Posts

Cybersecurity News & Trends – 07-31-20

/0 Comments/in /by

This week, ransomware attacks on U.S. governments, the energy sector, sports teams and smartwatch maker Garmin made headlines — and with cryptocurrency on the rise, more may be in store.

SonicWall Spotlight

Malware is Down, But IoT and Ransomware Attacks Are Up — TechRepublic

  • Malicious attacks disguised as Microsoft Office files increased 176%, according to SonicWall’s midyear threat report.

Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers — ThreatPost

  • COVID-19 has changed the face of cybercrime, as the latest malware statistics show.

Inactive wear! Smartwatch maker Garmin suffers widespread outages after ‘ransomware attack’ – leaving thousands unable to track their workouts — Daily Mail

  • According to Bill Conner, the combination of remote internet connections and less secure personal computers has increased organizations’ risk of being compromised.

Smartwatch maker Garmin suffers outage after ransomware attack — The Telegraph

  • SonicWall found that there had been a 20% increase in the number of ransomware attacks in the first half of the year, to more than 120 million.

HoJin Kim Named as part of CRN‘s Top 100 Executives Of 2020 list, we highlight 25 sales executives leading the channel charge — CRN Award

  • Kim has revolutionized pricing for MSSPs, with a pay-as-you-go model for SonicWall’s software products that delivers a cost savings of 20% over buying an annual license.

Cybersecurity News

FBI warns of Netwalker ransomware targeting US government and orgs — Bleeping Computer

  • The FBI has issued a security alert about Netwalker ransomware operators, advising victims not to pay the ransom and to report incidents to their local FBI field offices.

Russia’s GRU Hackers Hit US Government and Energy Targets — Wired

  • A previously unreported Fancy Bear campaign persisted for well over a year — suggesting the notorious group behind the attacks has broadened its focus.

UK govt warns of ransomware, BEC attacks against sports sector — Bleeping Computer

  • The UK National Cyber Security Centre has highlighted the increasing number of ransomware, phishing and BEC schemes targeting sports organizations.

Bitcoin rises above $10,000 for first time since early June — Reuters

  • After several weeks of trading in narrow ranges, Bitcoin has breached $10,000 for the first time since early June.

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux — Bleeping Computer

  • Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP.

CISO concern grows as ransomware plague hits close to home — ZDNet

  • An increasing wave of cybercrime targeting Fortune 500 companies is starting to ring alarm bells.

BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows — Bleeping Computer

  • When properly exploited, a severe vulnerability in almost all signed versions of GRUB2 bootloader could enable compromise of an operating system’s booting process even if the Secure Boot verification mechanism is active.

OkCupid: Hackers want your data, not a relationship — ZDNet

  • Researchers have discovered a way to steal the personal and sensitive data of users on the popular dating app.

US defense contractors targeted by North Korean phishing attacks — Bleeping Computer

  • Employees of U.S. defense and aerospace contractors were targeted in a large-scale spearphishing campaign designed to infect their devices and to exfiltrate defense tech intelligence.

In Case You Missed It

Cybersecurity News & Trends – 07-24-20

/0 Comments/in /by

This week, SonicWall reveals what the “new business normal” looks like for cybercriminals in the mid-year update to the 2020 Cyber Threat Report.

SonicWall Spotlight

SonicWall Report: COVID-19 Has Created ‘Boon’ For Criminals — ZDNet

  • In an article on SonicWall’s Mid-Year Threat Report, ZDNet highlights findings that hackers have shifted their strategies due to COVID-19.

The 2020 Rising Female Stars Of The IT Channel — CRN

  • SonicWall is proud to announce one of its own, Tiffany Haselhorst, has joined other leaders within the IT channel community on CRN’s esteemed 2020 list of 100 Rising Female Stars.

Cyberthreat landscape changes to meet new business normal of Work From Home: SonicWall — Channelbuzz.ca

  • In an article on SonicWall’s Mid-Year Threat Report, Channelbuzz highlights how cybercriminals have evolved their tactics to better exploit remote work environments during the pandemic.

Malware Attacks Down As Ransomware Increases — BetaNews

  • In an article on SonicWall’s Mid-Year Threat Report, BetaNews highlights findings that malware has dropped 24% and ransomware has increased 20% globally and 109% in the U.S.

Cybersecurity News

Using Robust Tools, Cybercriminals Accelerate Their Own Digital Transformation — SiliconANGLE

  • In the online underground, crime not only pays, but attackers are rapidly developing tools and networks that rival those of legitimate enterprises today.

Blackbaud Hack: Universities lose data to ransomware attack — BBC

  • At least seven universities in the UK and Canada have had student data stolen after hackers attacked a cloud computing provider.

Ongoing Meow attack has nuked >1,000 databases without telling anyone why — Ars Technica

  • Just hours after a world-readable database exposed a wealth of sensitive user information, UFO made the news again, this time because a database that stored user details was destroyed in an attack.

Apple’s Hackable iPhones Are Finally Here — Wired

  • Last year, Apple announced a special device just for hackers. The phone — for approved researchers only — will soon go into circulation.

New cryptojacking botnet uses SMB exploit to spread to Windows systems — Bleeping Computer

  • A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol.

Ransomware attack locked a football club’s turnstiles — ZDNet

  • Cyber criminals are targeting sports teams, leagues and organizational bodies — and in many cases, their attacks are successful, warns the NCSC.

Lazarus hackers deploy ransomware, steal data using MATA malware — Bleeping Computer

  • A recently discovered malware framework, known as MATA and linked to the North Korean-backed Lazarus hacking group, was used in attacks targeting corporate entities from multiple countries.

House-passed defense spending bill includes provision establishing White House cyber czar — The Hill

  • The House version of the annual National Defense Authorization Act included a provision establishing a national cyber director, a role that would help coordinate federal cybersecurity efforts.

Hackers use recycled backdoor to keep a hold on hacked e-commerce server — Ars Technica

  • Easy-to-miss script can give attackers new access should they ever be booted out.

Twitter Hack Revives Concerns Over Its Data Security — The Wall Street Journal

  • The alleged perpetrator, who called himself ‘Kirk,’ was part of a subculture where hackers trade in coveted social-media accounts.

In Case You Missed It

Cybersecurity News & Trends – 07-17-20

/0 Comments/in /by

This week, between breaches at Twitter, compromise at Citrix and cyberattacks against COVID-19 vaccine manufacturers, the case for a U.S. national cyber director got even stronger.

SonicWall Spotlight

Russian Cyber Espionage Group is Trying to Steal U.S. COVID-19 Vaccine Research — Newsweek International

  • SonicWall CEO and GCHQ advisor Bill Conner said, “Russia happens to be the first country placed in the spotlight, but it was only a matter of time before a nation state resorted to cybercrime to influence or control global healthcare during a time of great need. … [Cyber] criminals tend to follow the money trail, thus putting a massive bounty on anything vaccine-related.”

Cybersecurity News

Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption — Security Week

  • Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems.

Malware adds online sandbox detection to evade analysis — Bleeping Computer

  • Malware developers are now using Any.Run malware analysis service in an attempt to prevent their malware from being easily analyzed by researchers.

This botnet has surged back into action spreading a new ransomware campaign via phishing emails — ZDNet

  • There’s been a big jump in Phorpiex botnet activity – but it’s a trojan malware attack that was the most common malware campaign in June.

New AgeLocker Ransomware uses Googler’s utility to encrypt files — Bleeping Computer

  • A new and targeted ransomware named AgeLocker utilizes the ‘Age’ encryption tool created by a Google employee to encrypt victims’ files.

The case for a National Cyber Director — Cyberscoop

  • Although the effects of COVID-19 will last for years, it’s already clear that shifting more activity online has increased our society’s digital dependence even faster than expected.

‘DdoS-For-Hire’ Is Fueling a New Wave of Attacks — Wired

  • Turf wars are heating up over routers that fuel distributed DDoS attacks.

New Mirai Variant Surfaces with Exploits for 9 Vulnerabilities Products — Dark Reading

  • Impacted products include routers, IP cameras, DVRs, and smart TVs.

TrickBot malware mistakenly warns victims that they are infected — Bleeping Computer

  • The notorious TrickBot malware accidentally included a test module that’s warning victims that they are infected and should contact their administrator.

Russian Hackers Blamed for Attacks on Vaccine-Related Targets — The Wall Street Journal

  • U.S. and U.K. government officials said a prominent state-backed Russian hacking group is responsible for ongoing cyberattacks against organizations involved in the development of coronavirus vaccines and other healthcare-related work.

A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam — The New York Times

  • In a major show of force, hackers breached some of the site’s most prominent accounts, a Who’s Who of Americans in politics, entertainment and tech.

Citrix: No breach, hacker stole business info from third party — Bleeping Computer

  • Citrix has published an official statement to deny claims that the company’s network was breached by a malicious actor who says that he was also able to steal customer information.

In Case You Missed It

Cybersecurity News & Trends – 07-10-20

/0 Comments/in /by

This week, phishing dominated the headlines, as threat actors targeted Office 365 users and senior executives.

SonicWall Spotlight

Contact tracing apps: “It’s better to do it right than quick” — Verdict

  • This podcast on contact tracing technology includes commentary from Bill Conner, who discusses different types of security policies and why security and privacy are of paramount importance.

‘Our direct-touch approach is disrupting the market’ – SonicWall’s new Ireland boss on becoming more than just a firewall vendor — Channel Partner Insight (UK)

  • Ireland Country Manager Tristan Bateup said SonicWall’s channel team in Ireland has been restructured to bring more roles into the country. “We’ve now got people in place in country from a sales and marketing, sales and engineering and obviously a country lead perspective.”

Cybersecurity News

Over 5 Billion Unique Credentials Offered on Cybercrime Marketplaces — Security Week

  • More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials.

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms — The Register

  • New report puts a microscope on Evilnum, including its tools, techniques and potential ties to other cyberattackers.

Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption — ZDNet

  • The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data for encryption.

Persuasive Office 365 phishing uses fake Zoom suspension alerts — Bleeping Computer

  • A new phishing campaign targets Microsoft Office 365 corporate users with notices that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.

Citrix tells everyone not to worry too much over its latest security patches. NSA’s former top hacker disagrees — The Register

  • Rob Joyce, former head of the NSA’s Tailored Access Operations elite hacking team, warns it’s time for admins to get busy to ensure protection from several exploitable issues, including unauthenticated access and RCE.

Vast Phishing Campaign Hits Microsoft Users in 62 Countries — Bloomberg

  • Microsoft Corp. customers were targeted in a massive phishing campaign that has sought to defraud users in 62 countries since December, with recent emails attempting to exploit the pandemic.

North Korean hackers linked to web skimming (Magecart) attacks, report says — ZDNet

  • After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.

Cerberus Banking Trojan Unleashed on Google Play — Threat Post

  • The Cerberus malware can steal banking credentials, bypass security measures and access text messages.

Looks Like Russian Hackers Are on an Email Scam Spree — Wired

  • A group dubbed “Cosmic Lynx” uses surprisingly sophisticated methods — and targets big game.

Hackers are trying to steal admin passwords from F5 BIG-IP devices — ZDNet

  • Threat actors have already started exploiting the F5 BIG-IP mega-bug, attempting to steal administrator passwords from the hacked devices

New Mac ransomware is even more sinister than it appears – Ars Technica

  • ThiefQuest or EvilQuest can grab passwords and credit card numbers.

In Case You Missed It

Cybersecurity News & Trends – 07-02-20

/0 Comments/in /by

This week, the U.S. government brought up cybersecurity legislation, while the U.S. judicial system handed down cybercriminal incarceration.

SonicWall Spotlight

Hackers used ransomware to take over parts of UC San Francisco’s network and extorted $1.14million in exchange for returning access to their files — Daily Mail

  • UC San Francisco hasn’t said what files were affected nor how the ransomware entered the system, but the FBI has opened an investigation into the incident.

Sonicwall Lands In Ireland, Expands Channel Partner Strategy — SonicWall Press Release

  • SonicWall today announced that it has appointed Tristan Bateup as country manager for Ireland.

UCSF pays $1 million ransom to recover medical school data from hackers — The Mercury News

  • The UCSF School of Medicine was the third targeted by cyberattacks in the past two months, but a spokesperson said the attack did not affect patient care or ongoing COVID-19 research.

Cybersecurity News

Russian Criminal Group Finds New Target: Americans Working at Home — The New York Times

  • A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise — Cyberscoop

  • This year, U.S. Cyber Command convened with allied countries for what appeared to be a straightforward simulation of an attack against a European airbase — but then a global pandemic changed all the rules.

Russian cybercriminal gets 9 years for online fraud website — The Washington Times

  • A Russian computer hacker who facilitated $20 million in credit card fraud and ran a sophisticated clearinghouse for international cybercriminals was sentenced Friday to nine years in prison.

Lawmakers introduce legislation to establish national cybersecurity director — The Hill

  • A bipartisan group of lawmakers has introduced legislation in the House that would establish a national cybersecurity director to lead government efforts on cybersecurity.

DDoS botnet coder gets 13 months in prison — ZDNet

  • Kenneth Schuchman, known as Nexus Zeta, created multiple DDoS botnets, including Satori, Okiru, Masuta, and Fbot/Tsunami.

An embattled group of leakers picks up the WikiLeaks mantle — Ars Technica

  • DDoSecrets was banned from Twitter after releasing what they claim is the largest-ever cache of hacked U.S. police data, a leak some say positions the group as the heir apparent of WikiLeaks’ early, idealistic mission.

Senators move to boost state and local cybersecurity as part of annual defense bill — The Hill

  • A group of Senate Democrats on Monday introduced as part of the annual National Defense Authorization Act (NDAA) a measure that would strengthen cybersecurity protections for states vulnerable to malicious cyberattacks.

U.S. FCC issues final orders declaring Huawei, ZTE national security threats — Reuters

  • The FCC has formally designated China’s Huawei Technologies Co and ZTE Corp as posing threats to national security, barring U.S. firms from tapping an $8.3 billion government fund to purchase equipment from the companies.

Schools Already Struggled With Cybersecurity. Then Came Covid-19 — Wired

  • A lack of dedicated funding and resources made it hard to keep data secure — and that was before classes moved almost entirely online.

Things that happen every four years: Olympic Games, presidential elections, and now new Mac ransomware — The Register

  • Known as EvilQuest, the brand-new strain of Mac ransomware was spotted spreading via Russian piracy and torrent sites.

DDoS Attacks Jump 542% from Q4 2019 to Q1 2020 — Dark Reading

  • The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.

Tax software used by Chinese bank clients installs GoldenSpy backdoor — SC Magazine

  • A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers system-level privileges, researchers warn.

In Case You Missed It

Cybersecurity News & Trends – 06-26-20

/0 Comments/in /by

Hackers made inroads this week with zero-day threats, massive DDoS attacks and point-of-sale compromises — but there were significant wins for the good guys, too.

SonicWall Spotlight

CEO Outlook 2020 – Bill Conner — CRN

  • CRN recently asked 80 of the industry’s top CEOs — including SonicWall’s Bill Conner — why 2020 will be the launch of the data decade.

MSPs will be forced to fix ‘rushed out’ remote working solutions post-COVID – Sonicwall CEO —  Channel Partner Insight

  • In an interview with CPI, Bill Conner explained that as changes to work patterns are likely to outlast the pandemic, pivoting out of lockdown will mean some of the earlier “temporary” remote working solutions will need to be re-engineered.

The Tel Aviv Tech Startups that are Solving COVID-19 Challenges — Forbes

  • Tel Aviv-based Perimeter 81, a provider of network security-as-a-service that recently completed a $10 million Series A led by SonicWall and existing investors, offers solutions that replace traditional VPNs.

Cybersecurity News

FBI warns K-12 schools of ransomware attacks via RDP —  ZDNet

  • The FBI has issued a security alert warning K-12 schools about ransomware gangs abusing RDP connections to break into school systems.

There are DDoS attacks, then there’s this 809 million packet-per-second tsunami Akamai says it just caught —  The Register

  • The attack, which targeted an unspecified European bank, was the largest such attack Akamai had ever encountered — and CDN believes it may be the largest DDoS attack to hit any network, ever.

This ransomware has learned a new trick: Scanning for point of sales
devices —  ZDNet

  • Already one of the most dangerous forms of ransomware, Sodinokibi now looks like it could be attempting to make money from stolen payment information, too.

FBI sees major spike in coronavirus-related cyber threats — The Hill

  • FBI’s Internet Crime Complaint Center (IC3) has received 20,000 coronavirus-related cyber threat reports this year — as many as they received in all of 2019.

Republicans propose bill to end ‘warrant-proof’ encryption
The Washington Times

  • Republicans on the Senate Judiciary Committee introduced a bill Tuesday taking on the encryption technology that major tech companies use to secure customer data.

New WastedLocker ransomware demands payments of millions of USD —  ZDNet

  • Evil Corp, one of the biggest malware operations on the planet, has returned to life with a new ransomware strain.

Ransomware operators lurk on your network after their attack —  Bleeping Computer

  • While many believe attackers quickly deploy ransomware and leave so they won’t get caught, in reality threat actors are not so quick to give up a resource that they worked so hard to control.

Phishing and cryptocurrency scams squashed as one million emails are reported to new anti-scam hotline —  ZDNet

  • In the two months since its launch, the UK’s new anti-scam hotline has received an average of 16,500 emails per day, resulting in 10,000 links to online scams either blocked or taken down by authorities.

Hacker arrested for stealing, selling PII of 65K hospital employees
Bleeping Computer

  • 29-year-old Justin Sean Johnson has been arrested for allegedly stealing PII and W-2 information for over 65,000 University of Pittsburgh Medical Center employees and selling it on the dark web.

Security surprise: Four zero-days spotted in attacks on researchers’ fake networks —  ZDNet

  • Previously unknown attacks used against fake systems highlight big problems with industrial systems security.

In Case You Missed It

Cybersecurity News & Trends – 06-19-20

/0 Comments/in /by

This week, SonicWall’s new Switches and Secure SD-Branch made waves, hackers made a stronger Qbot, and attacks on AWS made history.

SonicWall Spotlight

ChannelPro 5 Minute Roundup — ChannelPro Network

  • Erick and Rich of ChannelPro explore the far-reaching implications of SonicWall’s new branch office networking solution, which they say arrived at a great time for businesses.

SonicWall Launches New Network Switches — Enterprise Times

  • SonicWall has announced a range of new products, including new multi-gigabit switches and an SD-Branch solution.

SonicWall Advances Network Edge Security, Adds Multi-gigabit Switch Series and New SD-Branch Capabilities — TMCnet

  • TMCnet highlights SonicWall’s momentum over the past quarter, including the release of new and enhanced MSSP offerings and the launch of its SD-Branch capabilities.

SonicWall takes threat protection to the branch level — MicroScope

  • This article covers the  latest SD-Branch offering as a major shift and a milestone in its corporate history, with it set to have a major impact on the security player’s channel.

Cybersecurity News

Researchers Expose a New Vulnerability in Intel’s CPUs — Wired

  • Modern CPUs — particularly those made by Intel — have been under siege in recent years by an unending series of attacks. Now, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.

Google Sees Increase in COVID-19 Phishing in Brazil, India, UK — Security Week

  • Cyberthreats taking advantage of the COVID-19 pandemic are evolving, and Google is seeing an increase in related phishing attempts in some countries.

Attackers impersonate secure messaging site to steal bitcoins — Bleeping Computer

  • In what can be described as the case of both cybersquatting and phishing, threat actors have created a site that imitates the legitimate secure note sharing service privnote.com to steal bitcoins.

Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance — Wired

  • Paul Le Roux, 47 — who faced up to a life sentence after pleading guilty to crimes ranging from methamphetamine trafficking to selling weapons technology to Iran — has been sentenced to 25 years in federal prison.

Targeting U.S. banks, Qbot trojan evolves with new evasion techniques — SC Magazine 

  • By malware standards, the banking trojan Qbot is long in the tooth, but it still has some bite, according to researchers who say it has added some detection and research evasion techniques to its arsenal.

Hackers Trigger Far-Reaching Disruption by Targeting Low-Profile Firm — The Wall Street Journal

  • Small and midsize companies are fighting a rising tide of cyberattacks largely out of public view, posing an underappreciated risk for the bigger companies and institutions that use their services.

Google Alerts catches fake data breach notes pushing malware — Bleeping Computer

  • Fraudsters have begun pushing fake data breach notifications using big company names to distribute malware and scams. They’re mixing black SEO, Google Sites, and spam pages to direct users to dangerous locations.

Exclusive: Massive spying on users of Google’s Chrome shows new security weakness — Bloomberg

  • A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s Chrome web browser, highlighting the tech industry’s failure to protect browsers despite their increasing use for email, payroll and other sensitive functions.

AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever — ZDNet

  • The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.

In Case You Missed It

Cybersecurity News & Trends – 06-12-20

/0 Comments/in /by

This week, SonicWall launched its new SD-Branch capabilities and multi-gigabit SonicWall Switches, bringing cost-effective simplicity and centralized management to the hyperdistributed era.

SonicWall Spotlight

Sonicwall Advances Network Edge Security, Adds Multi-Gigabit Switch Series, Easy-To-Manage SD-Branch Capabilities — SonicWall Press Release

  • To simplify security deployment, management and visibility for organizations with growing branch footprints, SonicWall is introducing new secure SD-Branch capabilities and a complete line of new multi-gigabit switches to cost-effectively scale and manage remote or branch locations.

SonicWall Adds Multi-Gigabit Switches to SD-Branch Portfolio — DevOps.com

  • Dmitriy Ayrapetov, vice president of platform architecture for SonicWall, talks about the new SonicWall Switches and SD-Branch capabilities, and how they centralize management of remote offices.

Seven Factors To Consider When Evaluating Endpoint Protection Solutions — MSSP Alert

  • Attackers are getting craftier when infiltrating secure environments. SonicWall’s Vishnu Chandra Pandey offers several ways to know whether your endpoint protection solution will be able to keep up.

Boundless Cybersecurity for the New Work Reality — SC Magazine

  • With the widespread adoption of remote work, we’ve moved into a hyperdistributed IT landscape. SonicWall’s Terry Greer-King explains how Boundless Cybersecurity can help businesses survive this new business normal.

Cybersecurity News

Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware — ZDNet

  • Researchers set up a tempting honeypot to monitor how cybercriminals would exploit it. Then it came under attack.

Fake Black Lives Matter voting campaign spreads Trickbot malware — Bleeping Computer

  • A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware.

Rate of Ransomware Attacks in Healthcare Slows in H1 2020 — Dark Reading

  • A lower number of ransomware attacks on healthcare entities suggests many threat groups are indeed avoiding targeting them during the current pandemic. But the lull may be short-lived.

Encryption Utility Firm Accused of Bundling Malware Functions in Product — Threat Post

  • A legally registered Italian company is selling what it claims is a legitimate encryption utility, but the service it provides has been a common denominator in thousands of attacks over the past year.

Vulnerability in Plug-and-Play Protocol Puts Billions of Devices at Risk — Dark Reading

  • “CallStranger” flaw in UPnP allows attackers to launch DDoS attacks and scan internal ports, security researcher says.

Environmentalists Targeted Exxon Mobil. Then Hackers Targeted Them. — The New York Times

  • Federal prosecutors are investigating a global hacker-for-hire operation that sent phishing emails to environmental groups, along with thousands of individuals and hundreds of institutions around the world.

Valak malware gets new plugin to steal Outlook login credentials — Bleeping Computer

  • A new module discovered by researchers suggests the authors of the Valak information stealer are increasingly focusing on stealing email credentials.

Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election — The New York Times

  • Fear of the coronavirus is speeding up efforts to allow voting from home, but some of them pose security risks and may make it easier for Vladimir Putin or others to hack the vote.

NATO Condemns Cyberattacks Against COVID-19 Responders — Security Week

  • Over the past couple of months, there has been a surge in attacks targeting those who work in response to the pandemic, prompting NATO to publicly condemn the malicious cyber-activities directed against COVID-19 responders.

In Case You Missed It

Cybersecurity News & Trends – 06-05-20

/0 Comments/in /by

This week, cybercriminals took a more hands-on approach, a new breed of ransomware bided its time, and computers got too hot to handle.

SonicWall Spotlight

Test Platform Leaks Bank Of America Clients’ Covid-19 PPP Loan Applications — SC Magazine

  • Bank of America has disclosed that its third-party test platform briefly exposed Paycheck Protection Program applications to outside parties. According to SonicWall’s Dmitriy Ayrapetov, the leak was due to a rushed effort by the bank to finish the data platform, resulting in holes in its security.

Boundless Cybersecurity For The New Work Reality — SC Magazine

  • The adoption of work-from-home has moved us into a hyper-distributed IT landscape. With 100-percent-remote employees conducting online meetings and connecting via email, mobile and cloud, the perimeter has vanished into a multitude of endpoints spread across the globe.

Cybersecurity News

New Tycoon ransomware targets both Windows and Linux systems — Bleeping Computer

  • A new human-operated ransomware strain is being deployed in highly targeted attacks on small- to medium-size organizations in the software and education industries.

Large-scale attack tries to steal configuration files from WordPress sites — ZDNet

  • In an attempt to steal database credentials, attackers tried to download configuration files from WordPress via old vulnerabilities in unpatched plugins.

‘Scorching-hot hacked computer burned my hand’ — BBC

  • At least a dozen supercomputers across Europe had to be shut down last week due to cryptojacking attacks. One individual found out the hard way that his was one of them.

USBCulprit malware targets air-gapped systems to steal govt info — Bleeping Computer

  • The newly revealed USBCulprit malware is designed for compromising air-gapped devices via USB.

Cybersecurity warning: Hackers are targeting your smartphone as way into the company network — ZDNet

  • Campaigns targeting smartphones have risen by a third in just a few months, many with the end goal of opening a portal to corporate networks.

Denial of service attacks against advocacy groups skyrocket — Cyberscoop

  • A new report suggests that advocacy sites are being targeted at a rate more than four times that of U.S. government websites such as police and military organizations.

Ransomware gang says it breached one of NASA’s IT contractors — ZDNet

  • DopplePaymer ransomware gang claims to have breached DMI, a major U.S. IT and cybersecurity provider and a NASA IT contractor.

Anonymous, aiming for relevance, spins old data as new hacks — Cyberscoop

  • The group is trying to use the nationwide protests to draw attention to data that was stolen years ago.

Apple fixes bug that could have given hackers full access to user accounts — Ars Technica

  • Sign In With Apple — a privacy-enhancing tool that lets users log in to third-party apps without revealing their email addresses — just fixed a bug that made it possible for attackers to gain unauthorized access to those same accounts.

Suspected Hacker Faces Money Laundering, Conspiracy Charges — Bank Info Security

  • According to the U.S. Department of Justice, a New York City man is facing federal charges after being arrested at John F. Kennedy Airport with a PC allegedly containing thousands of stolen credit card numbers.

An advanced and unconventional hack is targeting industrial firms — Ars Technica

  • Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time — Threat Post

  • Microsoft has warned of a new breed of “patient” ransomware that lurks in networks for weeks before striking.

In Case You Missed It

Cybersecurity News & Trends – 05-29-20

/0 Comments/in /by

This week, a lot’s been up—including data loss, ransom demands, white-hat bounties, VPN sales and more.

SonicWall Spotlight

Test Platform Leaks Bank of America Clients’ COVID-19 PPP Loan Applications — SC Magazine

  • BoA said the platform was designed to test application submissions of to the Small Business Administration — but the company soon realized client docs could be viewed by other lenders and third parties.

SonicWall’s Labs Threat Research Team Spot fake Aarogya Setu App Carrying Spyware Components — CRN India

  • After the Covid-19 tracking app reached five million downloads within its first three days, it became a target for malware creators. According to SonicWall Labs Threats research team, fake Aarogya Setu apps containing spyware are now in circulation.

New Ransomware Is Spreading That Charges $1,300 In Bitcoin — Decrypt

  • SonicWall researchers have discovered a new ransomware called Instabot that asks for ransom in bitcoin—and includes video instructions and a step-by-step manual to “help” victims comply.

Cybersecurity News

Israeli cyber chief: Major attack on water systems thwarted – The Washington Times

  • According to Israel’s national cyber chief, the country has thwarted a major cyberattack against its water systems, and it’s believed that Iran is behind it.

Ransomware’s big jump: ransoms grew 14 times in one year – Bleeping Computer

  • Ransomware has become one of the most insidious threats in the past few years, and the demands continue to climb: According to Bleeping Computer, ransom demands for more than $1 million are no longer rare.

Data Loss Spikes Under COVID-19 Lockdowns – Dark Reading

  • Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their effectiveness.

DHS’s cyber division has stepped up protections for coronavirus research, official says – Cyberscoop

  • “I just want you to know that we have stepped up our protections of HHS and CDC,” Bryan Ware told industry representatives Friday.

New Octopus Scanner malware spreads via GitHub supply chain attack – Bleeping Computer

  • Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems.

Hong Kong demand for VPNs surges on heels of China’s plan for national security laws – Reuters

  • Demand for virtual private networks in Hong Kong surged more than six-fold last Thursday as Beijing proposed tough new national security laws that some say could impact internet privacy.

States plead for cybersecurity funds as hacking threat surges – The Hill

  • Cash-short state and local governments are pleading with Congress to send them funds to shore up their cybersecurity as hackers look to exploit the crisis by targeting overwhelmed government offices.

$100 million in bounties paid by HackerOne to ethical hackers – Bleeping Computer

  • Bug bounty platform HackerOne announced that it has paid out $100,000,000 in rewards to white-hat hackers around the world.

‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find – Cyberscoop

  • According to researchers, a notorious group of suspected Russian hackers have used a revamped tool to spy on governments in Eastern Europe and quietly steal sensitive documents from their networks.

Ransomware deploys virtual machines to hide itself from antivirus software – ZDNet

  • The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.

In Case You Missed It