Posts

Cybersecurity News & Trends – 04-15-22

SonicWall continues to generate a steady flow of hits from various industry and trade publications and bloggers. In general cybersecurity news, some folks in the cyber security community are uncomfortable with a loophole found in the Cybersecurity Act of 2022. Another news item raises more concern for a rapidly developing threat for US energy companies. Meanwhile, the feds shut down a hacker’s marketplace; a UK government office apologized for an email breach; more malware grief for Microsoft windows and the hacker group NB65 claims they used Russian malware tools to hack the Russian space agency.


SonicWall News

Ransomware Response: 5 steps to Protect Your Business

Security Boulevard: Last year was the most costly and dangerous year on record for businesses dealing with ransomware attacks. That’s according to network security experts, SonicWall, who by Q3 2021 were reporting an almost 150% year-on-year increase in ransomware attacks worldwide.

Russia-Ukraine Conflict: The Time for Cyber Security Is Now

Seeking Alpha: “According to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to a total of 623.3M attacks. Encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.”

Panasonic Canadian Operations Suffer Data Breach

Security Magazine: According to SonicWall’s 2022 Cyber Threat Report, governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

Clumio Protect releases turnkey ransomware protection solution for Amazon DynamoDB

VentureBeat: The announcement comes as ransomware attacks are on the rise, with SonicWall researchers recording 623.2 million ransomware attempts in 2021, an increase of 105% from the year before.

Cyber Threats And Ransomware Attacks Surge As The Government And Private Industry Try To Keep Up

Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and is up 232% since 2019. We hear from a cybersecurity expert about what’s being done by the government and the private sector to push back against the flood of digital and online threats.

Enterprise Infrastructure VPN: Which solution is best?

IDG Connect: In a review of SonicWall Netextender, the author says that SonicWall “enforces granular access policies and extends network access through native clients. It also enhances firewall encryption and security by redirecting all client traffic through VPN.”

Rise of RaaS

Professional Security Magazine: In fact, the number of ransomware attacks has been so frequent that SonicWall’s 2022 Cyber Threat Report revealed governments worldwide saw an 1,885 per cent increase in 2021.

Industry News

Cybersecurity Act of 2022: A Step in the Right Direction with a Significant Loophole

Dark Reading: Recently, the Strengthening American Cybersecurity Act 2022 passed without any partisan debate, such are the cyberthreats facing the United States and the rest of the world. Most cybersecurity communities were pleased to see Congress quickly act on this critical issue. However, some were alarmed by a loophole in the legislation that may hinder a basic tenet of the bill to share cyber security information across all platforms to increase cybersecurity. This loophole includes a complete exclusion of DNS services from reporting requirements and other obligations required of all other companies and entities. This article explains what appears to be an astonishing and deliberate omission in detail. MeriTalk posted a related story. The CISA will roll out a new protected Domain Name System technology (DNS) in 2022 under the Trusted Internet Connections program. Although the new DNS technology will strengthen protections, there are no provisions to share WHOIS or other DNS operations or make cyber security incidents easier to report and track.

US Warns Energy Firms of A Rapidly Advancing Hacking Threat

EnergyWire/E&E News: US intelligence services and the Department of Energy reported that “custom-made malware” was discovered targeting electricity and natural gas infrastructure systems. The FBI and CISA issued a joint alert urging energy companies to strengthen their cybersecurity defenses against a possible attack that could gain “full system access.” This news comes after the Ukrainian government announced Tuesday that it had stopped an attack by the “Sandworm,” an elite Russian hacking group, to disrupt industrial control systems (ICS) that run high-voltage substations. It is possible that the attack would have caused temporary power outages to 2 million people if it had been successful (MIT Technology Review). ARS Technica reports that the FBI and CISA have discovered a “Swiss Army Knife” that can hack industrial control systems. The hack tool, dubbed “Pipedream”, is a versatile malware toolkit designed explicitly for refineries and power grids. This report follows a CISA “shields-up” alert regarding cybersecurity awareness that Forbes reported in February.

Feds Shut Down RaidForums Hacking Marketplace

ThreatPost: US law enforcement shut down the largest cybercriminal online forum in the world and announced federal charges against 21-year-old Portuguese citizen Diogo Santos Coelho on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. Security professionals pointed out that hackers will still be able to buy and sell data stolen from cyber-attacks. However, this takedown is unlikely to cause a lasting disruption. Tuesday, the Department of Justice (DoJ) announced that it had seized three domains to shut down RaidForums, an English-language online marketplace used by cybercriminals to purchase and sell databases taken from companies through ransomware or other cyber-attacks. According to a Tuesday press release, the domains that federal agents seized after they obtained judicial authorization were “raidforums.com,” “Rf.ws” and “Raid.lol”.

Home Office’s Visa Service Apologizes for Email Address Data Breach

The Guardian: The UK’s Home Office’s Visa Service has apologized for a data breach that saw the email addresses of over 170 people accidentally copied into an email sent last week. On 7 April 2022, a message was sent to more than 170 addresses about the need to change the location of a visa appointment with the UK Visa and Citizenship Application Service. Private contractor Sopra Steria manages the UKVCAS on behalf of the Home Office. Some email addresses looked like personal Gmail accounts, while others were associated with lawyers from various firms.

Investigation Into A Computer Breach Involves City Officials And Employees

Fox News (Cleveland): An investigation is ongoing into a computer security breach in the City of Cleveland. Multiple sources claimed it occurred on Saturday. A message was sent to officials and employees of the city, stating that it had been reported. The message said, “We have identified an account compromised on our network trying to harvest log-in passwords.”

Advisory: Hackers Are Using a Simple Trick To Hide Their Windows Malware

ZDNet: Microsoft exposed Tarrask as malware likely to have been created by a state-sponsored hacking organization in China. The program targets Windows computers and makes invisible software updates. The malware was attributed to Hafnium by the Windows maker, the same hacking group that the US and UK blamed for the Exchange Server hacks last year. Tarrask malware causes Windows to run unscheduled tasks and can be installed on Windows machines and remain there undetected after a reboot. The malware uses the Windows Task Scheduler, which admins can use to automate tasks like software updates for browsers or other apps. However, in this instance, the attackers are the ones using it.

Anonymous-Affiliated Hacking Group Used Russia’s Own Ransomware Against Russian Space Agency

Daily Mail (UK): Last month, Anonymous-affiliated Network Battalion 65 claimed it had stolen files from Russia’s space agency Roscosmos. It claimed it also had taken down Roscosmos satellites. Dmitry Rogozin, the head of the Agency, denied that it had lost control over its systems and called out the group’s claims as a scam. However, according to a wide swath of cybersecurity experts, Russia-watchers, and verified by several news outlets, the ransomware ‘Conti’ was indeed used by the NB65 group in a successful hack of Roscosmos. This draws us to the last bit of irony: Conti originates from a Russian cyber-crime organization of the same name.


In Case You Missed It

Cybersecurity News & Trends – 04-08-22

SonicWall keeps up the pressure in global trade news with more ink for the 2022 SonicWall Cyber Threat Report and general mentions from online magazines that cater to cybersecurity vendors. In cybersecurity news, several topics received strong coverage: analysis of the vulnerabilities found in data centers and an inside perspective on the US-China cyberwar. In other news, a breakdown of three major SaaS attacks, Block (formerly Square) reports a massive breach of customer data, Russian-state media hacked by Anonymous, and the FBI says they stopped a Russian Botnet attack.


SonicWall News

Cyber Threats Surge as Government And Private Industry Try To Keep Up

NPR-Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and has been up 232% since 2019. We hear from cybersecurity experts on what’s being done by the government and the private sector to push back against the flood of digital and online threats.

How can Healthcare Prepare for a “WannaCry 2”?

Healthcare Innovations: Governments worldwide saw a 1,885% increase in ransomware attacks in 2021, and the healthcare industry faced a 755% increase in those attacks, according to the SonicWall 2022 Cyber Threat Report. Of the victims, the United States came out on top. Most of these attacks have been found to have originated in Russia.

Russia-Ukraine Conflict: The Time for Cybersecurity Is Now

Seeking Alpha: Cybersecurity has always been a concern for individuals, corporations, and governments. However, the current conflict exacerbates the broader trend of attacks as they continue to increase in size, volume, and sophistication. This poses significant financial, reputational, and legal risks for the agencies targeted. For example, according to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to 623.3M attacks. In addition, encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.

Buncombe County IT Requests Extra Funding to Bolster Cybersecurity

ABC 13 News (North Carolina): Buncombe County’s IT department wants to enhance its cyberdefense. County commissioners will consider a request from Buncombe County IT for $225,197 to augment and strengthen the county’s cybersecurity program. Governments worldwide saw a 1,885% increase in ransomware attacks, according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company.

Mafia Moves: How to Combat Ransomware Extortion

Security Magazine (Event Announcement): Ransomware is big business, and no company is immune. In fact, ransomware attacks doubled last year, jumping 105% compared to 2020 (SonicWall). A ransomware attack can devastate a company by encrypting all its data and offering only one viable path to recovery: money. In this session, we will walk you through the anatomy of a ransomware attack, where you will learn step by step what to expect.

Ransomware Response: 5 Steps to Protect Your Business

Techspective: Last year was the most costly and dangerous year for businesses dealing with ransomware attacks. According to network security experts, by Q3 2021, SonicWall was reporting an almost 150% increase in ransomware attacks worldwide.

SonicWall: Security That Can be Licensed

CRN (Poland): SonicWall celebrated its 30th-anniversary last year. During this time, he developed solutions that make up an integrated security environment that has gained the recognition of industry experts and millions of satisfied customers worldwide.

SonicWall’s Next-Generation Wi-Fi Solution for Small And Medium-Sized Enterprises

BCN (Japan): With the promotion of workstyle reforms and the scourge of corona, even small and medium-sized enterprises are becoming more mobile within the company. However, the security measures of the introduced Wi-Fi products are vulnerable, and there are conspicuous dangerous cases where they are exposed to the risk of unauthorized access and malware from the outside. SonicWall Japan’s enterprise Wi-Fi solution has advanced security functions that provide real-time protection from known / unknown threats and management tasks that reduce person-hours at the time of introduction and significantly reduce the time and effort of the administrator.

Industry News

Physical Infrastructure Cybersecurity: A Growing Problem for Data Centers

Facility managers have more control over modern data center infrastructure management platforms (also known as ‘DCIM’) and other tools. As a result, managing data centers is now more efficient, scalable, faster and more effective than ever before. And, as it turns out, their physical infrastructure is now more vulnerable to cyberattacks than ever before. According to DataCenterKnowledge, research revealed that thousands of data center management systems were exposed to the Internet. Any attacker who has access to infrastructure management platforms may be able to manipulate cooling systems, which can cause servers to overheat and damage critical components. They could also upload malicious backup files or disrupt backup processes. In addition, The Hacker News reported that attackers can now remotely hack and disable uninterruptible power supply systems if they have dashboards accessible via the Internet. Dark Reading noted that the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) distributed a joint alert last week that threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices typically via default username and password combinations.

Russian-Backed Hackers Spreading Disinformation on Facebook

The Hill: A new Facebook report found that government-affiliated hackers from Russia and Belarus attempted to use the social media platform for cyber espionage and disinformation campaigns targeting Ukrainians. The hackers attacked the Ukrainian telecom industry and defense and energy sectors. They also targeted tech platforms, journalists, activists, and tech platforms. Facebook claimed it had stopped a disinformation campaign associated with the Belarusian KGB. It posted that Ukrainian troops were surrendering and that leaders fled the country after Russia invaded. The tech company claimed it had disabled the account and ended the campaign the same day. In a related report, CNN reported that Ukrainian soldiers found their Facebook accounts targeted by hackers, some posing as journalists and independent news outlets online to push Russian talking points, running coordinated campaigns to get posts by critics of Russia removed from social media. And The Verge reported that hackers also planted false reports of a Ukrainian surrender into on-screen messages during live broadcast news. Though such statements are quickly disproved, experts have suggested that their purpose is to erode Ukrainians’ trust in media.

Hacked: Inside the US-China Cyberwar

AlJazeera: The United States has a long history of cyberespionage. However, cyberespionage has also been a long-standing problem for the government and private businesses in the United States. The Chinese government has been enhancing its technological, economic and military capabilities to be a global leader in cyberwarfare since the late 90s. Experts claim that China is now welcoming its citizen hacker group as a resource to combat aggressive actions by US-based attackers. Once thought to be patriotic internet nerds, Chinese hackers emerge in the mainstream as China and the US fight in cyberspace. There are also many allegations that Chinese hackers are state-sponsored. In a separate report, Bloomberg says suspected state-sponsored Chinese hackers recently targeted India’s power generation sector as part of an apparent ongoing cyber-espionage campaign.

Breaking Down 3 SaaS App Cyber Attacks in 2022

The Hacker News: Three major tech companies, Okta and HubSpot, reported data breaches last week. The first two were performed by DEV-0537 (also known as LAPSUS$). This highly skilled group uses state-of-the-art attack vectors with great success. The identity of the HubSpot attackers was not revealed. This article is on our recommended reading list. It provides a solid forensic examination of the evidence behind the three breaches, based on publicly available information with best practices that could help reduce the chance of attacks for other companies bracing for more attacks.

Block Confirms Cash App Breach After Former Employee Accessed US Customer Data

TechCrunch: Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some US customer information. In a filing with the Securities and Exchange Commission (SEC) on April 4, Block — formerly known as Square — said that the reports were accessed by the insider on December 10. Mashable reported separately that the company notified 8.2 million US customers of the data breach, noting that the compromised data included their customers’ full names and brokerage portfolio values.

Anonymous Affiliate NB65 Breached State-Run Russian Broadcaster

HackRead: NB65 (Network Battalion 65) is a hacker group linked with the Anonymous hacktivist collective. The group claims to have breached the servers of Russian state-run television and radio broadcaster called the “All-Russia State Television and Radio Broadcasting Company” (VGTRK). The data leak reportedly contains 4,000 files and more than 900,000 emails from VGTRK.

FBI Says It Disrupted Russian Hackers

Reuters: The FBI says that its cyber defense unit wrested control of thousands of routers and firewall appliances away from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices, US officials said on Wednesday. An unsealed redacted affidavit described the unusual operation as a pre-emptive move to stop Russian hackers from mobilizing the compromised devices into a “botnet” – a network of hacked computers that can bombard other servers with rogue traffic. FoxNews reports that the attack involved thousands of infected network hardware devices under the control of a threat actor known as Sandworm, which the US government previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The Daily Mail (UK) added that the FBI stopped the attack by hijacking the same infrastructure Moscow’s spies used and stopping the botnet in its tracks. It’s important to note the unusual nature of this operation, a pre-emptive move to prevent some Russian hackers from mobilizing the compromised devices. ‘Botnet’ is a network of hacked computers that can bombard servers with traffic.


In Case You Missed It

Cybersecurity News & Trends – 04-01-22

Not only did we pick up more news hits for the 2022 SonicWall Cyber Threat Report, SonicWall saw global reports on the fantastic record-breaking year for its channel partners. Industry news in cybersecurity and hacking didn’t take a pause last week. First, the health care equipment manufacturer Philips discovered a vulnerability in products that use an e-alert system. We’ll wait to see if that item gets more airplay next week. Second, Crypto hackers stole more than $600 million from Axie Infinity’s Ronin gaming network – and this is a new record haul. Finally, we found an excellent overview and summary of the “Strengthening American Cybersecurity Act” legislation this month. And in other news, Chinese hackers target VMware with Deep Panda, and hackers are abusing fake emergency subpoenas to force companies to give up important information.


SonicWall News

Apple Forced to Issue Emergency Fixes for Two Zero-Days

IT Wire: Apple issued emergency fixes for two zero-day vulnerabilities that were being exploited in the wild and affected iPhones, iPads, and Macs. In the same report, over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

Cyber Security Risks and Companies’ Readiness

Financial Times: Research from cyber security company SonicWall supports a more positive outlook [that major business recognizes the risks]. “From mid-2020 to 2021, the number of CEOs who said cyber security risks were the biggest threat to short-term growth nearly doubled,” said SonicWall chief executive Bill Conner in its recent cyber threat report.

Cyber Heroes Prepare for Battle

RED/MSU Denver: The bad guys – cybercriminals, in this case – appear to be winning. Ransomware attacks have risen 62% worldwide since 2019 and by nearly 160% in North America, according to a 2021 SonicWall Cyber Threat Report. Last year’s attack on Colonial Pipeline was among those which crippled energy infrastructure that delivers about 45% of fuel for the East Coast. As for the good guys: There aren’t enough of them.

World Backup Day: Building a Tiered Backup Strategy for Ransomware Recovery

ToolBox: In 2021, SonicWall recorded an alarming 623.3 million ransomware attacks globally, averaging 2,170 attempts per customer. With each attack aimed at exploiting weaknesses in IT networks and endpoint devices to inject ransomware, organizations can’t afford to lower their guard for a moment.

Can The Financial Sector Manage Hybrid Working Security?

Finance Monthly: Ransomware is not the only threat, of course. Today, a wide range of attack methods need to be considered and resisted. For example, SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.

Digital Rights Management Market is Growing at A Rate Of 17% With The Rise In Security Concerns

Globe Newswire (TBRC Business Research): according to the 2021 Cyber Threat Report by SonicWall, there has been a 62% increase in ransomware since 2019. This number is still rising as cybersecurity attacks become more complex and challenging to detect. Digital rights management is also used by healthcare organizations and financial services firms to ensure compliance with data privacy and protection standards such as HIPAA (Health Insurance Portability and Accountability) and the Gramm-Leach-Bliley Act (GLB Act or GLBA). Hence, the rise in security concerns is expected to create avenues for the digital rights management market growth.

Mitigating Security Risks Posed by Hybrid Working

TechRadar Pro: A wide range of attack methods need to be considered and resisted. SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.

SonicWall Posts Record-Breaking Year as Channel Partners Thrive with Unparallel Product Demand

Yahoo Finance (Cision Press Release): Today, SonicWall announced that 2021 was its best year. Propelled by delivering high-demand products, including the evolution of its Generation 7 next-generation firewalls and a laser focus on its customers, SonicWall showed record levels of sales and profitability in 2021.

SonicWall Creció Un 20% En Iberia, Ayudado Por Sus Más De 900 Partners

IT User (Spain): La compañía cuenta a nivel global con más de 17.000 partners activos, que han aumentado su cuota de mercado en franjas de precios y segmentos de mercado clave. SonicWall ha aumentado un 33% su cartera de nuevos clientes y un 45% las ventas en nuevos clientes, y ha registrado un aumento del 10% en los ingresos recurrentes anuales de los partners.

El Canal Ayuda a SonicWall a Cosechar en 2021 El Mejor Resultado De Su Historia

Dealer World (Spain): De histórico se puede calificar el año 2021 para SonicWall, que se ha traducido en los mejores resultados en la historia de la compañía. Resultados que se han visto impulsados por la venta de productos de alta demanda, incluida la evolución de sus firewalls de próxima generación, Generation 7, y un enfoque 100% dirigido al cliente, SonicWall logró niveles récord de ventas y rentabilidad en 2021; y especialmente por el trabajo de su Canal.

SonicWall Hace Frente a Las Ciberamenazas e Incrementa Las Oportunidades De Los Canales

Reseller 15 Años (Mexico): Basado en el Informe de Ciberamenazas 2022 de SonicWall, el fabricante líder en Inteligencia de Amenazas de ransomware, compartió el trabajo que está realizando junto con sus socios para enfrentar el aumento de casi todas las amenazas monitoreadas, ciberataques y ataques digitales maliciosos, donde se incluye el ransomware, las amenazas cifradas, el malware IoT y cryptojacking.

SonicWall Live-Webinar: Meet the Cybersecurity Requirements of Hybrid Working Models

InfoPoint Security (Germany): Join the SonicWall MINDHUNTER series and learn from security expert Stephan Kaiser what business and security challenges this fast-growing and dynamic IT landscape poses for your IT managers.

SonicWall Reports Record Year for Products and Channel Engagement

Channel Life (Australia): SonicWall has reported its best year on record, attributing its new range of products, customer focus and successful channel engagement. Despite challenging economic conditions, the company posted strong financial results, strengthening its pipeline growth. They reported a 33% increase in new customer growth and a 45% increase in recent customer sales.

Industry News

Philips Issues Cybersecurity Warning Over e-Alert MRI Monitoring System

Fierce BioTech: Philips is currently facing a possible hacking risk following discovering a vulnerability in its eAlert MRI monitoring systems. This could be a significant event due to the high use of Philips medical instruments in the U.S. The e-Alert system has sensors that monitor MRI machines and issues alarms when specific parameters are exceeded. These include temperature and humidity in the technical and exam rooms and the status of the machine’s power supply. They also monitor the chiller, cryo-compressor, and helium levels. In addition, magnet placement is also observed.

Hackers Steal Over $600 Million From Video Game Axie Infinity’s Ronin network

CNN: A new crypto-hack has taken out a gaming-oriented blockchain network that supports Axie Infinity. In one of the most significant crypto hacks, hackers stole approximately $625 million in Ethereum and USDC, two currencies. According to a company blog post, attackers stole private keys used to verify transactions on the network. Malicious actors used these keys to create fake withdrawals. The malicious actors were able to forge fake withdrawals. According to the blog post, the network promised to “ensure that no users’ funds were lost.” The company stated that most of the stolen funds are still in the crypto wallet of the hacker.

Three Cybersecurity Fundamentals Businesses Get Wrong

Forbes: What do all businesses, regardless of industry and size, have in common? They are at risk from cybersecurity attacks like ransomware and customer data breaches. These attacks can cause financial ruin for businesses and force them to close. Hiscox, an insurance company, found that cyberattacks had affected one in six companies. At the same time, when businesses spend a lot of money to protect themselves from these types of attacks, they often do it without a plan. Written by a cybersecurity professional who claims to have worked with many financial institutions, this article is well worth reading. It has the perspective of a cybersecurity professional and offers essential insights that many businesses are dealing with today.

An Overview of the Strengthening American Cybersecurity Act

J.D. Supra: President Joe Biden signed the Strengthening American Cybersecurity Act on March 15, 2022. This overview gives us a concise understanding of the act’s provisions and how they may affect business. For instance, the reviewer notes that the act focuses on the need for rapid disclosures and solid protections for private-sector workers in the cybersecurity field. This legislation establishes a cyber incident and ransomware response protocol for businesses that operate in many core sectors of the U.S. economic system. These industries include communications, financial services, chemical, communication, energy, food & agricultural, government facilities and healthcare, transportation and waste management. The law is not only targeted at organizations that are critical infrastructure but will also have wide-reaching consequences for all businesses.

Local Cybersecurity Gaining Traction

S.C. Media: StateScoop reports on local cybersecurity information sharing and resource sharing. Federal support via the $1 billion cybersecurity grant program has led to increased cyber collaboration among local governments, according to Michael Makstman, San Francisco Chief Information Security Officer, and Greg McCarthy, Boston CISO. As a result, they co-founded The Coalition of City CISOs.

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

Hacker News: Deep Panda, a persistent Chinese threat, has been observed exploiting Log4Shell vulnerability on VMware Horizon servers. This was to install a backdoor and a novel rootkit onto infected machines to steal sensitive data. Deep Panda is also known as Shell Crew, KungFu Kattens and Bronze Firestone. Recent attacks “targeting technology providers for command and control infrastructure building,” according to Secureworks.

Hackers Abusing Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security: Criminal hackers have discovered a terrifying new “method” to steal sensitive customer data from Internet service providers and phone companies. This involves hacking into email accounts linked to government agencies and police departments, then sending unauthorized requests for subscriber information while claiming that the requested information cannot wait for a court order as it is an urgent matter of life or death. The Verge reported that Apple and Meta gave user data to hackers, who feigned emergency request orders usually sent by law enforcement. Both companies gave out user data to hackers in the middle of the massive surge in hacks SonicWall reported last year.

Suppose federal, state, or local law enforcement agencies want to know who owns a particular account at a social networking firm or which Internet addresses that account has used previously? In that case, they must submit a court-ordered warrant. This notification forges that entire legal process. Most of these bad actors who make these fake requests are teenagers. According to Bloomberg, cybersecurity researchers believe the teen mastermind behind Lapsus$ hacking organization may have inspired the group to take this type of action. Another group called the Recursion Team might be responsible for last year’s string of similar attacks. While the group has since disbanded, they have some members who joined Lapsus$ under different names. Bloomberg was informed by officials involved in the investigation that hackers had accessed accounts in several countries and targeted numerous companies over a few months beginning in January 2021.


In Case You Missed It

Cybersecurity News & Trends – 03-25-22

This week, we continue to pick up new mentions for the 2022 SonicWall Cyber Threat Report, including an excellent product review for Capture Client by BizTech Magazine. Our own Debasish Mukherjee, Vice President of Regional Sales APAC, was interviewed by regional industry trade journal, Express Computer. Industry news remains largely focused on national reactions to the ongoing Ukrainian crisis, with President Biden issuing an ominous-sounding warning to businesses that evolving Russian cyber threats are “coming.” Some observers added to our collective fear that undersea cables used by nearly every country around the globe are vulnerable. Meanwhile, health data of almost 50 million Americans were compromised last year, HubSpot was breached, members of the gang that hacked Okta and Microsoft were arrested in the UK, and Nestlé denies Anonymous claims that it was hacked.


SonicWall News

Securing Information in A Boundless World Is Virtually Impossible

Express Computer: An exclusive interview with Debasish Mukherjee, Vice President, Regional Sales APAC, SonicWall Inc, shares the significance of new threats to cybersecurity and the impact on Indian companies while heavily citing the SonicWall Cyber Threat Report 2022.

Review: SonicWall Capture Client Makes Security Seamless

BizTech Magazine: A recent test of SonicWall’s advanced endpoint protection solution left us impressed with its ability to provide continuous behavioral monitoring, easy threat hunting, and a multilayered heuristic approach to determining potential network anomalies. It all combines to produce highly accurate determinations of active threats with very little noise or false positives.

Irish Charity Rehab Group Targeted by Cyberattack

Silicon Republic: SonicWall’s latest cyberthreat report highlighted the variety of cybersecurity threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Ransomware Attacks Rose 105% In 2021

Staffing Industry Analysts: There were 623 million ransomware attacks globally in 2021, an increase of 105% from the previous year, according to a report released last month by SonicWall, a San Jose, California-based cybersecurity firm. Separately, staffing firms can take steps to reduce the chance of becoming victims of such attacks.

Investing In Thematics: Big Data

Benzinga: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, citing data from the 2021 SonicWall Cyber Threat Report. The story uses the data to conclude that malicious attacks have real consequences for business, infrastructure, and end-users beyond lost data and operational disruptions.

Mobile Traffic Dominates with Spike In Digital Fraud

IT Wire: The past year has seen a meteoric rise in ransomware incidents worldwide. Over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

What Are the Biggest Ransomware Trends Facing US Businesses?

Insurance Business Magazine: SonicWall’s 2022 Cyber Threat Report described 2021 as “one of the worst years for ransomware ever recorded” as attack volume rose to a staggering 623.3 million. The number is equivalent to 2,170 ransomware attempts per customer and almost 20 attempts every second.

Big Data Cloud Computing and Cybersecurity

Seeking Alpha: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, according to the SonicWall Cyber Threat Report.

Microsoft And Okta Investigate Data Breach Claims

Silicon Republic: SonicWall’s latest cyberthreat report highlights the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Industry News

“It’s coming”: President Biden warns of “evolving” Russian cyber threat to US

CBS News: Monday’s warning by President Biden culminated with “evolving intelligence” that suggests Russia has explored options for cyberattacks against US critical infrastructure. Biden addressed the Business Roundtable, a group of some of America’s largest corporations. He also said that “the magnitude of Russia’s cyber capability is quite consequential… and it’s coming.” Although there is no evidence of a specific threat to cybersecurity, Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technologies, explained to reporters Monday that US officials had observed “preparatory works” linking to nation-state actors. This activity could indicate an increase in US companies scanning websites and searching for vulnerabilities.

Threat Looms of Russian Attack On Undersea Cables To Shut Down West’s Internet

France 24: The twin global crises of cyber warfare and war in Ukraine have revived fears of a digital catastrophe scenario in which Russia would take over the internet, destroying its undersea cables. Since the outbreak of the Ukrainian crisis, this possibility has been raised many times, even by military leaders. For example, according to Guardian newspaper, Admiral Tony Radakin of the British Armed Forces stated, in January 2022, that Moscow could “put at danger and potentially exploit the real world’s information system, which are undersea cables that run all around the globe.” The influential American think tank Atlantic Council shared Radakin’s theory and published an article about the possibility of the Kremlin cutting global internet cables.
Anyone looking to disrupt cybersecurity and global connectivity will find that there are more than 430 undersea Internet cables. These cables are often seen as the weakest link in the worldwide network. They “look like large garden hoses lying at sea,” according to Tobias Liebetrau, an expert in international relations at the Danish Institute for International Studies. Except for integrated surveillance systems, which can only send alerts if there’s danger nearby, the cables don’t have any special protection.

Russian Spies Indicted in Worldwide Hacks of Energy Industry, Including Kansas Nuclear Plant

Politico: The US Department of Justice claims that three Russian spies spent five years targeting 135 countries’ energy infrastructures to allow the Russian government remote control of power stations. Wired Magazine reported that the attacks spanned 2012 to 2014. According to an indictment in Kansas’s district court, the three FSB officers — Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov — conspired to conceal malware in software updates used to control power plant equipment. This tactic, along with others, allowed the accused agents to install malware on more than 17,000 devices worldwide. These attacks were disclosed previously in 2018.

HubSpot Data Breach Ripples Through Cryptocurrency Industry

Threat Post: A HubSpot rogue employee was fired for leaking information about cryptocurrency customers. More than 135,000 customers use HubSpot. Analysts suspect the breach could affect approximately 30 crypto-companies, including BlockFi, NYDIG, Swan Bitcoin, Circle, and Pantera Capital. The breach reminds us of the amount of data CRM systems can gobble up.

Health Data Breaches Swell In 2021 Amid Hacking Surge

Politico: According to analysis, nearly 50 million Americans saw their sensitive healthcare data compromised in 2021. This is a threefold increase over the previous three years. These cybersecurity incidents were reported by health care providers, insurers and state officials last year. According to the analysis, more than half of all states and Washington, DC had more than one in 10 residents affected by unauthorized access to their health data. Hacking was responsible for almost 75% of these breaches, up from 35% in 2016.

Alleged Microsoft, Okta Hackers Arrested In UK

The Hill: British authorities arrested seven individuals on Thursday suspected of hacking major tech companies, including Okta and Microsoft, also reported by Reuters. The individuals arrested are between the ages of 16 and 21 and are likely members of the hacking group. The Verge also reported that this group had taken responsibility for some major security breaches at tech companies, including NvidiaSamsung, and Ubisoft. On Wednesday, reports surfaced indicating an Oxford-based teenager is the mastermind of the group. City of London Police did not say if this teenager was among those arrested

Nestlé Denies Anonymous Hacked It

Fortune Magazine: Nestlé has denied claims that hacker collective Anonymous published sensitive information it stole from the Swiss food giant as punishment for doing business in Russia. Responding to increasing consumer pressure, Nestlé said it is reducing its offering of consumer brands in Russia, including Kit Kat and Nesquik, as quickly as possible in response to Vladimir Putin’s unprovoked war of aggression against Ukraine.


In Case You Missed It

Meeting the Cybersecurity Needs of the Hybrid Workforce

Not only is the hybrid workforce here to stay, but it’s growing as well. And along with it come massive business and technical challenges. In April, SonicWall’s senior solution engineer, Rajesh Agnihotri, will lead a webcast exploring these and other challenges.

Given the unprecedented growth of remote working, this edition of MindHunter is sure to draw an international audience of thought leaders and solutions professionals.

The Unstoppable Growth of the Hybrid Workforce

Most workforce professionals define a “hybrid workforce” as consisting of employees that work remotely (usually from home), those who work in an office setting, and those who work a combination of both.

According to Global Workplace Analytics, a business management firm in California, up to 30% of the American workforce is now considered “hybrid,” with expectations of 36.2 million Americans working remotely by 2025. The World Economic Forum reported that in Europe, less than 5% of the workforce worked remotely before the COVID pandemic. Today that number has risen to 12.3%, with Finland leading the way at more than 25%.

PriceWaterhouseCoopers released a study last year that shows remote work has been an overwhelming success for both employees and employers. But unfortunately, this success fuels growing worries from the people entrusted with protecting the company networks.

How the Hybrid Workforce Impacts Your Cybersecurity Posture

According to the 2022 SonicWall Cyber Threat Report, global ransomware attacks jumped dramatically in 2021, showing a 105% year-over-year increase. This includes massive spikes in a number of industries, including government (+1,885%), healthcare (755%) and education (152%.)

Yet, in a survey of remote workers conducted by the global information technology company Unisys, a shockingly small 61% of remote workers reported feeling primarily responsible for helping to maintain their organization’s digital security. For example, only 21% are on alert for sophisticated online threats in real-time, and about 39% of respondents to the Unisys survey admitted to not being wary of clicking suspicious links in their email.

AT&T surveyed 800 EMEA cybersecurity specialists in 2021 and found that 70% of large businesses (companies with 5,000 or more employees) believed that the hybrid remote work made them more susceptible to cyberattacks. Adding to their concern was an admission by 31% of the respondents that their biggest cybersecurity threat was employees working from home and using their own computers and IoT devices.

The AT&T survey also revealed that not all employers had taken basic steps towards improving cybersecurity. For example, 32% of employees say that their company has not implemented additional login protocols to protect against cyber-based threats. In addition, 50% also claim they have not needed additional cybersecurity training since moving to remote work.

Peeling Back the Onion on Layered Cybersecurity

In this webcast, participants will look squarely at the business and technological challenges presented by the hybrid workforce. The discussion will center around real-world solutions, and feature advice from IT management and cybersecurity experts on implementing layered cybersecurity.

Attendees will learn how these challenges apply to their role as IT managers and why they are increasingly relevant in the hybrid workforce environment.

  • Ways to deal with capacity and network traffic visibility issues when there are more users outside the office network than inside
  • How to deploy layered security when you’re not confident about the connected devices’ identity and nature
  • How solutions that follow the Secure Access Service Edge (SASE) model and Zero Trust Network Architecture (ZTNA) may address many concerns about the hybrid networking environment
  • Why SASE itself may advance IT cybersecurity readiness and effectiveness against advanced threats.

Learning and Exploring with Cybersecurity Thought Leaders

Considering how quickly the threat landscape has grown these past two years, we are in a race against time to implement better cybersecurity as the hybrid workforce augments the risks everyone faces.

This is your invitation to engage cybersecurity thought leaders and explore methods and techniques that can protect your business today.

Additional reading:

World Economic Forum, how many remote workers are there in different parts of Europe?

Apollo Technical, Statistics on Remote Workers that will Surprise you (2022);

Forbes, Cybersecurity Challenges Call For Ways To Secure Working Remote;

Cybersecurity News & Trends – 03-18-22

More business and trade journals mentioned the 2022 SonicWall Cyber Threat Report this week. One mention found its way into Silicon Republic’s report on Ubisoft’s company-wide password reset after the hack last week. Industry news this entire week was focused on the fallout from the Russia-Ukraine conflict. We found numerous reports on activist attempts to break through Russia’s “digital iron curtain,” with cybersecurity experts pleading for caution as the “cyber war” escalates. Today’s headlines include Russia facing an “unprecedented” wave of cyberattacks, a nine-year-old Microsoft flaw is back, hackers getting around multi-factor authentication, and the hybrid cyber war unfolds.


SonicWall News

Ubisoft Issues Company-Wide Password Reset After Hack

Silicon Republic: As previously reported, Gaming giant Ubisoft confirmed a “cybersecurity incident” where the ransomware group Lapsus$ claims to have disrupted games, systems and services. The company further confirmed that it initiated a company-wide password reset. As part of this report, Silicon Republic also cited SonicWall’s latest cyberthreat report, highlighting the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Putting Brakes on Cybersecurity Threats: Practical Strategies to Mitigate Cybersecurity Risk

National Law Review: Ransomware attacks frequently made headlines in 2021 and substantially impacted many US companies. In the first six months of last year alone, ransomware attacks on US companies were up 148% from 2020 (footnote: “SonicWall 2022 Cyber Threat Report”).

What are the biggest ransomware trends facing US businesses?

Insurance Business Magazine: The US alone accounted for more than two-thirds (67.6%) of all ransomware attacks worldwide last year as the nation logged almost 421.5 million hits – a 98% rise year-on-year, according to a new report by cybersecurity firm SonicWall.

SonicWall Cyber Threat Report Highlights That Ransomware Attacks Doubled In 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyber attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking. SonicWall researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105 percent increase. Ransomware volume has risen 232 percent since 2019. Following global trends, all industries faced significant increases in ransomware volume, including government (+1,885 percent), healthcare (755 percent), education (152 percent) and retail (21 percent).

Why Ransomware Attacks Steer Clear of the Cloud – 1

Martech Series: The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Why Ransomware Attacks Steer Clear of the Cloud – 2

Yahoo Finance: Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles. That attack was the latest example of ransomware’s threat to all industries. The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Cybersecurity Tool Positions Company in Trillion-Dollar Market

Digital Journal: Sonic Wall’s 2022 Cyber Threat Report shows that every category of cyberattack increased in volume throughout 2021. The number of encrypted threats spiked by 167% (10.4 million attacks), ransomware rose by 105% to 623.3 million attacks, cryptojacking rose by 19% (97.1 million attacks), intrusion attempts by 11% (a whopping 5.3 trillion) and IoT malware rose by 6% to 60.1 million attacks.

How to Become a Cybersecurity Pro: A Cheat Sheet

WOLL (Germany): Encrypted threats skyrocketed in 2021 by 229% (00.4 million attacks), ransomware up 103% to 623.3 million attacks, cryptojacking up 22% (33.1 million attacks), intrusion attempts up 10% (a whopping 5.3 trillion), and IoT malware increased 6% to 30.1 million attacks according to SonicWall’s Cyber ​​Threat Report.

Industry News

Hackers Try to Break Through Putin’s Digital Iron Curtain

Here are summaries from the several outlets reporting on this item. The headline from CNN is a culmination of worry from many who work in cybersecurity. Hackers and activists are trying to break through Putin’s digital iron curtain after Russia shut down Twitter and Facebook in the country. According to a report from The Guardian, Ukraine’s cyber-response to the Russian invasion has been bolstered by hackers organizing on the Telegram messaging app under the IT Army of Ukraine banner. In the meantime, amateur hackers are being warned of joining Ukraine’s “IT army” amid fears that activists could break the law or launch attacks that spiral out of control. More than 300,000 people have signed up to the group, including members outside Ukraine. Western officials said they would “strongly discourage” joining the group and participating in hacking activity against Russia.”

Ukraine’s cyber-offensive has had particular success with distributed denial of service (DDoS) attacks, in which websites are rendered unreachable by being bombarded with traffic. Russian government websites, including the Kremlin and the Duma, have been targeted in this way and Russia Today, the state-media-owned news service.

Anonymous, a hacking collective, has also claimed credit for DDoS attacks. Speaking of the Anonymous hacking collective, the GTSC Homeland Security newsletter says that the group has recently vowed to accelerate the cyberwar they declared on Russia last week. The goal, they say, is to paralyze the Russian government “by any means necessary.”

Experts and some officials are trying to warn people off from participating in any group actions such as a “cyber war.” They remind would-be joiners that cyber-attacks from the US or the UK break several laws in those countries, such as the Computer Fraud and Abuse Act in the US and the computer misuse act in the UK. “Whilst I totally understand the sentiment behind the actions of many in this IT army, two wrongs do not make a right. Not only might it be illegal but it runs the risk of playing into Putin’s hands by enabling him to talk about ‘attacks from the west’,” said Alan Woodward, a professor of cybersecurity at Surrey University.

And as reported by CNBC, cyberattacks worldwide are on the rise as hackers use the Russia-Ukraine war as a distraction. Incidents involving almost every kind of cybercrime have been on the rise since the war in Ukraine started. While many people look to nation-state actors as the primary drivers, threat actors take advantage of the distraction, ramping up their activities and extorting money from more and more victims.

Yet, celebrities like Arnold Schwarzenegger are applauding the effort, according to a story in The Mercury News. From the activist perspective, they are desperate to advance an information campaign to bring the truth to the Russian people about the war in Ukraine. “I love the Russian people. That is why I have to tell you the truth,” posted Schwarzenegger yesterday on Twitter.

Russian Government Websites Face ‘Unprecedented’ Wave of Hacking Attacks

Washington Post: Russian government websites and state-run media face an “unprecedented” wave of hacking attacks, the government said Thursday, prompting regulators to filter traffic coming abroad. The Ministry of Digital Development and Communications said the attacks were at least twice as powerful as any previous ones. It did not elaborate on what filtering measures had been implemented, but this has often meant barring Russian government websites to users abroad in the past. Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”

Ransomware Hackers Used AI Images, Microsoft Flaw in Campaign

Bloomberg: A group of ransomware hackers used various techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft Corp.’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet Inc.’s Google found.

In research published Thursday, the group, which Google refers to as Exotic Lily, is known as an initial access broker. Such groups specialize at breaking into corporate computer networks and then providing that access to other cybercriminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cybercriminal business strategy in which different hacking groups pool their resources to extort victims then split the proceeds. The Exotic Lily group sent over 5,000 malicious emails a day, Google observed, to as many as 650 organizations worldwide, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows. Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

Hackers Are Dodging Multi-Factor Authentication

ZD Net: Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim’s cloud and email.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. As early as May 2021, the hackers combined a default configuration issue in a Duo MFA setup at one organization with the critical Windows 10 PrintNightmare flaw CVE-2021-34481 to compromise it. Microsoft patched that elevation of privilege issue in August.

In one case, an organization allowed weak passwords, which were subsequently hacked using a typical password-guessing attack to gain the credentials for initial access. The attackers also used the fact that Duo MFA’s default configuration setting allows the enrollment of a new device for dormant accounts.

Hacktivists, Gangs, And Cyber Ops Locked in A Hybrid War

The Cyber Wire and other outlets note that cyber operations in this hybrid war have failed to develop into the catastrophes that seemed well within Russian capabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) and its FBI partners have continued to update the guidance they’ve issued on the wiper malware observed in sporadic use against Ukrainian targets. The Globe and Mail reports that Canadian authorities offer comparable advice to their country’s own businesses. Yet, in 2016 and 2017 attacks on sections of the Ukrainian power grid, Russia had shown the ability to mount large-scale and destructive operations against its neighbor. But so far, the cyber war has been limited to relatively confined wiper attacks (cyberattacks that wipe out digital device memory) and influence operations with disinformation. The Washington Post describes the relatively quiet cyber front, noting that the situation could change at any time.


In Case You Missed It

Cybersecurity News & Trends – 03-11-22

Reports on new attacks have dropped off a bit, but the 2022 SonicWall Cyber Threat Report continues to appear in many general and vertical business journals. Meanwhile, in industry news, the SEC is pushing out updated rules to improve cybersecurity transparency among public entities in the general news. Ubisoft and Samsung says they were hacked. In Ubisoft’s case, player information is safe, but Samsung saw thousands of employee credentials released to the dark web and hackers now have the algorithms they need to unlock Samsung biometric security measures. Plus, a vulnerability was found in APC uninterruptible power supplies used by networks and data centers worldwide. Two new surveys reveal weaknesses in cybersecurity that stem from human behavior: security teams react too slowly, and most companies say that they’d rather wrestle with their security bugs quietly than have ethical hacking reveal all.


SonicWall News

SonicWall Cyber Threat Report highlights that ransomware attacks doubled in 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This report details a sustained surge in ransomware with 623.3 million attacks globally. Additionally, nearly all monitored threats, cyber-attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking.

SonicWall Threat Intelligence Confirms 981% Increase of Ransomware Attacks in India

EleTimes (India): SonicWall, the publisher of the world’s most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Ransomware, threats, IoT malware, cryptojacking on the rise

IT Brief (Australia): There has been a sustained meteoric rise in ransomware in 2021, with 623.3 million attacks globally, according to new research from SonicWall. The bi-annual 2022 SonicWall Cyber Threat Report showed nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Navigate the unknowns of tomorrow in this must-read report for CISOs, CTOs, and CIOs

IT Wire: What a year. On top of the global pandemic, 2021 brought us 623.3 million ransomware attacks, 60.1 million IoT attacks, 97.1 million cryptojacking attacks, and much more. So much happened that SonicWall viewed 2021 as a turning point in the war on ransomware with increasing recognition from businesses and governments. SonicWall found the number of CEOs who said cybersecurity risks were the biggest threat to short-term growth nearly doubled. In addition, Australia, the United States, Japan, Germany, and other countries passed measures strengthening national cybersecurity.

Officials tighten cybersecurity measures amid potential threats from Russia

News12 Bronx: Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from Sonic Wall, a leading cybersecurity firm. The Colonial Pipeline, Hackensack Meridian Health and the world’s largest meat processing company, KBS, are just some of the corporations that had their files stolen or encrypted and held for ransom, often by cyber-gangs based in Russia.

Report: Ransomware attacks on networks soared in 2021

CSCMP Supply Chain Quarterly: Business leaders are worried about the growing volume of malicious attacks on IT networks, and are especially concerned about supply chain vulnerability in 2022, according to a report from cybersecurity firm SonicWall, released this month. The company’s 2022 Cyber Threat Report tracked a 232% increase in ransomware globally since 2019 and a 105% increase from 2020 to 2021. Ransomware is malware that uses encryption to hold a person or organization’s data captive, so they cannot access files, databases, or applications. According to the report, such attacks were up 98% in the United States last year and 227% in the United Kingdom.

Industry News

The SEC Makes Its Move to Improve Cybersecurity Transparency

In January, SEC Chair Gary Gensler discussed cybersecurity in securities laws with his remarks before the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute. See this Cooly PubCo posting. Gensler said that cyberattacks could have a substantial economic impact on the economy which includes malware, ransomware, denial-of-service, business email compromises and other attacks. Gensler also stated that cyberattacks are a national security problem and reminds us that “cybersecurity is a team sport” with the private sector often at the front lines. The New York Times reported that this has been particularly true in the recent weeks, when “the war in Ukraine stress-tests the system.” According to Renee Jones, Corp Fin Director, today’s events are more severe than ever, escalating cybersecurity risks affecting almost all reporting companies. The SEC’s concerns about cybersecurity disclosure are not new. This week, they released proposed rule changes. If enacted as law, the rules would require up-to-date disclosures about material cybersecurity incidents and tighter reporting on policies, management activity, and company in-house expertise in cybersecurity. Harvard Law School released an assessment about the proposed rule changes, which is recommended reading for managers of public entities.

Ubisoft says it experienced a ‘cyber security incident’

The Verge: Ubisoft, a major game company based in France, says that it experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services, the company reported Thursday. Ubisoft said it believes that “at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident” and says that games and services are now “functioning normally.” Out of caution, the company also “initiated a company-wide password reset.”

Vulnerabilities found in APC power supplies is a warning to ServiceNow administrators

IT World (Canada): Security professionals don’t believe hackers could use an uninterruptible power supply box to bridge a threat to a connected network. The fact is anything connected to the internet can pose a threat. According to this report, three critical firmware flaws were discovered in APC Smart-UPS devices. Security researchers at Armis say cyber attackers could exploit the flaws and damage sensitive devices, such as critical industrial or medical equipment. The bugs, the report says, could be used to hack into corporate IT networks to install malware. Schneider Electric, the manufacturer of APC lines, has developed a patch that administrators must install quickly. According to this report, the ServiceNow platform for IT support is not correctly locking down their systems. A security researcher at AppOmni reported that nearly 70% of ServiceNow instances tested were not correctly configured.

Samsung confirms data breach after hackers leak internal source code

Tech Crunch: Samsung has confirmed that there was a security breach. Hackers obtained nearly 200 gigabytes (including source code) of sensitive data. These include algorithms and technologies for biometric unlocking operations. Lapsus$ hackers – who also infiltrated Nvidia and then published thousands of employee credentials online – claimed responsibility for the breach. The hackers also claimed to have obtained source code from Samsung’s TrustZone environment where Samsung phones perform sensitive operations and maintain algorithms for unlocking biometric security measures.

Security Teams Prep Too Slowly for Cyberattacks

Dark Reading: Attackers often exploit new vulnerabilities in days or weeks. However, defenders take a long time to discover and act on critical issues. According to a new report, it takes defenders 96 days to identify and block cyber threats. Cyber Workforce Benchmark 2022 found that cybersecurity professionals are more inclined to concentrate on security issues that have received media attention, like Log4j, rather than less important ones. Additionally, the report showed that different industries achieve their security capabilities at very different rates. For example, security professionals working in the entertainment, leisure, and retail sectors are usually twice as fast responding to cyber threats as their counterparts in critical sectors such as transport and vital infrastructure. CISA states that security professionals should apply patches within 15 days. However, if the vulnerability is being exploited, it’s better to do so sooner.

Most Orgs Prefer Security Bugs Over Ethical Hackers

Threat Post: New research suggests that organizations are increasingly concerned about security, but they still rely on “security by obscurity.” According to HackerOne’s recent survey data, 65% of surveyed companies said they want to be considered infallible to their customer base. However, 64% said they have a culture that values security by obscurity. In other words, they’d rather wrestle with their security bugs in secret rather than have ethical hackers reveal all their security problems to the public.


In Case You Missed It

Cybersecurity News & Trends – 03-04-22

The 2022 SonicWall Cyber Threat Report found its way into Fitch Ratings this week. The organization is not generally well-known, but it is a well-respected financial ratings firm whose data is highly valued by global investors. SonicWall’s Cyber Threat Report also made it into several other well-known local news outlets and trade publications. In general news, it’s hard to avoid reports about Ukraine. But things seemed to escalate a little when the sometimes-random hacker group known as Anonymous announced a “cyber war” against Russia. Today, Anonymous took credit for a hack of Roscosmos, the Russian space agency and release of confidential data. In other industry news, the Nvidia hack has taken a very unusual turn, Brian Krebs examined the Conti, and beware of eBike phishing.


SonicWall News

Russia/Ukraine War Increases Spillover Risks of Global Cyberattacks

Fitch Ratings: The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with significant financial, reputational and legal risks to issuers. ACCORDING TO SECURITY VENDOR SONICWALL, corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY. In addition, the firm reports a 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%).

Officials Tighten Cybersecurity Measures Amid Potential Threats from Russia

News12 New York: A Russian cyber gang publicly threatened to launch cyberattacks against any country that retaliated against Russia for its invasion of Ukraine. A Team 12 investigation found that this threat should not be taken lightly. But so far, it’s been the Russian hackers who have learned a harsh lesson: cyberwarfare is a two-way street. Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from SonicWall, a leading cybersecurity firm.

Latest Cyberattack on Nvidia Is Just the Tip of The Iceberg

SiliconRepublic: Last week, it was reported that chipmaker Nvidia was investigating a potential cyberattack. The company confirmed yesterday (1 March) that it became aware of a breach on 23 February and that the “threat actor took employee credentials and some Nvidia proprietary information from its systems”. Data was allegedly stolen by ransomware group Lapsus$. The group claims to have files on Nvidia GPU drivers, allowing hackers to turn every Nvidia GPU into a bitcoin mining machine.

According to SonicWall’s VP of Platform Architecture, Dmitriy Ayrapetov, this type of attack is known as cryptojacking. “Cryptojacking victims are usually unaware that their device, whether it be a computer, phone or virtual machine, is being used to mine cryptocurrency,” he said. “The attack has primarily settled into being performed via some executable, whether standalone or part of a larger software package, and is distributed via most common malware distribution methods – malicious emails, attachments, drive-by downloads and, in some cases, embedded cryptojacking browser scripts.”

Why Banks Should Be More Worried About Security

Semiconductor Engineering: Ransomware has emerged as hackers’ top choice for attacking banking systems. In general, ransomware attackers freeze the victim’s operation, demanding money in return for releasing their hold. Last year, the Ryuk ransomware generated $180 million, followed by SamSam with $104 million. Includes chart: “Where ransomware is hitting the hardest”: Source: SonicWall 2022 Cyber Threat Report.

WA Companies Prepare as Threat Of Russian Cyberattacks Increases

Spokesman-Review: Globally, ransomware volume increased 232% in the last two years, according to an annual report from internet security company SonicWall. It reported there were more than 623 million ransomware attacks in 2021. SonicWall found that new types of malware detected also increased 65% year over year.

Manufacturing Is the Most Targeted Sector By Ransomware In Brazil

ZDNet (Brazil): A separate report on cyber threats published by SonicWall earlier this month has found that Brazil is only behind the US, Germany and the UK in ransomware attacks. With over 33 million intrusion attempts in 2021, the country ranked ninth in the same ranking in the prior year, with 3.8 million ransomware attacks.

Industry News

Hacker Collective Anonymous Declares War On Russia

Fortune: The rogue group of hackers known as Anonymous has declared itself to be in “a cyber warfare campaign against Putin & his allies.” Using both Twitter and YouTube, the group urged followers to launch cyberattacks on the country’s websites. The group claims to have already disabled sites, including the state-controlled Russian news agency, the Kremlin’s official site, and Russian internet service providers.

But experts are quick to warn that this is no time to celebrate. Reporters at The Hill warn that while the rest of the world is ramping up sanctions against Russia over its invasion of Ukraine, everyone should be getting ready for retaliation. There is every chance that we will see increased cyber attacks. Right now, the Kremlin won’t risk showing its hand; the most dangerous Russian footholds in US networks require immense resources and time to build, and maximum destructive power comes from using them during a direct conflict with the United States. Moscow won’t burn its best capabilities and anger the United States and its allies. More importantly, exaggerating the threat distracts us from hardening against much more likely Russian assaults that are short of a full cyberwar between the two nations. The New York Times adds that Anonymous’ declared “war” is one where no one is in charge, suggesting chaos in the immediate future for Russia and probable overspill far outside the conflict area.

Anonymous-Linked Group Hacks Russian Space Research Site, Claims to Leak Mission Files

The Verge: In the latest salvo from hacktivists working in support of Ukraine, an Anonymous-linked group has defaced a website belonging to Russia’s Space Research Institute (IKI) and leaked files that allegedly belong to the Russian space agency Roscosmos. As reported by Vice, hackers appear to have breached one subdomain of the IKI website, although other subdomains remain online. The compromised part of the site related to the World Space Observatory Ultraviolet project (WSO-UV), similar to the Hubble Space Telescope and planned for launch in 2025. A popular Twitter account tied to the loosely organized Anonymous movement shared details Thursday morning and attributed the action to a group known as v0g3lSec. Infosecurity Magazine reports that Russia denies the story and warns of a wider war should the attacks continue. Russia has also warned that any cyber-attack on its satellite systems will be treated as an act of war.

Nvidia Hackers Issue One of The Most Unusual Demands Ever

ARS Technica: Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s crown-jewel source code. A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1 TB of data. The group then made the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leaking of stolen data. “We decided to help mining and gaming community,” Lapsus$ members wrote in broken English. “We want [sic] nvidia to push an update for all 30 series firmware that remove every LHR limitations otherwise we will leak [sic] hw folder. If they remove the LHR we will forget about hw folder (it’s a big folder). We both know LHR impact mining and gaming.” PC Magazine also reports that, in the meantime, the hacking group has already dumped a 19 GB archive that allegedly contains source code for Nvidia GPU drivers. The archive also has enough information to help tech-savvy users undermine the Lite Hash Rate limiter.

260,000 Confidential Attorney Discipline Records Published After Data Breach

Orange County Register: On Saturday, a shadowy website removed 260,000 confidential attorney discipline records it had published after a massive data breach at the State Bar of California. An anonymous administrator for judyrecords.com said in a note on the website that the records, as well as others it intended to publish, had been deleted in response to the State Bar’s disclosure of the breach and a subsequent Southern California News Group article. The administrator claims the records had been made publicly available on the State Bar’s discipline website, which is now offline. But the State Bar disputes that contention.

Conti Ransomware Group Diaries, Part III: Weaponry

Krebs On Security: The final chapter to a 3-part examination of the Conti ransomware group. This is highly recommended reading for people who want to stay informed about the evolution of international hacker groups. Part I of this series examined newly-leaked internal chats from the Conti ransomware group and how the crime gang dealt with its internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Finally, in today’s Part III, Krebs looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets and how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Hundreds Of eBike Phishing Sites Abuse Google Ads to Push Scams

Bleeping Computer: A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their data to fake investment schemes impersonating genuine brands. The operation relies on the abuse of Google Ads to draw victims to hundreds of fake websites targeting the Indian audience. The campaign was uncovered by Singaporean security firm CloudSEK, which has shared its report exclusively with Bleeping Computer. According to analysts Ankit Dobhal and Aryan Singh, the campaign has caused financial damages of up to $1 million from tens of thousands of victims.


In Case You Missed It

Cybersecurity News & Trends – 02-25-22

As predicted, cyber-attacks are rising just as the Ukrainian crisis heats up. As a result, news organizations worldwide are quoting the 2022 SonicWall Cyber Threat Report, topping the best first-day launch in the report’s history. The report found itself in the pages of notable publications like The Seattle Times, The Register, The Telegraph, ZDNet, and The Express. In industry news, turmoil in Ukraine highlights a new round of “wiper” attacks. Ukraine also took the unusual step of asking for the hacker underworld to help protect their infrastructure. Also, as it turns out, cybersecurity burnout is a real thing now, Iranian hackers are stealing passwords, and a cyber firm in Beijing says a US hacker group is targeting research organizations in India, Russia, and China.


SonicWall News

Ukraine Hit by DDOS Attacks, Russia Deploys Malware

The Register: Bill Conner, CEO of firewall firm SonicWall, told The Register: “Cyberattacks can be leveraged to cause financial loss, create disruption and misdirection, and in extreme cases take down critical infrastructure. Those are key ingredients for causing unrest in any situation, regardless of the parties involved.”

Boris Johnson Announces Extra Defensive Weapons Are Being Sent To Ukraine

The Telegraph (UK): Cyberattacks could be used as a “key ingredient” to prompt unrest amid the current diplomatic crisis around the escalating situation in Ukraine, a former adviser to GCHQ has said. Bill Conner, the SonicWall chief executive and former advisor to GCHQ, said such activity can be leveraged to “cause financial loss, create disruption and misdirection, and in extreme cases take down critical infrastructure.”

SonicWall Cyber Threat Report Highlights That Ransomware Attacks Doubled In 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Additionally, nearly all monitored threats, cyber-attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking.

SonicWall: Ransomware Attacks Increased 105% In 2021

Tech Target: Cybercriminals are becoming bolder and more prolific in developing and deploying ransomware attacks. According to researchers at SonicWall, who said in its annual threat report that ransomware attacks over the last year have grown by an eye-watering 105%, with 20 attacks being attempted every second.

SonicWall Threat Intelligence Confirms 981% Increase of Ransomware Attacks in India

Ele Times (India): SonicWall, the publisher of the world’s most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Report: Ransomware, Attacks on Networks Soared In 2021

DC Velocity: Business leaders are worried about the growing volume of malicious attacks on IT networks, and are especially concerned about supply chain vulnerability in 2022, according to a report from cybersecurity firm SonicWall, released this month. The company’s 2022 Cyber Threat Report tracked a 232% increase in ransomware globally since 2019 and a 105% increase from 2020 to 2021. Ransomware is malware that uses encryption to hold a person or organization’s data captive, so they cannot access files, databases, or applications. According to the report, such attacks in the US were up 98% last year and up 227% in the UK.

Security Spend to Reach $1 Billion In Brazil In 2022

ZDNet: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks. According to the SonicWall report, Brazil stands out regarding the number of malware attacks. In this category, attacks in Brazil increased over 61% in 2021, with 210 million attacks in 2021, compared to approximately 130 million seen in the prior year.

Companies Prepare as Threat of Russian Cyberattacks Increases

Seattle Times: According to an annual report from internet security company SonicWall, ransomware volume increased 232% in the last two years. It reported there were more than 623 million ransomware attacks in 2021. SonicWall found that new types of malware detected also increased 65% year over year.

Washington Companies Prepare as Threat of Russian Cyberattacks Increases

The Chronicle: As major American businesses prepare for possible Russian-led cyberattacks, some Northwest information security experts raise the alarm while others argue many companies are already prepared. According to a new report from SonicWall, ransomware volume increased 232% in the last two years. The annual report also reported more than 623 million ransomware attacks in 2021. In addition, new types of malware detected also increased 65% year over year.

Weekly Threat Report 18th February 2022

National Cyber Security Center (UK): Ransomware attacks more than doubled in 2021. According to an analysis by researchers at SonicWall, the volume of ransomware attacks rose by 105% in the last year. A total of 623.3 million attempted incidents were recorded in 2021.

22 Very Bad Stats on The Growth Of Phishing, Ransomware

Venture Beat: The report comes after several major cybersecurity firms had released data on just how bad things got last year when it came to cyberattacks. For instance, SonicWall reported that the total number of ransomware attacks more than doubled in 2021 — jumping 105% during the year compared to 2020. CrowdStrike, meanwhile, disclosed that data leaks related to ransomware surged 82% in 2021, while the average ransom demand grew 36% to $6.1 million.

Britons Hit By Terrifying Crypto Crime Surge – Attacks Up More Than 500 Percent

Daily Express (UK): A new form of cybercrime, which sees hackers hijack online devices to steal and mine crypto, has become increasingly common worldwide. According to SonicWall, global crypto-jacking crimes rose by almost one-fifth to 91.7 million cases. In the UK, attacks have skyrocketed by 564 percent, rising from less than 66,000 in 2020 to over 436,000 in 2021.

Industry News

New Destructive Malware Used in Cyber Attacks on Ukraine

Security Intelligence: IBM’s Security X-Force reported a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. Analysts obtained a sample of the wiper named HermeticWiper. It uses a benign partition manager driver (a copy of empntdrv.sys) to perform its wiping capabilities corrupting all available physical drives’ Master Boot Record (MBR), partition, and file system (FAT or NTFS). This is not the first wiper malware targeting Ukrainian organizations X-Force has analyzed. For example, in January 2022, X-Force analyzed the WhisperGate malware and did not identify any code overlaps between WhisperGate and HermeticWiper. Several other outlets also reported and expanded this story, including The GuardianHelp Net SecurityBBC, and ZDNet.

Ukraine Asks For S Korea Cybersecurity Aid Amid Russia Invasion

Reuters: Top Ukraine security officials in the Republic of Korea (South Korea) said on Friday that his country is requesting Seoul’s assistance in boosting its cybersecurity capability to defend against Russian attacks. As missiles pounded the Ukrainian capital and Russian forces pressed their advance after launching attacks on Thursday, Kyiv asked for more help from the international community. Dmytro Ponomarenko, Ukraine’s ambassador-designate to South Korea, said the websites of the country’s governmental institutions were suffering from Russian attacks. A global cybersecurity firm has also noted that a newly discovered piece of destructive software circulated in Ukraine and has hit hundreds of computers, part of what was deemed an intensifying wave of hacks aimed at the country. Reuters also reports that Ukraine has also asked for help from the hacker underground community to protect critical infrastructure and conduct cyber spying missions against Russian troops, according to two people involved in the project.

Hacker Collective Anonymous Declares ‘Cyber War’ Against Russia, Disables State News Website

ABC News (Australia): Hacker collective Anonymous has disabled several Russian government websites, including the state-controlled Russia Today news service. They had launched cyber operations that briefly took down Russia Today (RT.com) and the websites of the Kremlin, the Russian government, and the Russian defense ministry websites. Russia Today confirmed the attack, saying it slowed some websites down while taking others offline for “extended periods of time.” According to the news outlet, Russia Today’s coverage of the situation in Ukraine has been overwhelmingly from a pro-Russian perspective, showing fireworks and cheerful celebrations in the newly occupied territories.

Cybersecurity Burnout Is Real and It’s Going to Be A Problem For All Of Us

ZDNet: Employers are already facing something of a dilemma when it comes to cybersecurity in 2022. Not only is the number of attempted cyberattacks escalating worldwide, but employers face the added pressure of a tightening hiring market and record levels of resignations that are also affecting the tech industry. The talent battle has already hit cybersecurity particularly hard. According to a survey of more than 500 IT decision-makers by threat intelligence company ThreatConnect, 50% of private sector businesses already have gaps in their company’s fundamental, technical IT security skills. What’s more, 32% of IT managers and 25% of IT directors are considering quitting their jobs in the next six months – leaving employers open to a cacophony of issues across hiring, management, and IT security. And as ZDNet observes, cybersecurity is challenging work, so beware of staff burnout.

Cyberattacks Could Soon Strike the West

Fortune Magazine: Russia is home to some of the world’s most infamous criminal hackers, some of them state-sponsored, so are broader and stronger cyberattacks coming? And could they hit the West? “I think the risk right now is high and rising,” said Derek Vadala, chief risk officer at the US cyber risk rating firm BitSight. He warned that Western companies should ensure their systems are patched against known vulnerabilities. The UK’s National Cyber Security Centre, a division of the GCHQ spy agency, advised Tuesday that British organizations should “bolster their online defenses” as “there has been a historical pattern of cyberattacks on Ukraine with international consequences.” THIS WEEK, the US Department of Homeland Security also launched a “shields up” drive for critical infrastructure against possible Russian actions. They also warned that all US companies are at risk.

Iranian Hackers “Tools” Steal Passwords and Deliver Ransomware

ZDNet: Hackers linked to the Iranian Ministry of Intelligence and Security are exploiting a range of vulnerabilities to conduct cyber espionage and other malicious attacks against organizations worldwide, a joint alert by US and UK authorities has warned. The advisory issued by the FBI, CISA, the US Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) says an Iranian government-sponsored advanced hacking operation known as MuddyWater is going after a wide range of targets.

US Group Hacked Top Research Institutes in India, Russia And China, Says Beijing Cyber Firm

The Hindu (India): A new report from a Beijing-based cybersecurity firm said hackers linked with the US National Security Agency (NSA) were found to have inserted “covert backdoors” that may have given them access to sensitive information in dozens of countries, including India, Russia, China and Japan. Among the reportedly compromised websites listed in the report were those linked to one of India’s top microbial research labs —the Institute of Microbial Technology (IMTech) under the Council of Scientific & Industrial Research — as well as the Indian Academy of Sciences in Bengaluru. In addition, websites linked to the Banaras Hindu University were also hacked into. The Beijing-based cybersecurity firm Pangu Lab released a technical report explaining how it had found the backdoors and attached it to “unique identifiers in the operating manuals of the NSA” that had come to light in the 2013 leak of NSA files by insiders.


In Case You Missed It

 

Cybersecurity News & Trends – 02-18-22

Lots of big news today. SonicWall’s upcoming Boundless 2022 global virtual event continues to rack up record registrations. See the video here and visit this page to register. Then there’s the release of the 2022 SonicWall Cyber Threat Report, which had the best first-day launch in its history. Attention garnered by the annual report toppled all previous company records. In industry news, turmoil in Ukraine ratchets up cyber threat fears, Iranians targeting VMWare, hackers targeting US defense contractors, hackers breaking into Microsoft Teams, and much more.


SonicWall News

There’s A Huge Surge In Hackers Holding Data For Ransom

Fortune Magazine: Governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021, according to the 2022 Cyber Threat Report released Thursday by SonicWall, an internet cybersecurity company. According to the report, ransomware also rose 104% in North America, just under the 105% average increase worldwide.

Britain Should Never Seek A ‘Special Relationship’ With The EU, Says Lord Frost

The Telegraph (UK): UK ransomware climbed by 227 percent last year, the just-published SonicWall Threat Report also shows, while attempted cyberattacks also reached a record high.

SonicWall CEO On Ransomware: Every Good Vendor Was Hit In Past 2 Years

The Register: Public and private sectors are under attack as malware evolution accelerates. SonicWall’s annual cyber-threat report shows ransomware-spreading miscreants are making hay and getting quicker at doing so.

Why The Cloud Is A No-Brainer For Startups

Maddyness (UK): The global spike in ransomware due to the pandemic is alarming; according to the SonicWall Cyber Threat Report, there has been a 62% increase in ransomware globally.

Report Finds IoT Malware Attacks Targeting Routers On The Rise

CEPro: Research by SonicWall finds that ransomware attacks more than doubled last year, but IoT malware threats and cybersecurity attacks also continued to climb, hitting 60.1 million such attacks in 2021, the highest number ever recorded by the company in a single year.

Ransomware Attacks Surged 2X In 2021, SonicWall Reports

Venture Beat: new data released today by cybersecurity vendor SonicWall reveals that the total number of ransomware attacks more than doubled in 2021 — jumping 105% during the year compared to 2020.

SonicWall: Ransomware Attacks Increased 105% In 2021

TechTarget: According to researchers at SonicWall, who said in its annual threat report that ransomware attacks have grown by an eye-watering 105% over the last year, with 20 attacks being attempted every second.

Cybercriminals Target Retail With 264% Surge in Attacks

Charged Retail Tech News (UK): Cybercriminals have targeted the retail sector over the past 12 months, with a 264% surge in ransomware attacks on eCommerce and online retail businesses.

Over 620 million Ransomware Attacks Detected in 2021

InfoSecurity: According to SonicWall, corporate IT teams were faced with a triple-digit (105%) growth in ransomware attacks last year to over 623 million.

Threat Actor Adds New Marlin Backdoor to Its Arsenal

InfoRisk (UK): The massive amount of malware strains that cybercriminals can leverage today enables them to “concoct new cocktails capable of thwarting both past and present security systems,” Bill Conner, CEO and president of cybersecurity firm SonicWall, says.

Crypto Crime: UK’ Crypto Jacking’ Attacks Jump 564 Percent in One Year

City AM (UK): Global ransomware attacks doubled to 623m incidents in 2021, with some 91.7m crypto-jacking incidents taking place, up by almost a fifth compared to the previous year, according to a new report from cyber security company SonicWall.

Ransomware Attacks More Than Doubled Last Year

ZDNet: According to an analysis by cybersecurity researchers at SonicWall, the volume of attempted ransomware attacks targeting their customers rose by 105% in 2021 to a total of 623.3 million attempted incidents throughout the year.

Ransomware Data Leaks Saw Major Surge In 2021

ITProPortal: A separate report from SonicWall said that, for the first three quarters of 2021, attempted ransomware attacks grew 148 percent, year-on-year. At the same time, the average ransom demand rose 36 percent to $6.1 million.

Report: Pretty Much Every Type Of Cyberattack Increased In 2021

Planet Storyline: SonicWall’s 2022 Cyber Threat Report has come to some alarming, but likely unsurprising, conclusions: Pretty much every category of cyberattack increased in volume throughout 2021.

Ransomware Attacks Surged 2X In 2021, SonicWall Reports

TECHIO: In the latest indicator of just how severe the ransomware problem became last year, new data released today by cybersecurity vendor SonicWall reveals that the total number of ransomware attacks more than doubled in 2021 – jumping 105% during the year compared to 2020.

Cyberattacks Increased In 2021

TechRepublic: The only category to decrease was malware attacks, but SonicWall said in its report that even that number was deceptive.

Ransomware Attacks Increase 105% In 2021, SonicWall Report Finds

TechDecisions: SonicWall’s Cyber Threat Report reveals that ransomware volume has exploded over the last two years, rising 232% since 2019.

Breaking Comments On Red Cross Cyber Attack

Information Security Buzz: It’s been confirmed the Red Cross cyber attack was the work of nation-state actors. SonicWall’s latest report, released today, confirms this is not a standalone development, revealing a +1885% and +755% of ransomware attacks on the global government and healthcare sectors, respectively.

Ransomware Attacks Are Rising at An Unprecedented Rate

HotHardware: The ransomware threat is rising at an alarming rate, and a new report by SonicWall fleshes out the picture. 2020 alone saw 304 million ransomware attacks. As if that wasn’t enough, the doubling of ransomware attacks in 2021 over 2020 amounts to a total of 623 million ransomware attacks globally in 2021. Together, these two years represent a 232% rise in the volume of ransomware attacks since 2019.

SonicWall Research: Hackers Attempted 623M Ransomware Attacks in 2021

MSSP Alert: Nearly all monitored threats, cyberattacks and malicious digital assaults increased in 2021, according to the 2022 SonicWall Cyber Threat Report.

Healthcare Sector Saw The Largest Increase In IoT Malware Attacks In 2021

SCMagazine: The healthcare sector saw the largest increase in target IoT malware attacks in 2021, according to the latest annual SonicWall Cyber Threat Report. Compiled from data collected from 1.1 million global sources, researchers saw a 71% increase in IoT malware against healthcare clients.

105% Increase Seen in Global Ransomware Attacks, Reports SonicWall

ReadITQuik: The 2022 SonicWall Cyber Threat Report is now out, announced SonicWall. The report identified a 167% year-over-year increase in encrypted threats, a 6% volume rise in IoT malware, totaling 60.1 million hits by year’s end, as well as a ransomware volume rise of 232% since 2019.

SonicWall Releases New Cyber Threat Report 2022

Infopoint Security (De): SonicWall today released their annual Cyber ​​Threat Report for 2022. As the bi-annual report shows, ransomware attacks have increased significantly, with 623.3 million attacks worldwide.

Alarming Rise in Ransomware And Malicious Cyberattacks, With Threats Doubling In 2021

AAS (De): Over 623 million ransomware attacks worldwide – a whopping 105% increase + ransomware attacks up 232% since 2019 + ransomware up a whopping 98% in US and UK respectively.

Industry News

US Companies Warned to Prepare for Russian Cyber Attacks

Defense One: US companies, particularly in the defense industry, should be prepared for an increase in cyberattacks aimed at stealing data or disrupting operations due to new aggressive Russian activity aimed at Ukraine, a top Department of Justice official said on Thursday. The remarks come one day after a recent alert from the FBI, National Security Agency, and the Cybersecurity and Infrastructure Security Agency, or CISA, warning that Russian hackers had hit defense contractors and were likely to continue their attempts.

Ukraine Cyberattack Is Largest of Its Kind In Country’s History, Says Official

CNN: A high-volume cyberattack that temporarily blocked access to the websites of Ukrainian defense agencies and banks on Tuesday was “the largest [such attack] in the history of Ukraine,” according to a government minister. Speaking at a press conference Wednesday, Ukrainian Minister of Digital Transformation of Ukraine Mykhailo Fedorov added that it is too early to tell who was responsible for the attack. However, officials said the distributed denial of service (DDoS) attack — which bombarded Ukrainian websites with phony traffic — was coordinated and well planned.

Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

The Hacker News: A “potentially destructive actor” aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group “TunnelVision” owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten.

Russian Hackers Have Targeted Defense Contractors to Steal Sensitive Data

Gizmodo: US Intelligence authorities say that a multi-year hacking campaign has resulted in sensitive IT information being stolen from Pentagon-linked defense contractors and subcontractors. According to the report, the goal is to steal sensitive data and information using spear phishing, brute force attacks, credential harvesting, and other typical intrusion techniques. The purpose of the hacking campaigns appears to have been to acquire “sensitive information” about things like US weapons and missile development, intelligence, surveillance, and reconnaissance capabilities, vehicle and aircraft design, and command, control, and communications systems, officials said.

Hackers Circulate Malware by Breaking Into Microsoft Teams Meetings

PC Magazine: Hackers have been spotted infiltrating Microsoft Teams meetings to circulate malware to unsuspecting users. Last month, email security provider Avanan noticed the attacks, which involve hackers dropping malicious executable files on Microsoft Teams through in-session chats. “Avanan has seen thousands of these attacks per month,” the company warned in a Thursday report. The hackers are likely infiltrating Microsoft Teams after first compromising an email account belonging to an employee. The email account can then be used to access Teams meetings at their company. Also reported by Bleeping Computer, if you are one of the 270 million people who use Microsoft Teams every day, it may be time to make sure your account is locked down. Part of the onus here does fall on Microsoft, too. Teams isn’t precisely feature-rich when it comes to security and scanning files for malicious content. The ability for guests and other temporary users to share files also poses a security risk, though that isn’t necessarily how the hackers spread this particular malware.


In Case You Missed It