Posts

Cybersecurity in the Fifth Industrial Revolution

Participate in a discussion about the impacts of rapid changes on society and businesses, pushing new development of better and more effective cybersecurity.

Think about your life without computers and other digital devices we now take for granted. If you took inventory, how many devices are in your business, at your home and on your person right at this moment? Now consider the experience of earlier generations; their entertainment, travel, communication, and even simple things like reading a newspaper or a book.

Industrial Revolutions change lives and produce excellent opportunities for growth for individuals and society. We have experienced five so far, with the first starting around 1750 and the fifth rolling out only a few years ago. So, we’re very well experienced in recognizing their implications and absorbing their benefits as well. We’re also experts in evolving from the enormous disruptions they bring.

First and Second Revolutions: The Evolution of Industries

The First Industrial Revolution was the harbinger of a massive wave of innovation. Factories sprung up in major cities, and people began producing more products than ever before. But as productivity increased, the number of jobs decreased, and the living standards of specific segments of society fell hard. Eventually, society (and economics) filled in with new jobs that serviced fledgling heavy industries. Companies needed more skilled workers to build the machines that made more machines. As a result, high-paying jobs returned, and society recovered.

But then came the Second Industrial Revolution, also known as the Technological Revolution, because it ushered in a phase of rapid scientific discovery and industrial standardization. From the late 19th century through much of the early 20th, mass production transformed factories into conveyors of productivity. As a result, while we endured a new phase of job losses and societal upheavals, we also saw the rise of highly skilled workers and higher-paying jobs that afforded better homes and greater mobility.

Third and Fourth Revolutions: The Evolution of Modern Society

The Third Industrial Revolution began in the later parts of the 20th century as the need for better automation triggered the advent of electronics, then computers, followed by the invention of the Internet. Technological advancements began fundamental economic transformation and, along with it, greater volatility. In addition, new methods of communication converged with rapid global urbanization and new energy regimes such as renewable sources.

Then came the Fourth Industrial Revolution, which some argue ended just before the pandemic. The blaze of technological advancements from the previous period facilitated the introduction of personal computing, mobile devices and the Internet of Things (IoT) – developments that forced us to redefine the boundaries between the physical, digital, and biological worlds. Advancements in artificial intelligence (AI), robotics, 3D printing, genetic engineering, quantum computing, and other technologies added to social pressures that blurred traditional boundaries to the point of confusion.

The Fifth Industrial Revolution: Societal Fusion

Many global thinkers believe we are in the throes of a Fifth Industrial Revolution (also “5IR”) that inaugurated new metrics for productivity that go beyond measuring the output of humans and machines in the workplace. We are witnessing a fusion of human abilities and machine efficiencies in this context. The physical, digital and biological spheres are now interchangeable and intertwined. So, it’s not just about connecting people to machines but also about connecting devices to other machines, all in the name of human creativity and productivity.

One remarkable aspect of 5IR is that it is happening at an unprecedented rate. For example, accelerated by the COVID pandemic, remote network and wireless communication saw an enormous surge as Work-From-Home became a permanent fixture for the Western workforce; thus, workplace and home were fused. And along with that fusion came education and home. But other fusions are more challenging to discern, such as information and misinformation, news and propaganda, political action and terrorism, and so on, which leads us to the fusion between crime and cybersecurity.

Learn and Explore the Impacts of the 5IR and Cybersecurity

Interestingly, a very high percentage of successful ransomware hits are due to people bypassing or ignoring cybersecurity protocols simply because they don’t believe they could ever become a victim. Unfortunately, the same can be said about organizations that have not yet prioritized updating their security technology. Many owners and managers don’t understand the threats and think that ransomware only happens to bigger companies. Current threat reports prove that the impulse to avoid and dodge better cybersecurity is incorrect, and that’s the part that we’re struggling with the most.

The $10.5T question (est. cost of cybercrime per year by 2025) is how much effort we will expend to correct this trend. Cybercrime is one of the most complex byproducts of our “revolutions.” As a result of the surge in new threats, technology and behavior is rapidly evolving. Taking responsibility and deploying new cybersecurity technology will help us mitigate today’s risks.

Book your seat to learn more during our next MINDHUNTER #9 episode in June.

Cybersecurity News & Trends

Cybersecurity News & Trends

This week, SonicWall emerged with excellent “in the news” quotes and citations. Note the articles about “AI-Powered Ransomware.” Industry news produced findings about Bluetooth vulnerabilities that could shake the consumer markets from automotive to home security. The Justice Department says that it will no longer prosecute “good faith researchers” who hack software and devices to find vulnerabilities. The US government is also reportedly remanding government agencies slow to fix bugs that hackers are currently exploiting. The Costa Rican government reports that Russian hacking cartels are attacking their agencies and infrastructure. Finally, leave it to the Bank of Zambia to come up with a creative way to troll hackers. Stay safe and remember that cybersecurity is everyone’s business.

SonicWall News

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Ransomware is already out of control. AI-powered ransomware could be ‘terrifying.’

Protocol, SonicWall in the News: Currently, ransomware attacks are often very tailored to the individual target, making the attacks more difficult to scale, Driver said. Even still, the number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well. The percentage of affected organizations that agreed to pay a ransom shot up to 58% in 2021, from 34% the year before, Proofpoint has reported.

Finalists: Security Executive of the Year

SC Magazine, SonicWall in the News: Bill Conner has been named a finalist In the Best Security Executive of the Year by SC Magazine. Executives recognized in this category are the veterans and perennial influencers in the cybersecurity development community, with a history of leadership in companies that have their pulse on the needs of users and have a proven track record in delivery of products and services that meet the requirements of businesses large and small.

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

AI + ransomware = “terrifying”

Protocol, SonicWall in the News: The number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well.

Industry News

Vulnerabilities Found in Bluetooth Low Energy Devices

TechRepublic: A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cybercriminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate the user near the device. Researchers were able to fake the authentication, which could affect everyone, from the average consumer to organizations seeking to lock the doors to their premises.

This issue is believed to be something that the industry can’t easily patch since it is more than a simple error in Bluetooth specification. Moreover, the flaw could be an exploit that could affect millions of people. According to NCC Group experts cited in the article, BLE-based proximity authentication was not originally designed to be used by critical systems such as locking mechanisms in smart locks.

To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”

According to the cybersecurity company, these Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that hackers can easily break with cheap off-the-shelf hardware. As a proof of concept, it was found by Khan that a link-layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. According to the report, the following device categories are vulnerable:

  • Cars with automotive keyless entry
  • Laptops with Bluetooth proximity unlock feature
  • Mobile phones
  • Residential smart locks
  • Building access control systems
  • Asset and medical patient tracking

One of the specified vehicles affected by this exploit is the Tesla Models 3 and Y.

Justice Dept. Says ‘Good Faith Researchers’ No Longer Face Hacking Charges

Washington Post: On Thursday, the U.S. Justice Department stated that it would not use its country’s anti-hacking law to prosecute cybersecurity researchers trying to find security flaws. This is a move that both protects and validates a practice still vilified by many officials and companies.

Top Justice officials issued a five-page policy statement to federal prosecutors. They said that local U.S. Attorneys should not be charged when “good faith” researchers exceed “authorized” access. This vague phrase is from the 1986 Computer Fraud and Abuse Act, interpreted as covering routine practices such as automated downloading of Web content.

TechCrunch also reported that the DoJ stated that “good-faith research” includes anyone who conducts their activity “in a manner designed to avoid harm to individuals and the public.” It also concludes that such information “primarily promotes the security or safety the class of devices or machines to which the computer belongs, as well as those who use such machines, devices, or services.”

Computer Fraud and Abuse Act (or CFAA) was enacted into law in 1986 and predate the modern internet and current cyber threats. Federal law defines computer hacking, specifically “unauthorized” access to a computer system. However, the CFAA has been criticized over its vague and outdated language, which fails to distinguish between malicious actors who (for example) extort companies and good-faith researchers who work to uncover vulnerabilities before people are exploited by them.

US Officials Order Government Agencies to Fix Serious Software Bugs

CNN: US cybersecurity officials on Wednesday ordered all federal civilian agencies to fix flaws in widely used software that officials said foreign government-linked hackers are likely moving to exploit.

“These vulnerabilities pose an unacceptable risk to federal network security,” US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said.

The “emergency directive” from CISA gives agencies five days to either update the vulnerable software or remove it from their networks. However, the directive does not apply to the Pentagon computer networks, not under CISA’s jurisdiction. The vulnerabilities are in a type of software made by VMware, a California-based technology giant whose products are widely used by the US government.

VMware, on April 6, issued a fix for the software flaws, which could allow hackers to access computer files and burrow further into a network remotely. Within two days of the fix’s release, hackers had figured out a way to break into computers using the vulnerabilities, according to CISA. Then, on Wednesday, VMWare released software updates for newly discovered vulnerabilities that CISA has ordered agencies to address.

The agency did not identify the hackers or what systems they had targeted.

Russian Hacking Cartel Attack Costa Rican Government Agencies

New York Times: A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

The ransomware gang Conti, based in Russia, claimed credit for the attack, which began on April 12, and threatened to leak the stolen information unless it was paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to Central and South American countries, perhaps to retaliate against nations that have supported Ukraine.

Some experts also believe Conti feared a crackdown by the United States and sought fresh targets, regardless of politics. According to estimates from the Federal Bureau of Investigation, the group is responsible for more than 1,000 ransomware attacks worldwide that have led to earnings of more than $150 million.

The BBC also reports that the Costa Rican Treasury told civil servants that the hack had affected automatic payment services. It warned that they would not be paid on time and would need to apply for their salaries by email or on paper by hand.

The ministry said: “Due to the temporary downturn of the institutional systems, the service of issuing certificates regarding the amounts of salaries owed to the civil servants of the Central Administration is suspended.

“All applications received via email or in the windows of the National Accountancy will be attended to once systems are restored.”

According to the government, the attacks also affected its foreign trade by hitting its tax and customs systems.

‘Security researchers’ make $800k in prize money for Hacking Windows 11

PCGamer: Contestants in a hacking contest have netted over $800K in prize money after finding exploits in Windows 11, Microsoft Teams, and other enterprise software on the first day. During this 15th annual Pwn2Own Vancouver hacking competition, the teams discovered 16 zero-day bugs on multiple products like Firefox, Oracle Virtualbox, Windows 11, and other popular enterprise software.

Pwn2Own Vancouver 2022 is a three-day-long hacking competition sponsored by Microsoft, Zoom, and other big tech companies. Teams of hackers or ‘security researchers’ attempt to find zero-day vulnerabilities in their software for prize money.

Think of it like bug bounties except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker could discover. The software makers aren’t already aware; there’s no patch, and the attack will likely succeed. Known bugs or exploits are not valid for rewards.

National Bank of Zambia Hit by Ransomware Then Trolls Hackers

Bleeping Computer: Leave it to the executives at the Bank of Zambia to leave us grinning. After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear to the hackers that they were not going to pay – by posting a picture of male genitalia and telling the hackers to s… (and here, you’ll have to fill in the colorful language they used).

Last week, the Bank of Zambia, the country’s central bank, disclosed that recent technical outages resulted from a cyberattack. While the Bank of Zambia did not disclose the details of the cyberattack, BleepingComputer learned that the attack was conducted by the Hive ransomware operation, which claimed to have encrypted the bank’s Network Attached Storage (NAS) device.

Today, Bloomberg reported that the Bank’s Technical Director, Greg Nsofu, said they had protected the bank’s core systems, so it was unnecessary to engage with the threat actors.

In Case You Missed It

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends

Cybersecurity News & Trends

It was another busy week with several news outlets quoting the 2022 SonicWall Cyber Threat Report. Other stories mention SonicWall corp, its products and services and one recognized CRN Channel awards for three women from SonicWall’s field marketing team. In global cybersecurity news, Krebs’ ongoing coverage of hackers using fake Emergency Data Requests (EDRs) escalated into a DEA investigation. The Republic of Korea just became the first Asian country to join NATO’s cybersecurity group, much to the chagrin of the People’s Republic of China. India’s new CERT-IN breach reporting requirements are bumping against growing resistance from businesses and organizations. In California, a data provider for the State Bar accidentally released private and potentially damaging information about some of its member attorneys. MyNurse patient data tracking service is closing its doors after a severe data breach. Log4Shell exploits are resurfacing with new threats to the tranquility of enterprise data lakes and potentially devastating AI poisoning. And 157-year-old Lincoln College is closing its doors – apparently succumbing to the COVID pandemic and a catastrophic cyberattack.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

WannaCry’s Ghost Is Still Wreaking Havoc Five Years On

ITPro (UK), SonicWall in the News: In an article about the 5th anniversary of WannaCry: SonicWall is one such company still tracking WannaCry, although other firms tell IT Pro they have decided to stop monitoring the strain, given the worst of it is over. We may not have seen the same level of destruction as sustained five years ago, but detections remain high.

Most Brazilian Companies Don’t Pay to Get Data Back After Ransomware Attacks

ZDNet, Threat Report Mention: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall earlier this year. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks.

New Report Paints Boston As Burgeoning Cybersecurity Hub

Bostinno/Boston Business Journal, Threat Report Mention: The world saw a 105% surge in ransomware cyberattacks last year, according to the most recent SonicWall cyber threat report.

The Rising Risk of Ransomware Attacks on Organizations and How to Mitigate it

Security Review, Threat Report Mention: According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List

SonicWall Blog, SonicWall in the News: SonicWall is thrilled to share that CRN, a brand of The Channel Company, has named three global channel team members on CRN’s 2022 Women of the Channel List. SonicWall’s Sr. Director, Global Field Marketing Nicola Scheibe; Sr. Channel Account Manager Terra Paisley; and Sales Manager Misty Warhola were included on the annual list, which honors the incredible accomplishments of female leaders in the IT channel.

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: “The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Industry News

DEA Investigating a Breach of Law Enforcement Data Portal

Krebs on Security: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports hackers gained unauthorized access of an agency portal that taps into 16 federal law enforcement databases. KrebsOnSecurity claims that it discovered that the alleged compromise was tied to an online harassment and cybercrime community that routinely impersonates government officials and police officers to obtain personal information. Krebs has been following this topic closely, as reported in previous posts of Cybersecurity News & Trends.

KrebsOnSecurity shared information regarding the allegedly hijacked account to the DEA, Federal Bureau of Investigation (FBI) and the Department of Justice (which houses both agencies). However, the DEA refused to provide details on the validity of the claims.

The Republic of Korea is the First Asian Country to Join NATO’s Cyber Research Center

Numerous news agencies are covering a fresh story about the Republic of Korea joining the NATO cybersecurity group known as the Cooperative Cyber Defense Center of Excellence. (CCDCOE). According to The Korea Times, the state intelligence agency of Korea announced Monday that there was a flag-raising ceremony in Estonia to commemorate Korea’s participation. The CCDCOE operations are based in Tallinn (Estonia), Canada, Luxembourg, and Luxembourg. The group was created in 2008 by NATO members in response to crippling cyberattacks in Estonia committed by Russian cyber gangs. CCDCOE now boasts 32 nation members, including 27 NATO members that sponsor it, plus five contributors, including Korea, according to ZDNet.

The South China Morning Post reports that although the cybersecurity group operates independently from NATO, Chinese military analysts claim that Beijing is concerned by the development. The People’s Republic of China sees the move as an expansion of the NATO defense alliance and a threat to Chinese security interests.

Russia used the military alliance’s eastern expansion to justify its invasion of Ukraine. Government leaders in Beijing consider Moscow’s claim as a legitimate security concern. Ni Lexiong, a Shanghai-based military analyst, said that China views NATO as overbearing and that Korea’s decision to join the center is “definitely not in China’s best interests.”

Industry Rebuffs India’s Data Security Breach Reporting Requirements

The Register: Opposition to India’s new rules for reporting computer security breaches grows. The rules were introduced in late March by the government-run CERT-In. This team has responsibility for incident management.

CERT-In requires Indian organizations to report more than 20 types of cybersecurity incidents within six hours of discovering them. In addition, it ranks ransomware attacks, detections of malicious network probes, and hijacking social media accounts all on the same level.

Other requirements include the retention and capture of VPN users’ personal data and IP addresses. The government gave Indian organizations only 60 days to ramp for compliance. The organizations say that these requirements are difficult to meet because they affect large entities such as data center operators and that some incidents happen daily.

California State Bar: 1,300 Attorneys Identified in Massive Data Breach

OC Register: California’s State Bar has begun notifying thousands of attorneys whose names were found in 322,525 confidential records of proceedings for member discipline. The breach occurred in February. According to the State Bar, it will reach out to 1,300 respondents, witnesses, and complainants whose names are contained in 1,034 supposedly confidential records. The State Bar will also contact those named in records but were not published.

Public records aggregator Judyrecords published the documents. They remained online between October 2021 and February 2022. Southern California News Group first reported the breach. According to the report, the breach was not the result of malicious hacking but rather a security flaw in the State Bar’s Odyssey Portal that Texas-based Tyler Technologies operates. As a result, the confidential records were unintentionally swept up and published by Judyrecords. The portal vulnerability was fixed, and access to the public records of the State Bar Court was restored while the records search function was still disabled on Judyrecords. The website administrator stated in a note that the portal glitch enabled users to access court cases in various jurisdictions in California, Georgia, Kansas and Texas.

MyNurse Shuts Down After Data Breach Exposes Health Records

TechCrunch: MyNurse stated in a data breach notice that it had decided to close its business because of a “data security incident” but didn’t give a reason. The company stated that it began notifying patients affected on April 29, more than seven weeks after the breach was discovered. MyNurse is a startup in healthcare that offers remote monitoring and chronic care management. It reported a data breach that exposed the personal health information of its users.

Salusive Health was the startup that launched the service. The company later filed a data breach notification with the California attorney general’s office stating that it discovered a breach in early March. An unauthorized individual had accessed its protected health data. Patients’ financial, demographic and health information were all accessed. This included names, dates of birth, phone numbers, and dates of birth, including medical histories, diagnosis, treatments, prescriptions and information about health insurance and policies.

Log4Shell Exploit Resurfaces, Threatens Enterprise Data Lakes, AI Poisoning

Dark reading: Enterprise data pools are growing as more organizations embrace AI and machine learning. However, this makes them vulnerable to exploitations of the Java Log4Shell vulnerability. With a view to privacy, organizations are focused on ingesting data points that they can use to train an AI or algorithm. However, too many times, the operators neglect the security of data lakes.

Research has shown that triggering the log4Shell bug is relatively easy once the code is ingested into a target database or repository via a pipeline. Furthermore, such a strategy bypasses traditional safeguards such as application firewalls, sandboxing and other traditional scanning services.

Like the original attacks on the Java Log4j library exploiting a single string, it is only necessary to extract the text. However, researchers say that an attacker could embed the string in a malicious big data file payload to create a shell within the data lake and launch a data poisoning attack. The difficulty of detection is even more significant because the big-data file containing the poison payload can often be encrypted or compressed.

Lincoln College Shuts Down After 157 Years. Blames COVID-19, and Cyberattack

NPR: Lincoln College was not destroyed by the 1918 influenza pandemic. The Great Depression and World War II didn’t help the school, yet it survived. The school was able to withstand a major fire, other economic hardships and many serious threats. Unfortunately, the college will close for good this spring due to two modern blights: the COVID-19 pandemic and a cyberattack.

This is a remarkable turnaround for the small, private school in Illinois that has hosted thousands of first-generation college students and received federal recognition as a predominantly Black institution.

Lincoln College saw record enrollments in fall 2019, filling all its dormitories. The pandemic struck as it did around the globe, disrupting campus life and making it difficult for the school to raise funds and recruit new students. The school had to set aside cash reserves for new technology and safety precautions. In December 2021, ransomware attacked the school, stopping admissions and preventing access to all data.

CBS News reported the fall enrollment had dropped sharply to just a fraction of what was required to sustain operations by the time that the school gained access to its computer systems nearly four months later. In March, the school announced its decision to close. Former and current students felt betrayed by the school, which had provided them with opportunity and refuge from uncertain situations.

In Case You Missed It

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Cybersecurity News & Trends

Cybersecurity News & Trends

More hot news for SonicWall with lots of coverage for the 2022 SonicWall Cyber Threat Report and the astounding five consecutive perfect results in third-party certification tests (100% detection and zero false positives). In global cybersecurity news, security experts recently gained significant data that is already illuminating the inner workings of ransomware gangs based in Russia and elsewhere. Just in time too with the return of Emotet, “the most dangerous malware in the world.” Krebs dropped a report about Russia using “tech-savvy” prisoners for the benefit of Russian corporations. And finally, a stunning story about Chinese hackers who have (so far) stolen “trillions” in intellectual property from 30 multinational companies.

SonicWall News

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

How To Be Proactive in The Face of Growing Cyber Threats

Security Magazine, SonicWall Threat Report Mention: SonicWall reported that in 2020, the number of malware variants detected grew by 62%. Identity, email, endpoint security and antivirus are all important, but they are not enough.

A Cybersecurity Stock with Monster Tailwinds

Guru Focus, SonicWall Threat Report Mention: With the rising price of cryptocurrency, this has caused these types of attacks to increase in popularity from 66,000 cases in 2020 to 436,000 in the UK alone, according to data from SonicWall.

Negate The Quantum Cyber Threat to Safely Unlock the Potential of Quantum Computers

Inside Quantum Technology News, SonicWall Threat Report Mention: Ransomware, encrypted threats and cryptojacking are just a few attack methods found to have significantly increased in number over the past year, according to SonicWall’s 2022 Cyber Threat Report.

Ransomware Hits 2 Colleges at Semester’s End. What Can Others Do?

Higher Ed Dive, SonicWall in the News: Ransomware attacks doubled worldwide and in North America last year, according to a recent report from SonicWall, a cybersecurity firm. And software company Emsisoft said at least 26 U.S. colleges and universities were hit with ransomware last year.

Cyberattacks Growing in Frequency, Severity, and Complexity

Triple I Blog, SonicWall in the News: In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

Cyber Prevention or Mitigation… Why Can’t It Be Both?

IDG Connect, SonicWall in the News: As it stands, ransomware remains the biggest threat to organisations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, a 105% increase compared to the previous year.

SonicWall Capture ATP Once Again Receives the Highest Score in the ICSA Labs Test

InfoPointSecurity (Deut), SonicWall in the News: SonicWall has received an astonishing five consecutive perfect results in the test against some of the most unknown and rigorous threats – unprecedented performance among the tested providers, said Bill Conner, President and CEO of SonicWall.

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: “But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.”

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

Industry News

Experts Analyze Conti and Hive Ransomware Gangs’ Chats with Their Victims

Hacker News: A four-month analysis of chat logs that spans more than 40 conversations between Conti and Hive ransomware operators and victims is giving cybersecurity analysts new insights into the inner workings of negotiations. One exchange claims that the Conti Team significantly decreased ransom demand from $50 million to $1million, a 98% drop. This suggests a willingness to settle with a lower amount.

The report explains that both Hive and Conti are quick to lower ransom demand, routinely offering substantial decreases multiple times during negotiations. It shows that ransomware victims have at least some negotiating power, contrary to popular belief.

Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three months between October and December 2021.

Conti Ransomware Source Code Leaked on Twitter Out Of Revenge

Bleeping Computer: After the much of the people behind the Conti Ransomware operation supported Russia in the invasion of Ukraine, a Ukrainian researcher called ‘ContiLeaks’ decided to leak source code and data belonging to the ransomware group as his revenge. The leaked source code was a modified version of the Conti ransomware operations, according to the report.

The researcher also published nearly 170,000 chat messages between Conti ransomware gang members last month. These conversations, spanning 2021 and part of 2022, illuminates the operational processes, their activities, how members are involved, and even some insight into organizational structure and the distribution of money.

The researcher leaked the Conti ransomware source code on September 15, 2020. Although the code was quite old, it enabled researchers and law enforcement to understand the malware’s workings better. He then leaked Conti version 3 with a last mod date of January 25, 2021.

Washington Post also noted that thanks to the leaks, authorities now have a better picture of cybercriminals’ personalities, quirks, and habits that have run rampant over U.S. institutions. It also shows how Russia’s invasion of Ukraine has split some criminal gangs.

Emotet is Back From ‘Spring Break’ With New Nasty Tricks

Threat Report: Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. According to recent research, that new approach includes more targeted phishing attacks, unlike the previous spray-and-pray campaigns.

According to a Tuesday report, Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success.

Emotet, once dubbed “the most dangerous malware,” is being leveraged in its most recent campaign to deliver ransomware. For years, those behind distributing the malware have been in law enforcement’s crosshairs. In January 2021, authorities in Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States worked together to take down hundreds of botnet servers supporting Emotet as part of “Operation LadyBird.”

Bleeping Computer also reported that the Japan CERT had released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. The new 64-bit loader and stealer versions make existing detections less useful. Furthermore, the EmoCheck tool could no longer detect the new 64-bit Emotet versions with this switch. Last week, JPCERT released EmoCheck 2.2 to support the new 64-bit versions and can now catch them, which is safely downloadable from Japan CERT’s GitHub repository.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security: Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic and commercial companies.

Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businesspeople in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.

Khabarov told Russian media outlets that under the proposal, people with IT skills at these facilities would labor only in IT-related roles but would not be limited to working with companies in their own region.

The 10 Largest Data Breaches Ever Reported in Healthcare

Beckers Hospital Review: Data breaches in healthcare can cause widespread damage, including the loss of medical records, financial losses for the organization, identity theft and fraud, lawsuits, and a loss of patient trust. Now the industry is more at risk of severe cyberattacks than ever before. The report goes on to list the biggest data breaches ever reported. The story was also reported by Pulse Headlines.

Chinese Hackers Took Trillions in Intellectual Property From About 30 Multinational Companies

CBS News: A yearslong malicious cyber operation spearheaded by the notorious Chinese state group, APT 41, has siphoned off estimated trillions of dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

The story was chiefly compiled by cybersecurity firm, Cybereason, and reveals a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia.

The report explains that the intellectual property stolen includes blueprint diagrams of fighter jets, helicopters, missiles, and drugs around diabetes, obesity, and depression. But, the worst part, the campaign reportedly has not yet been stopped.

In a related story reported by The Hacker News, the China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. The group has targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.

In Case You Missed It

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Four Cybersecurity Actions to Lock it All Down

Recognizing 2022 World Password Day, here are four countermeasures to keep you safe from malware and ransomware. Time to level up!

You are not paranoid; cybercriminals really are trying to hack your security and steal your information. And the proof is in the numbers.

According to the 2022 SonicWall Cyber Threat Report, there were 623 million ransomware attacks globally, a 105% increase over 2020. There was also a sharp triple-digit increase in encrypted threats, rising to an astounding 10 million attacks. And as if you didn’t have enough to worry about, cryptojacking is on an upswing with 97 million incidents recorded, a 19% increase year-over-year.

Some people may choose to ignore the data and throw caution to the wind. If they’re lucky, a hack will be a minor inconvenience, and their anti-virus software will stop the malware before it can cause serious damage. However, if they’re among the growing thousands of victims each year, hackers will force them to pay a ransom for their precious data, steal their identity or just wipe out their devices completely.

And you wonder, what could be worse?

One hack of a single individual can lead to a cascade of hacks and much larger problems. For instance, hackers can break into your personal computer without you knowing it, add malware to one of your devices that unpacks wherever you go, bypassing firewalls and other security, straight into your home network, friend’s home, the library, and your workplace.

We all could stand to be a little more careful. A “cybersecure mindset” protects you, your devices, and your data and everywhere you connect your devices. So, when we say, “Be Cyber Smart and Lock It Down,” what we mean is taking personal responsibility for not only how you connect but also actions you take to keep yourself secure.

Here are FOUR COUNTERMEASURES that everyone can use to level up and lock it down:

1.    PROTECT yourself.

Start with passwords and lockdown your devices, software and information with strong ones that protect you from becoming an easy hack. There are some basic rules for good passwords. The first is the length – a minimum of 14 characters but 16 is better, with a mix of uppercase and lowercase letters, plus numbers: security experts recommend at least 4 non-repeating numbers. And don’t forget symbols (ex: @ # $), at least one but two is better. Check with your service provider; they may have specific requirements like the length and number, and type of symbols. One very important rule: ensure that your passwords are unique for each use. Avoid obvious sources like your address, recognizable names, dates, and phone numbers. Avoid any information that someone may learn by reading your social media profiles. Another important rule, USE YOUR PASSWORDS and turn on two-step authentication (2FA) wherever you can. Many phones allow biometric recognition to validate you and simplify logging in for each access. There’s more to know about passwords, check out this article we found from Help Net Security.

2.    PROTECT your personal identification.

Privacy is a matter of personal choice. We want to open some things for the sake of convenience (shopping and health apps, for instance). However, the privacy settings you set on your devices and apps could also open you up to hacks. Being “smart” about your cybersecurity means knowing how hackers attack devices and steal information from open apps. It also means being aware of where your personal information winds up. Security experts recommend that you set your privacy settings based on actual need for specific tasks. For instance, change your privacy settings when conditions change, like when traveling or using public networks (e.g., coffee shop Wi-Fi, more on that later).

3.    PROTECT your data.

Maybe it seems obvious, but your data (photos, reports, accounting, proprietary documents) are your most vulnerable possessions. We also want to take extra care of our social security numbers, bank accounts, and credit card numbers. And all of that is at risk when we leave it in open apps (no password) or send it on unencrypted emails. So please keep it safe and LOCK IT DOWN! And be very wary of phishing campaigns. Hackers use any means they can to break into your devices and network. For example, they’ll spoof organizations you trust, friends, family members, co-workers, or even your boss. Phishing messages can come by email or phone text. Some of these messages look very authentic. We’ll go into more detail about how to detect phishing messages in another post, but you can make a personal policy to never share private information via email or text with anyone.

4.    PROTECT your devices.

If you didn’t know already, public Wi-Fi hotspots are not secure. Unfortunately, that means the public hotspots at your favorite coffee shop, restaurants, shopping malls, libraries, and especially airports. With minimal knowledge and equipment, hackers can scan unencrypted data streams that contain passwords and account information that you send and receive. Several years ago, scammers took it further and created elaborate spoof Wi-Fi networks with name and branding marks similar to what people expected. However, there are several things you can do to lock it down:

  • Turn off the Wi-Fi auto-connect feature on your devices. Turn it back on when you need it and choose the networks you want to use.
  • Use secure wireless networks that have WPA or WPA2 password protection. Unfortunately, these are uncommon for places like the local coffee shop or the airport, so they may be challenging to find.
  • Install mobile security software with malware and virus detection for laptops, pads, and phones. You may also install a VPN (a virtual private network) that encrypts your data stream even if the Wi-Fi network does not.

Do what it takes to adopt a Cybersecure Mindset.

Remember that when it comes to cybersecurity, the human element can be the strongest or weakest point in the armor.

Human behavior is without doubt the biggest culprit in IT security incidents. This is evident in email phishing. It deceives people into clicking on malicious links or attachments. This makes it difficult to distinguish between legitimate emails and potential threats. According to a study by Myers-Briggs, a research company based in the UK, 80% of companies believe human factors, such as mistakes or leniency with login security, are a major cause of cybersecurity risk. Therefore, it is vital that we do what it takes to adopt a ‘cybersecure mindset’ to protect our homes, communities and our workplaces.

Being aware is not being paranoid; it recognizes that cybercriminals really are trying to hack our security, steal our property, and do us great damage.

#BeCyberSmart

Cybersecurity News & Trends

Cybersecurity News & Trends

This week, SonicWall is on a winning streak with another strong showing in general news and industry press. There were continued mentions of the 2022 SonicWall Cyber Threat Report, new product reviews, and partner news. In industry news, the Tenet healthcare network suffered a cyberattack that disrupted operations at two hospitals in Palm Beach, FL. While cyberattacks rage in Ukraine, US Intel warns of fresh attacks on US targets by state-sponsored cyber gangs from China, Russia, and North Korea. Krebs is following a developing situation where hackers are using fake Emergency Data Requests (EDRs) to gain fraudulent law enforcement actions that can compromise companies and agencies. Meanwhile, JPMorgan is getting sued for a hack, the US State Department antes $10M for information about Russian hackers, the malware loader Bumblebee is loose, and experts examine predictive analytics for cybersecurity.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

SonicWall Virtual Firewall Tested and Certified in AWS Public Cloud – Ideal for Distributed Networks

Markets Insider, News: SonicWall today announced a new report by The Tolly Group, which detailed the testing and analysis of the performance of the SonicWall NSv 470 virtual firewall. Using Keysight’s CyPerf cloud-native testing solution to provide the test infrastructure for standardized, repeatable performance tests, Tolly benchmarked the throughput and connection performance of the virtual firewall in Amazon Web Services (AWS).

For Over 30 Years, Jeff Dann Has Had the People, Process, And Technology To Ensure Their Customers Are Protected

MSP Success, Threat Report Mention: SonicWall reports there were 304.7 million ransomware attacks, 51.1 million crypto-jacking attacks, and 32.2 million IoT malware attacks in 2021. The report states that attackers targeted web applications with financial and personal information for a big payday.

The Industry Takes Stock of Cyberattacks In Hawaii

Pacific Inno, News: Each year, the SonicWall Cyber Threat Report uncovers insights extracted from global cyberthreat data collected and analyzed by expert researchers. SonicWall calls its report “the world’s most quoted ransomware threat intelligence,” and it is an annual snapshot of the threat landscape, helping business and government leaders make informed decisions about cybersecurity.

Learn how NLP Can Help to Understand the Cyber-Exposure And The Silent Cyber

Intelligent Insurer, Threat Report Mention: Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% year on year, according to security vendor SonicWall. The firm reports an 1,885 percent increase in attacks on government targets, healthcare (755 percent), education (152 percent) and retail (21 percent).

Cyber Threats to Media Companies Are on The Rise

E&P, Threat Report Mention: Reporter Amiah Taylor explained ransomware research by SonicWall, an internet cybersecurity company, and its 2022 Cyber Threat Report, which offers some alarming statistics about ransomware attacks, in particular governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

How To Choose the Best VPN For Security and Privacy

CSO Magazine, Product Mention: For example, SonicWall’s Mobile Connect supports Ping, Okta and OneLogin identity providers.

Privacy Coin Monero’s Use in Ransomware Fuels Growing Security Concerns

PYMNTS.com, Threat Report Mention: That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.

Industry News

Tenet Says, ‘Cybersecurity Incident’ Disrupted Hospital Operations

Healthcare Dive: Tenet is one of the largest US for-profit health systems. It reported that it suffered a cybersecurity incident last week, which disrupted some acute care operations. According to the statement issued Tuesday by the Texas-based operator, most critical functions have been restored, and affected facilities are beginning normal operations. Tenet did not disclose the nature or extent of the incident or the affected facilities. It also didn’t say whether hackers accessed any patient data.

SC Media and CBSNews affiliate WEPC offered additional details on the incident, reporting that the attack forced caregivers to chart patient care using paper because the network’s phone and computer systems were down. As a result, the company’s “acute care operations” at Good Samaritan Hospital in West Palm Beach and St. Mary’s Medical Center were temporarily interrupted.

Cyberattacks Rage in Ukraine, Support Military Operations

Threat Post: At most, five advanced persistent threats (APTs) are believed to be behind attacks tied to ground campaigns that aim to harm Ukraine’s digital infrastructure. Five state-sponsored APT groups are behind the attacks on Ukraine that started in February. The groups used the cyberattacks against Ukraine strategically to support the ground campaign. Microsoft published research on Wednesday that revealed that Russia had state-sponsored the APTs in the campaign.

Separate reports this week shed light on cyberattacks against Ukrainian digital assets carried out by APTs linked to Russia. Microsoft researchers have found that six distinct Russia-aligned threat agents carried out 237 cyber operations, resulting in threats to civilian welfare. They also attempted to launch dozens of cyber espionage attempts against Ukrainian targets.

US Intel, Google Warn of Cyberattacks from China, Russia, North Korea

Newsweek: In the past month, intelligence agencies, President Joe Biden and large companies such as Google all issued the same warning — sounding alarms about the growing threat of cyberattacks coming from foreign governments. Christopher Wray, Director of the Federal Bureau of Investigation, stated that the People’s Republic of China and the Chinese Communist Party are the biggest threats to the country’s counterintelligence. He said they target our innovation, trade secrets, and intellectual property at a scale never before seen in history. According to Google’s Threat Analysis Group (TAG), Iran, North Korea and Russia are the top cyberattacks on the US.

Fighting Fake EDRs with ‘Credit Ratings’ for Police

Krebs On Security: The Krebs security team recently examined how cybercriminals used hacked email accounts of police departments worldwide to obtain warrantless Emergency Data Requests from technology providers and social media companies. Many security experts called it an insurmountable problem. Matt Donahue is a former FBI agent who recently left the agency to start a startup to help tech companies screen out fraudulent law enforcement data requests. This includes assigning credit ratings or trustworthiness to law enforcement agencies worldwide.

Manufacturer Sues JPMorgan After Cybercriminals Stole $272m

Computer Weekly: Essilor Manufacturing sued JP Morgan, alleging that the bank failed to report suspicious activity, leading cybercriminals to steal $272 million. According to reports, Ray-Ban sunglasses’ French manufacturer claimed that the bank failed to notify them of suspicious activity in New York. As a result, the manufacturer claimed an increase in money transactions and money sent to offshore companies in high-risk countries in papers filed in Manhattan federal court.

State Dept Offering $10 Million For Information on Russian Cybercriminals

The Hill: The State Department has announced it is offering a reward of up to $10 million for information on a group of Russian cybercriminals. The department released a press release on Tuesday stating that its Rewards for Justice program (RFJ) is looking for information about six people who are allegedly involved in a criminal conspiracy involving malicious hacking activities that affect the critical infrastructure of the United States. According to the State Department, these individuals were part of a criminal conspiracy that infected computers with destructive malware in June 2017. The malware was called NotPetya.

Cybercriminals Using New Malware Loader’ Bumblebee’ in the Wild

Hacker News: The cybercriminals who were previously seen delivering IcedID and BazaLoader as part of their malware campaigns may have switched to a new loader called Bumblebee, which is currently actively being deployed. Researchers report that Bumblebee may be the new multifunctional tool of choice for spreading malware based on cybercriminals’ timing and early proliferation of the loader. The new loader was distributed in March 2022. There are overlaps between malicious activity and Conti ransomware deployments.

Predictive Analytics could be the Future of Cybersecurity

Analytics Insight: While it might not be possible to prevent every data breach, it is possible to minimize the risk. Even the most skilled cyber professionals admit that it is impossible to control all data breaches. It is impossible to stop determined hackers from getting into systems. This is not because they are too sophisticated; even the most experienced security professionals fall prey to human error. Nevertheless, it is possible to minimize the risk, which is good news. Organizational leaders must accept this fact as soon as possible. It is best to assume that data breaches will happen and set up cyber defenses to reduce the damage. A crisis checklist can help prepare for the worst.

In Case You Missed It

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi

Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi

Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell

Cybersecurity News & Trends

Cybersecurity News & Trends

This week, SonicWall generated an excellent balance of press ink for the 2022 SonicWall Cyber Threat Report, product mentions, Bill Conner, and two articles that feature the company and its products. Very well done! In industry news, we see that Microsoft is taking the hacks of its MSO line of products very seriously and showing some success. Hackers claim to have hacked several Russian institutions with a “barrage” of cyberattacks. Meanwhile, hackers “DeFi” cryptocurrency security measures with new attacks. And among the top state-sponsored cyber hackers, North Korea earns recognition as the truly weirdest.

SonicWall News

How To Choose the Best VPN For Security and Privacy

CSO Magazine, Product Mention: For example, SonicWall’s Mobile Connect supports Ping, Okta and OneLogin identity providers.

Privacy Coin Monero’s Use in Ransomware Fuels Growing Security Concerns

PYMNTS.com, Threat Report Mention: That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.

Ransomware Is on the Way and Backups Are Your Best Defense

The New Stack, SonicWall Threat Report Mentioned: You may ask, “Is ransomware really that bad?” It is. Last year, network security vendor SonicWall called 2021 The Year Of Ransomware thanks to an average of 1,748 ransomware attempts per customer by the end of September. Altogether SonicWall reported spotting a crazy 495 million ransomware attempts by the end of September.

Work to Secure Hawaii’s Digital Future

Honolulu Daily Advertiser, SonicWall Threat Report Mentioned: SonicWall’s 2022 Cyber Threat Report revealed that Hawaii is one of the top 10 riskiest states for malware.

The Funky Pigeon Pauses All Orders After ‘Security Incident’

The Register, SonicWall’s Bill Conner Quoted: Another example of how relentless cybercriminals are in their search for profit. Holding victim organizations’ business hostage uniquely impacts retailers and other organizations that provide daily, direct services to their customers. Such attacks directly affect the victim’s revenue generation and thus provide additional leverage to the attackers.

Ransomware Prevention for State & Local Governments

Tech Register, 2022 Threat Report Mention: According to the 2022 Cyber Threat Report from SonicWall, two industries saw large spikes in malware in 2021: healthcare (121 percent) and government (94 percent). In North America, ransomware rose 104 percent in 2021, according to the report, just under the 105 percent average increase worldwide.

Today’s Firewall is More Important in a Multi-Perimeter World; New Cornerstone for Enterprise Security

SME Channels, SonicWall feature: With increasing numbers of devices and remote workers, enterprises are facing even more daunting challenges in protecting the business. Many enterprises, educational institutions, and government agencies have deployed several stand-alone appliances and disjointed defenses, which include traditional firewalls.

Manage and Secure Access to SonicWall NSv with JumpCloud

Security Boulevard, Blog Featuring SonicWall NSv: SonicWall firewalls are widely used by managed service providers (MSPs) to provide affordable and effective perimeter security. The NSv is a next-generation firewall that runs in the cloud, or as a virtualized device in your data center, thereby reducing the costs of buying an appliance. JumpCloud reduces the management overhead for your IT department.

Ransomware Response: 5 Steps to Protect Your Business

Security Boulevard, SonicWall Cyber Threat Report Mention: Last year was the most costly and dangerous year on record for businesses dealing with ransomware attacks. That’s according to network security experts, SonicWall, who by Q3 2021 were reporting an almost 150% year-on-year increase in ransomware attacks worldwide.

Industry News

Microsoft Is on the Hunt for Cyber Criminals

Tech-Co: In a story also reported by Microsoft and Hacker News, big moves against hackers have at least disrupted their activities for now. Microsoft’s Digital Crimes Unit obtained a court order by the United States District Court of the Northern District of Georgia to allow us to take control of 65 domains the ZLoader Gang used to control, grow and communicate with their botnet. These domains have been directed to a Microsoft sinkhole, where they are no longer available for criminal botnet operators. In addition, Zloader embeds a domain generation algorithm in the malware. This allows Zloader to create additional domains that can be used as a backup or fallback communication channel. The court order also allows Microsoft to control 319 other DGA domains.

During the group’s investigation, they discovered that Denis Malikov, from Simferopol, Crimea, was one of the criminals responsible for creating a component in the ZLoader botnet used to distribute ransomware. The group notes that the legal action was the culmination of months of investigations that began before the conflict in the region.

Microsoft claimed that the operation was carried out in partnership with ESET and Lumen’s Black Lotus Labs. Palo Alto Networks Unit 42 and Avast.

WIRED Magazine cautions that while actions like these are heartening, this is no time to be complacent. According to SonicWall’s 2022 Cyber Threat Report, ATTACKS in the United States and all over the globe reached a fever pitch by 2021. Private companies and governments have made the most comprehensive promises to stop such attacks and eliminate the cybercriminal community. These efforts have been highlighted by a flurry of activity over the past weeks. Nevertheless, cybercrime remains at an all-time high, and researchers warn that there is no one solution.

Hackers Claim to Target Russian Institutions in Barrage of Cyberattacks and Leaks

New York Times: Hackers claim that they have hacked into Russian institutions dozens of times in the last two months. This includes the Kremlin’s internet censor and one of its primary intelligence services. In an extraordinary hack-and-leak campaign, they also leaked internal documents and emails to the public.

The leaked information includes names of Russian soldiers that operated in Bucha, where there was a massacre of civilians and agents of FSB (a principal Russian intelligence agency), along with other identifying information such as dates of birth and passport numbers.

Many of the data are difficult to verify by nature. The FSB is an intelligence agency. The FSB is an intelligence agency and would not confirm the identity of its officers. Even the organizations that distributed the data warned that files taken from Russian institutions might contain malware, manipulated, or faked information, and other tripwires.

Researchers say that some data could also be recycled from prior leaks and presented new to boost hackers’ credibility artificially. The data could also be propaganda, which is not unusual for Russia and Ukraine’s ongoing cyberconflict.

Hackers’ DeFi’ Threat Risk Expectations with New Attack Vectors In Crypto

SC Media: In recent years, Decentralized finance platforms (DeFi) have seen much popularity. They have attracted much attention from the bad guys, too.

According to research by Chainalysis, cryptocurrency transfers from illegal digital wallets have risen nearly 2,000% to the DeFi platform between 2020 and 2021. Although malfeasance is decreasing, cryptocurrency and DeFi networks are booming. Chainalysis found that 2021 was the third year in a row where cryptocurrency exchanges didn’t process more than half their transactions for bad actors. Chainalysis also discovered $8.6 billion worth of cryptocurrency transferred from illegal wallets to services between 2021 and 2021.

This is a growing problem for crypto finance as a whole. Nearly $3.2 Billion has been stolen by DeFi systems. $1.3 Billion was taken during the first quarter. Two years ago, DeFi was responsible for less than 30% of all digital data stolen. According to Chainalysis research, hackers took 97% of the cryptocurrency stolen this year from DeFi platforms.

Among Top Hacking Nations, North Korea’s The Weirdest

Washington Post: North Korea is a standout among the global pantheon of government-backed hackers. Not only does it have a lot of activity, and the weirdness also makes it stand out in the hacker world. Hackers are more likely than others to steal cryptocurrency. Most of the money is used to finance the nation’s nuclear program and other government operations.

The Lazarus Group, Pyongyang’s most prominent hacking gang, has recently been in the news for its brazen theft of more than $600 million in cryptocurrency via the Axie Infinity video game. This is just the latest in a series of significant cryptocurrency thefts.

But things get more bizarre, especially when contrasted by other state hacks that usually target US and Euro government offices. For example, North Korea’s 2014 hack of a movie theater — Sony Pictures Entertainment — was to settle a dispute over a negative portrayal of its dictator Kim Jong Un.

Reuters reported further that the UN monitors of North Korean sanctions enforcement reported that cybercrime was vital for Pyongyang’s ability to finance banned weapons programs. UN body stated that cyber activity was essential for North Korea to evade UN sanctions and raise money for its missile and nuclear programs. However, the biannual reports of the experts’ panel did not reflect this because member states were reluctant to report breaches.

 

In Case You Missed It

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi

Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi

Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell

How SonicWall ZTNA protects against Log4j (Log4Shell) – Rishabh Parmar

Cybersecurity News & Trends

SonicWall continues to generate a steady flow of hits from various industry and trade publications and bloggers. In general cybersecurity news, some folks in the cyber security community are uncomfortable with a loophole found in the Cybersecurity Act of 2022. Another news item raises more concern for a rapidly developing threat for US energy companies. Meanwhile, the feds shut down a hacker’s marketplace; a UK government office apologized for an email breach; more malware grief for Microsoft windows and the hacker group NB65 claims they used Russian malware tools to hack the Russian space agency.


SonicWall News

Ransomware Response: 5 steps to Protect Your Business

Security Boulevard: Last year was the most costly and dangerous year on record for businesses dealing with ransomware attacks. That’s according to network security experts, SonicWall, who by Q3 2021 were reporting an almost 150% year-on-year increase in ransomware attacks worldwide.

Russia-Ukraine Conflict: The Time for Cyber Security Is Now

Seeking Alpha: “According to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to a total of 623.3M attacks. Encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.”

Panasonic Canadian Operations Suffer Data Breach

Security Magazine: According to SonicWall’s 2022 Cyber Threat Report, governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

Clumio Protect releases turnkey ransomware protection solution for Amazon DynamoDB

VentureBeat: The announcement comes as ransomware attacks are on the rise, with SonicWall researchers recording 623.2 million ransomware attempts in 2021, an increase of 105% from the year before.

Cyber Threats And Ransomware Attacks Surge As The Government And Private Industry Try To Keep Up

Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and is up 232% since 2019. We hear from a cybersecurity expert about what’s being done by the government and the private sector to push back against the flood of digital and online threats.

Enterprise Infrastructure VPN: Which solution is best?

IDG Connect: In a review of SonicWall Netextender, the author says that SonicWall “enforces granular access policies and extends network access through native clients. It also enhances firewall encryption and security by redirecting all client traffic through VPN.”

Rise of RaaS

Professional Security Magazine: In fact, the number of ransomware attacks has been so frequent that SonicWall’s 2022 Cyber Threat Report revealed governments worldwide saw an 1,885 per cent increase in 2021.

Industry News

Cybersecurity Act of 2022: A Step in the Right Direction with a Significant Loophole

Dark Reading: Recently, the Strengthening American Cybersecurity Act 2022 passed without any partisan debate, such are the cyberthreats facing the United States and the rest of the world. Most cybersecurity communities were pleased to see Congress quickly act on this critical issue. However, some were alarmed by a loophole in the legislation that may hinder a basic tenet of the bill to share cyber security information across all platforms to increase cybersecurity. This loophole includes a complete exclusion of DNS services from reporting requirements and other obligations required of all other companies and entities. This article explains what appears to be an astonishing and deliberate omission in detail. MeriTalk posted a related story. The CISA will roll out a new protected Domain Name System technology (DNS) in 2022 under the Trusted Internet Connections program. Although the new DNS technology will strengthen protections, there are no provisions to share WHOIS or other DNS operations or make cyber security incidents easier to report and track.

US Warns Energy Firms of A Rapidly Advancing Hacking Threat

EnergyWire/E&E News: US intelligence services and the Department of Energy reported that “custom-made malware” was discovered targeting electricity and natural gas infrastructure systems. The FBI and CISA issued a joint alert urging energy companies to strengthen their cybersecurity defenses against a possible attack that could gain “full system access.” This news comes after the Ukrainian government announced Tuesday that it had stopped an attack by the “Sandworm,” an elite Russian hacking group, to disrupt industrial control systems (ICS) that run high-voltage substations. It is possible that the attack would have caused temporary power outages to 2 million people if it had been successful (MIT Technology Review). ARS Technica reports that the FBI and CISA have discovered a “Swiss Army Knife” that can hack industrial control systems. The hack tool, dubbed “Pipedream”, is a versatile malware toolkit designed explicitly for refineries and power grids. This report follows a CISA “shields-up” alert regarding cybersecurity awareness that Forbes reported in February.

Feds Shut Down RaidForums Hacking Marketplace

ThreatPost: US law enforcement shut down the largest cybercriminal online forum in the world and announced federal charges against 21-year-old Portuguese citizen Diogo Santos Coelho on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. Security professionals pointed out that hackers will still be able to buy and sell data stolen from cyber-attacks. However, this takedown is unlikely to cause a lasting disruption. Tuesday, the Department of Justice (DoJ) announced that it had seized three domains to shut down RaidForums, an English-language online marketplace used by cybercriminals to purchase and sell databases taken from companies through ransomware or other cyber-attacks. According to a Tuesday press release, the domains that federal agents seized after they obtained judicial authorization were “raidforums.com,” “Rf.ws” and “Raid.lol”.

Home Office’s Visa Service Apologizes for Email Address Data Breach

The Guardian: The UK’s Home Office’s Visa Service has apologized for a data breach that saw the email addresses of over 170 people accidentally copied into an email sent last week. On 7 April 2022, a message was sent to more than 170 addresses about the need to change the location of a visa appointment with the UK Visa and Citizenship Application Service. Private contractor Sopra Steria manages the UKVCAS on behalf of the Home Office. Some email addresses looked like personal Gmail accounts, while others were associated with lawyers from various firms.

Investigation Into A Computer Breach Involves City Officials And Employees

Fox News (Cleveland): An investigation is ongoing into a computer security breach in the City of Cleveland. Multiple sources claimed it occurred on Saturday. A message was sent to officials and employees of the city, stating that it had been reported. The message said, “We have identified an account compromised on our network trying to harvest log-in passwords.”

Advisory: Hackers Are Using a Simple Trick To Hide Their Windows Malware

ZDNet: Microsoft exposed Tarrask as malware likely to have been created by a state-sponsored hacking organization in China. The program targets Windows computers and makes invisible software updates. The malware was attributed to Hafnium by the Windows maker, the same hacking group that the US and UK blamed for the Exchange Server hacks last year. Tarrask malware causes Windows to run unscheduled tasks and can be installed on Windows machines and remain there undetected after a reboot. The malware uses the Windows Task Scheduler, which admins can use to automate tasks like software updates for browsers or other apps. However, in this instance, the attackers are the ones using it.

Anonymous-Affiliated Hacking Group Used Russia’s Own Ransomware Against Russian Space Agency

Daily Mail (UK): Last month, Anonymous-affiliated Network Battalion 65 claimed it had stolen files from Russia’s space agency Roscosmos. It claimed it also had taken down Roscosmos satellites. Dmitry Rogozin, the head of the Agency, denied that it had lost control over its systems and called out the group’s claims as a scam. However, according to a wide swath of cybersecurity experts, Russia-watchers, and verified by several news outlets, the ransomware ‘Conti’ was indeed used by the NB65 group in a successful hack of Roscosmos. This draws us to the last bit of irony: Conti originates from a Russian cyber-crime organization of the same name.


In Case You Missed It

Cybersecurity News & Trends

SonicWall keeps up the pressure in global trade news with more ink for the 2022 SonicWall Cyber Threat Report and general mentions from online magazines that cater to cybersecurity vendors. In cybersecurity news, several topics received strong coverage: analysis of the vulnerabilities found in data centers and an inside perspective on the US-China cyberwar. In other news, a breakdown of three major SaaS attacks, Block (formerly Square) reports a massive breach of customer data, Russian-state media hacked by Anonymous, and the FBI says they stopped a Russian Botnet attack.


SonicWall News

Cyber Threats Surge as Government And Private Industry Try To Keep Up

NPR-Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and has been up 232% since 2019. We hear from cybersecurity experts on what’s being done by the government and the private sector to push back against the flood of digital and online threats.

How can Healthcare Prepare for a “WannaCry 2”?

Healthcare Innovations: Governments worldwide saw a 1,885% increase in ransomware attacks in 2021, and the healthcare industry faced a 755% increase in those attacks, according to the SonicWall 2022 Cyber Threat Report. Of the victims, the United States came out on top. Most of these attacks have been found to have originated in Russia.

Russia-Ukraine Conflict: The Time for Cybersecurity Is Now

Seeking Alpha: Cybersecurity has always been a concern for individuals, corporations, and governments. However, the current conflict exacerbates the broader trend of attacks as they continue to increase in size, volume, and sophistication. This poses significant financial, reputational, and legal risks for the agencies targeted. For example, according to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to 623.3M attacks. In addition, encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.

Buncombe County IT Requests Extra Funding to Bolster Cybersecurity

ABC 13 News (North Carolina): Buncombe County’s IT department wants to enhance its cyberdefense. County commissioners will consider a request from Buncombe County IT for $225,197 to augment and strengthen the county’s cybersecurity program. Governments worldwide saw a 1,885% increase in ransomware attacks, according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company.

Mafia Moves: How to Combat Ransomware Extortion

Security Magazine (Event Announcement): Ransomware is big business, and no company is immune. In fact, ransomware attacks doubled last year, jumping 105% compared to 2020 (SonicWall). A ransomware attack can devastate a company by encrypting all its data and offering only one viable path to recovery: money. In this session, we will walk you through the anatomy of a ransomware attack, where you will learn step by step what to expect.

Ransomware Response: 5 Steps to Protect Your Business

Techspective: Last year was the most costly and dangerous year for businesses dealing with ransomware attacks. According to network security experts, by Q3 2021, SonicWall was reporting an almost 150% increase in ransomware attacks worldwide.

SonicWall: Security That Can be Licensed

CRN (Poland): SonicWall celebrated its 30th-anniversary last year. During this time, he developed solutions that make up an integrated security environment that has gained the recognition of industry experts and millions of satisfied customers worldwide.

SonicWall’s Next-Generation Wi-Fi Solution for Small And Medium-Sized Enterprises

BCN (Japan): With the promotion of workstyle reforms and the scourge of corona, even small and medium-sized enterprises are becoming more mobile within the company. However, the security measures of the introduced Wi-Fi products are vulnerable, and there are conspicuous dangerous cases where they are exposed to the risk of unauthorized access and malware from the outside. SonicWall Japan’s enterprise Wi-Fi solution has advanced security functions that provide real-time protection from known / unknown threats and management tasks that reduce person-hours at the time of introduction and significantly reduce the time and effort of the administrator.

Industry News

Physical Infrastructure Cybersecurity: A Growing Problem for Data Centers

Facility managers have more control over modern data center infrastructure management platforms (also known as ‘DCIM’) and other tools. As a result, managing data centers is now more efficient, scalable, faster and more effective than ever before. And, as it turns out, their physical infrastructure is now more vulnerable to cyberattacks than ever before. According to DataCenterKnowledge, research revealed that thousands of data center management systems were exposed to the Internet. Any attacker who has access to infrastructure management platforms may be able to manipulate cooling systems, which can cause servers to overheat and damage critical components. They could also upload malicious backup files or disrupt backup processes. In addition, The Hacker News reported that attackers can now remotely hack and disable uninterruptible power supply systems if they have dashboards accessible via the Internet. Dark Reading noted that the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) distributed a joint alert last week that threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices typically via default username and password combinations.

Russian-Backed Hackers Spreading Disinformation on Facebook

The Hill: A new Facebook report found that government-affiliated hackers from Russia and Belarus attempted to use the social media platform for cyber espionage and disinformation campaigns targeting Ukrainians. The hackers attacked the Ukrainian telecom industry and defense and energy sectors. They also targeted tech platforms, journalists, activists, and tech platforms. Facebook claimed it had stopped a disinformation campaign associated with the Belarusian KGB. It posted that Ukrainian troops were surrendering and that leaders fled the country after Russia invaded. The tech company claimed it had disabled the account and ended the campaign the same day. In a related report, CNN reported that Ukrainian soldiers found their Facebook accounts targeted by hackers, some posing as journalists and independent news outlets online to push Russian talking points, running coordinated campaigns to get posts by critics of Russia removed from social media. And The Verge reported that hackers also planted false reports of a Ukrainian surrender into on-screen messages during live broadcast news. Though such statements are quickly disproved, experts have suggested that their purpose is to erode Ukrainians’ trust in media.

Hacked: Inside the US-China Cyberwar

AlJazeera: The United States has a long history of cyberespionage. However, cyberespionage has also been a long-standing problem for the government and private businesses in the United States. The Chinese government has been enhancing its technological, economic and military capabilities to be a global leader in cyberwarfare since the late 90s. Experts claim that China is now welcoming its citizen hacker group as a resource to combat aggressive actions by US-based attackers. Once thought to be patriotic internet nerds, Chinese hackers emerge in the mainstream as China and the US fight in cyberspace. There are also many allegations that Chinese hackers are state-sponsored. In a separate report, Bloomberg says suspected state-sponsored Chinese hackers recently targeted India’s power generation sector as part of an apparent ongoing cyber-espionage campaign.

Breaking Down 3 SaaS App Cyber Attacks in 2022

The Hacker News: Three major tech companies, Okta and HubSpot, reported data breaches last week. The first two were performed by DEV-0537 (also known as LAPSUS$). This highly skilled group uses state-of-the-art attack vectors with great success. The identity of the HubSpot attackers was not revealed. This article is on our recommended reading list. It provides a solid forensic examination of the evidence behind the three breaches, based on publicly available information with best practices that could help reduce the chance of attacks for other companies bracing for more attacks.

Block Confirms Cash App Breach After Former Employee Accessed US Customer Data

TechCrunch: Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some US customer information. In a filing with the Securities and Exchange Commission (SEC) on April 4, Block — formerly known as Square — said that the reports were accessed by the insider on December 10. Mashable reported separately that the company notified 8.2 million US customers of the data breach, noting that the compromised data included their customers’ full names and brokerage portfolio values.

Anonymous Affiliate NB65 Breached State-Run Russian Broadcaster

HackRead: NB65 (Network Battalion 65) is a hacker group linked with the Anonymous hacktivist collective. The group claims to have breached the servers of Russian state-run television and radio broadcaster called the “All-Russia State Television and Radio Broadcasting Company” (VGTRK). The data leak reportedly contains 4,000 files and more than 900,000 emails from VGTRK.

FBI Says It Disrupted Russian Hackers

Reuters: The FBI says that its cyber defense unit wrested control of thousands of routers and firewall appliances away from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices, US officials said on Wednesday. An unsealed redacted affidavit described the unusual operation as a pre-emptive move to stop Russian hackers from mobilizing the compromised devices into a “botnet” – a network of hacked computers that can bombard other servers with rogue traffic. FoxNews reports that the attack involved thousands of infected network hardware devices under the control of a threat actor known as Sandworm, which the US government previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The Daily Mail (UK) added that the FBI stopped the attack by hijacking the same infrastructure Moscow’s spies used and stopping the botnet in its tracks. It’s important to note the unusual nature of this operation, a pre-emptive move to prevent some Russian hackers from mobilizing the compromised devices. ‘Botnet’ is a network of hacked computers that can bombard servers with traffic.


In Case You Missed It

Cybersecurity News & Trends

Not only did we pick up more news hits for the 2022 SonicWall Cyber Threat Report, SonicWall saw global reports on the fantastic record-breaking year for its channel partners. Industry news in cybersecurity and hacking didn’t take a pause last week. First, the health care equipment manufacturer Philips discovered a vulnerability in products that use an e-alert system. We’ll wait to see if that item gets more airplay next week. Second, Crypto hackers stole more than $600 million from Axie Infinity’s Ronin gaming network – and this is a new record haul. Finally, we found an excellent overview and summary of the “Strengthening American Cybersecurity Act” legislation this month. And in other news, Chinese hackers target VMware with Deep Panda, and hackers are abusing fake emergency subpoenas to force companies to give up important information.


SonicWall News

Apple Forced to Issue Emergency Fixes for Two Zero-Days

IT Wire: Apple issued emergency fixes for two zero-day vulnerabilities that were being exploited in the wild and affected iPhones, iPads, and Macs. In the same report, over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

Cyber Security Risks and Companies’ Readiness

Financial Times: Research from cyber security company SonicWall supports a more positive outlook [that major business recognizes the risks]. “From mid-2020 to 2021, the number of CEOs who said cyber security risks were the biggest threat to short-term growth nearly doubled,” said SonicWall chief executive Bill Conner in its recent cyber threat report.

Cyber Heroes Prepare for Battle

RED/MSU Denver: The bad guys – cybercriminals, in this case – appear to be winning. Ransomware attacks have risen 62% worldwide since 2019 and by nearly 160% in North America, according to a 2021 SonicWall Cyber Threat Report. Last year’s attack on Colonial Pipeline was among those which crippled energy infrastructure that delivers about 45% of fuel for the East Coast. As for the good guys: There aren’t enough of them.

World Backup Day: Building a Tiered Backup Strategy for Ransomware Recovery

ToolBox: In 2021, SonicWall recorded an alarming 623.3 million ransomware attacks globally, averaging 2,170 attempts per customer. With each attack aimed at exploiting weaknesses in IT networks and endpoint devices to inject ransomware, organizations can’t afford to lower their guard for a moment.

Can The Financial Sector Manage Hybrid Working Security?

Finance Monthly: Ransomware is not the only threat, of course. Today, a wide range of attack methods need to be considered and resisted. For example, SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.

Digital Rights Management Market is Growing at A Rate Of 17% With The Rise In Security Concerns

Globe Newswire (TBRC Business Research): according to the 2021 Cyber Threat Report by SonicWall, there has been a 62% increase in ransomware since 2019. This number is still rising as cybersecurity attacks become more complex and challenging to detect. Digital rights management is also used by healthcare organizations and financial services firms to ensure compliance with data privacy and protection standards such as HIPAA (Health Insurance Portability and Accountability) and the Gramm-Leach-Bliley Act (GLB Act or GLBA). Hence, the rise in security concerns is expected to create avenues for the digital rights management market growth.

Mitigating Security Risks Posed by Hybrid Working

TechRadar Pro: A wide range of attack methods need to be considered and resisted. SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.

SonicWall Posts Record-Breaking Year as Channel Partners Thrive with Unparallel Product Demand

Yahoo Finance (Cision Press Release): Today, SonicWall announced that 2021 was its best year. Propelled by delivering high-demand products, including the evolution of its Generation 7 next-generation firewalls and a laser focus on its customers, SonicWall showed record levels of sales and profitability in 2021.

SonicWall Creció Un 20% En Iberia, Ayudado Por Sus Más De 900 Partners

IT User (Spain): La compañía cuenta a nivel global con más de 17.000 partners activos, que han aumentado su cuota de mercado en franjas de precios y segmentos de mercado clave. SonicWall ha aumentado un 33% su cartera de nuevos clientes y un 45% las ventas en nuevos clientes, y ha registrado un aumento del 10% en los ingresos recurrentes anuales de los partners.

El Canal Ayuda a SonicWall a Cosechar en 2021 El Mejor Resultado De Su Historia

Dealer World (Spain): De histórico se puede calificar el año 2021 para SonicWall, que se ha traducido en los mejores resultados en la historia de la compañía. Resultados que se han visto impulsados por la venta de productos de alta demanda, incluida la evolución de sus firewalls de próxima generación, Generation 7, y un enfoque 100% dirigido al cliente, SonicWall logró niveles récord de ventas y rentabilidad en 2021; y especialmente por el trabajo de su Canal.

SonicWall Hace Frente a Las Ciberamenazas e Incrementa Las Oportunidades De Los Canales

Reseller 15 Años (Mexico): Basado en el Informe de Ciberamenazas 2022 de SonicWall, el fabricante líder en Inteligencia de Amenazas de ransomware, compartió el trabajo que está realizando junto con sus socios para enfrentar el aumento de casi todas las amenazas monitoreadas, ciberataques y ataques digitales maliciosos, donde se incluye el ransomware, las amenazas cifradas, el malware IoT y cryptojacking.

SonicWall Live-Webinar: Meet the Cybersecurity Requirements of Hybrid Working Models

InfoPoint Security (Germany): Join the SonicWall MINDHUNTER series and learn from security expert Stephan Kaiser what business and security challenges this fast-growing and dynamic IT landscape poses for your IT managers.

SonicWall Reports Record Year for Products and Channel Engagement

Channel Life (Australia): SonicWall has reported its best year on record, attributing its new range of products, customer focus and successful channel engagement. Despite challenging economic conditions, the company posted strong financial results, strengthening its pipeline growth. They reported a 33% increase in new customer growth and a 45% increase in recent customer sales.

Industry News

Philips Issues Cybersecurity Warning Over e-Alert MRI Monitoring System

Fierce BioTech: Philips is currently facing a possible hacking risk following discovering a vulnerability in its eAlert MRI monitoring systems. This could be a significant event due to the high use of Philips medical instruments in the U.S. The e-Alert system has sensors that monitor MRI machines and issues alarms when specific parameters are exceeded. These include temperature and humidity in the technical and exam rooms and the status of the machine’s power supply. They also monitor the chiller, cryo-compressor, and helium levels. In addition, magnet placement is also observed.

Hackers Steal Over $600 Million From Video Game Axie Infinity’s Ronin network

CNN: A new crypto-hack has taken out a gaming-oriented blockchain network that supports Axie Infinity. In one of the most significant crypto hacks, hackers stole approximately $625 million in Ethereum and USDC, two currencies. According to a company blog post, attackers stole private keys used to verify transactions on the network. Malicious actors used these keys to create fake withdrawals. The malicious actors were able to forge fake withdrawals. According to the blog post, the network promised to “ensure that no users’ funds were lost.” The company stated that most of the stolen funds are still in the crypto wallet of the hacker.

Three Cybersecurity Fundamentals Businesses Get Wrong

Forbes: What do all businesses, regardless of industry and size, have in common? They are at risk from cybersecurity attacks like ransomware and customer data breaches. These attacks can cause financial ruin for businesses and force them to close. Hiscox, an insurance company, found that cyberattacks had affected one in six companies. At the same time, when businesses spend a lot of money to protect themselves from these types of attacks, they often do it without a plan. Written by a cybersecurity professional who claims to have worked with many financial institutions, this article is well worth reading. It has the perspective of a cybersecurity professional and offers essential insights that many businesses are dealing with today.

An Overview of the Strengthening American Cybersecurity Act

J.D. Supra: President Joe Biden signed the Strengthening American Cybersecurity Act on March 15, 2022. This overview gives us a concise understanding of the act’s provisions and how they may affect business. For instance, the reviewer notes that the act focuses on the need for rapid disclosures and solid protections for private-sector workers in the cybersecurity field. This legislation establishes a cyber incident and ransomware response protocol for businesses that operate in many core sectors of the U.S. economic system. These industries include communications, financial services, chemical, communication, energy, food & agricultural, government facilities and healthcare, transportation and waste management. The law is not only targeted at organizations that are critical infrastructure but will also have wide-reaching consequences for all businesses.

Local Cybersecurity Gaining Traction

S.C. Media: StateScoop reports on local cybersecurity information sharing and resource sharing. Federal support via the $1 billion cybersecurity grant program has led to increased cyber collaboration among local governments, according to Michael Makstman, San Francisco Chief Information Security Officer, and Greg McCarthy, Boston CISO. As a result, they co-founded The Coalition of City CISOs.

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

Hacker News: Deep Panda, a persistent Chinese threat, has been observed exploiting Log4Shell vulnerability on VMware Horizon servers. This was to install a backdoor and a novel rootkit onto infected machines to steal sensitive data. Deep Panda is also known as Shell Crew, KungFu Kattens and Bronze Firestone. Recent attacks “targeting technology providers for command and control infrastructure building,” according to Secureworks.

Hackers Abusing Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security: Criminal hackers have discovered a terrifying new “method” to steal sensitive customer data from Internet service providers and phone companies. This involves hacking into email accounts linked to government agencies and police departments, then sending unauthorized requests for subscriber information while claiming that the requested information cannot wait for a court order as it is an urgent matter of life or death. The Verge reported that Apple and Meta gave user data to hackers, who feigned emergency request orders usually sent by law enforcement. Both companies gave out user data to hackers in the middle of the massive surge in hacks SonicWall reported last year.

Suppose federal, state, or local law enforcement agencies want to know who owns a particular account at a social networking firm or which Internet addresses that account has used previously? In that case, they must submit a court-ordered warrant. This notification forges that entire legal process. Most of these bad actors who make these fake requests are teenagers. According to Bloomberg, cybersecurity researchers believe the teen mastermind behind Lapsus$ hacking organization may have inspired the group to take this type of action. Another group called the Recursion Team might be responsible for last year’s string of similar attacks. While the group has since disbanded, they have some members who joined Lapsus$ under different names. Bloomberg was informed by officials involved in the investigation that hackers had accessed accounts in several countries and targeted numerous companies over a few months beginning in January 2021.


In Case You Missed It