It’s mid-July and things are heating up at SonicWall. This week Silicon Republic spoke with SonicWall’s own Vice President of EMEA, Spencer Starkey, about hackers targeting the healthcare sector across the globe.

In industry news, Data Breach Today covers the largest data breach of the year. Dark Reading discusses cybersecurity organizations asking the White House to quickly name a new director. TechCrunch has the lowdown on China-based hackers accessing US government emails. Hacker News provides details on more Google Play apps stealing user data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Industry News

11 million Patients Affected by HCA Healthcare Email Hack

A large healthcare system was hit by a cyber-attack that resulted in the loss of 11 million patients’ data. HCA Healthcare, number 62 on Forbes’ list of largest corporations by revenue, confirmed the incident this week but noted that its investigation is ongoing. If the number 11 million is accurate, that makes this incident the largest reported incident of the year – by far. According to the statement the Tennessee-based healthcare chain provided to the U.S. Securities and Exchange Commission, it appears that HCA did not know it had been attacked until information on 11 million of its patients was found for sale on the dark web. The exposed list has 27 million rows of exposed information. HCA did note that they’re working as quickly as possible to determine exactly which patients have been compromised by this ordeal. While plenty of sensitive information was exposed in this attack, HCA says that credit card numbers, account numbers, driver’s license numbers, Social Security Numbers and passwords were not revealed. Information on patients’ conditions, diagnoses and treatment plans were also untouched. But fret not – HCA assured its investors that its finances would be fine. They didn’t say much to reassure the 11 million everyday people whose information is now for sale on the dark web. HCA’s revenue was $60 billion last year.

Cybersecurity Orgs Urge White House to Hasten Selection of New National Cyber Director

The Cybersecurity Coalition – a group of prominent cybersecurity organizations – has sent a letter to the White House urging President Biden to promptly select a new National Cyber Director. The letter requests that the President select a new director by the end of this month, citing the complex and shifting threat landscape as a reason for the urgency. The nominee will have to be sent to the Senate for approval regardless of how quickly President Biden and his team select a candidate. The former National Cyber Director, Chris Inglis, retired in February after working in federal agencies for nearly 30 years. The lengthy delay in replacing Inglis has the coalition concerned that Inglis’ work, including on the National Cyber Strategy, could be impeded if the nomination is further delayed. The letter also requested an executive order to clarify the roles and responsibilities of organizations like the ONCD, NSC, CISA, OMB, NIST and more. According to Dark Reading, the United States’ critical infrastructure is still woefully unprepared for ransomware attacks even two years after the Colonial Pipeline attacks. One wonders when cybersecurity will become more of a priority for our leaders.

Microsoft Cloud Bug Allows Chinese Hackers to Access US Emails

A hacking group dubbed “Storm-0558” accessed 25 United States Government email accounts after exploiting a bug in Microsoft’s cloud email service. TechCrunch confirmed that U.S. government agencies were affected after speaking with someone in the White House’s National Security Council. Microsoft described Storm-0558 as a China-based hacking group that has many resources. The tech giant went on to explain that the threat actors forged tokens to access Outlook Web Access (OWA) and gained access to the email accounts by exploiting a token validation issue. Microsoft believes that the hackers were focused on espionage. CISA released an advisory on the situation where they noted that the hackers accessed unclassified email data. CISA also determined that the threat group is a “government-backed” gang, but they did not yet name China as the likely backer.

Google Play Apps with 2.5 million Users Sending Data to China

Two file management Android apps have been secretly stealing user data and sending it to China. An app called File Recovery and Data Recovery with more than 1 million installs and another named File Manager with over 500 thousand installs have been exposed by security researchers as malicious. The apps are developed by the same group. Security researchers at Pradeo found that the apps’ claims that no data is collected are false. The apps steal contact lists, images, audio files, videos, locations and more and send that data back to China. The apps’ developers have also employed shady tactics to prevent users from being able to easily uninstall the apps such as hiding the icons on the home screen. This is yet another reason why it’s important for users to read use agreements before installing apps.

SonicWall Blog

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

It’s the weekend before the Fourth of July, and SonicWall has been sparkling in the media this week. Trend Micro cited SonicWall’s data on healthcare, and Venture Beat cited the 2023 Cyber Threat Report on IoT data.

In industry news, researchers told Dark Reading that businesses embracing AI too quickly are putting themselves at risk. Hacker News provided details on the widespread credential theft attacks Microsoft has warned about. Bleeping Computer has the scoop on hundreds of Federal Government devices that aren’t complying with CISA’s new protocols. Ars Technica tells all on an unexpected way that the Reddit protests have affected Google searches.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Industry News

Enterprises Embracing Generative AI Are Putting Themselves at Risk

Large language model (LLM) technologies are still the talk of the town, but are organizations diving headfirst into the tech too quickly? Some researchers are skeptical. A report released this week showed that projects being developed with generative AI in the open-source space are overall insecure. This means organizations running these projects are greatly increasing their risks by adopting these technologies so quickly. The researchers say that this risk will only increase as more and more companies try to capture lightning-in-a-bottle by fully embracing AI. The research group studied 50 of the most popular LLM-based open-source projects on GitHub to reach their conclusions, determining that the security of most of these projects is lackluster at best.  The researchers found four key risk areas to highlight: trust boundary risk, data management risk, inherent model risk and basic security best practices. Their advice to organizations embracing software like ChatGPT and other LLMs is to increase their awareness of the unique challenges and security concerns that come with the LLM territory. They recommend an approach called “secure-by-design,” which involves using existing frameworks like the Secure AI Framework (SAIF), NeMo Guardrails or MITRE ATLAS to mitigate their organizations’ risks. Security risks from AI are only going to increase in the coming months and years. Anyone using AI as a part of their development pipeline should take precautions on top of precautions to mitigate these risks as much as possible.

Microsoft Alerts Users of Widespread Credential Theft by Russian Threat Actors

A Russian hacking group called “Midnight Blizzard” is behind a significant uptick in credential-stealing attacks according to Microsoft. Microsoft’s threat intelligence warned that the attacks are targeting governments, IT service providers, NGOs, critical manufacturing sectors and the defense sector. Midnight Blizzard was formerly known as “Nobelium,” which was the group responsible for the SolarWinds supply-chain compromise in December 2020. Many of these attacks are focused on Ukraine and showcase the determination of Russian threat actors to extract valuable data on various organizations either in Ukraine or across Europe. Many of the attacks focused on Ukraine typically involve wiper malware intended to destroy data. These attacks currently show no signs of slowing down.

Reddit Protests Affect Google Searches for Millions

Reddit’s users have been protesting this month concerning the changes Reddit is making to its API access. In response, many of the specific forums – or subreddits – decided to protest by shutting down. While many of these forums have since come back online, some of them have remained shut down since it doesn’t appear Reddit will be reversing course on its API changes. As it turns out, a lot of people were adding “Reddit” to the end of Google searches to get better search results. With so many parts of Reddit shutting down, Google users took notice, and so did Google. Google CEO Sunder Pichai stated that users who add “Reddit” to the end of their searches are looking for more comprehensive answers than the average searcher. Google is apparently working to make its users less dependent on jumping through hoops like adding “Reddit” to get the results they want, but the clock is ticking as the July 1^st date for Reddit’s API changes to take effect quickly approaches.

Hundreds of Federal Agency Devices Aren’t Following New CISA Directive

Security researchers have found hundreds of Internet-exposed devices in U.S. federal agencies that aren’t being secured in accordance with the new CISA Binding Operational Directive. The researchers analyzed 13,000 individual hosts from more than 50 Federal Civilian Executive Branches (FCEBs) and found almost 250 that weren’t following the new protocols. They also found many servers that were using MOVEit, GoAnywhere MFT and SolarWinds Serv-U file transfer tools – softwares known to be heavily targeted by threat actors. According to CISA’s Binding Operational Directive 23-02, the non-complying devices have 14 days to be secured upon identification. CISA will offer assistance to agencies when requested and provide guidance on ensuring strong security for the devices.

SonicWall Blog

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

It’s the middle of June already – 2023 is flying by. Don’t let the summer fly by without checking out the 2023 Cyber Threat Report: We’ll be releasing the mid-year update at the end of July.

In industry news, Dark Reading has the lowdown on a first-of-its-kind ransomware attack. The LockBit ransomware gang is making headlines this week with Bleeping Computer covering a global report targeting the threat group and CyberScoop shedding light on a recent arrest in Arizona that’s connected to the gang. TechCrunch provided details on a report from the U.S. government about how it purchases and uses commercial data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

0mega Ransomware Gang Pulls Off First-of-its-kind Attack

A ransomware group named 0mega has completed an attack against a company’s SharePoint Online environment without using a compromised endpoint. This is bad news for companies who have been pouring money into endpoint protections in the hopes of thwarting ransomware attacks – this attack proves that these criminals can complete an attack without ever compromising an endpoint. The attack was pulled off by the gang using some weakly secured administrator credentials they acquired. After infiltrating, the threat group exfiltrated data from the company’s SharePoint environment and then used that data to extort them. The CPO at the security firm that discovered the attack said this attack shows that strong endpoint security isn’t enough. With many companies storing data in online Software-as-a-Service (SaaS) programs, this type of attack may become more common although this attack appears to be the first of its kind. 0mega completed the attack by using the stolen credentials to create an Active Directory user named ‘0mega’ and giving it all of the permissions needed to turn the unnamed company’s day upside down. Many cybersecurity researchers are noticing an uptick in SaaS attacks. Organizations can protect themselves by being proactive, creating strict MFA policies and ensuring they have robust risk management tools in place across their SaaS environments.

LockBit Ransomware Gang Extorted Over $90 million from 1,700 Attacks in the US

Cybersecurity authorities from the United States and around the world issued a joint advisory on the notorious LockBit ransomware gang stating that the gang had extorted $91 million in 1,700 attacks on organizations in the U.S. since 2020. The advisory also noted that LockBit was the most deployed ransomware variant in 2022 and continues to be widespread in 2023. According to Bleeping Computer, LockBit has released two major new versions of its Ransomware-as-a-Service (RaaS) tool since 2019 and is currently on LockBit 3.0. Since releasing LockBit 3.0, the gang has committed multiple high-profile attacks using the upgraded tools and extortion tactics in the newest version. The advisory released this week by CISA includes tips, tools and tactics to help organizations protect themselves from LockBit.

Russian Member of LockBit Ransomware Gang Arrested in Arizona

A 20-year-old man named Ruslan Magomedovich Astamirov was arrested in Arizona this week following his involvement in multiple attacks with the LockBit ransomware gang. The man allegedly participated in attacks against the United States, Asia, Europe and Africa. Astamirov’s case will be tried in New Jersey where the cases of two other men involved with LockBit are being handled. Prosecutors filed a complaint accusing Astamirov of owning and controlling IP addresses, email addresses and a cloud services account that were found to be connected to LockBit’s attacks. This is the latest development in what has become a global crackdown on the LockBit ransomware gang with CISA and global law enforcement agencies releasing a joint document this week specifically to combat LockBit. Let’s hope they can continue to have success with bringing these threat actors to justice.

The US Government Buys Your Data in Bulk

A recently declassified government report confirms something people have been wondering about for years now – yes, the United States government does purchase your personal data. The report notes that various U.S. intelligence and spy agencies purchase huge amounts of data on American citizens including web browser data, smartphone data and data from connected vehicles. In the report, the U.S. government itself states that this is a significant issue for citizens’ privacy and civil liberties. While it’s unknown exactly which agencies are buying this data and for what purpose, we do have at least one example. The Internal Revenue Service apparently purchases the location data of millions of Americans in order to catch people cheating on their taxes. The Department of Homeland Security purchases the same type of information to enforce immigration laws. While it isn’t necessarily shocking that the U.S. government is collecting this data, it’s worth noting that typically a search warrant is required for the government to obtain this type of data on an individual. Now it can just load up its proverbial shopping cart with your data and flip through it like the morning news.

SonicWall Blog

The Dangers of Zero-Days in Popular Products – Ken Dang

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

It’s the beginning of June, and today is National Donut Day – donut forget to celebrate if you’re craving something sweet. SonicWall had a sweet week in the news with eSecurity Planet talking to our Chief Product Officer Peter Burke and Verdict speaking with Senior Manager of Product Security Immanuel Chavoya.

In industry news, Bleeping Computer had the lowdown on the disaster with the MOVEit Transfer zero-day exploit and Android’s malware troubles. TechCrunch covered the biggest healthcare breach of the year so far. Security Week provided details on Gigabyte’s backdoor problem.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

MOVEit Transfer Zero-day Exploit Results in Tons of Stolen Data

A vulnerability in the Progress MOVEit Transfer file transfer software is allowing hackers to mass-download data from organizations. At this time, it’s unclear which threat actors are using the exploit. According to Bleeping Computer, this is a zero-day exploit and many organizations have been breached and had their data stolen. A security advisory from Progress said, “If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.” Progress advises all MOVEit Transfer customers to block external traffic to ports 80 and 443 on the MOVEit Transfer server to avoid exploitation. Until a complete patch is released, Progress also advises that organizations stop all MOVEit Transfers and investigate their servers. While many organizations have been attacked already, the threat actors have not yet started to extort them. We likely won’t know who is behind the attacks until the extortion begins.

Gigabyte Motherboards Compromised by Wide Open Backdoor

The computer hardware manufacturer Gigabyte has a big problem – hundreds of motherboard models from the hardware giant have backdoors that are major risks. Researchers at Eclypsium were the first to discover the backdoor and how it functions. They determined that systems using a Gigabyte motherboard download files from an unsecured Gigabyte server on startup which leaves a door wide open for threat actors or other nefarious purposes. So far there is zero indication that this flaw has actually been exploited. The researchers couldn’t determine if the backdoor was placed by a malicious Gigabyte employee or if it was a result of compromised systems. Regardless of how it got there, it can easily be exploited by someone with the knowledge to do so. The security researchers noted that they’re currently working with Gigabyte to resolve this issue.

LockBit Ransomware Gang Responsible for Largest Health Data Breach of 2023

One of the largest dental health insurers in the United States has been hit with a huge data breach. Managed Care of North America (MCNA) in Atlanta lost the personal and health information of almost 9 million patients between February 26 and March 7 of this year. The hackers were none other than the notorious LockBit ransomware gang. The threat group infiltrated the healthcare provider to access and copy its data and demanded a $10 million payment to delete the stolen data. MCNA refused to pay the ransom, and the hacker gang then leaked all of MCNA’s data onto its Dark Web leak site. According to TechCrunch, the leaked data included names, addresses, dates of birth, phone numbers, email addresses, Social Security Numbers, driver’s licenses, health insurance data, plan information and Medicaid ID numbers. To say that LockBit was thorough is an understatement. Some of the leaked data belonged to the insured’s children, parents, grandparents and guarantors. This is by far the largest breach of health data in 2023. LockBit has claimed several high-profile attacks in recent months despite its leader being arrested in November 2022. The full impact of the MCNA breach remains to be seen, but it’s surely devastating for those whose information has been exposed.

Android Malware Hidden in Play Store Apps Downloaded Over 400 million Times

Security researchers have discovered a new Android malware posing as an advertisement SDK in multiple apps. Many of the apps are on Google Play and have been downloaded over 400 million times collectively. The researchers who discovered the spyware have tracked it as “SpinOk,” and note that it can extract private user data and export it to a remote server. The malware is hidden under the facade of a mini-game that lures users in by promising daily rewards and prizes. The researchers at Dr. Web stated that the app uses a trojan SDK to make sure it isn’t opened in a sandbox environment before it searches the user’s device and steals the user’s personal data including private images, videos and documents. It hasn’t yet been determined if the malware was knowingly included by the developers of the compromised apps, but most of the apps have now been removed from Google’s Play Store. A full list of the apps can be found here, and it’s recommended that any of these apps be uninstalled from your devices immediately.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

Today is National Pizza Party Day – we hope you’re prepared. SonicWall has been having a party in the media this week with SC Magazine naming a SonicWall firewall to its finalists for “Best SME Security Solution.” Gearrice cited data from the 2023 Cyber Threat Report, Enterprise Networking Planet named the TZ400 in a top 10 list and ITPro quoted SonicWall Senior Manager of Product Security Immanuel Chavoya on the Capita breach.

In industry news, Bleeping Computer discussed fears about Google’s new domains. CyberScoop had the details on Congress entrusting CISA with new responsibilities. TechCrunch had the lowdown on the indictment of a major Russian ransomware player. Dark Reading had information on a new threat group targeting Microsoft Azure virtual machines.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Cyber awareness training leaves companies exposed to attacks

Channel Life, SonicWall News: In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day. However, new personalized training that combines machine learning and behavioral science can teach people to see the patterns or architecture commonly part of a threat.

7 Channel People Making Waves this Week

Channel Futures, SonicWall News: “For me, SonicWall is a 30-year industry legend in cybersecurity, one of the hottest topics right now obviously for many MSPs and MSSPs, and customers and partners around the world,” she said. “And SonicWall is sort of this amazing kind of comeback story because they had their acquisition and now they’re private again. And this is not the SonicWall of yesteryear. They have new leadership. They’re reimagining how they go to market (GTM)…”

CRN Women of the Channel

CRN, SonicWall News: SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing Manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

The Most Pressing Security Needs of the SMB and Midmarket

GovInfoSecurity, SonicWall News: Bob VanKirk, president and CEO, SonicWall, highlighted the need for SMBs to have access to the right set of tools and resources to defend their companies and protect their brands. In order to ensure cybersecurity, VanKirk said, organizations must have all the threat data at their fingertips, whether it be a firewall, endpoint or remote access, and have analytics across all those areas.

SonicWall Names North American Channel Chief

ChannelPro, SonicWall News: SonicWall has named Michelle Ragusa-McBain its new channel chief for North America. The hiring is one of several measures, along with the forthcoming introduction of a revamped partner program, aimed at expanding the company’s MSP channel, according to Jason Carter, SonicWall’s CRO.

SonicWall Hires Cisco Vet Michelle Ragusa-McBain as North America Channel Chief

CRN, SonicWall News: SonicWall has hired Cisco Systems veteran Michelle Ragusa-McBain to oversee its large North America channel, as the cybersecurity vendor looks to “reimagine” its business with the help of partners, she said in an interview with CRN.

Cisco Vet Joins SonicWall Channel Team as North America Leader

ChannelFutures, SonicWall News: Ragusa-McBain’s goal is to enable partners to grow and profit with the “boundless shift to cybersecurity.” SonicWall announced her appointment at this week’s Channel Partners Conference & Expo, co-located with MSP Summit.

Industry News

Google’s New ZIP and MOV Domains Could be Dangerous

Google recently introduced a line of new top-level domains (TLD) that are available for purchase that include domains ending in “.zip” and “.mov”, which are also common file types. Cybersecurity and IT experts are warning that widespread use of domains ending in those letters could lead to easy ways for threat actors to spread malicious files. A threat actor could conceivably own a domain that shares a name with a commonly downloaded file online. A potential victim may mistakenly go to the website when intending to download the real file, which could lead to the victim installing malicious software or being otherwise taken advantage of. According to Bleeping Computer, this type of threat is already being utilized in the wild with a fake website ending in “.zip” attempting to steal Microsoft credentials. Only time will tell how these TLDs will affect the cybersecurity world.

CISA’s Responsibilities Expand Under Newly Passed Bills

Congress passed a series of new bills this week that will give the Cybersecurity and Infrastructure Security Agency (CISA) some new responsibilities. According to CyberScoop, the bills would have CISA maintaining a commercial public satellite clearinghouse system and creating a list of recommendations for the space industry as well as piloting a civilian cyber reserve program to be activated in a cyber emergency. Another committee advanced a bill that would have CISA work directly with the open-source software community to design a framework for better assessing the general risks for federal agencies. A separate bill would allow CISA to train non-cybersecurity employees at the Department of Homeland Security to move into cybersecurity roles. CISA’s expanded responsibilities should help address some of the pain points in cybersecurity across the US and in government in particular.

Major Russian Ransomware Culprit Indicted by US

Authorities in the United States have officially indicted a Russian national who they believe was a major player in the development and deployment of the Babuk, Hive and LockBit ransomware variants. The alleged cybercriminal, whose real name is Mikhail Matveev, was purportedly a member of the Babuk ransomware gang since 2020. In 2021, he claimed responsibility for an attack on Washington D.C.’s police department. Online, Matveev goes by “Wazawaka” and “Boriselcin.” TechCrunch stated that the gang also claimed an attack on law enforcement in New Jersey as well as against a healthcare organization in 2020. Matveev has been involved in countless attacks across the globe including one such instance where he demanded that the Costa Rican government be overthrown. There is currently a $10 million reward for information that leads to Matveev’s arrest. If he’s convicted, he could be locked away for up to 20 years.

Hacker Group Targeting Microsoft Azure Virtual Machines

A hacker group tracked by Mandiant Intelligence as UNC3844 has begun hacking Microsoft Azure virtual machines. The group had already made a splash by targeting Azure cloud environments specifically, but the move to virtual machines has helped them evade detections. The group typically uses compromised credentials or smishing to get access before utilizing SIM swapping to gain full access. Researchers at Mandiant stated that they had observed the threat actors using Azure extensions to plot and steal within the cloud environment. The group eventually installed legitimate remote tools to maintain a presence within the environment. This makes it especially difficult to detect because they’re using legitimate tools and applications. Organizations need to work to prevent targeted smishing campaigns to deter these types of attacks from happening. Mandiant recommended that businesses restrict access to remote admin channels and disable SMS as a multi-factor authentication option.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff