Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.

SonicWall finishes an intense week with news articles citing the 2022 Cyber Threat Report, a quote from Bill Conner, and articles written by our frontline cybersecurity experts. From industry news, we have three big reads. One is about the day the Internet died a few hours earlier in the week, compiled from posts by Computer World, Bleeping Computer, and ZDNet. From Bleeping Computer, we learned that Conti was busy with the ARMattack campaign, ransoming 40 organizations in only one month. Finally, from Dark Reading and CSO Online, according to researchers, there are 56 vulnerabilities in operational technology products used in everything from factories to hospitals. Is our technology insecure by design?

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

What is a Cyberattack? Types and Defenses

eSecurity Planet, SonicWall Threat Report Mention: Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.

Ransomware, the Cyberattack that Set Off Alarms in Latin America

Forbes Colombia, SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

Buy Access to a Company’s Data on the Dark Web for Less Than The Cost of a MacBook

Tech Radar Pro, Bill Conner Quote: “Ransomware attacks have simply exploded last year. Recent figures from SonicWall recorded more than 600 million ransomware attacks took place across the world in 2021, representing an increase of 105% compared to the year before. Compared to 2019, the figures are even worse, showing a rise of 232%. Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases,” said SonicWall President and CEO Bill Conner.

Russia’s Invasion of Ukraine Elevates Cybersecurity Concerns for Emerging Markets

Oxford Business Group, Threat Report Mention: According to security vendor SonicWall, ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, 755% in the health care sector, 152% in education and 21% in retail.

Fortinet vs. SonicWall: Enterprise Wireless LAN Comparison

Enterprise Networking Planet, Product Comparison: Fortinet and SonicWall are both well regarded enterprise wireless LAN vendors. This article will help you decide which solution is best for your business.

Detecting the Silent Cryptojacking Parasite to Remain Disease-free

Teiss, Published Byline: Immanuel Chavoya at SonicWall describes the dangers of cryptojacking, a damaging and parasitical use of an organization’s computer resources.

Digital Infrastructure Becomes Pivotal for Businesses and Personal Lives

Markers (APAC), SonicWall Executive Interview: Digital transformation is disrupting businesses across the globe as digital infrastructure becomes pivotal for the success and survival post-Covid-19. Over the years since the pandemic hit, we have witnessed a huge surge in digital platforms and tools used in business operations which in turn has increased the risk of cyberattacks. At this junction, the role of next-gen cyber security solution provider plays a significant role. Here is an interview with Debasish Mukherjee, Vice President, Regional Sales, APJ at SonicWall sharing his views on the cybersecurity market post-pandemic, threats to businesses, key cybersecurity recommendations, and how SonicWall can help organizations overcome these challenges.

Industry News

Half of the Internet died earlier this week

Compiled from Multiple Sources: A server outage at Cloudflare’s servers led to many websites and services going down. The resulting blackout affected significant services like Google, AWS and Twitter. Although the online security company quickly identified and fixed the problem (the service was down for a few minutes), it created a flurry of worry and spun up rumors about the cause.

Initially, we were all left in the dark about the nature of the blackout, which was even more worrisome as ComputerWorld reported major disruptions to large areas. Customers trying to access Cloudflare-supported websites experienced ‘500 errors’ (Internal server errors) for approximately two hours before the service was restored around 9 am GMT.

Bleeping Computer reported that the event was reminiscent of another outage when Cloudflare stopped a 26 million request-per-second DDoS attack, which was the most severe ever recorded. The record-breaking attack, which occurred last week, targeted one of Cloudflare’s customers using the Free plan. Experts speculated that the threat actor behind the attack used stolen servers and virtual machines, as it originated from Cloud Service Providers rather than weaker IoT devices from compromised Residential Internet Service Providers.

ZDNet updated the story with a Cloudflare apology that blamed the outage THIS week on a configuration error during a “routine” network upgrade.

Conti Ransomware Hacking Spree Breaches Over 40 Orgs in a Month

Bleeping Computer: Conti is a cybercrime syndicate that runs one of the most aggressive ransomware campaigns. It has become highly organized to the point where affiliates were able to hack more than 40 primarily US-based businesses in just over a month.

Security researchers identified the hacking campaign as “ARMattack” and said it was one of the group’s most productive and effective. ARMattack was also very fast, considering how quickly the group compromised the networks. Additionally, the ransom requested by the attacker is unknown, nor do we know if any victims paid it.

Bleeping Computer also claims Conti is currently the third most frequent ransomware gang in terms of attack frequency.

The number of victims who have not paid Conti ransoms increased to 859; however, this count is based only on publicly available data on the group’s leak site and is probably higher.

This number shows that Conti has published data from at least 35 organizations that did not pay ransom each month.

Insecure By Design: 56 Vulnerabilities Discovered in OT Products

Dark Reading: A new analysis of data from multiple sources has uncovered 56 vulnerabilities in Operational Technology (OT) products from 10 vendors, including notable ones such as Honeywell, Siemens, and Emerson.

These security issues are collectively called OT.ICEFALL. They stem from insecure cryptographic implementations, weak authentication schemes or weak cryptographic implementations, insecure firmware updates mechanisms and improperly protected native functionality, which hackers can use for remote code execution. CSO Online reports that 14% of the vulnerabilities could lead to remote code execution, and 21% could allow for firmware manipulation.

The problem stems from device vendors not including basic security features like encryption and authentication. Plus, these vulnerable devices are often installed in older products that their owners continue to use, even though there are better options. So now we have the element of false confidence as many vulnerable products have been subject to an audit and are now certified as safe for OT networks.

Researchers compared their findings with those from Project Basecamp, conducted ten years ago. Then as now, they focused on insecure-by design problems in remote terminal units (RTUs), programable logic controllers (PLCs), and other controllers in SCADA (Supervisory Control and Data Acquisition) used in industrial installations.

The bottom line: the vulnerabilities are still present.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Office Documents are Still Not Safe for Cybersecurity – Ray Wyman

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.

A fresh batch of articles for SonicWall News surfaced this week from nearly every business sector, plus quotes from SonicWall CEO and President, Bill Conner, and General Director of SonicWall in Iberia, Sergio Martínez. Our biggest problem this week for Industry News was deciding what to leave out. From Forbes, a guide on how to inspire your employees to care about cybersecurity. From Bleeping Computer, ransomware gang Black Basta attacks VMware ESXi servers. Then from the BlackBerry Threat Vector blog, a new Linux malware called “Symbiote” that’s almost impossible to detect. Next, from Dark Reading, the Emotet banking trojan resurfaces—and skates past email security. And finally, a compiled reading from CNN, MIT Technology Review, and PC Magazine on Chinese hackers breaking into “major” telecom firms.

As always, click through to the links in the headlines to see the full stories from our sources. And remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

An Update from SonicWall on ICSA Certification

Security Brief (Asia), SonicWall in the News: Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

An Update From SonicWall On ICSA Certification

Security Brief (Asia), SonicWall news: “Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.”

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

Why is Ransomware Getting the Better of Us?

Security Boulevard, Threat Report Mention: The ransom crisis is particularly bad in the UK. A SonicWall report found that UK-based organizations faced the second-highest number of ransomware attacks in the world in the first half of 2021. According to SonicWall, ransomware attacks increased by 234% across Europe in that time, while CyberEdge’s 2022 Cyberthreat Defense Report found that 80% of UK organizations had been successfully targeted in the past year.

Special Cloud Security

ComputerWorld CSO (Spain), SonicWall Quote: Sergio Martínez, general director for Iberia at SonicWall, gives his vision, in the gallery Ensuring the availability of information, the pillar of the contingency plan, on new security strategies in a context in which there are more and more devices connected to business networks.

Ransomware Losses, Frequency Increase Rates: Howden

Business Insurance, Threat Report Mention: London-based Howden Broking Group Ltd. said in its report that the annualized number of globalized ransomware incidents was up 235% in 2021 compared with 2019, and average U.S. ransom payments increased by 370% over the same period. It was citing data from San Jose, California-based cybersecurity company SonicWall Inc. and ransomware incident response company Westport, Connecticut-based Coveware Inc.

Contractors Beset by Ransomware Threats Have Too Few Options

Bloomberg Law, Bill Conner Quote: The contracting community is aware of the confusion. Chester Wisniewski at Sophos, Carolyn Crandall at SentinelOne, and Bill Conner at SonicWall all outlined suggestions to Bloomberg Government in a series of interviews. Conner, SonicWall’s president and CEO, said he wants the government to install so-called “cyber czars” at each federal agency to better streamline communication.

SonicWall Recognizes APAC Partners and Distributors at FY2022 Partner Awards

Channel Life (Australia), SonicWall News: SonicWall has recognized its distributors and partners for their efforts in producing the company’s most successful year to date. The recent SonicWall FY2022 Partner Awards recognized companies for their commitment to demonstrating excellence, innovation and leadership in cybersecurity during the fiscal year. They are also thanked for continuing to drive digital transformation for businesses that leverage SonicWall solutions.

Industry News

Inspire Your Employees to Care About Cybersecurity

Forbes: We spent a lot of time talking about how humans are the weak link in cybersecurity. First, let’s recognize that a company’s employees are a significant vulnerability due to the increasing complexity and threat of cybersecurity. With more than 15 billion devices in circulation, including computers, servers and mobile phones operating worldwide—digital fluency and literacy remain challenges in the transforming cybersecurity landscape.

Many functions are performed by devices that we don’t even know about. These functions include tracking and storing location information, saving passwords and sharing information with apps, and listening to our conversations. Today, organizations have greater responsibility for cybersecurity to protect their interests and that of their employees.

It is essential to communicate basic cybersecurity expectations to raise awareness. For example, employees need to be familiarized with complex password requirements, multi-factor authentication (2FA/multi-factor authentication), screen locks, and the importance of keeping current with software updates. Understanding cybersecurity requires that you know the basics.

If your team is not in person, create attention-grabbing graphics that include slogans and statistics about the company’s cybersecurity policies. Then, share the policies by any means throughout the workforce environment. Growing threats means educating employees about cyber threats while taking steps to protect their data.

Black Basta Ransomware Attacks VMware ESXi Servers

Bleeping Computer: Black Basta is the latest ransomware gang that supports encryption of VMware ESXi virtual machine (VM) on enterprise Linux servers. Ransomware groups have been focusing their attacks on ESXi VMs because this strategy aligns with their enterprise targets. They can encrypt multiple servers faster with one command. So it makes sense to encrypt VMs, as many companies recently switched to virtual machines. From purely a business perspective, hackers now have the dual benefits of simpler device management and more efficient resource use.

Linux ransomware encryptions are not new. BleepingComputer has reported similar encryptions by numerous other gangs, including LockBit and HelloKitty, BlackMatter and REvil, AvosLocker and RansomEXXX.

However, Black Basta’s ransomware will search for the /vmfs/volumes containing the virtual machines stored on compromised ESXi server servers. And if no such folders are present, the ransomware exits. Additionally, this encryptor does not have command-line arguments that can target other encryption paths, indicating that it is only designed to target ESXi servers.

Ransomware employs the ChaCha20 algorithm for encrypting files. Additionally, multithreading is used to speed up encryption by using multiple processors.

The ransomware will encrypt encrypted files by adding the .basta extension and creating ransom notes called readme.txt within each folder. Notes include a chat support panel link, which unique ID victims can use to communicate directly with the attackers.

Symbiote — The New Linux Malware That’s Almost Impossible To Detect

BlackBerry ThreatVector Blog: As if Linux’s malware problems couldn’t get any worse, recent reports have revealed that Symbiote is a new type of Linux malware that’s “almost impossible to detect.”

This rootkit-level hack is being called Symbiote by the research team, which includes lead members from Intezer and BlackBerry. It has the parasitic ability to act like a shared object (SO) and loads on all processes via LD_PRELOAD native function. This is why it’s so terrible.

Researchers say the shared object library “parasitically compromises” a target machine. Once its claws are embedded deep in the system, malware gives attackers rootkit functionality.

Researchers discovered the first sample in November 2021. It appears that it was created to attack Latin American financial institutions. Researchers aren’t sure if Symbiote has been used in broad or targeted attacks because it is still new malware. However, Symbiote is full of interesting features. The malware employs Berkeley Packet Filter hooking (BPF), a function that hides malicious traffic from infected machines. BPF is also used in malware created by Equation Group. BPF bytecode can be injected into the kernel to determine which packets are captured. Administrators use BPF to start any packet capture software on infected machines. Symbiote then adds its own bytecode to the kernel to filter out any network traffic it does not want the packet-capturing program to see.

Symbiote can facilitate everything, from data scrapes to backdoors. Hackers can use Symbiote to stealthily harvest credential information from hacked Linux devices by hooking the “libcread” function. This is an important mission for targeting Linux servers in high-value networks. Hackers can gain unimpeded lateral movement and unlimited access by stealing administrator account credentials. Symbiote allows remote SHH access for its operators via the PAM service. It also allows the threat actor or a hacker to gain root privileges.

Many IT and cybersecurity bloggers have reported on this story. Keep an eye out for new developments.

Emotet Banking Trojan Resurfaces, Skates Past Email Security

Dark Reading: After being taken down by a joint international task force in January 2020, the malware botnet Emotet is back in an advanced form. The Emotet malware was a prolific threat during the pandemic. It originated as a trojan for banks in 2014. Its creators were the first to offer malware-as-a-service (MaaS) to criminal organizations.

Although it still uses many of the same attack methods it used in the past, Emotet has seen a rise in its ability to collect and use stolen credentials. According to the report, hackers can use these stolen credentials to distribute malware binaries. In addition, attackers are using hijacked email threads to use those accounts as a launch pad and trick victims into activating macros in attached malicious office documents.

Emotet also uses 64-bit shell code, advanced PowerShell and more advanced active scripts. Nearly a fifth of malicious samples exploits the 2017 Microsoft vulnerability CVE-2018-11882.

The attacks were mainly focused on Japan’s victims, but the focus has shifted to targets in the United States of America and Italy since March.

Chinese Hackers Breach “Major” Telecom Firms

Compiled Reading: The report is compiled from multiple sources offering a slightly different perspective: CNN, MIT Technology Review, and PCMagazine.

First, CNN’s headline: Chinese government-backed hackers have breached major telecommunications companies, among other targets, the US CISA warned this week. Cyber defenders often overlook these devices as they struggle to keep up with the routine software patching of Internet services and endpoint devices. CISA, FBI, and NSA did not identify the hackers; the advisory appears to focus on getting organizations aligned on security measures and updating their software and equipment. CNN named devices manufactured by Cisco, Fortinet, or other vendors.

MIT Technology Review included Netgear and Citrix security vendors. All vulnerabilities were publicly known, including a five-year-old critical flaw in Netgear equipment that allows attackers to bypass authentication checks to execute any code they want. This will enable them to take over the entire device and gain unrestricted access to the victim’s network. MIT says the campaign’s success shows how dangerous software flaws can be even after being made public. Zero-day attacks—hacks exploiting previously unknown weaknesses—pack a punch and demand our full attention. Plus, known flaws are still dangerous because it can be hard to update and secure networks and devices with limited resources, personnel and money.

PCMagazine stated that the vulnerabilities allowed actors to access victim accounts via publicly available exploit codes against VPN services and public-facing applications without using any unique or identifying malware.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Your weekly digest of cybersecurity news stories and trends curated from leading news outlets, trade journals, and infosec bloggers.

It was a big week for SonicWall news with another strong showing of quotes and citations in trade journals and blogs. This week’s crop of industry news was also thick with new information, all highly informative and worthy of our attention. First up is a report from Vice’s Motherboard News about hackers who posed as “internal support” at Verizon and managed to steal a sizable database of employee information. The follow-up report is one from Tech Radar about employees ignoring cybersecurity advice; we added notations regarding the vulnerability of the healthcare sector which, according to the HHS, is acute. Hacker News posted a new story about hackers using browser automation frameworks to advance malicious activities. Next, Reuters posted one about a UK hack that appears to reveal interesting tidbits about the Brexit campaign. We highlighted an article from Protocol titled “AI + Ransomware = Terrifying” because it is terrifying. Then finally, from Bleeping Computer, it’s a weird twist of irony when hackers are successfully phishing Russian government agencies with RATs.

Remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

Ransomware Attack Exposes Data of 500,000 Chicago Students and Staff

Tech.co, Threat Report Mention: But these online threats aren’t just confined to the education sector. Ransomware attacks across the US have grown 67.5% year on year, according to a recent report by SonicWall. What’s more, the majority of these attacks are leveraged against small-to-medium-sized businesses because they’re assumed to have weaker end-point security.

Navigating The Cyber Arms Race, Expert Weighs In

Information Security Buzz, Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places. And now, with the proliferation of cryptocurrency, this has enabled a whole new dark side.

War Between Russia and Ukraine Reaches the Metaverse!

Diario del Huila (Colombia), Threat Report Mention: According to SonicWall’s 2022 cyber threat report, in 2021 there were 623.3 million ransomware attacks worldwide, increasing by 105% compared to previous years. Colombia is in the top 10 of the countries, with 11 million threats detected.

Our Channel Will Help the SME face the worst: Sergio Martínez, from SonicWall

Channel Partner (Spain), SonicWall quote: Sergio Martinez confirms that his 60 channel partners, four wholesalers and 900 registered distributors are his allies to serve SMEs and the enterprise sector, which face worse and worse dangers such as encrypted threats.

SonicWall Honors Its Partners and Distributors Who Achieved Outstanding Lines In 2021

IT Reseller (Deut), SonicWall in the News: Cybersecurity specialist SonicWall has honored its most important partners and distributors of 2021. The SonicWall FY2022 Security Awards are awarded to one partner per region and, according to the manufacturer, are based on various factors such as annual sales, portfolio distribution, online activities, project success rate, certification level, the degree of commitment and feedback from their team.

GCHQ Advisor: It’s A Cyberarms Race as Ransomware Builder Emerges

IT Supply Chain (UK), Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places.

Industry News

Hackers Pose as Internal Support, Steals Database of Hundreds of Employees

Vice: Raise your hand if you have heard this story before. Hackers posing as Internal Support went through a list of Verizon employees until they found one that gave them access to their computer and ultimately, the company’s internal network.

Hackers reportedly stole a database that contained the complete name, email addresses, corporate ID numbers, phone numbers, and contact information of hundreds of employees.

Motherboard (Vice’s own cybersecurity team) confirmed that a significant portion of the data that was harvested was legitimate. They called the phone numbers listed in the database. One former employee was understandably upset about the breach and had some unkind words about Verizon’s cybersecurity culture. It certainly relates to an industry-wide concern about employee behavior and attitudes toward cyber hygiene.

The hacker(s) also reportedly sent an email to the company and threatened to leak Verizon’s entire employee database unless the company agreed to pay $250,000 in ransom. Verizon spokeswoman confirmed the communication.

Your Staff is Ignoring Cybersecurity Advice

Tech Radar: Since we’re talking about cybersecurity culture, here’s a report that reminds us how vulnerable businesses are to cyberattack. More than 90% of successful attacks were facilitated through “human interaction” (e.g., employees). Employees are the primary entry point to breach secure networks. Threat actors rarely use brute force to break in. They don’t have to. They can merely evade network security with a bit of social engineering that gets an errant click, or a password tossed their way.

Tech Radar says that cybercriminals view your employees as reliable portals to sensitive corporate information and other data. Many organizations have taken steps to combat this trend by implementing security awareness training. However, implementation is not perfect nor is it consistent. Tech Radar cites a survey that showed only 28% of organizations currently offer comprehensive training programs twice per year.

Organizations around the globe are facing a disengaged, often indifferent workforce, even when training is more frequent. Users continue to engage in risky behavior and ignore security best practices. 42% of users admit to downloading malware, and 56% let their friends and family use the devices their employers give them.

A separate risk report conducted by the US Department of Health and Human Services (HHS) backs Tech Radar’s findings, pointing out that successful attacks usually come from negligent insider threats than from brute force attacks.

Among the alarming findings from the HHS report, researchers analyzed 3 billion files across 58 healthcare companies and found that all employees could access 20% of the files. That means tens of thousands of sensitive files related to patient healthcare are available for all to see. Add to that, 77% of healthcare organizations have 500 accounts or more with passwords that never expire.

As noted in SonicWall’s 2022 Cyber Threat Report, the healthcare sector experienced a 121% increase in malware in 2021. Expect to see that number rise in the coming year.

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Hacker News: Cybersecurity researchers have discovered that a free browser automation framework is being used increasingly by threat actors. Hackers can use many features of the framework to enable a wide range of malicious activities. The framework’s technical requirements are low.

Underground actors have been able to advertise their willingness to help create bespoke tooling. Researchers found that C2-IP addresses of command-and-control (C2) are linked to malware like Bumblebee and BlackGuard. These IP addresses establish connections to the download domain of Bablosoft (maker of Browser Automation Studio). Bablosoft can automate tasks in Google Chrome using legitimate tools such as Selenium and Puppeteer.

Russian Hackers Linked to New Brexit Leak Website

Reuters: According to a Google cybersecurity official and former head of UK foreign Intelligence, a new website published leaked emails of several prominent proponents of the Brexit plan that led to Britain leaving the European Union.

The website, titled “Very English Coop d’Etat,” claims it has published emails from Richard Dearlove (ex-British spymaster), Gisela Stuart (leading Brexit campaigner), and Robert Tombs (pro-Brexit historian) and other supporters of Britain’s exit from the EU.

According to the site, not only is this group the hardline pro-Brexit booster, the members also collaborate in secretly make political decisions in the United Kingdom.

Reuters couldn’t immediately confirm the authenticity of the emails. However, two victims of Wednesday’s leak confirmed that hackers had targeted them and blamed Russia for their actions.

According to the “English Coop” website, several allegations are made, including that Dearlove was involved in a plot by Brexit hardliners to replace Theresa May (who had negotiated a withdrawal deal with the European Union at the beginning of 2019) with Johnson, who takes a more uncompromising stance.

Dearlove stated that the emails were a “legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion.”

Officials did not respond to emails seeking comment from the Russian embassies in Washington and London. Moreover, the Foreign Office of Britain, which deals with media inquiries for MI6, declined to comment. Others who are believed to have been disseminated via the website’s email list also did not reply to emails requesting comment.

AI + Ransomware = “Terrifying”

Protocol: The article quotes the 2022 SonicWall Cyber Threat Report, but that’s not the only reason it caught our attention. While the number of ransomware attacks have doubled year-over-year in 2021, ransomware has been getting more successful. And that’s what makes this article a worthy if not terrifying read.

Cybercriminals and defenders are engaged in a constant struggle for advantage. However, defenders have had an advantage that has helped them stay one step ahead of most attacks: AI and machine learning that allows administrators to automate much of their work, particularly when it comes to detection and responding to attacks. Although this advantage has not been enough to stop ransomware from spreading, it is still a significant advantage over what cybercriminals are capable of doing.

The greatest barrier for cybergangs is that AI requires high-level expertise that they do not have. But now, after two years of record-breaking breaches, the one thing they do have is a lot of money. Ransomware gang Conti pulled in $182 million in ransom payments during 2021, according to blockchain data platform Chainalysis. Leaks of Conti’s chats suggest that the group may have invested some of its revenue in pricey “zero day” vulnerabilities and hiring penetration testers.

Protocol speculates that given the windfall some ransomware gangs have amassed, it’s only a matter of time that they will deploy AI ransomware.

Hackers Target the Russian Govt With Fake Windows Updates by Pushing RATs

Bleeping Computer: In the weirdest twist of irony, hackers successfully targeted Russian government agencies with phishing emails that pretended to be Windows security updates to install remote access trojans, or RATs.

Russian Government agencies were targeted by hackers using phishing emails claiming to be Windows security updates. These attacks are being carried out by a previously unknown APT (advanced persistent threat) group. They are believed to be operating in China and are connected to a series of spear-phishing campaigns.

The operations took place between February 2022 and April 2022. The goal was to infect Russian Federation government entities with malware. The custom-made RATs were most likely used in espionage operations.

The first of four campaigns started in February 2022, just a few days following Russia’s invasion of Ukraine. The RAT was distributed at that time under the name interactive map UA.exe.

The group apparently planned more elaborate and well-thought-out campaigns and schemed to lure targets and convince them of the legitimacy and authenticity of the phishing email attacks. The tar.gz archive, which was supposed to contain a fix to the Log4Shell vulnerability, was sent to the Russian Ministry of Digital Development, Telecommunications and Mass Communications. Another wave of phishing attacks saw malicious actors pretend to be Rostec, a Russian defense conglomerate.

In the final wave of attacks, Chinese hackers focused their attention on a macro-infected Word file that contained a fake job offer from Saudi Aramco, a major oil and natural gas company. The document targeted candidates interested in filling the “Strategy and Growth Analyst” position. It used a remote template injection technique to retrieve the malicious template and then drop the VBS script onto them.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends

It was another busy week with several news outlets quoting the 2022 SonicWall Cyber Threat Report. Other stories mention SonicWall corp, its products and services and one recognized CRN Channel awards for three women from SonicWall’s field marketing team. In global cybersecurity news, Krebs’ ongoing coverage of hackers using fake Emergency Data Requests (EDRs) escalated into a DEA investigation. The Republic of Korea just became the first Asian country to join NATO’s cybersecurity group, much to the chagrin of the People’s Republic of China. India’s new CERT-IN breach reporting requirements are bumping against growing resistance from businesses and organizations. In California, a data provider for the State Bar accidentally released private and potentially damaging information about some of its member attorneys. MyNurse patient data tracking service is closing its doors after a severe data breach. Log4Shell exploits are resurfacing with new threats to the tranquility of enterprise data lakes and potentially devastating AI poisoning. And 157-year-old Lincoln College is closing its doors – apparently succumbing to the COVID pandemic and a catastrophic cyberattack.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

WannaCry’s Ghost Is Still Wreaking Havoc Five Years On

ITPro (UK), SonicWall in the News: In an article about the 5th anniversary of WannaCry: SonicWall is one such company still tracking WannaCry, although other firms tell IT Pro they have decided to stop monitoring the strain, given the worst of it is over. We may not have seen the same level of destruction as sustained five years ago, but detections remain high.

Most Brazilian Companies Don’t Pay to Get Data Back After Ransomware Attacks

ZDNet, Threat Report Mention: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall earlier this year. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks.

New Report Paints Boston As Burgeoning Cybersecurity Hub

Bostinno/Boston Business Journal, Threat Report Mention: The world saw a 105% surge in ransomware cyberattacks last year, according to the most recent SonicWall cyber threat report.

The Rising Risk of Ransomware Attacks on Organizations and How to Mitigate it

Security Review, Threat Report Mention: According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List

SonicWall Blog, SonicWall in the News: SonicWall is thrilled to share that CRN, a brand of The Channel Company, has named three global channel team members on CRN’s 2022 Women of the Channel List. SonicWall’s Sr. Director, Global Field Marketing Nicola Scheibe; Sr. Channel Account Manager Terra Paisley; and Sales Manager Misty Warhola were included on the annual list, which honors the incredible accomplishments of female leaders in the IT channel.

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: “The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Industry News

DEA Investigating a Breach of Law Enforcement Data Portal

Krebs on Security: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports hackers gained unauthorized access of an agency portal that taps into 16 federal law enforcement databases. KrebsOnSecurity claims that it discovered that the alleged compromise was tied to an online harassment and cybercrime community that routinely impersonates government officials and police officers to obtain personal information. Krebs has been following this topic closely, as reported in previous posts of Cybersecurity News & Trends.

KrebsOnSecurity shared information regarding the allegedly hijacked account to the DEA, Federal Bureau of Investigation (FBI) and the Department of Justice (which houses both agencies). However, the DEA refused to provide details on the validity of the claims.

The Republic of Korea is the First Asian Country to Join NATO’s Cyber Research Center

Numerous news agencies are covering a fresh story about the Republic of Korea joining the NATO cybersecurity group known as the Cooperative Cyber Defense Center of Excellence. (CCDCOE). According to The Korea Times, the state intelligence agency of Korea announced Monday that there was a flag-raising ceremony in Estonia to commemorate Korea’s participation. The CCDCOE operations are based in Tallinn (Estonia), Canada, Luxembourg, and Luxembourg. The group was created in 2008 by NATO members in response to crippling cyberattacks in Estonia committed by Russian cyber gangs. CCDCOE now boasts 32 nation members, including 27 NATO members that sponsor it, plus five contributors, including Korea, according to ZDNet.

The South China Morning Post reports that although the cybersecurity group operates independently from NATO, Chinese military analysts claim that Beijing is concerned by the development. The People’s Republic of China sees the move as an expansion of the NATO defense alliance and a threat to Chinese security interests.

Russia used the military alliance’s eastern expansion to justify its invasion of Ukraine. Government leaders in Beijing consider Moscow’s claim as a legitimate security concern. Ni Lexiong, a Shanghai-based military analyst, said that China views NATO as overbearing and that Korea’s decision to join the center is “definitely not in China’s best interests.”

Industry Rebuffs India’s Data Security Breach Reporting Requirements

The Register: Opposition to India’s new rules for reporting computer security breaches grows. The rules were introduced in late March by the government-run CERT-In. This team has responsibility for incident management.

CERT-In requires Indian organizations to report more than 20 types of cybersecurity incidents within six hours of discovering them. In addition, it ranks ransomware attacks, detections of malicious network probes, and hijacking social media accounts all on the same level.

Other requirements include the retention and capture of VPN users’ personal data and IP addresses. The government gave Indian organizations only 60 days to ramp for compliance. The organizations say that these requirements are difficult to meet because they affect large entities such as data center operators and that some incidents happen daily.

California State Bar: 1,300 Attorneys Identified in Massive Data Breach

OC Register: California’s State Bar has begun notifying thousands of attorneys whose names were found in 322,525 confidential records of proceedings for member discipline. The breach occurred in February. According to the State Bar, it will reach out to 1,300 respondents, witnesses, and complainants whose names are contained in 1,034 supposedly confidential records. The State Bar will also contact those named in records but were not published.

Public records aggregator Judyrecords published the documents. They remained online between October 2021 and February 2022. Southern California News Group first reported the breach. According to the report, the breach was not the result of malicious hacking but rather a security flaw in the State Bar’s Odyssey Portal that Texas-based Tyler Technologies operates. As a result, the confidential records were unintentionally swept up and published by Judyrecords. The portal vulnerability was fixed, and access to the public records of the State Bar Court was restored while the records search function was still disabled on Judyrecords. The website administrator stated in a note that the portal glitch enabled users to access court cases in various jurisdictions in California, Georgia, Kansas and Texas.

MyNurse Shuts Down After Data Breach Exposes Health Records

TechCrunch: MyNurse stated in a data breach notice that it had decided to close its business because of a “data security incident” but didn’t give a reason. The company stated that it began notifying patients affected on April 29, more than seven weeks after the breach was discovered. MyNurse is a startup in healthcare that offers remote monitoring and chronic care management. It reported a data breach that exposed the personal health information of its users.

Salusive Health was the startup that launched the service. The company later filed a data breach notification with the California attorney general’s office stating that it discovered a breach in early March. An unauthorized individual had accessed its protected health data. Patients’ financial, demographic and health information were all accessed. This included names, dates of birth, phone numbers, and dates of birth, including medical histories, diagnosis, treatments, prescriptions and information about health insurance and policies.

Log4Shell Exploit Resurfaces, Threatens Enterprise Data Lakes, AI Poisoning

Dark reading: Enterprise data pools are growing as more organizations embrace AI and machine learning. However, this makes them vulnerable to exploitations of the Java Log4Shell vulnerability. With a view to privacy, organizations are focused on ingesting data points that they can use to train an AI or algorithm. However, too many times, the operators neglect the security of data lakes.

Research has shown that triggering the log4Shell bug is relatively easy once the code is ingested into a target database or repository via a pipeline. Furthermore, such a strategy bypasses traditional safeguards such as application firewalls, sandboxing and other traditional scanning services.

Like the original attacks on the Java Log4j library exploiting a single string, it is only necessary to extract the text. However, researchers say that an attacker could embed the string in a malicious big data file payload to create a shell within the data lake and launch a data poisoning attack. The difficulty of detection is even more significant because the big-data file containing the poison payload can often be encrypted or compressed.

Lincoln College Shuts Down After 157 Years. Blames COVID-19, and Cyberattack

NPR: Lincoln College was not destroyed by the 1918 influenza pandemic. The Great Depression and World War II didn’t help the school, yet it survived. The school was able to withstand a major fire, other economic hardships and many serious threats. Unfortunately, the college will close for good this spring due to two modern blights: the COVID-19 pandemic and a cyberattack.

This is a remarkable turnaround for the small, private school in Illinois that has hosted thousands of first-generation college students and received federal recognition as a predominantly Black institution.

Lincoln College saw record enrollments in fall 2019, filling all its dormitories. The pandemic struck as it did around the globe, disrupting campus life and making it difficult for the school to raise funds and recruit new students. The school had to set aside cash reserves for new technology and safety precautions. In December 2021, ransomware attacked the school, stopping admissions and preventing access to all data.

CBS News reported the fall enrollment had dropped sharply to just a fraction of what was required to sustain operations by the time that the school gained access to its computer systems nearly four months later. In March, the school announced its decision to close. Former and current students felt betrayed by the school, which had provided them with opportunity and refuge from uncertain situations.

In Case You Missed It

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Cybersecurity News & Trends

This week, SonicWall is on a winning streak with another strong showing in general news and industry press. There were continued mentions of the 2022 SonicWall Cyber Threat Report, new product reviews, and partner news. In industry news, the Tenet healthcare network suffered a cyberattack that disrupted operations at two hospitals in Palm Beach, FL. While cyberattacks rage in Ukraine, US Intel warns of fresh attacks on US targets by state-sponsored cyber gangs from China, Russia, and North Korea. Krebs is following a developing situation where hackers are using fake Emergency Data Requests (EDRs) to gain fraudulent law enforcement actions that can compromise companies and agencies. Meanwhile, JPMorgan is getting sued for a hack, the US State Department antes $10M for information about Russian hackers, the malware loader Bumblebee is loose, and experts examine predictive analytics for cybersecurity.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

SonicWall Virtual Firewall Tested and Certified in AWS Public Cloud – Ideal for Distributed Networks

Markets Insider, News: SonicWall today announced a new report by The Tolly Group, which detailed the testing and analysis of the performance of the SonicWall NSv 470 virtual firewall. Using Keysight’s CyPerf cloud-native testing solution to provide the test infrastructure for standardized, repeatable performance tests, Tolly benchmarked the throughput and connection performance of the virtual firewall in Amazon Web Services (AWS).

For Over 30 Years, Jeff Dann Has Had the People, Process, And Technology To Ensure Their Customers Are Protected

MSP Success, Threat Report Mention: SonicWall reports there were 304.7 million ransomware attacks, 51.1 million crypto-jacking attacks, and 32.2 million IoT malware attacks in 2021. The report states that attackers targeted web applications with financial and personal information for a big payday.

The Industry Takes Stock of Cyberattacks In Hawaii

Pacific Inno, News: Each year, the SonicWall Cyber Threat Report uncovers insights extracted from global cyberthreat data collected and analyzed by expert researchers. SonicWall calls its report “the world’s most quoted ransomware threat intelligence,” and it is an annual snapshot of the threat landscape, helping business and government leaders make informed decisions about cybersecurity.

Learn how NLP Can Help to Understand the Cyber-Exposure And The Silent Cyber

Intelligent Insurer, Threat Report Mention: Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% year on year, according to security vendor SonicWall. The firm reports an 1,885 percent increase in attacks on government targets, healthcare (755 percent), education (152 percent) and retail (21 percent).

Cyber Threats to Media Companies Are on The Rise

E&P, Threat Report Mention: Reporter Amiah Taylor explained ransomware research by SonicWall, an internet cybersecurity company, and its 2022 Cyber Threat Report, which offers some alarming statistics about ransomware attacks, in particular governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

How To Choose the Best VPN For Security and Privacy

CSO Magazine, Product Mention: For example, SonicWall’s Mobile Connect supports Ping, Okta and OneLogin identity providers.

Privacy Coin Monero’s Use in Ransomware Fuels Growing Security Concerns

PYMNTS.com, Threat Report Mention: That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.

Industry News

Tenet Says, ‘Cybersecurity Incident’ Disrupted Hospital Operations

Healthcare Dive: Tenet is one of the largest US for-profit health systems. It reported that it suffered a cybersecurity incident last week, which disrupted some acute care operations. According to the statement issued Tuesday by the Texas-based operator, most critical functions have been restored, and affected facilities are beginning normal operations. Tenet did not disclose the nature or extent of the incident or the affected facilities. It also didn’t say whether hackers accessed any patient data.

SC Media and CBSNews affiliate WEPC offered additional details on the incident, reporting that the attack forced caregivers to chart patient care using paper because the network’s phone and computer systems were down. As a result, the company’s “acute care operations” at Good Samaritan Hospital in West Palm Beach and St. Mary’s Medical Center were temporarily interrupted.

Cyberattacks Rage in Ukraine, Support Military Operations

Threat Post: At most, five advanced persistent threats (APTs) are believed to be behind attacks tied to ground campaigns that aim to harm Ukraine’s digital infrastructure. Five state-sponsored APT groups are behind the attacks on Ukraine that started in February. The groups used the cyberattacks against Ukraine strategically to support the ground campaign. Microsoft published research on Wednesday that revealed that Russia had state-sponsored the APTs in the campaign.

Separate reports this week shed light on cyberattacks against Ukrainian digital assets carried out by APTs linked to Russia. Microsoft researchers have found that six distinct Russia-aligned threat agents carried out 237 cyber operations, resulting in threats to civilian welfare. They also attempted to launch dozens of cyber espionage attempts against Ukrainian targets.

US Intel, Google Warn of Cyberattacks from China, Russia, North Korea

Newsweek: In the past month, intelligence agencies, President Joe Biden and large companies such as Google all issued the same warning — sounding alarms about the growing threat of cyberattacks coming from foreign governments. Christopher Wray, Director of the Federal Bureau of Investigation, stated that the People’s Republic of China and the Chinese Communist Party are the biggest threats to the country’s counterintelligence. He said they target our innovation, trade secrets, and intellectual property at a scale never before seen in history. According to Google’s Threat Analysis Group (TAG), Iran, North Korea and Russia are the top cyberattacks on the US.

Fighting Fake EDRs with ‘Credit Ratings’ for Police

Krebs On Security: The Krebs security team recently examined how cybercriminals used hacked email accounts of police departments worldwide to obtain warrantless Emergency Data Requests from technology providers and social media companies. Many security experts called it an insurmountable problem. Matt Donahue is a former FBI agent who recently left the agency to start a startup to help tech companies screen out fraudulent law enforcement data requests. This includes assigning credit ratings or trustworthiness to law enforcement agencies worldwide.

Manufacturer Sues JPMorgan After Cybercriminals Stole $272m

Computer Weekly: Essilor Manufacturing sued JP Morgan, alleging that the bank failed to report suspicious activity, leading cybercriminals to steal $272 million. According to reports, Ray-Ban sunglasses’ French manufacturer claimed that the bank failed to notify them of suspicious activity in New York. As a result, the manufacturer claimed an increase in money transactions and money sent to offshore companies in high-risk countries in papers filed in Manhattan federal court.

State Dept Offering $10 Million For Information on Russian Cybercriminals

The Hill: The State Department has announced it is offering a reward of up to $10 million for information on a group of Russian cybercriminals. The department released a press release on Tuesday stating that its Rewards for Justice program (RFJ) is looking for information about six people who are allegedly involved in a criminal conspiracy involving malicious hacking activities that affect the critical infrastructure of the United States. According to the State Department, these individuals were part of a criminal conspiracy that infected computers with destructive malware in June 2017. The malware was called NotPetya.

Cybercriminals Using New Malware Loader’ Bumblebee’ in the Wild

Hacker News: The cybercriminals who were previously seen delivering IcedID and BazaLoader as part of their malware campaigns may have switched to a new loader called Bumblebee, which is currently actively being deployed. Researchers report that Bumblebee may be the new multifunctional tool of choice for spreading malware based on cybercriminals’ timing and early proliferation of the loader. The new loader was distributed in March 2022. There are overlaps between malicious activity and Conti ransomware deployments.

Predictive Analytics could be the Future of Cybersecurity

Analytics Insight: While it might not be possible to prevent every data breach, it is possible to minimize the risk. Even the most skilled cyber professionals admit that it is impossible to control all data breaches. It is impossible to stop determined hackers from getting into systems. This is not because they are too sophisticated; even the most experienced security professionals fall prey to human error. Nevertheless, it is possible to minimize the risk, which is good news. Organizational leaders must accept this fact as soon as possible. It is best to assume that data breaches will happen and set up cyber defenses to reduce the damage. A crisis checklist can help prepare for the worst.

In Case You Missed It

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi

Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi

Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell