Posts

Cybersecurity News & Trends – 04-23-21

This week hackers ramped up attacks on office workers, with malicious emails impersonating Slack, BaseCamp and Bloomberg Industry Group.


SonicWall in the News

The 8 Best Wireless Routers for Business in 2021 — Solutions Review

  • SonicWall SOHO 250 was included on Solutions Review’s (alphabetically organized) list of the top wireless routers of 2021.

Higher the Factors, Stronger the Security — Security MEA

  • Mohamed Abdallah, SonicWall regional director for MEA, explores the importance of multi-factor authentication.

Saudi GDP Can Spike Automation — Khaleej Times

  • Mohamed Abdallah, SonicWall regional director for MEA, discusses digital transformation initiatives in Saudi Arabia and the need for intelligent automation deployments.

Industry News

Apple Targeted in $50 Million Ransomware Hack of Supplier Quanta — Bloomberg

  • The REvil ransomware group is threatening Apple after one of its key MacBook suppliers, Quanta, allegedly refused to pay a $50 million ransom.

Hackers pose as Bloomberg employees in email scam — Cyberscoop

  • The ruse seeks to capitalize on the influence of Bloomberg Industry Group, whose analysis major corporations use to track markets.

Japan says Chinese military likely behind cyberattacks — The Washington Times

  • Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country’s space agency, by a hacking group believed to be linked to the Chinese military.

US takes steps to protect electric system from cyberattacks — The Washington Times

  • The initiative encourages power plants and electric utilities to improve their ability to identify cyber threats, including implementing technologies to spot and respond to intrusions in real time.

Fake Microsoft Store, Spotify sites spread info-stealing malware — Bleeping Computer

  • Sites that impersonate the Microsoft Store, Spotify, and an online document converter are using malware to steal credit cards and passwords saved in web browsers.

Millions of web surfers are being targeted by a single malvertising group — Ars Technica

  • Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on sites that seem completely benign.

Discord Nitro gift codes now demanded as ransomware payments — Bleeping Computer

  • A new ransomware calling itself “NitroRansomware” encrypts victims’ files and then demands a Discord Nitro gift code in exchange for decryption.

Ryuk ransomware operation updates hacking techniques — Bleeping Computer

  • Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

BazarLoader Malware Abuses Slack, BaseCamp Cloud — Threat Post

  • The BazarLoader malware’s email messages leverage worker trust in collaboration tools like Slack and BaseCamp to get them to click links containing malware payloads.

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? — Krebs on Security

  • On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly discovered fourth malware backdoor used in the sprawling SolarWinds supply-chain hack.

Cyberattack on UK university knocks out online learning, Teams and Zoom — ZDNet

  • The attack cancelled all live online teaching for the rest of the week.

How the Kremlin Provides a Safe Harbor for Ransomware — Security Week

  • Ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up — and law enforcement has been largely powerless to stop it.

Swinburne University confirms over 5,000 individuals affected in data breach— ZDNet

  • The university confirmed the personal information included in the breach contained names, email addresses and phone numbers of staff, students and external parties.

HackBoss malware poses as hacker tools on Telegram to steal digital coins — Bleeping Computer

  • The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications.

In Case You Missed It

Cybersecurity News & Trends – 04-16-21

This week utilities were under attack, as an Iran nuclear plant and a Kansas water facility both faced sabotage attempts.


SonicWall in the News

Internet of Things Malware Attacks Increase by 152% in North America in 2020, Other Continents also Witness a Significant Spike — Digital Information World

  • This article features data from SonicWall’s recent 2021 Cyber Threat Report, with a focus on the increase in IoT and malware attacks.

Video: 10 Minute IT Jams – SonicWall VP on the cybersecurity lessons learned from the last 12 months — Security Brief Asia

  • SonicWall’s vice president of regional sales – APAC, Debasish Mukherjee, discusses cybersecurity lessons learned from the pandemic.

Why some jobseekers have turned to cyber crime during the pandemic — ComputerWeekly

  • ComputerWeekly spoke with SonicWall EMEA Vice-President Terry Greer-King about cybercriminal activity during the pandemic.

‘Boundless Cybersecurity’: How SonicWall is helping to uncover unknown threats — Intelligent CISO

  • Intelligent CISO interviewed Osca St. Marthe, SonicWall’s executive director of sales engineering for EMEA, about the company’s boundless security model.

Remote Work Sparking Rise in Cybersecurity Threats, HTSA Told — Consumer Electronics Daily

  • SonicWall Solutions Architect Rick Meder was quoted in reference to the 2021 Cyber Threat Report.

Industry News

U.S. House committee approves blueprint for Big Tech crackdown — Reuters

  • The U.S. House of Representatives Judiciary Committee has formally approved a report accusing Big Tech companies of buying or crushing smaller firms, Rep. David Cicilline’s (D-R.I.) office said in a statement Thursday.

NSA, FBI, DHS expose Russian intelligence hacking tradecraft — Cyberscoop

  • The U.S. government warned the private sector that Russian government hackers are actively exploiting vulnerabilities to target U.S. companies and the defense industrial base.

NBA’s Houston Rockets Face Cyber-Attack by Ransomware Group — Bloomberg

  • The NBA’s Houston Rockets are investigating a cyberattack against their networks from a relatively new ransomware group claiming to have stolen internal business data.

 IBM Uncovers More Attacks Against COVID-19 Vaccine Supply Chain — Bloomberg

  • A hacking campaign detected by IBM last year targeting organizations involved in the manufacturing, transportation and storage of COVID-19 vaccines is now thought to have targeted more than 40 companies in 14 countries.

Iran nuclear attack: Mystery surrounds nuclear sabotage at Natanz — BBC

  • Within hours of Iran proudly announcing the launch of its latest centrifuges at its site in Natanz, a power blackout damaged some of the machines.

Bitcoin hits record before landmark Coinbase listing on Nasdaq — Reuters

  • Bitcoin hit a record of $62,741 on Tuesday, extending its 2021 rally to new heights a day before the listing of Coinbase shares in the U.S.

100M More IoT Devices Are Exposed—and They Won’t Be the Last — Wired

  • The “Name: Wreck” flaws in TCP/IP are the latest in a series of vulnerabilities with global implications.

QBot malware is back replacing IcedID in malspam campaigns — Bleeping Computer

  • Malware distributors are rotating payloads once again, switching between trojans that in many cases serve as an intermediary stage in a longer infection chain.

Cybersecurity: Victims are spotting cyberattacks much more quickly – but there’s a catch — ZDNet

  • Cybercriminals are spending less time inside networks before they’re discovered. But that’s partly because when hackers deploy ransomware, they don’t stay hidden for long.

Small Kansas water utility system hacking highlights risks — The Washington Times

  • A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.

Biden budget request calls for major investments in cybersecurity, emerging technologies — The Hill

  • President Biden called for over $1.3 billion in cybersecurity funds, along with major investments in emerging technologies such as quantum computing and artificial intelligence, as part of his proposed budget request sent to Congress.

Financial industry preps for proposal that would require 36-hour breach notification — Cyberscoop

  • A proposal would mandate that financial firms report more kinds of cyber incidents to regulators within 36 hours.

Joker malware infects over 500,000 Huawei Android devices — Bleeping Computer

  • More than 500,000 Huawei users have downloaded from the company’s official Android store applications infected with Joker malware that subscribes to premium mobile services.

In Case You Missed It

Cybersecurity News & Trends – 04-09-21

This week, educational institutions around the world found themselves the target of malware, as lawmakers faced pressure to increase protection for schools and universities.


SonicWall in the News

Keeping Tabs on IoT Security — Enterprise IT News

  • SonicWall Vice President of Regional Sales (APAC) Debasish Mukherjee was interviewed on the recent 2021 Cyber Threat Report.

Logically Buys MSSP Company, Sets Sights on $100M — TechTarget: SearchITChannel

  • This article mentions SonicWall’s strategic alliance with MSSP company Cerdant.

Industry News

European Institutions Were Targeted in a Cyberattack Last Week — Bloomberg

  • A spokesperson for the commission said that a number of EU bodies “experienced an IT security incident in their IT infrastructure.”

China Creates Its Own Digital Currency, a First for Major Economy — The Wall Street Journal

  • A cyber yuan stands to give Beijing power to track spending in real time. It also could soften the bite of U.S. sanctions.

US DoD Launches Vuln Disclosure Program for Contractor Networks — Security Week

  • The U.S. Department of Defense announced the launch of a new vulnerability disclosure program to identify vulnerabilities in Defense Industrial Base contractor networks.

Ransomware Hits TU Dublin and National College of Ireland — Bleeping Computer

  • The National College of Ireland is working on restoring IT services after being hit by a ransomware attack that forced the college to take IT systems offline.

FBI, CISA Warn Fortinet FortiOS Vulnerabilities Are Being Actively Exploited — ZDNet

  • APT groups are suspected of harnessing three bugs, two critical, for data exfiltration purposes.

University of California Victim of Ransomware Attack — The Hill

  • The university said in a statement that it — along with several other government agencies, private companies and other schools — has been involved in an attack involving Accellion, a secure file transfer company.

Malicious Cheats for Call of Duty: Warzone Are Circulating Online — Ars Technica

  • Activision said that a popular cheating site was circulating a fake cheat for “Call of Duty: Warzone” that contained a dropper, a type of backdoor that installs specific pieces of malware.

Malware Attack is Preventing Car Inspections in Eight U.S. States — Bleeping Computer

  • A malware attack on emissions testing company Applus Technologies is preventing vehicle inspections in Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah and Wisconsin.

As Ransomware Stalks the Manufacturing Sector, Victims Are Still Keeping Quiet — Cyberscoop

  • While competition from companies with cheap labor has long been an economic concern for U.S. manufacturers, cyberattacks have crept gradually into the equation.

Lawmakers Urge Education Department to Take Action to Defend Schools from Cyber Threats — The Washington Times

  • Representatives urged the Department of Education to prioritize protecting K-12 institutions from cyberattacks, which have shot up in the past year as classes moved increasingly online.

Feds Say Man Broke Into Public Water System and Shut Down Safety Processes — Ars Technica

  • The indictment underscores the potential for remote intrusions to have fatal consequences.

Ransomware Gang Wanted $40 Million in Florida Schools Cyberattack — Bleeping Computer

  • Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that cannot afford them.

U.S. DOJ: Phishing Attacks Use Vaccine Surveys to Steal Personal Info — Bleeping Computer

  • The U.S. Department of Justice warned of phishing attacks using fake post-vaccine surveys to steal money or trick people into handing over their personal information.

In Case You Missed It

Cybersecurity News & Trends – 04-02-21

This week, as lawmakers and researchers continued to unravel the details of the SolarWinds attack, another supply chain attack was uncovered — this time on PHP’s Git repository.


SonicWall in the News

Lacombe County fends off cyberattack — Red Deer Advocate

  • An attempted cyberattack on Lacombe County’s servers was ultimately prevented by the county’s SonicWall firewall.

2021 Partner Program Guide — CRN

  • SonicWall was recognized on a list of vendors who have 5-star channel partner programs.

SonicWall continues next-gen firewall refresh with NSa 3700 — Channelbuzz.ca

  • This article is about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch, and features key quotes from Kayvon Sadeghi about the importance of this upgrade.

SonicWall expands its threat protection to protect heavily targeted sectors with the NSa 3700 — CRN India

  • This article is about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch.

Leading Israeli IoT firm lands in US as worldwide malware attacks surge — ComputerWeekly

  • This article used data from SonicWall’s 2021 Cyber Threat Report to showcase the increase in malware and IoT attacks as the number of consumer-oriented IoT devices grows.

News Bits: SonicWall, Scality, Alluxio, Aerospike, Hammerspace, StarWind, Model9, & More — Storage Review

  • This article mentions the new NSa 3700 firewall and next-gen upgrades from the March 25 launch, and features key quotes from Kayvon Sadeghi about the importance of this upgrade.

2020 offered a ‘perfect storm’ for cybercriminals with ransomware attacks costing the industry $21B — Fierce Healthcare

  • This article used data from SonicWall’s 2021 Cyber Threat Report to showcase the increase in ransomware attacks on healthcare organizations.

Managed Security Services Provider (MSSP) News: 25 March 2021 — MSSP Alert

  • This article mentions about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch

SonicWall Announces Security Hardware and Software Upgrades — ChannelPro Network

  • This article is about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch, and features key quotes from Kayvon Sadeghi about the importance of this upgrade.

Industry News

North Korean hackers return, target infosec researchers in new operation — Ars Technica

  • North Korean government-sponsored hackers are back, this time with a new batch of social media profiles and a fake company that claims to offer offensive security services.

Ransomware tops U.S. cyber priorities, Homeland secretary says — Reuters

  • DHS Secretary Alejandro Mayorkas said that dealing with ransomware will be a top priority, highlighting the growing threat of the data-scrambling software.

U.S. to publish details on suspected Russian hacking tools used in SolarWinds espionage — Cyberscoop

  • The upcoming report sheds light on a historic espionage campaign that U.S. officials have, at times, been cautious to publicly detail.

Ubiquiti confirms extortion attempt following security breach — Cyberscoop

  • Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week.

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

  • On Jan. 11, Ubiquiti, Inc. — a major vendor of IoT devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Cybercriminals Publish Data Allegedly Stolen From Shell, Multiple Universities — Bleeping Computer

  • The FIN11 hacking group has published files that were allegedly stolen from oil and gas giant Shell, likely during a cybersecurity incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.

Australia investigates reported hacks aimed at parliament, media — Cyberscoop

  • An apparent cyber incident knocked Australia’s Parliament House’s email system offline just as Australia’s Channel Nine broadcasting was interrupted by hackers over the weekend.

And that’s yet another UK education body under attack from ransomware: Servers, email, phones yanked offline — The Register

  • The Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, has become the latest UK education body to fall victim to ransomware.

PHP’s Git server hacked to add backdoors to PHP source code — Cyberscoop

  • In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with.

Ukraine Investigating Phishing Software Used to Target Banks — Bloomberg

  • Phishing software was used to attack hundreds of banks and their clients in 11 countries, including the U.K, the U.S. and Mexico, the country’s Office of the Prosecutor General said in a statement.

More Ransomware Gangs Targeting Vulnerable Exchange Servers — Security Week

  • The Black Kingdom/Pydomer ransomware operators have joined the ranks of threat actors targeting the Exchange Server vulnerabilities that Microsoft disclosed in early March.

Ransomware admin is refunding victims their ransom payments — Bleeping Computer

  • After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.

FBI exposes weakness in Mamba ransomware, DiskCryptor — Bleeping Computer

  • An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom.

In Case You Missed It

Cybersecurity News & Trends – 03-26-21

This week — with higher education institutions and electricity companies on high alert, and with the Microsoft Exchange server crisis raging on — it’s no wonder 82% say cyberterrorism is America’s top potential threat.


SonicWall in the News

IoT malware attacks saw a huge rise last year — Techradar

  • As the number of consumer-oriented IoT devices grows, data from SonicWall’s 2021 Cyber Threat Report suggests, IoT malware has been on the rise.

Phishing Email Warning Shows Cybercriminals Seizing on Tax Filing Delay, Vaccine Rollout Gallery — Channel Futures

  • Dmitriy Ayrapetov explains how bad actors are targeting vaccine distribution and takes a closer look at the threats caused by the remote workforce.

ICYMI: Our Channel News Roundup For the Week of March 15 — ChannelPro Network

  • SonicWall’s 2021 Cyber Threat Report was included in ChannelPro Network’s weekly news roundup.

India Saw Largest Spike In Malware Attacks In 2020: Report — ET CISO

A Pandemic Of Email Scams — Financial Times

  • SonicWall recently reported a 62% increase in ransomware attacks last year and a 74% increase in malware variants.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CIO Review India

  • This article spotlights SonicWall’s 2021 Cyber Threat Report.

Industry News

Lawmakers reintroduce legislation to secure internet-connected devices — The Hill

  • The Cyber Shield Act would create a voluntary cybersecurity certification program for IoT devices.

Ransomware operators are piling on already hacked Exchange servers — Ars Technica

  • The fallout from the Microsoft Exchange server crisis isn’t abating just yet.

Purple Fox Malware Targets Windows Machines With New Worm Capabilities — Threat Post

  • A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.

Thousands of Exchange servers breached prior to patching, CISA boss says — Cyberscoop

  • A U.S. government cybersecurity official has warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached.

Covid-19: Vaccines and vaccine passports being sold on darknet — BBC

  • Researchers say they have seen a “sharp increase” in vaccine-related darknet adverts, while the BBC has been unable to determine whether the vaccines being sold there are real.

UK colleges and unis urged to prepare for ransomware before it’s too late — The Register

  • There’s been an uptick in attacks since schools reopened, warns National Cyber Security Centre

Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns — Security Week

  • A newly published report form the U.S. Government Accountability Office describes the risks of cyberattacks on the electricity grid’s distribution systems, along with the scale of the potential impact of such attacks.

8 in 10 say cyberterrorism is top potential threat: Gallup — The Hill

  • According to the survey, 82% of respondents said cyberterrorism is a critical threat to the U.S.

TikTok Doesn’t Pose Overt U.S. National Security Threat, Researchers Say — The New York Times

  • A new study by university cybersecurity researchers found that the computer code underlying the TikTok app doesn’t pose an overt national security threat to the U.S.

Acer reportedly targeted with $50 million ransomware attack — ZDNet

  • The REvil ransomware gang has published various Acer documents, such as financial spreadsheets, bank balances and bank communications.

FBI warns of BEC attacks increasingly targeting US govt orgs — Bleeping Computer

  • The Federal Bureau of Investigation is warning U.S. private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.

Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities — ZDNet

  • Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.

SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests — ZDNet

  • Existing victim networks are used as a novel form of sandbox, as cybercriminals exploit them to test out payloads.

In Case You Missed It

Cybersecurity News & Trends – 03-19-21

This week, SonicWall released its biggest trove of threat intelligence yet: The 2021 SonicWall Cyber Threat Report.


SonicWall in the News

Microsoft Office Files Now Used By Hackers to Spread Malware: IoT Under Attack — Tech Times

  • Tech Times covered SonicWall’s 2021 Cyber Threat Report, highlighting the surge in malicious Office file attacks.

Election security report calls out Russian, Iranian influence ops. Remediation progress. Ukraine finds Russian cyberespionage — CyberWire

  • SonicWall’s 2021 Cyber Threat Report was included under the “Cyber Trends” section of the newsletter.

Threat Actors Thriving on the Fear and Uncertainty of Remote Workforces — Help Net Security

  • Help Net Security shared an article on SonicWall’s 2021 Threat Report, highlighting that cyber criminals preyed on the new remote work reality.

Ransomware Up 62 Percent Since 2019 — BetaNews

  • BetaNews shared an article on SonicWall’s 2021 Threat Report, highlighting the growth in ransomware.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CRN

  • This article features the findings from SonicWall’s 2021 Cyber Threat Report.

SonicWall: Pandemic exposes record-breaking cyber attacks — Mobile News

  • This article features the findings from SonicWall’s 2021 Cyber Threat Report.

Ransomware and IoT Malware Detections Surge By Over 60% — InfoSecurity Magazine

  • InfoSecurity Magazine covered SonicWall’s 2021 Cyber Threat Report, highlighting the double-digit surge in ransomware and IoT malware.

Cybercrime Saw an ‘Explosion’ in 2020 — ITProPortal

  • ITProPortal covered SonicWall’s 2021 Cyber Threat Report, highlighting that ransomware, cryptojacking and malicious Office files were the most popular vectors for cybercrime in 2020.

ChannelPro Weekly Podcast: Episode #178 — ChannelPro Weekly Podcast

  • This podcast features an interview with Dmitriy discussing the impact the pandemic had on cybersecurity and the cybersecurity trends of 2021.

Industry News

More than $4 billion in cybercrime losses reported to FBI in 2020 — FBI Internet Crime Report 2021

  • American victims reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% uptick from 2019.

Attackers are trying awfully hard to backdoor iOS developers’ Macs — Ars Technica

  • Researchers said they’ve found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.

Ransom Payments Have Nearly Tripled — Dark Reading

  • In 2020, ransomware targeted the manufacturing sector, healthcare organizations and construction companies, with the average ransom reaching $312,000, a report finds.

U.S. taxpayers targeted with RAT malware in ongoing phishing attacks — Bleeping Computer

  • U.S. taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information.

$4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware — Threat Post

  • The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.

Mimecast Says SolarWinds Hackers Stole Source Code — SecurityWeek

  • Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack and revealed that the threat actor managed to steal some source code.

Buffalo Public Schools cancels classes after cyberattack — Cyberscoop

  • Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday.

FBI warns of escalating Pysa ransomware attacks on education orgs — Bleeping Computer

  • The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.

Bitcoin surges past $60,000 for first time — BBC

  • Bitcoin, which has more than tripled in value since the end of last year, has been powered on by well-known companies adopting it as a method of payment.

Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers — Reuters

  • Microsoft stands to receive nearly a quarter of COVID-19 relief funds destined for U.S. cybersecurity defenders, angering some lawmakers who don’t want to increase funding for a company whose software was recently at the heart of two big hacks.

Molson Coors says cyberattack disrupted beer brewing — Cyberscoop

  • Molson Coors, one of the biggest beer companies in the U.S., didn’t provide many specifics about the cyberattack.

With Spectre Still Lurking, Google Looks to Protect the Web — Wired

  • Researchers from Google have developed a proof-of-concept that reveals the hazard Spectre assaults pose to the browser.

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits — Bleeping Computer

  • A new ransomware called ‘DEARCRY’ is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities.

In Case You Missed It

Cybersecurity News & Trends – 03-12-21

This week saw breaches on more than two dozen U.K. schools and universities, thousands of security cameras, Microsoft Exchange servers, and even hacking forums themselves.


SonicWall in the News

Ryuk Ransomware Is Now More Dangerous Than Ever. Here’s Why — Toolbox

  • Ryuk, which has set organizations back by $150 million over the past three years, has acquired new capabilities that allow it to propagate across connected networks and systems, including those that are inactive or powered off.

Microsoft Cloud App Security Aims To Expand Your Defenses — TechTarget

  • Data center security tools have little control over the plethora of SaaS apps used in the enterprise. A Microsoft offering attempts to bridge that gap to ward off threats.

Industry News

UPDATE: Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals — Bloomberg

  • A group of hackers say they breached a massive trove of security camera data collected by Silicon Valley startup Verkada, Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Researchers Show First Side-Channel Attack Against Apple M1 Chips — Security Week

  • Researchers have demonstrated that attackers could launch browser-based side-channel attacks that do not require JavaScript, and they’ve tested the method on a wide range of platforms, including devices that use Apple’s new M1 chip.

It’s Open Season for Microsoft Exchange Server Hacks — Wired

  • A patch for the Exchange vulnerabilities China exploited has been released. Now criminal groups are going to reverse engineer it — if they haven’t already.

Dark Web Markets for Stolen Data See Banner Sales — Threat Post

  • Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs.

EU Sets 2030 Goals to Secure Tech Sovereignty From U.S., Asia — Bloomberg

  • The European Union outlined its digital goals for the next decade, including plans to develop and manufacture the world’s most advanced semiconductors by 2030 in an effort to reduce reliance on foreign companies.

A Basic Timeline of the Exchange Mass-Hack — Krebs on Security

  • Brian Krebs breaks down the Microsoft Exchange attack timeline.

GandCrab ransomware affiliate arrested for phishing attacks — Bleeping Computer

  • A suspected GandCrab ransomware operator was arrested in South Korea for using phishing emails to infect victims.

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ — The Register

  • In a message to students and staff, the institution, which spans 13 locations across the northernmost part of the UK, warned that “most services” – including its Brightspace virtual learning environment – were affected.

A new type of supply-chain attack with serious consequences is flourishing — Ars Technica

  • New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft and Zillow.

Watchdog Warns of Weak Cybersecurity in DOD Weapons Contracts — Bloomberg

  • A government watchdog warned that the U.S. military has failed to adequately include cybersecurity provisions in contracts for acquiring weapons systems. … “Some contracts we reviewed had no cybersecurity requirements when they were awarded, with vague requirements added later.”

Cyberattack shuts down online learning at 15 UK schools — ZDNet

  • The cyberattack also took email, phone and website communication offline.

Three Top Russian Cybercrime Forums Hacked — Krebs on Security

  • Over the past few weeks, three of the longest running and most venerated Russian-language forums, which serve thousands of experienced cybercriminals, have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

Ongoing phishing attacks target US brokers with fake FINRA audits — Bleeping Computer

  • The U.S. Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning U.S. brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.

Business Apps Spoofed in 45% of Impersonation Attacks — Dark Reading

  • Business-related applications like those from Microsoft, Zoom and DocuSign are most often impersonated in brand phishing attacks.

Three New Malware Strains Linked to SolarWinds Hackers — Security Week

  • The malware, named GoldMax, GoldFinder and Sibot, has been used to maintain persistence and for other “very specific” actions.

In Case You Missed It

Cybersecurity News & Trends – 03-05-21

This week, Gab got breached, Ryuk got stronger, and AOL users got phished.


SonicWall in the News

2021 Cyber Security Global Excellence Awards Winners — Globee Business Awards

  • SonicWall swept the Globee Business Awards, bringing home the Grand Trophy, along with nine other gold, silver and bronze honors.

Ransomware Has Changed In A Very Dramatic Way In The Past Two Years: SonicWall CEO — ET Tech

  • Bill Conner discusses the rise of nation states as primary threat actors and how that changes the conversation around country of origin marketing of cybersecurity products.

SonicWall CEO Bill Conner on His Journey in the Digital and Cybersecurity Space — YourStory

  • Bill Conner details his three-decade journey in the tech and enterprise sector and his role in helping governments, municipalities and others with the security of the COVID-19 vaccine distribution process.

Industry News

Gab’s CTO Introduced a Critical Vulnerability to the Site — Wired

  • A review of the open-source code shows an account under the executive’s name made a mistake that could lead to the kind of breach reported this weekend.

Why Global Power Grids Are Still So Vulnerable to Cyber Attacks — Bloomberg

  • More than five years after massive cyberattacks left a quarter of a million Ukrainians without electricity, the world’s power grids have become even more vulnerable to hackers.

Wray hints at federal response to SolarWinds hack — The Hill

FBI Director Christopher Wray hinted at the planned federal response to what has become known as the SolarWinds attack, stressing that confronting foreign attacks in cyberspace would be a “long, hard slog.”

China’s new cyber tactic: targeting critical infrastructure — SC Magazine

  • A newly discovered threat group breached India’s power infrastructure, marking the first time a Chinese government-linked cyber actor has emerged as a significant threat against another nation’s critical infrastructure.

Bitcoin at ‘tipping point,’ Citi says as price surges — Reuters

  • Bitcoin rose nearly 7%, with Citi saying the most popular cryptocurrency was at a “tipping point” and could become the preferred currency for international trade.

Government watchdog finds federal cybersecurity has ‘regressed’ in recent years — The Hill

  • Federal cybersecurity has “regressed” since 2019 due to factors including the lack of centralized cyber leadership at the White House, the Government Accountability Office (GAO) said in a report released Tuesday.

Far-Right Platform Gab Has Been Hacked—Including Private Data — Wired

  • The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts and more available to researchers, journalists and social scientists.

Google: Bad bots are on the attack, and your defence plan is probably wrong — ZDNet

  • Bot attacks are on the rise as businesses move online due to the pandemic.

Beware: AOL phishing email states your account will be closed — Bleeping Computer

  • An AOL mail phishing campaign is underway to steal users’ login name and password by warning recipients that their account is about to be closed.

Ryuk ransomware now self-spreads to other Windows LAN devices — Bleeping Computer

  • A new Ryuk ransomware variant with worm-like capabilities allowing it to spread to other devices on victims’ local networks has been discovered.

SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data — The New York Times

  • Microsoft argues the cloud offers more protection; rivals point to firms’ need to hold and access their information on-premises.

Bitcoin set for worst week since March as riskier assets sold off — Reuters

  • Bitcoin was headed on Friday for its worst week since March as a rout in global bond markets sent yields flying and sparked a sell-off in riskier assets.

In Case You Missed It

Cybersecurity News & Trends – 02-26-21

This week, SonicWall was recognized as one of the coolest network security companies of 2021. Less cool: a huge spate of cyberattacks targeting the NSA, hospitals, universities, airlines, IT companies and even Apple’s new M1 silicon.


SonicWall in the News

The 20 Coolest Network Security Companies of 2021: The Security 100 — CRN

  • SonicWall was included on CRN’s list of the 20 Coolest Network Security Companies.

The Top 6 Enterprise VPNs To Use in 2021 — TechRepublic

  • SonicWall’s Global VPN Client is cited as one of the top VPNs for enterprises.

Experts Blast SMBs’ “Head In The Sand” Approach To Cyber Security — IT PRO

  • From failing to patch exposed VPNs to meeting ransom demands, businesses are playing a role in fueling the threat landscape.

Industry News

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn — Wired

  • A Sandworm-adjacent group has successfully breached U.S. critical infrastructure a handful of times, according to new findings from the security firm Dragos.

COVID pandemic causes spike in cyberattacks against hospitals, medical companies — ZDNet

  • IBM says attack rates have doubled against medical entities since the pandemic began.

After Russian Cyberattack, Looking for Answers and Debating Retaliation — The New York Times

  • Key senators and corporate executives warned that the “scope and scale” of the SolarWinds attack were unclear, and that the attack might still be ongoing.

LazyScripter hackers target airlines with remote access trojans — Bleeping Computer

  • Security researchers believe they uncovered activity belonging to a previously unidentified actor fitting the description of an advanced persistent threat (APT).

10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express — Dark Reading

  • The two campaigns aimed to steal victims’ business email account credentials by posing as the shipping companies.

NASA and the FAA were also breached by the SolarWinds hackers — Bleeping Computer

  • NASA and the U.S. Federal Aviation Administration (FAA) have reportedly also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack.

Ransomware: Sharp rise in attacks against universities as learning goes online — ZDNet

  • Higher education is struggling with ransomware attacks, with gangs seeing an easy target in institutions busy making the switch to remote operations.

Finnish IT Giant Hit with Ransomware Cyberattack — Threat Post

  • A major Finnish IT provider has been hit with ransomware, forcing the company to turn off some services and infrastructure while it takes recovery measures.

Chinese spyware code was copied from America’s NSA: researchers — The Wall Street Journal

  • Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations — another example of how malicious software developed by governments can boomerang against their creators.

Malware monsters target Apple’s M1 silicon with ‘Silver Sparrow’ — The Register

  • U.S. security consultancy Red Canary says it’s found macOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.

Global Accellion data breaches linked to Clop ransomware gang — Bleeping Computer

  • Financially motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance.

In Case You Missed It

Cybersecurity News & Trends – 02-19-21

This week was a good one for the rule of law, as a number of cybercriminals involved in ransomware, phishing and cryptocurrency theft were brought to justice.


SonicWall in the News

2021 Channel Chiefs: Robert (Bob) VanKirk — CRN

  • Robert (Bob) VanKirk has been named one of CRN’s Channel Chiefs for 2021.

2021 Channel Chiefs: HoJin Kim — CRN

  • HoJin Kim has been named one of CRN’s Channel Chiefs for 2021.

2021 Channel Chiefs: David Bankemper — CRN

  • David Bankemper has been named one of CRN’s Channel Chiefs for 2021.

Industry News

North Korea Turning to Cryptocurrency Schemes in Global Heists, U.S. Says — The Wall Street Journal

  • The U.S. Justice Department has charged North Koreans hackers in wide-ranging scheme that includes attempts to steal $1.3 billion for Pyongyang.

Nigerian man sentenced 10 years for $11 million phishing scam — Cyberscoop

  • The sentence comes as the cost of email scams continues to rise, plaguing U.S. businesses.

Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos — The Register

  • A credential-stealing trojan is capable of lifting your login details from the Chrome browser, Microsoft’s Outlook and instant messengers.

NIST hints at upgrades to its system for scoring a phish’s deceptiveness — SC Magazine

  • Officials from the National Institute of Standards and Technology (NIST) this week teased future improvements to its “Phish Scale,” which helps companies determine whether phishing emails are hard or easy for their employees to detect.

Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back — Dark Reading

  • Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.

SolarWinds attack hit 100 companies and took months of planning, says White House — ZDNet

  • The White House warns the SolarWinds attack was more than espionage, because the private sector targets could lead to follow-up attacks.

Senate Intel leader demands answers on Florida water treatment center breach — The Hill

  • Sen. Mark Warner (D-Va.) has demanded answers regarding the investigation into the recent attempt to breach and poison the water supply in a Florida city.

Rising healthcare breaches driven by hacking and unsecured servers — Bleeping Computer

  • 2020 was a bad year for healthcare organizations in the U.S., which had to deal with record-high cybersecurity incidents on the backdrop of the COVID-19 pandemic.

Bitcoin hits new record of $50,000 — BBC

  • The cryptocurrency, which was created by an unknown inventor, has risen about 72% this year.

270 addresses are responsible for 55% of all cryptocurrency money laundering — ZDNet

  • Most cryptocurrency money laundering is concentrated in a few online services, opening the door for law-enforcement actions.

Microsoft asks government to stay out of its cyber attack response in Australia — ZDNet

  • Government intervention would result in a “Fog of War,” further complicating any attempt to mitigate cyberattack response, the company said.

France’s cyber-agency says Centreon IT management software sabotaged by Russian Sandworm — The Register

  • Web hosts were infiltrated for up to three years in an attack that somewhat resembles the SolarWinds breach.

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020 — Dark Reading

  • Consumer banks, exchanges, payment firms and card-issuing companies around the globe were among those hit.

Microsoft: SolarWinds attack took more than 1,000 engineers to create — ZDNet

  • Microsoft reckons that the huge attack on security vendors and more took the combined power of at least 1,000 engineers to create.

In Case You Missed It