Cybersecurity News & Trends

The 2022 SonicWall Cyber Threat Report found its way into Fitch Ratings this week. The organization is not generally well-known, but it is a well-respected financial ratings firm whose data is highly valued by global investors. SonicWall’s Cyber Threat Report also made it into several other well-known local news outlets and trade publications. In general news, it’s hard to avoid reports about Ukraine. But things seemed to escalate a little when the sometimes-random hacker group known as Anonymous announced a “cyber war” against Russia. Today, Anonymous took credit for a hack of Roscosmos, the Russian space agency and release of confidential data. In other industry news, the Nvidia hack has taken a very unusual turn, Brian Krebs examined the Conti, and beware of eBike phishing.

SonicWall News

Russia/Ukraine War Increases Spillover Risks of Global Cyberattacks

Fitch Ratings: The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with significant financial, reputational and legal risks to issuers. ACCORDING TO SECURITY VENDOR SONICWALL, corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY. In addition, the firm reports a 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%).

Officials Tighten Cybersecurity Measures Amid Potential Threats from Russia

News12 New York: A Russian cyber gang publicly threatened to launch cyberattacks against any country that retaliated against Russia for its invasion of Ukraine. A Team 12 investigation found that this threat should not be taken lightly. But so far, it’s been the Russian hackers who have learned a harsh lesson: cyberwarfare is a two-way street. Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from SonicWall, a leading cybersecurity firm.

Latest Cyberattack on Nvidia Is Just the Tip of The Iceberg

SiliconRepublic: Last week, it was reported that chipmaker Nvidia was investigating a potential cyberattack. The company confirmed yesterday (1 March) that it became aware of a breach on 23 February and that the “threat actor took employee credentials and some Nvidia proprietary information from its systems”. Data was allegedly stolen by ransomware group Lapsus$. The group claims to have files on Nvidia GPU drivers, allowing hackers to turn every Nvidia GPU into a bitcoin mining machine.

According to SonicWall’s VP of Platform Architecture, Dmitriy Ayrapetov, this type of attack is known as cryptojacking. “Cryptojacking victims are usually unaware that their device, whether it be a computer, phone or virtual machine, is being used to mine cryptocurrency,” he said. “The attack has primarily settled into being performed via some executable, whether standalone or part of a larger software package, and is distributed via most common malware distribution methods – malicious emails, attachments, drive-by downloads and, in some cases, embedded cryptojacking browser scripts.”

Why Banks Should Be More Worried About Security

Semiconductor Engineering: Ransomware has emerged as hackers’ top choice for attacking banking systems. In general, ransomware attackers freeze the victim’s operation, demanding money in return for releasing their hold. Last year, the Ryuk ransomware generated $180 million, followed by SamSam with $104 million. Includes chart: “Where ransomware is hitting the hardest”: Source: SonicWall 2022 Cyber Threat Report.

WA Companies Prepare as Threat Of Russian Cyberattacks Increases

Spokesman-Review: Globally, ransomware volume increased 232% in the last two years, according to an annual report from internet security company SonicWall. It reported there were more than 623 million ransomware attacks in 2021. SonicWall found that new types of malware detected also increased 65% year over year.

Manufacturing Is the Most Targeted Sector By Ransomware In Brazil

ZDNet (Brazil): A separate report on cyber threats published by SonicWall earlier this month has found that Brazil is only behind the US, Germany and the UK in ransomware attacks. With over 33 million intrusion attempts in 2021, the country ranked ninth in the same ranking in the prior year, with 3.8 million ransomware attacks.

Industry News

Hacker Collective Anonymous Declares War On Russia

Fortune: The rogue group of hackers known as Anonymous has declared itself to be in “a cyber warfare campaign against Putin & his allies.” Using both Twitter and YouTube, the group urged followers to launch cyberattacks on the country’s websites. The group claims to have already disabled sites, including the state-controlled Russian news agency, the Kremlin’s official site, and Russian internet service providers.

But experts are quick to warn that this is no time to celebrate. Reporters at The Hill warn that while the rest of the world is ramping up sanctions against Russia over its invasion of Ukraine, everyone should be getting ready for retaliation. There is every chance that we will see increased cyber attacks. Right now, the Kremlin won’t risk showing its hand; the most dangerous Russian footholds in US networks require immense resources and time to build, and maximum destructive power comes from using them during a direct conflict with the United States. Moscow won’t burn its best capabilities and anger the United States and its allies. More importantly, exaggerating the threat distracts us from hardening against much more likely Russian assaults that are short of a full cyberwar between the two nations. The New York Times adds that Anonymous’ declared “war” is one where no one is in charge, suggesting chaos in the immediate future for Russia and probable overspill far outside the conflict area.

Anonymous-Linked Group Hacks Russian Space Research Site, Claims to Leak Mission Files

The Verge: In the latest salvo from hacktivists working in support of Ukraine, an Anonymous-linked group has defaced a website belonging to Russia’s Space Research Institute (IKI) and leaked files that allegedly belong to the Russian space agency Roscosmos. As reported by Vice, hackers appear to have breached one subdomain of the IKI website, although other subdomains remain online. The compromised part of the site related to the World Space Observatory Ultraviolet project (WSO-UV), similar to the Hubble Space Telescope and planned for launch in 2025. A popular Twitter account tied to the loosely organized Anonymous movement shared details Thursday morning and attributed the action to a group known as v0g3lSec. Infosecurity Magazine reports that Russia denies the story and warns of a wider war should the attacks continue. Russia has also warned that any cyber-attack on its satellite systems will be treated as an act of war.

Nvidia Hackers Issue One of The Most Unusual Demands Ever

ARS Technica: Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s crown-jewel source code. A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1 TB of data. The group then made the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leaking of stolen data. “We decided to help mining and gaming community,” Lapsus$ members wrote in broken English. “We want [sic] nvidia to push an update for all 30 series firmware that remove every LHR limitations otherwise we will leak [sic] hw folder. If they remove the LHR we will forget about hw folder (it’s a big folder). We both know LHR impact mining and gaming.” PC Magazine also reports that, in the meantime, the hacking group has already dumped a 19 GB archive that allegedly contains source code for Nvidia GPU drivers. The archive also has enough information to help tech-savvy users undermine the Lite Hash Rate limiter.

260,000 Confidential Attorney Discipline Records Published After Data Breach

Orange County Register: On Saturday, a shadowy website removed 260,000 confidential attorney discipline records it had published after a massive data breach at the State Bar of California. An anonymous administrator for said in a note on the website that the records, as well as others it intended to publish, had been deleted in response to the State Bar’s disclosure of the breach and a subsequent Southern California News Group article. The administrator claims the records had been made publicly available on the State Bar’s discipline website, which is now offline. But the State Bar disputes that contention.

Conti Ransomware Group Diaries, Part III: Weaponry

Krebs On Security: The final chapter to a 3-part examination of the Conti ransomware group. This is highly recommended reading for people who want to stay informed about the evolution of international hacker groups. Part I of this series examined newly-leaked internal chats from the Conti ransomware group and how the crime gang dealt with its internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Finally, in today’s Part III, Krebs looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets and how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Hundreds Of eBike Phishing Sites Abuse Google Ads to Push Scams

Bleeping Computer: A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their data to fake investment schemes impersonating genuine brands. The operation relies on the abuse of Google Ads to draw victims to hundreds of fake websites targeting the Indian audience. The campaign was uncovered by Singaporean security firm CloudSEK, which has shared its report exclusively with Bleeping Computer. According to analysts Ankit Dobhal and Aryan Singh, the campaign has caused financial damages of up to $1 million from tens of thousands of victims.

In Case You Missed It

Cybersecurity News & Trends

As predicted, cyber-attacks are rising just as the Ukrainian crisis heats up. As a result, news organizations worldwide are quoting the 2022 SonicWall Cyber Threat Report, topping the best first-day launch in the report’s history. The report found itself in the pages of notable publications like The Seattle Times, The Register, The Telegraph, ZDNet, and The Express. In industry news, turmoil in Ukraine highlights a new round of “wiper” attacks. Ukraine also took the unusual step of asking for the hacker underworld to help protect their infrastructure. Also, as it turns out, cybersecurity burnout is a real thing now, Iranian hackers are stealing passwords, and a cyber firm in Beijing says a US hacker group is targeting research organizations in India, Russia, and China.

SonicWall News

Ukraine Hit by DDOS Attacks, Russia Deploys Malware

The Register: Bill Conner, CEO of firewall firm SonicWall, told The Register: “Cyberattacks can be leveraged to cause financial loss, create disruption and misdirection, and in extreme cases take down critical infrastructure. Those are key ingredients for causing unrest in any situation, regardless of the parties involved.”

Boris Johnson Announces Extra Defensive Weapons Are Being Sent To Ukraine

The Telegraph (UK): Cyberattacks could be used as a “key ingredient” to prompt unrest amid the current diplomatic crisis around the escalating situation in Ukraine, a former adviser to GCHQ has said. Bill Conner, the SonicWall chief executive and former advisor to GCHQ, said such activity can be leveraged to “cause financial loss, create disruption and misdirection, and in extreme cases take down critical infrastructure.”

SonicWall Cyber Threat Report Highlights That Ransomware Attacks Doubled In 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Additionally, nearly all monitored threats, cyber-attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking.

SonicWall: Ransomware Attacks Increased 105% In 2021

Tech Target: Cybercriminals are becoming bolder and more prolific in developing and deploying ransomware attacks. According to researchers at SonicWall, who said in its annual threat report that ransomware attacks over the last year have grown by an eye-watering 105%, with 20 attacks being attempted every second.

SonicWall Threat Intelligence Confirms 981% Increase of Ransomware Attacks in India

Ele Times (India): SonicWall, the publisher of the world’s most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Report: Ransomware, Attacks on Networks Soared In 2021

DC Velocity: Business leaders are worried about the growing volume of malicious attacks on IT networks, and are especially concerned about supply chain vulnerability in 2022, according to a report from cybersecurity firm SonicWall, released this month. The company’s 2022 Cyber Threat Report tracked a 232% increase in ransomware globally since 2019 and a 105% increase from 2020 to 2021. Ransomware is malware that uses encryption to hold a person or organization’s data captive, so they cannot access files, databases, or applications. According to the report, such attacks in the US were up 98% last year and up 227% in the UK.

Security Spend to Reach $1 Billion In Brazil In 2022

ZDNet: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks. According to the SonicWall report, Brazil stands out regarding the number of malware attacks. In this category, attacks in Brazil increased over 61% in 2021, with 210 million attacks in 2021, compared to approximately 130 million seen in the prior year.

Companies Prepare as Threat of Russian Cyberattacks Increases

Seattle Times: According to an annual report from internet security company SonicWall, ransomware volume increased 232% in the last two years. It reported there were more than 623 million ransomware attacks in 2021. SonicWall found that new types of malware detected also increased 65% year over year.

Washington Companies Prepare as Threat of Russian Cyberattacks Increases

The Chronicle: As major American businesses prepare for possible Russian-led cyberattacks, some Northwest information security experts raise the alarm while others argue many companies are already prepared. According to a new report from SonicWall, ransomware volume increased 232% in the last two years. The annual report also reported more than 623 million ransomware attacks in 2021. In addition, new types of malware detected also increased 65% year over year.

Weekly Threat Report 18th February 2022

National Cyber Security Center (UK): Ransomware attacks more than doubled in 2021. According to an analysis by researchers at SonicWall, the volume of ransomware attacks rose by 105% in the last year. A total of 623.3 million attempted incidents were recorded in 2021.

22 Very Bad Stats on The Growth Of Phishing, Ransomware

Venture Beat: The report comes after several major cybersecurity firms had released data on just how bad things got last year when it came to cyberattacks. For instance, SonicWall reported that the total number of ransomware attacks more than doubled in 2021 — jumping 105% during the year compared to 2020. CrowdStrike, meanwhile, disclosed that data leaks related to ransomware surged 82% in 2021, while the average ransom demand grew 36% to $6.1 million.

Britons Hit By Terrifying Crypto Crime Surge – Attacks Up More Than 500 Percent

Daily Express (UK): A new form of cybercrime, which sees hackers hijack online devices to steal and mine crypto, has become increasingly common worldwide. According to SonicWall, global crypto-jacking crimes rose by almost one-fifth to 91.7 million cases. In the UK, attacks have skyrocketed by 564 percent, rising from less than 66,000 in 2020 to over 436,000 in 2021.

Industry News

New Destructive Malware Used in Cyber Attacks on Ukraine

Security Intelligence: IBM’s Security X-Force reported a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. Analysts obtained a sample of the wiper named HermeticWiper. It uses a benign partition manager driver (a copy of empntdrv.sys) to perform its wiping capabilities corrupting all available physical drives’ Master Boot Record (MBR), partition, and file system (FAT or NTFS). This is not the first wiper malware targeting Ukrainian organizations X-Force has analyzed. For example, in January 2022, X-Force analyzed the WhisperGate malware and did not identify any code overlaps between WhisperGate and HermeticWiper. Several other outlets also reported and expanded this story, including The GuardianHelp Net SecurityBBC, and ZDNet.

Ukraine Asks For S Korea Cybersecurity Aid Amid Russia Invasion

Reuters: Top Ukraine security officials in the Republic of Korea (South Korea) said on Friday that his country is requesting Seoul’s assistance in boosting its cybersecurity capability to defend against Russian attacks. As missiles pounded the Ukrainian capital and Russian forces pressed their advance after launching attacks on Thursday, Kyiv asked for more help from the international community. Dmytro Ponomarenko, Ukraine’s ambassador-designate to South Korea, said the websites of the country’s governmental institutions were suffering from Russian attacks. A global cybersecurity firm has also noted that a newly discovered piece of destructive software circulated in Ukraine and has hit hundreds of computers, part of what was deemed an intensifying wave of hacks aimed at the country. Reuters also reports that Ukraine has also asked for help from the hacker underground community to protect critical infrastructure and conduct cyber spying missions against Russian troops, according to two people involved in the project.

Hacker Collective Anonymous Declares ‘Cyber War’ Against Russia, Disables State News Website

ABC News (Australia): Hacker collective Anonymous has disabled several Russian government websites, including the state-controlled Russia Today news service. They had launched cyber operations that briefly took down Russia Today ( and the websites of the Kremlin, the Russian government, and the Russian defense ministry websites. Russia Today confirmed the attack, saying it slowed some websites down while taking others offline for “extended periods of time.” According to the news outlet, Russia Today’s coverage of the situation in Ukraine has been overwhelmingly from a pro-Russian perspective, showing fireworks and cheerful celebrations in the newly occupied territories.

Cybersecurity Burnout Is Real and It’s Going to Be A Problem For All Of Us

ZDNet: Employers are already facing something of a dilemma when it comes to cybersecurity in 2022. Not only is the number of attempted cyberattacks escalating worldwide, but employers face the added pressure of a tightening hiring market and record levels of resignations that are also affecting the tech industry. The talent battle has already hit cybersecurity particularly hard. According to a survey of more than 500 IT decision-makers by threat intelligence company ThreatConnect, 50% of private sector businesses already have gaps in their company’s fundamental, technical IT security skills. What’s more, 32% of IT managers and 25% of IT directors are considering quitting their jobs in the next six months – leaving employers open to a cacophony of issues across hiring, management, and IT security. And as ZDNet observes, cybersecurity is challenging work, so beware of staff burnout.

Cyberattacks Could Soon Strike the West

Fortune Magazine: Russia is home to some of the world’s most infamous criminal hackers, some of them state-sponsored, so are broader and stronger cyberattacks coming? And could they hit the West? “I think the risk right now is high and rising,” said Derek Vadala, chief risk officer at the US cyber risk rating firm BitSight. He warned that Western companies should ensure their systems are patched against known vulnerabilities. The UK’s National Cyber Security Centre, a division of the GCHQ spy agency, advised Tuesday that British organizations should “bolster their online defenses” as “there has been a historical pattern of cyberattacks on Ukraine with international consequences.” THIS WEEK, the US Department of Homeland Security also launched a “shields up” drive for critical infrastructure against possible Russian actions. They also warned that all US companies are at risk.

Iranian Hackers “Tools” Steal Passwords and Deliver Ransomware

ZDNet: Hackers linked to the Iranian Ministry of Intelligence and Security are exploiting a range of vulnerabilities to conduct cyber espionage and other malicious attacks against organizations worldwide, a joint alert by US and UK authorities has warned. The advisory issued by the FBI, CISA, the US Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) says an Iranian government-sponsored advanced hacking operation known as MuddyWater is going after a wide range of targets.

US Group Hacked Top Research Institutes in India, Russia And China, Says Beijing Cyber Firm

The Hindu (India): A new report from a Beijing-based cybersecurity firm said hackers linked with the US National Security Agency (NSA) were found to have inserted “covert backdoors” that may have given them access to sensitive information in dozens of countries, including India, Russia, China and Japan. Among the reportedly compromised websites listed in the report were those linked to one of India’s top microbial research labs —the Institute of Microbial Technology (IMTech) under the Council of Scientific & Industrial Research — as well as the Indian Academy of Sciences in Bengaluru. In addition, websites linked to the Banaras Hindu University were also hacked into. The Beijing-based cybersecurity firm Pangu Lab released a technical report explaining how it had found the backdoors and attached it to “unique identifiers in the operating manuals of the NSA” that had come to light in the 2013 leak of NSA files by insiders.

In Case You Missed It


Cybersecurity News & Trends

Lots of big news today. SonicWall’s upcoming Boundless 2022 global virtual event continues to rack up record registrations. See the video here and visit this page to register. Then there’s the release of the 2022 SonicWall Cyber Threat Report, which had the best first-day launch in its history. Attention garnered by the annual report toppled all previous company records. In industry news, turmoil in Ukraine ratchets up cyber threat fears, Iranians targeting VMWare, hackers targeting US defense contractors, hackers breaking into Microsoft Teams, and much more.

SonicWall News

There’s A Huge Surge In Hackers Holding Data For Ransom

Fortune Magazine: Governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021, according to the 2022 Cyber Threat Report released Thursday by SonicWall, an internet cybersecurity company. According to the report, ransomware also rose 104% in North America, just under the 105% average increase worldwide.

Britain Should Never Seek A ‘Special Relationship’ With The EU, Says Lord Frost

The Telegraph (UK): UK ransomware climbed by 227 percent last year, the just-published SonicWall Threat Report also shows, while attempted cyberattacks also reached a record high.

SonicWall CEO On Ransomware: Every Good Vendor Was Hit In Past 2 Years

The Register: Public and private sectors are under attack as malware evolution accelerates. SonicWall’s annual cyber-threat report shows ransomware-spreading miscreants are making hay and getting quicker at doing so.

Why The Cloud Is A No-Brainer For Startups

Maddyness (UK): The global spike in ransomware due to the pandemic is alarming; according to the SonicWall Cyber Threat Report, there has been a 62% increase in ransomware globally.

Report Finds IoT Malware Attacks Targeting Routers On The Rise

CEPro: Research by SonicWall finds that ransomware attacks more than doubled last year, but IoT malware threats and cybersecurity attacks also continued to climb, hitting 60.1 million such attacks in 2021, the highest number ever recorded by the company in a single year.

Ransomware Attacks Surged 2X In 2021, SonicWall Reports

Venture Beat: new data released today by cybersecurity vendor SonicWall reveals that the total number of ransomware attacks more than doubled in 2021 — jumping 105% during the year compared to 2020.

SonicWall: Ransomware Attacks Increased 105% In 2021

TechTarget: According to researchers at SonicWall, who said in its annual threat report that ransomware attacks have grown by an eye-watering 105% over the last year, with 20 attacks being attempted every second.

Cybercriminals Target Retail With 264% Surge in Attacks

Charged Retail Tech News (UK): Cybercriminals have targeted the retail sector over the past 12 months, with a 264% surge in ransomware attacks on eCommerce and online retail businesses.

Over 620 million Ransomware Attacks Detected in 2021

InfoSecurity: According to SonicWall, corporate IT teams were faced with a triple-digit (105%) growth in ransomware attacks last year to over 623 million.

Threat Actor Adds New Marlin Backdoor to Its Arsenal

InfoRisk (UK): The massive amount of malware strains that cybercriminals can leverage today enables them to “concoct new cocktails capable of thwarting both past and present security systems,” Bill Conner, CEO and president of cybersecurity firm SonicWall, says.

Crypto Crime: UK’ Crypto Jacking’ Attacks Jump 564 Percent in One Year

City AM (UK): Global ransomware attacks doubled to 623m incidents in 2021, with some 91.7m crypto-jacking incidents taking place, up by almost a fifth compared to the previous year, according to a new report from cyber security company SonicWall.

Ransomware Attacks More Than Doubled Last Year

ZDNet: According to an analysis by cybersecurity researchers at SonicWall, the volume of attempted ransomware attacks targeting their customers rose by 105% in 2021 to a total of 623.3 million attempted incidents throughout the year.

Ransomware Data Leaks Saw Major Surge In 2021

ITProPortal: A separate report from SonicWall said that, for the first three quarters of 2021, attempted ransomware attacks grew 148 percent, year-on-year. At the same time, the average ransom demand rose 36 percent to $6.1 million.

Report: Pretty Much Every Type Of Cyberattack Increased In 2021

Planet Storyline: SonicWall’s 2022 Cyber Threat Report has come to some alarming, but likely unsurprising, conclusions: Pretty much every category of cyberattack increased in volume throughout 2021.

Ransomware Attacks Surged 2X In 2021, SonicWall Reports

TECHIO: In the latest indicator of just how severe the ransomware problem became last year, new data released today by cybersecurity vendor SonicWall reveals that the total number of ransomware attacks more than doubled in 2021 – jumping 105% during the year compared to 2020.

Cyberattacks Increased In 2021

TechRepublic: The only category to decrease was malware attacks, but SonicWall said in its report that even that number was deceptive.

Ransomware Attacks Increase 105% In 2021, SonicWall Report Finds

TechDecisions: SonicWall’s Cyber Threat Report reveals that ransomware volume has exploded over the last two years, rising 232% since 2019.

Breaking Comments On Red Cross Cyber Attack

Information Security Buzz: It’s been confirmed the Red Cross cyber attack was the work of nation-state actors. SonicWall’s latest report, released today, confirms this is not a standalone development, revealing a +1885% and +755% of ransomware attacks on the global government and healthcare sectors, respectively.

Ransomware Attacks Are Rising at An Unprecedented Rate

HotHardware: The ransomware threat is rising at an alarming rate, and a new report by SonicWall fleshes out the picture. 2020 alone saw 304 million ransomware attacks. As if that wasn’t enough, the doubling of ransomware attacks in 2021 over 2020 amounts to a total of 623 million ransomware attacks globally in 2021. Together, these two years represent a 232% rise in the volume of ransomware attacks since 2019.

SonicWall Research: Hackers Attempted 623M Ransomware Attacks in 2021

MSSP Alert: Nearly all monitored threats, cyberattacks and malicious digital assaults increased in 2021, according to the 2022 SonicWall Cyber Threat Report.

Healthcare Sector Saw The Largest Increase In IoT Malware Attacks In 2021

SCMagazine: The healthcare sector saw the largest increase in target IoT malware attacks in 2021, according to the latest annual SonicWall Cyber Threat Report. Compiled from data collected from 1.1 million global sources, researchers saw a 71% increase in IoT malware against healthcare clients.

105% Increase Seen in Global Ransomware Attacks, Reports SonicWall

ReadITQuik: The 2022 SonicWall Cyber Threat Report is now out, announced SonicWall. The report identified a 167% year-over-year increase in encrypted threats, a 6% volume rise in IoT malware, totaling 60.1 million hits by year’s end, as well as a ransomware volume rise of 232% since 2019.

SonicWall Releases New Cyber Threat Report 2022

Infopoint Security (De): SonicWall today released their annual Cyber ​​Threat Report for 2022. As the bi-annual report shows, ransomware attacks have increased significantly, with 623.3 million attacks worldwide.

Alarming Rise in Ransomware And Malicious Cyberattacks, With Threats Doubling In 2021

AAS (De): Over 623 million ransomware attacks worldwide – a whopping 105% increase + ransomware attacks up 232% since 2019 + ransomware up a whopping 98% in US and UK respectively.

Industry News

US Companies Warned to Prepare for Russian Cyber Attacks

Defense One: US companies, particularly in the defense industry, should be prepared for an increase in cyberattacks aimed at stealing data or disrupting operations due to new aggressive Russian activity aimed at Ukraine, a top Department of Justice official said on Thursday. The remarks come one day after a recent alert from the FBI, National Security Agency, and the Cybersecurity and Infrastructure Security Agency, or CISA, warning that Russian hackers had hit defense contractors and were likely to continue their attempts.

Ukraine Cyberattack Is Largest of Its Kind In Country’s History, Says Official

CNN: A high-volume cyberattack that temporarily blocked access to the websites of Ukrainian defense agencies and banks on Tuesday was “the largest [such attack] in the history of Ukraine,” according to a government minister. Speaking at a press conference Wednesday, Ukrainian Minister of Digital Transformation of Ukraine Mykhailo Fedorov added that it is too early to tell who was responsible for the attack. However, officials said the distributed denial of service (DDoS) attack — which bombarded Ukrainian websites with phony traffic — was coordinated and well planned.

Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

The Hacker News: A “potentially destructive actor” aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group “TunnelVision” owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten.

Russian Hackers Have Targeted Defense Contractors to Steal Sensitive Data

Gizmodo: US Intelligence authorities say that a multi-year hacking campaign has resulted in sensitive IT information being stolen from Pentagon-linked defense contractors and subcontractors. According to the report, the goal is to steal sensitive data and information using spear phishing, brute force attacks, credential harvesting, and other typical intrusion techniques. The purpose of the hacking campaigns appears to have been to acquire “sensitive information” about things like US weapons and missile development, intelligence, surveillance, and reconnaissance capabilities, vehicle and aircraft design, and command, control, and communications systems, officials said.

Hackers Circulate Malware by Breaking Into Microsoft Teams Meetings

PC Magazine: Hackers have been spotted infiltrating Microsoft Teams meetings to circulate malware to unsuspecting users. Last month, email security provider Avanan noticed the attacks, which involve hackers dropping malicious executable files on Microsoft Teams through in-session chats. “Avanan has seen thousands of these attacks per month,” the company warned in a Thursday report. The hackers are likely infiltrating Microsoft Teams after first compromising an email account belonging to an employee. The email account can then be used to access Teams meetings at their company. Also reported by Bleeping Computer, if you are one of the 270 million people who use Microsoft Teams every day, it may be time to make sure your account is locked down. Part of the onus here does fall on Microsoft, too. Teams isn’t precisely feature-rich when it comes to security and scanning files for malicious content. The ability for guests and other temporary users to share files also poses a security risk, though that isn’t necessarily how the hackers spread this particular malware.

In Case You Missed It

Cybersecurity News & Trends

SonicWall’s Boundless 2022 global virtual partner event, scheduled for Feb. 23 & 24, is experiencing record registration. See the promotional video HERE and visit this page to register. In general news, the Feds arrest a New York couple for trying to launder $3.5 billion in cryptocurrency and the email that we all received from Equifax (and since deleted) was not a hoax. In other news, Georgia voter registration data is breached, a Nintendo Switch hacker gets more than 3 years in prison and a $14 million bill, and ModifiedElephant has been planting fake digital evidence that gets activists and dissidents arrested.

SonicWall News

Record Registrations for Boundless 2022 Global Virtual Partner Experience

SonicWall is generating a record registration for the Boundless 2022 Virtual Partner Conference. Created exclusively for SonicWall partners, the event will offer unparalleled content, insight, and expert analysis. Presentations will be offered for three time zone schedules and in six partner languages: English, Spanish, French, German, French and Italian. See the promotional video here. This year, the event will feature an appearance from a renowned magic team, Penn & Teller. The event is scheduled for Feb. 23 & 24. Visit this page to register.

Industry News

Feds Arrest a New York Couple and Seize $3.6 Billion In Stolen Cryptocurrency

CNN: A New York couple has been arrested and charged with conspiring to launder $4.5 billion in stolen cryptocurrency funds. Law enforcement officials have seized $3.6 billion of those funds in what US Deputy Attorney General Lisa Monaco called “the department’s largest financial seizure ever.” Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, are accused of laundering money taken in a massive hack of cryptocurrency exchange Bitfinex in 2016.

Vodafone Portugal Hit by Hackers, Says No Client Data Breach

Reuters: Vodafone’s Portuguese unit said on Tuesday a hacker attack overnight had disrupted its services but assured its customers that their data had not been compromised because of the incident, which is under investigation. Vodafone Portugal reported that its system faced technical problems on Monday evening, with thousands of customers saying they could not make calls or access the internet on their phones or computers. It later discovered the technical issues were caused by what it described as a “deliberate and malicious” cyber attack.

No, that email from Equifax was not a scam.

Washington Post: As part of a settlement package for a massive data breach in 2017, just about everyone is entitled to free credit monitoring for four years. Equifax announced a massive breach had exposed the personal information of approximately 147 million people. At the time, the company said hackers exploited a “website application vulnerability.” People’s names, Social Security numbers, birth dates, addresses — and in some instances driver’s license numbers, credit card numbers and other personal information — were compromised, putting millions of folks at risk of identity theft and other fraudulent activity. In a 2019 complaint, the Federal Trade Commission alleged that Equifax had failed to patch its network after being alerted to the security vulnerability. Equifax, without admitting guilt, agreed that year to a settlement with the FTC, the Consumer Financial Protection Bureau and 50 states and territories. Part of that settlement was providing credit monitoring. But, given the damage the breach caused facilitating the vast number of phishing messages everyone has been receiving since the breach, and the resulting cadence of breaches and ransomware cases, the settlement, say critics, doesn’t go far enough.

Amazon Closes Exposed Flexbooker Bucket After December Data Breach

ZDNet: Digital scheduling platform FlexBooker has been accused of exposing the sensitive data of millions of customers, according to security researchers at vpnMentor. The researchers said the Ohio-based tech company used an AWS S3 bucket to store data but did not implement any security measures, leaving the contents totally exposed and easily accessible to anyone with a web browser. The 19 million exposed files included full names, email addresses, phone numbers and appointment details.

Data Breach Exposes Georgia Voters’ Registration Information

The Hill: Voting software company EasyVote Solutions said Tuesday that it experienced a data breach on Jan. 31, resulting in some Georgia voters’ registration information being shared on the internet. No Social Security numbers or driver’s license numbers were shared online. However, hackers collected public information such as names, addresses, races and birthdates and shared it online. EasyVote offers services that simplify the check-in process for voters in many Georgia counties, including Fulton, Oconee and Paulding.

Switch Hacker Given +3-year Sentence and Owes Nintendo $14.5M

GeekWire: One member of the Team Xecuter hacker group has been sentenced to 40 months behind bars and a $14.5 million bill for his role in his group’s creation and sale of tools used to pirate video games for the Nintendo Switch. The hacker, Gary W. “GaryOPA” Bowser, was initially indicted in Seattle in August 2020 alongside Max “MAXiMiLiEN” Louarn and Yuanning Chen. Bowser shares his name with the traditional antagonist of the Super Mario Bros. game and current Nintendo of America president Doug Bowser but they are not related. The hackers created modification devices and specialized hardware for use with various video game consoles to modify and occasionally “jailbreak” them. The group had been active in the game modification space since at least 2013, producing mod tools for Nintendo systems including the original PlayStation, Xbox, and Xbox 360.

FBI Issues Alert for LockBit 2.0 Ransomware Group, Enlist Public for Help

SC Media: Because security professionals needed something else to keep them occupied, the LockBit ransomware campaign is back for round two. This is another ransomware campaign run in the as-a-Service pattern — RaaS. LockBit 2 has caught enough attention that the FBI has published a FLASH message about it. The alert also seeks to enlist the public’s help for information like boundary logs showing communications with foreign IP addresses, sample ransom notes, contacts with threat actors, Bitcoin wallet information, decryptor files and samples of encrypted files.

Researchers Found Zimbra Zero-Day XSS Vulnerability Under Attack

LatestHackingNews (LHN): Researchers from Volexity shared their findings of the active exploitation of Zimbra zero-day. They observed that the threat actors exploit the flaw in spear-phishing campaigns. Upon analyzing one such phishing email, they noticed the attempt to exploit an XSS zero-day bug in the Zimbra email platform. Zimbra is an open-source web email platform frequently used to substitute for Microsoft Exchange which makes it a lucrative target for threat actors. In the malicious campaign that Veloxity spotted, the attackers executed the attack in two phases. In the first phase, the attackers aim at assessing the success rate of the phishing attack. At this point, the attackers merely wish to observe whether the target user opens the phishing email or not. Then, in the second phase, the attackers change the phishing email’s design to make it more appealing for the target user to open.

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

Hacker News and Washington Post: A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India to plant “incriminating digital evidence.” Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests. According to reports, the primary goal of ModifiedElephant is to facilitate long-term surveillance of targeted individuals, ultimately leading to the delivery of “evidence” on the victims’ compromised systems to frame and incarcerate vulnerable opponents. As reported by Washington Post, an Indian activist charged with terrorism was previously targeted by hackers linked to prominent cyber espionage attacks and may have planted fake digital evidence on his devices. The report was based on an investigation conducted by SentinelOne, which helped shed light on what amounted to a concerted, nearly decade-long effort to surveil a group of dissidents. It also offers new clues about the connections between groups that cybersecurity experts have observed targeting foreign adversaries and domestic critics.

In Case You Missed It

Cybersecurity News & Trends

There’s an extraordinary strong turnout for SonicWall’s upcoming Boundless 2022 global virtual partner experience. SonicWall is also attracting attention for the recent launch of Gen 7 Next Generation Firewalls (NGFWs). In industry news, the US and Europe brace for cyber-attacks in the shadow of the Ukraine crisis, News Corp hit by the “China Nexus,” one-man attack team crashes North Korea’s internet, and the drop in breaches in 2020 “doesn’t reflect reality.”

SonicWall News

Strong Turnout for Boundless 2022 – The Global Virtual Partner Experience

SonicWall is seeing an extraordinarily strong registration turnout for its recently unveiled Boundless 2022, virtual international marquee partner event. The annual events allow partners to hear first-hand about SonicWall’s technology vision and product investments, and gain a deeper understanding of the company’s customer commitments from executives. This year, the event will also feature appearances from a legendary celebrity duo. The event is scheduled for Feb. 23 & 24. Visit this page for registration.

DCC launches SonicWall Gen 7 firewall appliances – taking the fight against cyber attacks

ITWeb: Official SonicWall distributor Drive Control Corporation (DCC) has announced the immediate availability of the newest additions to the company’s high-performance firewall offering, the Generation 7 Network Security platform services (NSsp) and Network Security Appliance (NSa) series.

SonicWall Answers the Call with New NGFWs

ARN-IDG: The big news is that SonicWall recently launched 17 new Gen-7 NGFWs in less than 18 months. So, whether you’re a small business or a large enterprise in your home or the cloud, you’ll benefit from the NGFWs that offer security, control, and visibility for an effective cybersecurity posture.

Industry News

Brace for Russian Cyber Attacks as Ukraine Crisis Continues

Reuters, CNN, New York Times: Britain’s National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, warned large organizations (enterprises, service providers) to bolster their cyber security resilience amid the deepening tensions over Ukraine. The consensus among cybersecurity advisors points to a long-term struggle between established industrialized democracies versus rising rivals such as China and Russia. The target is the post-Cold War era where military, technology and economic dominance is to be thoroughly challenged. Some observers, including the US and Europe, believe that attackers who hit Ukrainian government websites earlier this month left the chilling warning, “be afraid and expect the worst.” The message, they say, was aimed at the west. According to CNN, the FBI asks US businesses to report an uptick in Russian hacking threats — the latest effort to prepare for potential Russian cyberattacks on US organizations amid Russia’s troop buildup on Ukraine’s border. New York Times reported that the US dispatched cybersecurity experts to NATO to prepare allies to deter, and perhaps disrupt, Russian cyberattacks on Ukraine and brace for the possibility that sanctions on Moscow could lead to a wave of retaliatory cyberattacks on Europe and the United States.

News Corp hit by cyberattack with suspected link to China

The Hill: News Corp. said Friday it was the victim of a cyberattack likely to benefit the Chinese government and that the intrusion targeted its businesses, including the New York Post, Dow Jones and others. The company detailed the scope of the attack in an email to employees and listed it on a filing with the Securities and Exchange Commission (SEC), where the company said a preliminary analysis pointed to a foreign government targeting one of its third-party, cloud-based systems. The cybersecurity firm Mandiant, investigating the attack, said that assessments point to a “China nexus.”

Oil terminals disrupted after European ports hit by cyberattack

Euronews: Port facilities in Belgium, Germany, and the Netherlands have been targeted by a large-scale cyberattack, authorities say. Officials say the hack began several days ago and has primarily disrupted operations at oil terminals, preventing tankers from delivering energy supplies. In addition, German judicial authorities say they have launched an investigation into suspected “extortion” of oil operators amid soaring energy prices. The cyberattack hit Hamburg — a significant port city in northern Germany — and at least six oil terminals in Belgium and the Netherlands.

How a US hacker took down North Korea’s internet in a revenge cyber-attack

WION: The blame for North Korea’s persistent internet failures does not lie with the United States Cyber Command or any other state-sponsored hacker organization. It was the work of an American man, who sat in his living room night after night, watching Alien movies and munching on spicy corn snacks — while working on a personal project. The project involved periodically walking over to his home office to check on the progress of the programs he was running to disrupt an entire country’s internet. North Korean spies hacked an independent hacker who goes by the handle P4x just over a year ago.

Apple says antitrust bills could cause ‘millions of Americans’ to suffer malware attacks

CNBC: Apple warned lawmakers on Tuesday that antitrust bills being considered in the Senate would increase the risk of security breaches for iPhone users. The reason, Apple explains, is that they may be forced to allow “sideloading” — a process where users can download apps outside the App Store. Apple’s pushback reflects growing concern from the iPhone maker about the American Innovation and Choice Online Act and the Open App Markets Act, both of which are scheduled to be considered this week.

Data breach numbers may not be declining, but reporting them is getting slower

TechRepublic: A study released by Flashpoint and Risk-Based Security found two startling facts: Its report of a drop in the total number of breaches is likely erroneous, and the time it takes for an organization to report. A breach has increased to the highest levels since 2014. Much of what Flashpoint and RBS found was similar to other reports on the topic: Healthcare was a leading target, ransomware is more popular than ever, and billions of records were stolen. One of the more interesting data points that the report covers is its reported 5% drop in the total number of breaches between 2020 and 2021, which analysts say doesn’t reflect reality. In fact, as reported by the NASDAQ news division, the number of data breaches at corporations was up more than 68% in 2021, beating the previous record, set in 2017, by 23% according to the 16th annual Data Breach Report conducted by the Identity Theft Resource Center located in El Cajon, CA.

In Case You Missed It

Cybersecurity News & Trends

SonicWall hits industry news with the unveiling of the Boundless 2022 global virtual partner experience, hosted by a legendary celebrity duo – learn more. In general news, Microsoft discloses hackers are using device registration to attack enterprises, and they’re also going after your Instagram accounts. In addition, the talent gap in cybersecurity is widening, SBA announced $3 million in grants for small business cybersecurity development, and cybersecurity is broken (but Dark Reading has ideas how to fix it).

Industry News

Register Now for Boundless 2022 – The Global Virtual Partner Experience

Reinforcing ongoing commitment to its partners and customers, SonicWall unveiled Boundless 2022, a virtual international marquee partner event, Feb. 23 & 24. Boundless 2022 will allow attending partners to hear first-hand about SonicWall’s technology vision product investments and gain a deeper understanding of the company’s customer commitment from SonicWall executives. It will also include an appearance from a legendary celebrity duo.

Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing

The Hacker News: Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim’s network to propagate spam emails further and widen the infection pool. The tech giant said the attacks manifested through accounts not secured using multi-factor authentication (MFA). Without MFA, attackers could take advantage of the target’s bring-your-own-device (BYOD) policy to introduce their own rogue devices using the pilfered credentials.

Hackers Hijacking Instagram Accounts Of Companies And Influencers, Demanding Ransom

ZDNet: Hackers are hijacking the Instagram accounts of companies and influencers with huge followings in a new phishing campaign identified by Secureworks. In October, the cybersecurity company said it discovered the effort, finding hackers taking over prominent accounts and demanding a ransom. The people behind the attack start by sending a message pretending to be Instagram, notifying Instagram users of a purported instance of copyright infringement. A link in the message takes victims to a website controlled by hackers. From there, the user is asked to enter their Instagram login information, giving the attackers full access to their accounts.

Cybersecurity Is Broken

Dark Reading: One significant development in the threat landscape is the corporatization of hacking. As with any burgeoning industry, hacking groups have implemented more organization to their structure to scale up. Plus, malware has gotten “smarter,” variants proliferate, and attackers take advantage of the distributed workforce. But the biggest impediments to better cybersecurity, say the authors, is that we stop conceptualizing cybersecurity as a wall and cease our reactive approach for tamping down attacks. Instead, companies need a security stack; efficiently layered to disrupt as many attack methods as possible.

The Widening Cybersecurity Talent Gap

Forbes: Over the past few years, one issue has remained prevalent and will continue to be as we head into 2022: a cybersecurity workforce shortage and talent gap. This is becoming a more recognizable problem as companies come to grips with the reality of cyberattacks, crime and the havoc they’re bringing on their victims. But, unfortunately, these aren’t just big names covered by the media; they’re businesses next door that might’ve already become a statistic of cybercrime.

SBA Announces $3 Million in Grants for Small Business Development

Small Business Trends: The Small Business Administration (SBA) has announced $3 million in new funding for state governments to assist emerging small businesses in developing their cyber security infrastructure. The new funding will help create a safer cyber environment for small businesses by giving them the proper training and tools to help make them less prone to potentially crippling cyberattacks. The funding is part of the Cybersecurity for Small Business Pilot Program, offered through the Office of Entrepreneurial Development.

APTs Quiet Ahead of Beijing Games, But Financially Motivated Hackers Are Lurking

Cyberscoop: State-sponsored hacking groups have been uncharacteristically quiet, leading up to the Olympics next month in Beijing. Researchers say there’s one big reason why: No one wants to get on the wrong side of China. Advanced persistent threat (APT) groups from Iran and Russia, while unlikely to attack China or the games, probably will use the event as a chance to spy on countries considered adversarial, researchers say. Potential avenues for surveillance include unique mobile SIM cards offered to foreign athletes to avoid the Chinese firewall and the MY2022 Olympic Games app all attendees must install.

Hackers Steal $80 Million In Cryptocurrency From The Qubit Defi Platform

The Verge: Qubit Finance, a decentralized finance (Defi) platform, has become the latest victim of a high-value theft, with hackers stealing around $80 million in cryptocurrency on Thursday. The value of cryptocurrency stolen makes this the largest hack of 2022 so far. Qubit Finance acknowledged the hack in an incident report published through Medium. According to the report, the hack occurred at around 5 PM ET on the evening of January 27th. Qubit provides a service known as a “bridge” between different blockchains, effectively meaning that deposits made in one cryptocurrency can be withdrawn in another. For example, Qubit Finance operates a bridge between Ethereum and the Binance Smart Chain (BSC) network.

Despite Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected

ProPublica: Companies leave data exposed online with little or no security, says Pompompurin, a pseudonymous hacker who posted millions of stolen records. The hacker then cited the attacks on RaidForums, a discussion board popular with cybercriminals seeking personal data. Pompompurin told ProPublica that he often doesn’t need to do much hacking to get his hands on sensitive personal data. Many times, it’s left in cloud storage folders available to anyone with internet access. Pompompurin said he scans the web for such unguarded material and then leaks it on RaidForums “because I can and it’s fun.”

Ransomware Hackers Have a New Tactic: They Call You Directly

NBC News: Wayne didn’t know his son’s school district had been hacked — its files stolen and computers locked up and held for ransom — until last fall when the hackers started emailing him directly with garbled threats. “We hold control on the network several months, so we had a ton of time to carefully study, exfiltrate the data and prepare attack,” said one of the three emails he received. If his son’s district, the Allen Independent School District in the Dallas suburbs, didn’t pay up, all its files, including information on him and his son, “would be released in the dark market.” It was a credible threat. Ransomware hackers frequently leak files of organizations that don’t meet their demands and have littered the dark web with school children’s personal information.

In Case You Missed It

Cybersecurity News & Trends

In industry news, a new business survey explores why employees violate cybersecurity policies designed to keep their businesses safe. Also, there’s a lot of reporting on how the US power grid has improved, but experts say they still need stronger cybersecurity. In other news, the International Red Cross organization suffered a breach, says hackers stole more than $30 million in Bitcoin and Ethereum, cryptocurrency values take a sharp dive as Russia explores a complete ban on crypto mining and trading, and the CISA is urging US organizations to prepare for data-wiping attacks similar with what hit Ukraine last week.

Industry News

Research: Why Employees Violate Cybersecurity Policies

Harvard Business Review: Many organizations have focused their security investments on technological solutions in the face of increasingly common (and costly) cyberattacks. However, as many consultants and experts know, attackers also rely on some insider (an employee or other member) knowingly or unknowingly allowing a bad actor into secure areas. What is behind these acts that can tear down even the most advanced security solutions? HBR published a recent study that suggests that most intentional policy breaches stem not from some malicious desire to cause harm but rather from the perception that following the rules would impede employees’ ability to get their work done effectively. Therefore, under heat for productivity, employees are more likely to violate security policies on days when they are more stressed out. The study they cite suggests that high-stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs. In light of these findings, the authors suggest how organizations should rethink their approach to cybersecurity and implement policies that address the fundamental, underlying factors creating vulnerabilities.

Biden’s Cybersecurity Policies Praised Despite the Persistence Of Ransomware

NBC News: From Russian cyberespionage to attacks on crucial supply chains, the Biden administration has had no shortage of cybersecurity challenges to face. While ransomware was a rapidly escalating problem before Biden took office, it became undeniable last year. Hackers, often operating with seeming impunity within Russia, extorted US hospitals and schools, a major oil pipeline company and the country’s largest beef distributor. Experts say a year later, the Biden administration has done a decent job with cybersecurity policy, filling crucial roles and hardening the country’s infrastructure cybersecurity. But they also warn that ransomware hackers will likely continue to target Americans and that Congress hasn’t helped the country’s security as much as it could.

US Power Grids Need Stronger Cybersecurity

Bloomberg: According to the country’s top energy regulator, the US power grids need to boost their cyber defenses to find hackers faster to keep them from gaining control over operations. According to a notice issued Thursday, the Federal Energy Regulatory Commission is proposing to develop standards to monitor devices or equipment on bulk power systems. The proposed standards would seek to find hackers lurking within networks instead of current efforts that use a perimeter defense that focuses on trying to keep attackers out of sensitive networks. A massive breach using software from Texas-based SolarWinds Corp. in 2020 is one example of how attackers can bypass such defenses through trusted vendors.

Indonesia C.Bank Says Ransomware Attack Did Not Impact Services

Reuters: Indonesia’s central bank said on Thursday that it had been attacked last month by ransomware, but the risk from the attack had been mitigated and did not affect its public services.

Albuquerque Public Schools (APS) Resolves Effect of Ransomware Attack

APS News: The cyberattack that forced a two-day cancellation of classes last week at Albuquerque Public Schools was the victim of a ransomware event in which there was some extortion demand. But APS officials are not saying what was demanded nor whether they negotiated with the attackers.

International Red Cross: Supply Chain Data Breach Hit 500K People

InfoSecurity: The International Committee of the Red Cross (ICRC) has revealed a significant data breach that compromised the personal details of over 515,000 “highly vulnerable” victims. The data was stolen from a Swiss contractor that stores the information on behalf of the global humanitarian organization headquartered in Geneva.

Data Breach Customer Relations: What NOT To Do

InformationWeek: Some companies try to keep a data breach relatively quiet by following only the minimum legal requirements and hoping it will blow over. From experience, say experts, it’s much more likely to blow up than blow over. This article looks at some “bad behaviors” that managers may want to avoid.

Top 3 Small-Business Cyber Threats That Many Businesses Still Haven’t Heard Of

Inc Magazine: A study released Wednesday from the San Diego-based CyberCatch, a cybersecurity platform provider focusing on small and mid-size businesses, reveals that more than 30 percent of US small businesses have weak points that bad actors can exploit. Moreover, fraudsters tend to set their sights on small businesses since smaller companies usually have weaker security safeguards than those at larger companies. Some of the vulnerabilities that the survey named as “unknown” to small businesses include “spoofing,” “clickjacking,” and “sniffing.”

Crypto.Com Says Hackers Stole More Than $30 Million In Bitcoin And Ethereum

CBS News: The cryptocurrency exchange, known for its viral commercial starring Matt Damon as well as its recent $700 million deal to rename the Staples Center in Los Angeles as Arena, said the hackers managed to bypass its two-factor authentication system and withdraw the funds from 483 customer accounts, according to a statement the Singapore-based crypto exchange posted Thursday on its corporate blog.

Crypto-Exposed Stocks Sink Amid Bitcoin’s Decline, Broader Market Rout

CoinDesk: Stock declines come as prices for Bitcoin have dropped almost 11% in the past 24 hours, trading below $40,000 for the first time in months. Crypto watchers note that as bitcoins, in general, are getting hammered, crypto miners are seeing their revenues fall sharply. They also point out the double-whammy as Bloomberg, and other outlets reported that Russia’s central bank is proposing a complete ban on crypto mining and trading.

CISA Urges US Orgs to Prepare For Data-Wiping Cyberattacks

Bleeping Computer: US organizations are getting another warning to strengthen their cybersecurity defenses. This time, the CISA is concerned about recent data-wiping attacks that targeted Ukrainian government agencies and corporate entities. Several major entities suffered coordinated cyberattacks where hackers defaced websites and distributed data-wiping malware that corrupted data and rendered Windows devices inoperable. Sources believe that the attackers likely conducted the website defacements using a vulnerability in the OctoberCMS platform. Ukrainian authorities are also investigating what role Log4j vulnerabilities and stolen credentials may have played in the attacks. The message: update your security and keep a watchful eye on all activity.

In Case You Missed It

Cybersecurity News & Trends

In today’s installment, SonicWall is still picking up outlets from last year’s Threat Reports. There was also a friendly nudge from Australia on our new line-up of Gen-7 NGFWs. Industry news shows that there’s no break for cybersecurity. Ukraine was hit today with a massive cyber-attack that took down almost the entire network of government websites. A ransomware attack on school districts in Albuquerque, NM, resulted in the cancellation of classes for 75,000 students. In two reports, we found that SMEs (small to medium-sized businesses) are not taking the risk of cyberattacks seriously. FSB, the Russian intelligence bureau, arrested most or all the REvil ransomware gang members. Ending with this eye-opener: Norton 360 is now shipping a program that allows customers to make money from cryptomining.

SonicWall in the News

SonicWall Answers the Call with New NGFWs

ARN-IDG (Australia): Filling an urgent need for greater cybersecurity, SonicWall gets 17 new Gen-7 firewalls ready in less than 18 months. With 70% of full-time workers working remotely in hybrid multi-cloud environments, there has been an unprecedented surge of malware and ransomware – and everyone is more vulnerable than ever.

Why File-borne Malware has Become the Weapon of Choice for Attackers

SC Media: The latest numbers on hidden malware are out, and there’s good news to report. The number of new malicious file attacks was down in 2020 for the first time in five years, and the decline continued for most of 2021. SonicWall Capture Labs recorded 2.5 billion malware attempts in the first six months of 2021, down from 3.2 billion at this time last year — a decrease of 22%. That’s a significant improvement from where we stood in 2018, when malware attacks peaked at 10.5 billion.

Top 5 Trends for Endpoint Security in 2022

Venture Beat: 2021 is the worst year on record for ransomware attacks, with schools, colleges, universities, and hospitals being among the most attacked organizations globally. Bad actors prioritize them first because they have the smallest cybersecurity budgets and weakest defense. In the first six months of 2021, global ransomware volume reached a record 304.7 million attempted attacks, surpassing the 304.6 million attempted attacks throughout all of 2020, according to the 2021 SonicWall Cyber Threat Report, Mid-Year Update.

Cybercrime Will Increase — And 9 Other Obvious Cybersecurity Predictions for 2022

HashOut: Last year, SonicWall reported that ransomware increased from 78.3 million attacks in Q3 2020 to 190.4 million attacks in Q3 2021. According to their report, at the end of Q3 2021, the year was “the most costly and dangerous year on record” regarding ransomware attacks. Suppose 2022 is anything like last year, and cybercriminals continue to profit on the backs of companies lacking solid defenses. In that case, it’s all but guaranteed this upward trend in ransomware will continue.

Industry News

Ukraine Hit with ‘Massive’ Cyber-attack on Government Websites

The Guardian: First to report the massive cyberattack today, the Guardian says that Russian-based attackers have repeatedly targeted Ukraine since 2014. Still, many observers note that this attack has a more ominous feel. The websites of several government departments, including the ministry of foreign affairs and the education ministry, were knocked out. Hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land.” The Guardian also reports that Ukrainian officials say it is too early to conclude that this attack is in any way related to the stalemated security talks between Moscow and the US and its allies this week. Nearly all major news organizations posted follow-up stories.

A Cyberattack in Albuquerque Forces Schools to Cancel Classes

NPR: When the superintendent of Albuquerque Public Schools announced earlier this week that a cyberattack would lead to the cancellation of classes for around 75,000 students, he noted that the district’s technology department had been fending off attacks “for the last few weeks.” Albuquerque is not alone, as five school districts in the state have suffered major cyberattacks in the past two years, including one district that’s still wrestling with a cyberattack that hit just after Christmas. But it’s the first reporting of a cyberattack that required cancellation of classes, made all the more disruptive as schools try to keep in-person learning going during the pandemic.

Norwegian Media Company Amedia Suffered a Serious Cyber Attack That Left Newspapers Unprinted

Norwegian media company Amedia suffered a cyberattack that shut down its computer systems, preventing printing newspapers. According to the company, the incident also affected its advertising and subscription systems, preventing advertisers from ordering new ads and subscribers from enrolling or canceling their subscriptions. The company also said that the incident forced it to shut down systems administered by Amedia Teknologi.

Cyber-Attacks on SMEs: Risk Transference as Crucial as Risk Prevention

InfoSecurity: It’s a common misconception among small to medium enterprises (SMBs) that large businesses, with their sizable financial assets, are the sole target for ransomware attacks. But SMBs ought to note that the US Department of Homeland Security reports that upwards of 70% of ransomware attacks are aimed at small and medium-sized companies. And yet, a surprising number of small business owners do not seriously see themselves at risk. A recent study shows that 63% of small business owners think they are immune to a cyber-attack. Technically, however, they are anything but invulnerable as most businesses operate on connected data and cloud operations. The more connectivity the business uses, the greater their vulnerability to various cyber-attacks, from ransomware to social engineering and data breaches. So, the question is not if, but when, your small business will be subject to a cyber-attack.

Docs Refused to Pay the Cyber Attack Ransom — and Suffered

Medscape: Ransomware attacks are driving some small practices out of business. After a ransomware attack, Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019. However, several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, which may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to their backup files and the resources to rebuild their computer systems and stay in business. The author is offering the same advice that security managers make to all SMEs: take the threats and risks seriously and then act on a secure or backup systems plan.

REvil Ransomware Gang Arrested in Russia

BBC News: Authorities in Russia say they have dismantled the ransomware crime group REvil and charged several of its members. The United States had offered a reward of up to $10m (£7.3m) for information leading to the gang members following ransomware attacks. However, Russia’s intelligence bureau FSB said the group had “ceased to exist.” The agency said it had acted after being provided with information about the REvil gang by the US. Still, it does not appear that Russia will extradite gang members to the US.

What the Russian Crackdown on REvil Means for Ransomware

Wall Street Journal: The FSB operation is one of the first major publicly disclosed Russian law-enforcement actions against cybercriminal gangs. “It’s very surprising that the Russians started to play ball in the ransomware fight,” said Alexandru Cosoi, chief security strategist at cybersecurity company Bitdefender Inc., which tracks REvil activity. In September, Bitdefender released a tool to decrypt data locked up by REvil malware. The scale of the FSB’s operation may signal a more permanent end to REvil, said Raj Samani, a chief scientist at McAfee Corp. However, analysts say it is too early to tell whether this will discourage other gangs from launching attacks.

Google Disrupts Glupteba Cryptojacking Botnet With Removal of Hosted Ads, Documents and Accounts

CPO: Glupteba, a botnet used for cryptojacking, has taken a significant blow from Google, whose free cloud-based services it relied on to propagate. The company has identified and removed thousands of accounts, hosted files and ad accounts used to spread malicious files. Glupteba has been operating for months and is believed to have compromised thousands of people per day at its peak. The cryptojacking botnet spread via Google advertisements promising software cracks and phishing emails linking to malicious files hosted with Google Docs. Google cautions that though the Glupteba botnet’s operations have been disrupted, it is not out of commission.

Norton 360 Antivirus Users Introduced to Cryptomining

Krebs: Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program that lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor. For example, Avira antivirus — with a base of 500 million users worldwide — was recently bought by the same company that owns Norton 360.

In Case You Missed It

Cybersecurity News & Trends

Happy New Year! December is always a time for a bit of retrospect. So, while taking stock of the previous year’s cybersecurity news, editors turned to reliable sources like SonicWall’s 2021 Cyber Threat reports to punctuate a scary year. In industry news, the former Uber security chief faces new charges in his attempted cover-up of a massive breach, the Discord hack is a big loss for NFT buyers and now we’re rethinking cybersecurity jobs.

SonicWall in the News

Breaches and Ransomware: A Look Back at 2021

The New Stack: Cyberattacks reached such a crescendo last year that network security vendor SonicWall even decided to name 2021 “the year of ransomware.” If you think that this is a bit of sensationalism, the company’s numbers appear to back it up. Using data gathered from more than 1 million security sensors in nearly 200 countries, SonicWall calculated an average of 1,748 ransomware attempts per customer by the end of September, along with a 33% rise in IoT malware. This added up to a whopping 495 million ransomware attempts by the end of September. And the researchers ultimately predicted 219 million more ransomware attempts for the last three months of 2021. So, by New Year’s Eve, the total number of 2021 ransomware attacks could reach 714 million.

Ransomware Attackers’ New Tactic: Double Extortion

SecurityIntelligence: SonicWall logged 470 million ransomware attacks through the third quarter of the year. That’s a 148% year-over-year increase. That company detected 190.4 million attacks in Q3 2021 alone, a figure which nearly overtook the 195.7 million ransomware attacks seen in the first three quarters of 2020. Looking ahead, the firm estimated that ransomware totals would reach 714 million attack attempts by the end of December, making 2021 the most prolific year on record.

6 Ways to Minimize Ransomware Damage

Security Boulevard: Ransomware is more pervasive than ever, and the number of attacks is mindboggling. With help from ransomware-as-a-service (RaaS), cybercriminals and organized “bad actors” continue to wreak havoc. Cybersecurity vendor SonicWall recorded more than 495 million ransomware attack attempts globally by the end of Q3 2021, a 148% increase from 2020. Despite efforts by enterprises to secure their IT infrastructure, the U.K. has seen a 233% increase in such attacks.

What Is Cybersecurity?

ToolBox: The primary purpose of ransomware is to extort money. SonicWall’s 2021 cyber threat report shows a 151% increase in ransomware attacks in the first half of 2021 compared to 2020. In fact, in March 2021, Taiwan-based PC manufacturer Acer faced a $50 million ransomware demand from a cybercrime group called REvil.

It Takes A Village To Fight Ransomware

Forbes: Ransomware is top of mind for every cybersecurity expert these days and for good reason. SonicWall reports (via Infosecurity Magazine) that between 2019 and 2020, ransomware attacks in North America increased by 158%. The FBI dealt with 20% more reports of ransomware attacks in 2020 over 2019, with collective costs of the attacks increasing more than 200% from the previous year.

Top 5 Trends for Endpoint Security in 2022

VentureBeat: 2021 is the worst year on record for ransomware attacks, with schools, colleges, universities, and hospitals being among the most attacked organizations globally. Bad actors prioritize them first because they have the smallest cybersecurity budgets and weakest defense. In the first six months of 2021, global ransomware volume reached a record 304.7 million attempted attacks, surpassing the 304.6 million attempted attacks throughout 2020, according to their Mid Year Update: 2021 Cyber Threat Report.

Your Security and Multi-Factor Resolutions

The Gazette: Looking forward into 2022, there are no signs that cybersecurity incidents will be slowing down any time soon. A mid-year Cyber Threat report update produced by SonicWall in July predicted a total of roughly 714 million attempted ransomware attacks in 2021. If these numbers are accurate, that means ransomware saw a 134% increase over the previous year.

Cyber Super-heroes Prepare for Battle

Red: In this case, the bad guys – cybercriminals – appear to be winning. Ransomware attacks have risen 62% worldwide since 2019 and by nearly 160% in North America, according to a 2021 SonicWall Cyber Threat Report. Last year’s attack on Colonial Pipeline was among those, which crippled energy infrastructure that delivers about 45% of fuel for the East Coast. As for the good guys: There aren’t enough of them.

Industry News

Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’

The Daily Swig: Additional charges have been added to the indictment against a former Uber chief security officer over his alleged involvement in the cover-up of a hack against the ride-hailing app in 2016. Wire fraud has joined the list of charges pending against Joseph Sullivan, 52, of Palo Alto, CA, for his alleged concealment of a 2016 attack that exposed 57 million users and 600,000 driver records. The latest charges – handed down in a superseding indictment returned by a federal grand jury – add to previous charges of obstruction of justice and ‘misprision of a felony.

Thousands of Schools Impacted After IT Provider Hit by Ransomware

Info Security: A leading provider of school website infrastructure has been hit by a ransomware attack, potentially disrupting thousands of global customers. Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrollment software. A message posted by the firm on Twitter yesterday apologized for the “prolonged outage” customers have been forced to endure due to the attack.

Florida health care system Breached, exposing 1.3 million people

CNN: Hackers breached the computer networks of a southeast Florida health care system in October and may have accessed sensitive personal and financial information on over 1.3 million people, the health care system announced this week. Social Security numbers, patient medical history, and bank account information were exposed. According to a notice the health care provider filed with the Office of the Maine Attorney General, Broward Health has a network of over 30 health care facilities serving patients across roughly two million-person Broward County, Florida.

Flexbooker breach exposes 3.7 million users

Engadget: A group of hackers is trading a database of stolen information from FlexBooker, a cloud-based tool for scheduling appointments containing sensitive customer data. According to BleepingComputer, the company suffered a security breach just before the holidays and sent notifications to customers in an email. The company revealed that its Amazon AWS servers were compromised on December 23rd. It also admitted that its system data storage was accessed and downloaded.

Kronos outage latest: Attackers crippled back-up access

The Stack: The attackers who crippled widely used applications from global HR software company Kronos disabled the company’s “ability to communicate with our back-up environments.” Owners UKG has also confirmed that the company is restoring customer data after regaining access to its back-ups. Multiple Kronos platforms have been unavailable since December 11. The outage has left millions of users at tens of thousands of customers unable to check pay, arrange rotas, or request paid leave.

Counties in New Mexico, Arkansas begin 2022 with ransomware attacks

ZDNet: According to officials from both states, two counties in New Mexico and Arkansas are dealing with ransomware attacks affecting government services. On Wednesday evening, New Mexico’s Bernalillo County; which covers the state’s most populous cities of Albuquerque, Los Ranchos and Tijeras; officially reported that hackers began their attack between midnight and 5:30 a.m. on January 5. County officials have taken the affected systems offline and cut network connections, but most county buildings are now closed to the public. Emergency services are still available, and 911 is still operating, but a Sheriff’s Office customer service window was closed.

Portugal Media Giant Impresa Crippled by Ransomware Attack

Threat Post: Media giant Impresa, the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$. The episode included Impresa-owned website Expresso newspaper and television station SIC. Both remain offline Tuesday morning as the media giant continued its recovery from a New Year’s weekend attack. Impacted is the server infrastructure critical to Impresa’s operations. Additionally compromised is one of Impresa’s verified Twitter accounts, which was hijacked and used to taunt the company publicly.

Discord Hacking Is the Newest Threat For NFT Buyers

The Verge: Two NFT projects fell victim to the same attack just in time for Christmas. Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the 21st and Fractal through a token airdrop. Then, disaster struck. Posts appeared in each project’s official “announcements” channel claiming that a surprising mint would reward community members with a limited edition NFT. Hundreds jumped at the chance, but a costly surprise was waiting for those who followed the links and connected their crypto wallets. Rather than receiving an NFT, wallets were being drained of the Solana cryptocurrency, which both projects used for purchases. Within one hour, a Twitter post, first from Monkey Kingdom and then from Fractal, informed followers that their Discord servers had been hacked; news of the NFT mints was bogus, the links a phishing fraud. In the case of Fractal, the scammers got away with about $150,000 worth of cryptocurrency. For Monkey Kingdom, the estimated total was reported to be $1.3 million.

Cybersecurity training isn’t working. And hacking attacks are only getting worse

ZDNet: Cyberattacks are growing, and much more needs to be done to educate businesses and users about risks to prevent widespread damage and disruption resulting from cyber incidents. Attacks against utilities and infrastructure providers, production facilities and hospitals have demonstrated genuine consequences for businesses, government, and individuals. Disruptions can lead to interruptions in manufacturing, distribution, and services that can last for days, weeks and even months. Yet, despite the well-documented risks posed by attackers, many businesses and their boardrooms still don’t fully understand the threats they’re facing from cybercriminals and how to best defend their networks against them.

Poland’s Watergate: Ruling party leader admits country has Pegasus hacking software

Politico: Jarosław Kaczyński, chairman of Poland’s ruling Law and Justice (PiS) party and the country’s de facto leader, confirmed that the government has the Pegasus hacking software system but denied they used it against opposition politicians in the 2019 parliamentary election campaign. “It would be bad if the Polish services did not have this type of tool,” Kaczyński said in an interview with the right-wing Sieci weekly, published Friday. This is the first time a high-level PiS politician has confirmed that the government has the software. However, party and government officials have downplayed or rejected such a possibility. Last month, Kaczyński denied knowing anything about the malware.

Don’t copy-paste commands from webpages — you can get hacked

Bleeping Computer: Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised. Recently, Gabriel Friedlander, founder of security awareness training platform Wizer, demonstrated an obvious yet surprising hack that’ll make you cautious of ever doing it again! Friedlander warns a webpage could covertly replace the contents of what goes on your clipboard, and what ends up being copied to your clipboard would be vastly different from what you had intended to copy. Worse, without the necessary due diligence, the developer may only realize their mistake after pasting the text, at which point it may be too late.

Going Back to Basics to Fix Our Broken Approach to Cybersecurity

CPO Magazine: The past year has been marked by a seemingly unending stream of major companies and organizations coming forward to admit they were the victim of a data breach or malware attack. When cybersecurity measures are working well, the end-users are never even aware of them. But when the word “ransomware” suddenly becomes a household term, you know something is seriously broken with our approach to cybersecurity.

Rethinking Cybersecurity Jobs as a Vocation Instead of a Profession

Dark Reading: Are cybersecurity jobs a profession or a vocation? When we consider the current workforce shortage in cybersecurity, our existing assumptions about the nature of cybersecurity jobs may be exacerbating the shortfall. For this reason, we may need to consider new ways of thinking about jobs within the cybersecurity field. For example, within the cybersecurity industry, the prevailing mindset is that security practitioners are professionals. Thus, a direct consequence of this mindset is that a college degree is required for many cybersecurity jobs. However, many cybersecurity practitioners argue that a college degree isn’t needed to do most jobs in cybersecurity, and strict adherence to this requirement disqualifies many deserving candidates. But removing the requirement for a college degree raises the question: Are these actually professional jobs, or should they be recast as vocational jobs?

In Case You Missed It

Cybersecurity News & Trends

There’s a lot of Industry News to report this week. First, the brief AWS outage almost felt like the one that Amazon suffered earlier this month. Then there’s the Log4j vulnerability that has the full attention of the entire cyber news community. Then, back to breaches and ransomware reporting, the big HR firm Kronos was hit by ransomware which may affect paycheck and timecard processing for several weeks. Plus, the declaration that 2021 is the year when cybersecurity was everyone’s business and analysis on America’s answer to the Russians to stop cyberattacks.

Industry News

AWS Runs into IT Problems. Briefly This Time.

The Register (UK): Amazon Web Services gave everyone a scare earlier in the week as it once again suffered a partial IT breakdown, briefly taking down a chunk of the web with it. If you found you could not use your favorite website or app during that time, this may have been why. Many feared another full-on AWS outage, as we saw earlier this month. After some delay, Amazon posted that its US-West-2 region was experiencing connectivity problems, then the outage appeared to move to other regions. But only ten minutes after the initial report, Amazon said they had worked out the root cause of the loss of connectivity to the regions, made some fixes, and was expecting a fast recovery. Complete recovery was reported within 30 minutes from the first sign of trouble.

Why The Web Is Losing Sleep Over the Log4j Vulnerability.

The Federal (India): Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. Others report that state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it. The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. The affected software is small and often undocumented. Detected in an extensively used utility called Log4j developed by Apache Software, it is a logging utility used by millions of apps, enterprises and other vital software. Logging is what allows developers to view the activities of an app. The flaw lets internet-based attackers quickly seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a challenge; it is often hidden under other software layers.

Kronos Hit with Ransomware, Warns Paychecks Delayed ‘Several Weeks’.

ZD Net: HR management platform Kronos has been hit with a ransomware attack. The company revealed that hackers may have accessed information from many of its high-profile customers. UKG, Kronos’ parent company, said the vital service will be out for “several weeks” and urged customers to “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.” In a statement to ZDNet, UKG said it “recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud,” which they said, “houses solutions used by a limited number of our customers.” In other reporting by NPR and CNN, Kronos admitted that the attack could impact employee paychecks and timesheet processing for weeks.

Cox Discloses Data Breach After Hacker Impersonates Support Agent.

Bleeping Computer: Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The company is a digital cable provider and telecommunication company that provides internet, television, and phone services throughout several regions in the US. This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.

Gravatar “Breach” Exposes Data of 100+ Million Users.

Search Engine Journal: A security site emailed notices of a data breach affecting over 100 million users of Gravatar. Gravatar denies that it was hacked, but the security alert company, named “HaveIBeenPwned,” notified users that hackers leaked the profile information of 114 million Gravatar users. They also reported that the leak was characterized as a data breach.

2021 Was the Year Cybersecurity Became Everyone’s Business.

Axios: We do not have to go very far to find evidence that cybersecurity has gone center stage. Diplomats, presidents and premiers have devoted quite a lot of time lately to quickly drafted mutual cybersecurity arrangements. In addition, the J.P. Morgan International Council identified cybersecurity as the most significant threat facing businesses and government. Many advisors and experts say that it will be challenging to reach a point where we can proclaim a permanent “win” in the battle against malicious attacks. The worry this year was that the world was on the losing end. Earlier this year, it clearly felt like the attackers had the upper hand. The combination of cryptocurrency and ransomware proved to be especially difficult. For one thing, victims tended to want to pay up rather than take the risk of data loss and disruption of their business. The rise in cyberattacks also made complex foreign relations far more complicated as the boundaries of interests blurred rules of engagement. In contrast, there are clear lines when allies are physically attacked. But in cyberspace, the divisions are no longer binary. Cyberattacks are personal – some deal with very private information – but they also expose liabilities such as who is responsible for investigation and recovery, and who is on tab for damages. But these attacks also eroded the trust that people have in markets, governments, resources and even national power. The cyberattacks prey on our weakest points; they sow distrust in information while they create confusion and exacerbate anxiety.

Six Months Later: Biden’s Warning to Russia About Cyber Attacks.

Washington Post: Six months ago, President Biden warned Russian President Vladimir Putin in a face-to-face meeting that he must rein in criminal ransomware hackers operating on Russian territory or face consequences. Since then, though, most researchers indicate that there’s been no reduction in the overall pace of ransomware attacks from Russia. This point is also supported by the Cybersecurity and Infrastructure Security Agency (CISA). In that one proclamation, President Biden’s stern challenge to Russia was intended to punctuate international concern about attacks that have threatened gas and meat supplies and stoked global fear. But, six months later, is there any hope that behavior changed at all? Like everything else in these complicated times, the analysis depends on how you look at things. The US has launched several covert counter-cyber operations, and these alone may have been enough to taper the activities of some groups. The Justice Department recently clawed back more than $8 million in ransomware payments from hackers’ cryptocurrency accounts. DOJ was also successful in netting a few high-profile arrests and even caused one group to shut down their operations. The real and honest answer is that it’ll take much longer than we can see in six months. In the meantime, better security technology and improved user behavior, maybe there’s reason for hope in 2022.

In Case You Missed It