Cybersecurity News & Trends
It was another busy week with several news outlets quoting the 2022 SonicWall Cyber Threat Report. Other stories mention SonicWall corp, its products and services and one recognized CRN Channel awards for three women from SonicWall’s field marketing team. In global cybersecurity news, Krebs’ ongoing coverage of hackers using fake Emergency Data Requests (EDRs) escalated into a DEA investigation. The Republic of Korea just became the first Asian country to join NATO’s cybersecurity group, much to the chagrin of the People’s Republic of China. India’s new CERT-IN breach reporting requirements are bumping against growing resistance from businesses and organizations. In California, a data provider for the State Bar accidentally released private and potentially damaging information about some of its member attorneys. MyNurse patient data tracking service is closing its doors after a severe data breach. Log4Shell exploits are resurfacing with new threats to the tranquility of enterprise data lakes and potentially devastating AI poisoning. And 157-year-old Lincoln College is closing its doors – apparently succumbing to the COVID pandemic and a catastrophic cyberattack.
Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.
TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.
ITPro (UK), SonicWall in the News: In an article about the 5th anniversary of WannaCry: SonicWall is one such company still tracking WannaCry, although other firms tell IT Pro they have decided to stop monitoring the strain, given the worst of it is over. We may not have seen the same level of destruction as sustained five years ago, but detections remain high.
ZDNet, Threat Report Mention: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall earlier this year. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks.
Bostinno/Boston Business Journal, Threat Report Mention: The world saw a 105% surge in ransomware cyberattacks last year, according to the most recent SonicWall cyber threat report.
Security Review, Threat Report Mention: According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.
SonicWall Blog, SonicWall in the News: SonicWall is thrilled to share that CRN, a brand of The Channel Company, has named three global channel team members on CRN’s 2022 Women of the Channel List. SonicWall’s Sr. Director, Global Field Marketing Nicola Scheibe; Sr. Channel Account Manager Terra Paisley; and Sales Manager Misty Warhola were included on the annual list, which honors the incredible accomplishments of female leaders in the IT channel.
FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.
DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: “The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.
Krebs on Security: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports hackers gained unauthorized access of an agency portal that taps into 16 federal law enforcement databases. KrebsOnSecurity claims that it discovered that the alleged compromise was tied to an online harassment and cybercrime community that routinely impersonates government officials and police officers to obtain personal information. Krebs has been following this topic closely, as reported in previous posts of Cybersecurity News & Trends.
KrebsOnSecurity shared information regarding the allegedly hijacked account to the DEA, Federal Bureau of Investigation (FBI) and the Department of Justice (which houses both agencies). However, the DEA refused to provide details on the validity of the claims.
Numerous news agencies are covering a fresh story about the Republic of Korea joining the NATO cybersecurity group known as the Cooperative Cyber Defense Center of Excellence. (CCDCOE). According to The Korea Times, the state intelligence agency of Korea announced Monday that there was a flag-raising ceremony in Estonia to commemorate Korea’s participation. The CCDCOE operations are based in Tallinn (Estonia), Canada, Luxembourg, and Luxembourg. The group was created in 2008 by NATO members in response to crippling cyberattacks in Estonia committed by Russian cyber gangs. CCDCOE now boasts 32 nation members, including 27 NATO members that sponsor it, plus five contributors, including Korea, according to ZDNet.
The South China Morning Post reports that although the cybersecurity group operates independently from NATO, Chinese military analysts claim that Beijing is concerned by the development. The People’s Republic of China sees the move as an expansion of the NATO defense alliance and a threat to Chinese security interests.
Russia used the military alliance’s eastern expansion to justify its invasion of Ukraine. Government leaders in Beijing consider Moscow’s claim as a legitimate security concern. Ni Lexiong, a Shanghai-based military analyst, said that China views NATO as overbearing and that Korea’s decision to join the center is “definitely not in China’s best interests.”
The Register: Opposition to India’s new rules for reporting computer security breaches grows. The rules were introduced in late March by the government-run CERT-In. This team has responsibility for incident management.
CERT-In requires Indian organizations to report more than 20 types of cybersecurity incidents within six hours of discovering them. In addition, it ranks ransomware attacks, detections of malicious network probes, and hijacking social media accounts all on the same level.
Other requirements include the retention and capture of VPN users’ personal data and IP addresses. The government gave Indian organizations only 60 days to ramp for compliance. The organizations say that these requirements are difficult to meet because they affect large entities such as data center operators and that some incidents happen daily.
OC Register: California’s State Bar has begun notifying thousands of attorneys whose names were found in 322,525 confidential records of proceedings for member discipline. The breach occurred in February. According to the State Bar, it will reach out to 1,300 respondents, witnesses, and complainants whose names are contained in 1,034 supposedly confidential records. The State Bar will also contact those named in records but were not published.
Public records aggregator Judyrecords published the documents. They remained online between October 2021 and February 2022. Southern California News Group first reported the breach. According to the report, the breach was not the result of malicious hacking but rather a security flaw in the State Bar’s Odyssey Portal that Texas-based Tyler Technologies operates. As a result, the confidential records were unintentionally swept up and published by Judyrecords. The portal vulnerability was fixed, and access to the public records of the State Bar Court was restored while the records search function was still disabled on Judyrecords. The website administrator stated in a note that the portal glitch enabled users to access court cases in various jurisdictions in California, Georgia, Kansas and Texas.
TechCrunch: MyNurse stated in a data breach notice that it had decided to close its business because of a “data security incident” but didn’t give a reason. The company stated that it began notifying patients affected on April 29, more than seven weeks after the breach was discovered. MyNurse is a startup in healthcare that offers remote monitoring and chronic care management. It reported a data breach that exposed the personal health information of its users.
Salusive Health was the startup that launched the service. The company later filed a data breach notification with the California attorney general’s office stating that it discovered a breach in early March. An unauthorized individual had accessed its protected health data. Patients’ financial, demographic and health information were all accessed. This included names, dates of birth, phone numbers, and dates of birth, including medical histories, diagnosis, treatments, prescriptions and information about health insurance and policies.
Dark reading: Enterprise data pools are growing as more organizations embrace AI and machine learning. However, this makes them vulnerable to exploitations of the Java Log4Shell vulnerability. With a view to privacy, organizations are focused on ingesting data points that they can use to train an AI or algorithm. However, too many times, the operators neglect the security of data lakes.
Research has shown that triggering the log4Shell bug is relatively easy once the code is ingested into a target database or repository via a pipeline. Furthermore, such a strategy bypasses traditional safeguards such as application firewalls, sandboxing and other traditional scanning services.
Like the original attacks on the Java Log4j library exploiting a single string, it is only necessary to extract the text. However, researchers say that an attacker could embed the string in a malicious big data file payload to create a shell within the data lake and launch a data poisoning attack. The difficulty of detection is even more significant because the big-data file containing the poison payload can often be encrypted or compressed.
NPR: Lincoln College was not destroyed by the 1918 influenza pandemic. The Great Depression and World War II didn’t help the school, yet it survived. The school was able to withstand a major fire, other economic hardships and many serious threats. Unfortunately, the college will close for good this spring due to two modern blights: the COVID-19 pandemic and a cyberattack.
This is a remarkable turnaround for the small, private school in Illinois that has hosted thousands of first-generation college students and received federal recognition as a predominantly Black institution.
Lincoln College saw record enrollments in fall 2019, filling all its dormitories. The pandemic struck as it did around the globe, disrupting campus life and making it difficult for the school to raise funds and recruit new students. The school had to set aside cash reserves for new technology and safety precautions. In December 2021, ransomware attacked the school, stopping admissions and preventing access to all data.
CBS News reported the fall enrollment had dropped sharply to just a fraction of what was required to sustain operations by the time that the school gained access to its computer systems nearly four months later. In March, the school announced its decision to close. Former and current students felt betrayed by the school, which had provided them with opportunity and refuge from uncertain situations.
In Case You Missed It
Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff
Four Cybersecurity Actions to Lock it All Down – Ray Wyman
Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran
NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala
CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald
Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff
Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi
Ransomware is Everywhere – Amber Wolff
Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh