Posts

Cybersecurity News & Trends – 08-11-2023

It’s the middle of August, and SonicWall is having another excellent month. Be sure to check out the Mid-Year 2023 Cyber Threat Report for the latest must-know data and trends in the cybersecurity space.

In industry news, Dark Reading covered the recent rise in ransomware’s victim count. Data Breach Today provided details on a dangerous data leak with the police in Northern Ireland. Bleeping Computer had the lowdown on Missouri’s Medicaid data breach. Hacker News reported on a massive exposure of U.K. voter data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

Zero-day Exploits Cause Rise in Ransomware Victims

Between the first quarter of 2022 and the first quarter of 2023, ransomware’s victim count rose by 143%. As noted in the Mid-Year 2023 Cyber Threat Report, ransomware attacks as a whole are down. So why might the number of victims be up? The answer: zero-day exploits. Ransomware attackers are increasingly choosing to exploit zero-day vulnerabilities when choosing their next targets. The researchers found that threat actors are moving away from classic attack methods like phishing and moving straight to finding zero-day exploits, either on the gray market or through in-house development. The Cl0p ransomware gang may be the most notorious example of this. This year alone they’ve used zero-day exploits to break into multiple large companies with exploits on Fortra’s GoAnywhere software and MOVEit’s file transfer tool. Researchers also found that ransomware groups are moving away from encrypting the victim’s data and moving more toward exfiltrating the data. Gone are the days when a hacked company could find a way to unencrypt its data leaving the attackers in the dust – with the switch to exfiltration, victims can now either pay up or risk having their data sold on the Dark Web. These are concerning trends to see especially when many expect ransomware attack numbers to rebound in the second half of 2023. Robust cybersecurity measures and good cyber hygiene practices are the best ways for organizations to protect themselves from attacks.

Serious Data Mishap Puts Police in Northern Ireland in Danger

The Police Service of Northern Ireland (PSNI) accidentally uploaded a spreadsheet containing the first initials, surnames and locations of all officers and staff on its website earlier this week. The PSNI blamed ‘human error’ for the mistake. The spreadsheet was live on the PSNI website for at least three hours on Tuesday afternoon. Fortunately, the spreadsheet did not include home addresses. PSNI had created the spreadsheet to comply with a freedom of information request, but it’s unclear how it ended up on the website for the public’s view although an investigation is underway. This situation has even higher stakes with the historical context of policing in Northern Ireland. Many of the officers and employees actually hide their employment – some even go so far as to hide it from their families. That means that although it didn’t include home addresses, even the names of employees can have serious consequences. In March, the British government sounded the alarm on terrorism in Northern Ireland following an assassination attempt on a police officer. The head of a cybersecurity firm in Dublin called this leak “the most serious breach” he has ever seen. The information exposed in this spreadsheet could be used not just by petty criminals, but by republican paramilitaries to commit acts of terror against officers. The breach could result in numerous members of the PSNI needing to relocate their homes and families.

Missouri Medicaid Data Exposed in IBM MOVEit Breach

Following the Cl0p ransomware gangs MOVEit file transfer tool attacks, Missouri’s Department of Social Services (DSS) has announced that sensitive healthcare information from Missouri’s Medicaid program was exposed. The attack didn’t actually take place on Missouri’s DSS – it was against IBM, which provides data services to the DSS. IBM stated that they’ve been working with the DSS to minimize the damage from this incident. According to the DSS, the exposed information potentially includes names, department client numbers, dates of birth, benefit eligibility and medical claims information. According to Bleeping Computer, only two Social Security Numbers were included in the breach. The Missouri DSS recommended that all involved individuals freeze their credit to prevent fraud.

Voter Data of Over 40 million Exposed in UK Electoral Commission Breach

Voters in the United Kingdom should be wary as the U.K.’s Electoral Commission has announced that they’ve suffered a “complex” cyberattack. The commission identified the incident in October 2022 but noted that the attackers had access to the system since August 2021. With over a year of free reign inside the Commission’s systems, the threat actors had access to the voter data of 40 million people. The only excluded parties are those who registered anonymously or electors registered outside of the U.K. According to Hacker News, the data included names, email addresses, home addresses, phone numbers, personal images and more. As of now, the identity of the attackers is unknown. It’s also unclear why the Commission waited 10 months to disclose this attack. The Commission’s email server was also exposed which puts anyone who was in contact with the Commission through email at risk. A security watchdog recommended that anyone who has been in contact with the Commission and anyone who registered to vote between 2014 and 2022 should keep a careful eye out for unauthorized use of their personal information.

SonicWall Blog

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

Cybersecurity News & Trends – 08-04-2023

August is here, and today we’re celebrating National Chocolate Chip Cookie Day – you should consider doing the same. SonicWall has had a great week in the news following last week’s release of our Mid-Year Update to the 2023 Cyber Threat Report, as well as this week’s announcement of Michelle Ragusa-McBain’s promotion to SonicWall Global Channel Chief, which was covered by both CRN and Channel Futures.

In industry news, TechCrunch covered a Russian state-backed Microsoft Teams attack. Nextgov broke down the Biden administration’s new National Cyber Workforce and Education Strategy. Dark Reading provided details on Tesla jailbreaks that could put more drivers in the hot seat – literally. Bleeping Computer had the lowdown on Chinese hackers breaching air-gapped computers in Eastern Europe.

Remember to keep your passwords close and your eyes peeled: cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

US Cyber Workforce to Expand Under New White House Strategy

The new National Cyber Workforce and Education Strategy was released by the Biden administration this week. The plan centers around making cybersecurity education more affordable and accessible and also making cybersecurity concepts more of a focus in early childhood education. The plan was released by the Office of the National Cyber Director, which is currently occupied by Camille Stewart Gloster while Harry Coker Jr awaits confirmation. Stewart Gloster explained that the plan is upheld by four pillars – teach every American foundational cyber skills, strengthen and grow America’s cyber workforce, transform cyber education and strengthen the federal cyber workforce. Obviously, not every American will end up working in cybersecurity, but having those foundational skills will still be a huge benefit to the country as a whole. Demand for skilled cybersecurity workers is higher than ever currently. Under the Biden administration’s plan, some of the barriers to breaking into the cyber workforce will be lowered or broken down to allow more diverse workers and workers coming from lower-income backgrounds to get a foot in the door. This plan will not create changes overnight, but it’s a positive step forward in a world increasingly jostled by cyberattacks.

Russian Threat Actors Hack Government Agencies Using Microsoft Teams

A social-engineering attack from Russian state-sponsored hackers has left dozens of organizations across the globe feeling vulnerable, including some government agencies in the United States. The Russian hacker group ‘Cozy Bear’ posed as technical support staff on Microsoft Teams in order to steal user credentials and infiltrate organizations. The threat actors used already compromised Microsoft 365 accounts to make the phony accounts and sent messages to Teams users trying to get them to approve multi-factor authentication prompts. Once they got in, they then exfiltrated sensitive data. Microsoft didn’t name any of the organizations or agencies that fell victim to these attacks, but they did state that the targets indicated “specific espionage activities” from the hackers.

Researchers Have Figured Out How to Jailbreak Teslas

Where there is a feature locked behind a paywall, there are people who want to find a way to get past it, and Teslas are no different. Researchers have found that it’s possible to jailbreak a Tesla to unlock paywalled features like heated seats, faster acceleration and even faster internet speeds. The jailbreak can even unlock self-driving features that are against the law in certain parts of the world. The researchers were doctoral students from Technical University Berlin, and they’ll present their research at Black Hat USA next week. One of the students claimed that the attack they’ve discovered can be pulled off by anyone with an electrical engineering background, a soldering iron and around $100. Using the attack, the students were able to take it a step further and reverse-engineer the boot flow to extract a “vehicle-unique, hardware-bound RSA key” that is used to authenticate the car to Tesla’s network. It’s that key that can allow users to implement region-locked features like maps and self-driving. The researchers did note that this attack could also be used for more nefarious purposes such as stealing private data and personal information. The full scope of the attack should be unveiled at Black Hat USA in the session titled, “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater.”

Air-gapped Devices in Eastern Europe Breached by New Malware

Industrial organizations in Eastern Europe have been under fire recently from a Chinese state-sponsored hacking group known as ‘Zirconium.’ Zirconium has been developing a new type of attack to steal data from air-gapped computers, which are typically responsible for critical functions and holding an organization’s most sensitive data. The attack works by using a complex system of implants and modules in stages to profile the systems, infect them, steal data and finally export data. The stolen files are actually archived using WinRAR and then uploaded to Dropbox. The entire attack took over a year, beginning in April 2022 and involving three separate stages. Bleeping Computer has a more in-depth analysis of exactly how the attack works from beginning to end.

SonicWall Blog

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

Cybersecurity News & Trends – 07-27-2023

This week, SonicWall is celebrating the release of the mid-year update to the 2023 Cyber Threat Report. Infosecurity Magazine, CRNDL News and ITPro have already pored through the report – be sure to give it a read for the latest threat intelligence and fresh insights into the current threat landscape.

In industry news, Dark Reading reported on new data showing that the cost of a data breach has increased and also detailed the Biden administration’s nomination for National Cyber Director. Bleeping Computer broke down a massive crypto heist pulled off by North Korea’s Lazarus group. TechCrunch provided details on a worm malware spreading through Call of Duty lobbies.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

Industry News

President Biden Nominates Former NSA Executive Director as National Cyber Director

After months of waiting, President Biden has announced his nomination to fill the position of National Cyber Director in former NSA executive director Harry Coker. The position has been vacant since Chris Inglis stepped down in February. With the recently released national cybersecurity strategy, the new director will have plenty to do once his nomination is confirmed. Coker is a veteran of the United States Navy and has also held positions in the Central Intelligence Agency previous to his time with the NSA. He was also a member of President Biden’s national security staff when Biden took office in 2021. This nomination comes barely two weeks after a group of cybersecurity organizations sent a strongly worded letter to the White House asking them to speedily nominate someone – a rare victory for all strongly-worded-letter enthusiasts. The nomination will now move through Congress for Coker to be confirmed.

North Korean Lazarus Hackers Connected to $60 million Crypto Theft

The notorious Lazarus gang from North Korea has been linked to a recent $60 million theft on the payment processing company Alphapo. The crypto payment platform is frequently used for things like gambling, e-commerce and other online purchases. Alphapo was attacked this past Sunday and the hacker gang drained people’s wallets of millions of dollars in cryptocurrency. A cryptochain investigator who goes by “ZackXBT” noticed that the attackers also stole $37 million of TRON and Bitcoin which brought the total to a whopping $60 million. The Lazarus group has not publicly claimed the attack, but researchers noted that Lazarus tends to leave a very distinct fingerprint during attacks. According to Bleeping Computer, Lazarus has previously been linked to similar attacks such as a $35 million theft on Atomic Wallet, a $100 million attack on Harmony Horizon and a $617 million heist on Axie Infinity. They noted that a common tactic of Lazarus is to bait crypto firm employees with fake job offers that actually lead to infected links. Lazarus gains access to the company networks and then begins planning its thefts. Law enforcement agencies and blockchain analysis firms have not yet confirmed the groups participation in this attack.

The Cost of a Data Breach Has Increased by 15%

According to a new report by IBM, the cost of a data breach has increased by 15% over the past three years skyrocketing to $4.45 million per breach for affected businesses. Despite this, 57% of businesses still seem inclined to simply pass the buck to consumers rather than invest in sturdier cybersecurity. Many consumers are facing the double whammy of businesses not caring enough to protect their data and then being charged more when these loosely secured organizations lose their information. IBM did find several ways organizations could better protect their data including investing more in security and being willing to involve law enforcement. The report stated that 37% of breached organizations refused to involve the authorities. It seems that these businesses want to attain consumer data without taking measures to ensure its security. Cybersecurity is incredibly accessible for businesses today with numerous free and paid tools to provide better protection. Breaches are still possible even with good security, but refusing to invest more in security after experiencing a costly incident like a data breach is simply bad business.

Malware Spreading Through Call of Duty Game Lobbies

Hackers have been wreaking havoc on players in an old Call of Duty game. Last month, a Steam user made a post alerting other players of Call of Duty: Modern Warfare 2 (2009) that threat actors were using “hacked lobbies” to spread malware. Another user analyzed the malware and noted that it appeared to be a worm. Activision, the developers of Call of Duty, posted a tweet vaguely acknowledging the malware letting players know that the servers will be going offline presumably for action to be taken. It’s unclear so far why the hackers are spreading malware through the game lobbies, but it’s clear that they’re exploiting one or more bugs in the game itself to accomplish this. The worm works by spreading from one infected player in a lobby to other players who don’t have adequate protection on their computers. Anybody who has been playing the game over the past few months should run an anti-virus software on their computer to see if they’ve been infected. Viruses spreading through games is not uncommon, but they typically spread through trojanized versions of the game installers. Malware spreading through actual game lobbies is not very common.

SonicWall Blog

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

Cybersecurity News & Trends – 07-21-2023

Today is National Junk Food Day, so be sure to give your body proper nourishment – “proper nourishment” can be left to interpretation. What can’t be left to interpretation is SonicWall’s great week in the news. Cyber Security Intelligence quoted SonicWall’s Vice President of EMEA Spencer Starkey on healthcare security. ITVoice published an article from our own Vice President of Regional Sales in APAC Debasish Mukherjee.

In industry news, Dark Reading had the lowdown on a hacker’s epic self-own and the strange double breach at Estée Lauder. TechCrunch provided details on the North Korean Lazarus group’s hack of JumpCloud. Bleeping Computer broke down CISA’s new list of free tools and resources.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Industry News

Hacker Accidentally Infects Own Computer, Sells Contents to Threat Researchers

A prolific Russian threat actor has completely played himself in a way we’re unlikely to see again for some time. The hacker known as “La_Citrix” has been operating on Russian language forums since 2020. Their signature move has been to hack organizations using Citrix remote desktop protocol (RDP) and then sell the information on Dark Web forums. That is, until they infected themselves with their own infostealer and then sold their own information (including location, full name and address) to threat researchers posing as hackers. Threat researchers realized something was funky with the data they had bought when they noticed a single user in the data appeared as an employee at almost 300 different companies. From there, they unraveled the bizarre circumstances that led to La_Citrix’s legendary self-own. La_Citrix had been using his own personal computer for all of his nefarious deeds and sold all of his own information to the researchers. They’ve now forwarded the information to relevant authorities, and one can only imagine it’s just a matter of time before the hacker is in custody.

JumpCloud Breached by North Korean Lazarus Group

JumpCloud is a software company that focuses on identity and device verification for large enterprises as well as other authentication services. A wide variety of industries use JumpCloud’s platform, but North Korean state-backed hackers breached JumpCloud in order to gain access to the platform’s cryptocurrency clients. Until this week, JumpCloud didn’t know who was behind the attack, but security researchers have now linked the attack back to the North Korean Lazarus hacking group. Lazarus is well-known for targeting crypto businesses. North Korea uses the stolen crypto assets to fund its nuclear weapons program and other military programs. JumpCloud found that fewer than five customers and 10 devices were compromised during the attack. North Korea has been ramping up cyber attacks over the past several years, so much so that the United States announced new sanctions against North Korea’s “hacker army” in May. The U.S. State Department is also offering a bounty of $10 million for anyone who has information that could help stop the North Korean hackers.

Cl0p and BlackCat Both Hacked Estée Lauder at the Same Time

Cosmetic giant Estée Lauder has come forward as one of the latest victims of the MOVEit exploit, but it appears the cosmetic giant suffered a double whammy. The company was attacked by not one, but two ransomware gangs at the same time – both using the MOVEit exploit. According to Dark Reading, Cl0p and BlackCat both took credit for hacking Estée Lauder on the same day, but they were not working together. BlackCat released a statement clarifying that these were separate incidents, saying, “ELC has been attacked by our colleagues at Cl0p regarding the MOVEit vulnerability attacks. We have reiterated to ELC that we are not associated with them.” Security researchers familiar with the incidents noted that it isn’t totally odd for an organization to experience two breaches at the same time, especially with it being related to the MOVEit vulnerability. For now, Estée Lauder joins a long (and growing) list of victims that have been breached as a result of the MOVEit exploit.

CISA Shares Free Resources for Protecting Cloud Data

The United States Cybersecurity and Infrastructure Security Agency (CISA) has been emphasizing cloud security recently. This week they released a list of completely free tools and strategies for keeping cloud assets secure after making the leap from on-prem to cloud. The factsheet will help cybersecurity professionals better protect their organizations by helping identify and mitigate known vulnerabilities and threats. The tools listed in the sheet work alongside the built-in tools provided by cloud service providers like AWS and Azure. The tools help in a variety of ways including evaluating organizational cybersecurity posture, comparing configurations to baseline recommendations, detecting signs of malicious activity, generating MITRE ATT&CK mapping reports and building memory forensic environments on AWS. CISA has been focusing more on protecting critical infrastructures from cyberattacks, and the release of this factsheet is a continuation of those efforts.

SonicWall Blog

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

Cybersecurity News & Trends – 07-14-2023

It’s mid-July and things are heating up at SonicWall. This week Silicon Republic spoke with SonicWall’s own Vice President of EMEA, Spencer Starkey, about hackers targeting the healthcare sector across the globe.

In industry news, Data Breach Today covers the largest data breach of the year. Dark Reading discusses cybersecurity organizations asking the White House to quickly name a new director. TechCrunch has the lowdown on China-based hackers accessing US government emails. Hacker News provides details on more Google Play apps stealing user data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Industry News

11 million Patients Affected by HCA Healthcare Email Hack

A large healthcare system was hit by a cyber-attack that resulted in the loss of 11 million patients’ data. HCA Healthcare, number 62 on Forbes’ list of largest corporations by revenue, confirmed the incident this week but noted that its investigation is ongoing. If the number 11 million is accurate, that makes this incident the largest reported incident of the year – by far. According to the statement the Tennessee-based healthcare chain provided to the U.S. Securities and Exchange Commission, it appears that HCA did not know it had been attacked until information on 11 million of its patients was found for sale on the dark web. The exposed list has 27 million rows of exposed information. HCA did note that they’re working as quickly as possible to determine exactly which patients have been compromised by this ordeal. While plenty of sensitive information was exposed in this attack, HCA says that credit card numbers, account numbers, driver’s license numbers, Social Security Numbers and passwords were not revealed. Information on patients’ conditions, diagnoses and treatment plans were also untouched. But fret not – HCA assured its investors that its finances would be fine. They didn’t say much to reassure the 11 million everyday people whose information is now for sale on the dark web. HCA’s revenue was $60 billion last year.

Cybersecurity Orgs Urge White House to Hasten Selection of New National Cyber Director

The Cybersecurity Coalition – a group of prominent cybersecurity organizations – has sent a letter to the White House urging President Biden to promptly select a new National Cyber Director. The letter requests that the President select a new director by the end of this month, citing the complex and shifting threat landscape as a reason for the urgency. The nominee will have to be sent to the Senate for approval regardless of how quickly President Biden and his team select a candidate. The former National Cyber Director, Chris Inglis, retired in February after working in federal agencies for nearly 30 years. The lengthy delay in replacing Inglis has the coalition concerned that Inglis’ work, including on the National Cyber Strategy, could be impeded if the nomination is further delayed. The letter also requested an executive order to clarify the roles and responsibilities of organizations like the ONCD, NSC, CISA, OMB, NIST and more. According to Dark Reading, the United States’ critical infrastructure is still woefully unprepared for ransomware attacks even two years after the Colonial Pipeline attacks. One wonders when cybersecurity will become more of a priority for our leaders.

Microsoft Cloud Bug Allows Chinese Hackers to Access US Emails

A hacking group dubbed “Storm-0558” accessed 25 United States Government email accounts after exploiting a bug in Microsoft’s cloud email service. TechCrunch confirmed that U.S. government agencies were affected after speaking with someone in the White House’s National Security Council. Microsoft described Storm-0558 as a China-based hacking group that has many resources. The tech giant went on to explain that the threat actors forged tokens to access Outlook Web Access (OWA) and gained access to the email accounts by exploiting a token validation issue. Microsoft believes that the hackers were focused on espionage. CISA released an advisory on the situation where they noted that the hackers accessed unclassified email data. CISA also determined that the threat group is a “government-backed” gang, but they did not yet name China as the likely backer.

Google Play Apps with 2.5 million Users Sending Data to China

Two file management Android apps have been secretly stealing user data and sending it to China. An app called File Recovery and Data Recovery with more than 1 million installs and another named File Manager with over 500 thousand installs have been exposed by security researchers as malicious. The apps are developed by the same group. Security researchers at Pradeo found that the apps’ claims that no data is collected are false. The apps steal contact lists, images, audio files, videos, locations and more and send that data back to China. The apps’ developers have also employed shady tactics to prevent users from being able to easily uninstall the apps such as hiding the icons on the home screen. This is yet another reason why it’s important for users to read use agreements before installing apps.

SonicWall Blog

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

Cybersecurity News & Trends – 07-07-2023

Today is National Comic Sans Day – we will not be participating, and we hope you won’t either. We hope you will read the 2023 Cyber Threat Report.

In industry news, Bleeping Computer has details on a ransomware attack that disrupted operations at the largest shipping port in Japan. Dark Reading has the lowdown on a Microsoft Teams vulnerability that could let outsiders send malware directly to internal users. TechCrunch breaks down new information about the MOVEit file transfer tool hacks. Hacker News reports on the takedown of OPERA1ER’s leader.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Industry News

Ransomware Gang Attacks Largest Port in Japan, Targets NUTS

Operations at the largest and most busy port in Japan have been disrupted following a ransomware attack. The Port of Nagoya, which accounts for approximately 10% of Japan’s total trade volume, handles 165 million tons of cargo every year. The automaker Toyota also uses the port to export almost all of its vehicles. The attack has disrupted multiple operations at the port, and the Port of Nagoya’s administrative authority released a notice about issues with the Nagoya Port Unified Terminal System (NUTS). The port authority is working tirelessly to fix the system and plans to resume normal functions this week. Until the system is fixed, all loading and unloading operations at terminals using trailers have been canceled. While no ransomware gang has publicly taken credit for the attack, it’s speculated that the attack was committed by the notorious LockBit ransomware gang.

TeamsPhisher Tool Lets Threat Actors Auto-Deliver Malware to Microsoft Teams Users

Threat actors and pen testers alike can obtain a new tool on GitHub that exploits a recently discovered Microsoft Teams vulnerability. The tool is called “TeamsPhisher” and can be abused in organizations where communication is allowed between internal and external Teams users. This means cyber criminals can simply send malware directly through a Teams message rather than jump through the hoops of social engineering or phishing scams. The tool was developed by Alex Reid, who is a member of the U.S. Navy’s Red Team. Reid used multiple techniques to develop the tool including one discovered by researchers at JUMPSEC Labs. Reid said that the tool works by first enumerating a target and then ensuring they can receive external messages. Once verified, the tool opens a new message thread with the user and sends a message that does not trigger the typical “Someone outside your organization messaged you” warning. The message can include malware or other dangerous files, and, since Teams doesn’t warn the users, it makes it more likely for unsuspecting users to open messages and download the files. The researchers at JUMPSEC have urged organizations using Teams to review whether they need to allow communications between internal and external users.

MOVEit Breach Continues to Claim More Victims

More organizations have been impacted by the MOVEit file transfer tool mass attacks with energy giant Shell and First Merchants Bank confirming that the attackers obtained sensitive data from them. According to a threat analyst at Emsisoft, the attacks have now affected more than 200 organizations and 17.5 million people. Shell did not say exactly what type of data the hackers had stolen from them, but the company did say some of it was personal information relating to employees. The attacks were orchestrated by the Russian hacking group known as Cl0p. The gang claimed that it had published Shell’s data on its website, but the links to the stolen data appear to be broken at this time according to TechCrunch. First Merchants Bank on the other hand said that Cl0p accessed customers’ addresses, Social Security Numbers, online banking usernames, payee information, and even account and routing numbers. The true extent of the MOVEit attacks won’t be known for quite some time. As of now, more and more victims are being revealed week by week.

OPERA1ER Leader Arrested by Interpol

Interpol has announced that an international operation codenamed ‘Nervone’ has resulted in the arrest of a high-ranking member of the hacking group called ‘OPERA1ER.’ The agency stated that the French-speaking gang has stolen anywhere from $11 million to $30 million in more than 30 attacks across multiple continents. The criminal organization has also gone by the names ‘Common Raven,’ ‘DESKTOP-GROUP’ and ‘NX$M$.’ According to Hacker News, the group’s attack chains typically involve spear-phishing lures that create a domino effect leading to tools like Cobalt Strike and Metasploit being deployed in order to steal sensitive data. Operation Nervone involved heavy cooperation between Interpol, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques. The CEO of Group-IB stated that they’ve been tracking OPERA1ER’s activities since 2019. This arrest will hopefully slow down the gang’s operations if not halt them entirely.

SonicWall Blog

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

Cybersecurity News & Trends – 06-30-2023

It’s the weekend before the Fourth of July, and SonicWall has been sparkling in the media this week. Trend Micro cited SonicWall’s data on healthcare, and Venture Beat cited the 2023 Cyber Threat Report on IoT data.

In industry news, researchers told Dark Reading that businesses embracing AI too quickly are putting themselves at risk. Hacker News provided details on the widespread credential theft attacks Microsoft has warned about. Bleeping Computer has the scoop on hundreds of Federal Government devices that aren’t complying with CISA’s new protocols. Ars Technica tells all on an unexpected way that the Reddit protests have affected Google searches.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Industry News

Enterprises Embracing Generative AI Are Putting Themselves at Risk

Large language model (LLM) technologies are still the talk of the town, but are organizations diving headfirst into the tech too quickly? Some researchers are skeptical. A report released this week showed that projects being developed with generative AI in the open-source space are overall insecure. This means organizations running these projects are greatly increasing their risks by adopting these technologies so quickly. The researchers say that this risk will only increase as more and more companies try to capture lightning-in-a-bottle by fully embracing AI. The research group studied 50 of the most popular LLM-based open-source projects on GitHub to reach their conclusions, determining that the security of most of these projects is lackluster at best.  The researchers found four key risk areas to highlight: trust boundary risk, data management risk, inherent model risk and basic security best practices. Their advice to organizations embracing software like ChatGPT and other LLMs is to increase their awareness of the unique challenges and security concerns that come with the LLM territory. They recommend an approach called “secure-by-design,” which involves using existing frameworks like the Secure AI Framework (SAIF), NeMo Guardrails or MITRE ATLAS to mitigate their organizations’ risks. Security risks from AI are only going to increase in the coming months and years. Anyone using AI as a part of their development pipeline should take precautions on top of precautions to mitigate these risks as much as possible.

Microsoft Alerts Users of Widespread Credential Theft by Russian Threat Actors

A Russian hacking group called “Midnight Blizzard” is behind a significant uptick in credential-stealing attacks according to Microsoft. Microsoft’s threat intelligence warned that the attacks are targeting governments, IT service providers, NGOs, critical manufacturing sectors and the defense sector. Midnight Blizzard was formerly known as “Nobelium,” which was the group responsible for the SolarWinds supply-chain compromise in December 2020. Many of these attacks are focused on Ukraine and showcase the determination of Russian threat actors to extract valuable data on various organizations either in Ukraine or across Europe. Many of the attacks focused on Ukraine typically involve wiper malware intended to destroy data. These attacks currently show no signs of slowing down.

Reddit Protests Affect Google Searches for Millions

Reddit’s users have been protesting this month concerning the changes Reddit is making to its API access. In response, many of the specific forums – or subreddits – decided to protest by shutting down. While many of these forums have since come back online, some of them have remained shut down since it doesn’t appear Reddit will be reversing course on its API changes. As it turns out, a lot of people were adding “Reddit” to the end of Google searches to get better search results. With so many parts of Reddit shutting down, Google users took notice, and so did Google. Google CEO Sunder Pichai stated that users who add “Reddit” to the end of their searches are looking for more comprehensive answers than the average searcher. Google is apparently working to make its users less dependent on jumping through hoops like adding “Reddit” to get the results they want, but the clock is ticking as the July 1st date for Reddit’s API changes to take effect quickly approaches.

Hundreds of Federal Agency Devices Aren’t Following New CISA Directive

Security researchers have found hundreds of Internet-exposed devices in U.S. federal agencies that aren’t being secured in accordance with the new CISA Binding Operational Directive. The researchers analyzed 13,000 individual hosts from more than 50 Federal Civilian Executive Branches (FCEBs) and found almost 250 that weren’t following the new protocols. They also found many servers that were using MOVEit, GoAnywhere MFT and SolarWinds Serv-U file transfer tools – softwares known to be heavily targeted by threat actors. According to CISA’s Binding Operational Directive 23-02, the non-complying devices have 14 days to be secured upon identification. CISA will offer assistance to agencies when requested and provide guidance on ensuring strong security for the devices.

SonicWall Blog

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

Cybersecurity News & Trends – 06-22-2023

June is rolling right along, and so is SonicWall’s presence in the news. This week, ComputerWeekly quoted our EMEA Vice President Spencer Starkey on how victims of the MOVEit attacks should plan their next moves. StateTech cited ransomware data from the 2023 Cyber Threat Report.

In industry news, Dark Reading has the scoop on a power meter vulnerability that could lead to blackouts. TechCrunch provided details on the Reddit hack and the demands of the gang behind it. Hacker News says over 100,000 stolen ChatGPT credentials have found their way onto the Dark Web. Bleeping Computer spread the word on RepoJacking issues at GitHub.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Industry News

Power Meter Vulnerability Could Cause Blackouts

A security vulnerability in a power meter could give threat actors the ability to cause blackouts in any areas using the meters. The Schneider Electric ION and PowerLogic meters transmit user ID’s and passwords in plaintext with every message. A threat actor could theoretically intercept transmissions including these credentials and use those credentials to change settings or even shut power off. The advisory from Schneider stated that the ION protocol is 30 years old but has been enhanced with support for authentication. The flaw was originally slated to be released in June of last year but was pushed back to now due to patching processes. The patch will create a secure protocol version that includes encryption for the credentials.

Researchers Warn that Millions of GitHub Repositories Vulnerable to RepoJacking

After analyzing a sample of 1.25 million GitHub repositories, security researchers found that 2.95% of those analyzed repositories are vulnerable to RepoJacking. When they extrapolated this data to encompass GitHub’s entire library of over 300 million repositories, they estimated that more than 9 million projects could be affected. On GitHub, it’s not uncommon for users to change their usernames or for organizations to rename their projects. When this happens, GitHub redirects code from the renamed projects to avoid breaking the code of the main project. RepoJacking occurs when a threat actor registers a project with the same name as a renamed project. When this occurs, the redirection is invalidated and the project will begin pulling dependencies from the threat actors repository instead of the renamed repository. GitHub has implemented some defenses against these types of attacks, but the researchers stated that these defenses are incomplete and easy to bypass. This issue isn’t just affecting small projects from people who are simply overlooking some things – the researchers even found a repository managed by Google that’s affected. RepoJacking is widespread and incredibly difficult to prevent. The researchers recommend owners minimize the resources they pull from external repositories whenever able.

BlackCat Ransomware Gang Demands Reddit Reverse Course on API Changes

The BlackCat ransomware gang allegedly stole 80 gigabytes of data from Reddit in February 2023 and is now threatening to release the data unless Reddit both pays a ransom and reverses its API price increase. A spokesperson of Reddit declined to comment on the matter but did confirm that the ransomware gang was involved in an attack on Reddit in February. BlackCat hasn’t shared any evidence supporting their claim, but it’s worth noting that they were involved in another attack in March targeting hardware manufacturer Western Digital. A member of BlackCat said that they are “very confident that Reddit will not pay any money for their data,” noting that the gang expects to leak the data onto the Dark Web. This isn’t Reddit’s first rodeo with a major breach. In 2018, hackers stole a complete copy of Reddit data from 2007 that included vital information like private messages, usernames, hashed passwords and more. Reddit has been under fire recently for their API price hikes that many believe are intended to kill off third-party apps that access Reddit’s data to provide users an alternate experience to the official Reddit app. It doesn’t appear that Reddit intends to reverse the price change or pay the ransom for their data at this time.

Over 100,000 Stolen ChatGPT Credentials Listed on Dark Markets

Between June 2022 and May 2023, over 100,000 stolen credentials for OpenAI’s ChatGPT have been posted for sale on various Dark Web markets. Security researchers who made the discovery said that a majority of the credentials were stolen using the Raccoon info stealer with the Vidar and RedLine info stealers trailing behind. Most of the stolen credentials came from India, Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia and Bangladesh. Since ChatGPT’s default settings save all conversations, these credentials could give threat actors a huge amount of sensitive information. Users should follow basic cyber hygiene and secure their accounts with multi-factor authentication (MFA) to prevent threat actors from taking over their accounts or stealing their information.

SonicWall Blog

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

The Dangers of Zero-Days in Popular Products – Ken Dang

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

Cybersecurity News & Trends – 06-16-2023

It’s the middle of June already – 2023 is flying by. Don’t let the summer fly by without checking out the 2023 Cyber Threat Report: We’ll be releasing the mid-year update at the end of July.

In industry news, Dark Reading has the lowdown on a first-of-its-kind ransomware attack. The LockBit ransomware gang is making headlines this week with Bleeping Computer covering a global report targeting the threat group and CyberScoop shedding light on a recent arrest in Arizona that’s connected to the gang. TechCrunch provided details on a report from the U.S. government about how it purchases and uses commercial data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

0mega Ransomware Gang Pulls Off First-of-its-kind Attack

A ransomware group named 0mega has completed an attack against a company’s SharePoint Online environment without using a compromised endpoint. This is bad news for companies who have been pouring money into endpoint protections in the hopes of thwarting ransomware attacks – this attack proves that these criminals can complete an attack without ever compromising an endpoint. The attack was pulled off by the gang using some weakly secured administrator credentials they acquired. After infiltrating, the threat group exfiltrated data from the company’s SharePoint environment and then used that data to extort them. The CPO at the security firm that discovered the attack said this attack shows that strong endpoint security isn’t enough. With many companies storing data in online Software-as-a-Service (SaaS) programs, this type of attack may become more common although this attack appears to be the first of its kind. 0mega completed the attack by using the stolen credentials to create an Active Directory user named ‘0mega’ and giving it all of the permissions needed to turn the unnamed company’s day upside down. Many cybersecurity researchers are noticing an uptick in SaaS attacks. Organizations can protect themselves by being proactive, creating strict MFA policies and ensuring they have robust risk management tools in place across their SaaS environments.

LockBit Ransomware Gang Extorted Over $90 million from 1,700 Attacks in the US

Cybersecurity authorities from the United States and around the world issued a joint advisory on the notorious LockBit ransomware gang stating that the gang had extorted $91 million in 1,700 attacks on organizations in the U.S. since 2020. The advisory also noted that LockBit was the most deployed ransomware variant in 2022 and continues to be widespread in 2023. According to Bleeping Computer, LockBit has released two major new versions of its Ransomware-as-a-Service (RaaS) tool since 2019 and is currently on LockBit 3.0. Since releasing LockBit 3.0, the gang has committed multiple high-profile attacks using the upgraded tools and extortion tactics in the newest version. The advisory released this week by CISA includes tips, tools and tactics to help organizations protect themselves from LockBit.

Russian Member of LockBit Ransomware Gang Arrested in Arizona

A 20-year-old man named Ruslan Magomedovich Astamirov was arrested in Arizona this week following his involvement in multiple attacks with the LockBit ransomware gang. The man allegedly participated in attacks against the United States, Asia, Europe and Africa. Astamirov’s case will be tried in New Jersey where the cases of two other men involved with LockBit are being handled. Prosecutors filed a complaint accusing Astamirov of owning and controlling IP addresses, email addresses and a cloud services account that were found to be connected to LockBit’s attacks. This is the latest development in what has become a global crackdown on the LockBit ransomware gang with CISA and global law enforcement agencies releasing a joint document this week specifically to combat LockBit. Let’s hope they can continue to have success with bringing these threat actors to justice.

The US Government Buys Your Data in Bulk

A recently declassified government report confirms something people have been wondering about for years now – yes, the United States government does purchase your personal data. The report notes that various U.S. intelligence and spy agencies purchase huge amounts of data on American citizens including web browser data, smartphone data and data from connected vehicles. In the report, the U.S. government itself states that this is a significant issue for citizens’ privacy and civil liberties. While it’s unknown exactly which agencies are buying this data and for what purpose, we do have at least one example. The Internal Revenue Service apparently purchases the location data of millions of Americans in order to catch people cheating on their taxes. The Department of Homeland Security purchases the same type of information to enforce immigration laws. While it isn’t necessarily shocking that the U.S. government is collecting this data, it’s worth noting that typically a search warrant is required for the government to obtain this type of data on an individual. Now it can just load up its proverbial shopping cart with your data and flip through it like the morning news.

SonicWall Blog

The Dangers of Zero-Days in Popular Products – Ken Dang

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Cybersecurity News & Trends – 06-09-2023

Break out the flip-flops and beach towels — summer is almost here. If threat actors are UV rays, the 2023 Cyber Threat Report is high-grade sunscreen. Don’t let yourself get burned.

In industry news, the Cl0p ransomware gang took credit for the MOVEit Transfer attacks in a note to Bleeping Computer. TechCrunch has the scoop on scammers uploading hacking advertisements to government and education websites. Dark Reading has the lowdown on ChatGPT’s hallucinations and a malware targeting Minecraft mod packs.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket.”

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

Cl0p Ransomware Gang Takes Responsibility for MOVEit File Transfer Attacks

Clop ransomware gang has stepped forward to take credit for the MOVEit Transfer data theft attacks. A representative of the gang contacted Bleeping Computer and took credit for the attacks. The threat actor confirmed that Clop had started exploiting the zero-day vulnerability on May 27 during the Memorial Day holiday in the United States. This isn’t an uncommon tactic for Clop – they previously started a zero-day attack on December 23 of 2020 using the Christmas holiday as a starting point. During holidays staffs are typically more minimal making it more difficult for companies to respond to cyber threats. The gang also confirmed that they haven’t yet started extorting their victims which means for now we still have no idea who most of the victims are or what exactly Clop stole from them. Interestingly, Clop claims that it deleted any data stolen from the military, government and children’s hospitals during these attacks.

Funky ChatGPT Issue Could Open Developers to Supply Chain Malware Attacks

ChatGPT suffers from occasional hallucinations. For artificial intelligence, these hallucinations occur when the bot provides an answer consisting of insufficient or false information. Threat actors have figured out how to leverage these hallucinations to get ChatGPT users to inadvertently download malicious packages recommended by the chatbot. The researchers who discovered this flaw proved this by creating a scenario using ChatGPT 3.5 where an attacker asked the chatbot a to solve a coding problem and ChatGPT responded with a number of packages that did not exist. The attacker then uploads a malicious package with the same name as the ChatGPT hallucinated file. Next time ChatGPT recommends the package, the malicious file is then recommended to users. To prevent being hit with one of these malicious packages, developers need to validate the libraries they download and make sure they aren’t malware in disguise.

Fractureiser Malware Making Minecraft Mods Malevolent

Minecraft players should be taking extra precautions when installing any new mods or plugins due to a worm virus called “Fractureiser” infecting some popular mod packs and plugins for the beloved game. The GitHub repository for Fractureiser categorized it as “incredibly dangerous” and noted that anyone who has their system infected by the malware should assume their machine is completely compromised. CurseForge, a popular site for Minecraft mods, stated that its team is working on a fix and noted that it has suspended the accounts linked to the malware. Any Minecraft players that want to make sure they haven’t been exposed can follow a list of detailed instructions on GitHub to look for signs of infection and get the next steps for a worst-case scenario.

Scammers Upload PDF Hacking Ads to Government Websites

Scammers have been uploading advertisements in PDF form to various government and education websites. The advertisements offer hacking services for things like Instagram and Snapchat. The PDFs link to multiple websites including some offering to help cheat in video games or create fake followers for various social media sites. The PDFs are all very similar which indicates the same threat actor could be behind all of them. These types of PDFs can appear when sites have misconfigured services, unpatched bugs and other security problems. According to a security researcher familiar with the issue, the same flaws exploited to upload these PDFs could have been used to do much more damage. A spokesperson for CISA noted that they are aware of the PDFs and coordinating with the affected entities to address the problems. According to TechCrunch, the PDFs are a part of some convoluted scheme to make money through click fraud. At the end of the day, an attack like this will have minimal damage – but if the flaws aren’t patched, they could cause much more damage.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff