Cybersecurity News & Trends

SonicWall’s widely quoted threat reports (The Year of Ransomware and Mid-Year Update to the 2021 Cyber Threat Report) are still attracting US and European journalists and editors. This week, SonicWall scored another big hit with a report from Wall Street Journal. In industry news, the previously mentioned article in Wall Street Journal reports on the possible extradition of a Russian entrepreneur to the US. Meanwhile, US Government cybersecurity initiatives lean hard on partnerships with corporations and academia, banking regulators push hard on banks to report breaches quickly, the US House approves an additional $500 million for cybersecurity funding, and insurance companies run away.

SonicWall in the News

US Accuses Russian of Money Laundering for Ryuk Ransomware Gang

Wall Street Journal (US): A Moscow entrepreneur was detained during a vacation abroad this month and is now facing extradition to the US on charges that he helped a notorious Russian ransomware group launder payments. Denis Dubnikov, a Russian citizen, was expelled from Mexico and placed on a plane to Amsterdam, where Dutch police arrested him on Nov. 2 on a US charge of conspiracy to commit money laundering, according to his lawyer Arkady Bukh. Dubnikov, 29 years old, is being sought to stand trial as part of a Federal Bureau of Investigation investigation of Ryuk, which was linked to one-third of all US ransomware attacks in 2020, according to cybersecurity firm SonicWall.

Cryptojacking – A Poison For Latin America’s Digital Economy

Intelligent CIO (Brazil): Arley Brogiato, Sales Director, SonicWall Latin America, explains the risk of cryptojacking in the region. Like a pest that silently gnaws at corporate IT, cryptojacking does unnoticed, unconfronted and unresolved damage. This expression comes from the word ‘crypto,’ from cryptocurrencies and ‘jacking,’ which refers to something used illegally.

Sonicwall: ‘Largest Platform Evolution In Company History’ Unifies Cloud, Virtual & Hardware Portfolio

Scoop Sci-Tec (Singapore): SonicWall today announced the latest additions of its Generation 7 cybersecurity evolution, the largest in the company’s 30-year history. Driven by this innovation, SonicWall unifies cloud, virtual and hardware offerings across a single and fully integrated cloud-powered platform.

Toronto Transit Commission Still Recovering from Ransomware Attack

IT World (Canada): IT staff at the Toronto Transit Commission (TTC) are still dealing with the effects of a ransomware attack that was detected just as the weekend started. In a report released Friday, SonicWall said that it had logged 495 million ransomware attempts so far this year to date. At that rate, it said, 2021 will be the most costly and dangerous year on record.

Ransomware: How to Mitigate Attacks

ARN-IDG (US): Ransomware is a form of malicious software that encrypts a user’s sensitive data when deployed on a device. The victim is asked to pay a ransom to the attacker, usually in Bitcoin, to secure a decryption key or initiate a decryption process. Posted by Jeff Marshall, Country Manager & Regional Director.

Mitiga Releases Cloud Incident Readiness and Response Solution for Ransomware Attacks

CISION (US): Ransomware attacks are on the rise worldwide, increasing in complexity as cyberattackers adapt to defensive strategies. Recent research by SonicWall shows that ransomware attacks reached 304.7 million in the first half of 2021, exceeding the 304.6 million attacks logged in all of 2020.

Be Cyber Smart and Lock It Down

ELE Times: According to the widely quoted Mid-Year Update for the 2021 SonicWall Cyber Threat Report, ransomware attacks rose to 304.6 million in 2020, up 62% over 2019. The increase occurred as more of the US workforce started working from home due to the pandemic. There were also 226.3 million ransomware attacks through May of this year, up 116% year to date over last year. Author: Debasish Mukherjee: Vice President, Regional Sales APAC at SonicWall.

Industry News

NSA Director: Evolving Cyber Threats Require Deeper Public-Private Partnerships

Nextgov: The government has long leaned on partnerships with companies and academia to advance technology, but according to one top cybersecurity leader, the complexities of the modern conflict landscape warrant cross-sector collaboration that goes deeper than any before. “I do think that there is a realization that we can’t do this alone,” Gen. Paul Nakasone said Tuesday night at an Intelligence and National Security Alliance-hosted dinner in Virginia. “So, this partnership has to exist—and it’s got to get even more powerful.”

Banks Ordered to Promptly Flag Cybersecurity Incidents Under New US Rule

Reuters: US banking regulators on Thursday finalized a rule that directs banks to report any significant cybersecurity incidents to the government within 36 hours of discovery. Separately, the banking industry said it had completed a massive cross-industry cyber security drill that aims to ensure Wall Street knows how to respond in the event of a ransomware attack that threatens to disrupt a range of financial services.

More Than $500M For Cybersecurity Included in Sweeping House-Passed Package

The Hill: The House approved more than $500 million in cybersecurity funding on Friday as part of its version of President Biden’s roughly $2 trillion Build Back Better package. The social and climate spending bill, passed by a narrow vote of 220-213, would primarily funnel those funds to the Cybersecurity and Infrastructure Security Agency (CISA) to help address issues including cybersecurity workforce training and state and local government cybersecurity.

Beware the Chinese Ransomware Attack with No Ransom

Bloomberg: A breach by Chinese hackers of almost a dozen targets in Taiwan looked, on the surface, like just another ransomware attack: infiltrate a network, encrypt a ton of files, lock the owners out of their systems, and wait to be paid. But this one was different for what it didn’t contain and portends a type of threat that could hinder attempts by corporate and government leaders to make their computer systems more secure. Companies like the semiconductor maker Powertech Technology Inc., communications provider Chunghwa Telecom Co., plastics conglomerate Formosa Petrochemical Corp. and state-run petroleum company CPC Corp. were among those hit in May 2020 by the Chinese Winnti group. Last year, seven members were indicted by the US for a series of attacks that allegedly affected more than 100 high-tech and online gaming companies globally.

North Korean Hacking Group Targets Diplomats, Forgoes Malware

Dark Reading: A North Korean cyber-operations group has increased its focus on cyber espionage and targeting diplomats and regional experts, using captured user credentials to fuel phishing attacks and only rarely using malware to persist in targeted organizations. A new report found that the North Korean group mainly targets individuals in the United States, Russia, and China, and usually attempts to quietly harvest credentials, siphon off information, and — like many attacks attributed to North Korea — turn compromises into financial gain.

Iran-Backed Hackers Exploited Microsoft, Pose Major Cyber Threat

Fox News: Law enforcement agencies in the U.S., Britain, and Australia have issued a joint statement labeling an Iran-sponsored group as a serious threat to cyber security. The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Australian Cyber Security Center (ACSC), and British National Cyber Security Center (NCSC) released a joint cybersecurity advisory Wednesday that linked a group of hackers to the Iranian government.

Hackers Deploy Linux Malware, Web Skimmer on E-Commerce Servers

Bleeping Computer: Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops’ websites. The PHP-coded web skimmer (a script designed to steal and exfiltrate customers’ payment and personal info) is added and camouflaged as JPG image files common folders. The attackers use this script to download and inject fake payment forms on checkout pages displayed to customers by the hacked online shop.

Businesses Worried About Cyberattacks During the Holidays

CBS News: After a year of headline-grabbing ransomware attacks, businesses say they’re worried about the possibility they’ll face cyber intrusions this holiday season, a time when many of their cybersecurity operations rely on skeleton staffing. A whopping 89% of the respondents from the US, U.K., France, Germany, Italy, Singapore, Spain, South Africa, and UAE indicated that they were concerned about a repeat cyber intrusion ahead of the holiday season. However, 36% said they had no “specific contingency plan in place to mount a response.”

Insurers Run from Ransomware Cover as Losses Mount

Reuters: Insurers have halved the amount of cyber cover they provide to customers after the pandemic, and shift toward work-at-home drove a surge in ransomware attacks that left them smarting from hefty payouts. Major European and US insurers and syndicates operating in the Lloyd’s of London market face increased demand. They have been able to charge higher premium rates to cover ransoms, repair hacked networks, business interruption losses, and even PR fees to mend reputational damage.

In Case You Missed It

Cybersecurity News & Trends

SonicWall’s The Year of Ransomware and Mid-Year Update to the 2021 Cyber Threat Report are still circulating in US and European news outlets. Meanwhile, trade news is tracking SonicWall’s penetration into regional markets. In industry news, the FBI warns about Iranian hackers, the Robinhood hack took from customers and gave to the hackers, the BlackMatter ransomware had a coding flaw that lost millions, and the world of Superman and Batman was ransomed.

SonicWall in the News

How the Cloud Enables Fast, Easy Recovery from Ransomware and Disasters

CPO Magazine (US): Ransomware attacks are skyrocketing, fueled by the rise in remote work during the pandemic. There were more than 300 million ransomware attacks during the first half of this year — up 151% over 2020 — according to the 2021 Cyber Threat Report from security firm SonicWall.

Back to Basics: Hardware Security as the Ultimate Defense Against Ransomware Attacks

Techspective (US): Ransomware has been a growing threat for a while. But it seems 2021 is the year that evolving attacks have exploded worldwide — citing SonicWall’s “The Year of Ransomware” cyber threat update.

IT Paves the Way to Return To Village

Newsbook (Spain): SonicWall’s participation in a unique article about how IT helps companies return to rural Spain: The transfer of the usual areas of residence caused by remote work during the covid-19 pandemic has revealed the urgency of closing the digital divide between the different territories.

Education, One of The Main Targets of Cybercriminals

ComputerWorld /CSO (Spain): SonicWall byline article about the education sector. Written by Luis Fisas, SonicWall’s Southern Europe director.

Act Now To Protect Yourself Against Cybercrime

Bristol Post (UK): Cybercrime is a fast-growing threat to every organization online. According to the 2021 SonicWall Cyber Threat Report, in the first half of this year, there were 304.7 million ransomware threats – a rise of more than 150% on the same time last year.

Safe-T Group Boosts iShield with Advanced Ransomware Protection Capabilities

Yahoo Finance (New Zealand): Over just the past year, more than 495 million ransomware attacks have been logged by SonicWall, a leading publisher of ransomware threat intelligence, making 2021 the most costly and dangerous year on record.

Safe-T Group Announces Boost To iShield Consumer Cybersecurity Product

Proactive Investors (UK): Safe-T noted that over just the past year, more than 495 million ransomware attacks had been logged by SonicWall, a leading publisher of ransomware threat intelligence, making 2021 the most costly and dangerous year on record.

Can Small Companies and Branches Survive the Crisis?

Security Insider (Germany): This article reviews a SonicWall webinar about the global ransomware crisis.

SonicWall Merges Sales Regions

Channel Observer (Germany): This article discusses the news alert about SonicWall expanding the central Europe sales account.

Cyberattacks Cost the Education Sector An Average Of 2.34 Million Euros

El Economista (Spain): SonicWall Cyber Threat Report mentioned in an article about cybersecurity in the Education Sector.

SonicWall Reports Nearly ‘Unimaginable Upward Trend’ In Ransomware

Intelligent CISO (UK): SonicWall has recorded a 148% increase in global ransomware attacks through the third quarter of 2021.

10 Minute IT Jams – SonicWall VP Discusses SASE and Zero Trust

Techday Network (New Zealand): Virtual Interview with Vice President of Products Jayant Thakre. They discussed SASE and Zero Trust among other topics.

Types of Malware: How to Detect and Prevent Them

Security Boulevard (US): Cyberattacks are rampant, wreaking havoc on organizations of all sizes. SonicWall recorded 304.7 million global ransomware attacks during the first half of 2021, a 151% year-to-date increase.

A Record 714 million Ransomware Attacks Are Forecast By 2021

IT Reseller (Spain): Press release, the year of ransomware: There has been a 148% increase in global ransomware attacks so far this year, as well as a 33% increase in IoT malware globally, with spikes in the United States and Europe. Cryptojacking has also emerged, with a massive growth rate of 461% across Europe.

Industry News

FBI Warns US Companies About Iranian Hackers

CNN: Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, the FBI said in an advisory sent to US companies. In addition, Iranian hackers are interested in dark-web forums, where scammers leak information on their victims, such as stolen emails and network configurations.

Daily Crunch: Malicious hackers gain access to 7 million Robinhood customer names, emails

TechCrunch: A social-engineering hack led to Robinhood’s internal tools being accessed by an external party. According to the report, hackers took a database of more than 5 million customer email addresses and 2 million customer names. Also taken was a much smaller set of more specific customer data. For a company that recently posted somewhat lackluster earnings, it’s not a great look.

Travel Site reportedly hacked by a US intel agency; customers never informed

ARS Technica: According to a book published on Thursday, a hacker working for a US intelligence agency breached the servers of in 2016 and stole user data related to the Middle East. The book also says the online travel agency opted to keep the incident secret. The Amsterdam-based company decided that it didn’t need to notify customers or the Dutch Data Protection Authority because it wasn’t legally required to do so because the hack didn’t reveal sensitive or financial information.

Ransomware Criminals Lost Millions When Researchers Secretly Uncover Errors

ZDNet: A significant ransomware operation was blocked from collecting millions of dollars when a cybersecurity research group discovered a flaw in their code. Researchers found an error in the encryption that allowed files to be recovered without paying the ransom. The group, housed at Emsisoft, detailed the encryption error behind BlackMatter ransomware. They reportedly saved several victims from paying the ransom. The group kept the flaw secret until more people could be helped. Eventually, however, researchers disclosed the flaw and how they could undermine BlackMatter and provide decryption keys to victims of their attacks.

US Targets Darkside Ransomware And Its Rebrands With $10 Million Reward

Bleeping Computer: The US government targeted the DarkSide ransomware group and various rebrands with a $10 million reward for information leading to the identification or arrest of members of the operation. In addition, rewards of $5 million are also offered for information leading to the arrest of participants in a Darkside attack.

The US Joins International Cybersecurity Partnership Previously Ignored

CNN: The United States has joined an 80-country agreement that condemns reckless behavior in cyberspace and seeks to mobilize resources to secure the software supply chain that the Trump administration declined to join. Vice President Kamala Harris announced the agreement on Wednesday following a meeting with French President Emmanuel Macron.

Hackers Face Up To 100 Years in Prison If Prosecuted in the US

FoxNews: Suspected hackers connected to the cyber ransom group ‘REvil’ have been arrested and charged by the Department of Justice. The group attacked JBS Beef, the world’s largest meat supplier in the US, and tech company Kaseya. Officials also recovered $6 million in ransom payments extorted by the hackers. Cybersecurity expert and attorney Leeza Garber joined The National Desk Thursday to provide more information on these hackers.

Electronics Retailer MediaMarkt Hit by Ransomware Demand for $50M Bitcoin Payment

CoinDesk; MediaMarkt, Europe’s largest electronics retailer, has reportedly been hit by a Hive ransomware attack with demands to pay $50 million in bitcoin. The attack by the Hive ransomware group encrypted MediaMarkt’s servers, causing the retailer to shut down its IT systems to prevent further problems. That caused many stores, mainly in the Netherlands, to be unable to accept credit and debit card payments. Germany-based MediaMarkt has more than 1,000 stores across the continent.

Ukrainian Hackers Indicted in Texas After $6.1 Million Ransomware Attack

SanAngelo Live: The US Justice Department has taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States. An indictment unsealed on Nov. 8 charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company. The department also announced today the seizure of $6.1 million in funds linked to the attacks.

Major Comics Distributor Regains Access to Its Website Following A Ransomware Attack

GamesRadar: The comic book world of Superman and Batman were attacked by ransomware earlier this week. The attack affected one of the print comic books’ largest distributors, Diamond Comic Distributors. Diamond Comics updated the report saying that they have regained access to some of the systems initially taken down as part of what the company confirmed was a third-party ransomware attack that began on Nov. 5. On Nov. 11, Diamond reported that it regained access to its main website (, and it is now functioning for public usage.

In Case You Missed It

Cybersecurity News & Trends

SonicWall’s latest cybersecurity report titled The Year of Ransomware circulated through news outlets worldwide with the eye-catching headline: “148% surge in global ransomware attacks.” In industry news, the US offers a $10 million bounty on hacker groups responsible for the Colonial Pipeline attack. In contrast, nervous hackers apologize to Arab royal families for exposing private information and defend their “industry” after US investigators bring down REvil.

SonicWall in the News

Euro Police Swoop in on 12 Suspected Ransomware Gang Members

Infosecurity Magazine: Twelve threat actors were singled out by Europol last week in a significant ransomware operation targeting multiple organized crime groups. The unnamed suspects may have been involved in deploying LockerGoga, MegaCortex and Dharma malware. According to SonicWall data released last week, the number of ransomware attacks in the first three quarters of 2021 surged 148% year-on-year to reach 470 million.

SonicWall: ‘The Year of Ransomware’

Dark Reading: Citing SonicWall’s “The Year of Ransomware” report, there was a 148% surge in global ransomware attacks (495 million) year to date. The third-quarter surge makes 2021 the worst year SonicWall has ever recorded.

SonicWall VP Discusses SASE And Zero Trust

Security Brief Asia: Announcing Techday’s 10 Minute IT “jam” for an in-depth discussion on insights into technology in the Asia-Pacific region. The video featured SonicWall Vice President of Products, Jayant Thakre, discussing firewalls, network security, cloud security and more.

Ransomware Soars 148% to Record-Breaking Levels in 2021

InfoSecurity: The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall.

500 million Attempted Ransomware Attacks (So Far)

MSSP Alert: SonicWall expects to record 714 million attempted ransomware attacks by the close of 2021, according to the company’s latest cybersecurity report titled “The Year of Ransomware.”

Ransomware Attacks Increased 148% In Q3 2021, Showing No Sign of Slowing

Help Net Security: SonicWall recorded a 148% increase in global ransomware attacks through the third quarter (Q3) of 2021. With 470 million ransomware attacks logged by the company this year, 2021 will be the most costly and dangerous year on record.

The Terrifying Truth About Ransomware

Security Boulevard: Headlines are screaming with ransomware attacks and the ever-increasing payout demands. According to SonicWall, ransomware attacks have risen 158% in North America and 62% worldwide between 2019 and 2020.

Industry News

$10 Million Reward for Information on DarkSide Ransomware Group

The Hacker News: Responding to the Colonial Pipeline attack earlier this year, the US government on Thursday announced a $10 million reward for information that may lead to the identification or location of the leaders of the DarkSide ransomware group. The bounty includes any of the DarkSide rebrands. Additionally, the US State Department offers rewards of up to $5 million for intel and tip-offs that could result in the arrest and conviction in any country of individuals who are conspiring or attempting to participate in intrusions affiliated with the transnational organized crime syndicate.

Washington Sets Record for Data Breaches And Ransomware Attacks

Seattle Times: So far, in 2021, the citizens of the State of Washington have seen 6.3 million notices of data breaches. According to State Attorney General Bob Ferguson, this is a record for the state with 280 data breaches reported, blowing past the previous record of 78 and last year’s total of 60. The report says that the previous record for breach notices was set in 2018, with 3.5 million messages sent.

US Cyber Command Carries Out A ‘Surge’ To Address Ransomware Attacks

CNN: US Cyber Command head and director of the National Security Agency Gen. Paul Nakasone said Wednesday that the US had “conducted a surge” over the past three months to address the problem of ransomware attacks on US interests. Nakasone said the US government had aimed at funding sources for ransomware operatives, many of whom are based in Russia and Eastern Europe and who have made millions extorting US companies.

Nintendo Switch Hacker Gary Bowser Pleads Guilty, Will Pay $4.5 Million

ScreenRant: Gary Bowser, nicknamed the Nintendo Switch hacker by the news media, has pled guilty to charges and will pay $4.5 million. The case related to Bowser’s hacking of Nintendo’s portable console called “Switch.” In 2020 Nintendo began pursuing groups of hackers illegally breaking into Nintendo Switch consoles and selling kits through the internet. In May 2020, Nintendo filed lawsuits against the Switch hackers, leading to a legal battle that lasted nearly a year.

Ukraine Charges 5 Hackers Allegedly Working for Russia

NC Advertiser: Ukraine has filed espionage charges and attempted state overthrow against five people who allegedly were part of a hackers group controlled by Russia. The Security Service of Ukraine said Friday that the hackers’ group known as “Armageddon” was responsible for some 5,000 cyberattacks on Ukrainian state agencies since 2014.

Hackers Gained Access to Mysa Gov Accounts, Including License and Rego Details

ZD Net: This week, South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber-attack. mySA Gov is the South Australian government’s online platform and app that provides residents with single account access for the state’s services, such as checking into a venue or completing transactions for vehicle registration.

Hackers Apologize to Arab Royal Families for Leaking Their Data

Vice: In October, the infamous ransomware gang known as Conti released thousands of files stolen from the UK jewelry store Graff. Among the data Conti leaked, sensitive information belonging to celebrities like David Beckham, Oprah Winfrey, and Donald Trump. And, according to The Daily Mail, there was also information belonging to the UAE, Qatar, and Saudi royal families. Now, the hackers would like the world to know that they regret their decision, perhaps partly because they released files belonging to very powerful people. The quote of the day comes from Allan Liska, a cybersecurity researcher: “Bluntly, UAE sends assassination teams to deal with people they don’t like. Even ransomware groups are subject to political pressure.”

Ransomware Hackers Nervous, Allege Harassment from the US

NBC News: After US agents down REvil, a major ransomware group, nervous hackers try a little rational argument to defend their practice of holding computers for ransom. Several ransomware gangs posted lengthy anti-U.S. screeds, viewed by NBC News, on the dark web. In them, they defended their practice of hacking organizations and holding their computers for ransom. They appear prompted by the news, reported Thursday by Reuters that the FBI had successfully hacked and taken down another major ransomware group called REvil.

While the REvil takedown was the first of its kind made public, nobody expects that this one act will curb ransomware attacks. However, the reaction from fellow hackers is also notable. The Conti Group — which recently begged forgiveness for a previous hack that exposed prominent Arab royalty while they regularly lock down hospital computers and hold them for ransom — wrote that it would be undeterred by the US action and that hackers are the actual victims.

In Case You Missed It

Cybersecurity News & Trends

News outlets continue quoting the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.  Meanwhile, SonicWall’s The Year of Ransomware report catches attention with third-quarter data: a 148% surge in global ransomware attacks making 2021 the worst year ever recorded. In industry news, hackers launch SEO poisoning, Microsoft launches a cybersecurity job campaign, U.S. cyber teams take down REvil, and Russian hackers hide behind American home Wi-Fi networks.

SonicWall in the News

‘The Year of Ransomware’ Continues with Unprecedented Late-Summer Surge

AIThority: Citing SonicWall’s “The Year of Ransomware” report, there was a 148% surge in global ransomware attacks (495 million) year to date. The third-quarter surge makes 2021 the worst year SonicWall has ever recorded.

The World Is Now Facing a Spate of Coordinated Cyber Attacks

Telecom TV: Ransomware incursions have reached “pandemic levels” while old-fashioned DDoS attacks still pack a punch. Meanwhile, “never-before-seen” malware variants are emerging every day, according to a recent cyber threat report from SonicWall. The author goes on to name SonicWall “the world’s most quoted expert on ransomware.”

Unprecedented and Coordinated Cyber Attacks

National Security News: An “unprecedented” and “coordinated” spate of cyberattacks is hitting many U.K. VoIP services. So says the Comms Council in the U.K. There have been 495 million known ransomware attacks perpetrated so far this year, according to a recent threat report from SonicWall titled “The Year of Ransomware.”

Thwarting Phishing Threats with Simulations

Security Boulevard: Social engineering schemes continue to flourish, making their way into company inboxes with the intent to mislead employees into downloading malicious software. How likely is this to happen to your company? According to SonicWall, there was a record-high 304.7 million ransomware attacks in the first half of 2021. So the short answer is, it’s very likely.

How Safe is the U.K. From Cybercrime?

TechMonitor: The U.K. comes fifth in a new global ranking that combines five cybersecurity and anti-money laundering protections indices. The author notes the growing importance of countering phishing and ransomware attacks, significantly as the latter has increased by 151% in the first half of 2021, from the same period in 2020, according to the mid-year update on SonicWall’s Cyber Threat Report.

The Invisible War

Handelsblatt (Germany): An outstanding article in one of Germany’s most important daily newspapers mentions SonicWall as an expert in cybersecurity and quotes the 2021 Cyber Threat Report Mid-Year Update. The authors cite several vital stats from the report to explain the rise of various threats that have weakened cybersecurity throughout the world. The article appeared online and in the print issue of the publication.

How to Create a Relevant Cybersecurity Strategy

Accounting Web (U.S.): Using SonicWall’s Mid-Year Update on the 2021 Cyber Threat Report, the author illustrates the sharp rise in cybersecurity attacks. The article is mostly about how CPAs and other accounting professionals play a crucial role in protecting financial data. However, the author also provides an overview of the most common cyberattacks, such as malware and phishing, and offers tips on making sure your organization has the proper protections in place.

‘Clumsy’ BlackByte Malware Reuses Crypto Keys, Worms into Networks

Dark Reading (U.S.): A unique malware named “BlackByte” was discovered during a recent incident response engagement. The malware reportedly avoids Russian computers and uses a single symmetric key for encrypting every compromised system. Additionally, the report cites SonicWall’s “Cyber Threat Report: Mid-Year Update” and notes that the number of ransomware attacks in the first half of the year rose 150% to almost 305 million.

Industry News

Ransomware Gangs Use SEO Poisoning to Infect Visitors

Bleeping Computer: SEO poisoning, also known as “search poisoning,” is an attack method that relies on optimizing websites using ‘black hat’ SEO techniques to rank higher in Google search results. Due to their high ranking, victims who land on these sites believe they are legitimate, and actors enjoy a heavy influx of visitors who look for specific keywords. According to this story, two campaigns have surfaced recently. One is linked to Gootloader and the other to the SolarMarker backdoor. Most campaigns deploy SEO poisoning payloads via PDFs that drop the malware into the victim’s device. Additionally, threat actors use redirects to prevent their sites from being removed from search results. Adding to the problem, threat actors also hacked the Formidable Forms plugin found on many WordPress websites.

Microsoft Launches Campaign to Fill 250,000 Cybersecurity Jobs

Axios: Microsoft announced Thursday that it’s launching a national campaign to help fill 250,000 cybersecurity jobs in the U.S. by 2025, including providing a free curriculum to every public community college. The company’s president Brad Smith warned that the current workforce shortage is at crisis levels and threatens to undermine the country’s ability to protect itself against cyber and ransomware attacks.

U.S. to Create Diplomatic Bureau to Lead Cybersecurity Policy

Dark Reading: Plans are underway to revitalize the State Department and make cybersecurity a core priority with the addition of 500 new civil service positions, a 50% increase in its information technology budget, and the creation of the Bureau of Cyberspace and Digital Policy, officials have announced.

Ransomware Hackers Freeze Millions in Aid for Papua New Guinea

Bloomberg: The government’s payment system was locked by attackers last week. Hackers demanded payment from the nation hard hit by Covid-19. While government officials restored the system, they claimed they did not pay a ransom.

Martin County Tax Collector’s Possibly Hit by Ransomware Attack

WPTV News: A possible ransomware attack may have caused a lengthy closure of the Martin County Tax Collector’s offices for nearly two weeks. The Florida county office has been sending residents to a nearby county for help with processing payments. WPTV news investigated the incident when county officials did not explain the lengthy “network problems” they were experiencing.

Avista Warns Customers of Ransomware Attack

KXLY News: Avista, the chief energy provider for the Pacific Northwest, announced that one of its energy efficiency vendors was the target of a ransomware attack earlier this month. The company said it doesn’t believe any of its customers’ sensitive information was compromised. However, the company also noted that hackers got access to customers’ email addresses, utility numbers, service addresses and energy usage.

Feds Take Down Top Ransomware Hacker Group REvil

The Verge: The government has successfully hacked the hacking group REvil, the entity behind the ransomware that’s been linked to leaked Apple leaks, attacks on enterprise software vendors, and more, according to a report from Reuters. The outlet’s sources tell it that the FBI, Secret Service, Cyber Command, and organizations from other countries have worked together to take the group’s operations offline this month. In addition, the group’s dark web blog, which exposed information gleaned from its targets, is also reportedly offline.

Russian Hackers Reportedly Hid Behind Americans’ Home Networks to Mask Their Activities

Gizmodo: In case you missed it, the “SolarWinds” hackers are back. A recent report from Microsoft researchers shows that certain cyber-spies—believed to be members of Russia’s Foreign Intelligence Service—have been targeting droves of American tech firms with a new hacking campaign. According to Microsoft and other sources, Russian military hackers used weaknesses in home WiFi networks to wage hacking campaigns against high-level American targets.

In Case You Missed It

Cybersecurity News & Trends

The news outlets are back to quoting the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, with a big hit in Germany in Handelsblatt, a major news outlet. In industry news, analysts debate the significance of “killware,” hackers are stealing telecom records, hosting admins sentenced with RICO charges, Dark Web goes darker, Macs are still safer, and beware of YouTube trojans.

SonicWall in the News

The invisible war – how global hacker gangs threaten our security and prosperity

Handelsblatt (Germany): An outstanding article in one of Germany’s most important daily newspapers mentions SonicWall as an expert in cybersecurity and quotes the 2021 Cyber Threat Report Mid-Year Update. The authors cite several vital stats from the report to explain the rise of various threats that have weakened cybersecurity throughout the world. The article appeared online and in the print issue of the publication.

SonicWall’ Returns Choice’ To Customers by Securing Different Network Environments

Security Brief (Asia): SonicWall has declared that organizations should no longer change how they operate to secure their networks, devices and people, prompting the company to bring ‘customer choice’ back into its range of cybersecurity solutions.

Protect any network combination

LANline (Germany): This article picked up SonicWall’s media alert on protecting virtual, hybrid, cloud-based and local systems with SonicWall.

SonicWall Webinar: Can small companies and branches survive the crisis?

Infopoint Security (Germany): This article promotes a SonicWall webinar that shows how small businesses can best protect themselves during the “crisis” of increased cyberattacks.

Could your company recover from a ransomware attack?

BizJournals (U.S.): Citing SonicWall’s mid-year update on the 2021 Cyber Threat Report, the author notes the sharp rise in ransomware attacks in North America as a reason for companies to create contingency plans.

How to Create a Relevant Cybersecurity Strategy

Accounting Web (U.S.): Using SonicWall’s Mid-Year Update on the 2021 Cyber Threat Report, the author illustrates the sharp rise in cybersecurity attacks. The article is mostly about how CPAs and other accounting professionals play a crucial role in protecting financial data. However, the author also provides an overview of the most common cyberattacks, such as malware and phishing, and offers tips on making sure your organization has the proper protections in place.

‘Clumsy’ BlackByte Malware Reuses Crypto Keys, Worms into Networks

Dark Reading (U.S.): A unique malware named “BlackByte” was discovered during a recent incident response engagement. The malware reportedly avoids Russian computers and uses a single symmetric key for encrypting every compromised system. Additionally, the report cites SonicWall’s “Cyber Threat Report: Mid-Year Update” and notes that the number of ransomware attacks in the first half of the year rose 150% to almost 305 million.

The Ransom Disclosure Act Proposed — Gives 48 Hours to Report Ransom Payments

LinkedIn Pulse: Citing Ransom Disclosure Act legislation proposed in the U.S. Senate, the author offers “hard-numbers perspective” of data from the Mid-Year Update on the 2021 SonicWall Cyber Threat Report, ransomware attacks surged a staggering 304.7 million attempted ransomware attacks within SonicWall Capture Labs’ Capture Threat Network, which monitors and collects information from global devices.

Industry News

DHS Secretary: “Killware” Malware Designed to Do Real-World Harm

CPO Magazine: This article opens with comments made by U.S. Department of Homeland Security Alejandro Mayorkas where he asserts that “killware is poised to be world’s next breakout cybersecurity threat.” The reference is on recent attacks on water treatment plants and hospitals where hackers could – in theory – trigger events that may harm or kill people. Mayorkas’ claim appears to be backed up by research from Gartner that projects that threat actors will be weaponizing operational environments to harm and kill people within the next four years. While the danger is real, other analysts believe that the “hype is bigger than the threat, for now.” While the attacks on SolarWinds and the Colonial Pipeline are very worrisome, and the recent attempted attack on a water treatment plant in Florida is alarming to the extreme, they are not necessarily harbingers of imminent danger. Since nearly all cybercrime is motivated by profit, we need to define… “exactly when a given cyberattack moves from being a purely criminal matter to a national security threat,” said one analyst. “If cyberattacks, especially those perpetrated across international boundaries, regularly cause bodily harm or loss of life, they will receive treatment as a threat to national security.”

Cybercrime Group Hacking Telecoms to Steal Phone Records

Gizmodo: A new report shows that a particular hacker group, believed to be based in China, has been targeting telecommunication companies all over the world. The report, which goes into a significant amount of detail, shows that the hackers behind the campaign have managed to infiltrate 13 different global telecoms in the span of just two years. Reuters reports that this has included exfiltrating “calling records and text messages” directly from carriers.

Hosting Administrators Sentenced for Helping Cybercrime Gangs

Bleeping Computer: Two Eastern European men were sentenced to prison on Racketeer Influenced Corrupt Organization (RICO) charges for bulletproof hosting services used by multiple cybercrime operations to target U.S. organizations. They provided cybercrime-affiliated clients with the infrastructure needed to host exploit kits and run malicious campaigns distributing spam emails and malware for roughly seven years, between 2008 and 2015.

The Dark Web Goes Darker and Busier

TechSpot News: Cybercrime services cost less than $500, and stolen data now spreads 11 times faster than it did six years ago, according to a recent study by BitGlass. Why this matters: The dark web is not only alive and kicking, and it’s growing more dangerous than ever.

Cybersecurity Offers Jobs, High Wages — If Enough People Can Be Trained

Argus Leader: As people consider careers or new options in work, high-paying jobs in traditional fields like health may come to mind, but one industry is prospering from protecting the data of others. Cybersecurity, the protection of computer systems and networks, is emerging as a promising industry with more than enough jobs. The issue? There aren’t enough faculty to train people to fill that work.

Macs Still Targeted Mostly with Adware, Less with Malware

Dark Reading: For people who rely on Macs, the news is a little better. An ongoing study of vulnerabilities, the top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware. Apple Macs are not immune to malicious attacks. Still, outside of some significant nation-state efforts, new research shows that bad actors continue to use adware as the method of choice to make money from infecting the macOS operating system.

Massive Campaign Uses YouTube to Push Password-Stealing Malware

Tech Times: Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers. Initially reported by Bleeping Computer, video descriptions may contain links that lead to password-stealing trojan malware. These infections quietly run on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors. When installed, the malware will communicate with a Command & Control server, where it waits for commands to execute by the attacker, which could entail the running of additional malware. According to this report, the best way to avoid the attack is not to click links in the video description.

In Case You Missed It


Cybersecurity News & Trends

SonicWall’s push for the cloud generated quite a bit of attention. The company’s growing virtual, cloud, and hybrid offerings leverage the best of SonicWall’s Boundless Cybersecurity approach and return choice to the customer. In industry news, the unfortunate rise of “killware,” the world is talking about Russian hackers without Russia, Verizon’s Visible problem, Quest fertility clinic has a breach, and a Pentagon cyber official quits.

SonicWall in the News

SonicWall Returning Choice to Customers by Securing Any Mix of Cloud, Hybrid and Traditional Networks

ITNews: SonicWall, a global leader in physical, virtual and cloud-focused cybersecurity solutions, emphasizes the return of customer choice for securing and scaling a mix of cloud, hybrid and traditional environments.

SonicWall Returning Choice to Customers by Securing Any Mix of Cloud, Hybrid and Traditional Networks

BusinessInsider: SonicWall’s growing virtual, cloud and hybrid offerings leverage the best of the company’s Boundless Cybersecurity approach returning deployment choices to the customer.

SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks

TheHackPosts: SonicWall’s cloud innovation and collaboration with organizations worldwide to build some of the safest and strongest hybrid networks.

SonicWall Gives Organizations Freedom of Choice In All Types Of Security Architectures 

Byte (Spain): With its virtual, cloud and hybrid offerings, SonicWall takes full advantage of the enterprise’s unlimited cybersecurity approach to return deployment choice options to the customer.

A Brief Insight into The Complex Topic Of IoT Security

Industry of Things (Germany): This article deals with attacks on IoT devices and the complex issue of defending networks. It cites the SonicWall mid-year update on the 2021 Cyber Threat Report to raise the urgency.

SonicWall Is a Company Highly Valued by The Channel

Newsbook (Spain): SonicWall’s Sergio Martinez was interviewed about the company’s great first fiscal semester in Spain.

Industry News

The Next Big Cyberthreat Isn’t Ransomware. It’s Killware.

USA Today: The headline is just as bad as it sounds. As most Americans are still learning about ransomware, USA Today says our top security experts are worried about an even more dire development: killware, cyberattacks that can literally end lives. While the Colonial Pipeline ransomware attack in April triggered a region-wide shortage of gasoline, another earlier attack tried to distribute contaminated water to residents. According to this news outlet and others, the Oldsmar Water Treatment facility’s attempted hack in Florida came “very close” to achieving its goal. The fact that the attack was not for financial gain but instead purely to harm, Homeland Security Secretary Alejandro Mayorkas remarked that the incident “should have gripped our entire country.” Mayorkas and cybersecurity experts said the Oldsmar intrusion indicates that hackers are targeting critical parts of the nation’s infrastructure – everything from hospitals and water supplies to banks, police departments and transportation – in ways that could injure or even kill people.

U.S. talks global cybersecurity without a key player: Russia

A.P. News: The U.S. got into a week-long huddle with 30 other countries to discuss a unified cybersecurity strategy. Obviously absent: Russia. Russia is one country that, unwittingly or not, hosts many of the criminal syndicates behind the recent rise of ransomware attacks. The fact that none of the other participants invited Russia to the two-day meeting marks a big move to publicize the growing disapproval of Russia’s inability (or unwillingness) to reel in cybercrime gangs. White House national security adviser Jake Sullivan likened gathering “like-minded” governments as an urgent attempt to protect citizens and businesses. The virtual discussions will focus in part on efforts to disrupt and prosecute ransomware networks like the one that attacked a major U.S. pipeline company in May.

High-Profile Breaches Are Shifting Enterprise Security Strategy

DarkReading: The attacks against Microsoft Exchange and SolarWinds highlighted enterprise concerns over supply chain vulnerabilities and attack visibility. Dark Reading’s 2021 Strategic Security Survey shows that high-profile incidents drove changes in enterprise security strategies over the past year. In the survey, 54% of respondents describe top executives as paying more attention and prioritizing cybersecurity because of the increased media attention around incidents.

Verizon-owned Visible network suffers suspected data breach.

XDA: Visible, a Verizon-owned company, says that it is aware of an issue where some member accounts were accessed and charged without authorization. It’s not clear if Visible itself suffered a data breach or if the attackers used usernames and passwords obtained from other data breaches to log in — a tactic known as credential stuffing. Some Visible subscribers claim that they have randomly generated passwords for their accounts and that they are not used elsewhere, which would indicate Visible itself had a security breach.

Quest-owned fertility clinic announces data breach after August ransomware attack.

ZDNet: Quest Diagnostics informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company. The attack led to a data breach that exposed a significant amount of health and financial information for about 350,000 ReproSource patients. Quest released a statement to ZDNet, saying that ReproSource notified patients that it experienced a data security incident and that an unauthorized party may have accessed or acquired some patients’ protected health information and personally identifiable information.

Israel on heightened alert after hospital hit with a ransomware attack

Times of Israel: After a ransomware cyberattack targeted the Hillel Yaffe Medical Center in Hadera Wednesday, Israel’s National Cyber Directorate said there were heightened fears of other hospitals being targeted. The directorate also issued a general warning to Israeli businesses to be aware of potential cyberattacks as the country faces an uptick in hacking attempts. Separately, in a letter to hospitals around the country, the Health Ministry urged them to print out patients’ medical files amid the fear of more cyberattacks.

A Pentagon official said he resigned because U.S. cybersecurity is no match for China.

BusinessInsider: “We have no competing fighting chance against China in fifteen to twenty years,” said Nicolas Chaillan, formerly a high-ranking member of the software and security teams for the U.S. Pentagon and the U.S. Air Force. He quit in September and told the Financial Times last week that the U.S. was far behind China on A.I. security development, commenting that the U.S. capabilities and cyber defenses of some government departments were at “kindergarten level.”

In Case You Missed It


Cybersecurity News & Trends

It been a big news week as conversations about the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, the Boundless Cybersecurity Model, and the 30th Anniversary filled up pages. SonicWall got a big boost from a story about a new ransom disclosure bill when the co-sponsoring senators (Warren and Ross) mentioned data from the Threat Report in their press releases. In industry news, MIT designs a cybersecurity fire drill, “urgently needed rules” fail to impress and Facebook is crystal clear: outage was not a hack.

SonicWall in the News

New Bill Would Require Ransom Disclosure Within 48 Hours

U.S. Senators Warren and Ross have introduced legislation requiring ransomware victims to report payments within 48 hours of the transaction. Warren and Ross cited figures from SonicWall’s Mid-Year Update to the 2021 SonicWall Cyber Threat Report noting that ransomware attacks rose 62% worldwide between 2019 and 2020 and 158% in North America.


Warren Drafts’ Ransom Disclosure Act’ as Ransomware Attacks Increase

Be In Crypto (USA): The legislation proposes that victims of ransomware attacks in the U.S. file an incident report within 48 hours of payment. The bill’s co-sponsors used data from the Mid-Year Update to the SonicWall 2021 Cyber Threat Report.


In The Face of More Lethal Attacks, A New Cyberdefense.

BYTE (Spain): The article notes that 2021 has already been a record year for cybercrime, and there is still a quarter to go. The article describes the cybercrime landscape by citing data from SonicWall’s Mid-Year Update to the 2021 SonicWall Cyber Threat Report.


Egnyte Expands Ransomware Protection and Adds Ransomware Recovery

ChannelProNetwork (Blog): Citing 304.7 million ransomware attacks in the first half of 2021 as reported by the Mid-Year Update to the 2021 SonicWall Cyber Threat Report. The author describes methods for recovery from ransomware attacks.


SonicWall Is Geared Up with the Boundless Cybersecurity Model to Address the New Business Normal

VARIndia (India): The article includes commentary from SonicWall’s Debasish Mukherjee, VP Regional Sales, APAC, about SonicWall’s role in helping companies and organizations transition. Debasish comments that the current era of the ‘anytime, anywhere business’ is forever changing the shape of the I.T. and business landscape.


5 Key Cybersecurity Trends to Know, for 2021

The Clinton Courier: The author describes significant trends for cybersecurity this year based on Mid-Year Update to the 2021 SonicWall Cyber Threat Report.


Celebrating 30 years, SONICWALL, the leader in CYBERSECURITY

TechFeedThai (Thailand): SonicWall Solution Provider Cybersecurity for SMBs and Large Enterprises Celebrates 30 years since its inception in August 1991. The story also announces an offer by a regional SonicWall product distributor to perform threat assessments for local businesses.


Why Email is Your Biggest Cybersecurity Threat

ACE IT (blog): According to SonicWall, email remains a primary way people share information, with over 320 emails sent per day. In addition, the blog notes that through the massive shift to work-from-home, email became “the most extensive channel for all forms of phishing and ransomware attacks.”


MSPs: Ransomware Is Your Wake-Up Call to Deliver Non-Negotiable and Comprehensive Security

MSP Insights: Noting that ransomware attacks are only becoming more prevalent, more dangerous, and more costly, the report cites ransomware attacks increased 158% in North America last year, from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.


Cybersecurity Report: Record 304.7 million Ransomware Attacks

vTechio Blog: Quoting SonicWall’s Mid-Year Update to the 2021 SonicWall Cyber Threat Report: the number of attacks eclipses 2020 global totals in just six months. With this data, the writers explain, it’s clear that cybercrime has reached a new and unsettling paradigm.


Cybersecurity – Attack and Defense Strategies

Packt: Promoting the Second Edition of a book, the publisher notes “32.7 million IoT attacks” from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the current threat landscape. They also note that malware leveraged during an IoT-related attack infects routers and can facilitate data theft.

Industry News

What Happened to Facebook, Instagram, & WhatsApp?

Krebbs on Security: Earlier this week, Facebook (with Instagram, WhatsApp) suffered a massive outage that lasted almost seven hours. While many news organizations speculated that attackers hacked Facebook, Krebbs Report suggested “something inside Facebook” triggered a company-wide revocation of vital digital records that point computers and other devices to Facebook’s assigned resources. Reportedly, during the early part of the outage, employees on-premises could not use passcodes and electronic I.D. badges. Krebbs also speculated that the company’s Border Gateway Protocol (BGP) was affected. The BGP is a chunk of code that Internet Service Providers worldwide share for routing traffic through the complex array of Internet Protocol addresses. On Wednesday, details about the outage appeared to confirm reporting from Krebbs. Also, in the face of rising concerns about cybersecurity, Facebook is crystal clear that the hours-long outage had nothing to do with hackers.


Cyberattack Fire Drills: Is Your Company Prepared?

Harvard Business Review: Preparing for the unexpected is much easier said than done. In the case of cyberattacks, many companies have vulnerabilities that they don’t know about. Many organizations can benefit from instituting fire drills and exercises that test a company’s response plan for a cybersecurity catastrophe. Drills can reveal gaps in security, response plans, and employees’ familiarity with their roles. Research for this article was supported by the Cybersecurity at MIT Sloan consortium and Boston Consulting Group.


Cybersecurity Budgets for Industrial Control Systems and Operational Tech Increasing

ZDNet: Nozomi Networks and the SANS Institute released a survey that revealed companies had invested more in cybersecurity to protect industrial control systems (ICS). Of 480 responses, 47% reported that their cybersecurity budgets increased over the past two years, 32% said there had been no change, and 15% said they had at least one cybersecurity event in the last 12 months. 


Senators Introduce Bill to Strengthen Federal Cybersecurity After Attacks

The Hill: A bipartisan bill was introduced in the U.S. Senate last Monday stipulating overhaul and improvement for federal cybersecurity policy. The legislation aims at the Federal Information Security Modernization Act, signed into law in 2014, and clarifies reporting requirements for federal agencies if hackers successfully target them.


New’ Urgently Needed’ Cybersecurity Rules for Pipelines Draw Mixed Reviews

Last July, the U.S. Transportation Security Administration issued “urgently needed” emergency rules to strengthen the cybersecurity of the nation’s most essential energy pipelines. The effort followed the Colonial Pipeline shut down earlier this year sparked massive fuel shortages and gasoline panic-buying. The regulations recognize that voluntary compliance is not working. However, according to industry officials and some analysts, TSA administrators wrote the new rules in such a way that implementing them could hamper pipeline reliability.


Why Today’s Cybersecurity Threats Are More Dangerous

With greater complexity and interdependence among networked digital systems, attackers have even more opportunities to conduct widespread damage. The report identifies unsecured Internet of Things (IoT) devices as the “big hairy monster under the bed” while noting that, in many cases, the barriers to cybercrime are low.

In Case You Missed It


Cybersecurity News & Trends

SonicWall’s Mid-Year Update to the 2021 SonicWall Cyber Threat Report comes back into the news cycle, and Terry Greer-King, VP of EMEA Sales at SonicWall, describes how AI-powered cybersecurity is setting the pace as threats evolve in real-time. In industry news, China bans crypto trading in the latest sign of growing frustration with the crypto community, and more hackers turn to cryptojacking to expand their enterprises. Then, there’s an ongoing struggle to hire cybersecurity personnel for governments, Neiman-Marcus customer database is breached, $311 million awarded for IT and cybersecurity, and Yahoo builds a culture. And separately, October is Cybersecurity Awareness Month – #BeCyberSmart

SonicWall in the News

Cybersecurity – Attack and Defense Strategies

Packt: Promoting the Second Edition of a book, the publisher notes “32.7 million IoT attacks” from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the current threat landscape. They also note that malware leveraged during an IoT-related attack infects routers and can facilitate data theft.


Ransomware-as-a-Service: Handy Services for your Friendly Neighborhood Cybercriminals

OneLogin: Did you know that cybercriminals can pay for a service to spread and manage ransomware attacks? Well, they can. And, in fact, it is called Ransomware-as-a-Service (RaaS). According to the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, 304.7 million ransomware attempted attacks in the first six months of 2021.


The Top Ransomware Threats Aren’t Who You Think

Threat Post: Move over REvil, Ragnar Locker, BlackMatter, Conti et al.: Three lesser-known gangs account for the vast majority of ransomware attacks in the US and globally. The report mentions the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as the source for a list of emerging ransomware threats in the first half of 2021.


Cryptocurrencies and telecommuting: fertile ground for cybercrime

Digis MAK: Ransomware threats to supply chains have rapidly escalated the list of concerns for businesses and governments in the wake of the pandemic. The story cites the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, mentioning that in the first six months of this year, the security firm SonicWall recorded a volume of 304 million attacks, a number never seen before.


AI-powered cyber-security leads the pack

TEISS (UK): Terry Greer-King at SonicWall describes how AI-powered cyber-security is setting the pace as threats evolve in real-time. With a record-breaking year for ransomware, AI-powered cybersecurity could come at no better time. Citing the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, the story mentions that in the first half of 2021, ransomware attacks skyrocketed to 304.7 million, smashing 2020’s total number of attacks (304.6 million) in just six months — a 151% year-over-year increase.


Ransomware victims need to warn of attack? Who investigates? 

Play Crazy Game (Brazil): Cyberattacks reached a record in the first half of 2021 worldwide. Brazil is the 5th biggest threat target, citing 9 million attempted attacks from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.

Industry News

China’s Regulators Ban Crypto Trading and Mining, Sending Bitcoin Tumbling

Reuters: Late last week, a new headline reverberated through the global cryptocurrency community: China declared all cryptocurrency transactions illegal. As the story gained steam, Bitcoin (BTC) and other cryptocurrencies fell sharply in trading. However, they then quickly recovered even as Chinese brokers like Huobi Global ceased account registrations for new users from mainland China. But the story does not end there. The US Department of Treasury previously announced strict sanctions against cryptocurrency exchange SUEX to allow ransomware transactions. While the two actions do not appear to be coordinated, they reveal growing frustration among governments over the lack of centralized controls and rules for cryptocurrency trades. According to the Treasury Department, ransomware payments in 2020 topped $400 million worldwide, more than four times their level in 2019. Thanks to hackers, the world of cryptocurrency – which savors its independence from regulation – will feel increasing pressure to regulate or face more actions such as those witnessed by China and the US.


States at a disadvantage in the race to recruit cybersecurity pros

Associated Press: Hiring people with strong cybersecurity skills into government security programs is difficult when the best that some agencies can offer are unpaid internships as a part of their candidate recruitment programs. Employment agencies working in the field estimate that state and local governments need to fill 9,000 cybersecurity jobs, with the footnote that the actual need total is probably much higher. The Department of Homeland Security recently acknowledged 2,000 job vacancies in newly formed cybersecurity task forces. The story from AP notes that salaries from government agency positions are often significantly lower than what is offered in the private sector.


Why Cryptomining Malware Is a Harbinger of Future Attacks

Dark Reading: With cryptocurrency values soaring, more and more organized hackers are jumping into cryptojacking to increase cashflows. They still rely on the same methods of injecting malware into victims’ networks and computers, but the risk of getting caught is very low. Many cryptojackers rely on behavior: most of their victims usually do not notice the installation of their tiny payload of malware, let alone the CPU cycles that are siphoned off to engage cryptomining. In addition, the effort to maintain the hack is far less risky for the hacker than ransomware or other types of breaches. The opinion here conforms with different views – as cryptocurrency valuation rises, the number of cryptojackers will also rise.


Cybersecurity Breach Affects More Than 4 Million Neiman Marcus Customers

CBS Dallas: Neiman Marcus Group, based in Dallas, TX, said in a news release that a security breach exposed personal information from 4.6 million customers, including contact details, payment card numbers, gift card numbers, usernames and passwords.


Four agencies win $311M to Modernize IT, Cybersecurity

Federal News Network: The first tranche of cybersecurity modernization awards worth about $311 million was awarded to four agencies for six projects. Funding is from the $1 billion that Congress specified in the Technology Modernization Fund earlier this year.


How Yahoo Built a Culture of Cybersecurity

Harvard Business Review: Yahoo studied employee responses to simulations to better understand how to make them take cybersecurity seriously. To make meaningful change, managers should take three key steps:

  1. They must identify critical employee behaviors.
  2. Managers must measure behaviors transparently.
  3. Managers must use awareness to explain why something is important.

Telling your employees that they should do something isn’t enough to inspire meaningful change. Just ask anyone who has ever watched a cybersecurity awareness video. While the videos do a good job of instructing employees to be mindful of data security, the videos seldom lead to a wholesale change in behavior. This article relates closely with another from HBR: Cyberattacks are Inevitable. Is Your Company Prepared?

In Case You Missed It


Cybersecurity News & Trends

SonicWall is in the news in Europe this week, with announcements about a support center in Romania and SonicWall’s country manager, Sergio Martinez, participating in regional discussions about cybersecurity. The FBI reportedly held onto a vital encryption key for three weeks before handing it to victims tops our industry news list. Plus, recent research reveals that multi-party breaches cause 26-times more damage than single-party breaches, SUEX is sanctioned, Biden and hackers debate “critical,” seven countries are being spoofed, and TinyTurla weighs in for big damage. 

SonicWall in the News

SonicWall to open customer support centre in Romania

  • Telecompaper (NL): US cyber-security specialist SonicWall is in the process of opening a technical support centre in Romania, writes local paper Ziarul Financiar citing SonicWall sales director for Southeast Europe, Cosmin Vilcu. According to the news outlet, the operation has already recruited staff and begun regional marketing activities.

European recovery funds: a good way to improve corporate cybersecurity

  • Dealer World (Spain): Sergio Martínez, our country manager, participated in a special issue about the European recovery funds: “The rain comes, the European rain in the form of millions. Millions that will allow many companies to improve deficit aspects to be more competitive. Will cybersecurity be one of them?

SonicWall continues to expand its offering to combat cyberattacks

  • Director (Spain): In an interview with Sergio Martínez, SonicWall’s country manager, the publication discusses the layered security promoted by SonicWall based on a comprehensive portfolio of solutions. Martinez explains the latest developments in SonicWall’s offer, including its new generation of firewalls and solutions for secure access and protecting credentials.

IBM Launches New Lto-9 Tape Drives with More Density, Performance And Resiliency

  • TiBahia (Portugal): IBM is launching tape drives that give systems more resilience to cyberattack. Additionally, the company has repeatedly cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the marketplace’s need for such products. In this release, they cite the Threat Report, noting ransomware is one of the costlier types of breaches, with an average cost of $4.62M per breach and one of the most common.

Industry News

FBI Held Back Ransomware Decryption Key from Businesses to Run Operation Targeting Hackers

  • Washington Post: After a devastating ransomware attack this summer, the FBI’s investigations uncovered the digital key needed to unlock maliciously encrypted computer systems. However, the FBI held onto the digital key for almost three weeks, knowing that the attack hobbled the computers of hundreds of businesses and institutions. According to the report, investigators discovered the digital key through access to servers operated by the Russia-based cybercrime gang behind the attack. Deploying the digital key immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

Multi-party breaches cause 26-times the financial damage of the worst single-party breach

  • ZDNet: The researchers found that when a ripple event triggers a loss of income, it can lead to losses of $36 million per event. RiskRecon, a Mastercard company, and the Cyentia Institute released a study on Tuesday showing that some multi-party data breaches cause 26-times the financial damage of the worst single-party breach. The researchers used Advisen Cyber Loss Database to investigate cybersecurity incidents since 2008. They report that nearly 900 multi-party breach incidents have been recorded in the database, with 147 newly uncovered “ripple incidents” across the entire data set, with 108 occurring within the last three years.

US Sanctions Crypto Exchange Accused of Catering to Ransomware Criminals

  • Wall Street Journal: The Biden administration blacklisted a Russian-owned cryptocurrency exchange – SUEX OTC – for allegedly helping launder ransomware payments. This is a genuinely unprecedented action meant to deter future cyber-extortion attacks by disrupting their primary means of profit. By targeting a digital currency platform, the Treasury Department is also renewing its warning to the private sector that businesses risk high penalties and fines for paying ransoms and – more importantly – that the Department is watching.

Biden Cybersecurity Leaders Back Incident Reporting Legislation As ‘Absolutely Critical’

  • Senior Biden administration officials are backing congressional efforts to enact new cyber incident reporting requirements for critical infrastructure operators and other companies, as well as other measures to entrench further the Cybersecurity and Infrastructure Security Agency (CISA) at the center of the civilian executive branch’s digital security apparatus. CISA Director Jen Easterly said that incident reporting is “absolutely critical” and called CISA’s “superpower” its ability to share cyberthreat information across agencies and critical infrastructure sectors.

After Biden Warning, Hackers Define ‘Critical’ as They See Fit

  • Bloomberg: After a furious run of ransomware attacks in the first half of the year, President Joe Biden in July warned his Russian counterpart, Vladimir Putin, that Russia-based hacking groups should steer clear of 16 critical sectors of the US economy. But if a recent attack on a grain cooperative in Iowa is any indication, apparently hackers will define what should be considered “critical.”

Alaskan health department still struggling to recover after ‘nation-state sponsored’ cyberattack

  • CNN: Alaska is still dealing with the fallout of a hack. Many of their systems are offline after foreign government-backed hackers breached the department in May, a spokesperson told CNN on Monday. As the department continued to warn Alaskans that hackers might have stolen their personal data, the department’s spokesperson declined to comment on which foreign government was behind the intrusions or their motives. However, Alaskan officials now say that hackers exploited a vulnerability in the health department’s website to access department data. The hackers may have accessed Alaskans’ Social Security numbers and health and financial information.

Republican Governors Association email server breached by state hackers

  •  Bleeping Computer: The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. This attack follows a breach on Synnex back in July, a network management contractor for the Republican National Committee (RNC).

BlackMatter Ransomware Has Infected Marketron’s Marketing Services

  • Cyber Intel: The BlackMatter ransomware group targeted Marketron, a cloud-based revenue and traffic management tools supplier. The company has a customer base of over 6,000 and reportedly manages about $5 billion in advertising revenue per year. This was the second ransomware attack by BlackMatter in so many days. Another one involved a ransom of $5.9 million when this group attacked the NEW Cooperative United States Farmers organization.

Epik data breach impacts 15 million users, including non-customers

  • Ars Technica: Epik has now confirmed that an “unauthorized intrusion” did, in fact, occur into its systems. The announcement follows last week’s incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company’s initial response to the data breach claims, Anonymous had altered Epik’s official knowledge base, as reported by Ars.

TinyTurla: New Malware by Russian Turla

  • Cyware: According to Cisco Talos, TinyTurla is a previously unknown malware backdoor from the Turla APT group, in use since at least 2020. The malware got the attention of researchers when it targeted Afghanistan before the Taliban’s recent takeover of the government. Now, it is suspected in recent attacks against the U.S., Germany, and other countries.

Ongoing Phishing Campaign Targets APAC, EMEA Governments

  •  Security Week: Government departments in at least seven countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions have been targeted in a phishing campaign that has been ongoing since spring 2020. The attacks appear to be focused on credential harvesting. During the first half of 2020, operators transferred the phishing domains used as part of the campaign to their current host. In addition, investigators have found at least 15 active “spoofing” pages, posing as various ministries within the targeted country’s governments, including energy, finance, and foreign affairs departments. The spoofed pages target Belarus, Georgia, Kyrgyzstan, Pakistan, Turkmenistan, Ukraine, and Uzbekistan. Other pages posed as the Pakistan Navy, the Main Intelligence Directorate of Ukraine, and the email service.

In Case You Missed It

Cybersecurity News & Trends

While the Mid-Year Update to the 2021 SonicWall Cyber Threat Report continues to be recognized as an authoritative source of statistics, the company was also noted in an education piece and a product review for the SonicWall SWS12 switch. In industry news, discussions on launching security for commercial maritime, employees bypassing “inconvenient” security measures, the Nigerian aviation industry is grounded, cyberattackers hit with crypto-sanctions, and OMIGOD is getting more guidance.

SonicWall in the News

The weak points where hackers could hijack the supply chain — The Grocer (U.K.)

  • Like many businesses, the food system runs online – and, increasingly, many operations are from the homes of its workers. Consequently, the industry faces an increasing risk of cyberattack. This vertical market news outlet references the Mid-Year Update to the 2021 SonicWall Cyber Threat Report and SonicWall’s V.P. of Platform Architecture, Dmitriy Ayrapetov, to analyze increasing attacks on the U.K. food supply chain.

IT security for schools: New requirements. Limited resources. Unused funding — All About Security (DACH)

  • Schools have adopted more network mobility, but now they face greater cyberthreats. This report explores SonicWall solutions for schools. It outlines the challenges schools are confronted with in everyday life and how SonicWall can help.

Between blackboard and tablet: IT security in schools — All About Security (DACH)

  • To deliver safe classroom and distance learning experiences, schools need to secure wireless networks, cloud apps, and endpoints while stretching budgets through grants. This report also includes an invitation for readers to participate in an upcoming webinar for educators.

Why open source isn’t free: Support as a best practice — IBM (U.S.)

IoT: An Internet of Threats? — Maddyness (U.K.)

How Nonprofits Can Defend Against Ransomware Attacks — BizTech (U.S.)

Hybrid working: six steps to managing cybersecurity and data privacy risks — Raconteur (U.K.)

  • As pandemic restrictions are eased and staff head back to the office, many will want to continue working from home for part of the week, raising cybersecurity concerns for employers. According to the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, there was a 65% year-on-year increase globally in ransomware attacks.

Using Power over Ethernet to Support Connected Devices — Ed Tech

  • The SonicWall SWS12 switch is mentioned to “handles [PoE management] by adding deep power management to the suite of standard networking configuration options.” This is a good thing. The switch can provide up to 130 watts of power spread across ten ports, and each port can supply up to 30 watts of power.

IBM ships new LTO 9 Tape Drives with greater density, performance, and resiliency — IBM (U.S.)

  • IBM is launching tape drives that give systems more resilience to cyberattack. Additionally, the company has repeatedly cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the marketplace’s need for such products. In this release, they cite the Threat Report, noting ransomware is one of the costlier types of breaches, with an average cost of $4.62M per breach and one of the most common.

Industry News

We Cannot Afford to Wait to Bolster Maritime Cybersecurity — Nextgov

  • This article summarizes the reality of cloud-connected businesses and industries and the cyberthreats they face. With the increased dependence of offshore activities on cyber-enabled systems, the author points out that maritime operations need more secure cybersecurity infrastructure at sea.

New Cybersecurity Challenges as Workers Commonly Bypass Inconvenient Measures — CPO Magazine

  • Working from home blurs lines between personal spaces and corporate security. And this may be why, in a recent survey conducted by Hewlett-Packard’s Wolf Security Division, a surprising 30% of remote workers under the age of 24 who claim that they circumvent or ignore certain corporate security policies when they get in the way of getting work done.

How cyber resilience will reshape cybersecurity – TechRadar

  • Businesses are operating in a world with myriad cybersecurity risks, but many are caught underprepared because they have not developed cyber resilience despite the headlines. The question, therefore, is how do businesses recognize resilience in cybersecurity?

Cryptocurrency launchpad hit by $3 million supply chain attack – Ars Technica

  • SushiSwap’s chief technology officer says a software supply chain attack has hit the company’s MISO platform. The report goes on to point out that an “anonymous contractor” with the GitHub handle AristoK3 and access to the project’s code repository had pushed a malicious code commit that was distributed on the platform’s front end.

Cyberattacks against the aviation industry linked to Nigerian threat actor – ZDNet

  • The investigation began after a Microsoft tweet concerning AsyncRAT. Researchers revealed a lengthy campaign against the aviation sector, starting with an analysis of a Trojan by Microsoft. The operator of the campaign reportedly used email spoofing to pretend to be legitimate organizations in these industries.

U.S. to Target Crypto-Ransomware Payments With Sanctions – The Wall Street Journal

  • The Biden administration hopes to disrupt the digital finance infrastructure that facilitates ransomware cyberattacks, a national security threat traced to Russia. According to people familiar with the matter, sanctions are among an array of actions, making it harder for hackers to use digital currency to profit from ransomware attacks.

FTC warns health apps to notify consumers impacted by data breaches – The Hill

  • The Federal Trade Commission (FTC) voted 3-2 Wednesday that a decade-old rule on health data breaches applies to apps that handle sensitive health information, warning these companies to comply. In addition, the FTC’s new policy statement will clarify the agency’s 2009 Health Breach Notification Rule.

FBI and CISA warn of state hackers exploiting critical Zoho bug – Bleeping Computer

  • TODAY, the FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. Zoho’s customer list includes “three out of five Fortune 500 companies,” including Apple, Intel, Nike, PayPal, HBO, etc.

Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance – Security Week

  • Microsoft on Thursday published additional guidance on addressing recently disclosed vulnerabilities in the Open Management Infrastructure (OMI) framework, along with new protections to resolve the bugs within affected Azure Virtual Machine (V.M.) management extensions.

Ransomware attackers targeted app developers with malicious Office docs, says Microsoft – ZDNet

  • Hackers linked to ransomware deployments used a recently discovered flaw to target application developers. Microsoft reports how it recently saw hackers exploiting a dangerous remote code execution vulnerability in Internet Explorer through rigged Office documents and targeted developers.

Customer Care Giant TTEC Hit By Ransomware – Krebs on Security

  • TTEC, a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack by Ragnar Locker an aggressive ransomware group.

Free REvil ransomware master decrypter released for past victims – Bleeping Computer

  • A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. Bitdefender created the REvil master decryptor in collaboration with a law enforcement partner.

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill – Cyberscoop

  • Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Researchers say that Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials.

Ransomware encrypts South Africa’s entire Dept of Justice network – Bleeping Computer

  • The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public.

In Case You Missed It