Cybersecurity News & Trends

This week, the U.S. cyber czar gets new powers, a video game giant gets breached, and Robinhood gets sued.

SonicWall in the News

Defending Against SolarWinds Attacks: What Can Be Done? — TechTarget: SearchSecurity

  • Dmitriy’s zero-trust commentary was included in this article on how zero-trust and behavioral monitoring can be useful against nation-state attacks like the SolarWinds attack.

Cybersecurity Sales: Do You Have What It Takes to Succeed — Help Net Security

  • An interview with Terry Geer-King on his career growth was shared on Help Net Security.

Industry News

CISA Warns Organizations About Attacks on Cloud Services — Security Week

  • In light of successful cyberattacks targeting organizations’ cloud services, the U.S. Cybersecurity and Infrastructure Security Agency has published a series of recommendations on how businesses can improve their cloud security.

Scam-as-a-Service operation made more than $6.5 million in 2020 — ZDNet

  • The “Classiscam” operation is made up of around 40 groups operating in the U.S. and across several European countries.

Iranian cyberspies behind major Christmas SMS spear-phishing campaign — ZDNet

  • Iranian hackers managed to successfully hide URLs to phishing sites behind legitimate links.

Hackers’ Attack on Email Security Company Raises New Red Flags — The New York Times

  • A breach at email security provider Mimecast underscores that Russia-linked hackers appear to have targeted victims along multiple avenues of attack.

Data Breach at ‘Resident Evil’ Gaming Company Widens — Threat Post

  • Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

Hacker sells Aurora Cannabis files stolen in Christmas cyberattack — Bleeping Computer

  • A hacker is selling data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas.

State Department sets up new bureau for cybersecurity and emerging technologies — The Hill

  • The new Bureau of Cyberspace Security and Emerging Technologies (CSET) will help lead diplomatic efforts in cyberspace, including working to prevent cyber conflicts with potentially adversarial nations.

Ryuk gang estimated to have made more than $150 million from ransomware attacks — ZDNet

  • Most of the Ryuk gang’s “earnings” are being cashed out through accounts at crypto-exchanges Binance and Huobi.

Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security

  • The ongoing SolarWinds breach may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo.

Cyber czar to draw on new powers from defense bill — The Hill

  • New authorities from the recently enacted defense bill are expected to help the U.S. government in its response to the SolarWinds hack believed to be perpetrated by Russia.

Robinhood Hacking Victim Sues Trading Platform Over Security — Bloomberg

  • Siddharth Mehta said in a complaint provided by his lawyer that his account was looted of “tens of thousands of dollars” in July.

In Case You Missed It

Cybersecurity News & Trends

This week, the massive SolarWinds breach made headlines around the world, but that doesn’t mean other hackers took a holiday.

SonicWall in the News

Zero Trust Against Nation-State Attacks: Expert Explains Why it is Vital — Information Security Buzz

  • The fallout of the SolarWinds breach continues to reverberate across the industry, and the conversation is shifting to how to mitigate and defend against the next attack on this scale. Dmitriy Ayrapetov weighs in.

Reasons To Believe — Or Not Believe — in IoT — IoT Agenda

  • Data from SonicWall’s Threat Report on the increase in IoT attacks was included in an article on the benefits and challenges of IoT.

AI and ML: Is it a boon or bane for cyber security?” — VAR India

  • SonicWall VP of Regional Sales Debasish Mukherjee, talks about BYOD and the number of malicious attacks and cyber frauds across the globe due to the pandemic.

Industry News

North Korean hackers launch RokRat Trojan in campaigns against the South — ZDNet

  • A VBA self-decoding technique is being used to hide the malware on impacted systems.

Widely Used Software Company May Be Entry Point for Huge U.S. Hacking — The New York Times

  • Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.

Babuk Locker is the first new enterprise ransomware of 2021 — Bleeping Computer

  • It’s a new year, and with it comes a new ransomware. This one is called Babuk Locker, and it targets corporate victims in human-operated attacks.

Cyberattacks on Healthcare Spike 45% Since November — Threat Post

  • The relentless rise in COVID-19 cases is battering already-frayed healthcare systems — and ransomware criminals are taking the opportunity to strike.

Top admiral: SolarWinds computer hack didn’t harm U.S.-based nukes — The Washington Times

  • America’s nuclear arsenal wasn’t compromised by a recent cyberattack targeting computer networks used by government agencies and private companies, the Navy admiral at the helm of the U.S. Strategic Command said.

Severe SolarWinds Hacking: 250 Organizations Affected? — Bank Info Security

  • Investigators are finding that the campaign appears to have compromised more than the 50 organizations originally suspected—and a Russian-linked hacking group may be responsible.

This malware uses a crafty new technique to establish the location of victims — Tech Radar 

  • A newly discovered form of malware grabs and queries the MAC address of the wireless router, enabling it to geo-locate its victim’s machine more accurately.

Cross-platform ElectroRAT malware drains cryptocurrency wallets — Bleeping Computer

  • Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.

Major Gaming Companies Hit with Ransomware Linked to APT27 — Threat Post 

  • A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat (APT) is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says.

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud — Cybersecurity Trends

  • Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email — ZDNet

  • With millions of us waiting for our place in the vaccine queue, criminals are already trying to cash in.

In Case You Missed It

Cybersecurity News & Trends

This week, the massive SolarWinds breach made headlines around the world, but that doesn’t mean other hackers took a holiday.

SonicWall in the News

The 25 Hottest Edge Security Companies: 2020 Edge Computing 100 — CRN

  • SonicWall was recognized in CRN’s 2020 Edge Computing 100 list for its new SD-Branch and Cloud Edge Secure Access solutions.

Cyberattack ‘Leaves UK Infrastructure Exposed for Month’ — Newsweek

  • SonicWall President and CEO Bill Conner, who in recent years has advised the U.K. and U.S. governments on how best they can protect critical national assets from cybercrime, said the hackers appeared to be motivated by geopolitical control.

Cases of Cyber Ransomware Rising During COVID Pandemic — MSN

SonicWall Capture Labs Threat Research Team Warns of Egregor Ransomware Attacks — SME Channels

  • SonicWall Capture Labs Threat Research team warns that Egregor Ransomware attacks — which steal system information and banking and online account credentials, as well as deploy keyloggers and remote backdoors — will likely intensify.

SolarWinds Supply Chain Attack Led to FireEye, US Government Breaches — SDxCentral

  • Bill’s commentary on the U.S. Treasury hack was featured in an SDxCentral article about recent data breaches.

SonicWall Seeks The Bliss of The Predictable — ChannelPro Network

  • ChannelPro Network shared a feature on SonicWall’s SecureFirst Partner Program for its ChannelBeat column.

Industry News

SolarWinds Breach Potentially Gave Hackers ‘God Access’: Ex-White House Official — Newsweek

  • The SolarWinds breach potentially gave hackers “God access” or a “God door” to computer systems using the companies OrionIT software, a former White House official has warned.

FireEye, Microsoft create kill switch for SolarWinds backdoor — Bleeping Computer

  • Microsoft, FireEye and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.

Little-Known SolarWinds Gets Scrutiny Over Hack, Stock Sales — Security Week

  • The revelation that elite cyber spies spent months exploiting SolarWinds’ software to peer into computer networks has put many of its high-profile customers on high alert — and it’s raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.

Russia’s Hacking Frenzy Is a Reckoning — Wired

  • Despite years of warning, the U.S. still has no good answer for the sort of “supply chain” attack that has left Washington stunned.

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security

  • A key malicious domain name used to control computer systems compromised via the months-long breach at SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself.

Schiff calls for ‘urgent’ work to defend nation in the wake of massive cyberattack — The Hill

  • House Intelligence Committee Chairman Adam Schiff, D-Calif., on Wednesday called on Congress to undertake “urgent work” to defend critical networks in the wake of a massive cyber espionage attack on the U.S. government.

FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay — ZDNet

  • FBI says the ransomware group has been calling victims and threatening to send individuals to their homes if they don’t pay the ransom.

“Evil mobile emulator farms” used to steal millions from US and EU banks — Ars Technica

  • Researchers from IBM Trusteer say they’ve uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in just days.

EU unveils revamp of cybersecurity rules days after hack — The Washington Times

  • The EU unveiled plans to revamp its dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a hack attack on the European Medicines Agency.

45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware — The Register

  • CybelAngel, which sells a digital risk protection platform, reported not only was the sensitive personal information unsecured, but cybercriminals had also accessed those servers and poisoned them with apparent malware.

Microsoft: New malware can infect over 30K Windows PCs a day — Bleeping Computer

  • Microsoft has warned of an ongoing campaign pushing Adrozek, a new browser hijacking and credential-stealing malware which, at its peak, was able to take over more than 30,000 devices every day.

Massive Subway UK phishing attack is pushing TrickBot malware — Bleeping Computer

  • A massive phishing campaign pretending to be a Subway order confirmation has been spotted distributing the notorious TrickBot malware.

This new ransomware is growing in strength and could become a major threat warn researchers — ZDNet

  • The group behind MountLocker ransomware are “clearly just warming up,” researchers say.

In Case You Missed It

Cybersecurity News & Trends

This week, cybersecurity news moved to the federal level as nation-state hacking and international cybersecurity cooperation made headlines.

SonicWall in the News

SonicWall Wins Six Prestigious Awards In The 15th Annual Network Product Guide’s 2020 IT World Awards — SonicWall Press Release

  • SonicWall has swept six industry awards at the 15th Annual Network Product Guide’s 2020 IT World Awards, including the coveted Grand Trophy distinction for having exhibited overall excellence in diverse categories.

An Outside View of Cybersecurity ‘Inside the Beltway’ — Federal News Network

  • Federal News Network shared a podcast interview with SonicWall President and CEO Bill Conner on the persistent threats impacting the federal space and how ransomware and IoT will impact federal IT systems moving forward.

FDA Approval Is Not The Only Vaccine Challenge — Industry Week

  • Bill Conner explains how cybercriminals could impact the vaccine supply chain if a successful attack is to occur, and what organizations need to do to defend themselves.

Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times — Threatpost

  • The pandemic’s unprecedented impact on healthcare lay bare the gaping holes in the healthcare industry’s cybersecurity defenses — and security experts say the fallout will impact the healthcare industry well into 2021.

Industry News

Russian hackers hide Zebrocy malware in virtual disk images — Bleeping Computer

  • Russian-speaking hackers behind Zebrocy malware have changed their technique and are now packing the threats in virtual hard drives (VHD) to avoid detection.

Ransomware gangs are getting faster at encrypting networks. That will make them harder to stop — ZDNet

  • The window for finding attackers on your network before ransomware is deployed is getting much smaller.

Russia’s FireEye Hack Is a Statement—but Not a Catastrophe — Wired

  • The cybersecurity firm has acknowledged that it has itself been the victim of a breach — and that the attackers made off with some of its offensive tools.

Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts — Cyberscoop

  • In their accusation of Russian involvement in an August cyberattack on Norwegian parliament, authorities have implicated the same notorious group accused of interfering in the 2016 U.S. election.

Critical Flaws in Millions of IoT Devices May Never Get Fixed — Wired

  • Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.

Credit card stealing malware bundles backdoor for easy reinstall — Bleeping Computer

  • An almost-impossible-to-remove malware, programmed to automatically activate on Black Friday, was deployed on multiple Magento-powered online stores.

The EU is making overtures about cybersecurity collaboration under Biden — Cyberscoop

  • European Union members convened in an effort to take stock of the U.S. presidential election and plan how to best jumpstart cooperation with the incoming Biden administration on matters including cybersecurity.

U.S. National Security Agency warns of Russian hacking against VMware products — Reuters

  • A new cybersecurity alert from the U.S. National Security Agency warns that Russian “state-sponsored” hackers are actively exploiting a software vulnerability in multiple products made by cloud computing company VMware Inc.

Iranian Hackers Access Unprotected ICS at Israeli Water Facility — Security Week

  • A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system at a water facility in Israel.

Man Pleads Guilty to Role in Malware Protection Scam — Security Week

  • A man has pleaded guilty to his role in a computer protection services scam that cheated victims out of nearly $1 million by misleading them into believing that malware had been detected on their computers.

U.S. and Australia to develop shared cyberattack training platform — Bleeping Computer

  • The U.S. and Australia have signed a first-ever bilateral agreement that allows the U.S. Cyber Command and Australia’s Information Warfare Division to jointly develop and share a virtual cyber training platform.

Android apps with millions of downloads are vulnerable to serious attacks — Ars Technica

  • Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages and other sensitive information.

Home Offices Face Bigger Cyber Threat, Biden Top Economist Warns — Bloomberg

  • Brian Deese, chosen by Biden to lead the National Economic Council, said in an interview broadcast Wednesday, “The risk of operating from home offices in terms of cyberattacks is exponentially greater.”

In Case You Missed It

Cybersecurity News & Trends

This week, Trickbot is gaining strength, Bitcoin is gaining value, and cybercriminals are gaining ground against vaccine manufacturers.

SonicWall in the News

New Partnerships Boost OT/IoT Security Across Digital Environments — Security Boulevard

  • SonicWall’s Q3 Threat Report data is cited in this article about Nozomi Networks partnership with Honeywell and Yokogawa Europe.

Top Tips to Stay Safe During Black Friday & Cyber Monday — Security Toolbox

  • Check out five tips to maintain security hygiene when shopping online during the upcoming holiday season.

Industry News

Manchester United attack illuminates the cyberthreats facing an overlooked sports sector — Cyberscoop

  • The headline-making attack is a stark reminder that major sports franchises have targets on their backs, even if regulators and the press don’t apply the same amount of scrutiny to data protection strategies in athletics as in other sectors.

 Federal agencies warn that hackers are targeting US think tanks — The Hill

  • The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that major hacking groups are targeting U.S. think tanks.

 Companies Urged to Adjust Hiring Requirements for Cyber Jobs — The Wall Street Journal

  • Companies need millions more cybersecurity professionals to fill roles around the world, but researchers say the problem may be outlandish job requirements, rather than a lack of workers.

FINRA Warns Brokerage Firms of Phishing Campaign — Security Week

  • Cybercriminals are using a recently registered lookalike domain in a phishing campaign targeting U.S. organizations, the Financial Industry Regulatory Authority warns.

Cyberespionage APT group hides behind cryptomining campaigns — Bleeping Computer

  • An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts.

Bitcoin Hits New Record, This Time With Less Talk of a Bubble — The New York Times

  • The crazy cousin of traditional currencies, which fell below $4,000 in March, has now passed $19,783 — and more investors are now buying it for the long term.

Government watchdog urges policymakers to boost cybersecurity for 5G networks — The Hill

  • The agency detailed “capabilities and challenges” involved in the buildout of 5G networks and made a number of recommendations aimed at scaling up cybersecurity, spectrum availability and consumer data privacy.

Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date — Cyberscoop

  • This case is the biggest to come before the nation’s highest court involving the Computer Fraud and Abuse Act (CFAA), written in the 1980s and centering on when an individual “exceeds authorized access” to a computer.

It’s hard to keep a big botnet down: TrickBot sputters back toward full health — Cyberscoop

  • Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving.

Coronavirus: Hackers targeted Covid vaccine supply ‘cold chain’ — BBC

  • The international vaccine supply chain has reportedly been targeted by cyber-espionage.

The Internet’s Most Notorious Botnet Has an Alarming New Trick — Wired

  • The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected.

North Korean Hackers Are Said to Have Targeted Companies Working on Covid-19 Vaccines — The Wall Street Journal

  • At least six pharmaceutical companies in the U.S., the U.K. and South Korea were targeted as the regime seeks sensitive information it could sell or weaponize.

In Case You Missed It

Cybersecurity News & Trends

This week hackers targeted hardware and software, with attacks on WordPress sites, printers, CPUs and the popular game “Among Us” making headlines.

SonicWall in the News

SonicWall Stresses Zero Trust, Zero Touch in 2020 — ChannelPro Network

  • A look at SonicWall’s business strategy in 2020, particularly SonicWall’s Cloud Edge solution, its Boundless 2020 virtual event, and commentary from Bill Conner and Dmitriy Ayrapetov.

Best Firewalls For Small Businesses — Business Pundit

  • Business Pundit has recognized SonicWall’s TZ firewall as the “Best Overall Firewall.”

SonicWall Refreshes Low Ends of TZ and NSa Firewall Portfolios and Unveils Zero Trust SonicWall Cloud Edge Secure Access — ChannelBuzz

  • SonicWall adds Cloud Edge Secure Access solution and new TZ and NSa firewalls to its lineup.

Firewalls And ZTNA Solution Protect Working Environments — LANline

  • LANline offers a closer look at SonicWall’s new NSFirewalls and ZTNA solution news.

SonicWall Expands Cybersecurity with New TCO Firewalls — APN News

  • SonicWall announced the expansion of its Capture Cloud Platform with the addition of the high-performance NSa 2700 firewall, three new cost-effective TZ firewall options and SASE offering debut.

Industry News

The 10 Coolest Cybersecurity Startups Of 2020 — CRN

  • Perimeter 81, who teamed up with SonicWall to create the Cloud Edge Secure Access solution, made CRN’s list of Coolest Cybersecurity Startups of 2020.

Cybersecurity Industry in Detroit Is Growing and Mentors Are Starting With Young People — Detroit Free Press

  • In an article on how Detroit’s cybersecurity industry is growing, Bill Conner offers cybersecurity tips for remote work.

Egregor ransomware bombards victims’ printers with ransom notes — Threatpost

  • The Egregor ransomware uses a novel approach to get a victim’s attention after an attack: it shoots ransom notes from all available printers.

Bitcoin hits nearly three-year peak, homes in on record — Reuters

  • Bitcoin has soared to its highest level since December 2017 as the asset’s perceived quality as a hedge against inflation lured institutional and retail demand.

Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation — Cyberscoop

  • President Donald Trump on Tuesday said he had fired Chris Krebs, a widely respected Department of Homeland Security official who helped protect the 2020 election from hacking and disinformation, the latest in a series of purges.

Forget Imposters. Among Us Is a Playground for Hackers — Wired

  • James Sebree, a researcher for security firm Tenable, on Tuesday published a blog post laying out a slew of relatively simple, hackable vulnerabilities in Among Us.

Hackers are actively probing millions of WordPress sites — Bleeping Computer

  • Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.

Ransomware Operator Promotes Distributed Storage for Stolen Data — Dark Reading

  • The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.

Hackers can use just-fixed Intel bugs to install malicious firmware on PCs — Ars Technica

  • Vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevents unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer.

In Case You Missed It

Cybersecurity News & Trends

This week, SonicWall expanded its Capture Cloud Platform with four new firewalls and a new Zero-Trust security solution.

SonicWall in the News

SonicWall Expands Boundless Cybersecurity With New High-Performance, Low-TCO Firewalls; Company Debuts Cloud-Native Ztna Solution to Secure Work-From-Anywhere Environments — Company Press Release

  • SonicWall today announced the expansion of its Capture Cloud Platform with the addition of the high-performance NSa 2700 firewall, three new TZ firewall options, and SonicWall Cloud Edge Secure Access, which delivers easy-to-deploy, easy-to-use zero-trust security.

SonicWall Capture Advanced Threat Protection Collects ICSA Labs Certification — Company Press Release

  • For the third consecutive quarter, cloud-based Capture Advanced Threat Protection (ATP) sandbox service has been vigorously tested in the detection of today’s most evasive threats and awarded the coveted ICSA Labs Advanced Threat Defense certification.

The 2020 Tech Innovators Awards — CRN

  • SonicWall was recognized as the winner of the networking category for its TZ570 and TZ670 series (slide 22) and was a finalist in the security network category for its Network Security Services Platform 15700 (slide 37).

Cybersecurity Industry in Detroit Is Growing and Mentors Are Starting With Young People — Detroit Free Press

  • In an article on how Detroit’s cybersecurity industry is growing, Bill Conner offers cybersecurity tips for more secure remote work.

Four New SonicWall Firewalls Announced — Storage Review

  • Storage Review covers SonicWall’s latest launch, focusing on Cloud Edge Secure Access and four all-new firewalls.

SonicWall Research: Ransomware, IoT Malware Attacks On The Rise — MSSP Alert

  • In a feature article on SonicWall’s Q3 Threat Data, MSSP Alert spotlights the surge in ransomware and IoT malware.

Industry News

Campari Site Suffers Ransomware Hangover — ThreatPost

  • Italian spirits brand Campari has restored its company website following a recent ransomware attack.

Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic — Threat Post

  • Following the Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.

Pressure grows to reinstall White House cyber czar — The Hill

  • Pressure to reinstate a cyber czar within the White House is growing, with bipartisan allies lining up on Capitol Hill to push such a proposal.

Zoom settles charges with FTC over deceptive security practices — Cyberscoop

  • The FTC has reached a deal with Zoom to settle allegations that the communications technology company misrepresented its security and privacy protections.

How to Avoid Paying Ransomware Ransoms — Data Center Knowledge

  • As private experts and government officials advise against indulging the bad guys, here are some tips for following that advice.

Treasury Asks if External Cyber Acts Qualify for Terrorism Risk Insurance Program — Nextgov

  • A request for comment reflects recommendations made by the Cyberspace Solarium Commission.

Major ransomware strain jumps from Windows to Linux — SC Magazine

  • A recently discovered file-encrypting Trojan, built as an executable and linkable format (ELF), encrypts data on machines controlled by Linux-based operating systems.

Hospital network hit by cyber attack restoring services — The Washington Times

  • Computer experts at the University of Vermont Medical Center are working to restore systems disabled in a cyberattack that has affected the hospital’s ability to provide some cancer treatments.

Vietnamese hacking group OceanLotus uses imitation news sites to spread malware — Cyberscoop

  • Suspected Vietnamese government-linked hackers are behind a series of fake news websites and Facebook pages meant to target victims with malicious software.

Microsoft Exchange Attack Exposes New xHunt Backdoors — Threat Post

  • An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-seen PowerShell backdoors.

U.S. seizes over $1 billion in bitcoin tied to ‘Silk Road’ — Reuters

  • The U.S. Justice Department announced it had seized over $1 billion worth of bitcoin associated with the underground online marketplace Silk Road.

Ransomware Attacks Surge 40% Globally In Q3: Report — Express Computer

  • While overall malware volume declined for the third consecutive quarter, ransomware attacks globally surged 40% to reach 199.7 million hits in the third quarter of this year.

In Case You Missed It

Cybersecurity News & Trends

This week, there were no reports of cybercriminal meddling in the U.S. election. But hospitals, government agencies, human rights groups, embassies and more weren’t so lucky.

SonicWall in the News

FBI Warns That Hackers Are Targeting Hospitals While Coronavirus Admissions Surge — Vox

  • The FBI has warned of an increase in ransomware attacks, particularly Ryuk, on hospitals.
    * Syndicated on MSN

Ryuk This For A Game Of Soldiers: Ransomware-flingers Actively Targeting Hospitals In The Us, Cyber Agencies Warn — The Register

  • While countries such as the UK, Germany and India saw declines in Ryuk, the U.S. saw a staggering 145.2 million ransomware hits – a 139 per cent year-on-year increase.

Surge In Ryuk Ransomware Attacks Has Hospitals On Alert — Computer Weekly

  • Ryuk has surged during 2020, according to statistics provided by SonicWall’s Capture Labs, which has booked 67.3 million Ryuk attacks in 2020, one-third of all ransomware incidents so far this year.

Most Organizations Don’t Have An Election Cyber War Room. They Don’t Need One — Cybersecurity Dive

  • The latest technological developments are almost irrelevant if security is absent from company culture. It’s a matter of reminding organizations of their security hygiene.

Industry News

Officials on alert for potential cyber threats after a quiet Election Day — The Hill

  • Election officials are cautiously declaring victory after no reports of major cyber incidents on Election Day.

Scam PSA: Ransomware gangs don’t always delete stolen data when paid — Bleeping Computer

  • Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.

No indication foreign governments have successfully interfered with 2020 voting: DHS officials — The Washington Times

  • Department of Homeland Security officials said the federal government is confident that the nation’s voting systems are secure and unaffected by foreign interference, but they cautioned that America’s adversaries may still attempt to create problems.

UK cyber-threat agency confronts Covid-19 attacks — BBC

  • More than a quarter of the incidents which the UK’s National Cyber Security Centre (NCSC) responded to were COVID-related, according to its latest annual report.

Hacker is selling 34 million user records stolen from 17 companies — Bleeping Computer

  • A threat actor is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches.

North Korean Group Kimsuky Targets Government Agencies With New Malware — Security Week

  • North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason’s security researchers say.

Hackers Bearing Down on U.S. Hospitals Have More Attacks Planned — Bloomberg

  • A Russia-based ransomware group responsible for a new wave of attacks against U.S. hospitals is laying the groundwork to cripple at least ten more.

First the Good News: Number of Breaches Down 51% Year Over Year — Dark Reading

  • But the number of records put at risk experiences a massive increase.

US shares info on Russian malware used to target parliaments, embassies — Bleeping Computer

  • US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies.

Hackers are on the hunt for Oracle servers vulnerable to potent exploit — Ars Technica

  • Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

In Case You Missed It

Cybersecurity News & Trends

This week, Ryuk is on the rise, medical records are on display, and Maze is on its way out.

SonicWall in the News

Amid Pandemic, Hospitals Warned of ‘Credible’ and ‘Imminent’ Cyberthreat — ABC News

  • SonicWall’s Q3 threat data detailing the increase of Ryuk ransomware is cited in this article, which centers around FBI’s warning of potential attacks against healthcare providers.

Review: The SonicWall SWS12-10FPOE Switch Simplifies Security — BizTech

  • This article reviews the SWS12-10FPOE Switch and mentions the benefit the product will have on small businesses and branch offices.

FBI Warns of Imminent Wave of Ransomware Attacks Hitting Hospitals — CNET

  • SonicWall’s Q3 Threat Data on the surge of ransomware is included in CNET’s article covering potential attacks on the healthcare industry.

Ryuk Wakes From Hibernation; FBI, DHS Warn of Healthcare Attacks —  Cybersecurity Dive

  • Samantha Schwartz included SonicWall’s Q3 Threat data and a quote from CEO Bill Conner in an article on possible upcoming attacks on the healthcare industry.

Venomous Bear and Charming Kitten Are Mentioned In Dispatches. Ryuk Targets Hospitals. Maze Shutdown? — CyberWire

  • CyberWire included a link to SonicWall’s Q3 Threat data press release in the “Cyber Trends” section of its daily newsletter.

Malware Levels Drop Attacks Become More Targeted — BetaNews

  • BetaNews’ article cites SonicWall’s Q3 Threat data, highlighting the drop in malware and the rise in ransomware and IoT malware attacks so far in 2020.

Ryuk Ransomware Responsible for One Third of All Ransomware Attacks in 2020 — Security Magazine

  • Security Magazine reports on SonicWall’s Q3 Threat Data, highlighting the surge in Ryuk ransomware that’s occurred in 2020.

Industry News

Maze ransomware is shutting down its cybercrime operation — Bleeping Computer

  • The Maze cybercrime gang is shutting down its operations after becoming one of the most prominent ransomware groups.

Trump Campaign Website Is Defaced by Hackers — The New York Times

  • The defacement lasted less than 30 minutes, and the hackers appeared to be looking to generate cryptocurrency.

Microsoft says Iranian hackers targeted conference attendees — The Washington Times

  • Iranian hackers reportedly posed as conference organizers in an attempt to break into the email accounts of “high-profile” people.

EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone — Security Week

  • The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned.

Spy agency ducks questions about ‘back doors’ in tech products — Reuters

  • The U.S. National Security Agency is rebuffing efforts by a leading congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, a controversial practice that critics say damages both U.S. industry and national security.

FBI: Hackers stole government source code via SonarQube instances — Bleeping Computer

  • The FBI issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via insecure and internet-exposed SonarQube instances.

Election Officials Warn of Widespread Suspicious Email Campaign — The Wall Street Journal

  • Local election officials in the U.S. have been receiving suspicious emails that appear to be part of a widespread and potentially malicious campaign targeting several states.

Bitcoin Approaches Highest Level Since Post-Bubble Crash in 2018 — Bloomberg

  • Bitcoin is approaching levels not seen in nearly three years.

US Treasury Sanctions Russian Institution Linked to Triton Malware — Dark Reading

  • Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.

REvil ransomware gang claims over $100 million profit in a year — Bleeping Computer

  • REvil ransomware developers say that they made more than $100 million in one year of extorting large businesses.

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts — Cyberscoop

  • Patients of a prominent Finnish psychotherapy practice reportedly had their information posted on the dark web after being told they could protect their data by directly paying a ransom.

In Case You Missed It

Cybersecurity News & Trends

While election security is still making headlines, education news moved to the forefront this week as K-12 institutions continue fighting off a barrage of cyberattacks.

SonicWall in the News

Hackney Council Cyberattack: Why Are Hackers Targeting The Public Sector? — IT Supply Chain

  • Terry Greer-King, VP of EMEA at SonicWall, offers some perspective on the Hackney Council cyberattack — and a warning to other public bodies.

National Cybersecurity Awareness Month – Empower Organizations in Cybersecurity Protocols — Business 2 Community

  • Companies should be doing more to defend against cyberattacks, and during Cybersecurity Awareness Month, cybersecurity professionals are committed to telling you how.

Ripple20 Isn’t An Anomaly – IoT Security is a Mess (Still) — Infosecurity Magazine

  • A new SonicWall report found a 50% increase in IoT malware attacks in the first half of 2020 alone — a number that’s sure to rise further as the number of IoT devices coming online continues to rise.

Industry News

UK’s GCHQ spy chief: We must engage business to harness cyber talent for future — Reuters

  • The head of Britain’s GCHQ agency said on Wednesday it was seeking to engage more with business to harness top cyber talent.

Botnet Fights Back After Microsoft’s Election Security Takedown — Bloomberg

  • After Microsoft led a global attack against a highly prolific malware group, the company says it’s winning the battle to destabilize the malicious botnet ahead of the U.S. presidential election.

LockBit ransomware moves quietly on the network, strikes fast — Bleeping Computer

  • LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Mysterious ‘Robin Hood’ hackers donating stolen money — BBC

  • Darkside hackers claim to have extorted millions of dollars from companies, but say they now want to “make the world a better place.” In a post on the Dark Web, the gang posted receipts for $10,000 in Bitcoin donations to two charities.

U.S. Accuses Google of Illegally Protecting Monopoly — The New York Times

  • A victory for the government could remake one of America’s most recognizable companies and the internet economy that it has helped define.

Hackers Smell Blood as Schools Grapple With Virtual Instruction — The Wall Street Journal

  • Many K-12 schools opting for virtual instruction distributed devices to students and teachers. Now, as this unique school year unfolds, hackers are circling.

TrickBot malware under siege from all sides, and it’s working — Bleeping Computer

  • The Trickbot malware operation is on the brink of going down completely following efforts from an alliance of cybersecurity and hosting providers targeting the botnet’s command-and-control servers.

Democrats introduce bill providing $400 million to protect schools from cyberattacks — The Hill

  • The Enhancing K-12 Cybersecurity Act would establish a $400 million “K-12 Cybersecurity Human Capacity” grant program to help protect educational institutions against attacks.

Hackers now abuse BaseCamp for free malware hosting — Bleeping Computer

  • Phishing campaigns have started using Basecamp as part of malicious phishing campaigns that distribute malware or steal login credentials.

Fancy Bear Imposters Are on a Hacking Extortion Spree — Wired

  • Companies worldwide are getting extortion notices from hackers, which claim to be Fancy Bear or the Lazarus Group, warning them to pay up or face powerful DDoS attacks.

Federal watchdog finds escalating cyberattacks on schools pose potential harm to students — The Hill

  • The Government Accountability Office (GAO), a federal watchdog agency, has concluded that an increasing number of cyberattacks on educational institutions are putting students increasingly at risk.

Thousands of infected IoT devices used in for-profit anonymity service — Ars Technica

  • Some 9,000 devices — mostly Android, but also Linux and Darwin OS— have been corralled into the Interplanetary Storm, a botnet whose chief purpose is creating a for-profit proxy service.

Trump signs legislation making hacking voting systems a federal crime — The Hill

  • Trump has signed the Defending the Integrity of Voting Systems Act unanimously approved by the House last month, over a year after the Senate also unanimously passed the legislation.

In Case You Missed It