Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
We’re nearing the end of January, and SonicWall is still roaring into headlines. Read about the NSsp 15700’s “superpowers,” as described by the folks at iTWire, and see how CyberSecurityInsider breaks down some of our latest threat intelligence. Take a look at MedTechDive citing some of our data and see TechTarget’s piece on one of our partners.
This week has been busy for industry news. The FBI has taken down the ransomware gang known as Hive, and we have information from Dark Reading, Axios and Reuters. Security Week reports that German airports, banks and government have been hit with Killnet DDoS attacks. TechCrunch reports that backups have been stolen from a breach at LastPass. At Hacker News, we’re hearing about vulnerabilities in Samsung’s Galaxy app store on Android. Bleeping Computer is reporting that Microsoft OneNote attachments are the latest trend in email-based malware.
CyberSecurityInsiders, SonicWall News: 2022 saw a shifting cybersecurity landscape as rising geopolitical conflicts brought new tactics, targets and goals for cybercrime. According to recent threat intelligence from SonicWall, global ransomware attempts declined 31% YoY as cybercriminals and nation-state actors opted for never-before-seen malware variants, IoT malware, and cryptojacking in attacks motivated by financial gain and state-sponsored hacktivism.
MedTechDive, SonicWall News: Ransomware attacks in which cybercriminals attempt to extort money declined by 23% overall during the first half of 2022 but increased 328% in healthcare, according to data from cybersecurity company SonicWall.
TechTarget, SonicWall News: Logically’s MSSP offerings include extended detection and response, endpoint detection and response, and MDR; enterprise-level managed firewall services; and cybersecurity assessments, according to Skeens. The company runs a SOC. The company’s IT security technology partners include SonicWall.
iTWire, SonicWall News: iTWire really could go on and on; the list of features is almost endless. There is a database of applications for intelligent packet analysis, support for IoT devices, DNS protection and more. However, the best thing right now is to take it for a spin yourself. You can demo the SonicWall NSsp series firewalls online without any installation or commitment and see all the features and benefits in action.
Strategic Risk, SonicWall News: There were 623 million ransomware attacks globally in 2021 according to SonicWall, representing a 105% year-on-year increase. The UK saw a 228% surge and a 65% increase in never-before-seen malware.
Business Info, SonicWall News: Network security devices are essential for any business. They establish a firewall that will protect internal networks from external threats, such as attacks from the internet. The SonicWall TZ270 uses patented Real-Time Deep Memory Inspection (RTDMI) to prevent cyber-attacks.
Silicon, SonicWall News: Speaking to Silicon UK, Rick Meder, VP of Strategic Partnerships and Platform Architecture at SonicWall, commented: “With most employees no longer within the protected perimeter of a traditional corporate network, the basic secure access tools in place for remote access workers have become quickly inadequate. The potential attack surface expands exponentially, oversight by security staff is met with extreme challenges, and policy complexity reaches levels like never before. Efforts to uphold an adequate security posture while maintaining workforce productivity quickly become overwhelming.”
The Register, SonicWall News: SonicWall in October 2022 said that it saw a 31 percent drop in ransomware attacks in the first nine months of the year, but that also was coming off record numbers recorded in 2021. CEO Robert VanKirk at the time told The Register there was an “unstable cyberthreat landscape” fed by expanded attack surfaces, growing numbers of threats, and a tense geopolitical environment that included the Russia’s attack on Ukraine. The CEO also noted that even though the numbers in 2022 were down, they were still higher than in any year but 2021.
Silicon, SonicWall News: Immanuel Chavoya, emerging threat expert at cybersecurity company SonicWall, believes new AI software will give threat actors the ability to quickly exploit vulnerabilities and reduce the technical expertise required “down to a five-year-old level.”
AMB Crypto, SonicWall News: “The research titled “2022 SonicWall Cyber Threat Report” from cybersecurity company SonicWall claims that cryptojacking attacks have increased in the banking sector by 269% year-to-date. This figure is nearly five times higher than cyberattacks directed at the retail sector. According to the study from SonicWall, the total number of cryptojacking incidents increased by 30% to 66.7 million in the first half of 2022.”
Silicon Republic, SonicWall News: “Spencer Starkey, channel sales EMEA VP for SonicWall, predicts that healthcare and education will be among the sectors most targeted by cyberattacks in 2023. The cybersecurity company claims the healthcare sector saw a 328% year-on-year increase in ransomware attacks last year.”
City AM, SonicWall News: “Terry Greer-King, Head of EMEA at SonicWall, a cybersecurity firm, linked this cyber incident to declining cyber safety in the UK. Greene told City Am: “The cyber incident at the Royal Mail shows that the public sector, like all other industries, is still vulnerable to mass cyberattack. As legacy IT concerns become more apart across the UK’s public sector, the state of its cybersecurity is still a main topic that must be addressed, especially after 2021 brought a 94% increase in malware on the global government sector. As a service that people and businesses alike depend on day-to-day, ensuring its digital infrastructure remains secure must be a top priority. To truly safeguard national public-sector cybersecurity, the government must take real concerted action now,” he added.
Russia-backed Hacker Group Killnet Attacks German Infrastructure
After Germany agreed to send aid to Ukraine in the form of tanks, the Russia-backed cybercriminal gang known as Killnet attacked airports, banks and government offices in Germany with DDoS attacks. While the attack was instigated by Killnet, it is likely that more people took part in it. Killnet announced the attack on Wednesday following Germany’s announcement of sending aid to Ukraine. According to Security Week, Germany is on high alert for cybercriminal activity due to the geopolitical unrest in Europe.
FBI Hacks Hive Ransomware Gang
In perhaps the week’s biggest news, the U.S. government has busted the infamous Hive ransomware gang. The group has been extremely active since it first appeared in 2021. According to Dark Reading, the gang has been operating a ransomware-as-a-service (RaaS) platform. The gang does not discriminate, as they have attacked schools, infrastructure and businesses alike. According to the U.S. Department of Justice, they have been infiltrating Hive’s systems since July 2022 and have captured their decryption keys. According to Reuters, this move from the FBI may have saved victims up to $130 million. Government hackers were able to break into Hive’s networks and distribute their decryption keys to victims across the world. The government hackers warned the victims in advance so they could take precautions against Hive. Hive was one of the most notorious cybercriminal gangs in the world. They typically extorted international businesses and demanded huge cryptocurrency payments in return.
According to Axios, this move from the DoJ is one of the most significant moves the U.S. government has taken against a ransomware gang. Before now, the U.S. has been tight-lipped about its operations against cybercriminal gangs. In the wake of the attack on the Colonial Pipeline in 2021, ransomware has become a priority for the U.S. government. The FBI’s director, Christopher Wray, said the investigation into Hive is still ongoing. It’s unclear how large of a dent this will make in global ransomware attacks, but one thing is certain – it’s a good day to be fighting against cybercriminals.
GoTo Encrypted Backups Stolen in LastPass Breach
GoTo, the parent company of the popular password manager LastPass, has revealed that customers’ encrypted backup data was stolen during a recent breach. According to LastPass, the attackers used information that was stolen during an incident in August 2022. According to TechCrunch, the breach also impacted several of GoTo’s products, including its VPN tool, Hamachi. GoTo CEO Paddy Srinivasan said, “The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor authentication settings, as well as some product settings and licensing information.” Srinivasan also said GoTo is advising impacted customers to reset passwords and MFA settings.
Samsung’s Galaxy App Store Security Flaws
NCC Group has discovered two security flaws in Samsung’s Galaxy app store on Android. The vulnerabilities could allow threat actors to direct users to bogus landing pages or even install malicious apps on the user’s device. Hacker News reports that Samsung has patched the vulnerability to stop unauthorized access. These vulnerabilities only affect users who are running Android 12 or any version before that. Users who are running Android 13 are unaffected.
Microsoft OneNote Attachments Now Being Used to Spread Malware
Threat actors are now able to infect remote access users with phishing malware using OneNote attachments, according to Bleeping Computer. In the past, attackers have been able to attach malicious Excel and Word files to emails which ran macros on the infected computers to install malware. Microsoft has since disabled macros by default, which has forced threat actors to look elsewhere for getting malicious files from point A to point B. TrustWave SpiderLabs began warning users in December about OneNote files being used in this way. Fortunately, OneNote has been able to recognize these files and warn users not to open them. However, some users have ignored the warning and opened the malicious files anyways. The best way to protect yourself is to not open files from anyone you don’t know.
Celebrating 2023 With Expanded “3 & Free” – Matt Brennan
The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman
Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah
SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald
A New Era of Partnering to Win – Robert (Bob) VanKirk
Multiply Your Security with Multifactor Authentication – Amber Wolff