Cybersecurity News & Trends

Global news outlets and bloggers continue to reference the Mid-Year Update to the 2021 SonicWall Cyber Threat Report and celebrate our 30th anniversary. Meanwhile, in industry news, the perfect ransomware victim, the biggest DDoS attack in history, phishing attacks are more numerous than we thought, the “FudCo” empire expands, hackers use our brains against us, and REvil has reappeared.

SonicWall in the News

What makes the perfect ransomware victim? — FinTech Global (U.K.)

  • Report about Kela, a cybersecurity company in the U.K. that studied profiles of victims of significant ransomware attacks. The report named the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as it noted how the number of ransomware attacks in 2021 outperformed the entire year of 2020.

The Rise in Ransomware: HAUSER Insurance Wants You to Know the Risks — American Reporter

  • This report asks, “Are we actually seeing an increase in ransomware attacks, or are they just becoming more high-profile? According to experts, the answer is both. The Mid-Year Update to the 2021 SonicWall Cyber Threat Report shows that ransomware attacks rose by 62% worldwide and 158% in North America alone between 2019 and 2020.

Tips for SMEs: What to do in the event of a ransomware attack — ITUser (Spain)

  • According to Excem, small and medium-sized companies are particularly vulnerable to ransomware attacks as they do not have sufficient human, technological and financial resources to protect themselves.

The Rise of Ransomware and How the Education Sector Can Protect Itself — FENews (U.K.)

SonicWall turns 30 — Computing Es (Spain)

  • The cybersecurity veteran reflects on the vision, people, technology, customers, and partners that have shaped the company over three decades. In addition, the report mentions SonicWall’s celebrated legacy of product innovation, channel-based DNA, and cybersecurity innovations.

SonicWall celebrates three decades of innovation as a 100% channel company — ITReseller (Spain)

  • The report quotes Bill Conner, president and SEO of SonicWall: SonicWall has demonstrated over three decades that its mission is to ensure the long-term success of its customers, partners and employees.

SonicWall, three decades of cybersecurity innovation — Newsbook

  • SonicWall just celebrated 30 years in the cybersecurity market. Three decades dedicated to security innovation to tackle digital criminals.

Cybersecurity pioneer celebrates three decades of innovation — CyberSecurity

  • Cybersecurity veteran reflects on the vision, people, technology, customers and partners that have shaped the company over three decades.

Stellar Cyber: Partners with SonicWall for Advanced Prevention, Response — MarketScreener (U.S.)

  • Partnership delivers seamless integration between advanced prevention technology from SonicWall and AI-powered detection and automated response technology from Stellar Cyber.

SonicWall has been an attractive partner for the channel for 30 years — Infopoint Security (DACH)

  • The article reports on the development of the SonicWall Partner Programme, the SonicWall University, and the SonicWall MSSP Programme.

Industry News

Russia’s Yandex says it repelled biggest DDoS attack in history — Reuters

  • Russian tech giant Yandex reported “the largest known distributed denial-of-service (DDoS) attack in the history of the Internet.” The attack began in August and peaked on Sept 5, with more than 22 million requests per second sent to the company’s servers.

South African Justice Department Is Hit by Ransomware Attack — Bloomberg

  • South Africa’s Justice Department said its systems were attacked by a ransomware campaign earlier this week. All of the department’s information systems were encrypted and unavailable.

Russian cybercrime continues as government-backed attacks on companies dwindle, CrowdStrike says — Cyberscoop

  • The Russian approach to hacking shifted considerably over the past year, with state-sponsored attacks on commercial organizations dropping off even as the local cybercrime scene dominated the field, CrowdStrike said in a report Wednesday.

Ukrainian extradited to U.S. for allegedly selling computer credentials: DOJ — The Hill

  • The Department of Justice (DOJ) announced Wednesday that a Ukrainian hacker was extradited to the U.S. for allegedly selling computer passwords on the dark web. If convicted, Ivanov-Tolpintsev faces up to 17 years in federal prison.

U.S. Gov Seeks Public Feedback on Draft Federal Zero Trust Strategy — Security Week

  • THIS WEEK, the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) announced they are seeking public feedback on draft zero-trust strategic and technical documentation.

SideWalk Backdoor Linked to China-linked Spy Group’ Grayfly’ — Threat Post

  • Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the U.S. and Mexico and target Exchange and MySQL servers. The attack revealed a “novel backdoor technique” that security experts dubbed “SideWalk.”

Microsoft: Attackers Exploiting Windows Zero-Day Flaw — Krebs on Security

  • Microsoft warned that attackers are exploiting a previously unknown vulnerability in Windows 10 and several Windows Server versions. The attack seizes control over P.C.s when users open a malicious document or visit a booby-trapped website.

Phishing attacks: One in three suspect emails reported by employees really are malicious — ZDNet

  • Up to a third of emails that were flagged as suspicious by employees were actually a threat, according to a new report released by F-Secure, an I.T. security company based in Finland. The analysis involved more than 200,000 emails during the first half of 2021.

Ransomware gang threatens to leak data if victim contacts FBI, police — Bleeping Computer

  • The Ragnar ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities. Ragnar previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payment.

CISA Issues Guidelines on Choosing a Managed Service Provider — Security Week

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to consider when looking to outsource services to a Managed Service Provider (MSP).

Dallas school district admits SSNs and more of all employees and students since 2010 accessed during security incident — ZDNet

  • If you were a student, employee or contractor of The Dallas Independent School District between 2010 and the present, your personal data was likely downloaded by an “unauthorized third party.”

Tech Industry Seeks Bigger Role in Defense. Not Everyone Is on Board — The Wall Street Journal

  • Tech-industry leaders are pushing the Pentagon to adopt commercially developed technologies on a grand scale to counter the rise of China. This initiative could transform the military and the multibillion-dollar defense-contracting business.

“FudCo” Spam Empire Tied to Pakistani Software Firm — Krebs on Security

  • In May 2015, KrebsOnSecurity briefly profiled “The Manipulators,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering. Brian Krebs reports.

Howard University shuts down network after ransomware attack — Cyberscoop

  • In Washington, the private Howard University disclosed that it suffered a ransomware attack late last week and is currently working to restore affected systems.

New Zealand banks, post office hit by outages in apparent cyberattack — Reuters

  • Websites of several financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyberattack.

How Hackers Use Our Brains Against Us — The Wall Street Journal

  • Cybercriminals take advantage of the unconscious processes that we all use to make decision-making more efficient. Blame it on our “lizard brains.”

Notorious Russian Ransomware Group ‘REvil’ Has Reappeared — Bloomberg

  • After vanishing this summer, the infamous criminal ransomware group behind the JBS SA cyberattack has returned to the dark web.

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role — Bloomberg

  • Tech company installed a flawed NSA algorithm that became a perfect example of the danger of government backdoors.’

Guntrader breach perp: I don’t think it’s a crime to dump 111k people’s details online in Google Earth format — The Register

  • A “pseudonymous person” reformatted Guntrader hack data as a Google Earth-compatible CSV and said they are prepared to go to prison, denying their actions are a criminal offense.

In Case You Missed It

Cybersecurity News & Trends

The Mid-Year Update to the 2021 SonicWall Cyber Threat Report continues to circulate through global news, and SonicWall rises to the status of an “admired brand.” In industry news, uncomfortable questions about U.S. cyber-intelligence methods, Autodesk’s admission, FIN7 hackers on the move, how Australia got hammered by hackers, and a Colorado man sues U.K. parents of hackers for a 3-year-old cryptocurrency hack.

SonicWall in the News

The Hybrid Workplace: The Next Frontier of Cyber Security — CPO Magazine

  • This story covers the aftermath of a REvil Kaseya attack. Thousands of business leaders are calculating their losses and cost of recovery, now dubbed the “worst ransomware attack on record.” The story cites the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as a key source for the sharp rise of attacks via Microsoft Office documents that rose by 176% in 2020.

Ransomware threats explode in first-half 2021 — Frontier Enterprise

The Tech Industry Is Marching Ahead With These Admired Brands —

  • A report that assesses the importance of “admired” brands in tech recounts SonicWall’s origins as a private company headquartered in Silicon Valley to a significant brand in cybersecurity with more than 1 million active security solutions trusted by more than 500,000 organizations in more than 215 countries.

Industry News

Hacker kids’ parents sued over $780k of stolen cryptocurrency — P.C. Gamer

  • In January of 2018, Colorado resident Andrew Schober was relieved of 16.4 bitcoin, worth around $780,000 in today’s market, by unknown hackers. Schober hired private investigators to track down the hack to two UK-based computer science students then minors. He’s now suing the parents of the two he believes hacked his account and stole his cash.

SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign — CyberScoop

  • The list of victims keeps growing of the hackers (believed to be Russian) who breached a U.S. federal contractor. The hackers, it is believed, collected intelligence from all over the federal government. Autodesk filed an SEC disclosure to its investors that the hackers compromised one of its servers.

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role — Bloomberg

  • Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. Five years later, the hackers have not been publicly identified, and no victims from the hack have surfaced. This brings the uncomfortable question about the methods U.S. intelligence agencies use to monitor hackers.

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor — The Hacker News

  • Spear-phishing campaigns leveraging weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros. The macros inject malicious payloads, including a JavaScript implant that attacks a U.S.-based point-of-sale (PoS) service provider.

How Hackers Hammered Australia After China Ties Turned Sour — Bloomberg

  • A few days after Prime Minister Scott Morrison called for an independent international probe into the origins of the coronavirus, Chinese bots swarmed onto Australian government networks. It was April 2020. Bloomberg brings the incident to light in this week’s article.  

Regulators Tighten Scrutiny of Data Breach Disclosures — The Wall Street Journal

  • Lawyers warn that companies must pay closer attention to what they say after hackers strike, as regulators crack down on inaccurate disclosures and Congress debates mandatory reporting of cybersecurity breaches.

Biden administration establishes program to recruit tech professionals to serve in government — The Hill

  • The Biden administration announced it was establishing a program to recruit and train people to serve in digital positions within the federal government and address the COVID-19 pandemic and cybersecurity concerns.

Bangkok Airways hit by LockBit ransomware attack, loses lots data after refusing to pay — The Register

  • Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23, resulting in the publishing of stolen data.

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection — Threat Post 

  • Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.

Initial Access Broker use, stolen account sales spike in cloud service cyberattacks — ZDNet

  • On Tuesday, Lacework published its 2021 Cloud Threat Report vol.2, outlining how today’s cybercriminals are attempting to cut out some of the legwork involved in campaigns against cloud service providers.

Cyberattackers are now quietly selling off their victim’s internet bandwidth — ZDNet

  • Another intrusion with a twist: attackers use “proxyware” to target their victim’s internet connection and generate illicit revenue.

Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs — Bleeping Computer

  • Cybercriminals are making strides towards malware attacks that execute code from the graphics processing unit (GPU) of a compromised system.

Boston Public Library discloses cyberattack, system-wide technical outage — Bleeping Computer

  • The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. 

U.S. Justice Department Introduces Cyber Fellowship Program — Security Week

  • The program will train selected attorneys on emerging national security and criminal cyber threats and how to fight them. The trainees will be rotating department components focused on cyber defense, such as the Criminal Division, the U.S. Attorneys’ Offices, and the National Security Division. 

Researchers, cybersecurity agency urge action by Microsoft cloud database users — Reuters

  • On Saturday, researchers who discovered a massive flaw in the central databases stored in Microsoft Corp’s Azure cloud platform urged all users to change their digital access keys, not just the 3,300 the company notified this week.

Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak — ZDNet

  • The company said that it discovered a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system” on August 23.

In Case You Missed It

Cybersecurity News & Trends

The Mid-Year Update to the 2021 SonicWall Cyber Threat Report found its way into the Wall Street Journal, CNN and other news outlets. Plus, SonicWall’s big 30th anniversary earned mentions all over the global news cycle. In industry news, China crushes cyberweakness, Trickbot links, Blackberry’s “BadAlloc,” hackers attack rural sewage, surgeries cancelled, care diverted, and the Dallas Police Department announces a serious breach – four months late.

SonicWall in the News

SonicWall and Fusion BPO Services enter into strategic partnership — CRN India

  • SonicWall has entered into a strategic partnership with Fusion BPO services, a global BPO with headquarters in Kolkata, India and Draper, Utah (US). The new partnership will feature SonicWall’s state-of-the-art next-generation firewalls (NGFW) for SMB, enterprise, and government organizations. Fusion incorporates a wide range of call center services from 18 centers located in nine countries.

The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’ — Wall Street Journal

  • The Mid-Year Update to the 2021 SonicWall Cyber Threat Report continues to reverberate. This time by the Wall Street Journal reporting on recent ransomware attacks on hospitals in the U.S. The attacks were devastating: a chain in Las Vegas was all but closed; in Oregon, they shut down monitors tracking patient vital signs, and in New York, they briefly closed a trauma center. In addition, the report notes that a cybercrime gang known as “Ryuk” may account for one-third of the 203 million U.S. ransomware attacks in 2020 cited in SonicWall’s report.

Friday 13: 5 tips to protect yourself from ‘bad luck’ from cyber attacks — CNN Brazil

  • CNN, one of Brazil’s most prominent news outlets, drew a parallel between superstitions associated with “Friday the 13th” and the specter of falling victim to a cyberattack. The reporter playfully warns that readers can avoid the “bad luck” of cyberattacks on a then-upcoming occurrence of the day by taking certain precautions. However, the story turns very serious when it quotes data from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.

Newest Target of Cyber Attacks: America’s Hospitals — The Crime Report

  • Reporters here cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as a reference point for the massive surge in ransomware attacks in the U.S. The story also noted a story from Arstechnica that describes how attackers knocked out staff access to I.T. systems across virtually all operations. The report also pointed out that the Ryuk cybercriminal gang was once called the “Business Club,” tied to Russian government security services.

Cyber threat warning to Fife businesses as attacks’ skyrocket’ — Dunfermline Press

CISA offers government and private sector guidance on ransomware prevention — FinTech Global

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) shared guidance on the roles government and private sector organizations may work together to prevent ransomware data breaches. The story cited the 151% spike in ransomware attacks that was reported in the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total Just 6 Months — CRWE World

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months — European Business Magazine

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months — Digital Conqurer

SonicWall Cyber Threat Report 2021: 304.7 Million Record Ransomware Attacks In Just 6 Months, Eclipses Whole Of 2020 — SiliconVillage

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total In Just 6 Months — MoneyFM

Ransomware was the most common attack among Brazilian companies in 2021 — Bahia Lighthouse

Ransomware was the most common attack among Brazilian companies in 2021 — InfoTec Computadores

Anniversary – 30 years of Sonicwall — Netzpalaver

  • The article notes SonicWall’s 30th anniversary to share its history, significant milestones, the growth of SonicWall technologies, and its commitment to its customers.

SonicWall turns 30: Cybersecurity pioneer celebrates three decades of innovation — All About SECURITY

  • This article also observes SonicWall’s 30th anniversary and shares comments from SonicWall President and CEO, Bill Conner, Exertis’ U.K. and Europe Security Sales Director, Jason Hill, Epicor’s I.T. Director of Hosting and Managed Services, Harry Hartnup, and SonicWall’s SVP and Chief Technology Officer, John Gmuender.

Sonicwall Turns 30: Cybersecurity Pioneer Celebrates Three Decades Of Innovation— SECURITY INSIDER

  • One more article celebrates SonicWall’s 30th anniversary, detailing SonicWall technologies and enduring customer loyalty.

Industry News

Crypto exchange Binance hires former U.S. Treasury criminal investigator — Reuters

  • Crypto exchange agency, Binance, says it appointed a former U.S. Treasury criminal investigator as its global money laundering reporting officer, part of an attempt by one of the world’s largest crypto exchanges to reinvent itself as a regulated financial firm.

China orders annual security reviews for all critical information infrastructure operators — The Register

  • China’s government has introduced rules for protection of critical information infrastructure. The announcement was issued the Cyberspace Administration of China (CAC) notes that security challenges facing critical information infrastructure are severe.

Japanese insurer Tokio Marine discloses ransomware attack — Bleeping Computer

  • Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack.

Diavol ransomware sample shows stronger connection to TrickBot gang — Bleeping Computer

  • A new analysis of a Diavol ransomware sample shows a more apparent connection between the gang behind the TrickBot botnet and the evolution of the malware.

BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities — Cyberscoop

  • A critical set of software flaws first revealed in April affects code made by BlackBerry used in countless devices in the medical, automotive and energy sectors, the technology vendor confirmed on Tuesday. The disclosure expands the number of devices at risk due to the “BadAlloc” flaw.

Rural Sewage Plants Hit by Ransomware Attacks in Maine — Security Week

  • Local officials said that a pair of ransomware attacks on sewage treatment plants in rural Maine communities demonstrates that small towns need to be just as vigilant as larger communities in protecting against hackers.

Colonial Pipeline sends breach letters to more than 5,000 after ransomware group accessed SSNs — ZDNet

  • Colonial Pipeline is sending out notification letters to 5,810 current and former employees whose personal information was accessed by the DarkSide ransomware group  during an attack in May. The company admitted in an August 13 letter that on May 6, the ransomware group “acquired certain records” stored in their systems.

Malware campaign uses clever ‘captcha’ to bypass browser warning — Bleeping Computer

  • A malware campaign used a clever captcha prompt to trick users into bypassing browsers warnings to download the Gozi (aka Ursnif) banking trojan. Yesterday, security researcher Malware Hunter Team shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women’s prison.

Brazilian government discloses National Treasury ransomware attack — Bleeping Computer

  • The Brazilian Ministry of Economy disclosed a ransomware attack that hit the National Treasury’s computing systems on Friday night, right before the start of the weekend. “On Friday night (the 13th) a ransomware attack on the internal network of the National Treasury Secretariat was identified,” the Brazilian government announced.

Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch — The Wall Street Journal

  • Some tech companies are slow to share details about hacks of their products, leaving customers vulnerable to disruptions and uncertain how to respond as information trickles out. Cyberattacks in which hackers target a service provider and then use that foothold to access their customers’ networks. The report goes on to describe how policy makers in the U.S. and Europe are scrutinizing “weak links.”

T-Mobile Investigating Claims of Massive Customer Data Breach — VICE

  • T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people and that the data came from T-Mobile servers.

Dallas cops lost 8 T.B. of criminal case data during bungled migration, says the DA… four months later — The Register

  • According to local reports, a bungled data migration of a network drive caused the deletion of 22 terabytes of information from a U.S. police force’s system – including case files in a murder trial. Dallas Police Department confessed to the information blunder last week, revealing in a statement that a data migration exercise carried out at the end of the 2020-21 financial year deleted vast amounts of data from a network drive.

Surgeries canceled, care diverted as Memorial Health responds to cyberattack — S.C. Magazine

  • Memorial Health System in Ohio is currently operating under electronic health record (EHR) downtime procedures and diverting emergency care patients after a cyberattack struck its network during the early hours of Sunday, Aug. 15. All radiology exams and urgent surgical cases scheduled for Aug. 16 have also been canceled as a result.

In Case You Missed It

Cybersecurity News & Trends

This week, the tectonic Mid-Year Update to the 2021 SonicWall Cyber Threat Report continued to reverberate in the press, while SonicWall President and CEO Bill Conner finds himself selected for two CRN leadership lists. In other news, hackers hit Microsoft and diplomats, a Joint Cyber Defense Collaborative goes active, U.S. Senators’ “horror show,” the U.S. State Department (and other agencies) get low scores for cybersecurity, and Swisslog’s “Swiss cheese” problem.

SonicWall in the News

How remote work raises the risks of cyberattacks — Axios

  • SonicWall’s Mid-Year Update to the 2021 Cyber Threat Report continues to feature prominently in the press. Axios noted that as the pandemic drove more of the American workforce into remote offices, cyberattacks increased. The story cited stats from the report: Between 2019 and 2020, ransomware cyberattacks rose 62% worldwide and 158% in North America.

How remote work raises the risk of cyber and ransomware attacks— Yahoo! News

  • SonicWall’s Mid-Year Update to the 2021 Cyber Threat Report also appeared in Yahoo! News. The story highlighted the mention of stats from the FBI that observed a 20% rise in cyberattacks between 2019 and 2020. Also, from the report, the collective cost of ransomware attacks reported to the bureau rose more than 200% in 2020 to roughly $29.1 million.

The Challengers Power List— Forbes India

  • SonicWall’s own Debasish Mukherjee, VP of Regional Sales, APAC, was featured in a discussion about how businesses have faced pandemic challenges head-on and helped their companies grow. Mukherjee goes into detail on how SonicWall bridges cybersecurity gaps for enterprises, governments, and SMBs.

The Top 25 I.T. Innovators Of 2021— CRN

  • Bill Conner, President and CEO of SonicWall, was named to CRN’s Top 25 Innovators of 2021 list for his work evolving SonicWall beyond the firewall to deliver security for the endpoint, email and cloud. He also helped develop Cloud Edge Secure Access to allow customers to control and protect network access to managed and unmanaged devices based on identity, location and device parameters.”

The Top 100 Executives Of 2021— CRN

  • Bill Conner, President CEO of SonicWall, also found himself on CRN’s Top 100 Executives for 2021. CRN honors leaders who are setting the pace for the rest of the I.T. industry.

Industry News

Microsoft Exchange Used to Hack Diplomats Before 2021 Breach— Bloomberg

  • Late last year, while investigating the hack of an Italian retailer, researchers at the Los Angeles-based cybersecurity company Resecurity stumbled across five gigabytes of stolen data squirreled away on a cloud storage platform. During the previous three and half years, hackers stole the data from foreign ministries and energy companies by hacking their on-premises Microsoft Exchange servers.

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats— The Wall Street Journal

  • The U.S. launched the Joint Cyber Defense Collaborative and tapped Amazon, Google, Microsoft, and other companies to help combat ransomware and other cyberthreats. The creation of the joint initiative follows massive cyberattacks on critical U.S. infrastructure. “This will uniquely bring people together in peacetime so that we can plan for how we’re going to respond in wartime,” says Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Senators highlight national security threats from China during rare public hearing— The Hill

  • The Senate Intelligence Committee held a rare public hearing earlier this week to stress the increased threats posed by mainland Chinese hackers to U.S. national security, U.S. companies, and intellectual property. One top senator described the situation as a “horror show.” According to the committee, the threats include Chinese cyberattacks against U.S. companies and critical organizations that resulted in the theft of billions of dollars in U.S. intellectual property.

A US official explains why the White House decided not to ban ransomware payments— The Hill

  • The Biden administration backed away from banning ransomware payments after meetings with the private sector and cybersecurity experts. According to reports, experts and business leaders helped shift that view following high-profile hacks against Colonial Pipeline, JBS, and Kaseya, a Florida-based IT firm.

New Hacking Group Shows Similarities to Gang That Attacked Colonial Pipeline— The Wall Street Journal

  • Cyberthreat investigators say that a new hacking group recently emerged with similar techniques used by a group that successfully hacked the Colonial Pipeline Co. earlier this year. The new group, named BlackMatter, has cryptocurrency wallets and ransomware strains similar to those used by the former group.

Ransomware Gangs and the Name Game Distraction — Krebs on Security

  • Brian Krebs takes a deep dive into notable ransom gang reinventions over the past five years. “Reinvention is a basic survival skill in the cybercrime business,” says Krebs. “Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity.”

Energy group ERG reports minor disruptions after ransomware attack — Bleeping Computer

  • This week, ERG, an Italian energy company, reported that it experienced “only a few minor disruptions” to its information and communications technology infrastructure following a ransomware attack on its systems.

The State Department and 3 other U.S. agencies earn a D for cybersecurity — Ars Technica

  • Cybersecurity at eight federal agencies is so poor that four of them earned D grades, three got Cs, and only one received a B in a report issued Tuesday by a U.S. Senate Committee. This report comes two years after another damning cybersecurity report. Again, auditors find that little has improved.

Nearly 450K patients impacted by Orlando Family Physicians phishing attack— S.C. Magazine

  • Orlando Family Physicians (OFP) recently notified 447,426 patients that their data was potentially compromised during a successful phishing attack in April. The breach tally makes the OFP incident among the ten largest reported in U.S. health care this year.

Supply chain attacks are getting worse, and you are not ready for them— ZDNet

  • The European Union Agency for Cybersecurity (ENISA) analyzed 24% supply chain attacks and warned that current defenses against threats are insufficient. The ENISA report focused on advanced persistent threat (APT) supply chain attacks, noting that the coding was not very advanced, the planning and staging were complex.

White House cyber chief backs new federal bureau to track threats — The Hill

  • On Monday, National Cyber Director Chris Inglis made a case for establishing an office within the Department of Homeland Security (DHS) to track and analyze cybersecurity incidents to ensure that the country has an early warning system to understand attack vectors and targets.

FTC’s right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers— Cyberscoop

  • The Federal Trade Commission recently voted unanimously to enforce rules against manufacturers who make it difficult for consumers to fix their own devices. Unfortunately, while a significant win for the “right-to-repair” movement for consumer advocates and owners of devices, this move is also a big win for hackers.

PwnedPiper vulns have potential to turn Swisslog’s PTS hospital products into “Swiss cheese,” says Armis — The Register

  • An investigation by security experts at Armis discovered severe vulnerabilities in Swisslog PTS hospital products used by 80% of U.S. hospitals. Security problems were so bad that analysts said that they had the potential to turn Swisslog’s products into “Swiss cheese.”  Among the vulnerabilities that were uncovered: hardcoded passwords, unencrypted connections, and unauthenticated firmware updates. Patches have been released.

In Case You Missed It

Cybersecurity News & Trends

This week, the Mid-Year Update to the 20201 SonicWall Cyber Threat Report shook up a lot of people with the headline “304.7 million ransomware attacks eclipse 2020.” That’s a 151% increase, year-over-year. In other news, “Wipers” in the Middle East, Emma Willard, UC San Diego, rebranded hacker groups, fake Microsoft 11 installers, the sinister case of Plugwalkjoe, and flirty aerobics instructors.

SonicWall in the News

Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months SonicWall Press

  • Straight off the Mid-Year Update to the 2021 SonicWall Cyber Threat Report: high-profile attacks against established technology and infrastructure are now more prevalent than ever. Through the first half of 2021, SonicWall recorded global ransomware volume of 304.7 million, surpassing 2020’s full-year total (304.6 million) — a 151% year-to-date increase. If that doesn’t rock your boat, keep in mind that just about every business sector is targeted.

Over 300 million ransomware attacks recorded in first half of 2021, claims study Tech Digest

  • The cyberthreat quote of the week came from SonicWall President and CEO Bill Conner: “In a year driven by anxiety and uncertainty, cybercriminals have continued to accelerate attacks against innocent people and vulnerable institutions. This latest data shows that sophisticated threat actors are tirelessly adapting their tactics and embracing ransomware to reap financial gain and sow discord…”

Fresh data shows a 600% rise in education-related cybercrime FENews

  • This publication focused on data from SonicWall Capture Labs that shows a 615% rise in ransomware – just on education alone! Threat researchers also recorded alarming ransomware spikes across other key verticals, including government (917%), healthcare (594%) and retail (264%).

Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months IT Supply Chain

  • Data from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report revealed that 2021 ransomware numbers “eclipse” all of 2020 global attacks.

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months VM Blog

  • Writers here focused on the fact that data from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report shows the sharp rise in the number of ransomware attacks was achieved in just 6 months.

SonicWall makes the move to Globalization Partners to help grow global team WhaTech

  • Noting SonicWall’s 30-year history, writers here point out a Globalization Partners solution to hire talent around the world.

Teleworking: how much risk is there for your Company security Dealer World

  • SonicWall’s Sergio Martínez participated in a special issue about teleworking and cybersecurity.

Industry News

Researchers Link Mysterious ‘MeteorExpress’ Wiper to Iranian Train Cyberattack Security Week

  • Security researchers at SentinelOne stumbled upon a hitherto unknown data-wiping malware that was part of a disruptive cyberattack against Iran’s train system earlier this month. “Wipers,” as they are euphemistically called, are the most destructive of all malware types. The genre logs most of its attacks in the Middle East, with the 2012 Shamoon attacks against Saudi Aramco being the most prominent example.

New York’s Emma Willard School suffers ransomware attack Edscoop

  • Following a 615% rise in ransomware targeting education this year, leaders at the prodigious Emma Willard School in Troy, NY are reeling from a recent cyberattack. They’re still identifying the extent of the attack but said that some employee Social Security numbers and financial information were stolen, according to a letter obtained by the Times-Union.

As Cyberattacks Surge, Security Start-Ups Reap the Rewards The New York Times

  • Responding to the severe uptick in cyberattacks, investors have poured $12.2 billion into cybersecurity companies so far this year, nearly $2 billion more than the total for all of 2020.

UC San Diego Health discloses data breach after phishing attack Bleeping Computer

  • UC San Diego Health, one of nation’s highest ranked hospitals, and a leading academic medical school, disclosed that they discovered a data breach that compromised some employees’ email accounts that may have revealed personal information of patients, employees, and students. The breach occurred between December 2, 2020, and April 8, 2021, and was the result of a phishing attack.

Scammers are using fake Microsoft 11 installers to spread malwareCyberscoop

  • Security firm Kaspersky issued warnings that hackers are circulating fake installers to people who are eager to get their hands on the Microsoft operating system update due this fall.

Cyber insurance rates fail to match catastrophe riskReuters

  • Rising prices of insurance against cyberattacks fail to take account of the potential catastrophic effects of a widespread attack, Chubb Ltd. CEO Evan Greenberg said on Wednesday. Chubb is a major underwriter for various insurance for business.

Justice Department officials urge Congress to pass ransomware notification law – The Hill

  • U.S. Justice Department officials came out in strong support of legislation requiring companies to report ransomware attacks and other severe data breaches to federal authorities. But DOJ also says that Congress should hold the brakes on banning ransomware payments.

PlugwalkJoe Does the Perp Walk – Krebs on Security

  • Brian Krebs takes a closer look at the “sinister criminal charges” in the indictment of Joseph O’Connor (aka “PlugwalkJoe”) that revealed a subculture where young men turned to sextortion, SIM swapping, and death threats to seize control of social media accounts.

Haron and BlackMatter are the latest groups to crash the ransomware party – Ars Technica

  • New groups – or rebranded old ones – are rising just as the number of high-severity ransomware attacks ratchet up.

FBI reveals top targeted vulnerabilities of the last two years – Bleeping Computer

  • Recommended read: A joint security advisory by cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years.

Top FBI official advises Congress against banning ransomware payments – The Hill

  • Bryan Vorndran, the assistant director of the FBI’s Cyber Division advised members of the Senate Judiciary Committee against banning payments for ransomware attacks.

Praying Mantis Threat Group Targeting US Firms in Sophisticated Attacks – Dark Reading

  • Group’s advanced memory-resident attacks similar to those employed in sustained campaign against Australian companies and government last year, security vendor says.

In Case You Missed It

Cybersecurity News & Trends

This week, the SonicWall Threat Report, Microsoft vs Chinese hackers, Israeli hack tools, a $10 million reward, and more zero-days than we really want to hear about. Also, railroad hacks in Iran and UK, indictments for Chinese hacking group, Apple’s “five-alarm fire,” and Microsoft’s battle against “homoglyphs.”

SonicWall in the News

IBM Adds Enhanced Data Protection to FlashSystem to Help Thwart Cyberattacks — AI-Thority

  • IBM cites data from SonicWall’s annual threat report in an announcement about enhancements to their FlashSytem data protection. One bit of data that got everyone’s attention: ransomware attacks rose to 304.6 million in 2020, up 62% over 2019, mainly due to the highly distributed workforces caused by the pandemic.

The rise of ransomware: the multibillion-pound hacking industry where no one is safeThe Metro

  • If cybercrime was a country, it would be the world’s third largest in terms of GDP, according to Cybersecurity Ventures. This year, the total cost to the global economy is predicted to top $6 trillion (£4 trillion). SonicWall’s 2021 Threat Report was also included: 304.5 million ransomware attacks in total in 2020 – up 62% over 2019 – and the deluge of attacks shows no signs of slowing down.

The three best ways to neutralize Ransomware attacks – TEK Deeps

  • The question of your company or organization facing a ransomware attack is not an “if” but rather “when.” Most likely, you may have already faced several. SonicWall’s annual threat report was part of this story too, citing through May of 2021, a reported 226.3 ransomware attacks, up 116% year to date over 2020.

Industry News

Tulsa warns of data breach after Conti ransomware leaks police citations — Bleeping Computer

  • The city of Tulsa, Okla., is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

Saudi Aramco data breach sees 1 TB stolen data for sale — Bleeping Computer

  • Attackers stole 1 TB of proprietary data belonging to Saudi Aramco and are selling it on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the world’s largest public petroleum and natural gas companies. The sales price of the data, albeit negotiable, is set at $5 million.

Details Emerge on Iranian Railroad Cyberattack — Security Week

  • More details about the cyberattack on Iran’s railroad system emerged over the weekend. On July 9, Iran International reported that a system-wide disruption of Iran’s railroads was probably due to a cyberattack, citing the Revolutionary Guard-backed FARS news agency. Now it appears that the attackers had penetrated the system at least a month earlier.

Northern’s ticket machines hit by ransomware cyberattack BBC

The US Formally Accuses China of Hacking Microsoft – The New York Times

  • To bolster the accusations, the Biden administration may organize a broad group of allies to condemn Beijing for global cyberattacks. However, most analysts believe that such an effort will probably stop short of taking concrete punitive steps against China.

The US indicts members of the Chinese-backed hacking group APT40 – Bleeping Computer

  • The US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018.

$10 million rewards bolster White House anti-ransomware bid – Associated Press

  • The State Department will offer rewards up to $10 million for information leading to identifying anyone engaged in a foreign state-sanctioned malicious cyber activity, including ransomware attacks, against critical US infrastructure. In addition, a task force set up by the White House will coordinate efforts to stem the rise of ransomware.

Israeli Spyware Vendor’s Windows Zero-days Caught in the Wild Vice News

  • Cyber-sleuths from digital rights watchdog Citizen Lab recently released a study that reveals government hackers from several countries are using spyware made by Candiru, an Israeli-based spyware vendor, to target victims all over the world. The spyware leverages two unknown Windows vulnerabilities for zero-day exploitation. As far as we know, this is the first time anyone has published an analysis of Candiru’s malware with targeted individuals.

Google: Annoying LinkedIn Networkers are Russian Hackers Spreading Zero-day – Vice News

  • As if we can’t get enough of zero-days, Google’s Threat Analysis Group published a new report that offers details about several hacking campaigns that leverage a series of zero-day exploits. A quick read shows that there are several reasons for the uptick in zero-day incidents. For one, the industry is getting better at detecting and disclosing attacks. For another, cyber-criminals are taking full advantage of vulnerabilities while they still can.

Fighting an emerging cybercrime trend Microsoft

  • Microsoft’s Digital Crimes Unit (DCU) recently secured another court order to take down malicious infrastructure used by cybercriminals. They filed the case to target the use of “homoglyph” ­– imposter domains – used in an increasing number of attacks. A judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable service on malicious domains used to impersonate Microsoft customers and commit fraud.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware AttackDark Reading

  • Campbell Conroy & O’Neil, a major law firm based in Boston, MA, reported an attack that compromised personal data, including Social Security numbers, passport numbers, and payment card data for some individuals. The firm discovered unusual activity on its network earlier this year. An investigation revealed its network was hit with ransomware and prompted Campbell to hire third-party forensics investigators to determine the information affected.

Apple’s iPhone has a “five-alarm fire” security problem with iMessage Business Insider

  • Apple’s iPhone isn’t as secure as Apple says it is according to this report from Amnesty International. The quote that caught our eye: “Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security,” said Bill Marczak, a senior research fellow at Citizen Lab. The threat is related to a tool called Pegasus, created by NSO Group.

Microsoft to acquire cybersecurity firm RiskIQ as cyberthreats mount CNN

  • Microsoft on Monday announced that it is buying cybersecurity firm RiskIQ to help companies better protect themselves from the unique risks created by remote work and relying on cloud computing amid “the increasing sophistication and frequency of cyberattacks.” RiskIQ’s software allows organizations to monitor their entire networks — including operations running on various cloud providers.

IT provider for real estate, finance, insurance downed by ransomwareThe Register

  • Cloudstar, a Florida-based company IT provider, announced that it suffered a “highly sophisticated ransomware attack” that forced it to take down the vast majority of its services. A critical flaw in a Cloudflare service said to be used by 12.7 percent of all websites could have been hijacked by a malicious user-controlled package to compromise a good number of web pages. The company said it was negotiating with the crooks that infected its computers.

In Case You Missed It

Cybersecurity News & Trends

This week, attacks on cyber-insurers, Kaseya, Morgan Stanley and the Ukrainian government were brought to light, and two prominent cybercriminals were brought to justice.

SonicWall in the News

Ransomware demands are digital extortion: don’t pay — Financial Times

  • SonicWall’s report numbers on ransomware indicate attacks increased by more than 60%.
    Syndicated: California News Times

Review: SonicWall Cloud Edge Secure Access — Biz Tech

  • With least-privilege access and advanced microsegmentation, SonicWall leverages the principles of zero trust to protect cloud-first organizations.

Global cyber insurance pricing increases by 32% – Howden — Global Insurance

  • The rampage in ransomware now poses a threat to businesses of all sizes.

SonicWall Triples Threat Performance, Dramatically Improves TCO with Trio of New Enterprise Firewalls — ITWeb

  • With triple the firewall throughput compared to previous SonicWall appliances, new NSand NSsp models help organizations keep pace with the speeds of their growing networks.

Cybersecurity: how to invest in a thriving sector amid rising cybercrime — Proactive News

  • It’s a “cat and mouse” industry as hackers and defense software developers get more sophisticated.

CISA Releases Ransomware Readiness Assessment Audit Tool — HIPAA Journal

  • The U.S. Cybersecurity and Infrastructure Security Agency has launched a new tool that can be used by organizations to assess how well they are equipped to defend and recover from a ransomware attack.

SonicWall’s EMEA boss discusses what drove up sales by almost a third in 2020 — Channel Partner Insight

  • SonicWall EMEA VP Terry Greer-King discusses what drove up sales by almost a third in 2020, as well as partner support, growth plans in EMEA and challenges ahead.

Infiltrate, adapt, repeat: A look at tomorrow’s malware landscape — Intelligent CIO

  • Brook Chelmo, Software and Security Product Marketing Strategist at SonicWall, explains possible reasons for the growth in the varieties of new malware that were detected and featured in the SonicWall 2021 Cyberthreat Report.

Rebuilding after ransomware: Heartland Community College invests $1 million — EDSCOOP

  • According to a recent report by the cybersecurity company SonicWall, COVID-themed malware attacks spiked for the education industry in early fall as students returned to school.

Industry News

Morgan Stanley reports data breach after vendor Accellion hack — Bleeping Computer

  • Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software — Krebs on Security

  • It appears that, until last week, Kaseya’s customer service portal was left vulnerable to a data-leaking security flaw that was first identified in the same software six years ago.

Letting Businesses ‘Hack Back’ Against Hackers Is a Terrible Idea, Cyber Veterans Say — The Wall Street Journal

  • Companies shouldn’t be allowed to strike back against hackers, cybersecurity specialists and former government officials warned, after senators last week introduced legislation floating the idea of such counterattacks.

Ransomware as a service: negotiators between hackers and victims are now in high demand — ZDNet

  • RaaS groups are hiring negotiators whose primary role is to force victims to pay up.

Use of Common Malware in Operation Targeting Energy Sector Makes Attribution Difficult — Security Week

  • Researchers at cybersecurity firm Intezer have been monitoring a campaign that appears to be mainly aimed at the energy sector, but attribution to a known threat group is made difficult by the fact that the operation involves several common malware families.

Attempted Hack of R.N.C. and Russian Ransomware Attack Test Biden — The New York Times

  • The breach of a Republican National Committee contractor, also linked to Russia, and the global ransomware attack occurred weeks after a U.S.-Russian summit.

Hackers attack websites of Ukraine’s president and security service — Reuters

  • A cyberattack hit the websites of Ukraine’s president, security service and other institutions on Tuesday afternoon, but they were working again by the evening.

Ransomware: US warns Russia to take action after latest attacks — ZDNet

  • The U.S. has warned Russia to take care of cybercrime operating in its own backyard — or the U.S. will take care of it themselves.

Alleged Cybercriminal Arrested in Morocco Following Interpol Probe — Dark Reading

  • The suspect operated under the name “Dr Hex” to target thousands of people through phishing, fraud and carding activities.

Fake Kaseya VSA security update backdoors networks with Cobalt Strike — Bleeping Computer

  • Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis. This time, they’re targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates.

In Crosshairs of Ransomware Crooks, Cyber Insurers Struggle — Security Week

  • In the past few weeks, ransomware criminals attacked at least three cyberinsurance brokerages — all of which offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves suffered.

Germany Thwarts Cyberattack, Denies Impact on Banking System — Bloomberg

  • German authorities thwarted a cyberattack on a data service provider used by federal agencies, but they pushed back on a report that a broad assault targeted critical infrastructure and banks.

NSA: Russian GRU hackers use Kubernetes to run brute force attacks — Bleeping Computer

  • The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks to access U.S. networks and steal email and files.

Colombia police collar suspected Gozi Trojan distributor — ZDNet

  • The alleged hacker is wanted in the United States.

In Case You Missed It

Three New Firewalls with Triple the Performance, Plus Three Powerful Updates — Atul Dhablania
Insights with Jayant: TZ Does It — Jayant Thakre
SD-WAN and VPN Orchestrations: Fast-Tracking Enterprise Growth — Ken Dang
New SonicWall NSsp 13700 Firewall: Security for Large Enterprises — Ajay Uggirala
SonicWall Announces Capture Labs Portal — Brook Chelmo
SonicWall NSa 4700 and 6700: The Newest Next-Generation Firewalls for Medium Enterprises — Ajay Uggirala

Cybersecurity News & Trends

This week, attacks on the food and beverage industry, manufacturing plants and water facilities dominated the headlines.

SonicWall in the News

Sonicwall’s Platform Evolution Driving Record Demand as Organizations Embrace Boundless Cybersecurity Model to Fight Ransomware, Advanced Cyberattacks — Company Press Release

  • SonicWall is experiencing record growth across all segments. This growth is being accelerated by organizations’ critical need to protect against ransomware attacks, which are up 116% globally year-to-date through May 2021.

Businesses must bank on secure future — Financial Review

  • The issue was recently highlighted in SonicWall’s 2021 Cyber Threat report, which indicated ransomware attacks had increased by more than 60 percent globally.

As Ransomware Business Booms, Can Defenders Keep Up? — SDX Central

  • “The bombardment of ransomware attacks is forcing organizations into a constant state of defense, rather than an offensive stance,” SonicWall’s Bill Conner said.

Ransomware and hacking now bigger threat to UK businesses than hostile states — Payments Industry Intelligence

  • The number of incidents rose by more than 60% to 305 million in 2020, according to data from SonicWall.

Industry News

Tulsa warns of data breach after Conti ransomware leaks police citations — Bleeping Computer

  • The city of Tulsa, Okla., is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

ChaChi: a new GoLang Trojan used in attacks against US schools — ZDNet

  • The malware has found a role to play in ransomware strikes.

Clop ransomware is back in business after recent arrests — Bleeping Computer

  • After recent arrests, the Clop ransomware operation is back in business — and has begun listing new victims on their data leak site again.

Hackers are trying to attack big companies. Small suppliers are the weakest link — ZDNet

  • Defense companies are a prime target for cyber attackers, and the sometimes-poor security of SMBs in the supply chain could be giving them an easy way in, warn researchers.

Cyber agency says SolarWinds hack could have been deterred by simple security measures — The Hill

  • The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place.

A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill — Cyberscoop

  • After decades of a largely hands-off approach, the notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents.

CISA doesn’t know how many US federal agencies use firewalls to fend off malicious traffic — Cyberscoop

  • The Department of Homeland Security’s top cybersecurity agency doesn’t know how many agencies are segmenting their networks from unwanted outside traffic, a basic security practice.

Would companies even abide by a ransomware payments ban? — SC Magazine

  • One of the most common (and controversial) suggestions to deal with the ransomware scourge is to ban the payment of ransoms. But for that to work, companies would need to abide by regulations and not pay.

Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light — Security Week

  • The Water Sector Coordinating Council announced a new cybersecurity report focusing on water and wastewater utilities in the U.S., just as news broke that a threat actor in January attempted to poison a water facility.

Data Breaches Surge in Food & Beverage, Other Industries — Dark Reading

  • Six previously “under-attacked” vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors.

One in Five Manufacturing Firms Targeted by Cyberattacks — Dark Reading

  • Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.

A deep dive into the operations of the LockBit ransomware group — ZDNet

  • Most victims are enterprises, and they’re expected to pay an average ransom of $85,000.

Newly discovered Vigilante malware outs software pirates and blocks them — Ars Technica

  • Most malware tries to steal stuff. Vigilante, by contrast, takes aim at piracy.

In Case You Missed It

Cybersecurity News & Trends

This week Cozy Bear meddled in politics, REvil disrupted the global meat supply and schools fortified their defenses.

SonicWall in the News

Radio Interview with SonicWall President and CEO Bill Conner — KRLD 
SonicWall President and CEO Bill Conner discusses who is responsible for rising attacks on enterprises, governments and SMBs worldwide — and what’s to be done.

SonicWall, The Conference of Italian University Rectors to Collaborate on Cybersecurity Training, Research and Digital Innovation — FE News
SonicWall today announced its partnership with the Conference of Italian University Rectors (CRUI) to promote and enable mutual collaboration in research, development, transformation and digital innovation activities.

Industry News

Meat giant JBS now fully operational after ransomware attack — Bleeping Computer
JBS, the world’s largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.

Why One Hack on One Firm Can Shake Global Meat Supply — Bloomberg
In the last three years, a fire, a pandemic and now a cyberattack have disrupted the U.S. meat industry. Here’s how one hack impacts the global economy.

U.S. schools land IBM grants to protect themselves against ransomware — ZDNet
All U.S. K-12 public school districts were eligible to apply for the grants, designed to help school officials “proactively prepare for and respond to cyberattacks.”

U.S. seizes two domains used in cyberattacks that mimicked USAID communications — Reuters
The U.S. Justice Department said it had seized two Internet domains used in spear-phishing attacks mimicking email communications from the U.S. Agency for International Development.

Cyber-Insurance Fuels Ransomware Payment Surge — Threat Post 
Companies relying on their cyber-insurance policies to pay off ransomware groups are being blamed for a recent uptick in ransomware attacks.

New breach from hackers behind SolarWinds ‘mostly unsuccessful,’ Microsoft says — The Washington Times 
Microsoft said the latest hack was largely unsuccessful, meaning Microsoft has not discovered a significant number of compromised organizations.

Swedish Health Agency shuts down SmiNet after hacking attempts — ZDNet
The Swedish Public Health Agency shut down SmiNet, the country’s infectious diseases database, after it was targeted in several hacking attempts.

Kenyan Arrested in Qatar First Targeted By Phishing Attack — Bloomberg
A Kenyan security guard writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say.

New Russian hacks spark calls for tougher Biden actions — The Hill
Officials are calling for harsher measures against Russia following reports that SolarWinds hackers were continuing to launch cyberattacks against U.S. government agencies and other organizations.

Interpol intercepts $83 million fighting financial cybercrime — Bleeping Computer
The International Criminal Police Organisation has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.

This Android trojan malware is using fake apps to infect smartphones, steal bank details — ZDNet
TeaBot malware tells victims they need to click a link because their phone is damaged with a virus  — then infects them via the link.

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says — Cyberscoop
The U.S. government has also been affected.

Hong Kong recorded phishing surge in 2020 as scum sought to cash in on viral worries — The Register 
Criminals tried to exploit Hong Kong residents’ COVID-related anxiety, according to new security data released yesterday.

UF Health Florida hospitals back to pen and paper after cyberattack — Bleeping Computer
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.

Fujifilm confirms ransomware attack disrupted business operations — Bleeping Computer
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery — Cyberscoop
The recent spearphishing campaign uses an election fraud document as a lure. The emails purport to be from the U.S. Agency for International Development, and have targeted government agencies, research institutions and nongovernmental organizations.

In Case You Missed It

SonicWall’s Bill Conner Talks Ransomware on the Radio — Lindsey Lockhart
Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot

Cybersecurity News & Trends

This week, healthcare was under attack in the U.S. and abroad, as facilities reported outages and blackmail demands.

SonicWall in the News

Discord is now the young hacker’s weapon of choice — here’s why — tom’s guide
“Discord is the potential future of the dark net,” said Brook Chelmo, a senior strategist for SonicWall, during his recent RSA session.

Fish out the Phishing attacks — Security Middle East & Africa
“The best defense against most credential harvesting attacks is the use of a password manager,” SonicWall’s Mohamed Abdallah said. “Most are free, and none can be fooled into entering a password into a malicious site, no matter how authentic it seems.”

Industry News

As Chips Shrink, Rowhammer Attacks Get Harder to Stop — Ars Technica
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.

Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks — Dark Reading
Security researchers have seen an increasing wave of relatively simplistic attacks involving ICS systems (and attackers sharing their finds with one another) since 2020.

Alleged North Korean hackers scouted crypto exchange employees before stealing currency — Cyberscoop
Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years.

Ransomware: Two-thirds of organisations say they’ll take action to boost their defences — ZDNet
The impact of the Colonial Pipeline ransomware attack is leading companies to re-examine their cybersecurity strategies.

New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack — Bloomberg
Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed.

Iranian hacking group targets Israel with wiper disguised as ransomware — Bleeping Computer
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks. Meanwhile, they’re maintaining access to victims’ networks for months.

Gartner: Global Security Spending Will Reach $150 Billion in 2021 — Security Week
Gartner says nearly half (roughly $72 billion) will be spent on security services, including consulting, hardware support, and implementation and outsourced services.

Hear ye, DarkSide! This honorable ransomware court is now in session — Ars Technica
A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide to hear claims from former affiliates who say the makers skipped town without paying.

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders — ZDNet
The targets identified include 911 dispatch carriers, law enforcement agencies and emergency medical services — all of which have been attacked over the past year as medical services struggled to manage the pandemic.

Vulnerability in VMware product has severity rating of 9.8 out of 10 — Ars Technica
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, one of the most popular virtualization solutions on the market.

Cyber insurance premiums, take-up rates surge, says GAO — ZDNet
A General Accountability Office report finds that cyber insurance premiums surged in 2020 based on more frequent cyberattacks. That trend is likely to continue.

Zeppelin ransomware comes back to life with updated versions — Bleeping Computer
The developers of Zeppelin ransomware have resumed activity after a period of relative silence that started last fall.

This massive phishing campaign delivers password-stealing malware disguised as ransomware — ZDNet
Java-based STRRAT malware creates a backdoor into infected machines — but distracts victims by acting like ransomware.

Bizarro banking malware targets 70 banks in Europe and South America — Bleeping Computer
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

E-commerce giant suffers major data breach in Codecov incident — Bleeping Computer
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack.

QNAP confirms Qlocker ransomware used HBS backdoor account — Bleeping Computer
QNAP is advising customers to update the HBS 3 disaster recovery app. The goal: to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.

In Case You Missed It

Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot
Triple Threat: CRN’s 2021 Women of the Channel List Honors SonicWall Leaders — Lindsey Lockhart