Posts

Cybersecurity News & Trends – 10-20-2023

Today is National Information Overload Day – we’re happy to overload you with information about all the amazing things happening at SonicWall this week. Channel Futures wrote about the awesome changes we recently made to our SecureFirst Partner Program.  CRN UK covered some of SonicWall’s plans for European and global channel expansion.

In industry news, Bleeping Computer had the lowdown on Steam’s new SMS-verification policy for developers. Hacker News provided information on some concerning attacks on telecom companies in Ukraine. Tech Crunch covered a zero-day exploit affecting thousands of Cisco devices. Dark Reading broke down the top ten passwords used by admins, and they’ll probably surprise you.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall CEO teases global rollout of partner programme amid Euro channel push

CRN UK, SonicWall News: SonicWall has its sights set on European and global channel expansion after relaunching its revamped partner programme in the US in September. According to CEO, Robert VanKirk, the cybersecurity vendor is sharply focused on helping its partners incorporate more services into their offer but meeting them where they are in their cybersecurity journey.

14 New, Changing Channel Programs: SonicWall, Ingram Micro, Cisco, More

Channel Futures, SonicWall News: SonicWall is introducing “aggressive discount levels” for partners selling to new customer accounts. The discounts, which all partner tiers can access, ease the cost of customer acquisition, according to SonicWall. Among many changes that stemmed from partner feedback, SonicWall is allowing partners to access benefits before committing to training or business planning with the supplier. Those updates come a couple months after Michelle Ragusa-McBain took the helm of the vendor’s channel.

Zero-trust model and Gen AI-based threat detection are emerging security trends: Chandrodaya Prasad, Executive VP, Product Management & Product Marketing, SonicWall

CRN India, SonicWall News: In an exclusive interview with CRN India, Chandrodaya Prasad, Executive Vice President, Product Management & Product Marketing, Sonicwall, shares his perspective on strengthening the cybersecurity of businesses with effective solutions.

SonicWall Adds Key Piece to Channel Leadership Evolution; Names New Chief Marketing Officer Christine Bartlett

Telecom Reseller, SonicWall News: SonicWall, a world-leading cybersecurity, partner-first business for more than 30-years, announced today that Christine Bartlett will serve as its Senior Vice President and Chief Marketing Officer (CMO).

Infinigate Coud partners with SonicWall to expand expertise and channel reach

CRN UK, SonicWall News: Infinigate is announcing an expansion to its relationship with SonicWall to partner with its Infinigate Cloud business. With this new partnership, Infinigate Cloud will bring additional expertise and channel reach in the UK. Cybersecurity firm, SonicWall, delivers boundless cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure.

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

Industry News

Steam to Begin Enforcing MFA for Developers Due to Malware

Popular online gaming platform Steam will begin requiring SMS verification for developers to prevent malware from hijacking game updates. This decision comes on the heels of researchers discovering a malware campaign in which hackers were exploiting a vulnerability in Steam’s update mechanism. The malware, known as “SteamHide,” could hide itself inside legitimate game updates and execute malicious code on the user’s computer. It could also spread to other Steam users by hijacking the infected users’ direct messages and sending links to users on their friend lists. The addition of SMS verification will add an extra layer of security to the update process which should help protect users from attacks like this in the future. While SMS verification will be required for developers starting on October 24, it’s still optional for regular Steam users, but Steam does recommend all users enable this feature for optimal protection. It’s worth noting that SMS verification is not a perfect solution by any means. It’s still vulnerable to threats such as SIM-swap attacks which have gained popularity among threat actors in recent years. It should help, nonetheless.

Hackers Use Zero-day to Access Thousands of Cisco Devices

An unpatched zero-day exploit in Cisco’s networking software has led to a field day for threat actors. According to threat researchers, hackers have already exploited the vulnerability to compromise tens of thousands of devices. Cisco released a statement this week saying that the bug had been found in its IOS XE software which is used by many of its networking devices. The affected devices include Cisco enterprise switches, wireless controllers, access points and industrial routers. Cisco’s threat intelligence wing stated that the hackers have been exploiting the bug since at least September 18, so nearly a month. Researchers noted that a majority of the compromised devices are in the United States with some in the Philippines and Mexico. The vulnerability has received a severity rating of 10.0, but Cisco has not released a patch as of yet. A Cisco spokesperson assured users that the company is working non-stop to get a fix out. In the meantime, users of potentially compromised devices should disable the HTTP Server feature and search their networks for any signs of compromise.

Threat Actors Targeting Ukrainian Telecom Companies

The Computer Emergency Response Team of Ukraine (CERT-UA) has released information showing that a threat group has been targeting telecom service providers inside the country for the past several months. According to CERT-UA, these threat actors targeted at least 11 telecom companies in Ukraine between May and September 2023. The agency noted that these attacks have resulted in service interruptions for customers. Threat researchers have identified the way the attacks are happening. They appear to be using two specialized programs named ‘POEMGATE’ and ‘POSEIDON’ to steal credentials and gain remote access. After they infiltrate the servers, they use a program called ‘WHITECAT’ to cover their footsteps. The attacks seem to be originating from legitimate accounts, which track with multiple waves of phishing attacks the agency has observed in October. From what CERT-UA has seen, the goal of the attacks is credential theft and accessing remote banking systems to send unauthorized payments.

Admins Passwords Are Just as Bad as the Rest of Ours

Admins, the jig is up – we know you’re just as lazy about passwords as the rest of us, and Dark Reading has confirmed it. Researchers analyzed over 1.8 million administrator portals and found some alarming statistics concerning the strength of administrator passwords. The researchers broke down the top ten most used passwords from administrators. The top password? Believe it or not, it was ‘admin,’ with over 40,000 uses. The rest of the top ten was littered with passwords just as easy to guess, such as ‘123456’ and ‘password.’ So, if you, like me, thought that administrators were beacons of good tech habits to be admired by all of us lowly tech-illiterate folk, think again. Administrators may be the worst offenders of us all when it comes to weak passwords. If you want some information on creating strong passwords, check out our Cybersecurity Awareness Month blog on the matter – you may even consider sending it to an administrator near you.

SonicWall Blog

SonicWall’s Online Support Resources: Expanding Horizons for Enhanced Customer Experience – Micah Vorst

National Cybersecurity Awareness Month: Password Pro Tips – Jordan Riddles

National Cybersecurity Awareness Month: 20 Years of Securing Our World – Amber Wolff

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

Cybersecurity News & Trends – 10-13-2023

An October Friday the 13th feels twice as spooky with Halloween not far off. But you know what really sends a chill down our spines? Not being aware of cybersecurity. Fortunately, SonicWall has you covered with our Cybersecurity Awareness Month blog series. Be sure to check it out for cybersecurity knowledge, tips and tricks.

In industry news, Dark Reading had the lowdown on a major bug discovered by Atlassian. Hacker News covered the FBI and CISA’s joint advisory on AvosLocker. Tech Crunch provided details on the 23andMe breach. Bleeping Computer briefed us on the Air Canada breach. Plus, we take a look at the top ten most phished brand names.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Zero-trust model and Gen AI-based threat detection are emerging security trends: Chandrodaya Prasad, Executive VP, Product Management & Product Marketing, SonicWall

CRN India, SonicWall News: In an exclusive interview with CRN India, Chandrodaya Prasad, Executive Vice President, Product Management & Product Marketing, Sonicwall, shares his perspective on strengthening the cybersecurity of businesses with effective solutions.

SonicWall Adds Key Piece to Channel Leadership Evolution; Names New Chief Marketing Officer Christine Bartlett

Telecom Reseller, SonicWall News: SonicWall, a world-leading cybersecurity, partner-first business for more than 30-years, announced today that Christine Bartlett will serve as its Senior Vice President and Chief Marketing Officer (CMO).

Infinigate Coud partners with SonicWall to expand expertise and channel reach

CRN UK, SonicWall News: Infinigate is announcing an expansion to its relationship with SonicWall to partner with its Infinigate Cloud business. With this new partnership, Infinigate Cloud will bring additional expertise and channel reach in the UK. Cybersecurity firm, SonicWall, delivers boundless cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure.

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

Industry News

Chinese-Sponsored APT Responsible for Major Bug, Organizations Should Brace for Impact

A critical bug first discovered in Atlassian Confluence Server and Confluence Data Center could cause widespread issues for many organizations, says Microsoft. Atlassian acknowledged the bug last week but mistook it for a privilege escalation issue. In reality, the bug can be exploited remotely without need for authentication which makes it that much more dangerous. Microsoft has been tracking the bug and has tracked it to a Chinese-sponsored APT known as DarkShadow. In Microsoft’s Digital Defense Report released last week, the tech giant noted that these Chinese state-sponsored campaigns typically have a goal of intelligence gathering and global influence. Since this exploitation has been seen in the wild, security researchers believe businesses should brace for mass exploitation as Confluence already has a history as a target for cybercrime groups. Microsoft has advised any organizations using vulnerable Confluence applications to upgrade to a fixed version as soon as possible. Only time will tell the ramifications of this bug as more attacks unfold.

AvosLocker Ransomware Gang Targeting Critical Infrastructure

This week, United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the AvosLocker hacker gang. The gang has been linked to attacks on critical infrastructure as recently as May 2023. The advisory breaks down the ransomware group’s tactics, tools and more. According to Hacker News, AvosLocker typically uses open-source tools and living-off-the-land (LotL) tactics which leaves very little evidence. It’s unclear what prompted the agencies to release an advisory this week, but both agencies are urging critical infrastructure organizations to take measures now to reduce their chances of experiencing an AvosLocker attack. You can read the full advisory here as well as see the steps the agencies are advising organizations to take.

Hackers Advertise 23andMe Data on Dark Web Forums

It appears that popular DNA analysis company 23andMe did not take a hacker seriously in August, and that hacker may have been telling the truth. In mid-August, a hacker posted on a hacker forum called Hydra claiming to have breached 23andMe. That hacker claimed to have stolen over 300 terabytes of user data from 23andMe. The hacker alleged to have contacted 23andMe asking for ransom, but the company did not take the matter seriously. Last week, more data was posted on a more popular hacker forum and that data seems to match the data from the hack way back in August. Despite this, 23andMe has so far declined to confirm or deny whether the leaked data is real or not. They would only state that the matter is under investigation. So, while many people were led to believe the breach only occurred last week, it appears the breach may have taken place much earlier and the data may have been circulating for much longer. More information is sure to come out as investigations continue. 23andMe has at least prompted users to reset and change their passwords as well as enable multi-factor authentication (MFA).

Top Ten Most Phished Brand Names

A recent study by the cybersecurity website ‘Abnormal Intelligence’ highlighted the rise in brand impersonation as a tactic in phishing campaigns. The article lists the top ten most impersonated brands for 2023: among them Microsoft, PayPal, and Facebook. Read the original blog post for the complete list. It’s no wonder why cybercriminals target these prominent brands for their widespread usage and the potential for high-impact breaches. For instance, compromising Microsoft credentials can lead to unauthorized access to the M365 cloud environment, resulting in exfiltration of sensitive data or more malicious business compromise attacks. The study underscores the importance of recognizing attackers’ methods to exploit brand familiarity and the dire consequences of falling victim to such schemes. Abnormal Intelligence is part of Abnormal Security, a security startup that employs artificial intelligence to identify potential cyberattacks.

Threat Group Takes Credit for Air Canada Breach

An extortion group known as BianLian has taken credit for stealing 210GB of data from Air Canada in a recent breach. In September, Air Canada claimed that the breach contained only “limited personal information of some employees and certain records.” If the attackers are to be believed, the breach was actually much more extensive and contains much more sensitive information. According to Bleeping Computer, BianLian claims to have stolen technical and operational data spanning the past 15 years as well as personal information, SQL backups, supplier data, confidential documents and much more. Air Canada has remained tight-lipped about how many employees were affected and when exactly the breach took place. This week, the airline also sent emails to some customers asking them to enable SMS-based multi-factor authentication. It’s hard to believe that’s a coincidence.

SonicWall Blog

SonicWall’s Online Support Resources: Expanding Horizons for Enhanced Customer Experience – Micah Vorst

National Cybersecurity Awareness Month: Password Pro Tips – Jordan Riddles

National Cybersecurity Awareness Month: 20 Years of Securing Our World – Amber Wolff

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

Cybersecurity News & Trends – 10-05-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

October has arrived, and the air outside is starting to cool off – but here at SonicWall things are still heating up. We’re kicking off National Cybersecurity Awareness Month this week, so be sure to check out our blog for some awesome security tips and tricks.

In industry news, Data Breach Today had the scoop on a massive data breach of a Michigan-based health system. Dark Reading covered a new Looney Tunes-themed Linux bug that could cause headaches as well as Amazon’s plan to require multi-factor authentication (MFA) for AWS users. Bleeping Computer broke down the FBI’s warning about rising ‘phantom hacker’ scams on the elderly.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Adds Key Piece to Channel Leadership Evolution; Names New Chief Marketing Officer Christine Bartlett

Telecom Reseller, SonicWall News: SonicWall, a world-leading cybersecurity, partner-first business for more than 30-years, announced today that Christine Bartlett will serve as its Senior Vice President and Chief Marketing Officer (CMO).

Infinigate Coud partners with SonicWall to expand expertise and channel reach

CRN UK, SonicWall News: Infinigate is announcing an expansion to its relationship with SonicWall to partner with its Infinigate Cloud business. With this new partnership, Infinigate Cloud will bring additional expertise and channel reach in the UK. Cybersecurity firm, SonicWall, delivers boundless cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure.

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall: ‘Complacency is the enemy in the cybersecurity game’

Unleash, SonicWall News: SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.” Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million). However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million. Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.

Industry News

Alphv/BlackCat Claims to Have Stolen 6 Terabytes of Data on 2.5 Million Patients in Cyberattack

The ransomware group known as Alphv/BlackCat has claimed to have stolen the information on 2.5 million people in an attack on McLaren Health Care, which is based in Michigan. The McLaren Health Care system is quite large, consisting of 13 hospitals and dozens of other medical facilities as well as a network of cancer centers. McLaren first noticed suspicious activity on its systems near the end of August, and immediately temporarily disconnected its network as a precaution. It also began an investigation and recruited cybersecurity specialists to help. Alphv/BlackCat not only claims to have stolen the 6 terabytes of patient data, but it also claims to still have a backdoor running on the health system’s network. McLaren hasn’t officially announced exactly what was lost in the attack, so the claim of how much and what type of data was stolen is coming entirely from the ransomware gang. McLaren has also notified relevant authorities to assist in the investigation. A director at a security firm noted that many ransomware gangs steer clear of the healthcare industry for ethical reasons, but Alphv/BlackCat uses this to its advantage and actually targets the healthcare sector even more. We should know more about this attack once McLaren announces the findings of its investigation.

Looney Tunes Themes Bug Poses Threat to Millions of Linux Systems

Threat actors can now use an easily exploitable bug called ‘Looney Tunables’ to gain root privileges on millions of Linux systems. The vulnerability is a buffer overflow flaw in a library used by a huge percentage of Linux systems. Fedora, Ubuntu and Debian systems are most at risk from this bug. The firm that discovered the bug said that they discovered it in the GNU C Library (glibc), which is used by most Linux machines. It’s apparently called ‘Looney Tunables’ because the exploit occurs in the processing of a variable called ‘GLIBC_TUNABLES’. According to Dark Reading, exploiting the flaw can give the threat actor access to unauthorized data, allow them to perform system alterations and even steal data. IoT devices are particularly susceptible to this flaw due to the amount they use the Linux kernel with custom operating systems. Any organizations utilizing Linux systems will need to hastily patch their systems to mitigate risks.

AWS to Require Multi-factor Authentication for Certain Users

Amazon has announced that it will be rolling out a multi-factor authentication (MFA) mandate for Amazon Web Services (AWS) users with the highest privileges beginning in 2024. Under these new requirements, any AWS user with root privileges will be required to use MFA to log in. But that’s only the beginning. AWS will continue to expand those requirements to include users with lower access after the initial rollout for root users. This decision isn’t surprising seeing as cloud services such as AWS and Azure have seen increasing attacks over the past couple years. Requiring MFA will be a huge increase in security for the cloud service and will hopefully result in lowered numbers of successful cyberattacks on organizations using the services.

‘Phantom Hacker’ Scams Targeting the Elderly Are on the Rise, Says FBI

In a statement released this week, the FBI has warned of a steep increase in ‘phantom hacker’ attacks targeting the elderly. According to the FBI, the scam is an evolved form of general tech support scams. In this attack, scammers pose as bank employees contacting the victims and telling them that their bank account has been hacked. They stress that unless the problem is addressed, the victim could lose all of their money. Through this manipulation, the attackers get the victims to hand over banking information. Once the information is handed over, another scammer gets involved and has the victim transfer their funds to a supposed ‘secure account.’ The statement from the FBI stated that there have been 19,000 complaints about these sorts of scams between January and June 2023, with over $542 million stolen from the victims. Nearly 50% of the victims were over 60 years old. In August 2023, total losses for 2023 had already exceeded the entire amount from 2022 by 40%. The FBI has warned individuals not to trust pop-ups, links sent through text messages or email attachments. If you receive a message claiming to be from your bank, you should not use the provided phone number in the message. Look up your bank’s phone number yourself and contact them from there.

SonicWall Blog

National Cybersecurity Awareness Month: 20 Years of Securing Our World – Amber Wolff

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

Cybersecurity News & Trends – 09-29-2023

September may be ending soon, but the news never stops at SonicWall. CRN UK announced that SonicWall and Infinigate are expanding their relationship. Telecom Reseller discussed the hire of SonicWall’s new Senior Vice President and Chief Marketing Officer, Christine Bartlett.

In industry news, Dark Reading discussed ongoing attacks on the hospitality industry following the attacks on MGM and Caesars as well as threat actors posing as GitHub Dependabot. Bleeping Computer had the lowdown on Chinese hackers targeting corporate Cisco routers. Tech Crunch covered the zero-day exploit at Google.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Adds Key Piece to Channel Leadership Evolution; Names New Chief Marketing Officer Christine Bartlett

Telecom Reseller, SonicWall News: SonicWall, a world-leading cybersecurity, partner-first business for more than 30-years, announced today that Christine Bartlett will serve as its Senior Vice President and Chief Marketing Officer (CMO).

Infinigate Coud partners with SonicWall to expand expertise and channel reach

CRN UK, SonicWall News: Infinigate is announcing an expansion to its relationship with SonicWall to partner with its Infinigate Cloud business. With this new partnership, Infinigate Cloud will bring additional expertise and channel reach in the UK. Cybersecurity firm, SonicWall, delivers boundless cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure.

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall: ‘Complacency is the enemy in the cybersecurity game’

Unleash, SonicWall News: SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.” Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million). However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million. Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.

Industry News

Luxury Hotel Industry Under Attack Following MGM and Caesars Incidents

With the effects of the recent cyberattacks on the MGM Grand and Caesars still lingering, threat actors still have their sights set on the hospitality industry. The hackers are using a targeted phishing campaign intended to spread info-stealing malware to bait luxury hotel employees into responding. According to the security researchers who discovered the ongoing attacks, the campaign is “highly sophisticated and well-thought-out.” The threat actors spoof company email addresses to add legitimacy to the attacks. Once a response is given, the attackers send the phishing links in the follow-up emails. The goal of the initial attacks is simply to steal credentials to gain access to various applications in the corporate systems. Once they have the credentials, they can initiate a number of attacks from inside the system to sow chaos within the organization and steal data, money and more. The hospitality industry in general should be looking to bolster its cybersecurity while keeping a keen eye out for any suspicious emails or direct messages. These attacks seem likely to continue.

US and Japan Issue Warning on Chinese Hackers Targeting Cisco Routers

This week, authorities in the United States and Japan have issued warnings about Chinese hackers known as “BlackTech” that have been breaching Cisco routers to install custom backdoors for corporate network access. BlackTech is a Chinese state-sponsored hacking group known mainly for cyberespionage. The joint report was released by the FBI, NSA, CISA and Japan’s NISC and NPA. BlackTech allegedly targets multiple industries, including defense, telecom, tech, government, media and industry. BlackTech hackers typically target smaller appliances at remote branch offices instead of the main corporate headquarters. These appliances are often easier to breach and provide the hackers a foothold into the main organization. The joint advisory asks system administrators to keep an eye out for unauthorized actions that could indicate a threat actor is loading modified firmware onto devices. Bleeping Computer has the full list of recommendations listed in the advisory.

Google Rushes to Patch Zero-day Exploit

A commercial spyware vendor was caught exploiting a zero-day vulnerability in Google Chrome this week, and Google had to hastily patch it. Google’s Threat Analysis Group (TAG) informed Google of the exploit a mere two days before the patch was released. Google didn’t say much else about the exploit, choosing to stay tight-lipped until patches are released for any other products this exploit may affect. This patch comes just a few weeks after Google had to patch another zero-day exploit that was given a 10/10 severity rating. That exploit, known as BLASTPASS, was actually used against a member of a civil society organization in Washington, D.C., according to Tech Crunch. Let’s hope that this current exploit isn’t quite so severe.

Supply Chain Attackers Pose as GitHub Dependabot to Fool Victims

In a recent attack on software supply chains, threat actors posed as GitHub Dependabot to trick developers into accepting malicious updates. The attackers used stolen passcodes to make changes to the software that were then accepted by the duped developers. If the faux codes read as if they were made by Dependabot, the developers are much less likely to look into the changes. Dependabot is a tool owned by GitHub that was developed as a way to implement automated software and security checks for projects hosted on GitHub. According to security researchers, this is the first such instance of an attacker posing as Dependabot specifically. This type of attack, however, is not new. Threat actors love to impersonate legitimate tools or organizations to trick users into giving them private information. It’s worth noting that GitHub itself was not compromised in this attack. This is just an instance of a threat actor using the name of a tool GitHub owns for nefarious purposes. GitHub recommends developers lock down their software pipelines against attacks like these to make sure they don’t become victims.

SonicWall Blog

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price– Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Cybersecurity News & Trends – 09-22-2023

Today is National Ice Cream Cone Day, but that’s not the only scoop. This week SonicWall announced its revamped SecureFirst Partner Program to much acclaim. The changes are a culmination of actively listening to our partner community and implementing changes that put partners first, as reported on by eChannel News, MSSP Alert, Channel Futures and CRN. In other SonicWall news, CSO spoke with SonicWall Vice President of Strategic Partner Enablement and Integration Bobby Cornwell about his thoughts on the cyberattack at MGM.

In industry news, Dark Reading reported on CISA and the FBI’s alert on ‘Snatch’ ransomware-as-a-service (RaaS). Bleeping Computer had the lowdown on the breach at Pizza Hut Australia and the cyberattack on the International Criminal Court in the Netherlands. Hacker News provided details on a hacker named ‘Sandman’ using a strange Lua-based malware to breach telecom companies.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall: ‘Complacency is the enemy in the cybersecurity game’

Unleash, SonicWall News: SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.” Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million). However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million. Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.

Liongard Expands SonicWall Relationship to Enhance Configuration Change Detection and Response with Capture Client Platform to Mitigate Cybersecurity Risk

Business Wire, SonicWall News: “Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard, “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes, both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

Industry News

CISA and FBI Sound the Alarm on Snatch Ransomware Service

This week, CISA and the FBI issued a joint advisory on a ransomware-as-a-service (RaaS) operation called “Snatch.” Snatch has been active since at least 2018, and the group’s RaaS software is known for forcing Windows computers to boot into safe mode and then encrypting files. The advisory issued by both agencies warns that the group is turning its eyes to critical infrastructure sectors such as IT, defense and agriculture. Snatch has been more active over the past year, which may explain the timing of this advisory. Snatch infiltrates organizations in a variety of different ways including using stolen credentials and targeting vulnerabilities in Remote Desktop Protocol (RDP). Once inside, the group uses a mixture of legitimate and malicious tools to exfiltrate sensitive data before encrypting the files. Cybersecurity experts noted that a majority of these attacks have been focused on organizations in North America. Any organizations in the listed critical sectors should be paying extra attention as Snatch continues its spree.

193,000 Customers Affected by Pizza Hut Australia Breach

Customers of Pizza Hut Australia are being notified this week of a cybersecurity incident that allowed threat actors to nab their personal information. Pizza Hut Australia’s servers that store customer’s sensitive data were accessed by hackers earlier this month. The notification stated that the breached data included customer record details and online order information. It includes full names, delivery addresses, delivery instructions, email addresses, phone numbers, masked credit card data and encrypted passwords. Despite the encryption of the passwords, Pizza Hut Australia did suggest customers consider changing their passwords. A threat actor named ‘ShinyHunters’ who breached Pizza Hut Australia in early September stated that they gained access to Pizza Hut Australia via an unprotected Amazon Web Services (AWS) endpoint. It’s unclear so far if the attack by ShinyHunter is the same attack Pizza Hut Australia is notifying customers of at this stage, but it does seem like a possibility. All Pizza Hut Australia customers should be watching their emails vigilantly for any suspicious communications.

European, African and South Asian Telecom Providers Targeted by ‘Sandman’ Hacker

Security researchers have linked a threat actor named “Sandman” to a series of cyberattacks targeting telecom providers in three continents. The hacker is utilizing a just-in-time (JIT) compiler called LuaJIT, which is used for coding in the programming language Lua, to deploy a novel implant called ‘LuaDream.’ While no known threat group has taken credit for the attacks, researchers implied this didn’t seem like a one-man show. The security researchers stated that the way LuaDream is executed indicates it’s a “well-executed, maintained and actively developed project of considerable scale.” According to Hacker News, seeing Lua used in the threat landscape isn’t very common. In fact, it’s only been observed three times since 2012. Researchers aren’t entirely certain how the threat actors are gaining initial access, but they do know it involves stealing administrative credentials and obtaining information to breach workstations and deliver the malware. Researchers should learn more as the threat actor(s) continue attacks throughout the three continents, but this does seem to be a strange tool.

International Criminal Court Suffers Cyberattack

The International Criminal Court (ICC) released a statement concerning a cyberattack that took place last week. The ICC noticed its systems had been breached and immediately took measures to address the incident. The ICC is hosted by the Netherlands, and Dutch authorities are now involved in the investigation. While the ICC didn’t release further information on the damage that had been done during the cyberattack, the organization did state that it will be making greater efforts to strengthen its cybersecurity. The ICC typically investigates and prosecutes the worst of the worst crimes affecting international communities, such as war crimes, genocide and more. This year, the ICC issued an arrest warrant for Russian President Vladimir Putin for war crimes in Ukraine. It’s unclear what the threat actors’ goals were for this attack, but the investigation should shed light on that.

SonicWall Blog

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Cybersecurity News & Trends – 09-14-2023

Fall is in the air, and the leaves will soon be changing colors, which is fitting because today is National Coloring Day. SonicWall may not have any crayons, but we’ve been adding some color to the media this week with SonicWall EMEA Vice President Spencer Starkey talking to SC Media about threat geomigration and Security Boulevard citing data from our Mid-Year Cyber Threat Report.

In industry news, Bleeping Computer had the lowdown on the latest Lazarus gang cryptojacking attack as well as the massive cyberattack at MGM Resorts. Tech Crunch covered the near-parallel attack at Caesars Entertainment. Dark Reading reported on a brand-new malware variant with a late-night theme.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall: ‘Complacency is the enemy in the cybersecurity game’

Unleash, SonicWall News: SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.” Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million). However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million. Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.

Liongard Expands SonicWall Relationship to Enhance Configuration Change Detection and Response with Capture Client Platform to Mitigate Cybersecurity Risk

Business Wire, SonicWall News: “Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard, “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes, both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Industry News

MGM Resorts Cyberattack Causes IT Shutdown

The main website, online reservation system, and some in-casino services of MGM Resorts International were shut down following a cyberattack this week. As of Thursday, systems have now been down for four full days. The company stated that it began an immediate investigation as soon as it noticed a cyberattack was underway. The systems appear to have been shut down by MGM Resorts itself as a protection measure – not shut down by the hackers. According to a local news outlet, some guests at the resort even reported that their room keys were no longer working. While it appears many systems have been affected, the type of cyber incident that led to this has not been released publicly. A hacking group known as ‘Scattered Spider’ has taken credit for the attack. Scattered Spider is believed to be made up of young adults and teenagers from the United States and United Kingdom. They’ve claimed the attack on MGM but denied involvement with a similar attack on Caesars Entertainment. Dark Reading believes they are responsible for both.  This string of attacks on casinos has certainly shaken things up in Las Vegas. It’s unclear when MGM’s systems may come back online at this time. This isn’t MGM Resorts’ first rodeo with cybersecurity incidents. In 2019, hackers stole more than 10 million customer records from the company. Further information should become available as time goes on.

Caesars Entertainment Suffers Massive Data Breach

MGM isn’t the only casino getting hit with cyberattacks this week. On Thursday, Caesars Entertainment reported that hackers had stolen a significant amount of customer data in a cyberattack. The hackers allegedly stole a complete copy of Caesars’ customer loyalty database. The stolen data has loads of sensitive information including Social Security numbers, driver’s license numbers and more. The report from Caesars indicated that they may have paid a ransom to the hackers, stating, “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.” Some reports claimed Caesars had paid around $15 million to the hackers to stop the leak of its data. The attack was apparently the result of a social engineering attack on a third-party IT company that works with Caesars. Representatives of Caesars Entertainment haven’t responded to any requests for comments but have confirmed that they’ve reached out to relevant law enforcement agencies concerning the breach. The hacking group that has now taken credit for the attack on MGM, Scattered Spider, denies any involvement in the attack on Caesars, but Dark Reading states otherwise.

Hackers Unveil Never-before-seen ‘3AM’ Malware After LockBit Fails

Threat actors attacking a construction company using LockBit ransomware had a surprise trick up their sleeve. When the LockBit ransomware failed to infiltrate the network, they pulled out a never-before-seen malware variant called ‘3AM.’ According to Dark Reading, the new malware is nothing to write home about other than its cutesy name, but it did sneak through one computer on the system making the attack successful. After deploying 3AM, a thematic note appeared saying, “Hello, ‘3 am’ The time of mysticism, isn’t it? All your files are mysteriously encrypted, and the systems ‘show no signs of life’, the backups disappeared. But we can correct this very quickly and return all your files and operation of the systems to [sic] original state.” While the note reads like a bad attempt at creative writing, the ransomware was indeed successful. Researchers noted that organizations should expect hackers to have more than one method of attack. An attacker using multiple malware families isn’t unheard of. The best thing any organization can do is have robust cybersecurity capable of thwarting multiple malware variants in place.

CoinEx Loses $53 Million of Cryptocurrency in Cryptojacking Attack

CoinEx, a global cryptocurrency exchange platform, announced this week that cyber attackers had stolen more than $50 million worth of cryptocurrency from them. The stolen cryptocurrencies include Ethereum, Tron and Polygon. CoinEx did state that cryptocurrencies held by its users were not affected by this attack, and if it’s discovered that any have been, the affected parties will receive full compensation from CoinEx. According to Bleeping Computer, a blockchain investigator has linked the attack to North Korea’s Lazarus gang. Lazarus has been responsible for many high-profile cryptojacking attacks this year including attacks on Atomic Wallet, Alphapo and CoinsPaid. At this point, one would almost assume that any high-profile cryptojacking will be linked to Lazarus. Crypto exchanges seem to be the favorite target of the group as of late.

SonicWall Blog

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Cybersecurity News & Trends – 09-08-2023

Fall is fast approaching, and with the new season comes SonicWall’s season of sales – check out our promotion page to find deals on firewalls, endpoint protection and more. This week, SonicWall CEO Bob VanKirk went on Nasdaq TradeTalks to discuss how IT departments can fend off stealthier cyberattacks. Be sure to check out the Mid-Year Update to the 2023 Cyber Threat Report to see more of what to watch out for.

In industry news, Dark Reading detailed Microsoft’s discovery of a Russian misinformation campaign in Africa and a brand-new cloud attack vector that should have DevOps on notice. Bleeping Computer covered Okta’s warning of IT help desk attacks in the United States. Tech Crunch had the lowdown on Flipper Zero’s latest disruptive ability.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Industry News

Russia Begins Misinformation Campaign in Africa

An investigation by Microsoft has revealed Russia’s nefarious actions in some African countries. According to the investigation, Russia has launched fake media outlets that sympathize with Russia and express anti-French sentiments. According to Dark Reading, they’ve also created fake civil society organizations in less stable African nations. Russia is capitalizing on already-present instability in countries like Mali, Niger, Gabon, Burkina Faso and Guinea. Some of these countries have ongoing coups, and Russia’s operations in these countries have praised coup leaders and stoked anger at France. Apparently, some of these operations were being run by Russia’s notorious Wagner Group, so the group’s presence on the African continent is now up in the air following the death of its leader, Yevgeny Prigozhin. The misinformation campaign has taken part largely through social media and fake news outlets. It has been successful enough that French diplomats have been recalled from some nations due to rising tensions. This is all going on in the background of Russia’s war against Ukraine, so only time will tell how long they can continue these operations with pressure boiling at home.

Brand New Attack Vector Should Have DevOps on Watch

A first-of-its-kind cloud attack should have DevOps keeping their eyes peeled. Attackers have found a way to take full control over systems using MinIO, which is a distributed object storage system. MinIO is compatible with Amazon S3 cloud storage, which is used by many companies. Security researchers discovered the new attack vector when cybercriminals recently tricked a DevOps engineer into updating MinIO with the attackers’ own corrupt “update.” The update included a built-in command shell function that allowed the attackers to remotely execute code and take over the system. The GitHub repository for the fake update is literally named “Evil_MinIO,” which is quite on the nose, even for cybercriminals. The researchers warned that companies using MinIO should be on watch, DevOps in particular. Make sure any and all updates are coming directly from MinIO and not a third party.

Flipper Zero Can Spam Nearby iPhones Via Bluetooth

The list of troublesome attacks that the Flipper Zero hacking device can perform continues to grow. It’s already been responsible for car theft and more, but it can now also spam iPhone users from thousands of feet away. A security researcher demonstrated the attack, comparing it to a denial-of-service attack. Essentially, any person with a Flipper Zero device can tweak the firmware to send out Bluetooth Advertisements to nearby iPhones. The attack renders the device useless due to the constant flurry of popups. Tech Crunch tested the attack and was able to successfully interfere with an iPhone 8 and an iPhone 14 Pro. While most of these attacks would have a far more limited range, the researcher who sounded the alarm on the attack noted that an attacker could use a simple amplifying board to increase the device’s range to thousands of feet or more. That would allow an attacker in a busy area to attack potentially hundreds of iPhones at once. The researcher, who only goes by Anthony, stated that Apple could defend against the attacks by ensuring that the Bluetooth devices attempting to connect to iPhones are legitimate.

Okta Warns of Attacks on IT Service Desks

The identity and access management business Okta warned of attacks on IT help desks in the United States this week. The attackers have been attempting to gain access to Okta Super Administrator accounts which would give them full access to the organizations they’re infiltrating. Okta stated that the attackers typically already have passwords for the high-access accounts before beginning their attack. Once they’ve gained control, they elevate privileges for other accounts and remove multi-factor authentication (MFA) for some accounts as well. Okta recommends that users take multiple steps to prevent an attack on their organization including enforcing phishing-resistant authentication using Okta FastPass, requiring re-authentication for privileged app access and more. Organizations using Okta should carefully review the steps Okta has listed to provide optimal protection for their networks.

SonicWall Blog

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Cybersecurity News & Trends – 09-01-2023

September is here, which means the great pumpkin spice drought has finally come to an end. Unfortunately, there’s been no such drought in cybercrime. Be sure to read our Mid-Year Update to the 2023 Cyber Threat Report for the latest trends and details on all things concerning cyber threats.

In industry news, PC Magazine covered the FBI’s huge takedown of the Qakbot botnet. Bleeping Computer had the lowdown on the cyber incident at the University of Michigan. Tech Crunch provided details on the massive data breach at Forever 21. Dark Reading broke down a major vulnerability in Openfire’s enterprise messaging application.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

FBI Circulates Uninstaller to Dismantle Qakbot Botnet

Qakbot, which is a Trojan intended to steal bank account information, has been in circulation since 2008. This week, the United States Justice Department and the FBI announced the success of an operation in which they seized control over the Qakbot servers and forced the botnet to send out an uninstaller that removed the program from infected computers. Agents involved in the investigation said the botnet was controlling some 700,000 computers, 200,000 of which were in the U.S. This is a major blow to cybercrime since Qakbot was so widespread and had been around for such a long time. This probably isn’t the absolute end of the malware, but it’s dealt an incredibly hefty blow to it. Not only did Qakbot work to steal bank account information, but it also operated as a botnet. The creators of Qakbot would sell access to the infected computers to other cybercriminal groups. In a YouTube video announcing the operation’s success, FBI director Christopher Wray stated, “The FBI neutralized this far-reaching, criminal supply chain, cutting it off at the knees.” Qakbot has been linked to some of the most notorious ransomware gangs in the world such as Lockbit, Conti, Black Basta, Royal, Revil and more. The losses suffered by victims of Qakbot are thought to be in the hundreds of millions of dollars. The fight against cybercrime is never-ending, but this is a victory worth celebrating.

Cyberattack Forces University of Michigan to Shut Down Network

The University of Michigan, home to some 30,000 staff and 51,000 students, was forced to shut down all of its network services this week to deal with a cybersecurity incident. The incident took place the day before classes were set to start back for the fall semester. The university had to shut down multiple services including Google, Canvas, Wolverine Access and email services. Since disconnecting, many services have now been restored, including Zoom, Adobe Cloud, Dropbox, Slack, Google and Canvas. The U of M is working with law enforcement and external cybersecurity experts to get to the bottom of the incident, but so far, more information hasn’t become available.

539,000 Customers Affected by Forever 21 Data Breach

Mall-staple Forever 21 suffered a data breach earlier this year that’s affected more than half a million customers. The hacking began in January 2023 and lasted for over three months. The threat actors obtained sensitive information such as data on current and former employees. The stolen data included the names, dates of birth, bank account info, Social Security numbers and healthcare information of the employees. Forever 21 released a statement saying, “Forever 21 has taken steps to help assure that the unauthorized third party no longer has access to the data.” Folks at Tech Crunch speculated that this could imply Forever 21 paid the hacker in exchange for the deletion of the stolen data. If that were the case, there’s no way to trust that the cybercriminals actually deleted the data. This is the second major breach at Forever 21, the first coming in 2017 with a massive theft of credit card numbers. Only time will tell the true ramifications for the employees whose data was stolen.

Kinsing Threat Group Targets Openfire Cloud Servers

A vulnerability in Openfire’s enterprise messaging application is being exploited by the Kinsing hacker gang. The vulnerability, tracked as CVE-2023-32315, is being used by the gang to create fake admin users in Openfire cloud servers that are then used by the group to take full control of the instance. Once they have access, they upload malware and a cryptominer to the servers. Security researchers have tallied over 1,000 attacks utilizing this vulnerability in the past two months. The researchers actually created an Openfire server intended to be used as a honeypot in July. It was attacked almost immediately, and they were able to track 91% of the attacks back to the Kinsing hacker gang. Dark Reading ran a Shodan search that showed over 6,000 internet-connected Openfire servers and found that 984 of those were vulnerable to the flaw. The researchers are asking any organization using Openfire servers to check their systems for vulnerabilities and patch them accordingly.

SonicWall Blog

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

Cybersecurity News & Trends – 08-25-2023

We’re heading into the final week of August, and it’s been an exciting month here at SonicWall. If you haven’t already given it a read, be sure to check out our Mid-Year Update to the 2023 Cyber Threat Report.

In industry news, Dark Reading covered increasing ransomware numbers and a lawsuit that could have far-reaching implications for software makers. Bleeping Computer had the lowdown on North Korea’s Lazarus gang preparing to offload over $40 million in crypto assets. Tech Crunch provided new details on the data breach at Tesla.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

Ransomware on the Rise

A security consulting group sounded the alarm about a ransomware resurgence happening right now. In July, the group found that data from 502 breaches was posted to various leak sites. That’s a 150% increase from July 2022. Many factors have led to this increase, but the group noted that it has a lot to do with the rise of more easily exploited vulnerabilities like we’ve seen with the breach of MOVEit’s file transfer tool. On top of that, the average time a ransomware group waits to strike once they infiltrate a company has shrunk by nearly 50% since 2022 from nine days down to five. The group found that a majority of these new attacks are targeting the industrial sector, which is a sector that has as a whole been spending less on cybersecurity over the past few years. Much of the increase can be attributed to the Cl0p ransomware gang, which has been responsible for three times the amount of data leaks as the second most successful group, Lockbit 3.0. Our recently released Mid-Year Update to the 2023 Cyber Threat Report indicated a ransomware rebound may be in the works, and this data seems to support that. Only time will tell if the trend continues into the remainder of the year.

Lawsuit Calls for More Accountability for Software Makers Amid MOVEit Breaches

Progress Software, the makers of the MOVEit file transfer tool, are the subject of a class-action lawsuit following the massive MOVEit breaches that began earlier this year. The lawsuit claims Progress Software breached its contracts and was negligent. The attacks have affected small organizations and billion-dollar organizations like Shell and British Airways alike. The lawsuit alleges Progress didn’t “properly secure and safeguard personally identifiable information” and has exposed plaintiffs to an ongoing risk of identity theft, not to mention financial costs and losses of time and productivity. If the lawsuit goes in favor of the plaintiffs, it could set a precedent to hold software developers accountable for the security of their applications in the event of major supply-chain breaches such as this. A spokesperson from MOVEit relayed that Progress will not comment on the pending litigation.

Tesla Data Breach Revealed to be Inside Job

Tesla has released a statement saying two former employees are responsible for a data breach that affected over 75,000 Tesla employees. Tesla’s data privacy officer, Steven Elentukh, said that the former employees violated Tesla’s IT security and data protection policies by sharing the data. The data contains loads of information on the 75,000 employees including names, addresses, phone numbers, Social Security numbers and employment records. The two employees in question handed the data over to a German newspaper, but the newspaper assured Tesla that it would not publish the data or misuse it. The information was 100 gigabytes in total and included customer bank details, production secrets and customer complaints alongside the employee data. The German newspaper said Tesla owner Elon Musk’s Social Security number was also included in the leak. Tesla has filed lawsuits against the former employees, and their electronic devices have been seized.

Lazarus Gang Preparing to Offload $41 Million in Stolen Crypto

The FBI has been tracking the movement of bitcoin stolen by the North Korean Lazarus gang and has narrowed it down to six cryptocurrency wallets. In total, it appears the group has moved 1,580 bitcoins to the six wallets. A recent report found that North Korean state hacker groups have been responsible for the theft of more than $2 billion in crypto over the past five years. More recently, the notorious Lazarus gang has been linked to a breach on Axie Infinity that holds the crown for the largest crypto heist of all time which saw the hackers make off with a whopping $620 million worth of Ethereum. On Tuesday, the FBI released a statement saying, “The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime.” They also urged anyone with information on the state-backed hacking groups to contact their local FBI field office with information.

SonicWall Blog

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Cybersecurity News & Trends -08-18-2023

Roses are red, violets are blue, today is National Bad Poetry Day, too. While our poetry might be bad, our Mid-Year Update to the 2023 Cyber Threat Report is excellent. Be sure to give it a read to stay on top of the latest trends and intelligence surrounding cyber threats.

In industry news, Dark Reading had the lowdown on a QR code phishing campaign that targeted a U.S. energy giant. Tech Crunch covered the new Citrix ShareFile bug that CISA is sounding the alarm on. Bleeping Computer provided details on the Discord.io hack and the ongoing LinkedIn account stealing debacle.

Remember to keep your passwords close and your eyes peeled: cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

Major US Energy Company Targeted by QR Code Phishing Campaign

Security researchers discovered a QR code phishing campaign sending thousands of emails to employees of a major energy company in the United States as well as other industries. The lures sent out by the hackers included PNG attachments and redirect links that claimed to be associated with either Microsoft, Salesforce or CloudFlare. The emails included urgent messages telling employees to update their Microsoft account security settings, with the ultimate goal of credential theft. The campaign did target multiple industries, but a majority of the emails were sent to an unnamed top U.S. energy company. Other affected industries included manufacturing, insurance, tech and finance. The campaign is by no means over – it’s ongoing. According to researchers, it’s growing 270% each month. QR codes aren’t a traditional method of delivery for phishing lures, but the researchers noted that they’re more likely to reach inboxes due to limitations on Secure Email Gateways (SEGs). Most SEGs can scan links for malicious intent, but they can’t scan QR codes. That gives the attackers an advantage. Workers in the affected industries should stay vigilant and be cautious should they receive a QR code claiming they need to update security settings.

CISA Sounds the Alarm on New Citrix ShareFile Bug

It seems like filesharing tools are a prime target for threat actors in 2023, as CISA has issued a warning that hackers are now exploiting a bug in Citrix ShareFile. The bug, tracked as CVE-2023-24489, could spell bad news for federal enterprises which CISA noted are at significant risk from this particular vulnerability. The bug was discovered in June and given a severity rating of 9.8 out of 10. The flaw is concerning Citrix ShareFile’s “storage zones controller” feature that allows on-premise file storage as well as storage on supported cloud platforms. Threat actors could exploit the vulnerability to compromise these instances without needing a password. Security researchers noted that they’ve already found 6,000 publicly exposed instances as of July. Since we’re now in the middle of August, that number has likely increased. Organizations utilizing the vulnerable feature should work to patch this as soon as possible to mitigate risks. This vulnerability comes on the heels of the Cl0p ransomware gang’s exploitation of a bug in MOVEit’s files transfer tool that’s affected more than 200 organizations around the globe.

LinkedIn Accounts Hijacked, Some Even Asked to Pay Ransom

LinkedIn users are having a rough time this week as many users find themselves either locked out of their accounts or with their accounts completely hijacked. On top of that, LinkedIn support seems totally overwhelmed with users reporting lengthy response times and little to no resolutions. Some users have even experienced being asked to pay a ransom to get back their accounts. Dismayed users took to Reddit and Twitter to sound the alarm on both the breach and LinkedIn’s lack of response. LinkedIn still hasn’t made an official announcement despite some users reporting breaches as long as ten days ago. Bleeping Computer reported that the hackers are likely using stolen credentials or brute forcing to steal accounts. Users who have multi-factor authentication (MFA) enabled have faced lockouts as part of LinkedIn’s security policy. It’s unclear if it’s a hacking group or multiple individuals carrying out the attacks, but one common theme in the attacks is that the hackers replace the real owners’ email addresses with an email address ending in “rambler.ru”. If you frequent LinkedIn, it may be a good idea to go ahead and enable MFA and change your password just in case.

Data of 760,000 Discord.io Users Stolen, Service Shuts Down

A custom invite service for the popular communication application Discord has been shut down after an attacker managed to steal the data of 760,000 users. To be clear, the website that was hacked (Discord.io) is a third-party service that isn’t associated with the real Discord. The third-party service is widely used by people who own or manage Discord servers. This week, a hacker by the name ‘Akhirah’ began offering the data for sale on hacking forums and provided proof that the data was legitimate. The data included mainly usernames and email addresses, but it also included a small number of billing addresses as well as salted and hashed passwords. Discord.io’s response was to cease all operations for an indefinite period of time. Bleeping Computer spoke with the hacker, who claimed that this hack isn’t just about money. The hacker claims that some of the servers that Discord.io oversees link to illegal and harmful content and seemed to imply that that was at least part of their reason for the attack. Any users of Discord.io should be treating the situation as if their data will be abused. Since email addresses were included in the breach, they should keep a watchful eye out for emails attempting to get them to enter passwords or obtain other information.

SonicWall Blog

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian