Posts

The RSA Report: The Road to RSA

Right now, the Moscone Center is quiet. But in less than a week, the area will be abuzz with activity as San Francisco hosts RSA Conference 2023. Regarded as the preeminent cybersecurity convention, RSAC 2023 is expected to draw an estimated 45,000 attendees, including cybersecurity professionals, IT leaders … and, of course, vendors such as SonicWall.

What SonicWall Has in Store for RSAC 2023

During the conference, key members of SonicWall’s executive team, along with other SonicWall cybersecurity experts, will be on hand for one-on-one meetings and company briefings. There will also be live demos on cloud-managed security and hybrid workforce security, along with presentations on everything from ransomware and zero-day threats to protecting your mobile workforce and the findings of the 2023 SonicWall Cyber Threat Report.

Here’s the full schedule of SonicWall presentations:

Tuesday, April 25
10:30 AM — What is Boundless Cybersecurity?
11:00 AM — On the Frontlines: Defending Against Zero-Day Threats
11:30 AM — Inside the Intel: 2023 SonicWall Cyber Threat Report
12:00 PM — Detect & Stop Ransomware
12:30 PM — Network Security Under One Cloud Manager
1:00 PM — How to Enhance Hybrid Workforce Security
1:30 PM — What is Boundless Cybersecurity?
2:30 PM — On the Frontlines: Defending Against Zero-Day Threats
3:00 PM — Inside the Intel: 2023 SonicWall Cyber Threat Report
3:30 PM — Detect & Stop Ransomware
4:00 PM — Network Security Under One Cloud Manager
4:30 PM — How to Enhance Hybrid Workforce Security
5:00 PM — What is Boundless Cybersecurity?
5:30 PM — Inside the Intel: 2023 SonicWall Cyber Threat Report

Wednesday, April 26
10:30 AM — What is Boundless Cybersecurity?
11:00 AM — On the Frontlines: Defending Against Zero-Day Threats
11:30 AM — Inside the Intel: 2023 SonicWall Cyber Threat Report
12:00 PM — Detect & Stop Ransomware
12:30 PM — Network Security Under One Cloud Manager
1:00 PM — How to Enhance Hybrid Workforce Security
1:30 PM — What is Boundless Cybersecurity?
2:30 PM — On the Frontlines: Defending Against Zero-Day Threats
3:00 PM — Inside the Intel: 2023 SonicWall Cyber Threat Report
3:30 PM — Detect & Stop Ransomware
4:00 PM — Network Security Under One Cloud Manager
4:30 PM — How to Enhance Hybrid Workforce Security
5:00 PM — What is Boundless Cybersecurity?
5:30 PM — Inside the Intel: 2023 SonicWall Cyber Threat Report

Thursday, April 27
10:30 AM — What is Boundless Cybersecurity?
11:30 AM — Inside the Intel: 2023 SonicWall Cyber Threat Report
12:30 PM — Detect & Stop Ransomware
1:30 PM — How to Enhance Hybrid Workforce Security
2:30 PM — Network Security Under One Cloud Manager

Keynotes, Sessions and Other Can’t-Miss Events

But you (probably) won’t be going to RSA just to cruise the expo floor. There will also be more than 30 keynote presentations to choose from, in addition to countless expert-led sessions and training courses. We’ve jam-packed our schedule to bring you recaps of as many of the best ones as possible, offering an overview of the trending topics and compelling commentary that you can experience from anywhere.

Here’s a look at some of the issues taking center stage at RSA 2023:

National Security: Sessions such as “The National Cyber Strategy as Roadmap to a Secure Cyber Future,” “State of the Hack 2023: NSA’s Perspective” and “Cybersecurity Thinking to Reinvent Democracy” will explore the relationship between cybersecurity and governance, with a focus on the global cybercrime capital: The United States.

Ransomware: As we explored in the 2023 SonicWall Cyber Threat Report, ransomware is more dangerous than ever — and sessions such as “Preparing and Defending OT Systems from Ransomware,” “Ransomware: From the Boardroom to the Situation Room” and “Negotiating with Terrorists: The High-Stakes Game of Ransomware Response” examine these devastating attacks from a variety of angles.

Supply Chain: Whether in terms of product shortages or as an attack vector, the global supply chain continues to be a hot topic. “Software Supply Chain: Panel on Threat Intel, Trends, and Mitigation Strategies,” “The World in Crisis: Prepare for Extreme Events via Supply Chain Resilience,” and “Hacking Exposed: Next-Generation Tactics, Techniques and Procedures” will explore how threat actors use trusted supply chains as a back door into businesses, even those that are otherwise well-secured.

AI and Automation:  Over the past year, the potential (and the perils) of AI have come to the fore. In “CatPhish Automation: The Emerging Use of AI in Social Engineering,” “Defending at Machine Speed: Technology’s New Frontier” and “Chat GPT: A New Generation of Dynamic Machine-Based Attacks,” attendees will learn more about what AI is capable of … for better or for worse.

The Future: Without forward-looking strategy, organizations are doomed to be always fighting the last battle. In sessions like “Security in 2023 and Beyond: Automation, Analytics and Architecture” “Combating Evolving Cyber Threats: Leading with Disruption” and “The Next 50 Years with Michio Kaku,” keynote speakers discuss the future of threats, of networks and of the world itself.

With so many things to learn and do, RSAC 2023 promises to be one of the best yet. But if you haven’t already done so, be sure to claim your free expo pass or book your meeting with one of SonicWall’s experts soon: There are only six days left ‘til we see you in San Francisco!

Cybersecurity News & Trends – 04-14-2023

Today is National Reach As High As You Can Day, and SonicWall is still reaching high points in the headlines. Zawya (UAE) cited the 2023 Cyber Threat Report, noting a 14% drop in malware attacks for the UAE during 2022. The San Francisco Examiner and Unleashed included quotes from the threat report citing SonicWall ransomware data.

In industry news, TechCrunch has the lowdown on U.S. intelligence leaks from an Air National Guardsman. Dark Reading provided details on Microsoft’s uncovering of an Israel-based Private-Sector Offensive Actor (PSOA). The Yum! Brands breach was broached by Bleeping Computer. Hacker News covered the malware debacle at WordPress and a Russia-linked hacker gang carrying out a cyber espionage campaign.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, Ransomware-as-a-Service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

FBI warning: Don’t use public phone charging stations

San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, Ransomware-as-a-Service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

UAE residents can insure phones, other gadgets against cyberattacks, economic losses

Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Hackers Are Cashing in With Hijacked IP Addresses

TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.

Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report — due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report, the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

Industry News

US National Secrets Leaked by Air National Guardsman in Discord Server

A 21-year-old member of the Massachusetts Air National Guard has been identified as the person responsible for leaking classified government and military intelligence on a private Discord server. Attorney General Merrick Garland stated, “Today the Justice Department arrested Jack Douglas Teixeira in connection with an investigation into alleged unauthorized removal, retention and transmission of classified national defense information.” Teixeira originally leaked the documents solely to the private server, but the documents later appeared in several other Discord servers including a large Minecraft server with thousands of members. The intelligence included sensitive information about the war in Ukraine and much more. It was making the rounds on Discord for months before the proper authorities caught on. Teixeira will soon have his first court appearance in the U.S. District Court for the District of Massachusetts.

Microsoft Catches Israel-based Threat Group Selling Mobile Spyware

Threat intelligence researchers at Microsoft stated this week that a threat group they’ve been tracking as DEV-0196 is actually a Private-Sector Offensive Actor (PSOA) known as QuaDream. QuaDream, which is based in Israel, sells a malicious software suite called REIGN to governments around the world. REIGN consists of malware, exploits and a mobile data exfiltration tool. According to Dark Reading, the actions of the group have been in-line with another Israel-based threat group known as NSO group. NSO group has been blacklisted for peddling the Pegasus iOS spyware to hostile governments. Oddly, QuaDream does not have a website, but they have allegedly been active since 2016. A winter 2022 report from Meta claimed QuaDream was performing tests to exfiltrate data from both Android and iOS devices. The software QuaDream is selling utilizes zero-click exploits which can be difficult to protect against. The Microsoft researchers recommended following basic cyber hygiene practices to minimize risks.

Yum! Brands Discloses Data Breach

Fast food giant Yum! was the victim of a data breach in mid-January. The KFC, Pizza Hut and Taco Bell brand owner has started sending out notifications to some individuals whose personal information was stolen. The notifications disclosed that the names, driver’s license numbers and other ID numbers of some persons had been stolen by the attackers. According to Bleeping Computer, Yum! temporarily shut down approximately 300 restaurants in the United Kingdom as a result of the attack. No customer information was stolen during the attack. All of the stolen personal information belonged to employees of Yum! Brands. The total number of affected individuals is unknown at this time.

Russian Hacker Gang Linked to Espionage Effort

A Russia-linked hacker gang named Nobelium has been linked to attacks on foreign ministries and diplomatic entities in multiple NATO, European Union and African nations. The connection to Nobelium was made when Polish intelligence agencies noticed similarities between the group carrying out these attacks and the group that carried out a major attack on SolarWinds in 2020. The Polish agencies noted that Nobelium is using both new and old tools to carry out these attacks. Hacker News stated that the attacks typically begin with spear-phishing emails to diplomats disguised as invitations to meetings. If the victim opens the included booby-trapped PDF file, an HTML dropper is deployed and releases multiple previously unknown malware strains onto the victim’s device.

WordPress Hit by Balada Injector Malware Campaign

A malware campaign has infected more than a million WordPress websites with a malware that redirects visitors to scam sites. The campaign was designed to deploy a malicious program called Balada Injector. The malware targets vulnerabilities in outdated plugins and themes, and it’s been active on WordPress since 2017. The threat actors initiate the attacks, and once the attackers successfully infiltrate the sites, they then insert malicious JavaScript code that redirects visitors to fake tech support sites, fake CAPTCHA pages and more. Hacker News stated that the attacks usually come in waves once every few weeks. Researchers warned that the malware could expose visitors to more nefarious threats, such as identity theft and ransomware.  All WordPress site owners have been advised to update their themes and plugins to the latest versions.

SonicWall Blog

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Cybersecurity News & Trends – 04-06-2023

April is fully underway, and SonicWall has continued to captivate media. American Security Today cited data from the 2023 Cyber Threat Report while DL News and TechNewsWorld quoted SonicWall’s senior manager of product security, Immanuel Chavoya.

In industry news, Dark Reading has a story on a security researcher tricking ChatGPT into creating an undetectable malware tool. TechCrunch provides insight into the Western Digital data breach. Hacker News breaks down Operation Cookie Monster and the fall of Genesis Market. Bleeping Computer dives into details on an IRS-approved tax software spreading malware.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Hackers Are Cashing in With Hijacked IP Addresses

TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.

Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

2023 Could Be the Biggest Ever Year for Cybercrime

TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.

Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022

MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Cybercrime Spiked In 2022 — And This Year Could Be Worse

Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.

Industry News

ChatGPT Tricked into Creating Undetectable Malware

Every time we think OpenAI’s ChatGPT has hit a wall, something new happens and makes us reassess its potential – for both good and evil. This week, a security researcher has somehow fooled ChatGPT’s anti-malicious-use protocols and convinced the artificial intelligence to create an undetectable steganography malware. According to Dark Reading, the researcher had zero experience writing malware. The user simply coaxed ChatGPT into performing multiple simple prompts that eventually resulted in an undetectable malicious tool that can search devices for specific documents and then export them to Google Drive. The researcher pointed out that the exploit ChatGPT created is not new, so don’t be overly concerned just yet. It’s still incredible that the chatbot was able to produce this piece of malware in approximately four hours. When the researcher put the tool into Virus Total, only five vendors out of 60 flagged the tool as suspicious. He asked ChatGPT to tweak the code, and, after several tweaks, zero vendors in Virus Total flagged the tool as suspicious. The reality is that AI’s will only get better at producing malicious tools. Fortunately, there are just as many people working to produce AI’s that can detect malicious codes, such as SonicWall’s own Real-Time Deep Memory Inspection (RTDMI).

Western Digital Loses Data to Hackers

California-based data storage company Western Digital experienced a network security incident last week that resulted in stolen data. On Monday, Western Digital announced that threat actors had infiltrated multiple company systems. As soon as they realized that this was going on, they brought in outside security and forensic experts to assess the situation. The investigation is still in the preliminary stages, so the full extent of the damages may not be known for some time. The company did say this may cause disruptions to business operations as they press forward. According to TechCrunch, no known threat actor group has taken credit for the breach as of yet.

FBI Arrests 119 Cybercriminals Linked to Genesis Market

Genesis Market, a dark web market known for selling stolen credentials, has been dismantled in an effort involving authorities from 17 countries. The bust led to 119 arrests and 208 searches in 13 countries. Genesis Market was created in early 2018 and quickly became a cybercriminal haven. The multi-country operation to take it down was codenamed “Operation Cookie Monster.” According to Hacker News, Genesis Market had over 80 million illegally acquired credentials listed for sale. The credentials were linked to email addresses, bank accounts, social media accounts and more. Genesis Market also sold device fingerprints to help cybercriminals skirt anti-fraud measures and truly take on the online identity of the victims. According to court documents pertaining to the case, the FBI infiltrated Genesis Market’s backend servers in late 2020 and again in Spring 2022. During that time, the FBI was able to retrieve information on 59,000 users of the market. As of now, a mirror of the website is still running, and multiple similar illegal marketplaces continue to exist. This is still a major global victory for those fighting against cybercrime.

Tax Tool Approved by IRS Sending out Malware

A popular tax return software, eFile.com, has been caught sending out malware to its users. eFile is authorized by the United States’ Internal Revenue Service as an approved tax software. This revelation coming during tax season as millions of Americans finalize their taxes causes even more concern. Bleeping Computer was able to confirm the existence of the malware file known as “popper.js” through its own research. The first signs of concern appeared on a Reddit thread where some users believed that eFile had been compromised. Bleeping Computer analyzed the malware and noted that it is a backdoor malware which allows bad actors to access the compromised device remotely. At this time, the website is no longer sending out the malicious code.

SonicWall Blog

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

RSA 2023: What “Stronger Together” Means With SonicWall

In less than a month, members of the cybersecurity community will travel to San Francisco for RSA Conference 2023, and for the first time since 2020, SonicWall will be joining them.

Starting on Monday, April 24, you can visit us at booth #5585 in the North Hall of the Moscone Center for previews of upcoming SonicWall innovations, one-on-one meetings, demos of our latest technology and more.

This return to RSA comes at an opportune time: the RSA 2023 theme, “Stronger Together,” isn’t just an ideal that SonicWall believes in — it’s the very foundation that SonicWall was built on.

Today, SonicWall collaborates with the cybersecurity community on threat mitigation strategies and ways to pursue shared cybersecurity goals across networks, endpoints, cloud environments and more. SonicWall also compiles and shares a wealth of threat intelligence to build trust and cooperation within the wider intelligence community and create a safer future for all.

The Power of Partnership

But this sort of cooperation comes naturally to SonicWall: as a 100% channel-driven company, cooperation with our global partner network has been vital to SonicWall’s entire business model from the beginning.

“At SonicWall, we understand that our partners are critical to our success, and we work hard to ensure that they have the tools and support they need to be successful,” said SonicWall CRO Jason Carter in a statement announcing SonicWall’s seventh-straight 5-star rating in the CRN Partner Program Guide. “By providing innovative, cost-effective security solutions and exceptional customer service, we help our partners deliver superior cybersecurity services to their customers and build lasting relationships.”

And in recognition that SonicWall and its partners truly are “Stronger Together,” SonicWall recently announced several initiatives to help further strengthen relationships with partners and help contribute to their success. Shortly after assuming the role of SonicWall president and CEO, Bob VanKirk announced one of his primary focuses would be staying better aligned with partners.

“From our early days, SonicWall’s accomplishments have always been linked to the success of its esteemed partners and distributors,” VanKirk said. “We’ve always strived to be a partner-centric company, but we want to continue to grow in how we can better support and enable our partners across every function and team.”

The Future is Partner-Focused

Some of these planned changes will take the form of improved partner offerings. Other changes have taken the form of an expanded executive lineup. To help lead SonicWall in its next phase of growth, three new executives were appointed in early 2023:

Peter Burke, Vice President and Chief Product Officer — Burke is a highly accomplished business leader, with a Ph.D. in Computer Science (Artificial Intelligence) and over 25 years of combined technology experience with Silicon Valley startups and multinational corporations. Burke’s prior engagements include SVP of Research and Development at Ping Identity and EVP of Engineering and Operations at Neustar. In addition, Burke held executive management positions at InQuira (acquired by Oracle) and Ceon (acquired by Convergys). His reputation as a visionary technologist with extensive experience in cloud-based enterprise software development makes him a perfect fit for his new role as the primary driver of product development and execution at SonicWall.

Jason Carter, Chief Revenue Officer — Over the past 17 years, Carter has specialized in sales leadership, sales operations and customer lifecycle management within the global channel IT industry. Recently recognized by CRN on the Channel Chiefs list, Carter has worked as part of the SonicWall SecureFirst partner program, focusing on channel partner dynamics and enabling SonicWall partners to manage and grow recurring revenue. Since joining SonicWall in 2011, Carter has developed, implemented and managed global sales programs centered on both customer experience and partner development. Carter’s strategic focus helps increase customer retention, decrease attrition and drive incremental services revenues with holistic partner programs.

Chandrodaya Prasad, Executive Vice President of Global Product Management — Prasad has over 20 years of cybersecurity product management and marketing experience. Most recently, he served as vice president of product management at Cisco, overseeing teams delivering SASE, cloud and network security. Prasad joined the SonicWall leadership team to help position the existing portfolio for success, grow cloud initiatives and expand SonicWall’s product offerings.

In announcing the appointment of the new executive team members, SonicWall CEO and President Bob VanKirk said, “An unwavering commitment to SonicWall customers and partners around the globe is SonicWall’s priority. These executive appointments are yet another sign that SonicWall is continuing to evolve to remain one of the leaders in the cybersecurity space. Along with the emphasis on SonicWall’s outside-in approach, we are positioned to take our global partner community to new heights in 2023.”

RSA Conference 2023 will be a great opportunity for partners and customers alike to meet members of our executive team. Along with many of SonicWall’s preeminent experts in threat detection, product marketing and more, these leaders will be available for one-on-one meetings starting Monday, April 24 — but spots are limited, so book yours today.

We look forward to seeing you at RSA 2023!

Cybersecurity News & Trends – 03-30-2023

April Fools’ Day is fast-approaching, and you’d have to be a fool to not see all the good stuff happening at SonicWall this week. Microscope quoted SonicWall CEO Bob VanKirk on how he’s successfully aligned two key areas at SonicWall. TechCrunch and Computer Weekly cited data from the 2023 Cyber Threat Report.

In industry news, Data Breach Today covers a slew of tech leaders asking AI developers to slow down. Dark Reading has the lowdown on a new MacOS malware. TechCrunch has information on a supply chain attack on a major phone system. At Bleeping Computer, they discuss a security flaw in a common WiFi protocol that’s causing problems. Hacker News provides insight on OpenAI’s user data leak from last week.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

2023 Could Be the Biggest Ever Year for Cybercrime

TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.

Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022

MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Cybercrime Spiked In 2022 — And This Year Could Be Worse

Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.

Ransomware Attacks Plunged 48 Percent in US Last Year: SonicWall

CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.

Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022

Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.

Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.

Experts Spot Half a Million Novel Malware Variants in 2022

InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.

Industry News

Tech Leaders Ask AI Developers to Slow Down Amid Fears

Artificial intelligence (AI) has been rapidly advancing over the past few years leading to a laundry list of exciting new features. While we’ve seen what AI can do with writing, artwork, memes and more, some top tech leaders have shared their concerns and actually asked AI developers to stop development for at least six months. The Future of Life Institute gathered over 1,000 signatures on a document asking to stop and consider developing safety protocols and more before continuing. The list of signatories includes notable names like Twitter CEO Elon Musk and former presidential candidate Andrew Yang along with Turing Prize-winner Yoshua Bengio and many others. The document asks pertinent questions about job automation, propaganda and even potentially losing control of our civilization as a whole. It remains to be seen whether the document will actually have an impact on the development of AI, but it would be prudent to stop and consider the possibilities of AI.

Apple Loses User Data to MacStealer Malware

MacOS users should be on the lookout as a new information-stealing malware, MacStealer, is making the rounds. The malware steals things like documents, browser cookies, passwords, iCloud keychain data and more. According to Dark Reading, the malware has been found on the Catalina version of MacOS as well as versions that use Intel’s M1 and M2 chipsets. The threat actors spreading this malware are doing so by getting users to install fake apps or download malicious files. Once users install the bogus software or download the malicious files, the malware prompts them to enter their login credentials which are then stored and sent off to the threat actors. Until a patch is released, MacOS users on the affected versions should continue to be wary when installing software or downloading files from suspicious sources.

New Supply Chain Attack Targets Major Phone System

A new supply chain attack targeting software-based phone developer 3CX has caused some concern amid multiple cybersecurity firms. Large companies like McDonald’s, American Express and BMW rely on the phone software for various services. It’s even used by the United Kingdom’s National Health Service. According to TechCrunch, 3CX claims to have over 12 million daily users. The attack has been compared to the SolarWinds attack and has been named “Smooth Operator.” The malware steals data and stored credentials from various internet browsers including Firefox, Brave, Microsoft Edge and Google Chrome. 3CX is aware of the issue and is asking customers to uninstall and reinstall the software on all devices.

Threat Actors Exploit WiFi Protocol Flaw to Commandeer Network Traffic

A security flaw that attackers can exploit to force access points to leak network frames has been uncovered in the IEEE 802.11 WiFi protocol. These network frames contain data such as MAC addresses and management data. The cybersecurity researchers who made the discovery found that the flaw could have widespread impact as it affects Linux, iOS, Android and FreeBSD. According to Bleeping Computer, Cisco has brought attention to the flaw and admitted that it could affect some Cisco products. There are currently no instances of the flaw being exploited in the wild.

OpenAI Gives Insight Into ChatGPT User Data Exposure Bug

ChatGPT’s developers, OpenAI, provided some answers this week about exactly what led to the glitches in their system last week that allowed some users to see descriptions of other users’ conversations as well as other users’ messages. OpenAI stated that the bug was found in the Redis open-source library. According to OpenAI’s statement, the bug in the Redis library caused connections to become corrupted and allowed for the chatbot to send users data from other users’ conversations. The company took ChatGPT down while addressing the glitch. Hacker News stated that the issue may have led to other issues where some users full names, email addresses, payment addresses and last four digits of their credit card numbers were revealed. The company emphasized that the full credit card numbers were not revealed in any instance. The issue has since been resolved, but time will surely tell the full impact this bug may have on ChatGPT and its users.

SonicWall Blog

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang

Cybersecurity: Preventing Disaster from Being Online

The Internet is an incredible resource that has revolutionized every aspect of our ever-changing global society. Some parts of life are nearly impossible without some connection to the net for work, play or learning. Yet, while our connectivity accompanies the entire planet through the digital evolution, it also introduces a new level of risk few people ever imagined.

But “spycraft”? What does that have to do with you or me? In truth, most of us are the furthest thing from a “spy,” let alone know how to control our risk of hacking. But the fact that you’re reading this post means that you’re asking the right questions.

Allen Dulles and his 73 Rules.

Allen Dulles was an American diplomat and intelligence officer who served as the first civilian Director of Central Intelligence (DCI) and was the longest-serving director of the Central Intelligence Agency (CIA) from 1953 to 1961. During his time at the CIA, he played a significant role in shaping US foreign policy, particularly during the Cold War. He was involved in several covert operations, including overthrowing the Iranian Prime Minister Mohammad Mosaddegh and the Bay of Pigs invasion in Cuba. He also helped establish the CIA’s covert action capabilities and modernized its intelligence-gathering methods.

The inspiration for this presentation is roughly based on Allen Dulles’s 73 Rules of Spycraft. When he wrote this missive, it was as an instructor for agents in the field. His general philosophy for the craft was that “spying” anywhere is often dangerous and must be engaged with the strictest discipline.

A quick read of Dulles’s rules reveals a bit of duplication and redundancy, but there are good reasons why he wrote that way. In part, he wanted to demonstrate that rules for this type of work required constant adaptation. And like a good teacher, Dulles illustrates that the essential aspect of being mindful about security “consists not only in avoiding big risks… it is consistent care in them that forms the habits of true security mindedness.”

Knives out: Lurking Cybersecurity Threats

In a real sense, you’re risking everything whenever you open a browser window. One little error, one misstep in judgment, and you could lose it all to a hacker.

According to the 2023 SonicWall Cyber Threat Report, while the total global count for ransomware was 493.3 million (a 21% drop over last year), Europeans saw an 83% jump, which includes a 112% increase in the UK. The education and finance sectors were hit the hardest, with sharp increases of 275% and 41%, respectively. So, while the risk of getting hit by ransomware is still higher than getting hit by a car or lightning, the effects can be just as devastating.

What is the solution? Experience shows us that we can manage both the risk and the potential damage. For the sake of this article, I present an easy four-step action plan.

Whom do you trust?

Trust is the crux of cybersecurity, where behavior and technology meet. Therefore, the first step is assessing trust and recognizing that risk is omnipresent.

Just by being here and reading this article, you trusted the host of the website where this article is published, the IT engineers and technicians who run the website, the coder who built the page and uploaded the article, and me. And that’s not including anyone who may have sent you a link because they think you should read it. My gosh. That’s four or five people in the process you’ve trusted already. Let’s add now the manufacturer of the technology you’re using to get here, your bandwidth provider, your fiber or wire or satellite company – maybe even the neighbor with a beard. You see where this is going, right?

The juvenile response to such mounting risk is, “I’ll never trust anyone.” However, such an attitude only takes us so far because when it comes to engagement and interaction (online or offline), eventually, you must trust someone.

Spycraft as a cybersecurity risk mitigator.

Consider the second step: how to apply spycraft as a risk mitigator. We adopt unconscious happenstance to function normally for everyday tasks: preparing ourselves for work, the commute, lunch, watching a show on the television, and walking the dog. Now consider how a happenstance approach endangers your cybersecurity. Risk always increases when we stop paying attention.

Adopting ‘spycraft-sense’ mitigates the risk of getting hit by a car by looking both ways before we cross a street. And you can avoid most lighting strikes simply by not going outside when conditions for lighting are present. Similarly, we can enhance cybersecurity by never blindly trusting everyone and everything we see online. That means adopting what Allen Dulles called “greater situational awareness” for the things that increase risk.

Therefore, we can reduce risk by becoming fully mindful of our daily interactions and engagements. That means being aware of how hackers deploy social engineering with various forms of phishing (email, text messaging, social media) and setting personal rules about links we click, sites we visit, downloads we take, and the technology we deploy to control or even reverse potential damage.

Cybersecurity technology that can enhance the effect of spycraft.

Then it should be no surprise that our third step is looking at how technology may enhance the effects of everything we’ve done so far. From great technological advancement comes greater convenience. New tech delivers fantastic opportunities straight into our hands. But, if we want to continue to enjoy those opportunities, then it’s really up to us as individuals to step up and control the inevitable risks that come with using them.

The title of this Mindhunter presentation seems a little apocalyptic – disaster is not inevitable. I would instead like to think that the title gives us some optimism. We don’t have to become spies to control our cybersecurity risks; we just need to follow basic rules of engagement and interaction to keep us safe from malware that can lead to ransomware and other advanced threats.

However, should something sneak past us, we want layers of technology that can stop threats before they exert their total potential damage. Think of yourself as an onion with an outside layer of good anti-virus and anti-malware software on all your local devices. In the next layer, we can deploy next-generation firewalls (NGFWs) and AI-augmented software that analyzes even advanced threats and neutralize them without degrading device performance. And we want redundancies, backups, and means for easy rollback to protect our core. The best part is that this technology is off the shelf and ready to deploy today.

Explore and learn with SonicWall’s Mindhunters.

That leaves us to the fourth and final step: book your seat for MINDHUNTER #12, Cybersecurity: Preventing Disaster from Being Online. This is where you can pick up active lessons on cybersecurity from experts in the field today. Get the most from better online behavior and be boundless with excellent cybersecurity solutions and technology. The event is scheduled for April 18, 2023. Good hunting!

Cybersecurity News & Trends – 03-24-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

Spring is in the air, and SonicWall’s media presence is blooming. InformationWeek quoted our threat detection and response strategist, Immanuel Chavoya, on healthcare. MotorTrader cited data from the 2023 Cyber Threat Report.

In industry news, FCW dives into details on the federal governments new program for cybersecurity employees. Data Breach Today has the story on the FBI’s arrest of BreachForum’s notorious administrator. Bleeping Computer breaks down the zero-day attack on General Byte’s Bitcoin ATMs. Hacker News provides insight on bot-based DDoS attacks exploiting vulnerable servers and routers.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

2023 Could Be the Biggest Ever Year for Cybercrime

TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.

Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022

MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Cybercrime Spiked In 2022 — And This Year Could Be Worse

Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.

Ransomware Attacks Plunged 48 Percent in US Last Year: SonicWall

CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.

Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022

Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.

Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.

Experts Spot Half a Million Novel Malware Variants in 2022

InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.

Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022

MSN, SonicWall News: Bob Vankirk, CEO of SonicWall, said: “The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance. While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”

State-Sponsored Hackers Are Diversifying Tactics, Targeting Small Businesses

IT Pro, SonicWall News: State-sponsored threat actors are increasingly shifting their focus towards SMBs and smaller enterprises, according to new research. While large enterprises, public services, and critical national infrastructure have traditionally been key targets for state-sponsored threat actors, SonicWall’s 2023 Cyber Threat Report predicted that groups will ‘diversify’ their tactics in 2023 to target SMBs and a “broader set of victims.”

Cybersecurity Predictions for 2023 – Things You Should Know

Utah Pulse, SonicWall News: SonicWall reports a 328% YoY increase in healthcare ransomware attacks in 2022, and healthcare and education are expected to be among the most targeted sectors in 2023. The expanding IoT footprint in these sectors is predicted to make them more vulnerable to digital attacks, increasing the risk to critical infrastructure.

Industry News

FBI Tracks Down, Arrests BreachForum’s Administrator

FBI agents tracked down the apparent administrator of an underground hacker forum this past week. They arrested the man at his home in Peekskill, New York. Federal agents identified him as Conor Brian Fitzpatrick, a 2021 graduate of Peekskill High School. His name on the forum was “Pompompurin.” Beyond being a hub for cybercriminal tools, BreachForums also allows users to advertise searching for members and for targets. According to Data Breach Today, a federal agent disclosed that Fitzpatrick admitted to him that he was the administrator of the criminal forum during the arrest. This will not be the end of BreachForums, as another user – named “Baphomet” – has now taken control and vows that he will not be caught.

Bitcoin ATM Loses $1.5 Million In Zero-day Attack

A popular Bitcoin ATM manufacturer, General Bytes, revealed that threat actors stole $1.5 million worth of cryptocurrency from the company and its customers using a zero-day exploit. The exploit is being tracked as BATM-4780, and it was found in the companies BATM management platform. Bleeping Computer states that General Bytes is now shutting down its cloud services due to the difficulties they’ve faced in securing it. The company has audited its security systems numerous times since 2021 but still failed to identify the zero-day vulnerability that led to this attack. On Twitter, the company urged customers to ensure their servers are running the latest updates to better protect them.

Federal Government Implementing New Program to Address Cybersecurity Skills Gap

The Office of Personnel Management provided an update regarding the Federal Rotational Cyber Workforce Program. The program will give high-performing government cybersecurity employees the option to temporarily work at different agencies to help address the growing cybersecurity skills gap. Participating employees will need signed permission from their current agency to initiate the transfer. According to FCW, those wishing to take on one of these assignments will need to have scored a minimum of “fully successful” on their most recent performance review. These temporary details will last anywhere from six months to a full year. This new program won’t begin until 2027 due to existing laws unless congress intervenes.

Naruto-themed Bot Exploiting Router and Server Vulnerabilities

A GoLang-based bot named HinataBot is wreaking havoc by exploiting security flaws in routers and servers to stage DDoS attacks. The bot is named after a character from the hit anime series “Naruto.” The bot is using vulnerable Hadoop YARN servers and Realtek SDK devices to set up the attacks. The threat actors have been active since December 2022 and have been using their custom HinataBot since January 2023. The bot is apparently still in active development because new functions and analysis-resistance features have been documented as recently as this month. According to Hacker News, DDoS attacks are expected to continue to rise due to new malware strains that can target IoT devices and more.

SonicWall Blog

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang

Celebrating 2023 With Expanded “3 & Free” – Matt Brennan

The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report

SonicWall’s exclusive threat intelligence is an invaluable tool for cybersecurity professionals. But you don’t have to take our word for it.

The 2023 SonicWall Cyber Threat Report contains a wealth of exclusive threat data — including an accounting of 2022’s biggest trends and developments, as well as details of the year’s most important cybersecurity news.

Given that you won’t find much of this information anywhere else, its no wonder that the 2023 SonicWall Cyber Threat Report has become a go-to source of information for anyone looking to better understand the threat landscape.

Many of these people are journalists, and with each subsequent report, SonicWall’s threat data has found its way into an increasing number of articles, blog posts and papers around the globe. In some cases, in addition to citing SonicWall’s data, publications have sought the input of our leaders and researchers to discuss the report’s findings.

Here’s a small sampling of the global coverage surrounding the 2023 SonicWall Cyber Threat Report:

U.K.

MSN – Ransomware threat surges as Brits suffer millions of attacks in 2022

Financial Times – Taking stock of the US crypto crackdown

AOL. – Ransomware threat surges as Brits suffer millions of attacks in 2022

The Times – Hackers hit WH Smith for the second time

Daily Mail – Cut tax on business to Irish levels, urges Boris

Computer Weekly – What can security teams learn from a year of cyber warfare?

Evening Standard – Ransomware threat surges as Brits suffer millions of attacks in 2022

TechRadarPro – 2023 could be the biggest ever year for cybercrime

Comms Express – 2023 SonicWall Cyber Threat Report

Evening Standard – Drones ‘blow up’ Russian spy plane in Belarus

CityAM – Malware attacks on UK government devices up by 75 per cent, report reveals

IT Pro – State-sponsored hackers are diversifying tactics, targeting small businesses

Charged Retail – JD Sports cyber attack: why online retail is vulnerable and what can be done?

Tech Monitor – LockBit claims ransomware attack on power electronics company Phihong

InfoSecurity – Experts Spot Half a Million Novel Malware Variants in 2022

U.S. and Canada:

Yahoo! – Ransomware threat surges as Brits suffer millions of attacks in 2022

CRN – Ransomware Attacks Plunged 48 Percent In US Last Year: SonicWall

Digital Trends – Cybercrime spiked in 2022 — and this year could be worse

Utah Pulse – Cybersecurity Predictions for 2023 – Things You Should Know

Investor Place – 7 Cybersecurity Stocks to Buy to Protect Your Portfolio

InfoSecurity – Trend Micro’s 55% surge in malware detections is significantly higher than that of SonicWall, which said last week that its overall detections increased by only 2% year-on-year in 2022

CRN – 5 Things To Know On The Big Drop In Ransomware Attacks

MSSP Alert – SonicWall: Spikes in IoT Malware, Cryptojacking Offset Decline in Ransomware in 2022

HIPAA Journal – Cybercriminals Adopt Corporate Tactics to Address Declining Revenues

Germany, Austria & Switzerland

TechradarPro – 2023 could be THE year for cybercriminals

It Daily Net – Education sector in the crosshairs of cybercriminals

Krypto News Deutschland – An inventory of the US crypto raid

Spain

Tech Ao Minuto – There was more cybercrime in 2022 and growth may continue this year

Canales Sectoriales – SonicWall discovers 465,501 malware variants never seen before

Byte – This is the state of cyberthreats in 2023

News.es – IoT malware and cryptojacking attacks are growing to the detriment of ransomware

Brazil

GQ Brasil – Global hacker attack may reach Brazil but risk is limited, says experts

Convergencia Digital – Malware focused on the internet of things grows 87% in 2022

TI Inside – Brazil is the fourth largest ransomware target in the world

InforChannel – SonicWall report shows change in strategy of threat agents

Mexico

El Universal – From bullets to bits

Computerworld – Report sheds new light on the changing cybercrime panorama

SecuriTIC Latinoamérica – SonicWall cyber threat reports highlights changes in the behavior of cybercriminals

Lado Mx – SonicWall presents its new Cyber Threats Report 2023

Colombia

Semana – Batteries: there was an 87% increase in the number of computer attacks in the world

Acis – Colombia among the ten countries most attacked by ransomware, according to SonicWall’s 2023 Cyber Threat Report

India

TechCircle – After three years of decline, overall malware attack up by 2% in 2022: Report

The Hindu Business Line – Ransomware attacks dip but don’t let your guard down

Enterprise IT World – 2023 SonicWall Cyber Threat Report Offers new Findings Around Threat Actor Behavior

Digital Terminal – SonicWall Reveals 53% Jump in Ransomware Attacks in India in 2022

Machine Maker – 2023 SonicWall Cyber Threat Report: Shifting Front Lines, Vigorous Threat Actors

CRN India – SonicWall cyber threat report focuses on shifting front lines, threat actor behavior

CXOToday – 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior

Samachar Central – 2023 could be the biggest ever year for cybercrime

Japan

CNET Japan – The 2023 SonicWall Cyber Threat Report suggests the latest situation of cyber attacks and changes in criminal behavior

Nikkei Asia – Cyberattacks on Japan soar as hackers target vulnerabilities

ZDNet Japan – The 2023 SonicWall Cyber Threat Report suggests the latest situation of cyber attacks and changes in criminal behavior

Middle East, Turkey & Africa

The Gulf Time Newspaper – SonicWall reveals top tech trends, predictions for 2023

Entrepreneur Al Arabiya – Cybersecurity challenges are increasing in the education sector, retail and growing threats on Internet of Things

Al Bayan Newspaper – SonicWall: UAE Records 14% Drop in Cyberattacks in 2022

Awalan – Malware increased by 87% in 2022

Al Watan Newspaper – SonicWall released its 2023 Cyber Threat Report

Sahaffah – 2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior

Cybersecurity News & Trends – 03-17-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

It’s St. Patrick’s Day today, so we hope you’re protecting yourself by wearing green. We also hope you’re protecting yourself from cybercriminals by staying up to date with the latest threat intelligence, such as the 2023 Cyber Threat Report.

In industry news, Hacker News has the lowdown on a new AiTM phishing campaign and a phony ChatGPT extension causing trouble for Chrome users. Bleeping Computer reported on a new attack developed for air-gapped computers. The folks at Dark Reading have the scoop on AI-created YouTube videos spreading malware. TechCrunch and Vice dive into details on a potential breach at video surveillance company Ring.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

2023 Could Be the Biggest Ever Year for Cybercrime

TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.

Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022

MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Cybercrime Spiked In 2022 — And This Year Could Be Worse

Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.

Ransomware Attacks Plunged 48 Percent in US Last Year: SonicWall

CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.

Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022

Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.

Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.

Experts Spot Half a Million Novel Malware Variants in 2022

InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.

Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022

MSN, SonicWall News: Bob Vankirk, CEO of SonicWall, said: “The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance. While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”

State-Sponsored Hackers Are Diversifying Tactics, Targeting Small Businesses

IT Pro, SonicWall News: State-sponsored threat actors are increasingly shifting their focus towards SMBs and smaller enterprises, according to new research. While large enterprises, public services, and critical national infrastructure have traditionally been key targets for state-sponsored threat actors, SonicWall’s 2023 Cyber Threat Report predicted that groups will ‘diversify’ their tactics in 2023 to target SMBs and a “broader set of victims.”

Cybersecurity Predictions for 2023 – Things You Should Know

Utah Pulse, SonicWall News: SonicWall reports a 328% YoY increase in healthcare ransomware attacks in 2022, and healthcare and education are expected to be among the most targeted sectors in 2023. The expanding IoT footprint in these sectors is predicted to make them more vulnerable to digital attacks, increasing the risk to critical infrastructure.

The 20 Coolest Network Security Companies Of 2023: The Security 100

CRN, SonicWall News: Key offer­ings from SonicWall in the realm of next-gener­ation firewalls include the SonicWall NSa 5700, which utilizes a scalable hardware architecture designed to fit in a single rack-mountable unit. The high port density of the NSa 5700 includes multiple 10-Gigabit Ether­net and 1-Gigabit Ethernet fiber and copper interfaces.

CEO Outlook 2023

CRN, SonicWall News: One of the biggest opportunities we will be tackling with our partners is providing a broader set of unified and cost-effective solutions that fully secure the evolving network perimeter. For many of our partners and customers, 2023 will represent a period of cautious and informed investment in IT and security – customers will demand more bang for their security buck.

Industry News

Ring Refuses to Reveal Truth About Russian Ransomware Rush

A Russian ransomware gang has claimed to have breached the Amazon-owned video security company Ring. The ransomware gang, known as ALPHV, has so far failed to provide evidence of the supposed breach, and Ring has remained tight-lipped concerning the matter. A Ring spokesperson did tell TechCrunch that they had no indications of a ransomware attack but declined to comment on whether or not they had the ability to see if data had been exfiltrated from their networks. Ring did tell Vice that they were aware of a potential incident with a third-party vendor, but they didn’t say the name of the vendor. Ring said the vendor did not have access to customer records.

Researchers Utilize Computer Speakers and Smartphone Microphone to Steal Data

At Korea University in Seoul, South Korea, researchers have recently discovered that a new channel attack called CASPER is capable of transferring data from air-gapped computers to a microphone through the air. An air-gapped computer is a computer that is not physically capable of connecting to an external network or device, so this development could be concerning for those using air-gapped computers to store their most sensitive data. The attack utilizes the computer’s internal speakers to emit a high-frequency soundwave that cannot be heard by human ears but can be detected by microphones – including a smartphones microphone – up to 1.5 meters away. The high-frequency audio transfers data using binary or morse code at a rate of 20 bits per second. Similar attacks have been seen previously, but those attacks utilized external speakers. Air-gapped computers typically don’t have external speakers, but they do usually still have internal speakers to emit sounds such as boot-up beeps or other information-conveying beeps. While this type of attack may seem far-fetched, Bleeping Computer states that such attacks have been successfully carried out in the past, such as the Stuxnet worm targeting Iran’s nuclear enrichment facility and others. The malware utilized in this attack can target specific files in the system from hardcoded lists, and it can exfiltrate the data from those files. The malware could also be used for keylogging. The university researchers did share ways to defend against such an attack, with the simplest method being to simply remove internal speakers from any air-gapped computers.

Microsoft Alerts Users to Millions of Phishing Emails Being Sent Out Daily

An increasing amount of cybercriminals are using an adversary-in-the-middle (AiTM) phishing kit to steal the passwords and cookies of users around the world. In an AiTM phishing attack, threat actors usually place a proxy server between the user and the website, and the proxy server is where the theft takes place. According to Hacker News, these attacks can be more effective because they’re able to get around things like multi-factor authentication (MFA) and time-based one-time passwords (TOTPs). The Microsoft Threat Intelligence team is monitoring the situation and tracking the cybercriminals who are orchestrating the attack. The threat actors developing the phishing kit are known as DEV-1101, and they are responsible for multiple phishing kits on the dark market. Microsoft has seen millions of phishing emails per day from the threat actors who have purchased the kit from DEV-1101. Organizations should consider phishing-resistant authentication methods to help thwart this type of attack.

Phony ChatGPT Chrome Extension Steals Facebook Accounts

A fake ChatGPT browser extension is making its way around Chrome, and it has the ability to take over Facebook accounts and even create administrator accounts. The goal of the extension is apparently to hijack high-profile Facebook business accounts and then run paid advertisements on the dime of the businesses. Google pulled the extension, named “Quick access to ChatGPT”, on March 9, 2023, but it amassed 2,000 installations per day in its short time on the Chrome Web Store. According to Hacker News, the viral success of OpenAI’s ChatGPT has led threat actors to capitalize by creating fraudulent apps and extensions. Users must be wary of the sources of the extensions and apps they choose to install.

YouTube Videos Created by AI Fake Tutorials, Spread Malware

Artificial intelligence is being used to create YouTube videos that use an infostealer malware to find users personal data on their devices. These videos are posed as tutorials for programs like Photoshop, AutoCAD, Premier Pro and more. Dark Reading states that security researchers have determined that cybercriminals are using programs like Synthesia and D-ID to produce phony personas that are intended to exude a sense of trustworthiness with users all around the world. It’s currently unclear how large of an impact these videos are having on cybercrime as a whole, but it’s yet another example of artificial intelligence being used in a nefarious way.

SonicWall Blog

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang

Celebrating 2023 With Expanded “3 & Free” – Matt Brennan

The Art of Cyber War: Sun Tzu and Cybersecurity – Ray Wyman

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference – Mohamed Abdallah

SonicWall Included on the Acclaimed CRN Edge Computing 100 List for 2022 – Bret Fitzgerald

SonicWall Data Shows Attacks on Schools Skyrocketing

Threat actors increasingly targeted K-12 districts in 2022, resulting in triple-digit spikes in malware, ransomware, encrypted threats and IoT attacks.

While K-12 schools had already been increasing their dependence on technology, the COVID-19 pandemic accelerated this growth tremendously. Due to funding constraints, however, schools’ adoption of new hardware and software has often outpaced their districts’ ability to secure this new infrastructure, resulting in an attack surface that has continued to grow — both in size and in appeal to attackers.

According to the GAO, roughly 1,847,000 students have been impacted by ransomware attacks in the United States alone since the beginning of 2020. Since the latest data currently available only goes through the end of 2021, this number, in reality, is much higher — but even these smaller figures, combined with data released by the U.S. Census Bureau, work out to 1 in 26 K-12 students in the U.S. affected in just a two-year period.

But the issue of cyberattacks targeting schools isn’t limited to the U.S. According to a recent audit by the National Cyber Security Centre (NCSC) and the National Grid for Learning, nearly 80% of schools in the United Kingdom have experienced at least one cyberattack. And in late 2022, Ontario, Canada, was shaken by the news of two widespread cyberattacks on educators within a two-week period.

Schools See Triple-Digit Growth Across Most Attack Types

This barrage of attacks on primary and secondary schools can also be seen in SonicWall’s exclusive threat data. In the recently released 2023 SonicWall Cyber Threat Report, we reported massive year-over-year volume increases in attacks on K-12 districts as threat actors continued to shift away from government, healthcare and other industries to zero in on education targets.

In 2022, SonicWall observed a 275% increase in ransomware attacks on education customers overall, including a 827% spike in attacks on K-12 schools. This growth echoed trends observed in the overall malware attack volume: Out of a 157% increase in attacks on education customers overall, the subset of K-12 customers experienced a 323% increase in overall malware attacks.

Huge increases in attacks targeting education were also seen elsewhere in SonicWall’s data. Encrypted attacks spiked 411% over 2021’s totals, and the number of IoT malware attacks rose 146%. And while cryptojacking attempts on education customers increased more slowly in comparison, 2022 marked the second-straight year of significant growth. Taken together with a sustained increase in overall cryptojacking, this suggests we’re likely to see attacks continue to rise as 2023 goes on.

Attacks on Schools: What’s at Stake

The GAO study also revealed the average impact of a successful cyberattack: Lost learning time ranging from roughly three days to three weeks, with actual recovery lasting from two to nine months. This was in addition to any financial losses from things like third-party remediation, replacing equipment and more.

Unfortunately, these attacks aren’t just costly to the schools. After the Los Angeles Unified School District refused to pay a ransom demand, attackers published 500 GB of stolen data consisting of Social Security numbers, student health info, assessment results and W-9 forms to the dark web.

As more schools refuse to pay ransom demands, threat actors are increasingly turning to this method of double extortion to ensure their efforts bear fruit. Because students generally have unblemished credit records, and because their credit typically isn’t being monitored due to their age, cybercriminals can use the personally identifiable information collected in these attacks to open credit cards and commit other financial fraud — with students and their parents oftentimes being none the wiser.

School districts can offer credit monitoring and identity protection services to students whose sensitive information has been stolen. But this is cold comfort to students whose mental health records, bullying reports, disciplinary records and more are now publicly available. In one particularly egregious case, the Medusa ransomware gang released the details of a student’s sexual assault report, reportedly as a means of getting the individual’s parents to pressure the Minneapolis Public School System to pay the $1 million ransom demand.

A New Strategy to Help Schools?

In early March, the U.S. National Cybersecurity Strategy was released, outlining a plan to shift greater responsibility for cybersecurity onto the country’s tech companies. With third-party vendors providing a means of entry in 55% of K-12 data breaches, the report’s goals could provide some much-needed relief to the education industry.

Even so, attacks on schools are likely to continue for the foreseeable future. The goals outlined in the strategy will require a paradigm shift in how the country views cybersecurity, so its benefits are unlikely to be realized in the short term. In the meantime, threat actors specializing in attacks on K-12 schools, such as the Vice Society ransomware group, have already proven as active as ever in 2023.