A curated collection of the top cybersecurity news and trends from leading bloggers and news outlets.

Our big cybersecurity read this week is a developing story over the ChromeLoader Malware that seems to be getting worse and worse, with contributions from Red Canary, Bleeping Computer, the Register, VMware, and Dark Reading. Please note that it’s a strongly recommended read for anyone using Google Chrome. Next is a big hack of the 2K gaming platform, which was apparently hit by hackers earlier this week. As reported by Engadget, the company was very quick to acknowledge the hack and is warning the public not to open any emails from its support department. Next, Dark Reading dug up evidence of the mysterious ‘Metador’ cyber-espionage group infecting multiple telecommunications company services, internet service providers, and universities in Africa and the Middle East. And saving the best for last, back to Dark Reading, was it an angry developer who worked for the hackers? We’ll probably never know, but whoever it was probably helped develop LockBit’s latest ransomware encryptor (LockBit 3.0) and then released the decoder to the public.

And you will notice that SonicWall continues to run the global circuit with new developments and more corporate mentions, and always on the front lines protecting your networks and properties.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

Elections, A Full Plate for Cybercrime in Brazil

Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.

SonicWall Threat Report Mid-Year Update Highlights Significant Threat Variance

IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.

Defending Against Ransomware Attacks

Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

Industry News

Big Read: ChromeLoader Malware Headaches Spreading into Ransomware and More Pain

By now, you’ve heard (or should have heard) about the malware that’s been making the rounds in millions of desktops and laptops all over the world. It’s literally THAT kind of problem. ChromeLoader, a malicious Chrome browser extension, is classified as a pervasive hijacker. It modifies the browser settings to hijack search queries to popular engines such as Google, Yahoo!, and Bing. The malicious code can also use PowerShell to insert itself into the browser. We found a report from Red Canary about a malicious campaign to spread the ChromeLoader malware, which hijacks victims’ browsers. And it looks like it got worse from there.

Bleeping Computer reports that VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. Chromeloader infections surged in Q1 2022, with warnings about advertising fraud. They’re reporting says that the malware infected Chrome with a malicious extension that redirected user traffic to advertising sites to perform click fraud and generate income for the threat actors.

The “worse part”? The Register reports that nasty variants of the software are now dropping in on Windows PCs and Macs, according to researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team. The unit’s report this week about the rapidly growing number of more dangerous ChromeLoader variants dovetails with what other cybersecurity researchers have detected.

That development comes on the heels of a warning from Microsoft late last week, reported by Dark Reading, about a click-fraud campaign by a threat group called DEV-0796 and likely using an infected ChromeLoader to hit victims’ computers with malware. According to Dark Reading, the Windows port of ChromeLoader is typically delivered as ISO image files that victims are tricked into downloading.

2K Confirms Its Support Desk Was Hacked to Send Malware to Gamers

Engadget: Video game publisher 2K is warning the public not to open any emails from its support account after confirming it had been hacked. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the official 2K Support Twitter account posted on Tuesday.

News of the security breach broke yesterday after Bleeping Computer shared screenshots of phishing emails sent to 2K customers. The emails took the form of unsolicited support tickets. Those who opened the message were subsequently sent a second email prompting them to download “the new 2K games launcher.” Putting the 107MB executable through VirusTotal and Any.Run, Bleeping Computer found it contained malware designed to steal any passwords its target may have stored on their browser.

2K recommends immediately changing any passwords stored in your browser, enabling two-factor authentication where possible, installing anti-virus software and checking that the forwarding settings on your email accounts haven’t been changed.

Researchers Uncover Mysterious ‘Metador’ Cyber-Espionage Group

Dark Reading: A new threat actor infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa is responsible for two “extremely complex” malware platforms. Still, a lot about the group remains shrouded in mystery, according to current research.

SentintelLabs researchers shared their findings at LabsCon. They named the group Metador based on the phrase “I am meta” in the malicious code and the fact that server messages are often in Spanish. Although the group has appeared active since December 2020, it has flown under the radar for the past few years. Juan Andres Guerrero–Saade is the senior director at SentinelLabs. He said the team shared information about Metador with researchers from other security firms and government partners, but before this discovery, no one knew anything.

MetaMain, a backdoor, can log mouse and keyboard activity and take screenshots to exfiltrate files and data. Hackers can also use it for installing Mafalda. This highly modular framework gives attackers the ability to gather system and network information and other capabilities. Both MetaMain, as well as Mafalda work entirely in memory. They do not need to be installed on the hard drive.

LockBit Ransomware Builder Leaked Online By “Angry Developer”

Bleeping Computer: A new and interesting twist in the game of ransomware has been reported, and it’s probably not what you think. The LockBit ransomware operation has suffered a breach, and even that’s not what you think. An allegedly disgruntled hacker developer has apparently leaked the gang’s newest encryptor. Yes. We told you this was interesting.

Back in June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. According to Bleeping Computer, the new version promised to ‘Make Ransomware Great Again,’ adding new anti-analysis features, a ransomware bug bounty program, and new extortion methods. All seemed fabulous for the crime gang, but then the gang itself suffered a breach when two people (or maybe the same person) leaked the LockBit 3.0 builder on Twitter. As the story goes, a newly created Twitter account called ‘Ali Qushji’ posted that team hacked LockBits servers and found a builder for the LockBit 3.0 ransomware encryptor.

In Case You Missed It

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

A curated collection of the top stories about cybersecurity news and trends that really matter most.

From Industry News, a new and ominous warning from CISA and the FBI about the vulnerability of U.S. schools to ransomware just as the school year is kicking off; this story has contributions from the SonicWall Threat Report, NPR, and ABC News. Next, the reconstituted Conti members are working under the banner of the group Initial Access Brokers, or IAB; a story with contributions from Dark Reading and The Verge. SpiceWorks reported on a new attack on another ransomware attack on InterContinental Hotels that affected 4,000 guests. ARS Technica reports that a new wave of data-destroying ransomware attacks that are hitting QNAP NAS devices. Fierce Healthcare reports on warnings about “exceptionally aggressive Hive ransomware” activity. Spiceworks is writing about the Ransomware as a Service (RaaS) ecosystem. And Infosecurity offers a comprehensive report on the Ragnar locker ransomware attack that targeted Greece’s natural gas supplier, DESFA.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

Industry News

Big Read: Feds Anticipate A Hard Year of Ransomware Attacks on U.S. Schools This Year

In a new warning, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) stated that ransomware attacks could rise as the school year starts. This warning comes as Los Angeles Times reports that Los Angeles Unified (LAUSD) was the victim of ransomware in the first week of September. Initial suspicions were that there had been technical problems, but LAUSD later revealed that the ransomware was criminal and affected its email system and other apps.

Although the attack is concerning, LAUSD expects to continue operating normally over the next few days. In addition, the attack has not affected critical business systems, such as employee healthcare, payroll, safety and emergency mechanisms.

The Mid-Year Update to the 2022 SonicWall Cyber Threat Report reports that ransomware attacks on education have increased by 51%. According to NPR, ransomware has infected 26 U.S. school districts (including Los Angeles) and 24 colleges or universities.

ABC News published a joint federal statement that the FBI and CISA anticipate attacks to increase in the 2022/2023 school years, and criminal ransomware organizations perceive opportunities for successful attacks. The statement also acknowledges that smaller school districts are most at risk School districts with limited cybersecurity capabilities or constrained resources are often at risk. However, cybercriminals may still target schools with solid cybersecurity programs. The bulletin states that K-12 institutions could be lucrative targets because of the sensitive student data available through school systems and managed service providers.

Former Conti Ransomware Members Join Group Targeting Ukraine

Dark Reading: Ex-members of the Russia-linked Conti ransomware group are using their tactics to join the group known as the Initial Access Brokers (IAB), which has been targeting Ukraine in a series of phishing attacks that took place over the past four months. Google Threat Analysis Group (TAG), which tracks the activity of a group it identifies as UAC-0098, is now believed to include former members of the ransomware actor.

The group is well-known for sending the IcedID bank Trojan as a prelude to other human-operated ransomware attacks. Additionally, they have targeted Ukrainian government agencies, pro-Ukraine European humanitarian, and non-profit organizations. This activity was designed to provide continued access to such targets’ networks to different ransomware groups, including Quantum, Conti (aka FIN12 and Wizard Spider).

According To The Verge, the group known as UAC-0098 used an IcedID banking Trojan to launch ransomware attacks. However, Google’s security experts say that the group is using its expertise with IAB hackers who first compromise computers and then sell access to other actors interested in the target.

Ransomware Attack on InterContinental Hotels Affects More Than 4,000 Guests

Spiceworks: ICH confirmed the attack in a filing submitted to the London Stock Exchange, where it is listed. The company did not reveal the nature of the attack, which led to some speculation by stakeholders about the exact scope of “unauthorized access” to its technology systems. According to what we know so far, and what cybersecurity experts have reported, this is another ransomware on the hotel (Reuters reports previous attack in 2017). While it is unconfirmed, IHG will likely be in negotiations with the attackers to try to restore access and get their systems back up and running. According to Spiceworks, hospitality was the eighth most targeted sector by ransomware groups between March 2021 and April 2022. According to the analysis by cyber forensics and intelligence company Hudson Rock, 4,053 ICH users and 15 of its 325,000 employees were compromised in the attack.

A New Wave of Ransomware Attacks on QNAP NAS Devices

ARS Technica: QNAP, a network hardware manufacturer, urges customers to update their network-attached storage devices as soon as possible to prevent a new wave of ransomware attacks. These attacks can wipe out terabytes worth of data in a single attack. QNAP, a Singapore-based company, recently stated that it had identified a new campaign by a ransomware group called DeadBolt. QNAP NAS devices, which use a proprietary feature called Photo Station, are targeted by the attacks. Although the advisory advises customers to update their firmware to avoid being exploited, it doesn’t mention a CVE designation security professionals use to identify such vulnerabilities. DeadBolt first appeared in January. Within a few months, Internet security scanning company Censys reported that the ransomware had compromised thousands of QNAP devices. The unusual move of the company was to automatically push the update to all devices even if they had turned off automatic updating. DeadBolt staff also provided instructions on obtaining the decryption keys needed to recover encrypted files and a proposal to QNAP for purchasing a master key that could be passed along to infected clients.

Feds Warn About a Ransomware Threat to Healthcare

Fierce Healthcare: This week, the Department of Health and Human Services Cybersecurity Program alerted healthcare providers about the “exceptionally aggressive Hive ransomware” group. According to the federal agency, although the group is known to have been operating since June 2021, it has been “highly aggressive” in attacking the U.S. healthcare sector. Like many cybercriminals, the financially motivated ransomware group has sophisticated capabilities. For example, it encrypts and steals data. In addition, the Hive Group employs many common ransomware tactics, including the remote desktop protocol, virtual private networks (VPNs), and phishing attacks. According to HHS, some victims are contacted by the ransomware group by phone to negotiate payment.

Ransomware: Unravelling the RaaS Ecosystem

Spiceworks: Ransomware is a constant in the world today, with an increasing number of attacks. As threat actors and ransomware organizations know, ransomware as a Service (RaaS) is being used to its fullest extent. What is the RaaS ecosystem? And what advice can security professionals give to their clients to protect their businesses? It is challenging to keep track of ransomware organizations, their attack methods, and their targets. However, threat intelligence research and information sharing allow us to continue to learn more about these adversaries. The Spiceworks report includes a review of online forums that analyze malware and hacking tools.

Here’s one bit of advice: ransomware groups are often mistakenly viewed as dysfunctional groups of scammers and hackers. On the contrary, they are organized, highly motivated businesses with well-resourced resources. They are diligent in their research and stay on the job long after an exploit is completed. As a result, RaaS and the groups that deploy these services are at the forefront of the most successful attacks in cybersecurity history.

Ragnar Locker Ransomware Targets Energy Sector

Infosecurity: The largest natural gas supplier in Greece, DESFA, announced that it was the victim of a cyber-attack. This attack impacted some of its systems. Ragnar Locker, a hacking group that operates under the pseudonym Ragnar Locker, claimed responsibility for the ransomware attack. It stated it had published more data than 360 GB allegedly stolen from DESFA.

Two weeks after the attack, security experts from Cybereason released a Threat Analysis report detailing the attack’s details. The document states that Ragnar Locker ransomware has been used since December 2019 and is generally targeted at English-speaking users. The FBI has been monitoring Ragnar Locker ransomware since it was discovered that Ragnar Locker had infected more than 50 organizations within ten crucial infrastructure sectors.

Cybereason advises that Ragnar Locker should check the machine’s location immediately after infecting it. The malware is stopped executing if it finds matches with certain countries such as Russia, Ukraine, or Belarus. Cybereason claims Ragnar Locker can check for specific products, including security software such as antivirus, backup solutions, and I.T. remote management solutions. This allows Ragnar Locker to bypass their defenses and prevent detection.

The ransomware attack on DESFA is the second attack on a major pipeline company in recent years, following the Colonial Pipeline attack in May 2021.

In Case You Missed It

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Here’s your summary of curated cybersecurity news and trends from leading media and IT security bloggers.

The mid-year update to the 2022 SonicWall Cyber Threat Report continues to garner press hits while other SonicWall news (delivery of Wi-Fi 6 Wireless Access Points) rises to the top of the cycle. Industry News was shaken up with the discovery that Microsoft’s multi-factor authentication was hacked by a Russian group called Nobelium. The MFA hack is our Big Read for the week with sources from Microsoft, ZDNet, TechRadar, and Bleeping Computer. In other news, from Hacker News, SMS-based phishing attacks against employees at Twilio, Cloudflare and other companies were part of an extensive smartphone attack campaign. From TechMonitor, the LockBit ransomware group was targeted with a DDoS attack after they released hacked Entrust data. And according to Bleeping Computer, hackers use a zero-day bug to steal more crypto from Bitcoin ATMs.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

How to be Ransomware Ready in Four Steps

Security Boulevard, SonicWall Threat Report Mention: 2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report.

SonicWall’s New CEO on M&A, Channel Commitment and the Biggest Cyber Threats

CRN, SonicWall Mention: Bob VanKirk took command of the platform security vendor on Aug. 1, six years after the company’s spin-off from Dell Technologies.

New SonicWall CEO Bob VanKirk on XDR, SASE & Going Upmarket

Information Security Media Group, SonicWall Mention: New CEO Bob VanKirk wants to capitalize on SonicWall’s distributed network technology and strength in the education and state and local government sectors to expand beyond the company’s traditional strength with small and mid-sized businesses and into larger enterprises. VanKirk says the company’s new high-end firewalls and security management capabilities should be a natural fit for larger customers.

Basingstoke’s Racing Reverend ready for Silverstone Classic

Basingstoke Gazette, SonicWall Mention: Simons Le Mans Cup program is supported by a number of companies including Asset Advantage, SonicWall and The Escape.

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods.

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Industry News

Big Read: Attackers are Circumventing Microsoft’s Multi-Factor Authentication

Various Source: According to ZDNet, TechRadar, Bleeping Computer, Microsoft recently discovered that a Russian-based threat group called Nobelium could gain access to systems and bypass multifactor authentication. Microsoft is asking Windows administrators limit and restrict access to Active Directory servers.

The attackers can gain administrative rights to Active Directory Federated Services servers using a tool called MagicWeb. They replace a legitimate DLL file with one of theirs. This tool allows Active Directory authentication tokens to be modified, which allows hackers to log in as any user to bypass multifactor authentication. Hackers have long sought administrative access to servers and domain controllers like Active Directory. These must be isolated and accessible only to designated admin accounts. They also need to be regularly monitored for changes. It is important to keep servers updated with the most recent security updates and take steps to prevent attackers from lateral movement.

According to Bleeping Computer, the campaign started June 2022 when analysts noticed a spike in phishing attempts against specific business sectors (ex: credit unions) and users of Microsoft email services.

TechRadar adds that the source of the vulnerability is still Log4Shell, which was one of the largest and potentially most devastating vulnerabilities to ever be discovered. The flaw is still being leveraged by threat actors more than half a year after it was first observed and patched. Attackers used the flaw on SysAid applications, which is a relatively novel approach according to analysts, noting that while other hacks use Log4j 2 exploits with vulnerable VMware apps, using SysAid apps as a vector for initial access is new.

ZDNet reports that if there’s no additional verification around the MFA enrollment process, anyone who knows the username and password of an account can apply multi-factor authentication to it, so long as they are the first person to do so – and hackers are using this to gain access to accounts. In one instance, attackers attributed to APT29 gained access to a list of undisclosed mailboxes they obtained through unknown means and successfully managed to guess the password of an account that had been set up, but never used.

Twilio Suffers Cybersecurity Breach After Employees Fall Victim to SMS Phishing Attack

Hacker News: Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.

The SMS phishing attacks were also directed against employees at Cloudflare, and other companies were part of an extensive smartphone attack campaign. Reports say that almost 10,000 people have fallen into the scheme to steal their credentials. They were mainly in the United States. Three of the targeted companies were in Canada. Most organizations use Okta’s access and identity management software. They received texts containing links to fake websites that mimicked Okta’s authentication page. The hackers obtained their usernames, passwords, and login credentials when they logged into the system. It is still not clear how the hackers got a list with targets and mobile phone numbers. Two critical lessons from this incident: One is that administrators must continually remind users/employees about the dangers of logging in from links in emails and text messages, and two is that companies must recognize the risk of continual use of SMS-based multifactor authentication.

The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.

LockBit Ransomware Group Targeted with DDoS Attack After Entrust Data Leak

TechMonitor: Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year. The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to analysts, the gang has been receiving 400 requests a second from over 1,000 servers.

Hackers Steal Crypto from Bitcoin ATMs by Exploiting Zero-Day Bug

Bleeping Computer: Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies. The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS), which manages the ATM’s operation, what cryptocurrencies are supported, and executes the purchases and sales of cryptocurrency on exchanges.

In Case You Missed It

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran