More business and trade journals mentioned the 2022 SonicWall Cyber Threat Report this week. One mention found its way into Silicon Republic’s report on Ubisoft’s company-wide password reset after the hack last week. Industry news this entire week was focused on the fallout from the Russia-Ukraine conflict. We found numerous reports on activist attempts to break through Russia’s “digital iron curtain,” with cybersecurity experts pleading for caution as the “cyber war” escalates. Today’s headlines include Russia facing an “unprecedented” wave of cyberattacks, a nine-year-old Microsoft flaw is back, hackers getting around multi-factor authentication, and the hybrid cyber war unfolds.
SonicWall News
Silicon Republic: As previously reported, Gaming giant Ubisoft confirmed a “cybersecurity incident” where the ransomware group Lapsus$ claims to have disrupted games, systems and services. The company further confirmed that it initiated a company-wide password reset. As part of this report, Silicon Republic also cited SonicWall’s latest cyberthreat report, highlighting the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.
National Law Review: Ransomware attacks frequently made headlines in 2021 and substantially impacted many US companies. In the first six months of last year alone, ransomware attacks on US companies were up 148% from 2020 (footnote: “SonicWall 2022 Cyber Threat Report”).
Insurance Business Magazine: The US alone accounted for more than two-thirds (67.6%) of all ransomware attacks worldwide last year as the nation logged almost 421.5 million hits – a 98% rise year-on-year, according to a new report by cybersecurity firm SonicWall.
Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyber attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking. SonicWall researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105 percent increase. Ransomware volume has risen 232 percent since 2019. Following global trends, all industries faced significant increases in ransomware volume, including government (+1,885 percent), healthcare (755 percent), education (152 percent) and retail (21 percent).
Martech Series: The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.
Yahoo Finance: Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles. That attack was the latest example of ransomware’s threat to all industries. The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.
Digital Journal: Sonic Wall’s 2022 Cyber Threat Report shows that every category of cyberattack increased in volume throughout 2021. The number of encrypted threats spiked by 167% (10.4 million attacks), ransomware rose by 105% to 623.3 million attacks, cryptojacking rose by 19% (97.1 million attacks), intrusion attempts by 11% (a whopping 5.3 trillion) and IoT malware rose by 6% to 60.1 million attacks.
WOLL (Germany): Encrypted threats skyrocketed in 2021 by 229% (00.4 million attacks), ransomware up 103% to 623.3 million attacks, cryptojacking up 22% (33.1 million attacks), intrusion attempts up 10% (a whopping 5.3 trillion), and IoT malware increased 6% to 30.1 million attacks according to SonicWall’s Cyber Threat Report.
Industry News
Hackers Try to Break Through Putin’s Digital Iron Curtain
Here are summaries from the several outlets reporting on this item. The headline from CNN is a culmination of worry from many who work in cybersecurity. Hackers and activists are trying to break through Putin’s digital iron curtain after Russia shut down Twitter and Facebook in the country. According to a report from The Guardian, Ukraine’s cyber-response to the Russian invasion has been bolstered by hackers organizing on the Telegram messaging app under the IT Army of Ukraine banner. In the meantime, amateur hackers are being warned of joining Ukraine’s “IT army” amid fears that activists could break the law or launch attacks that spiral out of control. More than 300,000 people have signed up to the group, including members outside Ukraine. Western officials said they would “strongly discourage” joining the group and participating in hacking activity against Russia.”
Ukraine’s cyber-offensive has had particular success with distributed denial of service (DDoS) attacks, in which websites are rendered unreachable by being bombarded with traffic. Russian government websites, including the Kremlin and the Duma, have been targeted in this way and Russia Today, the state-media-owned news service.
Anonymous, a hacking collective, has also claimed credit for DDoS attacks. Speaking of the Anonymous hacking collective, the GTSC Homeland Security newsletter says that the group has recently vowed to accelerate the cyberwar they declared on Russia last week. The goal, they say, is to paralyze the Russian government “by any means necessary.”
Experts and some officials are trying to warn people off from participating in any group actions such as a “cyber war.” They remind would-be joiners that cyber-attacks from the US or the UK break several laws in those countries, such as the Computer Fraud and Abuse Act in the US and the computer misuse act in the UK. “Whilst I totally understand the sentiment behind the actions of many in this IT army, two wrongs do not make a right. Not only might it be illegal but it runs the risk of playing into Putin’s hands by enabling him to talk about ‘attacks from the west’,” said Alan Woodward, a professor of cybersecurity at Surrey University.
And as reported by CNBC, cyberattacks worldwide are on the rise as hackers use the Russia-Ukraine war as a distraction. Incidents involving almost every kind of cybercrime have been on the rise since the war in Ukraine started. While many people look to nation-state actors as the primary drivers, threat actors take advantage of the distraction, ramping up their activities and extorting money from more and more victims.
Yet, celebrities like Arnold Schwarzenegger are applauding the effort, according to a story in The Mercury News. From the activist perspective, they are desperate to advance an information campaign to bring the truth to the Russian people about the war in Ukraine. “I love the Russian people. That is why I have to tell you the truth,” posted Schwarzenegger yesterday on Twitter.
Washington Post: Russian government websites and state-run media face an “unprecedented” wave of hacking attacks, the government said Thursday, prompting regulators to filter traffic coming abroad. The Ministry of Digital Development and Communications said the attacks were at least twice as powerful as any previous ones. It did not elaborate on what filtering measures had been implemented, but this has often meant barring Russian government websites to users abroad in the past. Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”
Bloomberg: A group of ransomware hackers used various techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft Corp.’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet Inc.’s Google found.
In research published Thursday, the group, which Google refers to as Exotic Lily, is known as an initial access broker. Such groups specialize at breaking into corporate computer networks and then providing that access to other cybercriminal syndicates that deploy malware that locks computers and demands a ransom.
The findings help illuminate the ransomware-as-a-service model, a cybercriminal business strategy in which different hacking groups pool their resources to extort victims then split the proceeds. The Exotic Lily group sent over 5,000 malicious emails a day, Google observed, to as many as 650 organizations worldwide, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows. Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.
ZD Net: Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim’s cloud and email.
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. As early as May 2021, the hackers combined a default configuration issue in a Duo MFA setup at one organization with the critical Windows 10 PrintNightmare flaw CVE-2021-34481 to compromise it. Microsoft patched that elevation of privilege issue in August.
In one case, an organization allowed weak passwords, which were subsequently hacked using a typical password-guessing attack to gain the credentials for initial access. The attackers also used the fact that Duo MFA’s default configuration setting allows the enrollment of a new device for dormant accounts.
The Cyber Wire and other outlets note that cyber operations in this hybrid war have failed to develop into the catastrophes that seemed well within Russian capabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) and its FBI partners have continued to update the guidance they’ve issued on the wiper malware observed in sporadic use against Ukrainian targets. The Globe and Mail reports that Canadian authorities offer comparable advice to their country’s own businesses. Yet, in 2016 and 2017 attacks on sections of the Ukrainian power grid, Russia had shown the ability to mount large-scale and destructive operations against its neighbor. But so far, the cyber war has been limited to relatively confined wiper attacks (cyberattacks that wipe out digital device memory) and influence operations with disinformation. The Washington Post describes the relatively quiet cyber front, noting that the situation could change at any time.
In Case You Missed It
