Cyber Security News & Trends

This week, SonicWall meets a Russian ransomware cell, the first 2020 cyber-predictions are coming in, and cybersecurity has a color.


SonicWall Spotlight

Mindhunter: Meeting a Russian Ransomware Cell – SonicWall Webinar

  • On November 19, SonicWall will proudly present Mindhunter: my two-week conversation with a ransomware cell. Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

Retail’s Weakness Is Cyber Crime’s Opportunity – Retail Technology Review

  • The festive shopping season is about to kick off with Black Friday 2019. Writing in Retail Technology Review, SonicWall CEO Bill Conner details the size and scale of cyberattacks over the same period last year and offers advice on to retailers on how to best protect themselves.

Attack on Labour Shows Need for DDoS Defence but Should Alarm Few – Computer Weekly (UK)

  • The UK Labour party’s website suffered a DDoS attack this week. While Cloudflare successfully prevented any major damage from occurring, the attack acts as a reminder that modern election campaigns need to ensure that their cybersecurity is prepared for anything. SonicWall’s Terry Greer-King provides commentary.

Cybersecurity News

Predictions 2020: This Time, Cyberattacks Get Personal – ZDNet

  • The first cyber predictions for 2020 have started rolling in. Initial contenders include the weaponizing of mergers and acquisitions data, deepfake scams, and the closing off of AI and Machine Learning data from outsiders.

Breach Affecting 1 Million Was Caught Only After Hacker Maxed out Target’s Storage – Ars Technica

  • A hacker breached an IT provider in May 2014, stealing data and creating a data archive on their server that went unnoticed for almost two years. The hack was only noticed in 2016 when the hackers archive grew so big the server ran out of disk space. The company have now been fined for failing to detect the breach.

Cybersecurity: Why More Needs to Be Done to Help Older People Stay Safe Online – ZDNet

  • Internet users are no longer just the young or most technologically up-to date. ZDNet argues that not enough is being done to protect less tech-savvy elderly people online.

As 5G Rolls out, Troubling New Security Flaws Emerge – Wired

  • 5G is entering use in major urban domains worldwide, and its uptake is likely only to increase rapidly. Despite this, major security vulnerabilities continue to be found, including 11 design flaws in a single recent study.

Cybersecurity Is an Asset, Not a Nuisance – Forbes

  • Forbes argues that a good way to think about cybersecurity is not as a nuisance but like the braking system on a race car. Without it, the potential top speed of the car would be considered reckless.

The Time to Tackle Cybersecurity in Self-Driving Cars is Now – Newsweek

  • Upcoming self-driving cars contain a myriad of computers connected both to each other and to many external networks. With cyberattacks a constant threat to systems worldwide, Newsweek argues that cybersecurity should be integral to the very design of cars from the ground up, not as an add-on at a later point.
And Finally

What Color Is Cybersecurity? – Forbes

  • A new large-scale study into how cybersecurity is talked about and advertised online has found the color code #235594 to be dominant in imagery.

In Case You Missed It

Cyber Security News & Trends

This week, ransomware in Spain, a doomsday cybersecurity exercise, and why rebooting your computer won’t rid it of malware.


SonicWall Spotlight

Spanish Ryuk Ransomware Attack Hints at New WannaCry – IT Pro (UK)

  • With several institutions and businesses in Spain currently under attack by a strain of the Ryuk ransomware, there is a fear that a problem of the scale of WannaCry is at risk of being unleashed. SonicWall CEO Bill Conner talks to IT Pro on the similarities between the two ransomwares, and how to best protect your business from them.

How Healthy Is Your Web of Connected Devices? – Security Boulevard

  • There are over 25 billion Internet of Things (IoT) connected devices currently in the world, and this number is rising. Security Boulevard uses SonicWall Cyber Threat Intelligence to demonstrate the dangers of, and from, these devices if they are not shielded from cyberthreats.

Cybersecurity News

The Financial Industry Just Finished Its Annual ‘Doomsday’ Cybersecurity Exercise — Here’s What They Imagined Would Happen – CNBC

  • The Securities Industry and Financial Markets Association recently held a worst-case scenario cybersecurity simulation dubbed Quantum Dawn. The fictional event centered around a financial giant being attacked by malicious ransomware.

Ransomware Is Crippling Schools. What Can They Do About It? – EdSurge

  • Tech and education website EdSurge takes a look at the recent rise in ransomware attacks on educational institutions. It explains how ransomware works, why education is being attacked, and how to protect against cyberattacks.

Cybersecurity Risk Is Growing, and We Are Not Ready – Infosecurity Magazine

  • In a new survey of over 4 thousand people in 140 countries, cybersecurity is named as the biggest worry to companies. Between a skills shortage and a general lack of understanding of the threats, many companies are simply unprepared for cyberattacks.

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways – Bleeping Computer

  • A new malware campaign has been discovered by researchers that hides the payload in a complex system of compressed files and archive restructuring. It appears to have been specifically designed by bypass secure email scanners, although at the cost of not always extracting correctly.

Feds Warn Against Hidden Cobra’s Hoplight Malware – SC Magazine

  • US federal agencies released a notification about Hoplight, a new sophisticated data collecting malware being used by North Korean cyberattack group Hidden Cobra.
And Finally

Experts: Don’t Reboot Your Computer After You’ve Been Infected With Ransomware – ZDNet

In a turnaround from the traditional “have you tried turning it off and on again” line, cybersecurity experts are not recommending rebooting your computer if caught by ransomware. The line of thinking is that if something has gone wrong with the ransomware, rebooting a computer might allow it try again, successfully this time.


In Case You Missed It

Cyber Security News & Trends

This week, the financial cost in a worst-case scenario cyberattack, a nuclear power plant is targeted, and SonicWall figures are used to look at the Internet of Things.


SonicWall Spotlight

Intelligent Living: The Smart Home and IoT – Silicon (UK)

  • Silicon investigate the future of smart homes and rise of Internet of Things (IoT). When looking at the security risks they defer to SonicWall CEO Bill Conner and SonicWall research.

A Sneaky Online Security Threat: Encrypted Malware in SSL – Security Boulevard

  • Security Boulevard tackles the double-edged sword of encryption, used by both cybersecurity experts and cybercriminals alike. They refer to the 2019 SonicWall Cyber Threat Report for details on the rising number of cyberattacks coming in on encrypted channels.

Cybersecurity News

One Cyber Attack Can Cost Major APAC Ports $110B – ZDNet

  • A new study has laid out a possible “extreme” scenario where a single software virus infecting 15 ports across five Asian markets can result in losses totaling $110 billion. 92% of these costs are currently uninsured.

Indian Nuke Plant’s Network Reportedly Hit by Malware Tied to N. Korea Arstechnica

  • A cyberattack on India’s Kudankulam Nuclear Power Plant that took place in September of 2019 has been linked, through the use of the “Dtrack” malware, to a known North Korean government hacking group. Officials at the plant have stated that there was never any risk of losing control of the plant as the control systems are neither connected to the administrative network or any other networks in general.

ICS Attackers Set to Inflict More Damage With Evolving Tactics – ThreatPost

  • New research claims that future attacks on industrial control system (ICS) networks, such as the power grid, may inflict even more damage in the long run as attackers will learn from previous cyberattacks. Analysts expect attacks to evolve from immediate, direct impact to stealthy attacks with multiple infection stages.

Muhstik Ransomware: A Hack-Back Story – Security Boulevard

  • While ransomware is making headlines for the large targets, like government and multinational industries, there are still small scale ransomware attacks being launched. Security Boulevard report on one victim who, caught by Muhstik Ransomware, decided to hack back and took down the entire ransomware network, releasing a complete set of decryption keys in the process.

21 Million Stolen Fortune 500 Credentials for Sale on Dark Web – SecurityWeek

  • A new study on leaked data used deep-learning techniques to sift through millions of leaked credentials on the darkweb. After removing duplicates, anomalies and default passwords it still found around 21 million different credentials belonging to the Fortune 500 companies; more than 16 million of which were compromised during the last 12 months. All the results were cleartext passwords, either because they were never encrypted, or hackers had decrypted them already.

Ohio Establishes ‘Cyber Reserve’ to Combat Ransomware – NextGov

  • Ohio has become the first state to set up a “Cyber Reserve” force; five volunteer teams of 10 people apiece who are ready to be called into service in a cybersecurity emergency.

Why the EU Is About to Seize the Global Lead on Cybersecurity – Forbes

  • The European Commission has made cybersecurity a “high priority” and proposed that the cybersecurity budget for 2021-27 include €2 billion to fund “safeguarding the EU’s digital economy, society and democracies through polling expertise, boosting EU’s cybersecurity industry, financing state-of-the-art cybersecurity equipment and infrastructure.” Forbes argues that similar US legislation and programs have been left in a segmented and fragmentary state with little national or international cohesion to them.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall releases new threat intelligence data, one cybergang poses as a tougher cybergang, and jackpotting ATMs are spreading in the wild.


SonicWall Spotlight

SonicWall: Encrypted Attacks, IoT Malware Surge as Global Malware Volume Dips – SonicWall Blog

  • SonicWall releases new threat intelligence data from SonicWall Capture Labs revealing 7.2 billion malware attacks were launched in the first three quarters of 2019 as well as 151.9 million ransomware attacks, marking 15% and 5% year-over-year declines, respectively. Despite the drop in attacks overall, the figures also show a rise in encrypted and IoT attacks suggesting a larger attempt by cybercriminals to target specific individuals and companies rather than launching very broad attacks.

Spooky Cyber Threats – Ping: A Firewalls.com Podcast Episode 5 – Firewalls.com Podcast

  • SonicWall returns to the Ping podcast, this time Sales Engineer Daniel Kremers appears to discuss cyberthreats with the Firewalls.com team.

Cybersecurity Roundup: Splunk, SonicWall, Bugcrowd, Exabeam – Channel Futures

  • SonicWall CEO Bill Conner is quoted by Channel Futures, explaining the new threat intelligence data. The news is also covered in MSSPAlert and ComputerWeekly.

Cybersecurity News

Ransomware and Data Breaches Linked to Uptick in Fatal Heart Attacks – PBS

  • A disturbing new study has looked at the available data from hospitals that suffered from ransomware attacks and has found a correlation with deaths from heart attacks at the same institutions. The study has found that the time it took for a patient to receive an electrocardiogram increased by as much as 2.7 minutes after a data breach, and this lag remained as high as 2 minutes even after three to four years.

What Is Wrong With Cybersecurity and Why Is It Messing With My Operations? – Forbes Technology Council

  • In the latest Forbes Technology Council post, it is argued that cybersecurity should be seen as a form of warfare. To win the war constant movement, change and adaptation is needed in order to keep up with the cyber arms race.

The NCSC Annual Review 2019 – The National Cyber Security Centre (UK)

  • The NCSC Annual Review 2019 sheds a light on some of the work the GCHQ has done over the past year, revealing that it handled 658 cyber incidents in the last 12 months and provided support to almost 900 victims of cyberattacks. The report lists Russia, China, Iran and North Korea as hostile states actively targeting the UK with cyberattacks

A DDoS Gang Is Extorting Businesses Posing as Russian Government Hackers – ZDNet

  • A DDoS gang is trading on the Russian-government linked ransomware group Fancy Bear’s name by launching DDoS attacks and ransom demands, threatening further attacks if the ransom is not paid. The group is in reality not related to the Fancy Bear group.

‘Sensitive US Army Data ‘Exposed by Online Leak’ – BBC News

  • 179 GB of data was made accessible on an unsecured cloud server run by a travel services company Autoclerk. Data exposed includes full names, birth dates, addresses, phone numbers and travel itinerary details of a range of people, including US government and military personnel.

Avast Says Hackers Breached Internal Network Through Compromised VPN Profile – ZDNet

  • Avast has confirmed it suffered from a successful cyberattack after disclosing that a hacker attempted to insert malware into their CCleaner software. This is the second time CCleaner has suffered from supply-chain attack after hackers breached previous CCleaner owner, Piriform, in 2017.

And Finally:

Malware That Spits Cash out of ATMs Has Spread Across the World – Vice

  • “Jackpotting” malware attacks on ATM are spreading around the world with 10 incidents in Germany between February and November 2017 letting hackers to walk off with 1.4 million euro. Experts say that 2019 figures suggest that the attacks are only increasing.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall wins at the Computing Security Awards, and the cyberattack that almost took down the 2018 Olympics.


SonicWall Spotlight

SonicWall Wins at the Computing Security Awards

SonicWall Investing in Direct Touch and Channel Skills – ComputingWeekly

  • SonicWall’s Terry Greer-King talks to Computer Weekly about the expansion of SonicWall University amongst SonicWall Partners, and how additional staffing in direct-touch model has increased growth in the EMEA market.

Nanocore Under the Microscope – Security Boulevard

  • Using work previously published by the SonicWall Threat Labs, Security Boulevard takes a deep dive into the inner workings of the Remote Access Trojan known as NanoCore RAT, currently undergoing a change in delivery methods.

Using EDR for Layered Security – Techradar Pro

  • With the requirement for a layered security approach increasingly becoming public knowledge, SonicWall’s Terry Greer-King argues that the rapidly growing market of Endpoint Detection and Response (EDR) is the best solution. He explains what it is, how it works and why cybersecurity systems need to be multi-faceted and layered to compete in the modern threat landscape.

Cybersecurity News

The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History – Wired

  • Reviewing the 2018 Olympics opening ceremony in South Korea, USA Today wrote that “it’s possible no Olympic Games have ever had so many moving pieces all run on time.” Little did they know that behind the scenes an entire team of cybersecurity experts were fire-fighting a major cyberattack that was working to take the entire Olympics network down.

French TV Station Shrugs Off Ransomware Attack to Keep Running – CBR Online

  • One of France’s largest privately-owned media groups, M6, survived a ransomware attack without a disruption to radio or tv. They group praised the “quick and efficient intervention of our cybersecurity experts” for its ability to keep operating during the attack.

Major Airport Malware Attack Shines a Light on OT Security – Threat Post

  • A cryptomining infection that spread rapidly through an unnamed European airport has shined a spotlight on poor cybersecurity practices. Despite being part of a known strain of cryptomining software, the malware had been altered enough to raise no red flags with airport personnel and was active for months before being detected.

Cybersecurity & Data Privacy Trends in 2020 – ITProPortal

  • 5G, cybersecurity budgets, data privacy regulations, staffing problems, Internet of Things; ItProPortal looks to the future and argues that all of these disparate but related trends will converge in 2020.

Sodinokibi Ransomware: Where Attackers’ Money Goes – Dark Reading

  • Researchers investigate ransomware-as-a-service malware Sodinokibi in an attempt to understand how much money is involved. Factoring in how much money is involved, and who it goes to, they conclude that the operators are making a “fortune, ” as much as $86,000 pure profit from a single affiliate in one 72 hour period.
And Finally:

‘Sextortion Botnet Spreads 30,000 Emails an Hour’ – BBC

  • There is an ongoing large-scale “sextortion” campaign making use of more than 450,000 hijacked computers. Sending emails at 30,000 an hour they threaten to release compromising photographs of the recipient unless $800 is paid in Bitcoin. By using real data gleaned from data breaches the extortion attempt can seem legitimate but this is a fear-based campaign with the extortioners working from the“rule of big numbers.“

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall partners with Etisalat Digital and appears at GITEX Technology Week 2019. Meanwhile, several governmental level warnings about cyberthreats are issued, and the Magecart group chalks up another successful month.


SonicWall Spotlight

SonicWall, Etisalat Digital Partnership Delivers Network Security in Bundle Offer to SMBs – SonicWall Press Release

  • Etisalat Digital is now offering SonicWall technology in its ‘Business Quick Start’ SMB bundle that provides businesses with telco-grade network security devices and a zero-touch feature, making installation less than one hour. SonicWall and Etisalat celebrated this news with a ceremony at GITEX Tech Week.

SonicWall at GITEX Tech Week 2019 – Tahawultech.com

  • GITEX Technology Week, the biggest tech show in the Middle East, North Africa and South Asia, took place this week at the Dubai World Trade Centre. SonicWall showcased its networking and security solutions including our powerful Capture ATP with RTDMI technology. At the show, SonicWall’s Michael Berg was kept busy with interviews at outlets like Tahawultech and ChatterBoxPRE.

5 Steps to Deploy Fast, Secure WiFi in K-12 Schools – MSSPAlert

  • Schools and school districts connecting to the internet via Wi-Fi is par for the course in 2010; SonicWall’s Srudi Dineshan lists five ways K-12 schools can protect themselves from cyber threats.

Cybersecurity News

In the Last 10 Months, 140 Local Governments, Police Stations and Hospitals Have Been Held Hostage by Ransomware Attacks – CNN

  • With ransomware increasingly recognized as much more than a niche concern, CNN has created an accessible article with video and text intended to introduce the malware method and execution to a wider audience.

White-Hat Hacks Muhstik Ransomware Gang and Releases Decryption Keys – ZDNet

  • A frustrated hacker, annoyed after being caught by a successful ransomware attack, analyzed the ransomware software and successfully infiltrated the online database connected to the database. As a result, he has now released a free decryption method for anyone else caught by the same ransomware.

Copycat Coders Create ‘Vulnerable’ Apps – BBC News

  • A new study has found that developers who take shortcuts by copying and pasting code are leaving applications with security holes. Code chunks with no purpose have been found to be riddled with obsolete commands that could be taken advantage of by a hacker who recognized the programming.

EU Warns of 5G Cybersecurity Risks, Stops Short of Singling out China – Reuters

  • The European Union had issued a warning about the risk of increased cyberattacks by state-backed entities, especially with the advent of next-gen 5G mobile and Internet of Things objects.

NIST is Hunting for Tech to Secure the Energy Sector’s Network – NextGov

  • With the thoughts of a nationwide cyberattack on the power grid growing in people’s minds, the National Institute of Standards and Technology is seeking input from tech and cyber experts on how to secure the countless internet-connected devices that could be used as a way in to the network.
And Finally:

Magecart Attack on eCommerce Platform Hits Thousands of Online Shops – SecurityWeek

  • Everyone’s least favorite online card skimming group Magecart has continued its hacking spree with another successful campaign on online retailers. In the past month the group has been found to be active on over 3 thousand online stores, including the Sesame Street Live online store.

In Case You Missed It

Cyber Security News & Trends

This week, it’s National Cybersecurity Awareness Month! Own IT. Secure IT. Protect IT.


SonicWall Spotlight

National Cybersecurity Awareness Month Focuses on Protecting Digital Identities, Being Accountable for Online Safety SonicWall Blog

  • It’s the 16th annual National Cybersecurity Awareness Month! SonicWall has so much planned to go along with these year’s theme: Own IT. Secure IT. Protect IT. Have you entered our competition? Keep your eyes peeled for more, we’re going to have one each week.

SonicWall Deutschland Twitter account launches

  • We’re delighted for the launch of our new German language Twitter account! Follow it to keep up with the latest German SonicWall and cybersecurity news.

WATCH: CEO killer question with SonicWall – Channel Partner Insight

  • SonicWall CEO Bill Conner has only 50 seconds to answer the question – “What security capabilities are his partners not taking advantage of?” How does he do? Watch and decide for yourself.

SonicWall EMEA SecureFirst Partner Roadshow Series in South Africa – SonicWall Blog

  • The SonicWall EMEA SecureFirst Partner Roadshow Series hit South Africa and Spain including dates in Johannesburg and Durban. Will we be hitting your city next? Check out our schedule.

SonicWall Solution Center at the University of Pisa

  • Antonio Cisternino and proud SonicWall customer Università di Pisa, home of one of the only campus-based SonicWall Solution Centers in Europe, hosted SonicWall CEO Bill Conner at a special cybersecurity session. Students had the opportunity to learn about new cyber threats such as side-channel attacks and how to tackle them using SonicWall RTDMI.

Cybersecurity News

U.S. Government Confirms New Aircraft Cybersecurity Move Amid Terrorism Fears – Forbes

  • The Department of Home Security in the United States confirmed it is taking actions to protect citizens from cyberattacks targeting aviation. Acknowledging that modern aircraft are essentially flying data centers, the plan is related to the cybersecurity defenses currently being implemented on critical infrastructure like the power grid.

New Malware Campaign Targets US Petroleum Companies – Dark Reading

  • A sophisticated malware campaign is currently targeting US petroleum companies. Analysis of the malware shows that it uses multiple embedded JAR archives to hide the final payload, itself containing multiple execution processes. In one study, only five out of 56 anti-virus tools used to analyze the malware successfully detected it.

America Launches New Cybersecurity Directorate – InfoSecurity Magazine

  • America’s National Security Agency has launched a new organization, The Cybersecurity Directorate, aimed with unifying existing programs under one roof. By launching the new directorate, the NSA hopes to strengthen the cyber-shield protecting the country’s national security systems and critical infrastructure from threat actors.

Malware Infection Disrupts Production at Defence Contractor Plants in Three Countries – ZDNet

  • Rheinnmetall, one of the biggest defense contractors in the world, suffered a major cyberattack on its network that caused “significant disruption” at plants in Brazil, Mexico and the US. The company expects the long-term effects of the attack to run into tens of millions of euro.
And Finally:

Pace University’s Cybersecurity Day Features K-9 Demo News 12 Westchester

In the world of truly analogue cybersecurity, Pace University’s Labrador Harley is an unexpected tool for fighting cybercrime.


In Case You Missed It

Cyber Security News & Trends

This week, catch the SonicWall roadshow across Europe, ransomware is targeting K-12 systems, and Magecart hasn’t gone away.


SonicWall Spotlight

Bill Conner: Ransomware Actively Targeting K-12 Districts, Municipalities – SonicWall Blog

  • SonicWall CEO Bill Conner outlines the current rising ransomware risks for K-12 institutions and city municipalities in his latest piece written for the Forbes Technology council, recommending a layered security strategy as the best way to stop the threats.

SonicWall Hits the Road for the 2019 EMEA SecureFirst Partner Roadshow SeriesSonicWall Blog

  • Hit the road and come back for more and more! SonicWall partners should take the chance to see the SonicWall Roadshow in their city over October and November. Catch up on new products, talk to SonicWall executives and join in the fun learning about the future direction of the company and the world of cyber in general.

SaaS Application Security: 7 Risks to Mitigate – MSSP Alert

  • Rule Number 1: It may be 2019 but don’t fool yourself into thinking that phishing is no longer a threat… Shannon Emmons of SonicWall lists the seven primary security risks that anyone considering SaaS security needs to consider.

SonicWall CEO: ‘Direct Touch’ Model Has Helped Us Win More Enterprise Accounts – Channel Partner Insight

  • Bill Conner, CEO of SonicWall, is quoted by Channel Partner Insight discussing winning contracts via a strategy of direct touch. EMEA Director Michael Berg also weighs in giving an update on the UK, Germany and Middle East market.

David Chamberlin, SVP & Chief Marketing Officer, SonicWall – VarIndia

  • SonicWall’s David Chamberlin explains the role of a Chief Marketing Officer to VarIndia, breaking down how the role has changed over the years and outlining SonicWall’s current market position and plans.

Cybersecurity News

The New Edward Snowden Book Is Being Used to Spread Malware – Verdict (UK)

  • Cybercriminals are capitalizing on the release of whistleblower Edward Snowden’s new book, Permanent Record, to spread banking malware Emotet via a spear phishing campaign that hides malware in a Microsoft Word file.

‘But Who’s in Charge’ Is the Question for Feds in Cybersecurity – Fifth Domain

  • The Cybersecurity and Infrastructure Security Agency’s (CISA) second annual national cybersecurity summit was recently held at National Harbor. Senator Ron Johnson drew attention to the growing need for guidance in cybersecurity in 5G technology and CISA Director Chris Krebs also spoke about how international boundaries can fall away when it comes to cyberthreats, calling for a greater participation between government and businesses so as to more effectively fight cybercrime.

Ransomware Strikes 49 School Districts & Colleges in 2019 – Dark Reading

  • Underlining SonicWall CEO Bill Conner’s article on rising ransomware threats in K-12 businesses, Dark Reading reports that almost 50 districts have been hit by Ransomware attacks in 2019, with ten victims in the previous nine days alone.

GDPR: Only One in Three Businesses Are Compliant – Here’s What Is Holding Them Back – ZDNet

  • In a survey of over 1000 industry personnel, a new study found that only 28% consider themselves to be fully GDPR compliant. In the responses, 36% believe the requirements of GDPR are too complex while one third of respondents say that the financial costs of achieving alignment with GDPR are too prohibitive.

Once Hacked, Twice Shy: How Auto Supplier Harman Learned to Fight Cyber Carjackers – Reuters

  • After suffering a number of public cybersecurity embarrassments in the past, the motor industry is now tackling the issue head-on; there has been exponential growth in the area with cybersecurity requirements now numbering in the hundreds of pages, up from just a single page five years ago.
And Finally:

Magecart Strikes Again: Hotel Booking Websites Come Under Fire ZDNet

  • It hasn’t gone away; a fresh wave of Magecart-linked attacks is currently taking place with the hotel booking websites the latest victims.

In Case You Missed It

Cyber Security News & Trends

This week, Ecuador suffers a country-sized data breach, smart cities are put under the cybersecurity microscope, and SonicWall take a look at emerging technologies.


SonicWall Spotlight

#074 – Bill Conner: You Cannot Have Privacy Without Security – Cyber Security Interviews

  • SonicWall CEO Bill Conner discusses the current state of the threat landscape and details his career path on the Cyber Security Interviews podcast with Douglas Brush. They cover encryption, security for the SMB market, SonicWall’s Capture Threat Network, malware cocktails, malware as a service, AI and machine learning, governments backdooring encryption, and more!

SonicWall Awarded USETPA Contract – SonicWall Blog

  • SonicWall has been awarded the U.S. Educational Technology Purchasing Alliance (USETPA) contract for wireless access points, firewalls, and related security services. The USETPA assists public agencies to help reduce the cost of purchased goods through strategic sourcing that combines the volumes and the purchasing power of public agencies nationwide.

Five Technologies Likely To Disrupt Industries – CEO Insights India

  • Emerging technologies are changing how enterprises function. SonicWall’s Debasish Mukherjee lists his top five technologies that he thinks will have a major impact.

Cybersecurity News

Arrest Made in Ecuador’s Massive Data Breach – ZDNet

  • After the personal data of almost every person in Ecuador was leaked, Ecuadorian authorities have been quick to make an arrest. There is an ongoing investigation into what happened and why the company involved had access to such a large amount of unnecessary private data.

CISA Chief Calls on Cybersecurity Community to ‘Stop Selling Fear’ – The Hill

  • The head of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, is calling on industry and government experts to do more to help society understand and grapple with growing cyber threats. He calls for more measured, reasonable and straightforward talk when explaining the cybersecurity landscape to the public.

Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek. – ProPublica

  • Hundreds of insecure computer servers worldwide store medical patient data that can easily be accessed. As one expert puts it, “It’s not even hacking. It’s walking into an open door.” ProPublica investigates the current privacy problems in medical technology.

How Hackers Could Break Into the Smart City – Wall Street Journal

  • With IoT devices growing at huge rates smart cities are rapidly becoming a reality. However, without a good cybersecurity plan in place this is a risky situation, the more connected a city is, the more vulnerable it is to cyberattacks.

Colorado Cites Cybersecurity Concerns in Banning QR Codes on Ballots – The Hill

  • Colorado has become the first U.S. state to ban the use of QR codes on ballots. Currently QR codes are used as a fast way of scanning votes but with hacking fears on the rise there is a fear that votes could be altered by a digital intruder.

Lion Air Breach Hits Millions of Passengers – InfoSecurity Magazine

  • Security researchers have found at least 35 million airline records circulating online with details belonging mostly to Lion Air companies. Details leaked include names, dates of birth, phone numbers, emails, addresses, passport numbers and expiration dates. The companies say they are investigating the breach.
And Finally:

Tackling Cybersecurity at the Rugby World CupTechradar

  • The 2019 Rugby World Cup is the most tech-enabled sports event yet and Japan has responded with a full cybersecurity sweep of network-connected IoT objects, checking for any vulnerabilities.

In Case You Missed It

Cyber Security News & Trends

This week, spyware is found in the Android store, maritime cybersecurity protections are considered, and your gas pump could be the next target for a hacker.


SonicWall Spotlight

The CyberWire Daily Podcast – The CyberWire

  • SonicWall CEO Bill Conner speaks with The CyberWire for their story on the dangers of side-channel malware attacks. He details how previous big side-channel attacks like Spectre and Meltdown worked and explains that it’s only a matter of time before someone else manages to find a way of exploiting similar chipset vulnerabilities in the wild.

Rich, Smart and Sensibly Grown-Up? You’re the Hackers’ Dream – The Telegraph (UK)

  • The Telegraph builds a profile of the standard person who gets hacked and takes a look at the “hacker’s menu” – an itemized list detailing the cost of hacking personal information. To make their case they refer to the SonicWall 2019 Cyber Threat Report Mid-Year Update for information on ransomware.

RB Music Uses Spyware to Steal Sensitive Information From the Infected Device – VARINDIA

  • Following up on the SonicWall Alert detailing spyware in the RB Music player on the Android Store, VARINDIA talks to SonicWall’s Debasish Mukherjee. Mukherjee explains that it is common for malware code to be reused by different developers over time and even when an app appears to be legitimate it may contain dangerous code waiting to be activated.

Cybersecurity News

FBI Cyber Warning: Attacks on Key Employees up 100%, as 281 Are Arrested – Forbes

  • The FBI has warned that Business Email Compromise attacks have doubled between June 2018 and July 2019, even as a worldwide crackdown on the practice led to 281 arrests worldwide. Learn how you can protect yourself from Business Email Compromise with SonicWall’s Email Security Appliances.

Cyber-Security Incident at US Power Grid Entity Linked to Unpatched Firewalls – ZDNet

  • A recently released report has detailed how the “cyber-incident” reported on the US Power Grid in June of this year turned out to be a cyberattack that was able to take place because of unpatched firewalls.

Exploit for Wormable BlueKeep Windows Bug Released Into the WildArs Technica

  • A rough but workable exploit for the Bluekeep vulnerability has been coded and released into the wild. While it is highly unlikely that the exploit will be successful in infecting any users in its current form it serves as a proof-of-concept and could be the first step towards bigger problems in the future.

Swedish GDPR Fine Highlights Legal Challenges in Use of Biometrics – Security Week

  • A school in Sweden has been fined for using biometrics on its students, even though the school had obtained consent from both the students and their parents. A court ruling decided that due to the imbalance of power between students and the school, freely-given consent could not be possible. The case highlights the possibility of future problems in wider biometric implementation if, for example, it is argued that employees cannot consent to employers using biometrics in the workplace for similar reasons.

The State of Maritime Cybersecurity – WorkBoat

  • Maritime magazine WorkBoat interviews the creators of a recent survey on the current state of maritime cybersecurity. They discuss why the survey was created, why many companies are not prepared in the current threat landscape and what needs to be done to prevent another problem like the 2017 ransomware attack on global shipper Maersk.

Think Your iPhone Is Safe From Hackers? That’s What They Want You to Think… – The Guardian

  • The Guardian investigates the world of zero-day exploits that are sold on dark web marketplaces and warn that despite Apple’s iOS having a reputation of being close to unhackable, there are, in fact, vulnerabilities in it that have been exploited for years.
And Finally:

IoT Security: Now Dark Web Hackers Are Targeting Internet-Connected Gas Pumps – ZDNet

  • As hackers turn their sights on Internet of Things devices, and the number of these devices worldwide grow, hackers online have been turning their sights on web-connected Gas Pumps. It’s early days yet but researchers hypothesize that the reasons for this could range from obtaining cheap fuel to something much more explosive…

In Case You Missed It