It’s mid-July and things are heating up at SonicWall. This week Silicon Republic spoke with SonicWall’s own Vice President of EMEA, Spencer Starkey, about hackers targeting the healthcare sector across the globe.
In industry news, Data Breach Today covers the largest data breach of the year. Dark Reading discusses cybersecurity organizations asking the White House to quickly name a new director. TechCrunch has the lowdown on China-based hackers accessing US government emails. Hacker News provides details on more Google Play apps stealing user data.
Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.
Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.
TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.
VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.
StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.
ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.
As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.
Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.
Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.
Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.
“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”
eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.
“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”
CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.
Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”
CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.
The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.
11 million Patients Affected by HCA Healthcare Email Hack
A large healthcare system was hit by a cyber-attack that resulted in the loss of 11 million patients’ data. HCA Healthcare, number 62 on Forbes’ list of largest corporations by revenue, confirmed the incident this week but noted that its investigation is ongoing. If the number 11 million is accurate, that makes this incident the largest reported incident of the year – by far. According to the statement the Tennessee-based healthcare chain provided to the U.S. Securities and Exchange Commission, it appears that HCA did not know it had been attacked until information on 11 million of its patients was found for sale on the dark web. The exposed list has 27 million rows of exposed information. HCA did note that they’re working as quickly as possible to determine exactly which patients have been compromised by this ordeal. While plenty of sensitive information was exposed in this attack, HCA says that credit card numbers, account numbers, driver’s license numbers, Social Security Numbers and passwords were not revealed. Information on patients’ conditions, diagnoses and treatment plans were also untouched. But fret not – HCA assured its investors that its finances would be fine. They didn’t say much to reassure the 11 million everyday people whose information is now for sale on the dark web. HCA’s revenue was $60 billion last year.
Cybersecurity Orgs Urge White House to Hasten Selection of New National Cyber Director
The Cybersecurity Coalition – a group of prominent cybersecurity organizations – has sent a letter to the White House urging President Biden to promptly select a new National Cyber Director. The letter requests that the President select a new director by the end of this month, citing the complex and shifting threat landscape as a reason for the urgency. The nominee will have to be sent to the Senate for approval regardless of how quickly President Biden and his team select a candidate. The former National Cyber Director, Chris Inglis, retired in February after working in federal agencies for nearly 30 years. The lengthy delay in replacing Inglis has the coalition concerned that Inglis’ work, including on the National Cyber Strategy, could be impeded if the nomination is further delayed. The letter also requested an executive order to clarify the roles and responsibilities of organizations like the ONCD, NSC, CISA, OMB, NIST and more. According to Dark Reading, the United States’ critical infrastructure is still woefully unprepared for ransomware attacks even two years after the Colonial Pipeline attacks. One wonders when cybersecurity will become more of a priority for our leaders.
Microsoft Cloud Bug Allows Chinese Hackers to Access US Emails
A hacking group dubbed “Storm-0558” accessed 25 United States Government email accounts after exploiting a bug in Microsoft’s cloud email service. TechCrunch confirmed that U.S. government agencies were affected after speaking with someone in the White House’s National Security Council. Microsoft described Storm-0558 as a China-based hacking group that has many resources. The tech giant went on to explain that the threat actors forged tokens to access Outlook Web Access (OWA) and gained access to the email accounts by exploiting a token validation issue. Microsoft believes that the hackers were focused on espionage. CISA released an advisory on the situation where they noted that the hackers accessed unclassified email data. CISA also determined that the threat group is a “government-backed” gang, but they did not yet name China as the likely backer.
Google Play Apps with 2.5 million Users Sending Data to China
Two file management Android apps have been secretly stealing user data and sending it to China. An app called File Recovery and Data Recovery with more than 1 million installs and another named File Manager with over 500 thousand installs have been exposed by security researchers as malicious. The apps are developed by the same group. Security researchers at Pradeo found that the apps’ claims that no data is collected are false. The apps steal contact lists, images, audio files, videos, locations and more and send that data back to China. The apps’ developers have also employed shady tactics to prevent users from being able to easily uninstall the apps such as hiding the icons on the home screen. This is yet another reason why it’s important for users to read use agreements before installing apps.
Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain
SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald
3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain
Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri
Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari
SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser