratulate all of the honorees. The change these rising leaders are helping to enact today will define the IT channel for many years to come.”

Image of Danielle Dacey

“Danielle is an incredible colleague, a hard worker and has an outstanding business acumen,” said Matt Brennan, Vice President, North America Channel Sales at SonicWall. “She’s respected by her colleagues and easy to work with and is an asset to the entire SonicWALL team. We’re pleased and proud that CRN has chosen to include her on its annual list of rising female stars.”

The 2022 list of Rising Female Stars will be featured online at www.CRN.com/risingstars starting July 25 and in a special July issue of CRN Magazine.

This award marks yet another earned by SonicWall who has been included in the following CRN 2022 Awards: Channel Chiefs, Women of the Channel, Security 100 and a 5-Star Rating Program Guide.

Cybersecurity News & Trends

Cybersecurity news and trends curated from major news outlets, trade pubs and infosec bloggers.

SonicWall had an excellent news week. The highlight was a report by BBC on over-qualified workers struggling to find jobs, with a quote from Terry Greer-King, SonicWall vice-president for EMEA operations. There were also articles quoting Bill Conner, bylined articles by Immanuel Chavoya, articles citing the 2022 Cyber Threat Report, plus US Representative Elissa Slotkin, from Michigan, who mentioned SonicWall threat data.

Industry news was also very busy. We found a report from ZDNet about crooks using deepfakes to apply for remote work tech jobs. From Bleeping Computer, an alert about the PwnKit exploit on Linux. There was a fascinating report from New York Times about how North Korea used stolen cryptocurrency to keep the country afloat. We have a consolidated report from Dark ReadingWAFB News and Health IT Security on cyberattacks on US healthcare organizations. ZDNet (again) reported on the UK government warning businesses that paying ransoms will not keep their data safe. From HackerNews, Google blocks dozens of malicious domains operated by hack-for-hire groups. And finally, from The Star, the massive AMD breach was aided by “terrible passwords” used by employees.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Here Today, gone to Maui: That’s Your Data Captured By North Korean Ransomware

The Register, Threat Report Mention: “According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.”

Over-Qualified Workers Struggling to Find a Job

BBC, Terry Greer-King Quoted: “They move towards the peak of a pyramid,” explains Terry Greer-King, vice-president of EMEA at cybersecurity firm SonicWall. “As employees gain greater experience, there’s less breadth in terms of opportunities: trying something different would require scaling back down the pyramid.”

Staying Protected Amidst the Cyber Weapons Arms Race

Information Age, Immanuel Chavoya Byline: “Immanuel Chavoya, emerging threat detection expert at SonicWall, discusses how businesses can stay protected against customizable ransomware and the wider cyber weapons arms race.”

Ransomware Gangs Are Turning to Cryptojacking For A Quieter Life

TechMonitor, Terry Greer-King Quoted: “The toolkits from big RaaS gangs such as REvil are becoming much cheaper and easier to use, agrees Terry Greer-King, vice president for EMEA at SonicWall. “Only a few years ago, they needed to write their own malicious code. Now, anyone with bad intentions can buy a ransomware kit for as little as $50 on the dark web,” he says.”

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack In History’

The Independent, Bill Conner Quoted: ““Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent. Personal information that does not change as easily as a credit card or bank account number drives a high price on the dark web. This kind of personally identifiable information is highly sought after by cybercriminals for monetary gain. Companies should be implementing security best practices such as a layered approach to protection, as well as proactively updating any out-of-date security devices, as a matter of course.”

Cloud Security Best Practices: A Summer School District To-Do List

Security Boulevard, Threat Report Mention: “According to research from SonicWall, cyber threats of nearly all types are increasing at breakneck speed. Ransomware, for example, has increased 232% since 2019. With the rate of attack accelerating, it’s only logical that school districts close their data protection gap and identify an adequate cloud platform.”

Russian Hackers Claim Responsibility for Ongoing Lithuania Cyberattacks

Silicon Republic, Bill Conner Quoted: “Speaking about the latest cyberattacks on Lithuania, Bill Conner, CEO of cybersecurity firm SonicWall, said threat actors have gotten more efficient in their attacks. He added that these groups are leveraging cloud tools to reduce costs and expand their scope in targeting additional attack vectors. “We are dealing with an escalating arms race,” Conner said. “It’s a cyber arms race that will likely never slow, so we can never slow in our efforts to protect organizations. The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations. There’s better cooperation between the public and private sectors, and greater transparency in many areas.”

CISA Reiterates Two-Year Timeline to Implement Breach-Reporting Rules

SC Magazine, US Representative cites threat report: “Rep. Elissa Slotkin, D-Mich., chair of the Homeland Subcommittee on Intelligence and Counterterrorism, cited research from private cybersecurity company SonicWall claiming a 98% increase in observed ransomware attacks over the past year, while she also noted “we heard from [Michigan] state officials …that ransomware attacks have doubled since last year.”

Lethal Drinking Water, Runs on Banks And Panic Buying: What A Real Undeclared War Cyber Attack Could Mean

iNews, Bill Conner Quoted: “Bill Conner, who has advised GCHQ, Interpol and Nato on cyber security and is president and CEO of SonicWall, told: “When you look at what’s happened here in the States, like Colonial Pipeline, our water system, our electrical grids – even though our electrical grids are very different than the UK – they’re still very vulnerable. Our healthcare systems are vulnerable.”

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

Industry News

FBI Warns: Crooks Use Deepfakes for Remote Tech Jobs

ZDNet: According to the FBI, scammers and criminals use deepfakes to steal personally identifiable information when they apply for remote jobs. Deepfakes, synthetic audio, video and image content created using AI or machine-learning technology have been a concern for phishing threats for many years.

The FBI’s Internet Crime Complaint Center (IC3) says they have seen increased complaints about deepfakes and stolen personally identifiable information used to apply for remote roles in tech. Some offices are asking employees to return to work. Information technology is one job category that has seen a lot of remote work. Reports to IC3 primarily concern remote vacancies in information technology programming, database, or software-related job function functions.

The FBI highlights the dangers of an organization hiring fraudulent applicants by noting that some of the positions reported include access to financial data and customer PII.

CISA Issues Warnings About Hackers Exploiting PwnKit Linux Security

Bleeping Computer: Cybersecurity and Infrastructure Security Agency has added PwnKit, a severe Linux vulnerability, to its bug list.

CVE-2021-4034 was identified as the security flaw in Polkit’s Polkit’s Pkexec component, which is used by all major distributions, including Ubuntu, Fedora and CentOS. PwnKit is a memory corruption bug that unprivileged people can exploit to gain full root rights on Linux systems with default configurations.

It was discovered by researchers at Qualys Information Security, who also found its source in the original commit of pkexec. This means that it affects all Polkit versions. It has been hidden in plain sight since May 2009, when pkexec was first released. The proof-of-concept (PoC) exploit code was posted online within three hours of Qualys publishing technical details about PwnKit.

How North Korea used Crypto to Hack its Way Through the Pandemic

New York Times: North Korea has suffered severe economic damage from the United Nations sanctions and coronavirus pandemic. The government warned of severe food shortages. Unidentified intestinal diseases began to spread among the population in June.

Yet, the country has conducted more missile tests than any other year. The government is providing luxury homes for party elites. North Korea’s leader Kim Jong-un has pledged to create advanced technology for its growing arsenal of weapons. The country will likely conduct a new nuclear test, its seventh, in the not-too-distant future.

Where did the money come from?

In April, the United States publicly accused North Korean hackers of stealing $620 million in cryptocurrency from Axie Infinity. This theft, the largest of its kind, is the most substantial evidence that North Korea’s use of cryptocurrency heists to raise money to support its regime during the pandemic and fund its weapon development and maintenance was highly profitable.

According to Chainalysis, North Korean hackers could have taken home nearly $400 million worth of cryptocurrency last year. North Korea’s total haul this year is just under $1 billion. These figures are to be viewed in context. According to South Korea’s statistical agency, $89 million was earned in official exports for the country in 2020.

North Korean State Agents Launch Cyberattacks on US Healthcare Orgs

Dark Reading: The FBI, US Cybersecurity and Infrastructure Security Agency and Treasury Department warned Wednesday about North Korean state-sponsored threat agents targeting US healthcare and public-health organizations. These attacks are using a new, unusually operated ransomware tool called Maui.

Multiple incidents have occurred since May 2021 in which threat actors using the malware have encrypted servers critical to healthcare services. They have also attacked digital diagnostic devices and electronic health records servers.

In a related story from WAFB News and Health IT Security, hospitals in Wisconsin, Georgia, and Louisiana reported separate healthcare cyberattacks. Reports of healthcare cyberattacks continue to roll in as threat actors advance their tactics and narrow in on widespread vulnerabilities in the sector. For example, at Baton Rouge General, LA, a Mayo Clinic care network member, reports of a cyberattack emerged on June 28. As of this report, the hospital has reverted to paper records. Other hospitals report various damage from system lockouts to compromised patient and employee records.

Paying Up Will Not Keep Your Data Secure, NCSC

ZD Net: The number of businesses paying a ransom following a ransomware attack is increasing. The UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) are asking attorneys to remind their clients that paying up may not keep their data safe.

In a joint letter, The NCSC and ICO noted a rise in ransomware payments. Also, they reasoned that some attorneys may have advised clients to pay ransoms to keep their data safe or avoid a financial penalty from ICO. However, both agencies warn that not only are ransom payments not condoned; such payments only serve to encourage hackers to push on with more attacks.

The joint letter also reminds UK businesses and organizations that ransom payment offers no guarantee that hackers will return data or keep it safe. They note that even though hackers provided an encryption key, some do not work correctly. It is also possible that cyber criminals may not keep their word and delete data stolen in a ‘double-extortion’ attack to intimidate victims into paying.

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

The Hacker News: Google’s Threat Analysis Group (TAG), Thursday’s disclosure by the Hacker News, revealed that it had blocked as many as 36 malicious websites operated by hacker-for-hire groups from India, Russia, or the UAE.

Hack-for-hire companies allow their clients to launch targeted attacks against corporates, activists, journalists, and other high-risk users like the surveillance ware environment. These operators are known to carry out intrusions on behalf of clients anxious to hide their roles in the attack.

One hack-for-hire operator allegedly launched a recent attack on an IT company in Cyprus, a financial technology company in the Balkans, a Nigerian education institution, and an Israeli shopping company to demonstrate the breadth of the victims affected.

An identical set of credential theft attacks against journalists, European politicians and non-profits was linked to a Russian threat actor named Void Balaur.

The same group may have also been working for the past five years to target individual accounts at major webmail providers such as Gmail, Hotmail and Yahoo! plus regional webmail providers such as abv.bg, mail.ru, inbox.lv and UKR.

AMD Breach was Due to Terrible Passwords

The Star: The Silicon Valley tech giant AMD was hit by a data breach last week. But that’s no big news. According to this story, what’s utterly amazing is that the hackers had help from employees using terrible passwords such as “password” and “123456.

According to SF Gate, AMD, a microchip manufacturer, was attacked by RansomHouse hackers.

In a statement, the semiconductor giant confirmed that there was a digital breach. But the company had no answers asked why employees of multinational manufacturers aren’t subject to standard password protection rules such as regularly changing passwords and including numbers and symbols in passwords.

Lesson learned: breaches are increasing — time has long since passed to take the threat seriously.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman