Cybersecurity News & Trends

This week, the Mid-Year Update to the 20201 SonicWall Cyber Threat Report shook up a lot of people with the headline “304.7 million ransomware attacks eclipse 2020.” That’s a 151% increase, year-over-year. In other news, “Wipers” in the Middle East, Emma Willard, UC San Diego, rebranded hacker groups, fake Microsoft 11 installers, the sinister case of Plugwalkjoe, and flirty aerobics instructors.

SonicWall in the News

Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months SonicWall Press

  • Straight off the Mid-Year Update to the 2021 SonicWall Cyber Threat Report: high-profile attacks against established technology and infrastructure are now more prevalent than ever. Through the first half of 2021, SonicWall recorded global ransomware volume of 304.7 million, surpassing 2020’s full-year total (304.6 million) — a 151% year-to-date increase. If that doesn’t rock your boat, keep in mind that just about every business sector is targeted.

Over 300 million ransomware attacks recorded in first half of 2021, claims study Tech Digest

  • The cyberthreat quote of the week came from SonicWall President and CEO Bill Conner: “In a year driven by anxiety and uncertainty, cybercriminals have continued to accelerate attacks against innocent people and vulnerable institutions. This latest data shows that sophisticated threat actors are tirelessly adapting their tactics and embracing ransomware to reap financial gain and sow discord…”

Fresh data shows a 600% rise in education-related cybercrime FENews

  • This publication focused on data from SonicWall Capture Labs that shows a 615% rise in ransomware – just on education alone! Threat researchers also recorded alarming ransomware spikes across other key verticals, including government (917%), healthcare (594%) and retail (264%).

Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months IT Supply Chain

  • Data from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report revealed that 2021 ransomware numbers “eclipse” all of 2020 global attacks.

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months VM Blog

  • Writers here focused on the fact that data from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report shows the sharp rise in the number of ransomware attacks was achieved in just 6 months.

SonicWall makes the move to Globalization Partners to help grow global team WhaTech

  • Noting SonicWall’s 30-year history, writers here point out a Globalization Partners solution to hire talent around the world.

Teleworking: how much risk is there for your Company security Dealer World

  • SonicWall’s Sergio Martínez participated in a special issue about teleworking and cybersecurity.

Industry News

Researchers Link Mysterious ‘MeteorExpress’ Wiper to Iranian Train Cyberattack Security Week

  • Security researchers at SentinelOne stumbled upon a hitherto unknown data-wiping malware that was part of a disruptive cyberattack against Iran’s train system earlier this month. “Wipers,” as they are euphemistically called, are the most destructive of all malware types. The genre logs most of its attacks in the Middle East, with the 2012 Shamoon attacks against Saudi Aramco being the most prominent example.

New York’s Emma Willard School suffers ransomware attack Edscoop

  • Following a 615% rise in ransomware targeting education this year, leaders at the prodigious Emma Willard School in Troy, NY are reeling from a recent cyberattack. They’re still identifying the extent of the attack but said that some employee Social Security numbers and financial information were stolen, according to a letter obtained by the Times-Union.

As Cyberattacks Surge, Security Start-Ups Reap the Rewards The New York Times

  • Responding to the severe uptick in cyberattacks, investors have poured $12.2 billion into cybersecurity companies so far this year, nearly $2 billion more than the total for all of 2020.

UC San Diego Health discloses data breach after phishing attack Bleeping Computer

  • UC San Diego Health, one of nation’s highest ranked hospitals, and a leading academic medical school, disclosed that they discovered a data breach that compromised some employees’ email accounts that may have revealed personal information of patients, employees, and students. The breach occurred between December 2, 2020, and April 8, 2021, and was the result of a phishing attack.

Scammers are using fake Microsoft 11 installers to spread malwareCyberscoop

  • Security firm Kaspersky issued warnings that hackers are circulating fake installers to people who are eager to get their hands on the Microsoft operating system update due this fall.

Cyber insurance rates fail to match catastrophe riskReuters

  • Rising prices of insurance against cyberattacks fail to take account of the potential catastrophic effects of a widespread attack, Chubb Ltd. CEO Evan Greenberg said on Wednesday. Chubb is a major underwriter for various insurance for business.

Justice Department officials urge Congress to pass ransomware notification law – The Hill

  • U.S. Justice Department officials came out in strong support of legislation requiring companies to report ransomware attacks and other severe data breaches to federal authorities. But DOJ also says that Congress should hold the brakes on banning ransomware payments.

PlugwalkJoe Does the Perp Walk – Krebs on Security

  • Brian Krebs takes a closer look at the “sinister criminal charges” in the indictment of Joseph O’Connor (aka “PlugwalkJoe”) that revealed a subculture where young men turned to sextortion, SIM swapping, and death threats to seize control of social media accounts.

Haron and BlackMatter are the latest groups to crash the ransomware party – Ars Technica

  • New groups – or rebranded old ones – are rising just as the number of high-severity ransomware attacks ratchet up.

FBI reveals top targeted vulnerabilities of the last two years – Bleeping Computer

  • Recommended read: A joint security advisory by cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years.

Top FBI official advises Congress against banning ransomware payments – The Hill

  • Bryan Vorndran, the assistant director of the FBI’s Cyber Division advised members of the Senate Judiciary Committee against banning payments for ransomware attacks.

Praying Mantis Threat Group Targeting US Firms in Sophisticated Attacks – Dark Reading

  • Group’s advanced memory-resident attacks similar to those employed in sustained campaign against Australian companies and government last year, security vendor says.

In Case You Missed It

Cybersecurity News & Trends

This week, the SonicWall Threat Report, Microsoft vs Chinese hackers, Israeli hack tools, a $10 million reward, and more zero-days than we really want to hear about. Also, railroad hacks in Iran and UK, indictments for Chinese hacking group, Apple’s “five-alarm fire,” and Microsoft’s battle against “homoglyphs.”

SonicWall in the News

IBM Adds Enhanced Data Protection to FlashSystem to Help Thwart Cyberattacks — AI-Thority

  • IBM cites data from SonicWall’s annual threat report in an announcement about enhancements to their FlashSytem data protection. One bit of data that got everyone’s attention: ransomware attacks rose to 304.6 million in 2020, up 62% over 2019, mainly due to the highly distributed workforces caused by the pandemic.

The rise of ransomware: the multibillion-pound hacking industry where no one is safeThe Metro

  • If cybercrime was a country, it would be the world’s third largest in terms of GDP, according to Cybersecurity Ventures. This year, the total cost to the global economy is predicted to top $6 trillion (£4 trillion). SonicWall’s 2021 Threat Report was also included: 304.5 million ransomware attacks in total in 2020 – up 62% over 2019 – and the deluge of attacks shows no signs of slowing down.

The three best ways to neutralize Ransomware attacks – TEK Deeps

  • The question of your company or organization facing a ransomware attack is not an “if” but rather “when.” Most likely, you may have already faced several. SonicWall’s annual threat report was part of this story too, citing through May of 2021, a reported 226.3 ransomware attacks, up 116% year to date over 2020.

Industry News

Tulsa warns of data breach after Conti ransomware leaks police citations — Bleeping Computer

  • The city of Tulsa, Okla., is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

Saudi Aramco data breach sees 1 TB stolen data for sale — Bleeping Computer

  • Attackers stole 1 TB of proprietary data belonging to Saudi Aramco and are selling it on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the world’s largest public petroleum and natural gas companies. The sales price of the data, albeit negotiable, is set at $5 million.

Details Emerge on Iranian Railroad Cyberattack — Security Week

  • More details about the cyberattack on Iran’s railroad system emerged over the weekend. On July 9, Iran International reported that a system-wide disruption of Iran’s railroads was probably due to a cyberattack, citing the Revolutionary Guard-backed FARS news agency. Now it appears that the attackers had penetrated the system at least a month earlier.

Northern’s ticket machines hit by ransomware cyberattack BBC

The US Formally Accuses China of Hacking Microsoft – The New York Times

  • To bolster the accusations, the Biden administration may organize a broad group of allies to condemn Beijing for global cyberattacks. However, most analysts believe that such an effort will probably stop short of taking concrete punitive steps against China.

The US indicts members of the Chinese-backed hacking group APT40 – Bleeping Computer

  • The US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018.

$10 million rewards bolster White House anti-ransomware bid – Associated Press

  • The State Department will offer rewards up to $10 million for information leading to identifying anyone engaged in a foreign state-sanctioned malicious cyber activity, including ransomware attacks, against critical US infrastructure. In addition, a task force set up by the White House will coordinate efforts to stem the rise of ransomware.

Israeli Spyware Vendor’s Windows Zero-days Caught in the Wild Vice News

  • Cyber-sleuths from digital rights watchdog Citizen Lab recently released a study that reveals government hackers from several countries are using spyware made by Candiru, an Israeli-based spyware vendor, to target victims all over the world. The spyware leverages two unknown Windows vulnerabilities for zero-day exploitation. As far as we know, this is the first time anyone has published an analysis of Candiru’s malware with targeted individuals.

Google: Annoying LinkedIn Networkers are Russian Hackers Spreading Zero-day – Vice News

  • As if we can’t get enough of zero-days, Google’s Threat Analysis Group published a new report that offers details about several hacking campaigns that leverage a series of zero-day exploits. A quick read shows that there are several reasons for the uptick in zero-day incidents. For one, the industry is getting better at detecting and disclosing attacks. For another, cyber-criminals are taking full advantage of vulnerabilities while they still can.

Fighting an emerging cybercrime trend Microsoft

  • Microsoft’s Digital Crimes Unit (DCU) recently secured another court order to take down malicious infrastructure used by cybercriminals. They filed the case to target the use of “homoglyph” ­– imposter domains – used in an increasing number of attacks. A judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable service on malicious domains used to impersonate Microsoft customers and commit fraud.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware AttackDark Reading

  • Campbell Conroy & O’Neil, a major law firm based in Boston, MA, reported an attack that compromised personal data, including Social Security numbers, passport numbers, and payment card data for some individuals. The firm discovered unusual activity on its network earlier this year. An investigation revealed its network was hit with ransomware and prompted Campbell to hire third-party forensics investigators to determine the information affected.

Apple’s iPhone has a “five-alarm fire” security problem with iMessage Business Insider

  • Apple’s iPhone isn’t as secure as Apple says it is according to this report from Amnesty International. The quote that caught our eye: “Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security,” said Bill Marczak, a senior research fellow at Citizen Lab. The threat is related to a tool called Pegasus, created by NSO Group.

Microsoft to acquire cybersecurity firm RiskIQ as cyberthreats mount CNN

  • Microsoft on Monday announced that it is buying cybersecurity firm RiskIQ to help companies better protect themselves from the unique risks created by remote work and relying on cloud computing amid “the increasing sophistication and frequency of cyberattacks.” RiskIQ’s software allows organizations to monitor their entire networks — including operations running on various cloud providers.

IT provider for real estate, finance, insurance downed by ransomwareThe Register

  • Cloudstar, a Florida-based company IT provider, announced that it suffered a “highly sophisticated ransomware attack” that forced it to take down the vast majority of its services. A critical flaw in a Cloudflare service said to be used by 12.7 percent of all websites could have been hijacked by a malicious user-controlled package to compromise a good number of web pages. The company said it was negotiating with the crooks that infected its computers.

In Case You Missed It

Cybersecurity News & Trends

This week, attacks on cyber-insurers, Kaseya, Morgan Stanley and the Ukrainian government were brought to light, and two prominent cybercriminals were brought to justice.

SonicWall in the News

Ransomware demands are digital extortion: don’t pay — Financial Times

  • SonicWall’s report numbers on ransomware indicate attacks increased by more than 60%.
    Syndicated: California News Times

Review: SonicWall Cloud Edge Secure Access — Biz Tech

  • With least-privilege access and advanced microsegmentation, SonicWall leverages the principles of zero trust to protect cloud-first organizations.

Global cyber insurance pricing increases by 32% – Howden — Global Insurance

  • The rampage in ransomware now poses a threat to businesses of all sizes.

SonicWall Triples Threat Performance, Dramatically Improves TCO with Trio of New Enterprise Firewalls — ITWeb

  • With triple the firewall throughput compared to previous SonicWall appliances, new NSand NSsp models help organizations keep pace with the speeds of their growing networks.

Cybersecurity: how to invest in a thriving sector amid rising cybercrime — Proactive News

  • It’s a “cat and mouse” industry as hackers and defense software developers get more sophisticated.

CISA Releases Ransomware Readiness Assessment Audit Tool — HIPAA Journal

  • The U.S. Cybersecurity and Infrastructure Security Agency has launched a new tool that can be used by organizations to assess how well they are equipped to defend and recover from a ransomware attack.

SonicWall’s EMEA boss discusses what drove up sales by almost a third in 2020 — Channel Partner Insight

  • SonicWall EMEA VP Terry Greer-King discusses what drove up sales by almost a third in 2020, as well as partner support, growth plans in EMEA and challenges ahead.

Infiltrate, adapt, repeat: A look at tomorrow’s malware landscape — Intelligent CIO

  • Brook Chelmo, Software and Security Product Marketing Strategist at SonicWall, explains possible reasons for the growth in the varieties of new malware that were detected and featured in the SonicWall 2021 Cyberthreat Report.

Rebuilding after ransomware: Heartland Community College invests $1 million — EDSCOOP

  • According to a recent report by the cybersecurity company SonicWall, COVID-themed malware attacks spiked for the education industry in early fall as students returned to school.

Industry News

Morgan Stanley reports data breach after vendor Accellion hack — Bleeping Computer

  • Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software — Krebs on Security

  • It appears that, until last week, Kaseya’s customer service portal was left vulnerable to a data-leaking security flaw that was first identified in the same software six years ago.

Letting Businesses ‘Hack Back’ Against Hackers Is a Terrible Idea, Cyber Veterans Say — The Wall Street Journal

  • Companies shouldn’t be allowed to strike back against hackers, cybersecurity specialists and former government officials warned, after senators last week introduced legislation floating the idea of such counterattacks.

Ransomware as a service: negotiators between hackers and victims are now in high demand — ZDNet

  • RaaS groups are hiring negotiators whose primary role is to force victims to pay up.

Use of Common Malware in Operation Targeting Energy Sector Makes Attribution Difficult — Security Week

  • Researchers at cybersecurity firm Intezer have been monitoring a campaign that appears to be mainly aimed at the energy sector, but attribution to a known threat group is made difficult by the fact that the operation involves several common malware families.

Attempted Hack of R.N.C. and Russian Ransomware Attack Test Biden — The New York Times

  • The breach of a Republican National Committee contractor, also linked to Russia, and the global ransomware attack occurred weeks after a U.S.-Russian summit.

Hackers attack websites of Ukraine’s president and security service — Reuters

  • A cyberattack hit the websites of Ukraine’s president, security service and other institutions on Tuesday afternoon, but they were working again by the evening.

Ransomware: US warns Russia to take action after latest attacks — ZDNet

  • The U.S. has warned Russia to take care of cybercrime operating in its own backyard — or the U.S. will take care of it themselves.

Alleged Cybercriminal Arrested in Morocco Following Interpol Probe — Dark Reading

  • The suspect operated under the name “Dr Hex” to target thousands of people through phishing, fraud and carding activities.

Fake Kaseya VSA security update backdoors networks with Cobalt Strike — Bleeping Computer

  • Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis. This time, they’re targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates.

In Crosshairs of Ransomware Crooks, Cyber Insurers Struggle — Security Week

  • In the past few weeks, ransomware criminals attacked at least three cyberinsurance brokerages — all of which offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves suffered.

Germany Thwarts Cyberattack, Denies Impact on Banking System — Bloomberg

  • German authorities thwarted a cyberattack on a data service provider used by federal agencies, but they pushed back on a report that a broad assault targeted critical infrastructure and banks.

NSA: Russian GRU hackers use Kubernetes to run brute force attacks — Bleeping Computer

  • The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks to access U.S. networks and steal email and files.

Colombia police collar suspected Gozi Trojan distributor — ZDNet

  • The alleged hacker is wanted in the United States.

In Case You Missed It

Three New Firewalls with Triple the Performance, Plus Three Powerful Updates — Atul Dhablania
Insights with Jayant: TZ Does It — Jayant Thakre
SD-WAN and VPN Orchestrations: Fast-Tracking Enterprise Growth — Ken Dang
New SonicWall NSsp 13700 Firewall: Security for Large Enterprises — Ajay Uggirala
SonicWall Announces Capture Labs Portal — Brook Chelmo
SonicWall NSa 4700 and 6700: The Newest Next-Generation Firewalls for Medium Enterprises — Ajay Uggirala

Cybersecurity News & Trends

This week, attacks on the food and beverage industry, manufacturing plants and water facilities dominated the headlines.

SonicWall in the News

Sonicwall’s Platform Evolution Driving Record Demand as Organizations Embrace Boundless Cybersecurity Model to Fight Ransomware, Advanced Cyberattacks — Company Press Release

  • SonicWall is experiencing record growth across all segments. This growth is being accelerated by organizations’ critical need to protect against ransomware attacks, which are up 116% globally year-to-date through May 2021.

Businesses must bank on secure future — Financial Review

  • The issue was recently highlighted in SonicWall’s 2021 Cyber Threat report, which indicated ransomware attacks had increased by more than 60 percent globally.

As Ransomware Business Booms, Can Defenders Keep Up? — SDX Central

  • “The bombardment of ransomware attacks is forcing organizations into a constant state of defense, rather than an offensive stance,” SonicWall’s Bill Conner said.

Ransomware and hacking now bigger threat to UK businesses than hostile states — Payments Industry Intelligence

  • The number of incidents rose by more than 60% to 305 million in 2020, according to data from SonicWall.

Industry News

Tulsa warns of data breach after Conti ransomware leaks police citations — Bleeping Computer

  • The city of Tulsa, Okla., is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

ChaChi: a new GoLang Trojan used in attacks against US schools — ZDNet

  • The malware has found a role to play in ransomware strikes.

Clop ransomware is back in business after recent arrests — Bleeping Computer

  • After recent arrests, the Clop ransomware operation is back in business — and has begun listing new victims on their data leak site again.

Hackers are trying to attack big companies. Small suppliers are the weakest link — ZDNet

  • Defense companies are a prime target for cyber attackers, and the sometimes-poor security of SMBs in the supply chain could be giving them an easy way in, warn researchers.

Cyber agency says SolarWinds hack could have been deterred by simple security measures — The Hill

  • The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place.

A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill — Cyberscoop

  • After decades of a largely hands-off approach, the notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents.

CISA doesn’t know how many US federal agencies use firewalls to fend off malicious traffic — Cyberscoop

  • The Department of Homeland Security’s top cybersecurity agency doesn’t know how many agencies are segmenting their networks from unwanted outside traffic, a basic security practice.

Would companies even abide by a ransomware payments ban? — SC Magazine

  • One of the most common (and controversial) suggestions to deal with the ransomware scourge is to ban the payment of ransoms. But for that to work, companies would need to abide by regulations and not pay.

Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light — Security Week

  • The Water Sector Coordinating Council announced a new cybersecurity report focusing on water and wastewater utilities in the U.S., just as news broke that a threat actor in January attempted to poison a water facility.

Data Breaches Surge in Food & Beverage, Other Industries — Dark Reading

  • Six previously “under-attacked” vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors.

One in Five Manufacturing Firms Targeted by Cyberattacks — Dark Reading

  • Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.

A deep dive into the operations of the LockBit ransomware group — ZDNet

  • Most victims are enterprises, and they’re expected to pay an average ransom of $85,000.

Newly discovered Vigilante malware outs software pirates and blocks them — Ars Technica

  • Most malware tries to steal stuff. Vigilante, by contrast, takes aim at piracy.

In Case You Missed It

Cybersecurity News & Trends

This week Cozy Bear meddled in politics, REvil disrupted the global meat supply and schools fortified their defenses.

SonicWall in the News

Radio Interview with SonicWall President and CEO Bill Conner — KRLD 
SonicWall President and CEO Bill Conner discusses who is responsible for rising attacks on enterprises, governments and SMBs worldwide — and what’s to be done.

SonicWall, The Conference of Italian University Rectors to Collaborate on Cybersecurity Training, Research and Digital Innovation — FE News
SonicWall today announced its partnership with the Conference of Italian University Rectors (CRUI) to promote and enable mutual collaboration in research, development, transformation and digital innovation activities.

Industry News

Meat giant JBS now fully operational after ransomware attack — Bleeping Computer
JBS, the world’s largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.

Why One Hack on One Firm Can Shake Global Meat Supply — Bloomberg
In the last three years, a fire, a pandemic and now a cyberattack have disrupted the U.S. meat industry. Here’s how one hack impacts the global economy.

U.S. schools land IBM grants to protect themselves against ransomware — ZDNet
All U.S. K-12 public school districts were eligible to apply for the grants, designed to help school officials “proactively prepare for and respond to cyberattacks.”

U.S. seizes two domains used in cyberattacks that mimicked USAID communications — Reuters
The U.S. Justice Department said it had seized two Internet domains used in spear-phishing attacks mimicking email communications from the U.S. Agency for International Development.

Cyber-Insurance Fuels Ransomware Payment Surge — Threat Post 
Companies relying on their cyber-insurance policies to pay off ransomware groups are being blamed for a recent uptick in ransomware attacks.

New breach from hackers behind SolarWinds ‘mostly unsuccessful,’ Microsoft says — The Washington Times 
Microsoft said the latest hack was largely unsuccessful, meaning Microsoft has not discovered a significant number of compromised organizations.

Swedish Health Agency shuts down SmiNet after hacking attempts — ZDNet
The Swedish Public Health Agency shut down SmiNet, the country’s infectious diseases database, after it was targeted in several hacking attempts.

Kenyan Arrested in Qatar First Targeted By Phishing Attack — Bloomberg
A Kenyan security guard writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say.

New Russian hacks spark calls for tougher Biden actions — The Hill
Officials are calling for harsher measures against Russia following reports that SolarWinds hackers were continuing to launch cyberattacks against U.S. government agencies and other organizations.

Interpol intercepts $83 million fighting financial cybercrime — Bleeping Computer
The International Criminal Police Organisation has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.

This Android trojan malware is using fake apps to infect smartphones, steal bank details — ZDNet
TeaBot malware tells victims they need to click a link because their phone is damaged with a virus  — then infects them via the link.

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says — Cyberscoop
The U.S. government has also been affected.

Hong Kong recorded phishing surge in 2020 as scum sought to cash in on viral worries — The Register 
Criminals tried to exploit Hong Kong residents’ COVID-related anxiety, according to new security data released yesterday.

UF Health Florida hospitals back to pen and paper after cyberattack — Bleeping Computer
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.

Fujifilm confirms ransomware attack disrupted business operations — Bleeping Computer
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery — Cyberscoop
The recent spearphishing campaign uses an election fraud document as a lure. The emails purport to be from the U.S. Agency for International Development, and have targeted government agencies, research institutions and nongovernmental organizations.

In Case You Missed It

SonicWall’s Bill Conner Talks Ransomware on the Radio — Lindsey Lockhart
Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot

Cybersecurity News & Trends

This week, healthcare was under attack in the U.S. and abroad, as facilities reported outages and blackmail demands.

SonicWall in the News

Discord is now the young hacker’s weapon of choice — here’s why — tom’s guide
“Discord is the potential future of the dark net,” said Brook Chelmo, a senior strategist for SonicWall, during his recent RSA session.

Fish out the Phishing attacks — Security Middle East & Africa
“The best defense against most credential harvesting attacks is the use of a password manager,” SonicWall’s Mohamed Abdallah said. “Most are free, and none can be fooled into entering a password into a malicious site, no matter how authentic it seems.”

Industry News

As Chips Shrink, Rowhammer Attacks Get Harder to Stop — Ars Technica
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.

Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks — Dark Reading
Security researchers have seen an increasing wave of relatively simplistic attacks involving ICS systems (and attackers sharing their finds with one another) since 2020.

Alleged North Korean hackers scouted crypto exchange employees before stealing currency — Cyberscoop
Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years.

Ransomware: Two-thirds of organisations say they’ll take action to boost their defences — ZDNet
The impact of the Colonial Pipeline ransomware attack is leading companies to re-examine their cybersecurity strategies.

New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack — Bloomberg
Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed.

Iranian hacking group targets Israel with wiper disguised as ransomware — Bleeping Computer
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks. Meanwhile, they’re maintaining access to victims’ networks for months.

Gartner: Global Security Spending Will Reach $150 Billion in 2021 — Security Week
Gartner says nearly half (roughly $72 billion) will be spent on security services, including consulting, hardware support, and implementation and outsourced services.

Hear ye, DarkSide! This honorable ransomware court is now in session — Ars Technica
A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide to hear claims from former affiliates who say the makers skipped town without paying.

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders — ZDNet
The targets identified include 911 dispatch carriers, law enforcement agencies and emergency medical services — all of which have been attacked over the past year as medical services struggled to manage the pandemic.

Vulnerability in VMware product has severity rating of 9.8 out of 10 — Ars Technica
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, one of the most popular virtualization solutions on the market.

Cyber insurance premiums, take-up rates surge, says GAO — ZDNet
A General Accountability Office report finds that cyber insurance premiums surged in 2020 based on more frequent cyberattacks. That trend is likely to continue.

Zeppelin ransomware comes back to life with updated versions — Bleeping Computer
The developers of Zeppelin ransomware have resumed activity after a period of relative silence that started last fall.

This massive phishing campaign delivers password-stealing malware disguised as ransomware — ZDNet
Java-based STRRAT malware creates a backdoor into infected machines — but distracts victims by acting like ransomware.

Bizarro banking malware targets 70 banks in Europe and South America — Bleeping Computer
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

E-commerce giant suffers major data breach in Codecov incident — Bleeping Computer
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack.

QNAP confirms Qlocker ransomware used HBS backdoor account — Bleeping Computer
QNAP is advising customers to update the HBS 3 disaster recovery app. The goal: to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.

In Case You Missed It

Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot
Triple Threat: CRN’s 2021 Women of the Channel List Honors SonicWall Leaders — Lindsey Lockhart

Cybersecurity News & Trends

This week the DarkSide ransomware group dominated the headlines, launching additional attacks, bringing in large quantities of Bitcoin and (hopefully) being shut down for good.

SonicWall in the News

‘It’s a battle, it’s warfare’: experts seek to defeat ransomware attackers — Financial Times

  • Financial Times reporter Hannah Murphy references SonicWall data as she explores the lucrative industry of ransomware.

Breaking into New Technology with Partners — Channel Pro Network

  • MiradorIT cites its partnership with ASCII member Net Sciences for enabling it “to move into advanced cybersecurity by offering high-availability SonicWall deployments.”

Windows 10 has a built-in ransomware block, you just need to enable it — PC Gamer

  • Turns out there is a mechanism in Windows Defender that can help protect your files from ransomware. PC Gamer leverages SonicWall data to educate readers.
    *Syndicated: PC Gamer – UK

D&H Defies Pandemic: Grows U.S. Sales 19 Percent, Breaks $5B Barrier — CRN

  • D&H Distributing, the 104-year-old, employee-owned SMB distribution stalwart, helped its partners power through the global pandemic — and in the process, posted a whopping 160% increase in cloud sales for the fiscal year.

Industry News

The Full Story of the Stunning RSA Hack Can Finally Be Told — Wired

  • In 2011, Chinese spies stole the crown jewels of cybersecurity — stripping protections from firms and government agencies worldwide.

Denial of Electricity Service Could Become Next Geopolitical Weapon — The Wall Street Journal

  • With electricity expected to account for a large share of the world’s energy use by 2050, the stakes are high.

Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’ — ZDNet

  • The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.”

School districts struggle to defend against rising ransomware attacks — The Hill

  • Cybercriminals are stepping up their efforts to hack into vulnerable school districts, often launching ransomware attacks like the kind that shut down Colonial Pipeline earlier this month.

Bizarro banking Trojan surges across Europe — ZDNet

  • Operators have targeted customers of at least 70 banks across Europe and South America so far.

Chemical distributor pays $4.4 million to DarkSide ransomware — Bleeping Computer

  • Chemical distribution company Brenntag paid a $4.4 million ransom to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

Legislation to secure critical systems against cyberattacks moves forward in the House — The Hill

  • Multiple bills meant to secure critical infrastructure against cyberthreats were approved by the House Homeland Security Committee — just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation.

New Zealand hospitals infected by ransomware, cancel some surgeries — The Register

  • New Zealand’s Waikato District Health Board has been hit with ransomware that took down most IT services and drastically reduced services at six of its affiliate hospitals.

Hackers scan for vulnerable devices minutes after bug disclosure — Bleeping Computer

  • Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.

Supply chain hacking attacks: Government eyes new rules to tighten security — ZDNet

  • The UK might soon require managed IT service providers to undergo extra cybersecurity checks.

‘Catastrophic’ cyberattack larger than pipeline hack increasingly likely, acting CISA chief says — The Washington Times

  • A top U.S government official said it is increasingly likely the federal government will be faced with a “catastrophic cyber incident” larger in scope than the recent Colonial Pipeline hack.

After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin — ZDNet

  • The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic.

Insurer AXA hit by ransomware after dropping support for ransom payments — Bleeping Computer

  • Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong and the Philippines have been struck by a ransomware cyberattack, with 3 TB of sensitive data stolen from AXA’s Asian operations.

DarkSide ransomware servers reportedly seized, REvil restricts targets — Bleeping Computer

  • The DarkSide ransomware operation has allegedly shut down, after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.

Toshiba unit struck by DarkSide ransomware group — ZDNet

  • Following Colonial Pipeline, a DarkSide affiliate has claimed another victim.

In Case You Missed It

Cybersecurity News & Trends

This week attackers once again turned their attention to local government, resulting in several cities and municipal police departments reporting breaches.

SonicWall in the News

Raab set to reveal aggressive cyber-attacks targeting 80 UK schools and Universities in March — UK Tech News

  • Foreign Secretary Dominic Raab alerted the Cyber UK conference that 80 British schools and universities were hit by ransomware attacks in March, forcing them to delay reopening.
    *Syndicated: Info Security Buzz

Working from home is making companies rethink IT spending. Here’s how it’s changing — TechRepublic

  • Businesses are prioritizing their IT spending to focus on tech investments that support a ‘hybrid’ mix of working at home in the office, according to new research.

Deep Dive: Terry Greer-King, VP EMEA, SonicWall — Intelligent CISO

  • Terry Greer-King, SonicWall VP EMEA, highlights SonicWall’s Boundless Security and how it uses automated threat detection and response to help organizations protect themselves.
    *Syndicated: Intelligent CIO – EUIntelligent CIO – Africa

We regret ‘creating problems’, say Colonial petroleum pipeline hackers — Financial Times

  • The DarkSide ransomware group has stated it is apolitical and only wanted to make money, according to the Financial Times

Catch Of The Week: Ransomware Shuts Down U.S. Pipeline — Los Alomas Daily Post

  • Colonial Pipeline, one of the top U.S. fuel pipeline operators, shut down its entire network after a ransomware attack, affecting the nearly half of the East Coast’s fuel supply.

The basics of backup: How to avoid disaster — Intelligent CISO

  • As the amount of data in existence surges, business leaders must ensure they have the correct processes in place to manage it and avoid data loss.

Industry News

After Colonial Pipeline hack, lawmakers want more action on pipeline security — Cyberscoop

  • A two-year-old federal pipeline initiative has shown promise, but more needs to be done, lawmakers say.

Despite Heightened Breach Fears, Incident Response Capabilities Lag — Dark Reading

  • Many organizations remain unprepared to detect, respond to and contain a breach, a new survey shows.

Biden signs executive order to improve federal cybersecurity — The Hill

  • President Biden signed an executive order aimed at improving federal cybersecurity on the heels of multiple major and damaging cyberattacks, including the one on the Colonial Pipeline.

Global cybersecurity leaders say they feel unprepared for attack: report — The Hill

  • A majority of global CISOs surveyed said they feel their organizations are unprepared to face a cyberattack, despite many believing they will face an attack in the next year.

South Korea orders urgent review of energy infrastructure cybersecurity — The Register

  • The review was spurred by the Colonial Pipeline outage, which stressed the fuel supply of the U.S. East Coast.

FBI, CISA publish alert on DarkSide ransomware — ZDNet

  • The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.

Ransomware crooks post cops’ psych evaluations after talks with DC police stall — Ars Technica

  • A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department has posted personnel records for almost two dozen officers, including psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent — Cyberscoop

  • While some say they’re surprised it hasn’t happened sooner, others are wondering how long it will take for the rest of the industry to follow suit.

Adobe: Windows Users Hit by PDF Reader Zero-Day — Security Week

  • Adobe on Tuesday warned that a gaping security hole in Adobe Reader, one of the most widely deployed software products, has been exploited in the wild in “limited attacks.”

City of Tulsa’s online services disrupted in ransomware incident — Bleeping Computer

  • The city of Tulsa, Okla., has suffered a ransomware attack that forced the city to shut down its systems to prevent further spread.

City of Chicago Hit by Data Breach at Law Firm Jones Day — Security Week

  • The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service.

Ransomware gangs get more aggressive against law enforcement — The Washington Times

  • Criminal hackers are increasingly using brazen methods to increase pressure on law-enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The Colonial Pipeline Hack Is a New Extreme for Ransomware — Wired

  • Profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries nearly half the fuel consumed on the East Coast of the United States.

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats — Cyberscoop

  • It’s part of “the most significant hiring initiative” the department has ever undertaken, according to Alejandro Mayorkas.

In Case You Missed It

Cybersecurity News & Trends

This week’s news was full of attacks on government — including the Alaskan state government, the Belgian federal government and the U.S. Agency for Global Media.

SonicWall in the News

SonicWall capture ATP aces latest ICSA Lab test, finds more malware — The Evolving Enterprise

  • After 35 days of testing and 1,741 total tests, the multi-engine SonicWall Capture ATP sandbox service with RTDMI received a perfect score in the latest ICSA Labs Advanced Threat Defense test.

Video: 10 Minute IT Jams – SonicWall manager dissects zero trust security — Security Brief Asia

  • SonicWall Head of Presales for APAC Yuvraj Pradhan discusses the importance of zero-trust and its role in the future of cybersecurity.

Industry News

Belgian government, parliament, colleges hit by cyberattack — The Washington Times

  • The company providing internet services for Belgium’s parliament, government agencies, universities and scientific institutions announced that its network was under cyberattack.

CISA used new subpoena power to contact US companies vulnerable to hacking — Cyberscoop

  • The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking.

New Spectre attack once again sends Intel and AMD scrambling for a fix — Ars Technica

  • A new transient execution variant is the first exploit micro-ops caches.

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency — ZDNet

  • The malware hones in on cryptocurrency funds as well as VPN credentials.

U.S. Agency for Global Media data breach caused by a phishing attack — Bleeping Computer

  • The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.

Alaska Court System briefly forced offline amid cyber threat — The Washington Times

  • The Alaska court system has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including attacks on its website and the removal of the ability to look up court records.

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached — ZDNet

  • Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, a UK security firm has said.

Digital Dollar Project to launch five U.S. central bank digital currency pilots — The Wall Street Journal

  • The U.S. nonprofit Digital Dollar Project said on Monday it will launch five pilot programs over the next 12 months to test the potential uses of a U.S. central bank digital currency, the first effort of its kind in the United States.

NSA Issues Guidance on Securing IT-OT Connectivity — Security Week

  • The NSA’s advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” addresses the Department of Defense, national security system and defense industrial base organizations — but the recommendations can be useful to any industrial company.

Pulse Secure fixes VPN zero-day used to hack high-value targets — Bleeping Computer

  • Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and government agencies.

New Buer Malware Downloader Rewritten in E-Z Rust Language — Threat Post

  • It’s coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.

Codecov starts notifying customers affected by supply-chain attack — Cyberscoop

  • Codecov has started notifying the maintainers of software repositories, via both email and the Codecov application interface, that the company believes the affected repositories were downloaded by threat actors.

US prosecutors fine German software company for violating sanctions against Iran — The Hill

  • Software giant SAP SE agreed to pay over $8 million as part of the resolution with the Department of Justice, Commerce Department and Treasury Department, authorities said.

Researchers find two dozen bugs in software used in medical and industrial devices — Cyberscoop

  • Microsoft researchers have discovered some two dozen vulnerabilities in software embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash.

In Case You Missed It

Cybersecurity News & Trends

This week, attacks by cybercriminals in Russia and China made headlines — and the U.S. government is mobilizing to fight back.

SonicWall in the News

‘A Perfect Score’: SonicWall Capture ATP Aces Latest ICSA Lab Test, Finds More ‘Never-Before-Seen’ Malware Than Ever — Company Press Release

  • SonicWall Capture Advanced Threat Protection (ATP) sandbox service with Real-Time Deep Memory Inspection™ (RTDMI) received a perfect score in the latest ICSA Labs Advanced Threat Defense test for Q1 2021.

Industry News

Here’s what Russia’s SVR spy agency does when it breaks into your network, says U.S. CISA infosec agency — The Register

  • Following attribution of the SolarWinds supply chain attack to Russia’s APT29/Cozy Bear, the U.S. CISA infosec agency has published a list of the spies’ known tactics.

Ransomware crooks threaten to ID informants if cops don’t pay up — Ars Technica

  • Ransomware operators have delivered a stunning ultimatum to Washington, D.C.’s Metropolitan Police Department: pay them $50 million, or they’ll leak the identities of confidential informants to street gangs.

Navy SEALs to Shift From Counterterrorism to Global Threats — Security Week

  • U.S. Navy SEALs are undergoing a major transition to improve leadership and expand their commando capabilities to battle threats from global powers like China and Russia.

Cyberspies target military organizations with new Nebulae backdoor — Bleeping Computer

  • A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations, spanning roughly two years and targeting military organizations from Southeast Asia.

Suspected Chinese hackers are breaking into nearby military targets — Cyberscoop

  • The suspected PLA hackers are back in action.

Microsoft Weighs Revamping Flaw Disclosures After Suspected Leak — Bloomberg

  • Microsoft Corp. may revise a program that shares coding flaws in its products with other companies after a sprawling cyberattack against thousands of Microsoft Exchange email clients.

U.S. warns of Russian state hackers still targeting U.S., foreign orgs — Bleeping Computer

  • The FBI, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency warned of continued attacks by Russian-backed APT 29 hacking group against U.S. and foreign organizations.

Law enforcement delivers final blow to Emotet — Cyberscoop

  • Law-enforcement officials are sending a specially crafted file to infected machines.

Selling of Mobile Phone Data Presents Security Risk for U.S. Armed Forces — The Wall Street Journal

  • Apps show troop movements buried in data available for purchase: a “major risk to national security.”

Ransomware’s perfect target: Why one industry needs to improve cybersecurity, before it’s too late — ZDNet

  • Dependencies on just-in-time supply chains and sometimes out-of-date technology make shipping and logistics an ever-more-tempting target for cybercriminals.

Apple’s ransomware mess is the future of online extortion — Ars Technica

  • Hackers want $50 million in exchange for not releasing schematics they stole from an Apple supplier.

China could ‘control the global operating system’ of tech, warns UK spy chief — ZDNet

  • The head of the UK’s intelligence service warns that the West must be prepared to face a world where technology is developed and controlled by states with “illiberal values.”

New cryptomining malware builds an army of Windows, Linux bots — Bleeping Computer

  • A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.

ToxicEye: Trojan abuses Telegram platform to steal your data — ZDNet

  • This recently discovered RAT is using bots to propagate across Telegram channels.

In Case You Missed It