Cybersecurity News & Trends
This week, SonicWall emerged with excellent “in the news” quotes and citations. Note the articles about “AI-Powered Ransomware.” Industry news produced findings about Bluetooth vulnerabilities that could shake the consumer markets from automotive to home security. The Justice Department says that it will no longer prosecute “good faith researchers” who hack software and devices to find vulnerabilities. The US government is also reportedly remanding government agencies slow to fix bugs that hackers are currently exploiting. The Costa Rican government reports that Russian hacking cartels are attacking their agencies and infrastructure. Finally, leave it to the Bank of Zambia to come up with a creative way to troll hackers. Stay safe and remember that cybersecurity is everyone’s business.
FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.
DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.
Protocol, SonicWall in the News: Currently, ransomware attacks are often very tailored to the individual target, making the attacks more difficult to scale, Driver said. Even still, the number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well. The percentage of affected organizations that agreed to pay a ransom shot up to 58% in 2021, from 34% the year before, Proofpoint has reported.
SC Magazine, SonicWall in the News: Bill Conner has been named a finalist In the Best Security Executive of the Year by SC Magazine. Executives recognized in this category are the veterans and perennial influencers in the cybersecurity development community, with a history of leadership in companies that have their pulse on the needs of users and have a proven track record in delivery of products and services that meet the requirements of businesses large and small.
CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.
Protocol, SonicWall in the News: The number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well.
TechRepublic: A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cybercriminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate the user near the device. Researchers were able to fake the authentication, which could affect everyone, from the average consumer to organizations seeking to lock the doors to their premises.
This issue is believed to be something that the industry can’t easily patch since it is more than a simple error in Bluetooth specification. Moreover, the flaw could be an exploit that could affect millions of people. According to NCC Group experts cited in the article, BLE-based proximity authentication was not originally designed to be used by critical systems such as locking mechanisms in smart locks.
To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”
According to the cybersecurity company, these Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that hackers can easily break with cheap off-the-shelf hardware. As a proof of concept, it was found by Khan that a link-layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. According to the report, the following device categories are vulnerable:
- Cars with automotive keyless entry
- Laptops with Bluetooth proximity unlock feature
- Mobile phones
- Residential smart locks
- Building access control systems
- Asset and medical patient tracking
One of the specified vehicles affected by this exploit is the Tesla Models 3 and Y.
Washington Post: On Thursday, the U.S. Justice Department stated that it would not use its country’s anti-hacking law to prosecute cybersecurity researchers trying to find security flaws. This is a move that both protects and validates a practice still vilified by many officials and companies.
Top Justice officials issued a five-page policy statement to federal prosecutors. They said that local U.S. Attorneys should not be charged when “good faith” researchers exceed “authorized” access. This vague phrase is from the 1986 Computer Fraud and Abuse Act, interpreted as covering routine practices such as automated downloading of Web content.
TechCrunch also reported that the DoJ stated that “good-faith research” includes anyone who conducts their activity “in a manner designed to avoid harm to individuals and the public.” It also concludes that such information “primarily promotes the security or safety the class of devices or machines to which the computer belongs, as well as those who use such machines, devices, or services.”
Computer Fraud and Abuse Act (or CFAA) was enacted into law in 1986 and predate the modern internet and current cyber threats. Federal law defines computer hacking, specifically “unauthorized” access to a computer system. However, the CFAA has been criticized over its vague and outdated language, which fails to distinguish between malicious actors who (for example) extort companies and good-faith researchers who work to uncover vulnerabilities before people are exploited by them.
CNN: US cybersecurity officials on Wednesday ordered all federal civilian agencies to fix flaws in widely used software that officials said foreign government-linked hackers are likely moving to exploit.
“These vulnerabilities pose an unacceptable risk to federal network security,” US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said.
The “emergency directive” from CISA gives agencies five days to either update the vulnerable software or remove it from their networks. However, the directive does not apply to the Pentagon computer networks, not under CISA’s jurisdiction. The vulnerabilities are in a type of software made by VMware, a California-based technology giant whose products are widely used by the US government.
VMware, on April 6, issued a fix for the software flaws, which could allow hackers to access computer files and burrow further into a network remotely. Within two days of the fix’s release, hackers had figured out a way to break into computers using the vulnerabilities, according to CISA. Then, on Wednesday, VMWare released software updates for newly discovered vulnerabilities that CISA has ordered agencies to address.
The agency did not identify the hackers or what systems they had targeted.
New York Times: A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.
The ransomware gang Conti, based in Russia, claimed credit for the attack, which began on April 12, and threatened to leak the stolen information unless it was paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to Central and South American countries, perhaps to retaliate against nations that have supported Ukraine.
Some experts also believe Conti feared a crackdown by the United States and sought fresh targets, regardless of politics. According to estimates from the Federal Bureau of Investigation, the group is responsible for more than 1,000 ransomware attacks worldwide that have led to earnings of more than $150 million.
The BBC also reports that the Costa Rican Treasury told civil servants that the hack had affected automatic payment services. It warned that they would not be paid on time and would need to apply for their salaries by email or on paper by hand.
The ministry said: “Due to the temporary downturn of the institutional systems, the service of issuing certificates regarding the amounts of salaries owed to the civil servants of the Central Administration is suspended.
“All applications received via email or in the windows of the National Accountancy will be attended to once systems are restored.”
According to the government, the attacks also affected its foreign trade by hitting its tax and customs systems.
PCGamer: Contestants in a hacking contest have netted over $800K in prize money after finding exploits in Windows 11, Microsoft Teams, and other enterprise software on the first day. During this 15th annual Pwn2Own Vancouver hacking competition, the teams discovered 16 zero-day bugs on multiple products like Firefox, Oracle Virtualbox, Windows 11, and other popular enterprise software.
Pwn2Own Vancouver 2022 is a three-day-long hacking competition sponsored by Microsoft, Zoom, and other big tech companies. Teams of hackers or ‘security researchers’ attempt to find zero-day vulnerabilities in their software for prize money.
Think of it like bug bounties except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker could discover. The software makers aren’t already aware; there’s no patch, and the attack will likely succeed. Known bugs or exploits are not valid for rewards.
Bleeping Computer: Leave it to the executives at the Bank of Zambia to leave us grinning. After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear to the hackers that they were not going to pay – by posting a picture of male genitalia and telling the hackers to s… (and here, you’ll have to fill in the colorful language they used).
Last week, the Bank of Zambia, the country’s central bank, disclosed that recent technical outages resulted from a cyberattack. While the Bank of Zambia did not disclose the details of the cyberattack, BleepingComputer learned that the attack was conducted by the Hive ransomware operation, which claimed to have encrypted the bank’s Network Attached Storage (NAS) device.
Today, Bloomberg reported that the Bank’s Technical Director, Greg Nsofu, said they had protected the bank’s core systems, so it was unnecessary to engage with the threat actors.
In Case You Missed It
Cybersecurity in the Fifth Industrial Revolution – Ray Wyman
Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff
Four Cybersecurity Actions to Lock it All Down – Ray Wyman
Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran
NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala
CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald
Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff
Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi
Ransomware is Everywhere – Amber Wolff
Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh