Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

It’s the first week of February, and SonicWall has continued to draw interest in the news for excellent products and relevant research. Ask by Geek calls the TZ400 one of the best firewalls for small businesses. Charged Retail cites SonicWall’s data to contextualize a breach in the retail sector. Networking+ discusses rising ransomware numbers using data from our threat report.

It’s been another busy week for the cybersecurity world. Bleeping Computer has the lowdown on a recent attack from Russia’s Sandworm hacking group. Dark Reading warns of the return of North Korea’s state-backed hacker organization known as Lazarus. Google Fi lost customer data in a breach reported on by TechCrunch. Info Security breaks down how threat actors have been impersonating DocuSign in an elaborate phishing scheme. Hacker News unravels a Realtek vulnerability that is wreaking havoc on IoT devices.

Keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

Challenges For Startups in The IoT Sector

TechToday, SonicWall News: According to a report by SonicWall, 2.8 billion malware attacks were registered, up 11% in the first half of 2022, marking the first increase in global malware volume in over three years.

JD Sports Cyber Attack: Why Online Retail Is Vulnerable and What Can Be Done?

Charged Retail, SonicWall News: The JD Sports incident is yet another example of the rise in cyberattack incidents, with the retail industry experiencing a 90% increase in ransomware attacks last year, according to a report from SonicWall.

The Best Hardware Firewalls for Small Businesses

Ask by Geeks, SonicWall News: One of the best small business firewalls is the SonicWall TZ400 Security Firewall. The SonicWall TZ400 NGFW Premium is considered a little more expensive than other firewall options, but its security, reliability, ease of use and unique features justify its price.

10 million Customers Exposed in JD Sports Cyber Attack

ITPro, SonicWall News: A study last year by SonicWall found that the retail sector saw a 264% surge in ransomware attacks between February 2021 and 2022. The widespread consumer shift to online shopping during the pandemic prompted hackers to escalate attacks against online retailers.

Three Ways Governments Can Better Protect Public Data

Networking+, SonicWall News: The chances of being hit by a ransomware attack are more significant than ever. Last year, global ransomware volume skyrocketed by 105% year over year, according to the 2022 SonicWall Cyber Threat Report. While no industry was spared, the numbers were particularly gruesome for governments. Ransomware attempts on government entities rose a staggering 1,885%. That’s more than double the increase reported by healthcare (755%), education (152%), and retail (21%) combined.

2023 Predictions: Emerging Tech & Global Conflict Bring New Cyber Threats

CyberSecurityInsiders, SonicWall News: 2022 saw a shifting cybersecurity landscape as rising geopolitical conflicts brought new tactics, targets, and goals for cybercrime. According to recent threat intelligence from SonicWall, global ransomware attempts declined 31% YoY as cybercriminals and nation-state actors opted for never-before-seen malware variants, IoT malware, and cryptojacking in attacks motivated by financial gain and state-sponsored hacktivism.

Cybersecurity ‘More Critical Than Ever’ In Era of Connected Care: BD

MedTechDive, SonicWall News: Ransomware attacks in which cybercriminals attempt to extort money declined by 23% overall during the first half of 2022 but increased 328% in healthcare, according to data from cybersecurity company SonicWall.

IT Services Industry Looks to Cyber, Cloud Consulting for Growth

TechTarget, SonicWall News: Logically’s MSSP offerings include extended detection and response, endpoint detection and response, and MDR; enterprise-level managed firewall services; and cybersecurity assessments, according to Skeens. The company runs a SOC. The company’s IT security technology partners include SonicWall.

The Sonicwall NSsp 15700 Brings Serious Network Protection Super Powers

iTWire, SonicWall News: iTWire really could go on and on; the list of features is almost endless. There is a database of applications for intelligent packet analysis, support for IoT devices, DNS protection and more. However, the best thing right now is to take it for a spin yourself. You can demo the SonicWall NSsp series firewalls online without any installation or commitment and see all the features and benefits in action.

Royal Mail ‘Cyber Incident’ Causes Widespread Disruption

Strategic Risk, SonicWall News: There were 623 million ransomware attacks globally in 2021 according to Sonic wall, representing a 105% year on year increase. The UK saw a 228% surge and a 65% increase in never-seen-before malware.

8 Safety Solutions to Keep Your Business Secure

Business Info, SonicWall News: Network security devices are essential for any business. They establish a firewall that will protect internal networks from external threats, such as attacks from the internet. The SonicWall TZ270 uses Real-Time Deep Memory Inspection to prevent cyber-attacks.

Safe Homes: Security Tech for Remote Workers

Silicon, SonicWall News: Speaking to Silicon UK, Rick Meder, VP of Strategic Partnerships and Platform Architecture at SonicWall, commented: “With most employees no longer within the protected perimeter of a traditional corporate network, the basic secure access tools in place for remote access workers have become quickly inadequate. The potential attack surface expands exponentially, oversite by security staff is met with extreme challenges, and policy complexity reaches levels like never before. Efforts to uphold an adequate security posture while maintaining workforce productivity quickly become overwhelming.”

Industry News

Realtek Vulnerability is Real Problem for IoT Devices

A now-patched vulnerability in Realtek’s Jungle SDK has resulted in over 134 million hack attempts on IoT devices since August 2022. Threat actors have been abusing the vulnerability to try and infect devices across the globe. The exploit makes some devices manufactured by D-Link, ASUS, LG, Belkin and NETGEAR vulnerable. Hacker News warned users of the importance of updating devices regularly to protect them from exposure to attacks like this.

North Korean Lazarus Group Targeting Medical Research and Energy Intel

The North Korean hacker group known as Lazarus has made another appearance, this time targeting intel in medical research and the energy sector. The discovery was made by threat intelligence analysts at WithSecure. WithSecure was able to assert with high confidence that the attack came from Lazarus after discovering that the attacker made an operational security error. The actions carried out by Lazarus point to this being an intelligence-gathering attack. Per Dark Reading, Lazarus never lays low for long. They are a long-running group that is thought to be run by North Korea’s Foreign Intelligence and Reconnaissance Bureau. Lazarus first appeared on the scene in 2009 and has made numerous appearances since then with minimal time spent in the dark. Last year, Lazarus targeted Apple’s M1 chip in an attack. The group is a large source of income for the North Korean regime, so their attacks are usually both finance- and intel-based.

Sandworm Hacker Group Using Active Directory to Wipe Critical Files

A new malware capable of wiping critical files and data has been discovered following a cyberattack on a target in Ukraine. The malware, which the researchers who discovered it are calling ‘SwiftSlicer,’ uses Windows’ Active Directory Group Policy. The malware variant is being attributed to Russia’s Sandworm hacking group. According to Bleeping Computer, the target’s name has not been released. Sandworm recently attacked Ukrinform, which is Ukraine’s national news agency. A Tweet from ESET Research says, “Once executed, it deletes shadow copies; recursively overwrites files located in %CSIDL_SYSTEM%\drivers.” Bleeping Computer notes that by targeting that specific folder, the malware hopes to bring down entire Windows domains alongside wiping critical files. While the malware was only added to the Virus Total database on January 26, more than half of the antiviruses on the platform are currently detecting it.

Google Fi Loses Customer Data in Breach

Google’s cell phone service, Google Fi, lost customer data in a recent breach. The folks at TechCrunch believe it may be related to the recent T-Mobile breach that resulted in 37 million customers data being stolen. Google stated that information such as the content of calls and texts, payment card data, passwords, and customer personal information were not stolen in the breach. The attackers accessed limited customer information such as phone numbers, SIM card serial numbers and information on the type of plan customers were enrolled in. As of now, it’s unclear how many Google Fi customers were affected in the breach. Google has not made the total number of Google Fi customers public, so it is difficult to speculate how many people could be affected. Google notified customers in an email that they are attempting to secure the data and notify all customers whose data was taken.

Threat Actors Impersonate DocuSign to Target 10,000 People in Phishing Attack

A phishing attack from a group impersonating DocuSign targeted 10,000 users across multiple organizations. Attackers sent emails that managed to bypass security and reach the inbox of the targets. Cybersecurity researchers at Armorblox discovered the ploy and have issued guidance on how to avoid similar attacks. According to Info Security, victims were redirected to a fake DocuSign landing page after clicking the link provided in the email. The emails were sent from a valid domain to make it past security.

SonicWall Blog

Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang

Celebrating 2023 With Expanded “3 & Free” – Matt Brennan

‘3 & Free’ Promotion: How to Upgrade to a New SonicWall TZ Series NGFW for Free – Matt Brennan

The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

3 & Free: 1 Amazing Deal, 2 Exceptional Firewalls, 3 Years of Superior Threat Protection – Matt Brennan

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security – Bret Fitzgerald

SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald

A New Era of Partnering to Win – Robert (Bob) VanKirk

Multiply Your Security with Multifactor Authentication – Amber Wolff

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

SonicWall continues to make waves in the news with its products and executives. Read Business Info’s safety solutions to keep your business secure and see what our VP of Strategic Partnerships and Platform Architecture, Rick Meder, had to say to Silicon. We also hear from our CEO, Bob VanKirk, and our emerging threat expert, Immanuel Chavoya.

In industry news, we’re taking a peek at newly discovered vulnerabilities, artificial intelligence and the open sea. Dark Reading reports that everyone’s favorite AI chatbot, ChatGPT, is dabbling in writing polymorphic malware. Over at Bleeping Computer, the word is that a vendor’s exposed database has caused trouble at Nissan. The good folks at Hacker News warn of a Linux vulnerability that has caught the attention of malicious actors. From Trend Micro, GitHub CodeSpaces has a port forwarding issue that’s allowing easy malware delivery. Security Weekly alerts us about a ransomware attack that affected 1,000 ships across the globe.

SonicWall News

Royal Mail ‘Cyber Incident’ Causes Widespread Disruption

Strategic Risk, SonicWall News: There were 623 million ransomware attacks globally in 2021 according to SonicWall, representing a 105% year on year increase. The UK saw a 228% surge and a 65% increase in never-seen-before malware.

8 Safety Solutions to Keep Your Business Secure

Business Info, SonicWall News: Network security devices are essential for any business. They establish a firewall that will protect internal networks from external threats, such as attacks from the internet. The SonicWall TZ270 uses Real-Time Deep Memory Inspection to prevent cyber-attacks.

Safe Homes: Security Tech for Remote Workers

Silicon, SonicWall News: Speaking to Silicon UK, Rick Meder, VP of Strategic Partnerships and Platform Architecture at SonicWall, commented: “With most employees no longer within the protected perimeter of a traditional corporate network, the basic secure access tools in place for remote access workers have become quickly inadequate. The potential attack surface expands exponentially, oversite by security staff is met with extreme challenges, and policy complexity reaches levels like never before. Efforts to uphold an adequate security posture while maintaining workforce productivity quickly become overwhelming.”

Finally, Ransomware Victims Are Refusing to Pay Up

The Register, SonicWall News: SonicWall in October 2022 said that it saw a 31 percent drop in ransomware attacks in the first nine months of the year, but that also was coming off record numbers recorded in 2021. CEO Robert VanKirk at the time told The Register there was an “unstable cyberthreat landscape” fed by expanded attack surfaces, growing numbers of threats, and a tense geopolitical environment that included the Russia’s attack on Ukraine. The CEO also noted that even those the numbers in 2022 were down, they were still higher than in any year but 2021.

Top 7 AI Trends to Watch Out for in 2023

Silicon, SonicWall News: Immanuel Chavoya, emerging threat expert at cybersecurity company SonicWall, believes new AI software will give threat actors the ability to quickly exploit vulnerabilities and reduce the technical expertise required “down to a five-year-old level.”

All You Need to Know About The ‘Godfather’ Malware Targeting This Country’s Financial System

AMB Crypto, SonicWall News: “The research titled “2022 SonicWall Cyber Threat Report” from cybersecurity company SonicWall claims that cryptojacking attacks have increased in the banking sector by 269% year-to-date. This figure is nearly five times higher than cyberattacks directed at the retail sector. According to the study from SonicWall, the total number of crypto-jacking incidents increased by 30% to 66.7 million in the first half of 2022.”

An Evolving Landscape: Top 10 Cybersecurity Predictions For 2023

Silicon Republic, SonicWall News: “Spencer Starkey, channel sales EMEA VP for SonicWall, predicts that healthcare and education will be among the sectors most targeted by cyberattacks in 2023. The cybersecurity company claims the healthcare sector saw a 328pc year-on-year increase in ransomware attacks last year.”

Royal Mail’s Export Service Hit with Major Cyber Incident and Is Experiencing ‘Severe Disruption’

City AM, SonicWall News: “Terry Greer-King, Head of EMEA at SonicWall, a cybersecurity firm, linked this cyber incident to declining cyber safety in the UK. Greene told City AM: “The cyber incident at the Royal Mail shows that the public sector, like all other industries, is still vulnerable to mass cyber attack. As legacy IT concerns become more apart across the UK’s public sector, the state of its cybersecurity is still a main topic that must be addressed, especially after 2021 brought a 94% increase in malware on the global government sector. As a service that people and businesses alike depend on day-to-day, ensuring its digital infrastructure remains secure must be a top priority. To truly safeguard national public-sector cybersecurity, the government must take real concerted action now,” he added.

Study Find One in Four SMES Hit by Ransomware Last Year

Technology Magazine, SonicWall News: “Today, cyberattacks continue to present an ever-changing threat to businesses across all sectors. NCC Group’s Annual Threat Monitor report, which indicated ransomware attacks almost doubled in 2021, rising 92.7% on the previous year, while research by SonicWall found that 66% of customers were more concerned about cyberattacks last year.”

All You Need to Know About The ‘Godfather’ Malware Targeting This Country’s Financial System

AMB Crypto, SonicWall News: “The research titled “2022 SonicWall Cyber Threat Report” from cybersecurity company SonicWall claims that cryptojacking attacks have increased in the banking sector by 269% year-to-date. This figure is nearly five times higher than cyberattacks directed at the retail sector. According to the study from SonicWall, the total number of crypto-jacking incidents increased by 30% to 66.7 million in the first half of 2022.”

Leading Cybersecurity Companies for The Food Industry

Just Food, SonicWall News: “Amongst the leading vendors of cybersecurity in food industry are Dragos, Eat IT Drink IT, NCR, Netskope, PDI Software, Preciate, Singtel, SonicWall, TitanHQ, VikingCloud, Auvesy-MDT, Cali Group, and Cardonet.”

Goodbye 2022, Hello 2023: Experts Weigh in With Channel Expectations

MicroScope, SonicWall News: “Matt Brennan, vice-president of North America channel sales at SonicWall, believes the effects of supply chain disruption will continue to have an impact on 2023: “Supply chain challenges have wreaked havoc across most industries around the world. IT has been affected across the board. Because of these challenges, brand loyalty will fade. [Customers] won’t hesitate to make purchases they can get now rather than wait for a specific brand product later – fulfillment is critical, regardless of how long customers have been brand loyal.” Brennan adds that this will lead to a shift in the market as customers learn that “staying brand loyal is not necessary to run their businesses successfully”.

Industry News

ChatGPT Trips the Alarm Over Polymorphic Malware

Researchers at Cyberark recently warned that OpenAI’s ChatGPT, an online chatbot that has been stirring up noise in the media recently, could be used to create polymorphic malware. Dark Reading reports that polymorphic malware is a highly advanced type of malware that actually contains no malicious code. That makes it exceedingly difficult to detect.

Cyberark also warned that the AI could be used to generate injection code. ChatGPT is free to use and has a simple user interface. This makes ChatGPT something that Cybersecurity experts should be keeping in their peripheral vision. It may not be causing many problems just yet, but the potential for malicious use is most certainly there.

Exposed Database Leaks Personal Data Of 18,000 Nissan Customers

On Monday, Nissan began sending out notifications to customers that their data had been breached. Nissan said in the memo that they had received notification in June of 2022 that one of their third-party software developers had experienced a breach. Bleeping Computer reports that Nissan gave data to the vendor to develop and test software for them. The automaker placed the blame on the vendor’s database being poorly configured.

Nissan conducted an investigation and found that an unauthorized user likely had access to the data. NMAC numbers (Nissan finance account numbers), full names, and dates of birth were all included in the leak. Nissan noted that there was no evidence the data had been misused, but they did offer affected customers a one-year membership of Experian identity protection.

Hack Alert: Recently Patched Linux Tool Is the Newest Target Of Malicious Actors

A widely-used Linux tool, Control Web Panel, is being actively exploited by malicious actors after a vulnerability was patched. The bug, listed as CVE-2022-44877, gave elevated privileges and allowed for unauthenticated remote code execution on some servers according to Hacker News. All software versions before 0.9.8.1147 are impacted.

So far, exploitation of the bug has been minimal, with GreyNoise reporting four unique IP addresses attempting to abuse it. All frequent users of CWP are advised to apply the most up-to-date patches to avoid any issues.

Github CodeSpaces Vulnerability Causes Concerns About Easy Malware Delivery

GitHub CodeSpaces is a cloud-based integrated development environment that was fully released to the public in November 2022. A feature of this IDE that allows forwarded ports to be shared publicly could be exploited by malicious actors. It seems that these features could be used to create a malware file server with a legitimate GitHub account. GitHub would usually be alerted by a user using their tools in this way. Due to this vulnerability, a user could be serving malicious content directly under GitHub’s nose, and GitHub would be none the wiser.

Trend Micro reports that no abuse of this exploit has been witnessed thus far. The exploit was discovered during an internal security check on the platform.

Ransomware Attack on Ship Management Software Disrupts Servers On 1,000 Ships

A recognized maritime advisor, DNV, was the victim of a ransomware attack on its ShipManager system servers. The attack resulted in 1,000 ships being impacted globally. This attack comes a mere two weeks after the LockBit ransomware gang carried out an attack on Portugal’s Port of Lisbon. The European shipping industry has been the victim of multiple such attacks over the course of the past year.

On January 19^th, DNV released a statement saying they are working to restore servers on the impacted ships. They made it clear that all of the impacted ships have maintained complete offline functionality throughout this ordeal.

SonicWall Blog

Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang

Celebrating 2023 With Expanded “3 & Free” – Matt Brennan

‘3 & Free’ Promotion: How to Upgrade to a New SonicWall TZ Series NGFW for Free – Matt Brennan

The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

3 & Free: 1 Amazing Deal, 2 Exceptional Firewalls, 3 Years of Superior Threat Protection – Matt Brennan

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security – Bret Fitzgerald

SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald

A New Era of Partnering to Win – Robert (Bob) VanKirk

Multiply Your Security with Multifactor Authentication – Amber Wolff

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

Every week SonicWall collects the most compelling, trending and important interviews, media and news stories affecting your cybersecurity — just for you.

Happy New Year! While everyone was enjoying the holidays, SonicWall kept going with global industry news about the partner program, more mentions for the Threat Reports, and expert commentary by SonicWall executives.

Cybersecurity didn’t take a break either. Health Care IT News and Toronto City News surprised everyone with a report about the LockBit ransomware gang apologizing for hacking a children’s hospital. Forbes and Wired Magazine reported on the sale of Twitter user data. Bleeping Computer discovered that Amazon S3 is now encrypting all new data using AES-256 – by default! SC Magazine reports on a JAMA study that shows healthcare disruptions from ransomware attacks are probably underreported. And Dark Reading has released its BOLD Cybersecurity predictions for 2023. We only dared to mention two of the “scary” ones.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Goodbye 2022, Hello 2023: Experts Weigh in With Channel Expectations

MicroScope, SonicWall News: “Matt Brennan, vice-president of North America channel sales at SonicWall, believes the effects of supply chain disruption will continue to have an impact on 2023: “Supply chain challenges have wreaked havoc across most industries around the world. IT has been affected across the board. Because of these challenges, brand loyalty will fade. [Customers] won’t hesitate to make purchases they can get now rather than wait for a specific brand product later – fulfilment is critical, regardless of how long customers have been brand loyal.” Brennan adds that this will lead to a shift in the market as customers learn that “staying brand loyal is not necessary to run their businesses successfully”.

Tips for Health Systems on Managing Legacy Systems to Strengthen Security

HealthTech, SonicWall News: A lack of support from the manufacturer generally means a lack of security patches. As a result, devices running a legacy OS are easy targets for attackers — in fact, malware attacks on internet-connected devices spiked 123 percent in the first half of 2022, according to research from SonicWall.

Cybersecurity for Investors: Why Digital Defenses Require Good Governance

Yahoo! Finance, SonicWall News: Cyberattacks are very costly. In the first half of 2022, at least 2.8 billion malware attacks were recorded globally, an increase of 11% over the previous 12 months, according to cybersecurity company SonicWall.

Remote Monitoring, AI Research and Data at Risk: Healthcare Tech Predictions For 2023

BetaNews, SonicWall News: Healthcare could come under threat from geopolitical attacks believes Immanuel Chavoya, threat detection and response strategist at SonicWall. “When it comes to protecting against threats of geopolitically motivated attacks, the present call to action is to be proactive, rather than reactive, to an assault. Attacks such as targeted malware or vulnerability exploitation could be used to inflict chaos on critical infrastructure such as healthcare, electric utilities, financial institutions, and oil and gas. These attacks tie up resources, cause financial damage, and send a signal. In 2023, organizations and governments will need to be prepared by ensuring that they don’t have any issues that could become low-hanging fruit for attacks and closely monitor their network activity for quick identification of and reaction to any attack.

Future Tech Role of Partners

CRN (India), SonicWall News: Security threats are becoming increasingly sophisticated, and organizations are looking for proactive ways to secure their IT environments. Whether their environment is in the Cloud, on-premises or a hybrid, organizations look to managed security services providers (MSSPs) to provide the best-in-class security to protect their business and mitigate future risk.

SonicWall CEO: Partner Program Revamp on Tap for Early 2023

CRN, SonicWall News: As other vendors are increasing their prices, we’re actually doing the opposite,” he said. If a customer and a partner commit to buying three years of services—services that go with our solutions—what they end up getting is the firewall hardware at no charge. That translates to a double-digit price decrease savings.

Guardian Hit by Suspected Ransomware Attack

The Financial Times, SonicWall News: But the number of attacks has fallen by almost a quarter in the first half of this year, according to US security company SonicWall, partly because more organizations have refused to pay cyber criminals.

The Non-Stop Journey Towards ‘Zero Trust’

Canales Sectoriales (Spain), SonicWall News: According to Sergio Martínez, Country Manager of SonicWall, currently, only 11% of companies consider that they have sufficient internal computer capacity to deal with any cyberattack. It is estimated that more than 50% of companies that suffer a major cyberattack take more than five hours to detect it and, a significant number of them live with it for a few weeks or months.

Ways Governments Can Better Protect Public Data

Cyber Security Intelligence, SonicWall News: The chances of being hit by a ransomware attack are more significant than ever. Last year, global ransomware volume skyrocketed by 105% year over year, according to the 2022 SonicWall Cyber Threat Report. While no industry was spared, the numbers were particularly gruesome for governments. Ransomware attempts on government entities rose a staggering 1,885%. That’s more than double the increase reported by healthcare (755%), education (152%), and retail (21%) combined.

Risks That Could Impact Retail In 2023

BizCommunity, SonicWall News: Figures from SonicWall’s Biannual Report revealed that e-commerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These statistics are extremely worrying for retail companies, so unsurprisingly, websites and digital security are at the forefront of retailers’ minds.

SonicWall Achieves Sales Record with The Help of The Distribution Channel

InfoChannel (Mexico), SonicWall News: 2022 has been a year of growth for SonicWall, especially for business partners, as announced by Eustolio Villalobos, general manager for Mexico, Central America and the Caribbean. Villalobos said that the company reached a record of internal sales in generation 7, SD-WAN and Wi-Fi 6 firewall solutions.

Unifying Efforts with Its SonicWall Channels Gains Ground in Latin America

eSemenal (Mexico), SonicWall News: Today we have seen how companies are more aware of the cybersecurity challenges they face and have understood that it is not a separate issue. Expanding issues such as hybrid work and 5G will be some of the main challenges next year, and companies regardless of their size will have to be prepared,” said Arley Brogiato, Sales Leader for SonicWall in Latin America.

According to the executive, sales of security solutions this year exceeded the company’s expectations globally, achieving higher growth than the prospect and a double-digit increase in its market shares.

Industry News

Lockbit Ransomware Group ‘Apologizes’ For Children’s Hospital Cyberattack

Health Care IT News hit us with a rather surprising story about a ransomware group that apologized for hitting a Toronto-based children’s hospital affiliated with the University of Toronto. For a bit of background, we went to Toronto City News and learned that on December 18, 2022, SickKids was hit with ransomware. Administrators reported delays with retrieving lab and imaging results. Other affected systems included employee timekeeping and pharmacy submissions. About ten days later, the hospital said that nearly half of the affected systems had been restored. Then an unexpected update.

LockBit ransomware group that provides affiliates access to malware for a cut of the ransom profits then issued an apology on the dark web on the last day of the year, which was then posted to Twitter. In the statement, the ransomware organization allegedly blamed a partner and offered a free decryptor for the hospital to unlock its data. Even with a ransomware group’s decryptor, healthcare organizations only recover about two-thirds of their files on average.

Twitter Data for Sale

Reported by Forbes, Wired, and posted on Twitter by @SonicWall, the close of 2022 saw hackers selling data stolen from 400 million Twitter users. The source, researchers say, is a widely circulated trove of email addresses linked to about 200 million users that were hacked out between June 2021 and January 2022, exploiting a bug in a Twitter application. The list on sale is likely a refined version of the larger batch with duplicate entries removed. According to the Forbes reporter, the hacker demanded $200,000 from Twitter for an “exclusive” sale of the data and warned that the social media platform could face a massive GDPR fine for failing to protect user data.

Twitter has not yet commented on the massive exposure. However, the cache of data clarifies the severity of the leak and who may be most at risk because of it.

Amazon S3 To Encrypt All New Data With AES-256

Bleeping Computer reported that Amazon Simple Storage Service (S3) would automatically encrypt all new objects added on buckets on the server side, using AES-256 by default.

While the server-side encryption system has been available on AWS for over a decade, the tech giant has enabled it by default to bolster security. As a result, administrators will not have to take any actions for the new encryption system to affect their buckets. In addition, Amazon promises it won’t have any negative performance impact.

The move follows two notable breaches related to Amazon S3 storage buckets, one in December 2017, leaked data from 123 million households and another in April 2019 of 540 million records of Facebook users. The reporter comments that had the data been encrypted, the leaks wouldn’t have had nearly as dire consequences for the exposed individuals. Amazon’s move to make server-side encryption a “zero-click” process is a fundamental step towards better security. It is bound to lessen the impact of upcoming data incidents that will inevitably happen.

JAMA: Underreported Healthcare Disruptions from Ransomware Attacks

SC Magazine reported on the findings from a new study published by the Journal of the American Medical Association (JAMA) that ransomware attacks on healthcare delivery organizations doubled between 2016 and 2021, from 43 reported attacks to 91. However, the study concludes that these numbers and impacts are likely underreported due to limited data from the incidents.

Across all sectors in the last year, security researchers struggled to gauge whether ransomware attacks were on the rise or stagnating. What’s clear is that attackers are getting smarter, and the cost to recover from these attacks is drastically increasing across all sectors — impacting cyber insurance coverage in the process.

In healthcare, the impacts of ransomware are readily seen in each hospital attack, confirming the patient safety risks posed by this extended network downtime. At least three global health systems are currently down after ransomware incidents which have led to care diversion, appointment cancellations and delays.

But as noted in JAMA, there’s not enough data to fully understand the minutiae of hospital impacts after ransomware. While the researchers noted the study’s limits, the data does shine a light on incident response and care disruptions.

The Boldest Cybersecurity Predictions for 2023

Dark Reading posted their “Predictions,” and as expected, they’re bold. Among the notable predictions “Automation is Finally Ready for Prime Time.” There’s been quite a lot of coverage on this issue, and predictions represent both boon and bane for network security teams. Automation could mean eliminating lower-level cybersecurity jobs, but industry observers also believe that more data always means more demand for higher-level analysts and engineers.

We thought this prediction paired nicely with another: “Scary AI & Machine Learning Gets Scarier.” Indeed, we saw evidence last year that shows cybercrime is using AI automation to weaponize deep fakes. Although we haven’t seen it in full practice yet, there’s good reason to believe it’ll be the go-to method for attackers in 2023 and beyond. Imagine seeing videos from people we know telling us it’s cool to share passwords (and other private information) with random callers. If that wasn’t scary enough, imagine ransomware teams using spoofed biometrics, fraudulent identity documents and synthetic identities.

And that’s just two of several they have that deserve a careful read.

SonicWall Blog

‘3 & Free’ Promotion: How to Upgrade to a New SonicWall TZ Series NGFW for Free – Matt Brennan

The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

3 & Free: 1 Amazing Deal, 2 Exceptional Firewalls, 3 Years of Superior Threat Protection – Matt Brennan

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security – Bret Fitzgerald

SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald

A New Era of Partnering to Win – Robert (Bob) VanKirk

Multiply Your Security with Multifactor Authentication – Amber Wolff

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

SonicWall Third-Party Threat Performance: Seven Times Superior – Amber Wolff

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022 – Amber Wolff

Securing Your Credentials: Does Your Password Pass the Test? – Amber Wolff

The Power of Patching: Why Updating Your Software Should Be a Top Priority

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Bringing you curated cybersecurity news and trends from leading news outlets and bloggers that monitor IT security worldwide.

It’s the end of the year, and SonicWall still manages to produce headlines, including big news that its next-generation firewalls were a winner in CRN’s prestigious 2022 Products of the Year Awards.

From industry news, Dark Reading reports three ways attackers bypass cloud security. Then, Hacker News published a report about a new ‘Truebot’ malware variant that leverages the Netwrix auditor bug and the Raspberry Robin worm. From SC Magazine, we learned that most US defense contractors are failing basic cybersecurity requirements. Bleeping Computer reports that Rackspace confirms a ransomware attack caused the outage they experienced earlier this week. Krebs on Security lays out a new and devious attack strategy that targets executives of telemedicine companies. Finally, CyberNews reveals the weakest (and worst) passwords of 2022, with a retrospect from a report from Forbes. Despite all the news and the warnings, people are still using simple and very hackable passwords. Read these lists to see if your password is one of them.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

The Art of Cyberwarfare: Sun Tzu and Cybersecurity

Solutions Numeriques (FR), Reprint from SonicWall Blog: SonicWall is organizing an event on this theme of the Art of War: December 15, presented by Guillaume Sevrin, SonicWall EMEA pre-sales manager.

Ransomware Gang Makes $100 Million

Cyber Security Intelligence, SonicWall News: The retail sector is a specific target for Hive ransom attacks and this confirmed by an authoritative threat report by SonicWall, which found that retailers saw a 90% increase in ransomware attacks in 2022, whereby hackers attempt to cripple their day-to-day infrastructure.

Why The Race to Deliver Products Faster Could Be Hampering Product Security

Business Reporter, SonicWall News: Combining these factors with the avalanche of cyber-attacks on connected devices makes the challenge even more insurmountable. According to SonicWall, the total number of malware attacks on IoT-enabled devices rose by 77 per cent in the first half of 2022 to an alarming 57 million. The number of “never-before-seen” malware variants, that are the hardest to defend against, also rose by 45 per cent in the period.

SonicWall Earns Multiple Channel Awards, Delivers More Value and Savings to Global Partner Community

PR Newswire, SonicWall News: SonicWall today announced that its next generation firewalls were a winner in CRN’s prestigious 2022 Products of the Year Awards, notching yet another award in an impressive run for the company that is diligently driving new and innovative strategies to its partners offset rising costs industry-wide.

Infinigate To ‘Take Breath’ Before Shifting M&A Focus to Bolt-On Deals, UK Boss Reveals

CRN UK, SonicWall News: “Looking at the enlarged UK business, Griffiths said that Nuvias hands it “scale and power”. While Infinigate’s largest vendors were Progress Software and SonicWall, Nuvias held bigger partnerships with the likes of Juniper Networks.”

Chartered Status and Aligned Standards Are Crucial for The UK’s Cyber Sector

Computer Weekly, SonicWall News: SonicWall’s 2022 Cyber threat report states that ransomware incidents on governments across the globe increased by 1,885% last year, with the healthcare industry alone suffering a 755% increase.

Benefits Of VPN For Small Businesses

GIS User, SonicWall News: We recommend using a reliable VPN service that uses military-grade encryption, such as SonicWall VPN. It has a wide range of features and is very affordable. It is important to note that not all VPN services are created equal, so it is essential to do your research before choosing one.

Cyber Predictions for 2023

Cyber Magazine, SonicWall News: We can expect smaller scale attacks, for lower amounts of money, but which target a much broader base. The trend will probably hit education providers hard: education is already the sector most likely to be targeted by a malware, cryptojacking or encrypted attack, according to SonicWall’s 2022 Cyber Threat Report.

7 Steps to Future-Proof Your MSP Business and Stay Relevant

G2, SonicWall News: In 2021, SonicWall recorded 623.2 million ransomware attempts globally, an increase of 105% year-over-year. Just ransomware attacks.

Firewall Cybersecurity Providers You Should Know

Channel Futures, SonicWall News: Montenegro said SonicWall is a top NGFW provider. In March, SonicWall announced that 2021 was its best year on record. Propelled by the delivery of high-demand products, including the evolution of its Generation 7 NGFWs and a focus on its customers, SonicWall delivered record levels of sales and profitability in 2021.

How Remote Working Impacts Security Incident Reporting

CSO Online, SonicWall News: System- and endpoint-based security incident reporting and response can be negatively impacted by remote working too, says Immanuel Chavoya, emerging threat detection expert at SonicWall. “For instance, if the system flagged a user’s machine for a malware intrusion, there may be some delay in the security team being able to make any necessary updates, whereas, in person, the security engineer can immediately access the device and take any necessary action.

Malware, Spyware, and Ransomware: How They Differ and How to Respond

JD Supra, SonicWall News: Data from SonicWall Capture Labs revealed that the first half of 2022 saw an 11% increase in malware attacks compared to 2021, totaling around 2.8 billion attacks globally. Furthermore, over 2022, 35% of respondents have stated that poor preparedness was to blame when they experienced business-disrupting cyberattacks. Therefore, it is essential to take the necessary precautions to secure your device by installing the appropriate malware protection and recognizing the signs of an infected system.

Cybersecurity For Investors – Why Digital Defenses Require Good Governance

Seeking Alpha, SonicWall News: Cyberattacks are very costly. In the first half of 2022, at least 2.8 billion malware attacks were recorded globally, an increase of 11% over the previous 12 months, according to cybersecurity company SonicWall.

Study Shows the Worrying Human Cost of Cyber Attacks

Technology Magazine, SonicWall News: Research by SonicWall recently found there is growing concern regarding cyberattacks. Amongst 66% of organizations surveyed; ransomware leads the distress as 91% of all customers cited it as their biggest concern. Phishing and spear-phishing (76%), as well as encrypted malware (66%), comprised the top three concerns.

Ransomware Is the Biggest Concern for Most Organizations

HelpNetSecurity, SonicWall News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Industry News

3 Ways Attackers Bypass Cloud Security

Dark Reading reporting from the “Black Hat Europe” conference held in London this year focused on one presentation that discusses how recent cloud-focused malware campaigns demonstrate that adversary groups have intimate knowledge of cloud technologies and their security mechanisms. And not only that, but they are also using that knowledge to their advantage. Attackers, being very opportunistic, are capitalizing on mistakes committed by the cloud customer. So, the article proposes that successful attacks in the cloud have more to do with the user than the [cloud] service provider, per se. Perhaps the most interesting development with these attacks is that they target serverless computing and containers. The ease with which hackers can compromise cloud resources makes many people very uneasy.

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

According to Hacker News, cybersecurity researchers reported an increase in TrueBot infections. These attacks primarily target Mexico, Brazil and Pakistan. Cisco Talos says the attackers behind the operation have moved from using malicious emails to alternative delivery methods, such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor that was exploited by the Raspberry Robin worm. Data theft and Clop ransomware execution were some of the significant aspects of the monitored activities. TrueBot is a Windows malware downloader. It’s been attributed to a threat actor identified by Group-IB Silence; a Russian-speaking crew believed to share an association with Evil Corp (aka DEV-0443) and T505.

Most US defense contractors fail basic cybersecurity requirements.

SC Magazine reports that nearly nine out of ten US defense contractors fail to meet bare cybersecurity minimums. The new stats are the product of a study conducted by CyberSheath where they surveyed 300 US-based Department of Defense (DoD) contractors. The survey found that just 13% of respondents score 70 or above in the Supplier Performance Risk System (SPRS), the Department of Defense’s primary system for assessing supplier and product risk for contractors who handle unclassified information. According to the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance.

Rackspace confirms outage was caused by ransomware attack

Bleeping Computer reports that the cloud computing provider Rackspace Technology, Inc. (NASDAQ: RXT) confirmed that a ransomware attack is behind an ongoing Hosted Exchange outage described as an “isolated disruption.” Rackspace says that the investigation, led by a cyber defense firm and its internal security team, is in its early stages with no info on “what, if any, data was affected.”

The cloud service provider says it will notify customers if it finds evidence that the attackers gained access to their sensitive information. The company also revealed during a press release and in their public 8-K SEC filing that it expects a loss of revenue due to the ransomware attack’s impact on its $30 million Hosted Exchange business.

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups constantly invent new ways to attack victims and convince them to pay. Krebs on Security reports that the new crop of strategies that have surfaced recently is particularly devious.

First, the ransomware group targets healthcare providers that offer online consultations and sends them booby-trapped records. The second one involves carefully editing executives’ emails at public companies to make it appear they were involved in insider trading.

The US Department of Health and Human Services (HHS) warned last month that Venus ransomware attacks had been detected against several US healthcare providers. Venus was first discovered in mid-August 2022. The group is also well-known for hacking into victims’ Remote Desktop services to encrypt Windows computers.

Venus group members have demonstrated a high-level ability to access victim agencies. However, the group has had difficulty getting paid. That’s why the change in strategies, Krebs believes, has led to attempted blackmail to frame public company executives for insider trading. Venus said it had recently succeeded in using a method that involved carefully editing email inboxes at victim firms to insert messages discussing plans for trading large volumes of company stock based on non-public information.

The Weakest (and worst) Passwords of 2022

We learned that despite growing cybersecurity awareness, old habits die hard. CyberNews reports that people still use weak passwords. They examined 56 million breached and leaked passwords in 2022 and discovered the password “123456” was used in 111,417 cases. Forbes ran a similar report in 2020 and found that the top two passwords on their list was found in 6,452,650 accounts. They also reported that many of these passwords take less than one second to crack. We recommend you click through to see if you use any of these passwords. If you are, then it is worth worrying about.

While most hacks are the product of phishing or ransomware attacks, a weak password opens you to a brute force attack that breaks into your account by guessing your password. Every password on both lists appears in a common database shared by hackers on the open web. That means the database is so common that a teenager with little knowledge can use automated software to probe thousands of accounts until they find yours.

Of the passwords scrutinized by the CyberNews report, around half (28 million) were ‘specific’ – consisting of a single simple name or word such as “dell.” About 5.5 million of these unique or specific passwords occurred multiple times. For instance, some use names of capital cities like “lima” (17,466) and “Rome” (17,407) and animal species such as “cat” (122,392) and “rat” (103,284). Again, whether these were chosen because of any personal significance to users or merely selected for their simplicity is unclear. These passwords can be just as easily hacked as well.

What’s clear from these two reports is that – despite all the terrible news about cyber threats and ransomware – there’s still a legion of ‘culprits’ out there who can’t be bothered to use password-managing apps or spend more time and effort creating complex combinations. And with this lack of attention or concern, cybersecurity takes a hit. These passwords not only spell bad news for users who abuse their cybersecurity but everyone else they associate with and communicate with.

SonicWall Blog

‘3 & Free’ Promotion: How to Upgrade to a New SonicWall TZ Series NGFW for Free – Matt Brennan

The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

3 & Free: 1 Amazing Deal, 2 Exceptional Firewalls, 3 Years of Superior Threat Protection – Matt Brennan

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security – Bret Fitzgerald

SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald

A New Era of Partnering to Win – Robert (Bob) VanKirk

Multiply Your Security with Multifactor Authentication – Amber Wolff

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

SonicWall Third-Party Threat Performance: Seven Times Superior – Amber Wolff

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022 – Amber Wolff

Securing Your Credentials: Does Your Password Pass the Test? – Amber Wolff

The Power of Patching: Why Updating Your Software Should Be a Top Priority

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Bringing you curated cybersecurity news and trends from leading news outlets and bloggers that monitor IT security worldwide.

Approaching the year’s close, SonicWall is still surging among news organizations and bloggers. We see numerous mentions of our marketing initiatives, the Cyber Threat Reports and the 2022 SonicWall Threat Mindset Survey.

And it’s also quite a week for Cybersecurity news. For our big read, we focus on renewed warnings from CISA about the Log4j2 vulnerability compiled from reports by CISA, MSSP Alert, and Hacker News. Next up, Krebs on Security reports on the Disneyland Team, a financial cybercrime group that spoofs bank brands with a dab of Punycode. According to Dark Reading, thousands of RDS snapshots are getting leaked to the public, possibly exposing personal information. Now we have poisoned Google search results to worry about? Bleeping Computer reveals that threat actors are using a new tactic to boost search results for illicit websites. And finally, as Twitter troubles mount, TechCrunch and NBC News speculate that it may not be safe to use the platform anymore.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Malware, Spyware, and Ransomware: How They Differ and How to Respond

JD Supra, SonicWall News: Data from SonicWall Capture Labs revealed that the first half of 2022 saw an 11% increase in malware attacks compared to 2021, totaling around 2.8 billion attacks globally. Furthermore, over 2022, 35% of respondents have stated that poor preparedness was to blame when they experienced business-disrupting cyberattacks. Therefore, it is essential to take the necessary precautions to secure your device by installing the appropriate malware protection and recognizing the signs of an infected system.

Cybersecurity For Investors – Why Digital Defenses Require Good Governance

Seeking Alpha, SonicWall News: Cyberattacks are very costly. In the first half of 2022, at least 2.8 billion malware attacks were recorded globally, an increase of 11% over the previous 12 months, according to cybersecurity company SonicWall.

Study Shows the Worrying Human Cost of Cyber Attacks

Technology Magazine, SonicWall News: Research by SonicWall recently found there is growing concern regarding cyberattacks. Amongst 66% of organizations surveyed; ransomware leads the distress as 91% of all customers cited it as their biggest concern. Phishing and spear-phishing (76%), as well as encrypted malware (66%), comprised the top three concerns.

Ransomware Is the Biggest Concern for Most Organizations

HelpNetSecurity, SonicWall News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

The Four Biggest Security Risks Facing Retailers in The Next Five Years

Retail Week, SonicWall News: Research shows the retail sector has been one of the top targets among cybercriminals, with a surge of more than 200% in ransomware attacks over the past year, according to SonicWall. Many retailers went through a digital transformation during the pandemic to allow customers to switch from in-store to online purchasing, which created more vulnerabilities and avenues for cybercrime.

Weekly Roundup

Channel Pro Network, SonicWall News: The recent 2022 SonicWall Cyber Threat Mindset Survey, including third quarter information, reported that customers saw an average of 1,014 ransomware attempts, a flood even though the total dropped 31% below attempts in 2021. 91% reported they were most concerned about ransomware attacks, a rising source of anxiety for security professionals. Ransomware-as-a-Service offerings make it easy to attack, and perpetrators are increasingly targeting financial firms with cryptojacking attempts, which were up 35% in the quarter. SonicWall’s Real-Time Deep Memory Inspection tools identified 375,756 malware variants never seen before during the first three quarters of 2022.

Latest SonicWall Intelligence Reveals Unstable Cyber Threat Landscape

European Business, SonicWall News: Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organizations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geo-political landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed. Armed with the latest cybersecurity tools, SonicWall partners can play a vital role in helping customers stay secure in even the most dynamic threat environments.

Report: Ransomware Attacks Trending Down in the United States

Security Today, SonicWall News: SonicWall recently released new threat data through the third quarter of 2022. SonicWall recorded more than 4 billion malware attempts globally while year-to-date ransomware attempts in 2022 have already exceeded full-year totals from four of the last five years. In the recent 2022 SonicWall Cyber Threat Mindset Survey, 91% of organizations reported that they are most concerned about ransomware attacks, indicating a rise of anxiety among security professionals.

Ransomware on the decrease and the ghost of ransom past?

IT Canada, SonicWall News: SonicWall’s 2022 Cyber Threat report was published this week. It claims that ransomware attacks shrunk by 23 per cent on a year-to-date worldwide basis over 2021. That’s good news, perhaps, but to put it in perspective, there were still over 236 million attacks so far in 2022. Moreover, the reduced 2022 number is still larger than the full year totals of 2017, 2018 and 2019.

2022 Cyber Threat Report Details Growing Trends

TechRepublic, SonicWall News: The cyberthreat landscape is constantly evolving, with new attacks developing every day. In their new report, SonicWall explores some of the most dangerous trends that security professionals need to have on their radar.

Economic Strife Fuels Cyber Anxiety

HelpNetSecurity, SonicWall News: The 2022 SonicWall Threat Mindset Survey found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Industry News

Big Read: Log4j2 – the Threat CISA Doesn’t Want You to Forget

A little over a year ago, everyone was shocked by the Apache Log4j2 vulnerability because it affected any applications that use its extensive logging libraries. Log4j touches most Java applications and has a wide range of configuration options. As a result, an attacker could exploit a system running Log4j2 (or previous iterations) and execute arbitrary code.

This week, the US Cybersecurity and Infrastructure Security Agency (CISA) returned with a new reminder of the trouble Log4j2 vulnerabilities can still cause. In the latest report, the agency lays out details relating to MITRE ATT&CK tactics and techniques with guidance on what IT and security professionals can do to protect their systems.

MSSP Alert issued a report in August about a warning issued by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team about an Iran-based threat actor calling themselves Mercury (aka “MuddyWater”) and exploiting Log4j 2 vulnerabilities in SysAid applications. MSPs use SysAid for IT service management (ITSM), ticket automation, task automation, asset management and patch management.

As reported in August by Hacker News, Mercury left no stone unturned to exploit unpatched systems running Log4j. They targeted Israeli entities but also other organizations, which gives some indication of the vulnerability’s ’long tail’ for ongoing and continuing attacks. The attacks were notable for using SysAid Server instances unsecured against the Log4Shell flaw as an approach for access. Prior to this method, threat actors leveraged VMware applications to breach target environments.

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security reports on the Disneyland Team, a financial cybercrime group that spoofs bank brands using Punycode, an internet standard that allows browsers to render domain names with non-Latin alphabets such as Cyrillic. The tactic makes confusing-looking domains appear more legitimate. Click the link to the original report to see the ‘defanged’ version of the actual URLs. As a feature of the tactic, you may see extra dots or other characters in the URL, but they might not register as real input.

According to the report, the gang had been operating numerous Punycode-based Phishing domains for much of this year. They’re Russian-speaking and may be based in Russia — but they’re not a phishing gang per se. Rather, this group uses phony bank domains with malicious software already secretly installed on a victim’s computer.

The group steals money from victims infected with a potent strain of Microsoft Windows-based banking malware known as Gozi 2.0/Ursnif (Gozi). Gozi specializes in collecting credentials and is mainly used for attacks on client-side online banking to facilitate fraudulent bank transfers. Gozi also allows attackers to connect to a bank’s website using the victim’s computer.

Thousands of Amazon RDS Snapshots Are Leaking Out to the Public

Dark Reading report that Amazon’s Relationship Database Service (RDS) may be a target for hackers. Researchers at Mitiga discovered a way to scan and clone sensitive data from RDS storage volume snapshots. Administrators typically store these image files separately in a database. Hackers could copy the images if the database is shared with others or exposed to the internet. In addition, researchers said that hackers could find the source of the images and threaten to release them if the organization doesn’t pay them. The researchers discovered 2,783 images from around the globe, of which 810 were public. Mitiga suggests that RDS administrators and users take security precautions to encrypt their RDS volume snapshots.

Poisoned Google Search Results?

BleepingComputer reveals that threat actors abuse Google’s Looker Studio (formerly Google Data Studio) to boost search engine rankings for illicit websites that promote spam, torrents, and pirated content. The SEO poisoning attack analyzed by BleepingComputer uses Google’s datastudio.google.com subdomain to lend credibility to malicious domains. BleepingComputer says they came across several pages of Google search results flooded with datastudio.google.com links after a concerned reader reported seeing the erratic behavior. These links, rather than representing a legitimate Google Data Studio project, are minisites that host links to pirated content. For example, one search result sends users looking to “Download Terrifier 2 (2022)” to bit.ly links that redirect them multiple times to land on spammy websites. Additionally, the poisoning campaign uses a keyword stuffing technique, often considered a form of ‘spamdex’ to boost rankings of illicit domains.

Twitter Troubles

TechCrunch reports that Cybercriminals quickly capitalized on Twitter’s ongoing verification chaos by sending phishing emails designed to steal the passwords of unwitting users. Soon after the verification chaos ensued, hackers launched a phishing email campaign to lure Twitter users into posting their usernames and password on an attacker’s website disguised as a Twitter help form. Additionally, an email was sent from a Gmail account to a Google Doc with another link to a Google Site, which lets users host web content. The fact that they set this up within hours of the launch of Twitter’s new verification program speaks to the hackers’ agility and ability to take advantage of emerging threats.

After a series of layoffs and resignations by critical executives at Twitter, NBC News asked if it is still safe even to use Twitter. Cybersecurity experts they interviewed said that the firings and resignations at Twitter had made the platform more vulnerable to attacks from scammers, organized crime and hostile governments. Others opined that Twitter was quickly becoming a dangerous place for scams and that the theft of personal information added to a growing sense of chaos around the service, which Elon Musk purchased last month for $44 billion.

SonicWall Blog

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

3 & Free: 1 Amazing Deal, 2 Exceptional Firewalls, 3 Years of Superior Threat Protection – Matt Brennan

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security – Bret Fitzgerald

SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald

A New Era of Partnering to Win – Robert (Bob) VanKirk

Multiply Your Security with Multifactor Authentication – Amber Wolff

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

SonicWall Third-Party Threat Performance: Seven Times Superior – Amber Wolff

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022 – Amber Wolff

Securing Your Credentials: Does Your Password Pass the Test? – Amber Wolff

The Power of Patching: Why Updating Your Software Should Be a Top Priority

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald