Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.
It’s St. Patrick’s Day today, so we hope you’re protecting yourself by wearing green. We also hope you’re protecting yourself from cybercriminals by staying up to date with the latest threat intelligence, such as the 2023 Cyber Threat Report.
In industry news, Hacker News has the lowdown on a new AiTM phishing campaign and a phony ChatGPT extension causing trouble for Chrome users. Bleeping Computer reported on a new attack developed for air-gapped computers. The folks at Dark Reading have the scoop on AI-created YouTube videos spreading malware. TechCrunch and Vice dive into details on a potential breach at video surveillance company Ring.
Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.
SonicWall News
HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.
TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.
MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.
Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.
CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.
Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.
Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.
InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.
MSN, SonicWall News: Bob Vankirk, CEO of SonicWall, said: “The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance. While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”
IT Pro, SonicWall News: State-sponsored threat actors are increasingly shifting their focus towards SMBs and smaller enterprises, according to new research. While large enterprises, public services, and critical national infrastructure have traditionally been key targets for state-sponsored threat actors, SonicWall’s 2023 Cyber Threat Report predicted that groups will ‘diversify’ their tactics in 2023 to target SMBs and a “broader set of victims.”
Utah Pulse, SonicWall News: SonicWall reports a 328% YoY increase in healthcare ransomware attacks in 2022, and healthcare and education are expected to be among the most targeted sectors in 2023. The expanding IoT footprint in these sectors is predicted to make them more vulnerable to digital attacks, increasing the risk to critical infrastructure.
CRN, SonicWall News: Key offerings from SonicWall in the realm of next-generation firewalls include the SonicWall NSa 5700, which utilizes a scalable hardware architecture designed to fit in a single rack-mountable unit. The high port density of the NSa 5700 includes multiple 10-Gigabit Ethernet and 1-Gigabit Ethernet fiber and copper interfaces.
CRN, SonicWall News: One of the biggest opportunities we will be tackling with our partners is providing a broader set of unified and cost-effective solutions that fully secure the evolving network perimeter. For many of our partners and customers, 2023 will represent a period of cautious and informed investment in IT and security – customers will demand more bang for their security buck.
Industry News
Ring Refuses to Reveal Truth About Russian Ransomware Rush
A Russian ransomware gang has claimed to have breached the Amazon-owned video security company Ring. The ransomware gang, known as ALPHV, has so far failed to provide evidence of the supposed breach, and Ring has remained tight-lipped concerning the matter. A Ring spokesperson did tell TechCrunch that they had no indications of a ransomware attack but declined to comment on whether or not they had the ability to see if data had been exfiltrated from their networks. Ring did tell Vice that they were aware of a potential incident with a third-party vendor, but they didn’t say the name of the vendor. Ring said the vendor did not have access to customer records.
Researchers Utilize Computer Speakers and Smartphone Microphone to Steal Data
At Korea University in Seoul, South Korea, researchers have recently discovered that a new channel attack called CASPER is capable of transferring data from air-gapped computers to a microphone through the air. An air-gapped computer is a computer that is not physically capable of connecting to an external network or device, so this development could be concerning for those using air-gapped computers to store their most sensitive data. The attack utilizes the computer’s internal speakers to emit a high-frequency soundwave that cannot be heard by human ears but can be detected by microphones – including a smartphones microphone – up to 1.5 meters away. The high-frequency audio transfers data using binary or morse code at a rate of 20 bits per second. Similar attacks have been seen previously, but those attacks utilized external speakers. Air-gapped computers typically don’t have external speakers, but they do usually still have internal speakers to emit sounds such as boot-up beeps or other information-conveying beeps. While this type of attack may seem far-fetched, Bleeping Computer states that such attacks have been successfully carried out in the past, such as the Stuxnet worm targeting Iran’s nuclear enrichment facility and others. The malware utilized in this attack can target specific files in the system from hardcoded lists, and it can exfiltrate the data from those files. The malware could also be used for keylogging. The university researchers did share ways to defend against such an attack, with the simplest method being to simply remove internal speakers from any air-gapped computers.
Microsoft Alerts Users to Millions of Phishing Emails Being Sent Out Daily
An increasing amount of cybercriminals are using an adversary-in-the-middle (AiTM) phishing kit to steal the passwords and cookies of users around the world. In an AiTM phishing attack, threat actors usually place a proxy server between the user and the website, and the proxy server is where the theft takes place. According to Hacker News, these attacks can be more effective because they’re able to get around things like multi-factor authentication (MFA) and time-based one-time passwords (TOTPs). The Microsoft Threat Intelligence team is monitoring the situation and tracking the cybercriminals who are orchestrating the attack. The threat actors developing the phishing kit are known as DEV-1101, and they are responsible for multiple phishing kits on the dark market. Microsoft has seen millions of phishing emails per day from the threat actors who have purchased the kit from DEV-1101. Organizations should consider phishing-resistant authentication methods to help thwart this type of attack.
Phony ChatGPT Chrome Extension Steals Facebook Accounts
A fake ChatGPT browser extension is making its way around Chrome, and it has the ability to take over Facebook accounts and even create administrator accounts. The goal of the extension is apparently to hijack high-profile Facebook business accounts and then run paid advertisements on the dime of the businesses. Google pulled the extension, named “Quick access to ChatGPT”, on March 9, 2023, but it amassed 2,000 installations per day in its short time on the Chrome Web Store. According to Hacker News, the viral success of OpenAI’s ChatGPT has led threat actors to capitalize by creating fraudulent apps and extensions. Users must be wary of the sources of the extensions and apps they choose to install.
YouTube Videos Created by AI Fake Tutorials, Spread Malware
Artificial intelligence is being used to create YouTube videos that use an infostealer malware to find users personal data on their devices. These videos are posed as tutorials for programs like Photoshop, AutoCAD, Premier Pro and more. Dark Reading states that security researchers have determined that cybercriminals are using programs like Synthesia and D-ID to produce phony personas that are intended to exude a sense of trustworthiness with users all around the world. It’s currently unclear how large of an impact these videos are having on cybercrime as a whole, but it’s yet another example of artificial intelligence being used in a nefarious way.
SonicWall Blog
SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff
Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk
Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff
Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff
New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan
SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald
SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald
Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang
Celebrating 2023 With Expanded “3 & Free” – Matt Brennan
The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman
Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah
SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald