Posts

Cybersecurity News & Trends – 07-08-22

Cybersecurity news and trends curated from major news outlets, trade pubs and infosec bloggers.

SonicWall had an excellent news week. The highlight was a report by BBC on over-qualified workers struggling to find jobs, with a quote from Terry Greer-King, SonicWall vice-president for EMEA operations. There were also articles quoting Bill Conner, bylined articles by Immanuel Chavoya, articles citing the 2022 Cyber Threat Report, plus US Representative Elissa Slotkin, from Michigan, who mentioned SonicWall threat data.

Industry news was also very busy. We found a report from ZDNet about crooks using deepfakes to apply for remote work tech jobs. From Bleeping Computer, an alert about the PwnKit exploit on Linux. There was a fascinating report from New York Times about how North Korea used stolen cryptocurrency to keep the country afloat. We have a consolidated report from Dark ReadingWAFB News and Health IT Security on cyberattacks on US healthcare organizations. ZDNet (again) reported on the UK government warning businesses that paying ransoms will not keep their data safe. From HackerNews, Google blocks dozens of malicious domains operated by hack-for-hire groups. And finally, from The Star, the massive AMD breach was aided by “terrible passwords” used by employees.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Here Today, gone to Maui: That’s Your Data Captured By North Korean Ransomware

The Register, Threat Report Mention: “According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.”

Over-Qualified Workers Struggling to Find a Job

BBC, Terry Greer-King Quoted: “They move towards the peak of a pyramid,” explains Terry Greer-King, vice-president of EMEA at cybersecurity firm SonicWall. “As employees gain greater experience, there’s less breadth in terms of opportunities: trying something different would require scaling back down the pyramid.”

Staying Protected Amidst the Cyber Weapons Arms Race

Information Age, Immanuel Chavoya Byline: “Immanuel Chavoya, emerging threat detection expert at SonicWall, discusses how businesses can stay protected against customizable ransomware and the wider cyber weapons arms race.”

Ransomware Gangs Are Turning to Cryptojacking For A Quieter Life

TechMonitor, Terry Greer-King Quoted: “The toolkits from big RaaS gangs such as REvil are becoming much cheaper and easier to use, agrees Terry Greer-King, vice president for EMEA at SonicWall. “Only a few years ago, they needed to write their own malicious code. Now, anyone with bad intentions can buy a ransomware kit for as little as $50 on the dark web,” he says.”

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack In History’

The Independent, Bill Conner Quoted: ““Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent. Personal information that does not change as easily as a credit card or bank account number drives a high price on the dark web. This kind of personally identifiable information is highly sought after by cybercriminals for monetary gain. Companies should be implementing security best practices such as a layered approach to protection, as well as proactively updating any out-of-date security devices, as a matter of course.”

Cloud Security Best Practices: A Summer School District To-Do List

Security Boulevard, Threat Report Mention: “According to research from SonicWall, cyber threats of nearly all types are increasing at breakneck speed. Ransomware, for example, has increased 232% since 2019. With the rate of attack accelerating, it’s only logical that school districts close their data protection gap and identify an adequate cloud platform.”

Russian Hackers Claim Responsibility for Ongoing Lithuania Cyberattacks

Silicon Republic, Bill Conner Quoted: “Speaking about the latest cyberattacks on Lithuania, Bill Conner, CEO of cybersecurity firm SonicWall, said threat actors have gotten more efficient in their attacks. He added that these groups are leveraging cloud tools to reduce costs and expand their scope in targeting additional attack vectors. “We are dealing with an escalating arms race,” Conner said. “It’s a cyber arms race that will likely never slow, so we can never slow in our efforts to protect organizations. The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations. There’s better cooperation between the public and private sectors, and greater transparency in many areas.”

CISA Reiterates Two-Year Timeline to Implement Breach-Reporting Rules

SC Magazine, US Representative cites threat report: “Rep. Elissa Slotkin, D-Mich., chair of the Homeland Subcommittee on Intelligence and Counterterrorism, cited research from private cybersecurity company SonicWall claiming a 98% increase in observed ransomware attacks over the past year, while she also noted “we heard from [Michigan] state officials …that ransomware attacks have doubled since last year.”

Lethal Drinking Water, Runs on Banks And Panic Buying: What A Real Undeclared War Cyber Attack Could Mean

iNews, Bill Conner Quoted: “Bill Conner, who has advised GCHQ, Interpol and Nato on cyber security and is president and CEO of SonicWall, told: “When you look at what’s happened here in the States, like Colonial Pipeline, our water system, our electrical grids – even though our electrical grids are very different than the UK – they’re still very vulnerable. Our healthcare systems are vulnerable.”

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

Industry News

FBI Warns: Crooks Use Deepfakes for Remote Tech Jobs

ZDNet: According to the FBI, scammers and criminals use deepfakes to steal personally identifiable information when they apply for remote jobs. Deepfakes, synthetic audio, video and image content created using AI or machine-learning technology have been a concern for phishing threats for many years.

The FBI’s Internet Crime Complaint Center (IC3) says they have seen increased complaints about deepfakes and stolen personally identifiable information used to apply for remote roles in tech. Some offices are asking employees to return to work. Information technology is one job category that has seen a lot of remote work. Reports to IC3 primarily concern remote vacancies in information technology programming, database, or software-related job function functions.

The FBI highlights the dangers of an organization hiring fraudulent applicants by noting that some of the positions reported include access to financial data and customer PII.

CISA Issues Warnings About Hackers Exploiting PwnKit Linux Security

Bleeping Computer: Cybersecurity and Infrastructure Security Agency has added PwnKit, a severe Linux vulnerability, to its bug list.

CVE-2021-4034 was identified as the security flaw in Polkit’s Polkit’s Pkexec component, which is used by all major distributions, including Ubuntu, Fedora and CentOS. PwnKit is a memory corruption bug that unprivileged people can exploit to gain full root rights on Linux systems with default configurations.

It was discovered by researchers at Qualys Information Security, who also found its source in the original commit of pkexec. This means that it affects all Polkit versions. It has been hidden in plain sight since May 2009, when pkexec was first released. The proof-of-concept (PoC) exploit code was posted online within three hours of Qualys publishing technical details about PwnKit.

How North Korea used Crypto to Hack its Way Through the Pandemic

New York Times: North Korea has suffered severe economic damage from the United Nations sanctions and coronavirus pandemic. The government warned of severe food shortages. Unidentified intestinal diseases began to spread among the population in June.

Yet, the country has conducted more missile tests than any other year. The government is providing luxury homes for party elites. North Korea’s leader Kim Jong-un has pledged to create advanced technology for its growing arsenal of weapons. The country will likely conduct a new nuclear test, its seventh, in the not-too-distant future.

Where did the money come from?

In April, the United States publicly accused North Korean hackers of stealing $620 million in cryptocurrency from Axie Infinity. This theft, the largest of its kind, is the most substantial evidence that North Korea’s use of cryptocurrency heists to raise money to support its regime during the pandemic and fund its weapon development and maintenance was highly profitable.

According to Chainalysis, North Korean hackers could have taken home nearly $400 million worth of cryptocurrency last year. North Korea’s total haul this year is just under $1 billion. These figures are to be viewed in context. According to South Korea’s statistical agency, $89 million was earned in official exports for the country in 2020.

North Korean State Agents Launch Cyberattacks on US Healthcare Orgs

Dark Reading: The FBI, US Cybersecurity and Infrastructure Security Agency and Treasury Department warned Wednesday about North Korean state-sponsored threat agents targeting US healthcare and public-health organizations. These attacks are using a new, unusually operated ransomware tool called Maui.

Multiple incidents have occurred since May 2021 in which threat actors using the malware have encrypted servers critical to healthcare services. They have also attacked digital diagnostic devices and electronic health records servers.

In a related story from WAFB News and Health IT Security, hospitals in Wisconsin, Georgia, and Louisiana reported separate healthcare cyberattacks. Reports of healthcare cyberattacks continue to roll in as threat actors advance their tactics and narrow in on widespread vulnerabilities in the sector. For example, at Baton Rouge General, LA, a Mayo Clinic care network member, reports of a cyberattack emerged on June 28. As of this report, the hospital has reverted to paper records. Other hospitals report various damage from system lockouts to compromised patient and employee records.

Paying Up Will Not Keep Your Data Secure, NCSC

ZD Net: The number of businesses paying a ransom following a ransomware attack is increasing. The UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) are asking attorneys to remind their clients that paying up may not keep their data safe.

In a joint letter, The NCSC and ICO noted a rise in ransomware payments. Also, they reasoned that some attorneys may have advised clients to pay ransoms to keep their data safe or avoid a financial penalty from ICO. However, both agencies warn that not only are ransom payments not condoned; such payments only serve to encourage hackers to push on with more attacks.

The joint letter also reminds UK businesses and organizations that ransom payment offers no guarantee that hackers will return data or keep it safe. They note that even though hackers provided an encryption key, some do not work correctly. It is also possible that cyber criminals may not keep their word and delete data stolen in a ‘double-extortion’ attack to intimidate victims into paying.

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

The Hacker News: Google’s Threat Analysis Group (TAG), Thursday’s disclosure by the Hacker News, revealed that it had blocked as many as 36 malicious websites operated by hacker-for-hire groups from India, Russia, or the UAE.

Hack-for-hire companies allow their clients to launch targeted attacks against corporates, activists, journalists, and other high-risk users like the surveillance ware environment. These operators are known to carry out intrusions on behalf of clients anxious to hide their roles in the attack.

One hack-for-hire operator allegedly launched a recent attack on an IT company in Cyprus, a financial technology company in the Balkans, a Nigerian education institution, and an Israeli shopping company to demonstrate the breadth of the victims affected.

An identical set of credential theft attacks against journalists, European politicians and non-profits was linked to a Russian threat actor named Void Balaur.

The same group may have also been working for the past five years to target individual accounts at major webmail providers such as Gmail, Hotmail and Yahoo! plus regional webmail providers such as abv.bg, mail.ru, inbox.lv and UKR.

AMD Breach was Due to Terrible Passwords

The Star: The Silicon Valley tech giant AMD was hit by a data breach last week. But that’s no big news. According to this story, what’s utterly amazing is that the hackers had help from employees using terrible passwords such as “password” and “123456.

According to SF Gate, AMD, a microchip manufacturer, was attacked by RansomHouse hackers.

In a statement, the semiconductor giant confirmed that there was a digital breach. But the company had no answers asked why employees of multinational manufacturers aren’t subject to standard password protection rules such as regularly changing passwords and including numbers and symbols in passwords.

Lesson learned: breaches are increasing — time has long since passed to take the threat seriously.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Cybersecurity News & Trends – 06-24-22

Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.

SonicWall finishes an intense week with news articles citing the 2022 Cyber Threat Report, a quote from Bill Conner, and articles written by our frontline cybersecurity experts. From industry news, we have three big reads. One is about the day the Internet died a few hours earlier in the week, compiled from posts by Computer WorldBleeping Computer, and ZDNet. From Bleeping Computer, we learned that Conti was busy with the ARMattack campaign, ransoming 40 organizations in only one month. Finally, from Dark Reading and CSO Online, according to researchers, there are 56 vulnerabilities in operational technology products used in everything from factories to hospitals. Is our technology insecure by design?

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

What is a Cyberattack? Types and Defenses

eSecurity Planet, SonicWall Threat Report Mention: Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.

Ransomware, the Cyberattack that Set Off Alarms in Latin America

Forbes Colombia, SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

Buy Access to a Company’s Data on the Dark Web for Less Than The Cost of a MacBook

Tech Radar Pro, Bill Conner Quote: “Ransomware attacks have simply exploded last year. Recent figures from SonicWall recorded more than 600 million ransomware attacks took place across the world in 2021, representing an increase of 105% compared to the year before. Compared to 2019, the figures are even worse, showing a rise of 232%. Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases,” said SonicWall President and CEO Bill Conner.

Russia’s Invasion of Ukraine Elevates Cybersecurity Concerns for Emerging Markets

Oxford Business Group, Threat Report Mention: According to security vendor SonicWall, ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, 755% in the health care sector, 152% in education and 21% in retail.

Fortinet vs. SonicWall: Enterprise Wireless LAN Comparison

Enterprise Networking Planet, Product Comparison: Fortinet and SonicWall are both well regarded enterprise wireless LAN vendors. This article will help you decide which solution is best for your business.

Detecting the Silent Cryptojacking Parasite to Remain Disease-free

Teiss, Published Byline: Immanuel Chavoya at SonicWall describes the dangers of cryptojacking, a damaging and parasitical use of an organization’s computer resources.

Digital Infrastructure Becomes Pivotal for Businesses and Personal Lives

Markers (APAC), SonicWall Executive Interview: Digital transformation is disrupting businesses across the globe as digital infrastructure becomes pivotal for the success and survival post-Covid-19. Over the years since the pandemic hit, we have witnessed a huge surge in digital platforms and tools used in business operations which in turn has increased the risk of cyberattacks. At this junction, the role of next-gen cyber security solution provider plays a significant role. Here is an interview with Debasish Mukherjee, Vice President, Regional Sales, APJ at SonicWall sharing his views on the cybersecurity market post-pandemic, threats to businesses, key cybersecurity recommendations, and how SonicWall can help organizations overcome these challenges.

Industry News

Half of the Internet died earlier this week

Compiled from Multiple Sources: A server outage at Cloudflare’s servers led to many websites and services going down. The resulting blackout affected significant services like Google, AWS and Twitter. Although the online security company quickly identified and fixed the problem (the service was down for a few minutes), it created a flurry of worry and spun up rumors about the cause.

Initially, we were all left in the dark about the nature of the blackout, which was even more worrisome as ComputerWorld reported major disruptions to large areas. Customers trying to access Cloudflare-supported websites experienced ‘500 errors’ (Internal server errors) for approximately two hours before the service was restored around 9 am GMT.

Bleeping Computer reported that the event was reminiscent of another outage when Cloudflare stopped a 26 million request-per-second DDoS attack, which was the most severe ever recorded. The record-breaking attack, which occurred last week, targeted one of Cloudflare’s customers using the Free plan. Experts speculated that the threat actor behind the attack used stolen servers and virtual machines, as it originated from Cloud Service Providers rather than weaker IoT devices from compromised Residential Internet Service Providers.

ZDNet updated the story with a Cloudflare apology that blamed the outage THIS week on a configuration error during a “routine” network upgrade.

Conti Ransomware Hacking Spree Breaches Over 40 Orgs in a Month

Bleeping Computer: Conti is a cybercrime syndicate that runs one of the most aggressive ransomware campaigns. It has become highly organized to the point where affiliates were able to hack more than 40 primarily US-based businesses in just over a month.

Security researchers identified the hacking campaign as “ARMattack” and said it was one of the group’s most productive and effective. ARMattack was also very fast, considering how quickly the group compromised the networks. Additionally, the ransom requested by the attacker is unknown, nor do we know if any victims paid it.

Bleeping Computer also claims Conti is currently the third most frequent ransomware gang in terms of attack frequency.

The number of victims who have not paid Conti ransoms increased to 859; however, this count is based only on publicly available data on the group’s leak site and is probably higher.

This number shows that Conti has published data from at least 35 organizations that did not pay ransom each month.

Insecure By Design: 56 Vulnerabilities Discovered in OT Products

Dark Reading: A new analysis of data from multiple sources has uncovered 56 vulnerabilities in Operational Technology (OT) products from 10 vendors, including notable ones such as Honeywell, Siemens, and Emerson.

These security issues are collectively called OT.ICEFALL. They stem from insecure cryptographic implementations, weak authentication schemes or weak cryptographic implementations, insecure firmware updates mechanisms and improperly protected native functionality, which hackers can use for remote code execution. CSO Online reports that 14% of the vulnerabilities could lead to remote code execution, and 21% could allow for firmware manipulation.

The problem stems from device vendors not including basic security features like encryption and authentication. Plus, these vulnerable devices are often installed in older products that their owners continue to use, even though there are better options. So now we have the element of false confidence as many vulnerable products have been subject to an audit and are now certified as safe for OT networks.

Researchers compared their findings with those from Project Basecamp, conducted ten years ago. Then as now, they focused on insecure-by design problems in remote terminal units (RTUs), programable logic controllers (PLCs), and other controllers in SCADA (Supervisory Control and Data Acquisition) used in industrial installations.

The bottom line: the vulnerabilities are still present.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Office Documents are Still Not Safe for Cybersecurity – Ray Wyman

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 06-17-22

Stories about cybersecurity news and trends curated from major news outlets, trade pubs and infosec bloggers.

SonicWall news finishes a strong week with more mentions from the 2022 SonicWall Cyber Threat Report, bylines by our cybersecurity leaders, and quotes. And of course, Industry News was very busy. From DarkReading, we learn about the retiring Internet Explorer and how it (and the associated cyber risk) will linger for years. KrebsOnSecurity and SC Media report on ransomware attackers launching a searchable public database of their victims. SiliconValley News reports on the 9-year jail sentence earned by the infamous hacker who stole millions of private images from iCloud. From Reuters, hackers managed to crash the Russian Davos event and (temporarily) stop President Vladimir Putin from speaking. In the New Zealand Herald, the story about how a spelling error saved a man from Perth $6M. And finally, our big read for the week on the successful dismantling of a huge Russian Botnet, compiled from the US Department of JusticeBloomberg LawPolitico, and Forbes.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Contractors Beset by Ransomware Threats Have Too Few Options

Bloomberg Law, Bill Conner Quote: The contracting community is aware of the confusion. Chester Wisniewski at Sophos, Carolyn Crandall at SentinelOne, and Bill Conner at SonicWall all outlined suggestions to Bloomberg Government in a series of interviews. Conner, SonicWall’s president and CEO, said he wants the government to install so-called “cyber czars” at each federal agency to better streamline communication.

SonicWall Recognizes APAC Partners and Distributors at FY2022 Partner Awards

Channel Life (Australia), SonicWall News: SonicWall has recognized its distributors and partners for their efforts in producing the company’s most successful year to date. The recent SonicWall FY2022 Partner Awards recognized companies for their commitment to demonstrating excellence, innovation and leadership in cybersecurity during the fiscal year. They are also thanked for continuing to drive digital transformation for businesses that leverage SonicWall solutions.

The Powerful Cyberattack That Has America on Alert

Swiss Info (Deutsch), SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

SonicWall Awards Top Partners for FY22

ARN (Australia), SonicWall News: Cyber security vendor SonicWall has awarded its top-performing partners for its 2022 fiscal year ending 31 January.

The Cybersecurity Challenges of Remote Working and How a Brand Can Eliminate Them

E Business (UK), SonicWall Mention: SonicWall provides trusted solutions delivering wireless, switches, firewalls, and CCTV that can keep businesses safe from an attack and avoid downtime.

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

What is a Cyberattack? Types and Defenses

eSecurity Planet, SonicWall Threat Report Mention: Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.

Ransomware, the Cyberattack That Set Off Alarms in Latin America

Forbes Colombia, SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

Industry News

Internet Explorer Is Now Retired but Remains an Attack Target

DarkReading: Microsoft’s June 15th official end-of-support for Internet Explorer 11 desktop software has left behind a browser that has been around for almost 27 years. Even so, IE will likely remain a lucrative target for attackers.

Despite Microsoft’s long-standing plans to discontinue Internet Explorer (IE), some organizations continue to use it. Microsoft has maintained the MSHTML (aka Trident), IE browser engine in Windows 11 through 2029. This allows organizations to continue to use IE mode while transitioning to Microsoft Edge. So IE is not dead yet.

Although IE is typically a minor player in the global browser market (0.52%), many companies use it internally or have legacy applications tied to IE. This week, Nikkei Asia stories and Japan Times cited a Keyman’s Net survey showing that almost 49% of 350 Japanese companies surveyed use IE daily. Likewise, South Korea’s MBN indicated that many large organizations are still using IE and will likely continue using it for the foreseeable future.

Ransomware Group Launches Searchable Victim Data

KrebsOnSecurity – Cybercriminals that target corporate data theft and demand ransoms to keep it from being published have tried many methods to shame victims into paying. The ALPHV ransomware group, also known as “BlackCat,” has made the gambit harder and harder to avoid.

They previously tried publishing victim data in repositories on the Dark Web. Now they’re going big with a new public website to post their booty on individual victims. And they’re inviting the public to search the leaked data.

ALPHV announced its new victim-shaming website that they had hacked a luxury resort and spa in the western United States. The database of shame includes the personal data of more than 1,500 resort employees and 2,500 resort residents. In addition, the page’s top has two buttons that allow guests to “Check Yourself” – one for employees and the other for guests.

SC Media also reported that their security expert described the site as “kinda like a bad guy’s version of HaveIBeenPwned,” with the main difference being that data on HaveIBeenPwned is anonymized. ALPHV displays all, including full names, dates, expenditures, and other personal data, including email addresses, birthdays, and social security numbers.

SC Media and KrebsOnSecurity chose not to reveal the hotel’s name to protect their personal information. The whole point of the ALPHV website is to pressure the hotel for payment.

Hacker Sentenced to 9 Years for Hacking Apple iCloud and Stealing Private Images

SiliconValley: Nine years of federal imprisonment have been given to a Californian man accused of hacking Apple iCloud and stealing private images and videos of young women, some nude and some engaged in personal activities.

According to court records, Hao Kuo Chi, 41, from La Puente in California, was sentenced Wednesday at a federal court in Tampa, Florida. According to court records, he pleaded guilty to three counts of computer fraud and one count of conspiracy to commit computer crime last October.

Chi also ran a notorious website Anon-IB for many years, where users posted images labeled as “revenge porn.” Officials claim that Chi hacked into victims’ Apple iCloud accounts to steal their private photos and videos. They also said he shared and traded the images with other users on AnonIB.

Chi’s email accounts contained the iCloud credentials for approximately 4,700 victims and had collected enough media to fill 3.5 terabytes on iCloud and physical storage devices.

Court testimony reveals that he shared stolen content with conspirators over 300 times. While some conspirators publicly released the images, he kept some of the images for himself connected to 500 victims.

Hackers Crash “Russian Davos” and Stops Putin’s Speech

Reuters: Hackers impeded President Putin’s speech at Russia’s top economic forum last Friday. This happened as Russia worked to adjust to its “new reality.” The meeting was already struggling due to a lack of Western participation. Nevertheless, the 25th St Petersburg International Economic Forum was attended by many state companies, with many stalls featuring floor-to-ceiling display screens and glamorous attendants.

Dmitry Peskov, a spokesperson for the Kremlin, stated that a denial-of-service attack (which involves flooding servers with fake traffic) had caused the forum’s admission and accreditation systems to be hampered. Although he did not blame the incident on the ongoing war in Ukraine, reporters noted that it was unofficially suspected.

Spelling Mistake Stops Perth Man’s $6m Fortune from Being Stolen by BEC Hackers

NZ Herald: This story illustrates how cybersecurity is everyone’s business. A Perth businessman almost lost $6 million to hackers, but one misspelled word saved him from watching his fortune falling into the wrong hands.

He was at the end of a multimillion-dollar property settlement with a trusted buyer. But unfortunately, the other party’s business email account in the deal was compromised by cybercriminals. The hackers intercepted the emails and changed the bank account details to their accounts.

An entry-level employee noticed that the word “group” was misspelled as “gruop.” After her timely alert, an inspection revealed that the business email account was compromised, and the bankers stopped the transaction just in time.

Also see “BEC – Business Email Compromise

US and Global Law Enforcement Partners Dismantle Russian Botnet

Multiple Sources: According to the US Department of Justice, US cybersecurity agents worked with law enforcement partners from the UK, Netherlands and Germany to dismantle the infrastructure of a Russian botnet called RSOCKS that hacked into millions of computers around the globe.

A botnet is an internet-connected group of devices that have been hacked and are controlled by attackers. They are often used to commit malicious acts. Each device connected to the internet has an Internet Protocol (IP) address.

Bloomberg Law provides additional details that the Botnet targeted IoT devices like clocks, routers and streaming devices. Hackers used these compromised devices as proxy servers to allow paying customers to access the compromised devices’ IP addresses and launch attacks. According to Bloomberg, the group’s Twitter account claimed access to more than eight million residential IPs and more than a million mobile IPs.

Politico reported that proxy services, which aren’t inherently illegal, provide IP addresses for their clients for a fee. However, the service includes bypassing censorship and accessing geo-blocked for a specific region. Prosecutors claim that RSOCKS was hacking into millions of devices using brute force attacks.

Customers could visit a web-based storefront to rent proxies for a specified period. Additionally, the customer could download a list of IP addresses and ports associated with the Botnet’s backend server and route malicious internet traffic through these compromised devices while hiding the source.

A related story by Forbes states that the Botnet was the home of a darknet market called Hydra Market. The marketplace’s closure is linked to subsequent seizures, including a superyacht owned by Viktor Vekselberg and $5.4M cash from Konstantin Malofeyev. The US DOJ identified Malofeyev as a Russian oligarch who attempted to use the Botnet services to circumvent sanctions.

In Case You Missed It

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 06-10-22

Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.

A fresh batch of articles for SonicWall News surfaced this week from nearly every business sector, plus quotes from SonicWall CEO and President, Bill Conner, and General Director of SonicWall in Iberia, Sergio Martínez. Our biggest problem this week for Industry News was deciding what to leave out. From Forbes, a guide on how to inspire your employees to care about cybersecurity. From Bleeping Computer, ransomware gang Black Basta attacks VMware ESXi servers. Then from the BlackBerry Threat Vector blog, a new Linux malware called “Symbiote” that’s almost impossible to detect. Next, from Dark Reading, the Emotet banking trojan resurfaces—and skates past email security. And finally, a compiled reading from CNNMIT Technology Review, and PC Magazine on Chinese hackers breaking into “major” telecom firms.

As always, click through to the links in the headlines to see the full stories from our sources. And remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

An Update from SonicWall on ICSA Certification

Security Brief (Asia), SonicWall in the News: Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

An Update From SonicWall On ICSA Certification

Security Brief (Asia), SonicWall news: “Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.”

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

Why is Ransomware Getting the Better of Us?

Security Boulevard, Threat Report Mention: The ransom crisis is particularly bad in the UK. A SonicWall report found that UK-based organizations faced the second-highest number of ransomware attacks in the world in the first half of 2021. According to SonicWall, ransomware attacks increased by 234% across Europe in that time, while CyberEdge’s 2022 Cyberthreat Defense Report found that 80% of UK organizations had been successfully targeted in the past year.

Special Cloud Security

ComputerWorld CSO (Spain), SonicWall Quote: Sergio Martínez, general director for Iberia at SonicWall, gives his vision, in the gallery Ensuring the availability of information, the pillar of the contingency plan, on new security strategies in a context in which there are more and more devices connected to business networks.

Ransomware Losses, Frequency Increase Rates: Howden

Business Insurance, Threat Report Mention: London-based Howden Broking Group Ltd. said in its report that the annualized number of globalized ransomware incidents was up 235% in 2021 compared with 2019, and average U.S. ransom payments increased by 370% over the same period. It was citing data from San Jose, California-based cybersecurity company SonicWall Inc. and ransomware incident response company Westport, Connecticut-based Coveware Inc.

Contractors Beset by Ransomware Threats Have Too Few Options

Bloomberg Law, Bill Conner Quote: The contracting community is aware of the confusion. Chester Wisniewski at Sophos, Carolyn Crandall at SentinelOne, and Bill Conner at SonicWall all outlined suggestions to Bloomberg Government in a series of interviews. Conner, SonicWall’s president and CEO, said he wants the government to install so-called “cyber czars” at each federal agency to better streamline communication.

SonicWall Recognizes APAC Partners and Distributors at FY2022 Partner Awards

Channel Life (Australia), SonicWall News: SonicWall has recognized its distributors and partners for their efforts in producing the company’s most successful year to date. The recent SonicWall FY2022 Partner Awards recognized companies for their commitment to demonstrating excellence, innovation and leadership in cybersecurity during the fiscal year. They are also thanked for continuing to drive digital transformation for businesses that leverage SonicWall solutions.

Industry News

Inspire Your Employees to Care About Cybersecurity

Forbes: We spent a lot of time talking about how humans are the weak link in cybersecurity. First, let’s recognize that a company’s employees are a significant vulnerability due to the increasing complexity and threat of cybersecurity. With more than 15 billion devices in circulation, including computers, servers and mobile phones operating worldwide—digital fluency and literacy remain challenges in the transforming cybersecurity landscape.

Many functions are performed by devices that we don’t even know about. These functions include tracking and storing location information, saving passwords and sharing information with apps, and listening to our conversations. Today, organizations have greater responsibility for cybersecurity to protect their interests and that of their employees.

It is essential to communicate basic cybersecurity expectations to raise awareness. For example, employees need to be familiarized with complex password requirements, multi-factor authentication (2FA/multi-factor authentication), screen locks, and the importance of keeping current with software updates. Understanding cybersecurity requires that you know the basics.

If your team is not in person, create attention-grabbing graphics that include slogans and statistics about the company’s cybersecurity policies. Then, share the policies by any means throughout the workforce environment. Growing threats means educating employees about cyber threats while taking steps to protect their data.

Black Basta Ransomware Attacks VMware ESXi Servers

Bleeping Computer: Black Basta is the latest ransomware gang that supports encryption of VMware ESXi virtual machine (VM) on enterprise Linux servers. Ransomware groups have been focusing their attacks on ESXi VMs because this strategy aligns with their enterprise targets. They can encrypt multiple servers faster with one command. So it makes sense to encrypt VMs, as many companies recently switched to virtual machines. From purely a business perspective, hackers now have the dual benefits of simpler device management and more efficient resource use.

Linux ransomware encryptions are not new. BleepingComputer has reported similar encryptions by numerous other gangs, including LockBit and HelloKitty, BlackMatter and REvil, AvosLocker and RansomEXXX.

However, Black Basta’s ransomware will search for the /vmfs/volumes containing the virtual machines stored on compromised ESXi server servers. And if no such folders are present, the ransomware exits. Additionally, this encryptor does not have command-line arguments that can target other encryption paths, indicating that it is only designed to target ESXi servers.

Ransomware employs the ChaCha20 algorithm for encrypting files. Additionally, multithreading is used to speed up encryption by using multiple processors.

The ransomware will encrypt encrypted files by adding the .basta extension and creating ransom notes called readme.txt within each folder. Notes include a chat support panel link, which unique ID victims can use to communicate directly with the attackers.

Symbiote — The New Linux Malware That’s Almost Impossible To Detect

BlackBerry ThreatVector Blog: As if Linux’s malware problems couldn’t get any worse, recent reports have revealed that Symbiote is a new type of Linux malware that’s “almost impossible to detect.”

This rootkit-level hack is being called Symbiote by the research team, which includes lead members from Intezer and BlackBerry. It has the parasitic ability to act like a shared object (SO) and loads on all processes via LD_PRELOAD native function. This is why it’s so terrible.

Researchers say the shared object library “parasitically compromises” a target machine. Once its claws are embedded deep in the system, malware gives attackers rootkit functionality.

Researchers discovered the first sample in November 2021. It appears that it was created to attack Latin American financial institutions. Researchers aren’t sure if Symbiote has been used in broad or targeted attacks because it is still new malware. However, Symbiote is full of interesting features. The malware employs Berkeley Packet Filter hooking (BPF), a function that hides malicious traffic from infected machines. BPF is also used in malware created by Equation Group. BPF bytecode can be injected into the kernel to determine which packets are captured. Administrators use BPF to start any packet capture software on infected machines. Symbiote then adds its own bytecode to the kernel to filter out any network traffic it does not want the packet-capturing program to see.

Symbiote can facilitate everything, from data scrapes to backdoors. Hackers can use Symbiote to stealthily harvest credential information from hacked Linux devices by hooking the “libcread” function. This is an important mission for targeting Linux servers in high-value networks. Hackers can gain unimpeded lateral movement and unlimited access by stealing administrator account credentials. Symbiote allows remote SHH access for its operators via the PAM service. It also allows the threat actor or a hacker to gain root privileges.

Many IT and cybersecurity bloggers have reported on this story. Keep an eye out for new developments.

Emotet Banking Trojan Resurfaces, Skates Past Email Security

Dark Reading: After being taken down by a joint international task force in January 2020, the malware botnet Emotet is back in an advanced form. The Emotet malware was a prolific threat during the pandemic. It originated as a trojan for banks in 2014. Its creators were the first to offer malware-as-a-service (MaaS) to criminal organizations.

Although it still uses many of the same attack methods it used in the past, Emotet has seen a rise in its ability to collect and use stolen credentials. According to the report, hackers can use these stolen credentials to distribute malware binaries. In addition, attackers are using hijacked email threads to use those accounts as a launch pad and trick victims into activating macros in attached malicious office documents.

Emotet also uses 64-bit shell code, advanced PowerShell and more advanced active scripts. Nearly a fifth of malicious samples exploits the 2017 Microsoft vulnerability CVE-2018-11882.

The attacks were mainly focused on Japan’s victims, but the focus has shifted to targets in the United States of America and Italy since March.

Chinese Hackers Breach “Major” Telecom Firms

Compiled Reading: The report is compiled from multiple sources offering a slightly different perspective: CNNMIT Technology Review, and PCMagazine.

First, CNN’s headline: Chinese government-backed hackers have breached major telecommunications companies, among other targets, the US CISA warned this week. Cyber defenders often overlook these devices as they struggle to keep up with the routine software patching of Internet services and endpoint devices. CISA, FBI, and NSA did not identify the hackers; the advisory appears to focus on getting organizations aligned on security measures and updating their software and equipment. CNN named devices manufactured by Cisco, Fortinet, or other vendors.

MIT Technology Review included Netgear and Citrix security vendors. All vulnerabilities were publicly known, including a five-year-old critical flaw in Netgear equipment that allows attackers to bypass authentication checks to execute any code they want. This will enable them to take over the entire device and gain unrestricted access to the victim’s network. MIT says the campaign’s success shows how dangerous software flaws can be even after being made public. Zero-day attacks—hacks exploiting previously unknown weaknesses—pack a punch and demand our full attention. Plus, known flaws are still dangerous because it can be hard to update and secure networks and devices with limited resources, personnel and money.

PCMagazine stated that the vulnerabilities allowed actors to access victim accounts via publicly available exploit codes against VPN services and public-facing applications without using any unique or identifying malware.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 06-03-22

Read a curated collection of stories about cybersecurity news and trends from major outlets, trade journals, and infosec bloggers.

We found another crop of articles for SonicWall news, with one from Financial Times that reasons the best defense can be identifying vulnerabilities and “blocking digital assault pathways.” And in another article, Insurance Business America wonders how small businesses can protect themselves from cyber threats. Both use SonicWall’s 2022 Cyber Threat Report and are good reads for anyone tracking solid ideas and solutions. It was another week of dizzying details from Industry News, starting with a story from Politico about why politicians’ phones are getting hacked. Next is from Krebs on Security with additional information from Dark Reading about the pawn game between Costa Rica, Hive, Conti, and US sanctions. Next is a story from CNN detailing a confession from US Cyber Command: yes, they have been hacking Russian assets. And another story is about Chinese hackers exploiting new Microsoft vulnerabilities reported by The Verge and Tech Crunch. Finally, from Bleeping Computer, a story about a ransomware group that’s added a new twist: they’re going public by putting the ransom note on your website.

As always, click through to the links in the headlines to see the full stories from our sources. And remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

SonicWall Honors Its Partners and Distributors Who Achieved Outstanding Lines In 2021

IT Reseller (Deut), SonicWall in the News: Cybersecurity specialist SonicWall has honored its most important partners and distributors of 2021. The SonicWall FY2022 Security Awards are awarded to one partner per region and, according to the manufacturer, are based on various factors such as annual sales, portfolio distribution, online activities, project success rate, certification level, the degree of commitment and feedback from their team.

GCHQ Advisor: It’s A Cyberarms Race as Ransomware Builder Emerges

IT Supply Chain (UK), Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places.

SonicWall Celebrates Multiple Award Wins, Amidst Outstanding Business Performance in Asia-Pacific

CXOToday, Threat Report Mention: SonicWall today announced that the company has been awarded several prestigious awards on top of its growing list of accolades. SonicWall’s consistent track record and recognition by cybersecurity industry experts over the last few years is a testament to the vision, commitment and innovative spirit of its employees, leaders and partners to continuously deliver value to customers by way of optimizing business efficiencies and enhancing security.

Cyber Attackers: If You Can’t Stop Them, Disrupt Them

Financial Times, Threat Report Mention: Companies in all industries have been targeted. Data from SonicWall show a 105 per cent rise in ransomware attacks in 2021.

How To Ensure the Security of Company Data?

RCN Radio (Colombia), Threat Report mention: According to SonicWall’s 2022 Cyber Threat Report, in 2021 there were more than 623 million ransomware attacks worldwide. And Colombia, with more than 11 million threats detected in that year, is in the top 10 of the most attacked countries worldwide.

Meteoric Rise: Triangle Cybersecurity Startup JupiterOne Reaches ‘Unicorn’ Status With $70M Cash Injection

WRAL.com, Threat Report Mention: Governments worldwide saw a 1,885% increase in ransomware attacks in 2021, according to the 2022 Cyber Threat Report recently released by SonicWall, an internet cybersecurity company. Ransomware also rose 104% in North America, just under the 105% average increase worldwide, according to the report.

An Update from SonicWall on ICSA Certification

Security Brief (Asia), SonicWall in the News: Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

Industry News

Why We Expect More Hacking on Politicians’ Phones – HINT: It’s Politics

Politico: Government officials all over the globe are facing a hard truth: They will have to accept spyware infecting their devices because they don’t want to ban the technology.

Numerous government officials have had their phones hacked over the past few years. These include Spanish Prime Minister Pedro Sanchez and French President Emmanuel Macron. Staffers for Boris Johnson, British Prime Minister, and the EU’s justice commissary. There are also at least nine US diplomats.

Here’s the truth: many governments use the same spyware used against them—the tool of choice: Pegasus software by the Israeli company NSO Group. Pegasus has proven effective in pursuing terrorists planning attacks or pedophiles. Investigators have used tools like Pegasus to catch highly sought criminals such as Joaquin “El Chapo,” a well-known drug lord.

Pegasus can infect the target’s device and allow government agencies or organizations to access personal information, including (but not limited to) turning on microphones and cameras. As a result, anti-spyware activists have asked governments to ban spyware companies or at the very least regulate them. The United Nations Human Rights Office also called for governments to regulate the sale and use of spyware technology last year.

There are no international agreements restricting spyware. Even governments that ban Pegasus face the problem of other, less visible and more regulated spyware companies. As a result, officials are forced to use low-tech methods of protection with varying degrees of effectiveness.

And on it goes.

Costa Rica Pawned by Conti Ransomware Group’s bid to Rebrand and Evade Sanctions

Krebs on Security: The Russian ransomware group Hive hacked Costa Rica’s national healthcare system earlier this week. This intrusion occurred just weeks after Rodrigo Chaves, the Costa Rican president, declared a state emergency to address a ransomware attack by Conti. Cybersecurity experts say that there are good reasons to believe that the same cybercriminals are behind both attacks. Apparently, Hive helped Conti rebrand and avoid international sanctions designed to target ransomware payments to Russian hacker gangs.

Local media reported the Costa Rican Social Security Fund (CCSS) as being taken offline on May 31. However, the extent of the breach is still unknown. The CCSS oversees Costa Rica’s public healthcare sector. Worker and employer contributions are required by law.

The Dark Reading newsletter reports ransomware hackers sanctioned in the United States have learned how to rebrand their software and avoid the sanctions. This is a strategy to make victims pay more. Example: The Evil Corp gang was already subject to sanctions when the Department announced that it was responsible in part for a ransomware strain called WastedLocker. Evil Corp quickly stopped using WastedLocker software and created variants with different names and graphics. These ransomware variants were the most popular in the last two years. However, it was not always clear if Evil Corp was behind them.

Microsoft Disallows Iran-Linked Hacker Groups Targeting Israeli Companies

The Jerusalem Post: Microsoft’s Threat Intelligence Centre (MSTIC) detected that an Iran-linked hacking group was using their OneDrive cloud storage platform to command and control (C2) purposes. The hacking group was identified as “Polonium” and found to be targeting more than 20 Israeli companies and one intergovernmental organization with operations in Lebanon.

MSTIC assessed the group’s location and observed them creating and using legitimate OneDrive accounts, then utilizing those accounts to execute part of their attack operation.

Microsoft noted that the activity does not represent a vulnerability or cybersecurity issue on the OneDrive platform. However, Microsoft added that it has deployed security intelligence updates that will “quarantine” tools developed by Polonium operators. The story goes on to report that as part of their enforcement process, MSTIC suspended more than 20 malicious OneDrive applications.

US Confirms That Military Hackers Conducted Cyber Operations to Support Ukraine

CNN: The US Cyber Command made a rare public acknowledgment about hacking operations often shrouded in mystery. The hacking unit of the US military conducted cyber operations to support Ukraine in its defense against Russia’s invasion. Cyber Command admitted that they had conducted operations across all facets of the spectrum, including offensive, defensive and information operations.

This disclosure highlights how crucial projecting cyber power – to support Ukraine’s defenses and possibly deter Russia from conducting cyberattacks on US infrastructure – is to the Biden administration. This admission suggests that the Biden administration is comfortable in cyberspace and can counter Russia without fear of escalation. So long as the US and its allies don’t attack Russia, President Joe Biden has promised not to engage with Russia militarily in the Ukraine war.

This is the fullest example of foreign relations brinksmanship.

Chinese Company Accused NSA Hacking Has Global Ambitions

Washington Post: The US government and American cybersecurity firms have long claimed that China is responsible for brazen hacks that absconded troves worth of sensitive documents. Chinese officials denied the allegations and accused the US repeatedly of cyber-espionage without providing any evidence. In February, a well-connected Chinese cybersecurity company made public what it claimed to be a US National Security Agency campaign targeting computers in 45 countries and areas, including China. At the time, US officials did not respond to inquiries for comment.

This disclosure suggests that China takes a firmer stance against foreign hacking attempts. It also revealed the increasing influence of Qi An Xin Technology Group Inc., a Chinese technology company established in 2014 with ambitions to become a global cybersecurity leader.

The company’s headquarters are located a 10-minute drive from the Forbidden city. They have been part of a three-year plan to grow China’s cybersecurity sector to more than 250 billion Yuan ($39.3B) by 2023. This plan involves increasing investment in the industry and simplifying regulation.

China-Linked Hackers Exploit a New Vulnerability Within Microsoft Office

The Verge: According to threat analysis research by security firm Proofpoint, hackers are already exploiting a newly discovered Microsoft Office vulnerability.

TechCrunch also shared details about how a hacker group called TA413 used the “Follina” vulnerability to create malicious Word documents that purportedly were sent from the Central Tibetan Administration. This is the Tibetan government exiled in Dharamsala in India. The TA413 APT (a designation for “advanced persistent danger”) actor is believed to be connected to the Chinese government. It has previously been used to target the Tibetan exile community.

On May 27, Nao Sec, a security research group, first highlighted Microsoft Word’s vulnerability. They took to Twitter to share a sample they had submitted to the online malware scanner VirusTotal. Nao Sec reported that hackers delivered the malicious code via Microsoft Word documents. The files then executed PowerShell commands, a powerful tool for Windows system administration.

Chinese hackers have used security holes in the software to target Tibetans over the years. Citizen Lab published a report in 2019 that documented widespread targeting of Tibetan politicians with spyware. This included Android browser exploits as well as malicious links sent via WhatsApp. Proofpoint analysis has shown that browser extensions also spy on Tibetan activists.

Ransomware Gang Now Hacks Corporate Websites to Show Ransom Notes

Bleeping Computer: Ransomware gangs are taking extortion to new heights by hacking corporate websites and publicly displaying ransom notes.

Reporters identify Industrial Spy as the new extortion gang behind this new strategy. The group follows the usual expected process of deploying ransomware in their attacks to breach networks, steal data, and deploy malware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid. In one case, the group is now selling data they claim was stolen by a French company called SATT Sud-Est for $500,000-USD.

The new bent to the crime is that the group found a way to hack into the company’s website, vandalized the home page with a message warning that 200GB of data had been stolen. Of course, if the victim doesn’t pay the ransom, the attackers are ready to sell the data. And then there’s the public disclosure for added measure.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 05-27-22

Your weekly digest of cybersecurity news stories and trends curated from leading news outlets, trade journals, and infosec bloggers.

It was a big week for SonicWall news with another strong showing of quotes and citations in trade journals and blogs. This week’s crop of industry news was also thick with new information, all highly informative and worthy of our attention. First up is a report from Vice’s Motherboard News about hackers who posed as “internal support” at Verizon and managed to steal a sizable database of employee information. The follow-up report is one from Tech Radar about employees ignoring cybersecurity advice; we added notations regarding the vulnerability of the healthcare sector which, according to the HHS, is acute. Hacker News posted a new story about hackers using browser automation frameworks to advance malicious activities. Next, Reuters posted one about a UK hack that appears to reveal interesting tidbits about the Brexit campaign. We highlighted an article from Protocol titled “AI + Ransomware = Terrifying” because it is terrifying. Then finally, from Bleeping Computer, it’s a weird twist of irony when hackers are successfully phishing Russian government agencies with RATs.

Remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

Ransomware Attack Exposes Data of 500,000 Chicago Students and Staff

Tech.co, Threat Report Mention: But these online threats aren’t just confined to the education sector. Ransomware attacks across the US have grown 67.5% year on year, according to a recent report by SonicWall. What’s more, the majority of these attacks are leveraged against small-to-medium-sized businesses because they’re assumed to have weaker end-point security.

Navigating The Cyber Arms Race, Expert Weighs In

Information Security Buzz, Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places. And now, with the proliferation of cryptocurrency, this has enabled a whole new dark side.

War Between Russia and Ukraine Reaches the Metaverse!

Diario del Huila (Colombia), Threat Report Mention: According to SonicWall’s 2022 cyber threat report, in 2021 there were 623.3 million ransomware attacks worldwide, increasing by 105% compared to previous years. Colombia is in the top 10 of the countries, with 11 million threats detected.

Our Channel Will Help the SME face the worst: Sergio Martínez, from SonicWall

Channel Partner (Spain), SonicWall quote: Sergio Martinez confirms that his 60 channel partners, four wholesalers and 900 registered distributors are his allies to serve SMEs and the enterprise sector, which face worse and worse dangers such as encrypted threats.

SonicWall Honors Its Partners and Distributors Who Achieved Outstanding Lines In 2021

IT Reseller (Deut), SonicWall in the News: Cybersecurity specialist SonicWall has honored its most important partners and distributors of 2021. The SonicWall FY2022 Security Awards are awarded to one partner per region and, according to the manufacturer, are based on various factors such as annual sales, portfolio distribution, online activities, project success rate, certification level, the degree of commitment and feedback from their team.

GCHQ Advisor: It’s A Cyberarms Race as Ransomware Builder Emerges

IT Supply Chain (UK), Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places.

Industry News

Hackers Pose as Internal Support, Steals Database of Hundreds of Employees

Vice: Raise your hand if you have heard this story before. Hackers posing as Internal Support went through a list of Verizon employees until they found one that gave them access to their computer and ultimately, the company’s internal network.

Hackers reportedly stole a database that contained the complete name, email addresses, corporate ID numbers, phone numbers, and contact information of hundreds of employees.

Motherboard (Vice’s own cybersecurity team) confirmed that a significant portion of the data that was harvested was legitimate. They called the phone numbers listed in the database. One former employee was understandably upset about the breach and had some unkind words about Verizon’s cybersecurity culture. It certainly relates to an industry-wide concern about employee behavior and attitudes toward cyber hygiene.

The hacker(s) also reportedly sent an email to the company and threatened to leak Verizon’s entire employee database unless the company agreed to pay $250,000 in ransom. Verizon spokeswoman confirmed the communication.

Your Staff is Ignoring Cybersecurity Advice

Tech Radar: Since we’re talking about cybersecurity culture, here’s a report that reminds us how vulnerable businesses are to cyberattack. More than 90% of successful attacks were facilitated through “human interaction” (e.g., employees). Employees are the primary entry point to breach secure networks. Threat actors rarely use brute force to break in. They don’t have to. They can merely evade network security with a bit of social engineering that gets an errant click, or a password tossed their way.

Tech Radar says that cybercriminals view your employees as reliable portals to sensitive corporate information and other data. Many organizations have taken steps to combat this trend by implementing security awareness training. However, implementation is not perfect nor is it consistent. Tech Radar cites a survey that showed only 28% of organizations currently offer comprehensive training programs twice per year.

Organizations around the globe are facing a disengaged, often indifferent workforce, even when training is more frequent. Users continue to engage in risky behavior and ignore security best practices. 42% of users admit to downloading malware, and 56% let their friends and family use the devices their employers give them.

A separate risk report conducted by the US Department of Health and Human Services (HHS) backs Tech Radar’s findings, pointing out that successful attacks usually come from negligent insider threats than from brute force attacks.

Among the alarming findings from the HHS report, researchers analyzed 3 billion files across 58 healthcare companies and found that all employees could access 20% of the files. That means tens of thousands of sensitive files related to patient healthcare are available for all to see. Add to that, 77% of healthcare organizations have 500 accounts or more with passwords that never expire.

As noted in SonicWall’s 2022 Cyber Threat Report, the healthcare sector experienced a 121% increase in malware in 2021. Expect to see that number rise in the coming year.

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Hacker News: Cybersecurity researchers have discovered that a free browser automation framework is being used increasingly by threat actors. Hackers can use many features of the framework to enable a wide range of malicious activities. The framework’s technical requirements are low.

Underground actors have been able to advertise their willingness to help create bespoke tooling. Researchers found that C2-IP addresses of command-and-control (C2) are linked to malware like Bumblebee and BlackGuard. These IP addresses establish connections to the download domain of Bablosoft (maker of Browser Automation Studio). Bablosoft can automate tasks in Google Chrome using legitimate tools such as Selenium and Puppeteer.

Russian Hackers Linked to New Brexit Leak Website

Reuters: According to a Google cybersecurity official and former head of UK foreign Intelligence, a new website published leaked emails of several prominent proponents of the Brexit plan that led to Britain leaving the European Union.

The website, titled “Very English Coop d’Etat,” claims it has published emails from Richard Dearlove (ex-British spymaster), Gisela Stuart (leading Brexit campaigner), and Robert Tombs (pro-Brexit historian) and other supporters of Britain’s exit from the EU.

According to the site, not only is this group the hardline pro-Brexit booster, the members also collaborate in secretly make political decisions in the United Kingdom.

Reuters couldn’t immediately confirm the authenticity of the emails. However, two victims of Wednesday’s leak confirmed that hackers had targeted them and blamed Russia for their actions.

According to the “English Coop” website, several allegations are made, including that Dearlove was involved in a plot by Brexit hardliners to replace Theresa May (who had negotiated a withdrawal deal with the European Union at the beginning of 2019) with Johnson, who takes a more uncompromising stance.

Dearlove stated that the emails were a “legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion.”

Officials did not respond to emails seeking comment from the Russian embassies in Washington and London. Moreover, the Foreign Office of Britain, which deals with media inquiries for MI6, declined to comment. Others who are believed to have been disseminated via the website’s email list also did not reply to emails requesting comment.

AI + Ransomware = “Terrifying”

Protocol: The article quotes the 2022 SonicWall Cyber Threat Report, but that’s not the only reason it caught our attention. While the number of ransomware attacks have doubled year-over-year in 2021, ransomware has been getting more successful. And that’s what makes this article a worthy if not terrifying read.

Cybercriminals and defenders are engaged in a constant struggle for advantage. However, defenders have had an advantage that has helped them stay one step ahead of most attacks: AI and machine learning that allows administrators to automate much of their work, particularly when it comes to detection and responding to attacks. Although this advantage has not been enough to stop ransomware from spreading, it is still a significant advantage over what cybercriminals are capable of doing.

The greatest barrier for cybergangs is that AI requires high-level expertise that they do not have. But now, after two years of record-breaking breaches, the one thing they do have is a lot of money. Ransomware gang Conti pulled in $182 million in ransom payments during 2021, according to blockchain data platform Chainalysis. Leaks of Conti’s chats suggest that the group may have invested some of its revenue in pricey “zero day” vulnerabilities and hiring penetration testers.

Protocol speculates that given the windfall some ransomware gangs have amassed, it’s only a matter of time that they will deploy AI ransomware.

Hackers Target the Russian Govt With Fake Windows Updates by Pushing RATs

Bleeping Computer: In the weirdest twist of irony, hackers successfully targeted Russian government agencies with phishing emails that pretended to be Windows security updates to install remote access trojans, or RATs.

Russian Government agencies were targeted by hackers using phishing emails claiming to be Windows security updates. These attacks are being carried out by a previously unknown APT (advanced persistent threat) group. They are believed to be operating in China and are connected to a series of spear-phishing campaigns.

The operations took place between February 2022 and April 2022. The goal was to infect Russian Federation government entities with malware. The custom-made RATs were most likely used in espionage operations.

The first of four campaigns started in February 2022, just a few days following Russia’s invasion of Ukraine. The RAT was distributed at that time under the name interactive map UA.exe.

The group apparently planned more elaborate and well-thought-out campaigns and schemed to lure targets and convince them of the legitimacy and authenticity of the phishing email attacks. The tar.gz archive, which was supposed to contain a fix to the Log4Shell vulnerability, was sent to the Russian Ministry of Digital Development, Telecommunications and Mass Communications. Another wave of phishing attacks saw malicious actors pretend to be Rostec, a Russian defense conglomerate.

In the final wave of attacks, Chinese hackers focused their attention on a macro-infected Word file that contained a fake job offer from Saudi Aramco, a major oil and natural gas company. The document targeted candidates interested in filling the “Strategy and Growth Analyst” position. It used a remote template injection technique to retrieve the malicious template and then drop the VBS script onto them.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 05-20-22

Cybersecurity News & Trends

This week, SonicWall emerged with excellent “in the news” quotes and citations. Note the articles about “AI-Powered Ransomware.” Industry news produced findings about Bluetooth vulnerabilities that could shake the consumer markets from automotive to home security. The Justice Department says that it will no longer prosecute “good faith researchers” who hack software and devices to find vulnerabilities. The US government is also reportedly remanding government agencies slow to fix bugs that hackers are currently exploiting. The Costa Rican government reports that Russian hacking cartels are attacking their agencies and infrastructure. Finally, leave it to the Bank of Zambia to come up with a creative way to troll hackers. Stay safe and remember that cybersecurity is everyone’s business.

SonicWall News

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Ransomware is already out of control. AI-powered ransomware could be ‘terrifying.’

Protocol, SonicWall in the News: Currently, ransomware attacks are often very tailored to the individual target, making the attacks more difficult to scale, Driver said. Even still, the number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well. The percentage of affected organizations that agreed to pay a ransom shot up to 58% in 2021, from 34% the year before, Proofpoint has reported.

Finalists: Security Executive of the Year

SC Magazine, SonicWall in the News: Bill Conner has been named a finalist In the Best Security Executive of the Year by SC Magazine. Executives recognized in this category are the veterans and perennial influencers in the cybersecurity development community, with a history of leadership in companies that have their pulse on the needs of users and have a proven track record in delivery of products and services that meet the requirements of businesses large and small.

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

AI + ransomware = “terrifying”

Protocol, SonicWall in the News: The number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well.

Industry News

Vulnerabilities Found in Bluetooth Low Energy Devices

TechRepublic: A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cybercriminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate the user near the device. Researchers were able to fake the authentication, which could affect everyone, from the average consumer to organizations seeking to lock the doors to their premises.

This issue is believed to be something that the industry can’t easily patch since it is more than a simple error in Bluetooth specification. Moreover, the flaw could be an exploit that could affect millions of people. According to NCC Group experts cited in the article, BLE-based proximity authentication was not originally designed to be used by critical systems such as locking mechanisms in smart locks.

To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”

According to the cybersecurity company, these Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that hackers can easily break with cheap off-the-shelf hardware. As a proof of concept, it was found by Khan that a link-layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. According to the report, the following device categories are vulnerable:

  • Cars with automotive keyless entry
  • Laptops with Bluetooth proximity unlock feature
  • Mobile phones
  • Residential smart locks
  • Building access control systems
  • Asset and medical patient tracking

One of the specified vehicles affected by this exploit is the Tesla Models 3 and Y.

Justice Dept. Says ‘Good Faith Researchers’ No Longer Face Hacking Charges

Washington Post: On Thursday, the U.S. Justice Department stated that it would not use its country’s anti-hacking law to prosecute cybersecurity researchers trying to find security flaws. This is a move that both protects and validates a practice still vilified by many officials and companies.

Top Justice officials issued a five-page policy statement to federal prosecutors. They said that local U.S. Attorneys should not be charged when “good faith” researchers exceed “authorized” access. This vague phrase is from the 1986 Computer Fraud and Abuse Act, interpreted as covering routine practices such as automated downloading of Web content.

TechCrunch also reported that the DoJ stated that “good-faith research” includes anyone who conducts their activity “in a manner designed to avoid harm to individuals and the public.” It also concludes that such information “primarily promotes the security or safety the class of devices or machines to which the computer belongs, as well as those who use such machines, devices, or services.”

Computer Fraud and Abuse Act (or CFAA) was enacted into law in 1986 and predate the modern internet and current cyber threats. Federal law defines computer hacking, specifically “unauthorized” access to a computer system. However, the CFAA has been criticized over its vague and outdated language, which fails to distinguish between malicious actors who (for example) extort companies and good-faith researchers who work to uncover vulnerabilities before people are exploited by them.

US Officials Order Government Agencies to Fix Serious Software Bugs

CNN: US cybersecurity officials on Wednesday ordered all federal civilian agencies to fix flaws in widely used software that officials said foreign government-linked hackers are likely moving to exploit.

“These vulnerabilities pose an unacceptable risk to federal network security,” US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said.

The “emergency directive” from CISA gives agencies five days to either update the vulnerable software or remove it from their networks. However, the directive does not apply to the Pentagon computer networks, not under CISA’s jurisdiction. The vulnerabilities are in a type of software made by VMware, a California-based technology giant whose products are widely used by the US government.

VMware, on April 6, issued a fix for the software flaws, which could allow hackers to access computer files and burrow further into a network remotely. Within two days of the fix’s release, hackers had figured out a way to break into computers using the vulnerabilities, according to CISA. Then, on Wednesday, VMWare released software updates for newly discovered vulnerabilities that CISA has ordered agencies to address.

The agency did not identify the hackers or what systems they had targeted.

Russian Hacking Cartel Attack Costa Rican Government Agencies

New York Times: A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

The ransomware gang Conti, based in Russia, claimed credit for the attack, which began on April 12, and threatened to leak the stolen information unless it was paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to Central and South American countries, perhaps to retaliate against nations that have supported Ukraine.

Some experts also believe Conti feared a crackdown by the United States and sought fresh targets, regardless of politics. According to estimates from the Federal Bureau of Investigation, the group is responsible for more than 1,000 ransomware attacks worldwide that have led to earnings of more than $150 million.

The BBC also reports that the Costa Rican Treasury told civil servants that the hack had affected automatic payment services. It warned that they would not be paid on time and would need to apply for their salaries by email or on paper by hand.

The ministry said: “Due to the temporary downturn of the institutional systems, the service of issuing certificates regarding the amounts of salaries owed to the civil servants of the Central Administration is suspended.

“All applications received via email or in the windows of the National Accountancy will be attended to once systems are restored.”

According to the government, the attacks also affected its foreign trade by hitting its tax and customs systems.

‘Security researchers’ make $800k in prize money for Hacking Windows 11

PCGamer: Contestants in a hacking contest have netted over $800K in prize money after finding exploits in Windows 11, Microsoft Teams, and other enterprise software on the first day. During this 15th annual Pwn2Own Vancouver hacking competition, the teams discovered 16 zero-day bugs on multiple products like Firefox, Oracle Virtualbox, Windows 11, and other popular enterprise software.

Pwn2Own Vancouver 2022 is a three-day-long hacking competition sponsored by Microsoft, Zoom, and other big tech companies. Teams of hackers or ‘security researchers’ attempt to find zero-day vulnerabilities in their software for prize money.

Think of it like bug bounties except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker could discover. The software makers aren’t already aware; there’s no patch, and the attack will likely succeed. Known bugs or exploits are not valid for rewards.

National Bank of Zambia Hit by Ransomware Then Trolls Hackers

Bleeping Computer: Leave it to the executives at the Bank of Zambia to leave us grinning. After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear to the hackers that they were not going to pay – by posting a picture of male genitalia and telling the hackers to s… (and here, you’ll have to fill in the colorful language they used).

Last week, the Bank of Zambia, the country’s central bank, disclosed that recent technical outages resulted from a cyberattack. While the Bank of Zambia did not disclose the details of the cyberattack, BleepingComputer learned that the attack was conducted by the Hive ransomware operation, which claimed to have encrypted the bank’s Network Attached Storage (NAS) device.

Today, Bloomberg reported that the Bank’s Technical Director, Greg Nsofu, said they had protected the bank’s core systems, so it was unnecessary to engage with the threat actors.

In Case You Missed It

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 05-13-22

Cybersecurity News & Trends

It was another busy week with several news outlets quoting the 2022 SonicWall Cyber Threat Report. Other stories mention SonicWall corp, its products and services and one recognized CRN Channel awards for three women from SonicWall’s field marketing team. In global cybersecurity news, Krebs’ ongoing coverage of hackers using fake Emergency Data Requests (EDRs) escalated into a DEA investigation. The Republic of Korea just became the first Asian country to join NATO’s cybersecurity group, much to the chagrin of the People’s Republic of China. India’s new CERT-IN breach reporting requirements are bumping against growing resistance from businesses and organizations. In California, a data provider for the State Bar accidentally released private and potentially damaging information about some of its member attorneys. MyNurse patient data tracking service is closing its doors after a severe data breach. Log4Shell exploits are resurfacing with new threats to the tranquility of enterprise data lakes and potentially devastating AI poisoning. And 157-year-old Lincoln College is closing its doors – apparently succumbing to the COVID pandemic and a catastrophic cyberattack.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

WannaCry’s Ghost Is Still Wreaking Havoc Five Years On

ITPro (UK), SonicWall in the News: In an article about the 5th anniversary of WannaCry: SonicWall is one such company still tracking WannaCry, although other firms tell IT Pro they have decided to stop monitoring the strain, given the worst of it is over. We may not have seen the same level of destruction as sustained five years ago, but detections remain high.

Most Brazilian Companies Don’t Pay to Get Data Back After Ransomware Attacks

ZDNet, Threat Report Mention: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall earlier this year. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks.

New Report Paints Boston As Burgeoning Cybersecurity Hub

Bostinno/Boston Business Journal, Threat Report Mention: The world saw a 105% surge in ransomware cyberattacks last year, according to the most recent SonicWall cyber threat report.

The Rising Risk of Ransomware Attacks on Organizations and How to Mitigate it

Security Review, Threat Report Mention: According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List

SonicWall Blog, SonicWall in the News: SonicWall is thrilled to share that CRN, a brand of The Channel Company, has named three global channel team members on CRN’s 2022 Women of the Channel List. SonicWall’s Sr. Director, Global Field Marketing Nicola Scheibe; Sr. Channel Account Manager Terra Paisley; and Sales Manager Misty Warhola were included on the annual list, which honors the incredible accomplishments of female leaders in the IT channel.

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: “The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Industry News

DEA Investigating a Breach of Law Enforcement Data Portal

Krebs on Security: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports hackers gained unauthorized access of an agency portal that taps into 16 federal law enforcement databases. KrebsOnSecurity claims that it discovered that the alleged compromise was tied to an online harassment and cybercrime community that routinely impersonates government officials and police officers to obtain personal information. Krebs has been following this topic closely, as reported in previous posts of Cybersecurity News & Trends.

KrebsOnSecurity shared information regarding the allegedly hijacked account to the DEA, Federal Bureau of Investigation (FBI) and the Department of Justice (which houses both agencies). However, the DEA refused to provide details on the validity of the claims.

The Republic of Korea is the First Asian Country to Join NATO’s Cyber Research Center

Numerous news agencies are covering a fresh story about the Republic of Korea joining the NATO cybersecurity group known as the Cooperative Cyber Defense Center of Excellence. (CCDCOE). According to The Korea Times, the state intelligence agency of Korea announced Monday that there was a flag-raising ceremony in Estonia to commemorate Korea’s participation. The CCDCOE operations are based in Tallinn (Estonia), Canada, Luxembourg, and Luxembourg. The group was created in 2008 by NATO members in response to crippling cyberattacks in Estonia committed by Russian cyber gangs. CCDCOE now boasts 32 nation members, including 27 NATO members that sponsor it, plus five contributors, including Korea, according to ZDNet.

The South China Morning Post reports that although the cybersecurity group operates independently from NATO, Chinese military analysts claim that Beijing is concerned by the development. The People’s Republic of China sees the move as an expansion of the NATO defense alliance and a threat to Chinese security interests.

Russia used the military alliance’s eastern expansion to justify its invasion of Ukraine. Government leaders in Beijing consider Moscow’s claim as a legitimate security concern. Ni Lexiong, a Shanghai-based military analyst, said that China views NATO as overbearing and that Korea’s decision to join the center is “definitely not in China’s best interests.”

Industry Rebuffs India’s Data Security Breach Reporting Requirements

The Register: Opposition to India’s new rules for reporting computer security breaches grows. The rules were introduced in late March by the government-run CERT-In. This team has responsibility for incident management.

CERT-In requires Indian organizations to report more than 20 types of cybersecurity incidents within six hours of discovering them. In addition, it ranks ransomware attacks, detections of malicious network probes, and hijacking social media accounts all on the same level.

Other requirements include the retention and capture of VPN users’ personal data and IP addresses. The government gave Indian organizations only 60 days to ramp for compliance. The organizations say that these requirements are difficult to meet because they affect large entities such as data center operators and that some incidents happen daily.

California State Bar: 1,300 Attorneys Identified in Massive Data Breach

OC Register: California’s State Bar has begun notifying thousands of attorneys whose names were found in 322,525 confidential records of proceedings for member discipline. The breach occurred in February. According to the State Bar, it will reach out to 1,300 respondents, witnesses, and complainants whose names are contained in 1,034 supposedly confidential records. The State Bar will also contact those named in records but were not published.

Public records aggregator Judyrecords published the documents. They remained online between October 2021 and February 2022. Southern California News Group first reported the breach. According to the report, the breach was not the result of malicious hacking but rather a security flaw in the State Bar’s Odyssey Portal that Texas-based Tyler Technologies operates. As a result, the confidential records were unintentionally swept up and published by Judyrecords. The portal vulnerability was fixed, and access to the public records of the State Bar Court was restored while the records search function was still disabled on Judyrecords. The website administrator stated in a note that the portal glitch enabled users to access court cases in various jurisdictions in California, Georgia, Kansas and Texas.

MyNurse Shuts Down After Data Breach Exposes Health Records

TechCrunch: MyNurse stated in a data breach notice that it had decided to close its business because of a “data security incident” but didn’t give a reason. The company stated that it began notifying patients affected on April 29, more than seven weeks after the breach was discovered. MyNurse is a startup in healthcare that offers remote monitoring and chronic care management. It reported a data breach that exposed the personal health information of its users.

Salusive Health was the startup that launched the service. The company later filed a data breach notification with the California attorney general’s office stating that it discovered a breach in early March. An unauthorized individual had accessed its protected health data. Patients’ financial, demographic and health information were all accessed. This included names, dates of birth, phone numbers, and dates of birth, including medical histories, diagnosis, treatments, prescriptions and information about health insurance and policies.

Log4Shell Exploit Resurfaces, Threatens Enterprise Data Lakes, AI Poisoning

Dark reading: Enterprise data pools are growing as more organizations embrace AI and machine learning. However, this makes them vulnerable to exploitations of the Java Log4Shell vulnerability. With a view to privacy, organizations are focused on ingesting data points that they can use to train an AI or algorithm. However, too many times, the operators neglect the security of data lakes.

Research has shown that triggering the log4Shell bug is relatively easy once the code is ingested into a target database or repository via a pipeline. Furthermore, such a strategy bypasses traditional safeguards such as application firewalls, sandboxing and other traditional scanning services.

Like the original attacks on the Java Log4j library exploiting a single string, it is only necessary to extract the text. However, researchers say that an attacker could embed the string in a malicious big data file payload to create a shell within the data lake and launch a data poisoning attack. The difficulty of detection is even more significant because the big-data file containing the poison payload can often be encrypted or compressed.

Lincoln College Shuts Down After 157 Years. Blames COVID-19, and Cyberattack

NPR: Lincoln College was not destroyed by the 1918 influenza pandemic. The Great Depression and World War II didn’t help the school, yet it survived. The school was able to withstand a major fire, other economic hardships and many serious threats. Unfortunately, the college will close for good this spring due to two modern blights: the COVID-19 pandemic and a cyberattack.

This is a remarkable turnaround for the small, private school in Illinois that has hosted thousands of first-generation college students and received federal recognition as a predominantly Black institution.

Lincoln College saw record enrollments in fall 2019, filling all its dormitories. The pandemic struck as it did around the globe, disrupting campus life and making it difficult for the school to raise funds and recruit new students. The school had to set aside cash reserves for new technology and safety precautions. In December 2021, ransomware attacked the school, stopping admissions and preventing access to all data.

CBS News reported the fall enrollment had dropped sharply to just a fraction of what was required to sustain operations by the time that the school gained access to its computer systems nearly four months later. In March, the school announced its decision to close. Former and current students felt betrayed by the school, which had provided them with opportunity and refuge from uncertain situations.

In Case You Missed It

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Cybersecurity News & Trends – 05-06-22

Cybersecurity News & Trends

More hot news for SonicWall with lots of coverage for the 2022 SonicWall Cyber Threat Report and the astounding five consecutive perfect results in third-party certification tests (100% detection and zero false positives). In global cybersecurity news, security experts recently gained significant data that is already illuminating the inner workings of ransomware gangs based in Russia and elsewhere. Just in time too with the return of Emotet, “the most dangerous malware in the world.” Krebs dropped a report about Russia using “tech-savvy” prisoners for the benefit of Russian corporations. And finally, a stunning story about Chinese hackers who have (so far) stolen “trillions” in intellectual property from 30 multinational companies.

SonicWall News

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

How To Be Proactive in The Face of Growing Cyber Threats

Security Magazine, SonicWall Threat Report Mention: SonicWall reported that in 2020, the number of malware variants detected grew by 62%. Identity, email, endpoint security and antivirus are all important, but they are not enough.

A Cybersecurity Stock with Monster Tailwinds

Guru Focus, SonicWall Threat Report Mention: With the rising price of cryptocurrency, this has caused these types of attacks to increase in popularity from 66,000 cases in 2020 to 436,000 in the UK alone, according to data from SonicWall.

Negate The Quantum Cyber Threat to Safely Unlock the Potential of Quantum Computers

Inside Quantum Technology News, SonicWall Threat Report Mention: Ransomware, encrypted threats and cryptojacking are just a few attack methods found to have significantly increased in number over the past year, according to SonicWall’s 2022 Cyber Threat Report.

Ransomware Hits 2 Colleges at Semester’s End. What Can Others Do?

Higher Ed Dive, SonicWall in the News: Ransomware attacks doubled worldwide and in North America last year, according to a recent report from SonicWall, a cybersecurity firm. And software company Emsisoft said at least 26 U.S. colleges and universities were hit with ransomware last year.

Cyberattacks Growing in Frequency, Severity, and Complexity

Triple I Blog, SonicWall in the News: In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

Cyber Prevention or Mitigation… Why Can’t It Be Both?

IDG Connect, SonicWall in the News: As it stands, ransomware remains the biggest threat to organisations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, a 105% increase compared to the previous year.

SonicWall Capture ATP Once Again Receives the Highest Score in the ICSA Labs Test

InfoPointSecurity (Deut), SonicWall in the News: SonicWall has received an astonishing five consecutive perfect results in the test against some of the most unknown and rigorous threats – unprecedented performance among the tested providers, said Bill Conner, President and CEO of SonicWall.

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: “But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.”

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

Industry News

Experts Analyze Conti and Hive Ransomware Gangs’ Chats with Their Victims

Hacker News: A four-month analysis of chat logs that spans more than 40 conversations between Conti and Hive ransomware operators and victims is giving cybersecurity analysts new insights into the inner workings of negotiations. One exchange claims that the Conti Team significantly decreased ransom demand from $50 million to $1million, a 98% drop. This suggests a willingness to settle with a lower amount.

The report explains that both Hive and Conti are quick to lower ransom demand, routinely offering substantial decreases multiple times during negotiations. It shows that ransomware victims have at least some negotiating power, contrary to popular belief.

Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three months between October and December 2021.

Conti Ransomware Source Code Leaked on Twitter Out Of Revenge

Bleeping Computer: After the much of the people behind the Conti Ransomware operation supported Russia in the invasion of Ukraine, a Ukrainian researcher called ‘ContiLeaks’ decided to leak source code and data belonging to the ransomware group as his revenge. The leaked source code was a modified version of the Conti ransomware operations, according to the report.

The researcher also published nearly 170,000 chat messages between Conti ransomware gang members last month. These conversations, spanning 2021 and part of 2022, illuminates the operational processes, their activities, how members are involved, and even some insight into organizational structure and the distribution of money.

The researcher leaked the Conti ransomware source code on September 15, 2020. Although the code was quite old, it enabled researchers and law enforcement to understand the malware’s workings better. He then leaked Conti version 3 with a last mod date of January 25, 2021.

Washington Post also noted that thanks to the leaks, authorities now have a better picture of cybercriminals’ personalities, quirks, and habits that have run rampant over U.S. institutions. It also shows how Russia’s invasion of Ukraine has split some criminal gangs.

Emotet is Back From ‘Spring Break’ With New Nasty Tricks

Threat Report: Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. According to recent research, that new approach includes more targeted phishing attacks, unlike the previous spray-and-pray campaigns.

According to a Tuesday report, Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success.

Emotet, once dubbed “the most dangerous malware,” is being leveraged in its most recent campaign to deliver ransomware. For years, those behind distributing the malware have been in law enforcement’s crosshairs. In January 2021, authorities in Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States worked together to take down hundreds of botnet servers supporting Emotet as part of “Operation LadyBird.”

Bleeping Computer also reported that the Japan CERT had released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. The new 64-bit loader and stealer versions make existing detections less useful. Furthermore, the EmoCheck tool could no longer detect the new 64-bit Emotet versions with this switch. Last week, JPCERT released EmoCheck 2.2 to support the new 64-bit versions and can now catch them, which is safely downloadable from Japan CERT’s GitHub repository.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security: Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic and commercial companies.

Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businesspeople in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.

Khabarov told Russian media outlets that under the proposal, people with IT skills at these facilities would labor only in IT-related roles but would not be limited to working with companies in their own region.

The 10 Largest Data Breaches Ever Reported in Healthcare

Beckers Hospital Review: Data breaches in healthcare can cause widespread damage, including the loss of medical records, financial losses for the organization, identity theft and fraud, lawsuits, and a loss of patient trust. Now the industry is more at risk of severe cyberattacks than ever before. The report goes on to list the biggest data breaches ever reported. The story was also reported by Pulse Headlines.

Chinese Hackers Took Trillions in Intellectual Property From About 30 Multinational Companies

CBS News: A yearslong malicious cyber operation spearheaded by the notorious Chinese state group, APT 41, has siphoned off estimated trillions of dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

The story was chiefly compiled by cybersecurity firm, Cybereason, and reveals a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia.

The report explains that the intellectual property stolen includes blueprint diagrams of fighter jets, helicopters, missiles, and drugs around diabetes, obesity, and depression. But, the worst part, the campaign reportedly has not yet been stopped.

In a related story reported by The Hacker News, the China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. The group has targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.

In Case You Missed It

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Cybersecurity News & Trends – 04-29-22

Cybersecurity News & Trends

This week, SonicWall is on a winning streak with another strong showing in general news and industry press. There were continued mentions of the 2022 SonicWall Cyber Threat Report, new product reviews, and partner news. In industry news, the Tenet healthcare network suffered a cyberattack that disrupted operations at two hospitals in Palm Beach, FL. While cyberattacks rage in Ukraine, US Intel warns of fresh attacks on US targets by state-sponsored cyber gangs from China, Russia, and North Korea. Krebs is following a developing situation where hackers are using fake Emergency Data Requests (EDRs) to gain fraudulent law enforcement actions that can compromise companies and agencies. Meanwhile, JPMorgan is getting sued for a hack, the US State Department antes $10M for information about Russian hackers, the malware loader Bumblebee is loose, and experts examine predictive analytics for cybersecurity.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

SonicWall Virtual Firewall Tested and Certified in AWS Public Cloud – Ideal for Distributed Networks

Markets Insider, News: SonicWall today announced a new report by The Tolly Group, which detailed the testing and analysis of the performance of the SonicWall NSv 470 virtual firewall. Using Keysight’s CyPerf cloud-native testing solution to provide the test infrastructure for standardized, repeatable performance tests, Tolly benchmarked the throughput and connection performance of the virtual firewall in Amazon Web Services (AWS).

For Over 30 Years, Jeff Dann Has Had the People, Process, And Technology To Ensure Their Customers Are Protected

MSP Success, Threat Report Mention: SonicWall reports there were 304.7 million ransomware attacks, 51.1 million crypto-jacking attacks, and 32.2 million IoT malware attacks in 2021. The report states that attackers targeted web applications with financial and personal information for a big payday.

The Industry Takes Stock of Cyberattacks In Hawaii

Pacific Inno, News: Each year, the SonicWall Cyber Threat Report uncovers insights extracted from global cyberthreat data collected and analyzed by expert researchers. SonicWall calls its report “the world’s most quoted ransomware threat intelligence,” and it is an annual snapshot of the threat landscape, helping business and government leaders make informed decisions about cybersecurity.

Learn how NLP Can Help to Understand the Cyber-Exposure And The Silent Cyber

Intelligent Insurer, Threat Report Mention: Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% year on year, according to security vendor SonicWall. The firm reports an 1,885 percent increase in attacks on government targets, healthcare (755 percent), education (152 percent) and retail (21 percent).

Cyber Threats to Media Companies Are on The Rise

E&P, Threat Report Mention: Reporter Amiah Taylor explained ransomware research by SonicWall, an internet cybersecurity company, and its 2022 Cyber Threat Report, which offers some alarming statistics about ransomware attacks, in particular governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

How To Choose the Best VPN For Security and Privacy

CSO Magazine, Product Mention: For example, SonicWall’s Mobile Connect supports Ping, Okta and OneLogin identity providers.

Privacy Coin Monero’s Use in Ransomware Fuels Growing Security Concerns

PYMNTS.com, Threat Report Mention: That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.

Industry News

Tenet Says, ‘Cybersecurity Incident’ Disrupted Hospital Operations

Healthcare Dive: Tenet is one of the largest US for-profit health systems. It reported that it suffered a cybersecurity incident last week, which disrupted some acute care operations. According to the statement issued Tuesday by the Texas-based operator, most critical functions have been restored, and affected facilities are beginning normal operations. Tenet did not disclose the nature or extent of the incident or the affected facilities. It also didn’t say whether hackers accessed any patient data.

SC Media and CBSNews affiliate WEPC offered additional details on the incident, reporting that the attack forced caregivers to chart patient care using paper because the network’s phone and computer systems were down. As a result, the company’s “acute care operations” at Good Samaritan Hospital in West Palm Beach and St. Mary’s Medical Center were temporarily interrupted.

Cyberattacks Rage in Ukraine, Support Military Operations

Threat Post: At most, five advanced persistent threats (APTs) are believed to be behind attacks tied to ground campaigns that aim to harm Ukraine’s digital infrastructure. Five state-sponsored APT groups are behind the attacks on Ukraine that started in February. The groups used the cyberattacks against Ukraine strategically to support the ground campaign. Microsoft published research on Wednesday that revealed that Russia had state-sponsored the APTs in the campaign.

Separate reports this week shed light on cyberattacks against Ukrainian digital assets carried out by APTs linked to Russia. Microsoft researchers have found that six distinct Russia-aligned threat agents carried out 237 cyber operations, resulting in threats to civilian welfare. They also attempted to launch dozens of cyber espionage attempts against Ukrainian targets.

US Intel, Google Warn of Cyberattacks from China, Russia, North Korea

Newsweek: In the past month, intelligence agencies, President Joe Biden and large companies such as Google all issued the same warning — sounding alarms about the growing threat of cyberattacks coming from foreign governments. Christopher Wray, Director of the Federal Bureau of Investigation, stated that the People’s Republic of China and the Chinese Communist Party are the biggest threats to the country’s counterintelligence. He said they target our innovation, trade secrets, and intellectual property at a scale never before seen in history. According to Google’s Threat Analysis Group (TAG), Iran, North Korea and Russia are the top cyberattacks on the US.

Fighting Fake EDRs with ‘Credit Ratings’ for Police

Krebs On Security: The Krebs security team recently examined how cybercriminals used hacked email accounts of police departments worldwide to obtain warrantless Emergency Data Requests from technology providers and social media companies. Many security experts called it an insurmountable problem. Matt Donahue is a former FBI agent who recently left the agency to start a startup to help tech companies screen out fraudulent law enforcement data requests. This includes assigning credit ratings or trustworthiness to law enforcement agencies worldwide.

Manufacturer Sues JPMorgan After Cybercriminals Stole $272m

Computer Weekly: Essilor Manufacturing sued JP Morgan, alleging that the bank failed to report suspicious activity, leading cybercriminals to steal $272 million. According to reports, Ray-Ban sunglasses’ French manufacturer claimed that the bank failed to notify them of suspicious activity in New York. As a result, the manufacturer claimed an increase in money transactions and money sent to offshore companies in high-risk countries in papers filed in Manhattan federal court.

State Dept Offering $10 Million For Information on Russian Cybercriminals

The Hill: The State Department has announced it is offering a reward of up to $10 million for information on a group of Russian cybercriminals. The department released a press release on Tuesday stating that its Rewards for Justice program (RFJ) is looking for information about six people who are allegedly involved in a criminal conspiracy involving malicious hacking activities that affect the critical infrastructure of the United States. According to the State Department, these individuals were part of a criminal conspiracy that infected computers with destructive malware in June 2017. The malware was called NotPetya.

Cybercriminals Using New Malware Loader’ Bumblebee’ in the Wild

Hacker News: The cybercriminals who were previously seen delivering IcedID and BazaLoader as part of their malware campaigns may have switched to a new loader called Bumblebee, which is currently actively being deployed. Researchers report that Bumblebee may be the new multifunctional tool of choice for spreading malware based on cybercriminals’ timing and early proliferation of the loader. The new loader was distributed in March 2022. There are overlaps between malicious activity and Conti ransomware deployments.

Predictive Analytics could be the Future of Cybersecurity

Analytics Insight: While it might not be possible to prevent every data breach, it is possible to minimize the risk. Even the most skilled cyber professionals admit that it is impossible to control all data breaches. It is impossible to stop determined hackers from getting into systems. This is not because they are too sophisticated; even the most experienced security professionals fall prey to human error. Nevertheless, it is possible to minimize the risk, which is good news. Organizational leaders must accept this fact as soon as possible. It is best to assume that data breaches will happen and set up cyber defenses to reduce the damage. A crisis checklist can help prepare for the worst.

In Case You Missed It

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi

Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi

Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell