Posts

Cybersecurity News & Trends – 03-26-21

This week — with higher education institutions and electricity companies on high alert, and with the Microsoft Exchange server crisis raging on — it’s no wonder 82% say cyberterrorism is America’s top potential threat.


SonicWall in the News

IoT malware attacks saw a huge rise last year — Techradar

  • As the number of consumer-oriented IoT devices grows, data from SonicWall’s 2021 Cyber Threat Report suggests, IoT malware has been on the rise.

Phishing Email Warning Shows Cybercriminals Seizing on Tax Filing Delay, Vaccine Rollout Gallery — Channel Futures

  • Dmitriy Ayrapetov explains how bad actors are targeting vaccine distribution and takes a closer look at the threats caused by the remote workforce.

ICYMI: Our Channel News Roundup For the Week of March 15 — ChannelPro Network

  • SonicWall’s 2021 Cyber Threat Report was included in ChannelPro Network’s weekly news roundup.

India Saw Largest Spike In Malware Attacks In 2020: Report — ET CISO

A Pandemic Of Email Scams — Financial Times

  • SonicWall recently reported a 62% increase in ransomware attacks last year and a 74% increase in malware variants.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CIO Review India

  • This article spotlights SonicWall’s 2021 Cyber Threat Report.

Industry News

Lawmakers reintroduce legislation to secure internet-connected devices — The Hill

  • The Cyber Shield Act would create a voluntary cybersecurity certification program for IoT devices.

Ransomware operators are piling on already hacked Exchange servers — Ars Technica

  • The fallout from the Microsoft Exchange server crisis isn’t abating just yet.

Purple Fox Malware Targets Windows Machines With New Worm Capabilities — Threat Post

  • A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.

Thousands of Exchange servers breached prior to patching, CISA boss says — Cyberscoop

  • A U.S. government cybersecurity official has warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached.

Covid-19: Vaccines and vaccine passports being sold on darknet — BBC

  • Researchers say they have seen a “sharp increase” in vaccine-related darknet adverts, while the BBC has been unable to determine whether the vaccines being sold there are real.

UK colleges and unis urged to prepare for ransomware before it’s too late — The Register

  • There’s been an uptick in attacks since schools reopened, warns National Cyber Security Centre

Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns — Security Week

  • A newly published report form the U.S. Government Accountability Office describes the risks of cyberattacks on the electricity grid’s distribution systems, along with the scale of the potential impact of such attacks.

8 in 10 say cyberterrorism is top potential threat: Gallup — The Hill

  • According to the survey, 82% of respondents said cyberterrorism is a critical threat to the U.S.

TikTok Doesn’t Pose Overt U.S. National Security Threat, Researchers Say — The New York Times

  • A new study by university cybersecurity researchers found that the computer code underlying the TikTok app doesn’t pose an overt national security threat to the U.S.

Acer reportedly targeted with $50 million ransomware attack — ZDNet

  • The REvil ransomware gang has published various Acer documents, such as financial spreadsheets, bank balances and bank communications.

FBI warns of BEC attacks increasingly targeting US govt orgs — Bleeping Computer

  • The Federal Bureau of Investigation is warning U.S. private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.

Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities — ZDNet

  • Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.

SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests — ZDNet

  • Existing victim networks are used as a novel form of sandbox, as cybercriminals exploit them to test out payloads.

In Case You Missed It

Cybersecurity News & Trends – 03-19-21

This week, SonicWall released its biggest trove of threat intelligence yet: The 2021 SonicWall Cyber Threat Report.


SonicWall in the News

Microsoft Office Files Now Used By Hackers to Spread Malware: IoT Under Attack — Tech Times

  • Tech Times covered SonicWall’s 2021 Cyber Threat Report, highlighting the surge in malicious Office file attacks.

Election security report calls out Russian, Iranian influence ops. Remediation progress. Ukraine finds Russian cyberespionage — CyberWire

  • SonicWall’s 2021 Cyber Threat Report was included under the “Cyber Trends” section of the newsletter.

Threat Actors Thriving on the Fear and Uncertainty of Remote Workforces — Help Net Security

  • Help Net Security shared an article on SonicWall’s 2021 Threat Report, highlighting that cyber criminals preyed on the new remote work reality.

Ransomware Up 62 Percent Since 2019 — BetaNews

  • BetaNews shared an article on SonicWall’s 2021 Threat Report, highlighting the growth in ransomware.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CRN

  • This article features the findings from SonicWall’s 2021 Cyber Threat Report.

SonicWall: Pandemic exposes record-breaking cyber attacks — Mobile News

  • This article features the findings from SonicWall’s 2021 Cyber Threat Report.

Ransomware and IoT Malware Detections Surge By Over 60% — InfoSecurity Magazine

  • InfoSecurity Magazine covered SonicWall’s 2021 Cyber Threat Report, highlighting the double-digit surge in ransomware and IoT malware.

Cybercrime Saw an ‘Explosion’ in 2020 — ITProPortal

  • ITProPortal covered SonicWall’s 2021 Cyber Threat Report, highlighting that ransomware, cryptojacking and malicious Office files were the most popular vectors for cybercrime in 2020.

ChannelPro Weekly Podcast: Episode #178 — ChannelPro Weekly Podcast

  • This podcast features an interview with Dmitriy discussing the impact the pandemic had on cybersecurity and the cybersecurity trends of 2021.

Industry News

More than $4 billion in cybercrime losses reported to FBI in 2020 — FBI Internet Crime Report 2021

  • American victims reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% uptick from 2019.

Attackers are trying awfully hard to backdoor iOS developers’ Macs — Ars Technica

  • Researchers said they’ve found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.

Ransom Payments Have Nearly Tripled — Dark Reading

  • In 2020, ransomware targeted the manufacturing sector, healthcare organizations and construction companies, with the average ransom reaching $312,000, a report finds.

U.S. taxpayers targeted with RAT malware in ongoing phishing attacks — Bleeping Computer

  • U.S. taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information.

$4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware — Threat Post

  • The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.

Mimecast Says SolarWinds Hackers Stole Source Code — SecurityWeek

  • Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack and revealed that the threat actor managed to steal some source code.

Buffalo Public Schools cancels classes after cyberattack — Cyberscoop

  • Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday.

FBI warns of escalating Pysa ransomware attacks on education orgs — Bleeping Computer

  • The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.

Bitcoin surges past $60,000 for first time — BBC

  • Bitcoin, which has more than tripled in value since the end of last year, has been powered on by well-known companies adopting it as a method of payment.

Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers — Reuters

  • Microsoft stands to receive nearly a quarter of COVID-19 relief funds destined for U.S. cybersecurity defenders, angering some lawmakers who don’t want to increase funding for a company whose software was recently at the heart of two big hacks.

Molson Coors says cyberattack disrupted beer brewing — Cyberscoop

  • Molson Coors, one of the biggest beer companies in the U.S., didn’t provide many specifics about the cyberattack.

With Spectre Still Lurking, Google Looks to Protect the Web — Wired

  • Researchers from Google have developed a proof-of-concept that reveals the hazard Spectre assaults pose to the browser.

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits — Bleeping Computer

  • A new ransomware called ‘DEARCRY’ is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities.

In Case You Missed It

Cybersecurity News & Trends – 03-12-21

This week saw breaches on more than two dozen U.K. schools and universities, thousands of security cameras, Microsoft Exchange servers, and even hacking forums themselves.


SonicWall in the News

Ryuk Ransomware Is Now More Dangerous Than Ever. Here’s Why — Toolbox

  • Ryuk, which has set organizations back by $150 million over the past three years, has acquired new capabilities that allow it to propagate across connected networks and systems, including those that are inactive or powered off.

Microsoft Cloud App Security Aims To Expand Your Defenses — TechTarget

  • Data center security tools have little control over the plethora of SaaS apps used in the enterprise. A Microsoft offering attempts to bridge that gap to ward off threats.

Industry News

UPDATE: Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals — Bloomberg

  • A group of hackers say they breached a massive trove of security camera data collected by Silicon Valley startup Verkada, Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Researchers Show First Side-Channel Attack Against Apple M1 Chips — Security Week

  • Researchers have demonstrated that attackers could launch browser-based side-channel attacks that do not require JavaScript, and they’ve tested the method on a wide range of platforms, including devices that use Apple’s new M1 chip.

It’s Open Season for Microsoft Exchange Server Hacks — Wired

  • A patch for the Exchange vulnerabilities China exploited has been released. Now criminal groups are going to reverse engineer it — if they haven’t already.

Dark Web Markets for Stolen Data See Banner Sales — Threat Post

  • Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs.

EU Sets 2030 Goals to Secure Tech Sovereignty From U.S., Asia — Bloomberg

  • The European Union outlined its digital goals for the next decade, including plans to develop and manufacture the world’s most advanced semiconductors by 2030 in an effort to reduce reliance on foreign companies.

A Basic Timeline of the Exchange Mass-Hack — Krebs on Security

  • Brian Krebs breaks down the Microsoft Exchange attack timeline.

GandCrab ransomware affiliate arrested for phishing attacks — Bleeping Computer

  • A suspected GandCrab ransomware operator was arrested in South Korea for using phishing emails to infect victims.

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ — The Register

  • In a message to students and staff, the institution, which spans 13 locations across the northernmost part of the UK, warned that “most services” – including its Brightspace virtual learning environment – were affected.

A new type of supply-chain attack with serious consequences is flourishing — Ars Technica

  • New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft and Zillow.

Watchdog Warns of Weak Cybersecurity in DOD Weapons Contracts — Bloomberg

  • A government watchdog warned that the U.S. military has failed to adequately include cybersecurity provisions in contracts for acquiring weapons systems. … “Some contracts we reviewed had no cybersecurity requirements when they were awarded, with vague requirements added later.”

Cyberattack shuts down online learning at 15 UK schools — ZDNet

  • The cyberattack also took email, phone and website communication offline.

Three Top Russian Cybercrime Forums Hacked — Krebs on Security

  • Over the past few weeks, three of the longest running and most venerated Russian-language forums, which serve thousands of experienced cybercriminals, have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

Ongoing phishing attacks target US brokers with fake FINRA audits — Bleeping Computer

  • The U.S. Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning U.S. brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.

Business Apps Spoofed in 45% of Impersonation Attacks — Dark Reading

  • Business-related applications like those from Microsoft, Zoom and DocuSign are most often impersonated in brand phishing attacks.

Three New Malware Strains Linked to SolarWinds Hackers — Security Week

  • The malware, named GoldMax, GoldFinder and Sibot, has been used to maintain persistence and for other “very specific” actions.

In Case You Missed It

Cybersecurity News & Trends – 03-05-21

This week, Gab got breached, Ryuk got stronger, and AOL users got phished.


SonicWall in the News

2021 Cyber Security Global Excellence Awards Winners — Globee Business Awards

  • SonicWall swept the Globee Business Awards, bringing home the Grand Trophy, along with nine other gold, silver and bronze honors.

Ransomware Has Changed In A Very Dramatic Way In The Past Two Years: SonicWall CEO — ET Tech

  • Bill Conner discusses the rise of nation states as primary threat actors and how that changes the conversation around country of origin marketing of cybersecurity products.

SonicWall CEO Bill Conner on His Journey in the Digital and Cybersecurity Space — YourStory

  • Bill Conner details his three-decade journey in the tech and enterprise sector and his role in helping governments, municipalities and others with the security of the COVID-19 vaccine distribution process.

Industry News

Gab’s CTO Introduced a Critical Vulnerability to the Site — Wired

  • A review of the open-source code shows an account under the executive’s name made a mistake that could lead to the kind of breach reported this weekend.

Why Global Power Grids Are Still So Vulnerable to Cyber Attacks — Bloomberg

  • More than five years after massive cyberattacks left a quarter of a million Ukrainians without electricity, the world’s power grids have become even more vulnerable to hackers.

Wray hints at federal response to SolarWinds hack — The Hill

FBI Director Christopher Wray hinted at the planned federal response to what has become known as the SolarWinds attack, stressing that confronting foreign attacks in cyberspace would be a “long, hard slog.”

China’s new cyber tactic: targeting critical infrastructure — SC Magazine

  • A newly discovered threat group breached India’s power infrastructure, marking the first time a Chinese government-linked cyber actor has emerged as a significant threat against another nation’s critical infrastructure.

Bitcoin at ‘tipping point,’ Citi says as price surges — Reuters

  • Bitcoin rose nearly 7%, with Citi saying the most popular cryptocurrency was at a “tipping point” and could become the preferred currency for international trade.

Government watchdog finds federal cybersecurity has ‘regressed’ in recent years — The Hill

  • Federal cybersecurity has “regressed” since 2019 due to factors including the lack of centralized cyber leadership at the White House, the Government Accountability Office (GAO) said in a report released Tuesday.

Far-Right Platform Gab Has Been Hacked—Including Private Data — Wired

  • The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts and more available to researchers, journalists and social scientists.

Google: Bad bots are on the attack, and your defence plan is probably wrong — ZDNet

  • Bot attacks are on the rise as businesses move online due to the pandemic.

Beware: AOL phishing email states your account will be closed — Bleeping Computer

  • An AOL mail phishing campaign is underway to steal users’ login name and password by warning recipients that their account is about to be closed.

Ryuk ransomware now self-spreads to other Windows LAN devices — Bleeping Computer

  • A new Ryuk ransomware variant with worm-like capabilities allowing it to spread to other devices on victims’ local networks has been discovered.

SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data — The New York Times

  • Microsoft argues the cloud offers more protection; rivals point to firms’ need to hold and access their information on-premises.

Bitcoin set for worst week since March as riskier assets sold off — Reuters

  • Bitcoin was headed on Friday for its worst week since March as a rout in global bond markets sent yields flying and sparked a sell-off in riskier assets.

In Case You Missed It

Cybersecurity News & Trends – 02-26-21

This week, SonicWall was recognized as one of the coolest network security companies of 2021. Less cool: a huge spate of cyberattacks targeting the NSA, hospitals, universities, airlines, IT companies and even Apple’s new M1 silicon.


SonicWall in the News

The 20 Coolest Network Security Companies of 2021: The Security 100 — CRN

  • SonicWall was included on CRN’s list of the 20 Coolest Network Security Companies.

The Top 6 Enterprise VPNs To Use in 2021 — TechRepublic

  • SonicWall’s Global VPN Client is cited as one of the top VPNs for enterprises.

Experts Blast SMBs’ “Head In The Sand” Approach To Cyber Security — IT PRO

  • From failing to patch exposed VPNs to meeting ransom demands, businesses are playing a role in fueling the threat landscape.

Industry News

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn — Wired

  • A Sandworm-adjacent group has successfully breached U.S. critical infrastructure a handful of times, according to new findings from the security firm Dragos.

COVID pandemic causes spike in cyberattacks against hospitals, medical companies — ZDNet

  • IBM says attack rates have doubled against medical entities since the pandemic began.

After Russian Cyberattack, Looking for Answers and Debating Retaliation — The New York Times

  • Key senators and corporate executives warned that the “scope and scale” of the SolarWinds attack were unclear, and that the attack might still be ongoing.

LazyScripter hackers target airlines with remote access trojans — Bleeping Computer

  • Security researchers believe they uncovered activity belonging to a previously unidentified actor fitting the description of an advanced persistent threat (APT).

10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express — Dark Reading

  • The two campaigns aimed to steal victims’ business email account credentials by posing as the shipping companies.

NASA and the FAA were also breached by the SolarWinds hackers — Bleeping Computer

  • NASA and the U.S. Federal Aviation Administration (FAA) have reportedly also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack.

Ransomware: Sharp rise in attacks against universities as learning goes online — ZDNet

  • Higher education is struggling with ransomware attacks, with gangs seeing an easy target in institutions busy making the switch to remote operations.

Finnish IT Giant Hit with Ransomware Cyberattack — Threat Post

  • A major Finnish IT provider has been hit with ransomware, forcing the company to turn off some services and infrastructure while it takes recovery measures.

Chinese spyware code was copied from America’s NSA: researchers — The Wall Street Journal

  • Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations — another example of how malicious software developed by governments can boomerang against their creators.

Malware monsters target Apple’s M1 silicon with ‘Silver Sparrow’ — The Register

  • U.S. security consultancy Red Canary says it’s found macOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.

Global Accellion data breaches linked to Clop ransomware gang — Bleeping Computer

  • Financially motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance.

In Case You Missed It

Cybersecurity News & Trends – 02-19-21

This week was a good one for the rule of law, as a number of cybercriminals involved in ransomware, phishing and cryptocurrency theft were brought to justice.


SonicWall in the News

2021 Channel Chiefs: Robert (Bob) VanKirk — CRN

  • Robert (Bob) VanKirk has been named one of CRN’s Channel Chiefs for 2021.

2021 Channel Chiefs: HoJin Kim — CRN

  • HoJin Kim has been named one of CRN’s Channel Chiefs for 2021.

2021 Channel Chiefs: David Bankemper — CRN

  • David Bankemper has been named one of CRN’s Channel Chiefs for 2021.

Industry News

North Korea Turning to Cryptocurrency Schemes in Global Heists, U.S. Says — The Wall Street Journal

  • The U.S. Justice Department has charged North Koreans hackers in wide-ranging scheme that includes attempts to steal $1.3 billion for Pyongyang.

Nigerian man sentenced 10 years for $11 million phishing scam — Cyberscoop

  • The sentence comes as the cost of email scams continues to rise, plaguing U.S. businesses.

Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos — The Register

  • A credential-stealing trojan is capable of lifting your login details from the Chrome browser, Microsoft’s Outlook and instant messengers.

NIST hints at upgrades to its system for scoring a phish’s deceptiveness — SC Magazine

  • Officials from the National Institute of Standards and Technology (NIST) this week teased future improvements to its “Phish Scale,” which helps companies determine whether phishing emails are hard or easy for their employees to detect.

Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back — Dark Reading

  • Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.

SolarWinds attack hit 100 companies and took months of planning, says White House — ZDNet

  • The White House warns the SolarWinds attack was more than espionage, because the private sector targets could lead to follow-up attacks.

Senate Intel leader demands answers on Florida water treatment center breach — The Hill

  • Sen. Mark Warner (D-Va.) has demanded answers regarding the investigation into the recent attempt to breach and poison the water supply in a Florida city.

Rising healthcare breaches driven by hacking and unsecured servers — Bleeping Computer

  • 2020 was a bad year for healthcare organizations in the U.S., which had to deal with record-high cybersecurity incidents on the backdrop of the COVID-19 pandemic.

Bitcoin hits new record of $50,000 — BBC

  • The cryptocurrency, which was created by an unknown inventor, has risen about 72% this year.

270 addresses are responsible for 55% of all cryptocurrency money laundering — ZDNet

  • Most cryptocurrency money laundering is concentrated in a few online services, opening the door for law-enforcement actions.

Microsoft asks government to stay out of its cyber attack response in Australia — ZDNet

  • Government intervention would result in a “Fog of War,” further complicating any attempt to mitigate cyberattack response, the company said.

France’s cyber-agency says Centreon IT management software sabotaged by Russian Sandworm — The Register

  • Web hosts were infiltrated for up to three years in an attack that somewhat resembles the SolarWinds breach.

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020 — Dark Reading

  • Consumer banks, exchanges, payment firms and card-issuing companies around the globe were among those hit.

Microsoft: SolarWinds attack took more than 1,000 engineers to create — ZDNet

  • Microsoft reckons that the huge attack on security vendors and more took the combined power of at least 1,000 engineers to create.

In Case You Missed It

Cybersecurity News & Trends – 01-15-21

This week, the U.S. cyber czar gets new powers, a video game giant gets breached, and Robinhood gets sued.


SonicWall in the News

Defending Against SolarWinds Attacks: What Can Be Done? — TechTarget: SearchSecurity

  • Dmitriy’s zero-trust commentary was included in this article on how zero-trust and behavioral monitoring can be useful against nation-state attacks like the SolarWinds attack.

Cybersecurity Sales: Do You Have What It Takes to Succeed — Help Net Security

  • An interview with Terry Geer-King on his career growth was shared on Help Net Security.

Industry News

CISA Warns Organizations About Attacks on Cloud Services — Security Week

  • In light of successful cyberattacks targeting organizations’ cloud services, the U.S. Cybersecurity and Infrastructure Security Agency has published a series of recommendations on how businesses can improve their cloud security.

Scam-as-a-Service operation made more than $6.5 million in 2020 — ZDNet

  • The “Classiscam” operation is made up of around 40 groups operating in the U.S. and across several European countries.

Iranian cyberspies behind major Christmas SMS spear-phishing campaign — ZDNet

  • Iranian hackers managed to successfully hide URLs to phishing sites behind legitimate google.com links.

Hackers’ Attack on Email Security Company Raises New Red Flags — The New York Times

  • A breach at email security provider Mimecast underscores that Russia-linked hackers appear to have targeted victims along multiple avenues of attack.

Data Breach at ‘Resident Evil’ Gaming Company Widens — Threat Post

  • Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

Hacker sells Aurora Cannabis files stolen in Christmas cyberattack — Bleeping Computer

  • A hacker is selling data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas.

State Department sets up new bureau for cybersecurity and emerging technologies — The Hill

  • The new Bureau of Cyberspace Security and Emerging Technologies (CSET) will help lead diplomatic efforts in cyberspace, including working to prevent cyber conflicts with potentially adversarial nations.

Ryuk gang estimated to have made more than $150 million from ransomware attacks — ZDNet

  • Most of the Ryuk gang’s “earnings” are being cashed out through accounts at crypto-exchanges Binance and Huobi.

Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security

  • The ongoing SolarWinds breach may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo.

Cyber czar to draw on new powers from defense bill — The Hill

  • New authorities from the recently enacted defense bill are expected to help the U.S. government in its response to the SolarWinds hack believed to be perpetrated by Russia.

Robinhood Hacking Victim Sues Trading Platform Over Security — Bloomberg

  • Siddharth Mehta said in a complaint provided by his lawyer that his account was looted of “tens of thousands of dollars” in July.

In Case You Missed It

Cybersecurity News & Trends – 01-08-21

This week, the massive SolarWinds breach made headlines around the world, but that doesn’t mean other hackers took a holiday.


SonicWall in the News

Zero Trust Against Nation-State Attacks: Expert Explains Why it is Vital — Information Security Buzz

  • The fallout of the SolarWinds breach continues to reverberate across the industry, and the conversation is shifting to how to mitigate and defend against the next attack on this scale. Dmitriy Ayrapetov weighs in.

Reasons To Believe — Or Not Believe — in IoT — IoT Agenda

  • Data from SonicWall’s Threat Report on the increase in IoT attacks was included in an article on the benefits and challenges of IoT.

AI and ML: Is it a boon or bane for cyber security?” — VAR India

  • SonicWall VP of Regional Sales Debasish Mukherjee, talks about BYOD and the number of malicious attacks and cyber frauds across the globe due to the pandemic.

Industry News

North Korean hackers launch RokRat Trojan in campaigns against the South — ZDNet

  • A VBA self-decoding technique is being used to hide the malware on impacted systems.

Widely Used Software Company May Be Entry Point for Huge U.S. Hacking — The New York Times

  • Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.

Babuk Locker is the first new enterprise ransomware of 2021 — Bleeping Computer

  • It’s a new year, and with it comes a new ransomware. This one is called Babuk Locker, and it targets corporate victims in human-operated attacks.


Cyberattacks on Healthcare Spike 45% Since November — Threat Post

  • The relentless rise in COVID-19 cases is battering already-frayed healthcare systems — and ransomware criminals are taking the opportunity to strike.

Top admiral: SolarWinds computer hack didn’t harm U.S.-based nukes — The Washington Times

  • America’s nuclear arsenal wasn’t compromised by a recent cyberattack targeting computer networks used by government agencies and private companies, the Navy admiral at the helm of the U.S. Strategic Command said.

Severe SolarWinds Hacking: 250 Organizations Affected? — Bank Info Security

  • Investigators are finding that the campaign appears to have compromised more than the 50 organizations originally suspected—and a Russian-linked hacking group may be responsible.

This malware uses a crafty new technique to establish the location of victims — Tech Radar 

  • A newly discovered form of malware grabs and queries the MAC address of the wireless router, enabling it to geo-locate its victim’s machine more accurately.

Cross-platform ElectroRAT malware drains cryptocurrency wallets — Bleeping Computer

  • Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.

Major Gaming Companies Hit with Ransomware Linked to APT27 — Threat Post 

  • A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat (APT) is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says.

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud — Cybersecurity Trends

  • Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email — ZDNet

  • With millions of us waiting for our place in the vaccine queue, criminals are already trying to cash in.

In Case You Missed It

Cybersecurity News & Trends – 12-18-20

This week, the massive SolarWinds breach made headlines around the world, but that doesn’t mean other hackers took a holiday.


SonicWall in the News

The 25 Hottest Edge Security Companies: 2020 Edge Computing 100 — CRN

  • SonicWall was recognized in CRN’s 2020 Edge Computing 100 list for its new SD-Branch and Cloud Edge Secure Access solutions.

Cyberattack ‘Leaves UK Infrastructure Exposed for Month’ — Newsweek

  • SonicWall President and CEO Bill Conner, who in recent years has advised the U.K. and U.S. governments on how best they can protect critical national assets from cybercrime, said the hackers appeared to be motivated by geopolitical control.

Cases of Cyber Ransomware Rising During COVID Pandemic — MSN

SonicWall Capture Labs Threat Research Team Warns of Egregor Ransomware Attacks — SME Channels

  • SonicWall Capture Labs Threat Research team warns that Egregor Ransomware attacks — which steal system information and banking and online account credentials, as well as deploy keyloggers and remote backdoors — will likely intensify.

SolarWinds Supply Chain Attack Led to FireEye, US Government Breaches — SDxCentral

  • Bill’s commentary on the U.S. Treasury hack was featured in an SDxCentral article about recent data breaches.

SonicWall Seeks The Bliss of The Predictable — ChannelPro Network

  • ChannelPro Network shared a feature on SonicWall’s SecureFirst Partner Program for its ChannelBeat column.

Industry News

SolarWinds Breach Potentially Gave Hackers ‘God Access’: Ex-White House Official — Newsweek

  • The SolarWinds breach potentially gave hackers “God access” or a “God door” to computer systems using the companies OrionIT software, a former White House official has warned.

FireEye, Microsoft create kill switch for SolarWinds backdoor — Bleeping Computer

  • Microsoft, FireEye and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.

Little-Known SolarWinds Gets Scrutiny Over Hack, Stock Sales — Security Week

  • The revelation that elite cyber spies spent months exploiting SolarWinds’ software to peer into computer networks has put many of its high-profile customers on high alert — and it’s raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.

Russia’s Hacking Frenzy Is a Reckoning — Wired

  • Despite years of warning, the U.S. still has no good answer for the sort of “supply chain” attack that has left Washington stunned.

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security

  • A key malicious domain name used to control computer systems compromised via the months-long breach at SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself.

Schiff calls for ‘urgent’ work to defend nation in the wake of massive cyberattack — The Hill

  • House Intelligence Committee Chairman Adam Schiff, D-Calif., on Wednesday called on Congress to undertake “urgent work” to defend critical networks in the wake of a massive cyber espionage attack on the U.S. government.

FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay — ZDNet

  • FBI says the ransomware group has been calling victims and threatening to send individuals to their homes if they don’t pay the ransom.

“Evil mobile emulator farms” used to steal millions from US and EU banks — Ars Technica

  • Researchers from IBM Trusteer say they’ve uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in just days.

EU unveils revamp of cybersecurity rules days after hack — The Washington Times

  • The EU unveiled plans to revamp its dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a hack attack on the European Medicines Agency.

45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware — The Register

  • CybelAngel, which sells a digital risk protection platform, reported not only was the sensitive personal information unsecured, but cybercriminals had also accessed those servers and poisoned them with apparent malware.

Microsoft: New malware can infect over 30K Windows PCs a day — Bleeping Computer

  • Microsoft has warned of an ongoing campaign pushing Adrozek, a new browser hijacking and credential-stealing malware which, at its peak, was able to take over more than 30,000 devices every day.

Massive Subway UK phishing attack is pushing TrickBot malware — Bleeping Computer

  • A massive phishing campaign pretending to be a Subway order confirmation has been spotted distributing the notorious TrickBot malware.

This new ransomware is growing in strength and could become a major threat warn researchers — ZDNet

  • The group behind MountLocker ransomware are “clearly just warming up,” researchers say.

In Case You Missed It

Cybersecurity News & Trends – 12-11-20

This week, cybersecurity news moved to the federal level as nation-state hacking and international cybersecurity cooperation made headlines.


SonicWall in the News

SonicWall Wins Six Prestigious Awards In The 15th Annual Network Product Guide’s 2020 IT World Awards — SonicWall Press Release

  • SonicWall has swept six industry awards at the 15th Annual Network Product Guide’s 2020 IT World Awards, including the coveted Grand Trophy distinction for having exhibited overall excellence in diverse categories.

An Outside View of Cybersecurity ‘Inside the Beltway’ — Federal News Network

  • Federal News Network shared a podcast interview with SonicWall President and CEO Bill Conner on the persistent threats impacting the federal space and how ransomware and IoT will impact federal IT systems moving forward.

FDA Approval Is Not The Only Vaccine Challenge — Industry Week

  • Bill Conner explains how cybercriminals could impact the vaccine supply chain if a successful attack is to occur, and what organizations need to do to defend themselves.

Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times — Threatpost

  • The pandemic’s unprecedented impact on healthcare lay bare the gaping holes in the healthcare industry’s cybersecurity defenses — and security experts say the fallout will impact the healthcare industry well into 2021.

Industry News

Russian hackers hide Zebrocy malware in virtual disk images — Bleeping Computer

  • Russian-speaking hackers behind Zebrocy malware have changed their technique and are now packing the threats in virtual hard drives (VHD) to avoid detection.

Ransomware gangs are getting faster at encrypting networks. That will make them harder to stop — ZDNet

  • The window for finding attackers on your network before ransomware is deployed is getting much smaller.

Russia’s FireEye Hack Is a Statement—but Not a Catastrophe — Wired

  • The cybersecurity firm has acknowledged that it has itself been the victim of a breach — and that the attackers made off with some of its offensive tools.

Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts — Cyberscoop

  • In their accusation of Russian involvement in an August cyberattack on Norwegian parliament, authorities have implicated the same notorious group accused of interfering in the 2016 U.S. election.

Critical Flaws in Millions of IoT Devices May Never Get Fixed — Wired

  • Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.

Credit card stealing malware bundles backdoor for easy reinstall — Bleeping Computer

  • An almost-impossible-to-remove malware, programmed to automatically activate on Black Friday, was deployed on multiple Magento-powered online stores.

The EU is making overtures about cybersecurity collaboration under Biden — Cyberscoop

  • European Union members convened in an effort to take stock of the U.S. presidential election and plan how to best jumpstart cooperation with the incoming Biden administration on matters including cybersecurity.

U.S. National Security Agency warns of Russian hacking against VMware products — Reuters

  • A new cybersecurity alert from the U.S. National Security Agency warns that Russian “state-sponsored” hackers are actively exploiting a software vulnerability in multiple products made by cloud computing company VMware Inc.

Iranian Hackers Access Unprotected ICS at Israeli Water Facility — Security Week

  • A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system at a water facility in Israel.

Man Pleads Guilty to Role in Malware Protection Scam — Security Week

  • A man has pleaded guilty to his role in a computer protection services scam that cheated victims out of nearly $1 million by misleading them into believing that malware had been detected on their computers.

U.S. and Australia to develop shared cyberattack training platform — Bleeping Computer

  • The U.S. and Australia have signed a first-ever bilateral agreement that allows the U.S. Cyber Command and Australia’s Information Warfare Division to jointly develop and share a virtual cyber training platform.

Android apps with millions of downloads are vulnerable to serious attacks — Ars Technica

  • Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages and other sensitive information.

Home Offices Face Bigger Cyber Threat, Biden Top Economist Warns — Bloomberg

  • Brian Deese, chosen by Biden to lead the National Economic Council, said in an interview broadcast Wednesday, “The risk of operating from home offices in terms of cyberattacks is exponentially greater.”

In Case You Missed It