Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
It’s the first week of February, and SonicWall has continued to draw interest in the news for excellent products and relevant research. Ask by Geek calls the TZ400 one of the best firewalls for small businesses. Charged Retail cites SonicWall’s data to contextualize a breach in the retail sector. Networking+ discusses rising ransomware numbers using data from our threat report.
It’s been another busy week for the cybersecurity world. Bleeping Computer has the lowdown on a recent attack from Russia’s Sandworm hacking group. Dark Reading warns of the return of North Korea’s state-backed hacker organization known as Lazarus. Google Fi lost customer data in a breach reported on by TechCrunch. Info Security breaks down how threat actors have been impersonating DocuSign in an elaborate phishing scheme. Hacker News unravels a Realtek vulnerability that is wreaking havoc on IoT devices.
Keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.
TechToday, SonicWall News: According to a report by SonicWall, 2.8 billion malware attacks were registered, up 11% in the first half of 2022, marking the first increase in global malware volume in over three years.
Charged Retail, SonicWall News: The JD Sports incident is yet another example of the rise in cyberattack incidents, with the retail industry experiencing a 90% increase in ransomware attacks last year, according to a report from SonicWall.
Ask by Geeks, SonicWall News: One of the best small business firewalls is the SonicWall TZ400 Security Firewall. The SonicWall TZ400 NGFW Premium is considered a little more expensive than other firewall options, but its security, reliability, ease of use and unique features justify its price.
ITPro, SonicWall News: A study last year by SonicWall found that the retail sector saw a 264% surge in ransomware attacks between February 2021 and 2022. The widespread consumer shift to online shopping during the pandemic prompted hackers to escalate attacks against online retailers.
Networking+, SonicWall News: The chances of being hit by a ransomware attack are more significant than ever. Last year, global ransomware volume skyrocketed by 105% year over year, according to the 2022 SonicWall Cyber Threat Report. While no industry was spared, the numbers were particularly gruesome for governments. Ransomware attempts on government entities rose a staggering 1,885%. That’s more than double the increase reported by healthcare (755%), education (152%), and retail (21%) combined.
CyberSecurityInsiders, SonicWall News: 2022 saw a shifting cybersecurity landscape as rising geopolitical conflicts brought new tactics, targets, and goals for cybercrime. According to recent threat intelligence from SonicWall, global ransomware attempts declined 31% YoY as cybercriminals and nation-state actors opted for never-before-seen malware variants, IoT malware, and cryptojacking in attacks motivated by financial gain and state-sponsored hacktivism.
MedTechDive, SonicWall News: Ransomware attacks in which cybercriminals attempt to extort money declined by 23% overall during the first half of 2022 but increased 328% in healthcare, according to data from cybersecurity company SonicWall.
TechTarget, SonicWall News: Logically’s MSSP offerings include extended detection and response, endpoint detection and response, and MDR; enterprise-level managed firewall services; and cybersecurity assessments, according to Skeens. The company runs a SOC. The company’s IT security technology partners include SonicWall.
iTWire, SonicWall News: iTWire really could go on and on; the list of features is almost endless. There is a database of applications for intelligent packet analysis, support for IoT devices, DNS protection and more. However, the best thing right now is to take it for a spin yourself. You can demo the SonicWall NSsp series firewalls online without any installation or commitment and see all the features and benefits in action.
Strategic Risk, SonicWall News: There were 623 million ransomware attacks globally in 2021 according to Sonic wall, representing a 105% year on year increase. The UK saw a 228% surge and a 65% increase in never-seen-before malware.
Business Info, SonicWall News: Network security devices are essential for any business. They establish a firewall that will protect internal networks from external threats, such as attacks from the internet. The SonicWall TZ270 uses Real-Time Deep Memory Inspection to prevent cyber-attacks.
Silicon, SonicWall News: Speaking to Silicon UK, Rick Meder, VP of Strategic Partnerships and Platform Architecture at SonicWall, commented: “With most employees no longer within the protected perimeter of a traditional corporate network, the basic secure access tools in place for remote access workers have become quickly inadequate. The potential attack surface expands exponentially, oversite by security staff is met with extreme challenges, and policy complexity reaches levels like never before. Efforts to uphold an adequate security posture while maintaining workforce productivity quickly become overwhelming.”
Realtek Vulnerability is Real Problem for IoT Devices
A now-patched vulnerability in Realtek’s Jungle SDK has resulted in over 134 million hack attempts on IoT devices since August 2022. Threat actors have been abusing the vulnerability to try and infect devices across the globe. The exploit makes some devices manufactured by D-Link, ASUS, LG, Belkin and NETGEAR vulnerable. Hacker News warned users of the importance of updating devices regularly to protect them from exposure to attacks like this.
North Korean Lazarus Group Targeting Medical Research and Energy Intel
The North Korean hacker group known as Lazarus has made another appearance, this time targeting intel in medical research and the energy sector. The discovery was made by threat intelligence analysts at WithSecure. WithSecure was able to assert with high confidence that the attack came from Lazarus after discovering that the attacker made an operational security error. The actions carried out by Lazarus point to this being an intelligence-gathering attack. Per Dark Reading, Lazarus never lays low for long. They are a long-running group that is thought to be run by North Korea’s Foreign Intelligence and Reconnaissance Bureau. Lazarus first appeared on the scene in 2009 and has made numerous appearances since then with minimal time spent in the dark. Last year, Lazarus targeted Apple’s M1 chip in an attack. The group is a large source of income for the North Korean regime, so their attacks are usually both finance- and intel-based.
Sandworm Hacker Group Using Active Directory to Wipe Critical Files
A new malware capable of wiping critical files and data has been discovered following a cyberattack on a target in Ukraine. The malware, which the researchers who discovered it are calling ‘SwiftSlicer,’ uses Windows’ Active Directory Group Policy. The malware variant is being attributed to Russia’s Sandworm hacking group. According to Bleeping Computer, the target’s name has not been released. Sandworm recently attacked Ukrinform, which is Ukraine’s national news agency. A Tweet from ESET Research says, “Once executed, it deletes shadow copies; recursively overwrites files located in %CSIDL_SYSTEM%\drivers.” Bleeping Computer notes that by targeting that specific folder, the malware hopes to bring down entire Windows domains alongside wiping critical files. While the malware was only added to the Virus Total database on January 26, more than half of the antiviruses on the platform are currently detecting it.
Google Fi Loses Customer Data in Breach
Google’s cell phone service, Google Fi, lost customer data in a recent breach. The folks at TechCrunch believe it may be related to the recent T-Mobile breach that resulted in 37 million customers data being stolen. Google stated that information such as the content of calls and texts, payment card data, passwords, and customer personal information were not stolen in the breach. The attackers accessed limited customer information such as phone numbers, SIM card serial numbers and information on the type of plan customers were enrolled in. As of now, it’s unclear how many Google Fi customers were affected in the breach. Google has not made the total number of Google Fi customers public, so it is difficult to speculate how many people could be affected. Google notified customers in an email that they are attempting to secure the data and notify all customers whose data was taken.
Threat Actors Impersonate DocuSign to Target 10,000 People in Phishing Attack
A phishing attack from a group impersonating DocuSign targeted 10,000 users across multiple organizations. Attackers sent emails that managed to bypass security and reach the inbox of the targets. Cybersecurity researchers at Armorblox discovered the ploy and have issued guidance on how to avoid similar attacks. According to Info Security, victims were redirected to a fake DocuSign landing page after clicking the link provided in the email. The emails were sent from a valid domain to make it past security.
Celebrating 2023 With Expanded “3 & Free” – Matt Brennan
The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman
Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah
SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald
A New Era of Partnering to Win – Robert (Bob) VanKirk
Multiply Your Security with Multifactor Authentication – Amber Wolff