Posts

Cybersecurity News & Trends – 07-22-22

Curated cybersecurity news and trends from leading news outlets that monitor IT security and safety around the world.

SonicWall continues to move headlines with industry publications and general news outlets. More quotes from SonicWall’s President and CEO, Bill Conner and mentions from SonicWall’s ongoing threat reports.

The industry’s big hits this week mainly were focused on ransomware activity. From Dark Reading, CloudMensis emerged as a previously unknown macOS spyware that exfiltrates documents, keystrokes, and screen captures, among other things. Bleeping Computer reports that the Black Basta ransomware gang targeted the giant construction corporation Knauf Group. From the gamer publication Destructoid, Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. Threat Post reports on the unusual hiring practices of the hacking group AIG. From Hacker News, Evilnum malware is being deployed to target cryptocurrency and commodities platforms. And from a gamer fan magazine, Kotaku, someone hacked the NeoPets platform, stole data for 69 million accounts and is selling it for Bitcoin.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication Of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

French MVNO Left Crippled by Ransomware Attack

Total Telecom, SonicWall News: The scale and severity of ransomware attacks in the telecoms industry and beyond has been rising steadily in recent years, with SonicWall recording 495 million ransomware incidents globally in 2021, a 148% increase on 2020.

Best VPN services for SMBs

TechRepublic, SonicWall News: While hardware platforms — including equipment fromCisco, Fortinet and SonicWall — are often used, software-only VPN services are growing in popularity due to their simplicity, flexibility and capacity to provide protection when users connect to third-party applications and resources outside the organization’s network. Here’s how five leading VPN services for SMBs stack up.

Cyber Defense: Bill Conner of SonicWall on the 5 Things Every American Business Leader Should Do to Shield Themselves from A Cyberattack

Authority Magazine, Bill Conner Q&A: As a part of this series, I had the pleasure of interviewing Bill Conner, President and CEO of SonicWall, one of the world’s most trusted network security companies. With a career spanning more than 30 years across high-tech industries — previously leading key divisions of AT&T and managing Nortel’s $9 billion acquisition of Bay Networks and CEO of Entrust — Bill Conner is a corporate turnaround expert and global leader in cybersecurity, data protection and network infrastructure.

Marriott Hotels Super Another Data Breach

Intelligent CIO, SonicWall Mention: Bill Conner, CEO and President at SonicWall, also a GCHQ and NCSC advisor, has stated the criticality of this trend: “The recent breach of Marriott International is a stark example of the tireless work cybercriminals undertake to steal personal information. Not only does the Marriott breach damage brand reputation, but it also puts customers in a vulnerable position when sensitive information is comprised like passport numbers, credit card details and more.”

34 top UK Vendor Leaders Outline Channel Priorities

CRN UK, SonicWall Mention: While ConnectWise (2,500), Cisco (2,000), Fujitsu (1,500), Adobe (1,400) and SonicWall (1,200) all work with over 1,000 UK partners, others have narrower UK channels, with Check Point, F5 Networks and Mitel all working with 400 or fewer partners.

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack in History’

The Independent, Bill Conner Quote: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

Industry News

Cloud-Enabled macOS Spyware Blows onto the Scene

Dark Reading: A previously unknown macOS spyware has surfaced in a highly targeted campaign, which exfiltrates documents, keystrokes, screen captures, and more from Apple machines. Interestingly, it exclusively uses public cloud-storage services for housing payloads and command-and-control (C2) communications — an unusual design choice that makes it difficult to trace and analyze the threat.

Dubbed CloudMensis by the researchers at ESET who discovered it, the backdoor was developed in Objective-C. ESET’s analysis of the malware released this week shows that the cyberattackers behind the campaign gain code execution and privilege escalation using known vulnerabilities after the initial compromise. Then, they install a first-stage loader component that retrieves the actual spyware payload from a cloud storage provider. In the sample the firm analyzed, pCloud was used to store and deliver the second stage, but the malware also supports Dropbox and Yandex as cloud repositories.

Building Materials Giant Knauf Hit by Black Basta Ransomware Gang

Bleeping Computer: The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

The cyberattack took place on the night of June 29, and at the time of writing this, Knauf is still in forensic investigation, incident response, and remediation. Emails seen by BleepingComputer warned that email systems were shut down as part of the response to the attack, but that mobile phones and Microsoft Teams were still working for communication.

Knauf is a German-based multinational building and construction materials producer that holds approximately 81% of the world’s wallboard market. The firm operates 150 production sites worldwide and owns U.S.-based Knauf Insulation and USG Corporation. Notably, Knauf Insulation has also posted a notice about the cyberattack on its site, so that entity has been impacted too.

Bandai Namco Data Leaked Following Alleged Ransomware Attack

Destructoid: Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. It is suspected that the developer/publisher behind brands such as Tekken, Elden Ring, Dragon Ball FighterZ, and Soulcalibur has had data about its future releases, DLC, and reveals leaked online in the wake of the attack. Malware source code monitors VX-underground discovered and reported the news.

While some of the information has surfaced online this morning, the full extent of the data obtained by the hacking group is unknown. It could contain the personal details of company employees, as well as source code for the company’s current and upcoming releases and potentially data about the users of Bandai Namco games. As for supposed leaked games, don’t believe everything you see floating around.

This attack is the latest in a series of massive data thefts that, in recent years, have ransacked the digital vaults of various big-name video game companies such as Capcom, EA, and, perhaps most famously, CD Projekt RED, the latter of which lead to the release of the entire source code of smash hit Cyberpunk 2077.

Hackers for Hire: Adversaries Employ’ Cyber Mercenaries’

Threat Post: A for-hire cybercriminal group is feeling the talent drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks as part of more extensive criminal campaigns.

Known as Atlas Intelligence Group (AIG) or Atlantis Cyber-Army, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its campaigns. AIG functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services.

According to the report, AIG is unique in its outsourcing approach to committing cybercrimes. Organized threat groups tend to recruit individuals with specific capabilities that they can reuse and incent them with profit sharing. For example, RasS (ransomware-as-a-service) campaigns can involve multiple threat actors who get a cut of stolen funds or digital assets. What makes AIG different is it outsources specific aspects of an attack to mercenaries who have no further involvement in an attack.

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

Hacker News: The advanced persistent threat (APT) actor tracked as Evilnum is again exhibiting renewed activity aimed at European financial and investment entities.

Evilnum is a backdoor that can be used for data theft or to load additional payloads. Malware includes multiple components to evade detection and modify infection paths based on identified antivirus software.

Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks is said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the UK.

Neopets Hacker Steals 69 Million Accounts, Tries To Sell Them For Bitcoin

Kotaku: A rogue hacker has reportedly stolen over 69 million Neopets accounts and is currently attempting to sell the information for roughly $92,000 in bitcoin. Neopets is a long-running virtual pet website where users can dress up their pets, play minigames, participate in a virtual economy, and socialize with other community members. While Neopets has existed since 1999, the website still has nearly 4 million visitors per month as of April this year.

The community fansite Jellyneo reported that the hacker could obtain “the complete data and source code” of the website, which means that all accounts’ emails and passwords are potentially compromised. Jellyneo claimed that email addresses, passwords, gender, IP addresses, countries, and birthdays were being sold on a “hacker website” for four bitcoin (about $92,072 based on current values). Although bitcoin is traceable, hackers prefer to use it for criminal activities because wallets don’t require identifying information and law enforcement can’t freeze the accounts. However, it was reported that Neopets is working with a forensics firm and law enforcement to investigate the breach.

In Case You Missed It

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Cybersecurity News & Trends – 07-15-22

Curating cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers for the big stories of the week.

SonicWall moved some headlines this week with quotes and mentions from industry publications and general news outlets. Quite a few of the hits were thanks to SonicWall’s President and CEO, Bill Conner and others are attributed to the Threat Report earlier this year.

From industry news, Bleeping Computer reports that hackers are impersonating cybersecurity firms in a callback phishing scheme that has netted several victims. From Dark Reading, fake Google software updates are spreading a new ransomware campaign. Krebs On Security is calling out Experian after irregular online account management processes. TechCrunch and The Register report on a substantial healthcare data breach that exposed data from 1.9M patients. And finally, Hacker News and Bleeping Computer report that North Korean hackers target small and midsize businesses with the HØlyGhØst.

And remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Cyber Defense: Bill Conner of SonicWall on the 5 Things Every American Business Leader Should Do to Shield Themselves From A Cyberattack

Authority Magazine, Bill Conner Q&A: As a part of this series, I had the pleasure of interviewing Bill Conner, President and CEO of SonicWall, one of the world’s most trusted network security companies. With a career spanning more than 30 years across high-tech industries — previously leading key divisions of AT&T and managing Nortel’s $9 billion acquisition of Bay Networks and CEO of Entrust — Bill Conner is a corporate turnaround expert and global leader in cybersecurity, data protection and network infrastructure.

Marriott Hotels Super Another Data Breach

Intelligent CIO, SonicWall Mention: Bill Conner, CEO and President at SonicWall, also a GCHQ and NCSC advisor, has stated the criticality of this trend: “The recent breach of Marriott International is a stark example of the tireless work cybercriminals undertake to steal personal information. Not only does the Marriott breach damage brand reputation, but it also puts customers in a vulnerable position when sensitive information is comprised like passport numbers, credit card details and more.”

34 top UK Vendor Leaders Outline Channel Priorities

CRN UK, SonicWall Mention: While ConnectWise (2,500), Cisco (2,000), Fujitsu (1,500), Adobe (1,400) and SonicWall (1,200) all work with over 1,000 UK partners, others have narrower UK channels, with Check Point, F5 Networks and Mitel all working with 400 or fewer partners.

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack in History’

The Independent, Bill Conner Quote: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

Here Today, gone to Maui: That’s Your Data Captured by North Korean Ransomware

The Register, Threat Report Mention: “According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.”

Over-Qualified Workers Struggling to Find a Job

BBC, Terry Greer-King Quoted: “They move towards the peak of a pyramid,” explains Terry Greer-King, vice-president of EMEA at cybersecurity firm SonicWall. “As employees gain greater experience, there’s less breadth in terms of opportunities: trying something different would require scaling back down the pyramid.”

Staying Protected Amidst the Cyber Weapons Arms Race

Information Age, Immanuel Chavoya Byline: “Immanuel Chavoya, emerging threat detection expert at SonicWall, discusses how businesses can stay protected against customizable ransomware and the wider cyber weapons arms race.”

Ransomware Gangs Are Turning to Cryptojacking For A Quieter Life

TechMonitor, Terry Greer-King Quoted: “The toolkits from big RaaS gangs such as REvil are becoming much cheaper and easier to use, agrees Terry Greer-King, vice president for EMEA at SonicWall. “Only a few years ago, they needed to write their own malicious code. Now, anyone with bad intentions can buy a ransomware kit for as little as $50 on the dark web,” he says.”

Industry News

Hackers Impersonate Cybersecurity Firms in Callback Phishing Attacks

Bleeping Computer: In a new twist to the ongoing cybersecurity war, hackers pretend to be well-known cybersecurity firms in callback phishing email scams. Many phishing campaigns include links to landing pages that allow you to steal login credentials and emails with malicious attachments that install malware. In a new callback phishing campaign, the hackers impersonate a security company to warn recipients that malicious network intruders have compromised their workstations and that an in-depth security audit is required. These callback phishing campaigns are focused on social engineering, explaining in detail why they should be given access to a recipient’s device. In addition, they come complete with a dedicated phone number to schedule the security audit of their workstations.

That’s when the hack begins. The actors (literally what they are now) guide the victims through a process of installing remote administration tools (RATs) that gives them complete control over the workstation. With full access, the hackers can remotely install additional tools that allow them to spread laterally through the network, steal corporate data, and potentially deploy ransomware to encrypt devices.

Callback phishing campaigns became standard in 2021 with the launch of the BazarCall phishing campaigns used by the Conti ransomware gang to gain initial access to corporate networks. Since then, callback phishing campaigns have used various lures, including antivirus, support subscriptions, and online course renewals. AdvIntel’s Vitali Kremez told BleepingComputer that the campaign is believed to be conducted by the Quantum ransomware gang, who have launched their BazarCall-like campaign.

Fake Google Software Updates Spread New Ransomware

Dark Reading: The latest example of fake service hacks is the “HavanaCrypt,” a new ransomware tool researchers from Trend Micro recently discovered disguising as a Google Software Update application in the wild. According to Trend Micro, the malware’s command-and-control server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware.

Researchers also noted HavanaCrypt’s numerous techniques to check if it is running within a virtual environment. During encryption, they also mentioned the malware’s use code from KeePass Password Secure, an open-source key manager. And its use of the.Net function “QueueUserWorkItem”, to speed up encryption. Trend Micro says the malware is still developing because it doesn’t drop a ransom notice on the infected systems.

Experian, You Have Some Explaining to Do

Krebs: KrebsOnSecurity received two reports from readers last month about their Experian accounts being hacked. They were then updated with an email address that was not theirs. Both cases involved readers using password managers to create strong and unique passwords for Experian accounts. However, research suggests identity thieves were able to hijack the accounts simply by signing up for new reports at Experian using the victim’s personal information and a different email address.

In a written statement, Experian suggested that what happened to the individuals mentioned in the Krebs report was not an everyday occurrence and that its security and identity verification practices extend beyond what is visible to the user. However, Kreb’s analysis indicates that anyone can replicate the issues at will.

Due to the ongoing and risks of identity theft, KrebsOnSecurity has been urging Americans to put a security freeze on all credit files. A credit freeze prevents potential creditors from pulling your credit file. The downside is that you’ll have to release your files to open new lines of credit. But these days, caution is the watchword. Prevent identity thieves from creating accounts and taking control of your identity, Krebs advises his readers to – at minimum – to watch each major bureau closely.

1.9M Patient Records: One of 2022’s Biggest Health Data Breaches

TechCrunch: A ransomware attack on a little-known debt collection firm that serves hundreds of hospitals and medical facilities across the U.S. could be one of the most significant data breaches of personal and health information this year. The Colorado-based Professional Finance Company, known as PFC, contracts with “thousands” of organizations to process customer and unpaid patient bills and outstanding balances. On July 1, they reported that hackers hit their servers earlier in February.

PFC said in its data breach notice that more than 650 healthcare providers were affected by its ransomware attack, adding that the attackers took patient names, addresses, outstanding balances, and information relating to their accounts. In addition, PFC said that in “some cases,” dates of birth, Social Security numbers and health insurance and medical treatment information were also taken by the attackers.

Additionally, The Register reports that PFC confirmed that more than 1.91 million patients were affected by the cyberattack with the U.S. Department of Health and Human Services. Bayhealth Medical Center in Delaware said 17,481 patients were affected by the PFC breach, while Coleman County Medical Center in Texas disclosed that 1,159 of their patients were affected.

The attack on PFC is second only in size to a March 2022 data breach at Shields Health Care Group, a medical imaging company with facilities across New England, affecting an estimated two million patients.

North Korean Hackers Targeting Small and Midsize Businesses with HØlyGhØst Ransomware

The Hacker News: A new threat group in North Korea has been linked with ransomware development and use in cyberattacks against small businesses since September 2021. The group, which calls itself HØlyGhØst after the ransomware payload of the same name, is being tracked by the shopping mode Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or developing group of threat activity. Targeted entities are mainly small-to-midsize companies such as banks, manufacturing organizations, and event and planning companies.

According to Bleeping Computer, hackers DEV-0530 maintains an Onion (.onion) site that they use to interact with their victims. The group encrypts all files on the target devices and uses the file extension .h0lyenc, sends the victim a sample of the files as proof, and then demands payment in Bitcoin to restore access to the files. Ransom amounts demanded by DEV-0530 range anywhere between 1.2 and 5 bitcoins – at present value, about $20,000 to $100,000USD – although analysts report no successful ransom payments from its victims as of July 2022.

In Case You Missed It

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Cybersecurity News & Trends – 07-08-22

Cybersecurity news and trends curated from major news outlets, trade pubs and infosec bloggers.

SonicWall had an excellent news week. The highlight was a report by BBC on over-qualified workers struggling to find jobs, with a quote from Terry Greer-King, SonicWall vice-president for EMEA operations. There were also articles quoting Bill Conner, bylined articles by Immanuel Chavoya, articles citing the 2022 Cyber Threat Report, plus US Representative Elissa Slotkin, from Michigan, who mentioned SonicWall threat data.

Industry news was also very busy. We found a report from ZDNet about crooks using deepfakes to apply for remote work tech jobs. From Bleeping Computer, an alert about the PwnKit exploit on Linux. There was a fascinating report from New York Times about how North Korea used stolen cryptocurrency to keep the country afloat. We have a consolidated report from Dark ReadingWAFB News and Health IT Security on cyberattacks on US healthcare organizations. ZDNet (again) reported on the UK government warning businesses that paying ransoms will not keep their data safe. From HackerNews, Google blocks dozens of malicious domains operated by hack-for-hire groups. And finally, from The Star, the massive AMD breach was aided by “terrible passwords” used by employees.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Here Today, gone to Maui: That’s Your Data Captured By North Korean Ransomware

The Register, Threat Report Mention: “According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.”

Over-Qualified Workers Struggling to Find a Job

BBC, Terry Greer-King Quoted: “They move towards the peak of a pyramid,” explains Terry Greer-King, vice-president of EMEA at cybersecurity firm SonicWall. “As employees gain greater experience, there’s less breadth in terms of opportunities: trying something different would require scaling back down the pyramid.”

Staying Protected Amidst the Cyber Weapons Arms Race

Information Age, Immanuel Chavoya Byline: “Immanuel Chavoya, emerging threat detection expert at SonicWall, discusses how businesses can stay protected against customizable ransomware and the wider cyber weapons arms race.”

Ransomware Gangs Are Turning to Cryptojacking For A Quieter Life

TechMonitor, Terry Greer-King Quoted: “The toolkits from big RaaS gangs such as REvil are becoming much cheaper and easier to use, agrees Terry Greer-King, vice president for EMEA at SonicWall. “Only a few years ago, they needed to write their own malicious code. Now, anyone with bad intentions can buy a ransomware kit for as little as $50 on the dark web,” he says.”

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack In History’

The Independent, Bill Conner Quoted: ““Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent. Personal information that does not change as easily as a credit card or bank account number drives a high price on the dark web. This kind of personally identifiable information is highly sought after by cybercriminals for monetary gain. Companies should be implementing security best practices such as a layered approach to protection, as well as proactively updating any out-of-date security devices, as a matter of course.”

Cloud Security Best Practices: A Summer School District To-Do List

Security Boulevard, Threat Report Mention: “According to research from SonicWall, cyber threats of nearly all types are increasing at breakneck speed. Ransomware, for example, has increased 232% since 2019. With the rate of attack accelerating, it’s only logical that school districts close their data protection gap and identify an adequate cloud platform.”

Russian Hackers Claim Responsibility for Ongoing Lithuania Cyberattacks

Silicon Republic, Bill Conner Quoted: “Speaking about the latest cyberattacks on Lithuania, Bill Conner, CEO of cybersecurity firm SonicWall, said threat actors have gotten more efficient in their attacks. He added that these groups are leveraging cloud tools to reduce costs and expand their scope in targeting additional attack vectors. “We are dealing with an escalating arms race,” Conner said. “It’s a cyber arms race that will likely never slow, so we can never slow in our efforts to protect organizations. The good news is that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations. There’s better cooperation between the public and private sectors, and greater transparency in many areas.”

CISA Reiterates Two-Year Timeline to Implement Breach-Reporting Rules

SC Magazine, US Representative cites threat report: “Rep. Elissa Slotkin, D-Mich., chair of the Homeland Subcommittee on Intelligence and Counterterrorism, cited research from private cybersecurity company SonicWall claiming a 98% increase in observed ransomware attacks over the past year, while she also noted “we heard from [Michigan] state officials …that ransomware attacks have doubled since last year.”

Lethal Drinking Water, Runs on Banks And Panic Buying: What A Real Undeclared War Cyber Attack Could Mean

iNews, Bill Conner Quoted: “Bill Conner, who has advised GCHQ, Interpol and Nato on cyber security and is president and CEO of SonicWall, told: “When you look at what’s happened here in the States, like Colonial Pipeline, our water system, our electrical grids – even though our electrical grids are very different than the UK – they’re still very vulnerable. Our healthcare systems are vulnerable.”

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

Industry News

FBI Warns: Crooks Use Deepfakes for Remote Tech Jobs

ZDNet: According to the FBI, scammers and criminals use deepfakes to steal personally identifiable information when they apply for remote jobs. Deepfakes, synthetic audio, video and image content created using AI or machine-learning technology have been a concern for phishing threats for many years.

The FBI’s Internet Crime Complaint Center (IC3) says they have seen increased complaints about deepfakes and stolen personally identifiable information used to apply for remote roles in tech. Some offices are asking employees to return to work. Information technology is one job category that has seen a lot of remote work. Reports to IC3 primarily concern remote vacancies in information technology programming, database, or software-related job function functions.

The FBI highlights the dangers of an organization hiring fraudulent applicants by noting that some of the positions reported include access to financial data and customer PII.

CISA Issues Warnings About Hackers Exploiting PwnKit Linux Security

Bleeping Computer: Cybersecurity and Infrastructure Security Agency has added PwnKit, a severe Linux vulnerability, to its bug list.

CVE-2021-4034 was identified as the security flaw in Polkit’s Polkit’s Pkexec component, which is used by all major distributions, including Ubuntu, Fedora and CentOS. PwnKit is a memory corruption bug that unprivileged people can exploit to gain full root rights on Linux systems with default configurations.

It was discovered by researchers at Qualys Information Security, who also found its source in the original commit of pkexec. This means that it affects all Polkit versions. It has been hidden in plain sight since May 2009, when pkexec was first released. The proof-of-concept (PoC) exploit code was posted online within three hours of Qualys publishing technical details about PwnKit.

How North Korea used Crypto to Hack its Way Through the Pandemic

New York Times: North Korea has suffered severe economic damage from the United Nations sanctions and coronavirus pandemic. The government warned of severe food shortages. Unidentified intestinal diseases began to spread among the population in June.

Yet, the country has conducted more missile tests than any other year. The government is providing luxury homes for party elites. North Korea’s leader Kim Jong-un has pledged to create advanced technology for its growing arsenal of weapons. The country will likely conduct a new nuclear test, its seventh, in the not-too-distant future.

Where did the money come from?

In April, the United States publicly accused North Korean hackers of stealing $620 million in cryptocurrency from Axie Infinity. This theft, the largest of its kind, is the most substantial evidence that North Korea’s use of cryptocurrency heists to raise money to support its regime during the pandemic and fund its weapon development and maintenance was highly profitable.

According to Chainalysis, North Korean hackers could have taken home nearly $400 million worth of cryptocurrency last year. North Korea’s total haul this year is just under $1 billion. These figures are to be viewed in context. According to South Korea’s statistical agency, $89 million was earned in official exports for the country in 2020.

North Korean State Agents Launch Cyberattacks on US Healthcare Orgs

Dark Reading: The FBI, US Cybersecurity and Infrastructure Security Agency and Treasury Department warned Wednesday about North Korean state-sponsored threat agents targeting US healthcare and public-health organizations. These attacks are using a new, unusually operated ransomware tool called Maui.

Multiple incidents have occurred since May 2021 in which threat actors using the malware have encrypted servers critical to healthcare services. They have also attacked digital diagnostic devices and electronic health records servers.

In a related story from WAFB News and Health IT Security, hospitals in Wisconsin, Georgia, and Louisiana reported separate healthcare cyberattacks. Reports of healthcare cyberattacks continue to roll in as threat actors advance their tactics and narrow in on widespread vulnerabilities in the sector. For example, at Baton Rouge General, LA, a Mayo Clinic care network member, reports of a cyberattack emerged on June 28. As of this report, the hospital has reverted to paper records. Other hospitals report various damage from system lockouts to compromised patient and employee records.

Paying Up Will Not Keep Your Data Secure, NCSC

ZD Net: The number of businesses paying a ransom following a ransomware attack is increasing. The UK’s National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) are asking attorneys to remind their clients that paying up may not keep their data safe.

In a joint letter, The NCSC and ICO noted a rise in ransomware payments. Also, they reasoned that some attorneys may have advised clients to pay ransoms to keep their data safe or avoid a financial penalty from ICO. However, both agencies warn that not only are ransom payments not condoned; such payments only serve to encourage hackers to push on with more attacks.

The joint letter also reminds UK businesses and organizations that ransom payment offers no guarantee that hackers will return data or keep it safe. They note that even though hackers provided an encryption key, some do not work correctly. It is also possible that cyber criminals may not keep their word and delete data stolen in a ‘double-extortion’ attack to intimidate victims into paying.

Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

The Hacker News: Google’s Threat Analysis Group (TAG), Thursday’s disclosure by the Hacker News, revealed that it had blocked as many as 36 malicious websites operated by hacker-for-hire groups from India, Russia, or the UAE.

Hack-for-hire companies allow their clients to launch targeted attacks against corporates, activists, journalists, and other high-risk users like the surveillance ware environment. These operators are known to carry out intrusions on behalf of clients anxious to hide their roles in the attack.

One hack-for-hire operator allegedly launched a recent attack on an IT company in Cyprus, a financial technology company in the Balkans, a Nigerian education institution, and an Israeli shopping company to demonstrate the breadth of the victims affected.

An identical set of credential theft attacks against journalists, European politicians and non-profits was linked to a Russian threat actor named Void Balaur.

The same group may have also been working for the past five years to target individual accounts at major webmail providers such as Gmail, Hotmail and Yahoo! plus regional webmail providers such as abv.bg, mail.ru, inbox.lv and UKR.

AMD Breach was Due to Terrible Passwords

The Star: The Silicon Valley tech giant AMD was hit by a data breach last week. But that’s no big news. According to this story, what’s utterly amazing is that the hackers had help from employees using terrible passwords such as “password” and “123456.

According to SF Gate, AMD, a microchip manufacturer, was attacked by RansomHouse hackers.

In a statement, the semiconductor giant confirmed that there was a digital breach. But the company had no answers asked why employees of multinational manufacturers aren’t subject to standard password protection rules such as regularly changing passwords and including numbers and symbols in passwords.

Lesson learned: breaches are increasing — time has long since passed to take the threat seriously.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Cybersecurity News & Trends – 06-24-22

Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.

SonicWall finishes an intense week with news articles citing the 2022 Cyber Threat Report, a quote from Bill Conner, and articles written by our frontline cybersecurity experts. From industry news, we have three big reads. One is about the day the Internet died a few hours earlier in the week, compiled from posts by Computer WorldBleeping Computer, and ZDNet. From Bleeping Computer, we learned that Conti was busy with the ARMattack campaign, ransoming 40 organizations in only one month. Finally, from Dark Reading and CSO Online, according to researchers, there are 56 vulnerabilities in operational technology products used in everything from factories to hospitals. Is our technology insecure by design?

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

What is a Cyberattack? Types and Defenses

eSecurity Planet, SonicWall Threat Report Mention: Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.

Ransomware, the Cyberattack that Set Off Alarms in Latin America

Forbes Colombia, SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

Buy Access to a Company’s Data on the Dark Web for Less Than The Cost of a MacBook

Tech Radar Pro, Bill Conner Quote: “Ransomware attacks have simply exploded last year. Recent figures from SonicWall recorded more than 600 million ransomware attacks took place across the world in 2021, representing an increase of 105% compared to the year before. Compared to 2019, the figures are even worse, showing a rise of 232%. Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases,” said SonicWall President and CEO Bill Conner.

Russia’s Invasion of Ukraine Elevates Cybersecurity Concerns for Emerging Markets

Oxford Business Group, Threat Report Mention: According to security vendor SonicWall, ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, 755% in the health care sector, 152% in education and 21% in retail.

Fortinet vs. SonicWall: Enterprise Wireless LAN Comparison

Enterprise Networking Planet, Product Comparison: Fortinet and SonicWall are both well regarded enterprise wireless LAN vendors. This article will help you decide which solution is best for your business.

Detecting the Silent Cryptojacking Parasite to Remain Disease-free

Teiss, Published Byline: Immanuel Chavoya at SonicWall describes the dangers of cryptojacking, a damaging and parasitical use of an organization’s computer resources.

Digital Infrastructure Becomes Pivotal for Businesses and Personal Lives

Markers (APAC), SonicWall Executive Interview: Digital transformation is disrupting businesses across the globe as digital infrastructure becomes pivotal for the success and survival post-Covid-19. Over the years since the pandemic hit, we have witnessed a huge surge in digital platforms and tools used in business operations which in turn has increased the risk of cyberattacks. At this junction, the role of next-gen cyber security solution provider plays a significant role. Here is an interview with Debasish Mukherjee, Vice President, Regional Sales, APJ at SonicWall sharing his views on the cybersecurity market post-pandemic, threats to businesses, key cybersecurity recommendations, and how SonicWall can help organizations overcome these challenges.

Industry News

Half of the Internet died earlier this week

Compiled from Multiple Sources: A server outage at Cloudflare’s servers led to many websites and services going down. The resulting blackout affected significant services like Google, AWS and Twitter. Although the online security company quickly identified and fixed the problem (the service was down for a few minutes), it created a flurry of worry and spun up rumors about the cause.

Initially, we were all left in the dark about the nature of the blackout, which was even more worrisome as ComputerWorld reported major disruptions to large areas. Customers trying to access Cloudflare-supported websites experienced ‘500 errors’ (Internal server errors) for approximately two hours before the service was restored around 9 am GMT.

Bleeping Computer reported that the event was reminiscent of another outage when Cloudflare stopped a 26 million request-per-second DDoS attack, which was the most severe ever recorded. The record-breaking attack, which occurred last week, targeted one of Cloudflare’s customers using the Free plan. Experts speculated that the threat actor behind the attack used stolen servers and virtual machines, as it originated from Cloud Service Providers rather than weaker IoT devices from compromised Residential Internet Service Providers.

ZDNet updated the story with a Cloudflare apology that blamed the outage THIS week on a configuration error during a “routine” network upgrade.

Conti Ransomware Hacking Spree Breaches Over 40 Orgs in a Month

Bleeping Computer: Conti is a cybercrime syndicate that runs one of the most aggressive ransomware campaigns. It has become highly organized to the point where affiliates were able to hack more than 40 primarily US-based businesses in just over a month.

Security researchers identified the hacking campaign as “ARMattack” and said it was one of the group’s most productive and effective. ARMattack was also very fast, considering how quickly the group compromised the networks. Additionally, the ransom requested by the attacker is unknown, nor do we know if any victims paid it.

Bleeping Computer also claims Conti is currently the third most frequent ransomware gang in terms of attack frequency.

The number of victims who have not paid Conti ransoms increased to 859; however, this count is based only on publicly available data on the group’s leak site and is probably higher.

This number shows that Conti has published data from at least 35 organizations that did not pay ransom each month.

Insecure By Design: 56 Vulnerabilities Discovered in OT Products

Dark Reading: A new analysis of data from multiple sources has uncovered 56 vulnerabilities in Operational Technology (OT) products from 10 vendors, including notable ones such as Honeywell, Siemens, and Emerson.

These security issues are collectively called OT.ICEFALL. They stem from insecure cryptographic implementations, weak authentication schemes or weak cryptographic implementations, insecure firmware updates mechanisms and improperly protected native functionality, which hackers can use for remote code execution. CSO Online reports that 14% of the vulnerabilities could lead to remote code execution, and 21% could allow for firmware manipulation.

The problem stems from device vendors not including basic security features like encryption and authentication. Plus, these vulnerable devices are often installed in older products that their owners continue to use, even though there are better options. So now we have the element of false confidence as many vulnerable products have been subject to an audit and are now certified as safe for OT networks.

Researchers compared their findings with those from Project Basecamp, conducted ten years ago. Then as now, they focused on insecure-by design problems in remote terminal units (RTUs), programable logic controllers (PLCs), and other controllers in SCADA (Supervisory Control and Data Acquisition) used in industrial installations.

The bottom line: the vulnerabilities are still present.

In Case You Missed It

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Office Documents are Still Not Safe for Cybersecurity – Ray Wyman

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 06-17-22

Stories about cybersecurity news and trends curated from major news outlets, trade pubs and infosec bloggers.

SonicWall news finishes a strong week with more mentions from the 2022 SonicWall Cyber Threat Report, bylines by our cybersecurity leaders, and quotes. And of course, Industry News was very busy. From DarkReading, we learn about the retiring Internet Explorer and how it (and the associated cyber risk) will linger for years. KrebsOnSecurity and SC Media report on ransomware attackers launching a searchable public database of their victims. SiliconValley News reports on the 9-year jail sentence earned by the infamous hacker who stole millions of private images from iCloud. From Reuters, hackers managed to crash the Russian Davos event and (temporarily) stop President Vladimir Putin from speaking. In the New Zealand Herald, the story about how a spelling error saved a man from Perth $6M. And finally, our big read for the week on the successful dismantling of a huge Russian Botnet, compiled from the US Department of JusticeBloomberg LawPolitico, and Forbes.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Contractors Beset by Ransomware Threats Have Too Few Options

Bloomberg Law, Bill Conner Quote: The contracting community is aware of the confusion. Chester Wisniewski at Sophos, Carolyn Crandall at SentinelOne, and Bill Conner at SonicWall all outlined suggestions to Bloomberg Government in a series of interviews. Conner, SonicWall’s president and CEO, said he wants the government to install so-called “cyber czars” at each federal agency to better streamline communication.

SonicWall Recognizes APAC Partners and Distributors at FY2022 Partner Awards

Channel Life (Australia), SonicWall News: SonicWall has recognized its distributors and partners for their efforts in producing the company’s most successful year to date. The recent SonicWall FY2022 Partner Awards recognized companies for their commitment to demonstrating excellence, innovation and leadership in cybersecurity during the fiscal year. They are also thanked for continuing to drive digital transformation for businesses that leverage SonicWall solutions.

The Powerful Cyberattack That Has America on Alert

Swiss Info (Deutsch), SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

SonicWall Awards Top Partners for FY22

ARN (Australia), SonicWall News: Cyber security vendor SonicWall has awarded its top-performing partners for its 2022 fiscal year ending 31 January.

The Cybersecurity Challenges of Remote Working and How a Brand Can Eliminate Them

E Business (UK), SonicWall Mention: SonicWall provides trusted solutions delivering wireless, switches, firewalls, and CCTV that can keep businesses safe from an attack and avoid downtime.

Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

CXOtoday (India), SonicWall Byline: Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cybercrime industry that has demonstrated it can often outsmart even the most robust security defenses.

Dicker Data, Hitech Support, Next Telecom, Datacom score SonicWall Honors

CRN (Australia), SonicWall News: “SonicWall has awarded Australian partners Dicker Data, Hitech Support, Next Telecom, Datacom System and Dell Australia for their work at its Asia-Pacific Partner Awards for the 2022 financial year.”

What is a Cyberattack? Types and Defenses

eSecurity Planet, SonicWall Threat Report Mention: Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.

Ransomware, the Cyberattack That Set Off Alarms in Latin America

Forbes Colombia, SonicWall Threat Report Mention: The Cyber Threat Report 2022 of the US firm SonicWall, shows a rebound of 105% in data hijacking last year, surpassing 623 million attacks worldwide – almost twenty attempts per second – with the United States in the lead (421 million or 67.5% of the total).

Industry News

Internet Explorer Is Now Retired but Remains an Attack Target

DarkReading: Microsoft’s June 15th official end-of-support for Internet Explorer 11 desktop software has left behind a browser that has been around for almost 27 years. Even so, IE will likely remain a lucrative target for attackers.

Despite Microsoft’s long-standing plans to discontinue Internet Explorer (IE), some organizations continue to use it. Microsoft has maintained the MSHTML (aka Trident), IE browser engine in Windows 11 through 2029. This allows organizations to continue to use IE mode while transitioning to Microsoft Edge. So IE is not dead yet.

Although IE is typically a minor player in the global browser market (0.52%), many companies use it internally or have legacy applications tied to IE. This week, Nikkei Asia stories and Japan Times cited a Keyman’s Net survey showing that almost 49% of 350 Japanese companies surveyed use IE daily. Likewise, South Korea’s MBN indicated that many large organizations are still using IE and will likely continue using it for the foreseeable future.

Ransomware Group Launches Searchable Victim Data

KrebsOnSecurity – Cybercriminals that target corporate data theft and demand ransoms to keep it from being published have tried many methods to shame victims into paying. The ALPHV ransomware group, also known as “BlackCat,” has made the gambit harder and harder to avoid.

They previously tried publishing victim data in repositories on the Dark Web. Now they’re going big with a new public website to post their booty on individual victims. And they’re inviting the public to search the leaked data.

ALPHV announced its new victim-shaming website that they had hacked a luxury resort and spa in the western United States. The database of shame includes the personal data of more than 1,500 resort employees and 2,500 resort residents. In addition, the page’s top has two buttons that allow guests to “Check Yourself” – one for employees and the other for guests.

SC Media also reported that their security expert described the site as “kinda like a bad guy’s version of HaveIBeenPwned,” with the main difference being that data on HaveIBeenPwned is anonymized. ALPHV displays all, including full names, dates, expenditures, and other personal data, including email addresses, birthdays, and social security numbers.

SC Media and KrebsOnSecurity chose not to reveal the hotel’s name to protect their personal information. The whole point of the ALPHV website is to pressure the hotel for payment.

Hacker Sentenced to 9 Years for Hacking Apple iCloud and Stealing Private Images

SiliconValley: Nine years of federal imprisonment have been given to a Californian man accused of hacking Apple iCloud and stealing private images and videos of young women, some nude and some engaged in personal activities.

According to court records, Hao Kuo Chi, 41, from La Puente in California, was sentenced Wednesday at a federal court in Tampa, Florida. According to court records, he pleaded guilty to three counts of computer fraud and one count of conspiracy to commit computer crime last October.

Chi also ran a notorious website Anon-IB for many years, where users posted images labeled as “revenge porn.” Officials claim that Chi hacked into victims’ Apple iCloud accounts to steal their private photos and videos. They also said he shared and traded the images with other users on AnonIB.

Chi’s email accounts contained the iCloud credentials for approximately 4,700 victims and had collected enough media to fill 3.5 terabytes on iCloud and physical storage devices.

Court testimony reveals that he shared stolen content with conspirators over 300 times. While some conspirators publicly released the images, he kept some of the images for himself connected to 500 victims.

Hackers Crash “Russian Davos” and Stops Putin’s Speech

Reuters: Hackers impeded President Putin’s speech at Russia’s top economic forum last Friday. This happened as Russia worked to adjust to its “new reality.” The meeting was already struggling due to a lack of Western participation. Nevertheless, the 25th St Petersburg International Economic Forum was attended by many state companies, with many stalls featuring floor-to-ceiling display screens and glamorous attendants.

Dmitry Peskov, a spokesperson for the Kremlin, stated that a denial-of-service attack (which involves flooding servers with fake traffic) had caused the forum’s admission and accreditation systems to be hampered. Although he did not blame the incident on the ongoing war in Ukraine, reporters noted that it was unofficially suspected.

Spelling Mistake Stops Perth Man’s $6m Fortune from Being Stolen by BEC Hackers

NZ Herald: This story illustrates how cybersecurity is everyone’s business. A Perth businessman almost lost $6 million to hackers, but one misspelled word saved him from watching his fortune falling into the wrong hands.

He was at the end of a multimillion-dollar property settlement with a trusted buyer. But unfortunately, the other party’s business email account in the deal was compromised by cybercriminals. The hackers intercepted the emails and changed the bank account details to their accounts.

An entry-level employee noticed that the word “group” was misspelled as “gruop.” After her timely alert, an inspection revealed that the business email account was compromised, and the bankers stopped the transaction just in time.

Also see “BEC – Business Email Compromise

US and Global Law Enforcement Partners Dismantle Russian Botnet

Multiple Sources: According to the US Department of Justice, US cybersecurity agents worked with law enforcement partners from the UK, Netherlands and Germany to dismantle the infrastructure of a Russian botnet called RSOCKS that hacked into millions of computers around the globe.

A botnet is an internet-connected group of devices that have been hacked and are controlled by attackers. They are often used to commit malicious acts. Each device connected to the internet has an Internet Protocol (IP) address.

Bloomberg Law provides additional details that the Botnet targeted IoT devices like clocks, routers and streaming devices. Hackers used these compromised devices as proxy servers to allow paying customers to access the compromised devices’ IP addresses and launch attacks. According to Bloomberg, the group’s Twitter account claimed access to more than eight million residential IPs and more than a million mobile IPs.

Politico reported that proxy services, which aren’t inherently illegal, provide IP addresses for their clients for a fee. However, the service includes bypassing censorship and accessing geo-blocked for a specific region. Prosecutors claim that RSOCKS was hacking into millions of devices using brute force attacks.

Customers could visit a web-based storefront to rent proxies for a specified period. Additionally, the customer could download a list of IP addresses and ports associated with the Botnet’s backend server and route malicious internet traffic through these compromised devices while hiding the source.

A related story by Forbes states that the Botnet was the home of a darknet market called Hydra Market. The marketplace’s closure is linked to subsequent seizures, including a superyacht owned by Viktor Vekselberg and $5.4M cash from Konstantin Malofeyev. The US DOJ identified Malofeyev as a Russian oligarch who attempted to use the Botnet services to circumvent sanctions.

In Case You Missed It

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

BEC Attacks: Can You Stop the Imposters in Your Inbox?

If asked which of the threat types tracked by the FBI causes the most financial damage, most people would say ransomware.

They’d be wrong.

In 2021, the FBI’s Internet Crime Complaint Center (IC3) received 19,954 Business Email Compromise (BEC) reports, with adjusted losses totaling almost $2.4 billion. That’s an average of more than $120,270 per incident, compared with just under $13,200 per incident for ransomware attacks.

Since the FBI began tracking these threats in 2013, tens of billions in financial losses have been recorded, resulting from nearly 170,000 incidents in 178 countries.

So why hasn’t this threat risen to the notoriety of ransomware?

During many ransomware attacks, business operations grind to a halt. When a company loses access to customer information, payment systems and mission-critical applications, it often becomes clear in short order that something is wrong.

But BEC attacks are comparatively silent. Even when these attacks have a huge impact on an organization’s bottom line, operations can generally continue as usual. As a result, businesses frequently opt to keep these attacks out of the public eye to avoid risking reputation damage and loss of trust.

But although ransomware still dominates security news, the growing frequency, volume and cost of BEC attacks have begun attracting more attention.

As a result, BEC attacks have become a top threat concern for many organizations today, according to a recent SonicWall-sponsored white paper by Osterman Research. “How to Deal with Business Email Compromise” reports primary research data from an in-depth customer survey of 119 respondents, each of which has direct knowledge of how their organization is addressing or planning to address the risk of BEC.

The results from this study offer a look at how security influencers and decision-makers are taking BEC into account when formulating their spending plans for the next 12 months. For example, while just 46% of organizations said they considered protecting against BEC attacks “important” or “extremely important” 12 months ago, 76% said they considered it important or extremely important today.

Image describing BEC Importance

80%

Organizations indicating that protecting against BEC attacks in 2023 is of high importance

The data also shows that three-fifths of organizations in the study view protecting against BEC attacks as one of their top five security priorities.

62%

Organizations ranking protecting against BEC attacks as one of their top five priorities.

How BEC Attacks Fly Under the Radar

But what makes BEC attacks so dangerous when compared with other forms of cyberattacks? And why are they harder to stop?

BEC is a specialized type of phishing attack that relies on social engineering. They often use a proven pretexting technique to engineer a quick introduction and establish a believable scenario in order to manipulate the victim to take a specific action.

While these attacks can target employees at any level of an organization, they generally start with an attacker impersonating a person with authority, such as a CEO or CFO, a manager, or a supplier. The attacker uses the authority figure’s identity to start a chain of plausible (but fake) requests to gain monetary payment. This typically involves instructing someone in accounts payable, someone in HR or even someone with a company credit card to pay a fake invoice, transfer funds, send gift cards or make payroll payouts. The urgent tone of these messages encourages the victim to respond or act quickly, bypassing any checks and balances that may be in place.

Compared with other forms of cyberattacks, BEC attacks are among the hardest to detect because the threat signals are far less obvious. Relying on trickery and impersonation, the approach is very subtle, and the actual delivery generally doesn’t use weaponized URLs or malicious attachments, which are easily detected.

In addition, the email content and the delivery mechanism are usually of higher quality and often tailored to target a specific person or persons. With little to no apparent sign of a threat, these messages can bypass most email security filters to reach the inbox — and the absence of any sort of alert, such as a contextual warning advising them to exercise caution, leaves the victim more vulnerable to falling for the scam.

Because so many of these scams are successful, their use has grown dramatically — today, roughly 80% of companies targeted by BEC attacks each year. While there isn’t much you can do to avoid being targeted, there’s plenty you can do to safeguard your organization’s finances. To learn more about BEC attacks and how to stop them, check out our webinar, “Can You Stop the Imposters in Your Inbox?

Cybersecurity News & Trends – 06-10-22

Curated stories about cybersecurity news and trends from major news outlets, trade pubs and infosec bloggers.

A fresh batch of articles for SonicWall News surfaced this week from nearly every business sector, plus quotes from SonicWall CEO and President, Bill Conner, and General Director of SonicWall in Iberia, Sergio Martínez. Our biggest problem this week for Industry News was deciding what to leave out. From Forbes, a guide on how to inspire your employees to care about cybersecurity. From Bleeping Computer, ransomware gang Black Basta attacks VMware ESXi servers. Then from the BlackBerry Threat Vector blog, a new Linux malware called “Symbiote” that’s almost impossible to detect. Next, from Dark Reading, the Emotet banking trojan resurfaces—and skates past email security. And finally, a compiled reading from CNNMIT Technology Review, and PC Magazine on Chinese hackers breaking into “major” telecom firms.

As always, click through to the links in the headlines to see the full stories from our sources. And remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

An Update from SonicWall on ICSA Certification

Security Brief (Asia), SonicWall in the News: Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

An Update From SonicWall On ICSA Certification

Security Brief (Asia), SonicWall news: “Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.”

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

Why is Ransomware Getting the Better of Us?

Security Boulevard, Threat Report Mention: The ransom crisis is particularly bad in the UK. A SonicWall report found that UK-based organizations faced the second-highest number of ransomware attacks in the world in the first half of 2021. According to SonicWall, ransomware attacks increased by 234% across Europe in that time, while CyberEdge’s 2022 Cyberthreat Defense Report found that 80% of UK organizations had been successfully targeted in the past year.

Special Cloud Security

ComputerWorld CSO (Spain), SonicWall Quote: Sergio Martínez, general director for Iberia at SonicWall, gives his vision, in the gallery Ensuring the availability of information, the pillar of the contingency plan, on new security strategies in a context in which there are more and more devices connected to business networks.

Ransomware Losses, Frequency Increase Rates: Howden

Business Insurance, Threat Report Mention: London-based Howden Broking Group Ltd. said in its report that the annualized number of globalized ransomware incidents was up 235% in 2021 compared with 2019, and average U.S. ransom payments increased by 370% over the same period. It was citing data from San Jose, California-based cybersecurity company SonicWall Inc. and ransomware incident response company Westport, Connecticut-based Coveware Inc.

Contractors Beset by Ransomware Threats Have Too Few Options

Bloomberg Law, Bill Conner Quote: The contracting community is aware of the confusion. Chester Wisniewski at Sophos, Carolyn Crandall at SentinelOne, and Bill Conner at SonicWall all outlined suggestions to Bloomberg Government in a series of interviews. Conner, SonicWall’s president and CEO, said he wants the government to install so-called “cyber czars” at each federal agency to better streamline communication.

SonicWall Recognizes APAC Partners and Distributors at FY2022 Partner Awards

Channel Life (Australia), SonicWall News: SonicWall has recognized its distributors and partners for their efforts in producing the company’s most successful year to date. The recent SonicWall FY2022 Partner Awards recognized companies for their commitment to demonstrating excellence, innovation and leadership in cybersecurity during the fiscal year. They are also thanked for continuing to drive digital transformation for businesses that leverage SonicWall solutions.

Industry News

Inspire Your Employees to Care About Cybersecurity

Forbes: We spent a lot of time talking about how humans are the weak link in cybersecurity. First, let’s recognize that a company’s employees are a significant vulnerability due to the increasing complexity and threat of cybersecurity. With more than 15 billion devices in circulation, including computers, servers and mobile phones operating worldwide—digital fluency and literacy remain challenges in the transforming cybersecurity landscape.

Many functions are performed by devices that we don’t even know about. These functions include tracking and storing location information, saving passwords and sharing information with apps, and listening to our conversations. Today, organizations have greater responsibility for cybersecurity to protect their interests and that of their employees.

It is essential to communicate basic cybersecurity expectations to raise awareness. For example, employees need to be familiarized with complex password requirements, multi-factor authentication (2FA/multi-factor authentication), screen locks, and the importance of keeping current with software updates. Understanding cybersecurity requires that you know the basics.

If your team is not in person, create attention-grabbing graphics that include slogans and statistics about the company’s cybersecurity policies. Then, share the policies by any means throughout the workforce environment. Growing threats means educating employees about cyber threats while taking steps to protect their data.

Black Basta Ransomware Attacks VMware ESXi Servers

Bleeping Computer: Black Basta is the latest ransomware gang that supports encryption of VMware ESXi virtual machine (VM) on enterprise Linux servers. Ransomware groups have been focusing their attacks on ESXi VMs because this strategy aligns with their enterprise targets. They can encrypt multiple servers faster with one command. So it makes sense to encrypt VMs, as many companies recently switched to virtual machines. From purely a business perspective, hackers now have the dual benefits of simpler device management and more efficient resource use.

Linux ransomware encryptions are not new. BleepingComputer has reported similar encryptions by numerous other gangs, including LockBit and HelloKitty, BlackMatter and REvil, AvosLocker and RansomEXXX.

However, Black Basta’s ransomware will search for the /vmfs/volumes containing the virtual machines stored on compromised ESXi server servers. And if no such folders are present, the ransomware exits. Additionally, this encryptor does not have command-line arguments that can target other encryption paths, indicating that it is only designed to target ESXi servers.

Ransomware employs the ChaCha20 algorithm for encrypting files. Additionally, multithreading is used to speed up encryption by using multiple processors.

The ransomware will encrypt encrypted files by adding the .basta extension and creating ransom notes called readme.txt within each folder. Notes include a chat support panel link, which unique ID victims can use to communicate directly with the attackers.

Symbiote — The New Linux Malware That’s Almost Impossible To Detect

BlackBerry ThreatVector Blog: As if Linux’s malware problems couldn’t get any worse, recent reports have revealed that Symbiote is a new type of Linux malware that’s “almost impossible to detect.”

This rootkit-level hack is being called Symbiote by the research team, which includes lead members from Intezer and BlackBerry. It has the parasitic ability to act like a shared object (SO) and loads on all processes via LD_PRELOAD native function. This is why it’s so terrible.

Researchers say the shared object library “parasitically compromises” a target machine. Once its claws are embedded deep in the system, malware gives attackers rootkit functionality.

Researchers discovered the first sample in November 2021. It appears that it was created to attack Latin American financial institutions. Researchers aren’t sure if Symbiote has been used in broad or targeted attacks because it is still new malware. However, Symbiote is full of interesting features. The malware employs Berkeley Packet Filter hooking (BPF), a function that hides malicious traffic from infected machines. BPF is also used in malware created by Equation Group. BPF bytecode can be injected into the kernel to determine which packets are captured. Administrators use BPF to start any packet capture software on infected machines. Symbiote then adds its own bytecode to the kernel to filter out any network traffic it does not want the packet-capturing program to see.

Symbiote can facilitate everything, from data scrapes to backdoors. Hackers can use Symbiote to stealthily harvest credential information from hacked Linux devices by hooking the “libcread” function. This is an important mission for targeting Linux servers in high-value networks. Hackers can gain unimpeded lateral movement and unlimited access by stealing administrator account credentials. Symbiote allows remote SHH access for its operators via the PAM service. It also allows the threat actor or a hacker to gain root privileges.

Many IT and cybersecurity bloggers have reported on this story. Keep an eye out for new developments.

Emotet Banking Trojan Resurfaces, Skates Past Email Security

Dark Reading: After being taken down by a joint international task force in January 2020, the malware botnet Emotet is back in an advanced form. The Emotet malware was a prolific threat during the pandemic. It originated as a trojan for banks in 2014. Its creators were the first to offer malware-as-a-service (MaaS) to criminal organizations.

Although it still uses many of the same attack methods it used in the past, Emotet has seen a rise in its ability to collect and use stolen credentials. According to the report, hackers can use these stolen credentials to distribute malware binaries. In addition, attackers are using hijacked email threads to use those accounts as a launch pad and trick victims into activating macros in attached malicious office documents.

Emotet also uses 64-bit shell code, advanced PowerShell and more advanced active scripts. Nearly a fifth of malicious samples exploits the 2017 Microsoft vulnerability CVE-2018-11882.

The attacks were mainly focused on Japan’s victims, but the focus has shifted to targets in the United States of America and Italy since March.

Chinese Hackers Breach “Major” Telecom Firms

Compiled Reading: The report is compiled from multiple sources offering a slightly different perspective: CNNMIT Technology Review, and PCMagazine.

First, CNN’s headline: Chinese government-backed hackers have breached major telecommunications companies, among other targets, the US CISA warned this week. Cyber defenders often overlook these devices as they struggle to keep up with the routine software patching of Internet services and endpoint devices. CISA, FBI, and NSA did not identify the hackers; the advisory appears to focus on getting organizations aligned on security measures and updating their software and equipment. CNN named devices manufactured by Cisco, Fortinet, or other vendors.

MIT Technology Review included Netgear and Citrix security vendors. All vulnerabilities were publicly known, including a five-year-old critical flaw in Netgear equipment that allows attackers to bypass authentication checks to execute any code they want. This will enable them to take over the entire device and gain unrestricted access to the victim’s network. MIT says the campaign’s success shows how dangerous software flaws can be even after being made public. Zero-day attacks—hacks exploiting previously unknown weaknesses—pack a punch and demand our full attention. Plus, known flaws are still dangerous because it can be hard to update and secure networks and devices with limited resources, personnel and money.

PCMagazine stated that the vulnerabilities allowed actors to access victim accounts via publicly available exploit codes against VPN services and public-facing applications without using any unique or identifying malware.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 06-03-22

Read a curated collection of stories about cybersecurity news and trends from major outlets, trade journals, and infosec bloggers.

We found another crop of articles for SonicWall news, with one from Financial Times that reasons the best defense can be identifying vulnerabilities and “blocking digital assault pathways.” And in another article, Insurance Business America wonders how small businesses can protect themselves from cyber threats. Both use SonicWall’s 2022 Cyber Threat Report and are good reads for anyone tracking solid ideas and solutions. It was another week of dizzying details from Industry News, starting with a story from Politico about why politicians’ phones are getting hacked. Next is from Krebs on Security with additional information from Dark Reading about the pawn game between Costa Rica, Hive, Conti, and US sanctions. Next is a story from CNN detailing a confession from US Cyber Command: yes, they have been hacking Russian assets. And another story is about Chinese hackers exploiting new Microsoft vulnerabilities reported by The Verge and Tech Crunch. Finally, from Bleeping Computer, a story about a ransomware group that’s added a new twist: they’re going public by putting the ransom note on your website.

As always, click through to the links in the headlines to see the full stories from our sources. And remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

SonicWall Honors Its Partners and Distributors Who Achieved Outstanding Lines In 2021

IT Reseller (Deut), SonicWall in the News: Cybersecurity specialist SonicWall has honored its most important partners and distributors of 2021. The SonicWall FY2022 Security Awards are awarded to one partner per region and, according to the manufacturer, are based on various factors such as annual sales, portfolio distribution, online activities, project success rate, certification level, the degree of commitment and feedback from their team.

GCHQ Advisor: It’s A Cyberarms Race as Ransomware Builder Emerges

IT Supply Chain (UK), Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places.

SonicWall Celebrates Multiple Award Wins, Amidst Outstanding Business Performance in Asia-Pacific

CXOToday, Threat Report Mention: SonicWall today announced that the company has been awarded several prestigious awards on top of its growing list of accolades. SonicWall’s consistent track record and recognition by cybersecurity industry experts over the last few years is a testament to the vision, commitment and innovative spirit of its employees, leaders and partners to continuously deliver value to customers by way of optimizing business efficiencies and enhancing security.

Cyber Attackers: If You Can’t Stop Them, Disrupt Them

Financial Times, Threat Report Mention: Companies in all industries have been targeted. Data from SonicWall show a 105 per cent rise in ransomware attacks in 2021.

How To Ensure the Security of Company Data?

RCN Radio (Colombia), Threat Report mention: According to SonicWall’s 2022 Cyber Threat Report, in 2021 there were more than 623 million ransomware attacks worldwide. And Colombia, with more than 11 million threats detected in that year, is in the top 10 of the most attacked countries worldwide.

Meteoric Rise: Triangle Cybersecurity Startup JupiterOne Reaches ‘Unicorn’ Status With $70M Cash Injection

WRAL.com, Threat Report Mention: Governments worldwide saw a 1,885% increase in ransomware attacks in 2021, according to the 2022 Cyber Threat Report recently released by SonicWall, an internet cybersecurity company. Ransomware also rose 104% in North America, just under the 105% average increase worldwide, according to the report.

An Update from SonicWall on ICSA Certification

Security Brief (Asia), SonicWall in the News: Ken joins us today to discuss SonicWall’s recent ICSA certification and also current threat detection research that is currently taking place.

How Can Small Businesses Protect Themselves from Cyber Threats?

Insurance Business America, Threat Report Mention: Separate data gathered by cybersecurity firm SonicWall has shown that there were almost 421.5 million ransomware attempts against US businesses in 2021 – a figure that dwarfed that of second-placer Germany, which registered about 34.3 million hits.

Industry News

Why We Expect More Hacking on Politicians’ Phones – HINT: It’s Politics

Politico: Government officials all over the globe are facing a hard truth: They will have to accept spyware infecting their devices because they don’t want to ban the technology.

Numerous government officials have had their phones hacked over the past few years. These include Spanish Prime Minister Pedro Sanchez and French President Emmanuel Macron. Staffers for Boris Johnson, British Prime Minister, and the EU’s justice commissary. There are also at least nine US diplomats.

Here’s the truth: many governments use the same spyware used against them—the tool of choice: Pegasus software by the Israeli company NSO Group. Pegasus has proven effective in pursuing terrorists planning attacks or pedophiles. Investigators have used tools like Pegasus to catch highly sought criminals such as Joaquin “El Chapo,” a well-known drug lord.

Pegasus can infect the target’s device and allow government agencies or organizations to access personal information, including (but not limited to) turning on microphones and cameras. As a result, anti-spyware activists have asked governments to ban spyware companies or at the very least regulate them. The United Nations Human Rights Office also called for governments to regulate the sale and use of spyware technology last year.

There are no international agreements restricting spyware. Even governments that ban Pegasus face the problem of other, less visible and more regulated spyware companies. As a result, officials are forced to use low-tech methods of protection with varying degrees of effectiveness.

And on it goes.

Costa Rica Pawned by Conti Ransomware Group’s bid to Rebrand and Evade Sanctions

Krebs on Security: The Russian ransomware group Hive hacked Costa Rica’s national healthcare system earlier this week. This intrusion occurred just weeks after Rodrigo Chaves, the Costa Rican president, declared a state emergency to address a ransomware attack by Conti. Cybersecurity experts say that there are good reasons to believe that the same cybercriminals are behind both attacks. Apparently, Hive helped Conti rebrand and avoid international sanctions designed to target ransomware payments to Russian hacker gangs.

Local media reported the Costa Rican Social Security Fund (CCSS) as being taken offline on May 31. However, the extent of the breach is still unknown. The CCSS oversees Costa Rica’s public healthcare sector. Worker and employer contributions are required by law.

The Dark Reading newsletter reports ransomware hackers sanctioned in the United States have learned how to rebrand their software and avoid the sanctions. This is a strategy to make victims pay more. Example: The Evil Corp gang was already subject to sanctions when the Department announced that it was responsible in part for a ransomware strain called WastedLocker. Evil Corp quickly stopped using WastedLocker software and created variants with different names and graphics. These ransomware variants were the most popular in the last two years. However, it was not always clear if Evil Corp was behind them.

Microsoft Disallows Iran-Linked Hacker Groups Targeting Israeli Companies

The Jerusalem Post: Microsoft’s Threat Intelligence Centre (MSTIC) detected that an Iran-linked hacking group was using their OneDrive cloud storage platform to command and control (C2) purposes. The hacking group was identified as “Polonium” and found to be targeting more than 20 Israeli companies and one intergovernmental organization with operations in Lebanon.

MSTIC assessed the group’s location and observed them creating and using legitimate OneDrive accounts, then utilizing those accounts to execute part of their attack operation.

Microsoft noted that the activity does not represent a vulnerability or cybersecurity issue on the OneDrive platform. However, Microsoft added that it has deployed security intelligence updates that will “quarantine” tools developed by Polonium operators. The story goes on to report that as part of their enforcement process, MSTIC suspended more than 20 malicious OneDrive applications.

US Confirms That Military Hackers Conducted Cyber Operations to Support Ukraine

CNN: The US Cyber Command made a rare public acknowledgment about hacking operations often shrouded in mystery. The hacking unit of the US military conducted cyber operations to support Ukraine in its defense against Russia’s invasion. Cyber Command admitted that they had conducted operations across all facets of the spectrum, including offensive, defensive and information operations.

This disclosure highlights how crucial projecting cyber power – to support Ukraine’s defenses and possibly deter Russia from conducting cyberattacks on US infrastructure – is to the Biden administration. This admission suggests that the Biden administration is comfortable in cyberspace and can counter Russia without fear of escalation. So long as the US and its allies don’t attack Russia, President Joe Biden has promised not to engage with Russia militarily in the Ukraine war.

This is the fullest example of foreign relations brinksmanship.

Chinese Company Accused NSA Hacking Has Global Ambitions

Washington Post: The US government and American cybersecurity firms have long claimed that China is responsible for brazen hacks that absconded troves worth of sensitive documents. Chinese officials denied the allegations and accused the US repeatedly of cyber-espionage without providing any evidence. In February, a well-connected Chinese cybersecurity company made public what it claimed to be a US National Security Agency campaign targeting computers in 45 countries and areas, including China. At the time, US officials did not respond to inquiries for comment.

This disclosure suggests that China takes a firmer stance against foreign hacking attempts. It also revealed the increasing influence of Qi An Xin Technology Group Inc., a Chinese technology company established in 2014 with ambitions to become a global cybersecurity leader.

The company’s headquarters are located a 10-minute drive from the Forbidden city. They have been part of a three-year plan to grow China’s cybersecurity sector to more than 250 billion Yuan ($39.3B) by 2023. This plan involves increasing investment in the industry and simplifying regulation.

China-Linked Hackers Exploit a New Vulnerability Within Microsoft Office

The Verge: According to threat analysis research by security firm Proofpoint, hackers are already exploiting a newly discovered Microsoft Office vulnerability.

TechCrunch also shared details about how a hacker group called TA413 used the “Follina” vulnerability to create malicious Word documents that purportedly were sent from the Central Tibetan Administration. This is the Tibetan government exiled in Dharamsala in India. The TA413 APT (a designation for “advanced persistent danger”) actor is believed to be connected to the Chinese government. It has previously been used to target the Tibetan exile community.

On May 27, Nao Sec, a security research group, first highlighted Microsoft Word’s vulnerability. They took to Twitter to share a sample they had submitted to the online malware scanner VirusTotal. Nao Sec reported that hackers delivered the malicious code via Microsoft Word documents. The files then executed PowerShell commands, a powerful tool for Windows system administration.

Chinese hackers have used security holes in the software to target Tibetans over the years. Citizen Lab published a report in 2019 that documented widespread targeting of Tibetan politicians with spyware. This included Android browser exploits as well as malicious links sent via WhatsApp. Proofpoint analysis has shown that browser extensions also spy on Tibetan activists.

Ransomware Gang Now Hacks Corporate Websites to Show Ransom Notes

Bleeping Computer: Ransomware gangs are taking extortion to new heights by hacking corporate websites and publicly displaying ransom notes.

Reporters identify Industrial Spy as the new extortion gang behind this new strategy. The group follows the usual expected process of deploying ransomware in their attacks to breach networks, steal data, and deploy malware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid. In one case, the group is now selling data they claim was stolen by a French company called SATT Sud-Est for $500,000-USD.

The new bent to the crime is that the group found a way to hack into the company’s website, vandalized the home page with a message warning that 200GB of data had been stolen. Of course, if the victim doesn’t pay the ransom, the attackers are ready to sell the data. And then there’s the public disclosure for added measure.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 05-27-22

Your weekly digest of cybersecurity news stories and trends curated from leading news outlets, trade journals, and infosec bloggers.

It was a big week for SonicWall news with another strong showing of quotes and citations in trade journals and blogs. This week’s crop of industry news was also thick with new information, all highly informative and worthy of our attention. First up is a report from Vice’s Motherboard News about hackers who posed as “internal support” at Verizon and managed to steal a sizable database of employee information. The follow-up report is one from Tech Radar about employees ignoring cybersecurity advice; we added notations regarding the vulnerability of the healthcare sector which, according to the HHS, is acute. Hacker News posted a new story about hackers using browser automation frameworks to advance malicious activities. Next, Reuters posted one about a UK hack that appears to reveal interesting tidbits about the Brexit campaign. We highlighted an article from Protocol titled “AI + Ransomware = Terrifying” because it is terrifying. Then finally, from Bleeping Computer, it’s a weird twist of irony when hackers are successfully phishing Russian government agencies with RATs.

Remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

Ransomware Attack Exposes Data of 500,000 Chicago Students and Staff

Tech.co, Threat Report Mention: But these online threats aren’t just confined to the education sector. Ransomware attacks across the US have grown 67.5% year on year, according to a recent report by SonicWall. What’s more, the majority of these attacks are leveraged against small-to-medium-sized businesses because they’re assumed to have weaker end-point security.

Navigating The Cyber Arms Race, Expert Weighs In

Information Security Buzz, Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places. And now, with the proliferation of cryptocurrency, this has enabled a whole new dark side.

War Between Russia and Ukraine Reaches the Metaverse!

Diario del Huila (Colombia), Threat Report Mention: According to SonicWall’s 2022 cyber threat report, in 2021 there were 623.3 million ransomware attacks worldwide, increasing by 105% compared to previous years. Colombia is in the top 10 of the countries, with 11 million threats detected.

Our Channel Will Help the SME face the worst: Sergio Martínez, from SonicWall

Channel Partner (Spain), SonicWall quote: Sergio Martinez confirms that his 60 channel partners, four wholesalers and 900 registered distributors are his allies to serve SMEs and the enterprise sector, which face worse and worse dangers such as encrypted threats.

SonicWall Honors Its Partners and Distributors Who Achieved Outstanding Lines In 2021

IT Reseller (Deut), SonicWall in the News: Cybersecurity specialist SonicWall has honored its most important partners and distributors of 2021. The SonicWall FY2022 Security Awards are awarded to one partner per region and, according to the manufacturer, are based on various factors such as annual sales, portfolio distribution, online activities, project success rate, certification level, the degree of commitment and feedback from their team.

GCHQ Advisor: It’s A Cyberarms Race as Ransomware Builder Emerges

IT Supply Chain (UK), Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places.

Industry News

Hackers Pose as Internal Support, Steals Database of Hundreds of Employees

Vice: Raise your hand if you have heard this story before. Hackers posing as Internal Support went through a list of Verizon employees until they found one that gave them access to their computer and ultimately, the company’s internal network.

Hackers reportedly stole a database that contained the complete name, email addresses, corporate ID numbers, phone numbers, and contact information of hundreds of employees.

Motherboard (Vice’s own cybersecurity team) confirmed that a significant portion of the data that was harvested was legitimate. They called the phone numbers listed in the database. One former employee was understandably upset about the breach and had some unkind words about Verizon’s cybersecurity culture. It certainly relates to an industry-wide concern about employee behavior and attitudes toward cyber hygiene.

The hacker(s) also reportedly sent an email to the company and threatened to leak Verizon’s entire employee database unless the company agreed to pay $250,000 in ransom. Verizon spokeswoman confirmed the communication.

Your Staff is Ignoring Cybersecurity Advice

Tech Radar: Since we’re talking about cybersecurity culture, here’s a report that reminds us how vulnerable businesses are to cyberattack. More than 90% of successful attacks were facilitated through “human interaction” (e.g., employees). Employees are the primary entry point to breach secure networks. Threat actors rarely use brute force to break in. They don’t have to. They can merely evade network security with a bit of social engineering that gets an errant click, or a password tossed their way.

Tech Radar says that cybercriminals view your employees as reliable portals to sensitive corporate information and other data. Many organizations have taken steps to combat this trend by implementing security awareness training. However, implementation is not perfect nor is it consistent. Tech Radar cites a survey that showed only 28% of organizations currently offer comprehensive training programs twice per year.

Organizations around the globe are facing a disengaged, often indifferent workforce, even when training is more frequent. Users continue to engage in risky behavior and ignore security best practices. 42% of users admit to downloading malware, and 56% let their friends and family use the devices their employers give them.

A separate risk report conducted by the US Department of Health and Human Services (HHS) backs Tech Radar’s findings, pointing out that successful attacks usually come from negligent insider threats than from brute force attacks.

Among the alarming findings from the HHS report, researchers analyzed 3 billion files across 58 healthcare companies and found that all employees could access 20% of the files. That means tens of thousands of sensitive files related to patient healthcare are available for all to see. Add to that, 77% of healthcare organizations have 500 accounts or more with passwords that never expire.

As noted in SonicWall’s 2022 Cyber Threat Report, the healthcare sector experienced a 121% increase in malware in 2021. Expect to see that number rise in the coming year.

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Hacker News: Cybersecurity researchers have discovered that a free browser automation framework is being used increasingly by threat actors. Hackers can use many features of the framework to enable a wide range of malicious activities. The framework’s technical requirements are low.

Underground actors have been able to advertise their willingness to help create bespoke tooling. Researchers found that C2-IP addresses of command-and-control (C2) are linked to malware like Bumblebee and BlackGuard. These IP addresses establish connections to the download domain of Bablosoft (maker of Browser Automation Studio). Bablosoft can automate tasks in Google Chrome using legitimate tools such as Selenium and Puppeteer.

Russian Hackers Linked to New Brexit Leak Website

Reuters: According to a Google cybersecurity official and former head of UK foreign Intelligence, a new website published leaked emails of several prominent proponents of the Brexit plan that led to Britain leaving the European Union.

The website, titled “Very English Coop d’Etat,” claims it has published emails from Richard Dearlove (ex-British spymaster), Gisela Stuart (leading Brexit campaigner), and Robert Tombs (pro-Brexit historian) and other supporters of Britain’s exit from the EU.

According to the site, not only is this group the hardline pro-Brexit booster, the members also collaborate in secretly make political decisions in the United Kingdom.

Reuters couldn’t immediately confirm the authenticity of the emails. However, two victims of Wednesday’s leak confirmed that hackers had targeted them and blamed Russia for their actions.

According to the “English Coop” website, several allegations are made, including that Dearlove was involved in a plot by Brexit hardliners to replace Theresa May (who had negotiated a withdrawal deal with the European Union at the beginning of 2019) with Johnson, who takes a more uncompromising stance.

Dearlove stated that the emails were a “legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion.”

Officials did not respond to emails seeking comment from the Russian embassies in Washington and London. Moreover, the Foreign Office of Britain, which deals with media inquiries for MI6, declined to comment. Others who are believed to have been disseminated via the website’s email list also did not reply to emails requesting comment.

AI + Ransomware = “Terrifying”

Protocol: The article quotes the 2022 SonicWall Cyber Threat Report, but that’s not the only reason it caught our attention. While the number of ransomware attacks have doubled year-over-year in 2021, ransomware has been getting more successful. And that’s what makes this article a worthy if not terrifying read.

Cybercriminals and defenders are engaged in a constant struggle for advantage. However, defenders have had an advantage that has helped them stay one step ahead of most attacks: AI and machine learning that allows administrators to automate much of their work, particularly when it comes to detection and responding to attacks. Although this advantage has not been enough to stop ransomware from spreading, it is still a significant advantage over what cybercriminals are capable of doing.

The greatest barrier for cybergangs is that AI requires high-level expertise that they do not have. But now, after two years of record-breaking breaches, the one thing they do have is a lot of money. Ransomware gang Conti pulled in $182 million in ransom payments during 2021, according to blockchain data platform Chainalysis. Leaks of Conti’s chats suggest that the group may have invested some of its revenue in pricey “zero day” vulnerabilities and hiring penetration testers.

Protocol speculates that given the windfall some ransomware gangs have amassed, it’s only a matter of time that they will deploy AI ransomware.

Hackers Target the Russian Govt With Fake Windows Updates by Pushing RATs

Bleeping Computer: In the weirdest twist of irony, hackers successfully targeted Russian government agencies with phishing emails that pretended to be Windows security updates to install remote access trojans, or RATs.

Russian Government agencies were targeted by hackers using phishing emails claiming to be Windows security updates. These attacks are being carried out by a previously unknown APT (advanced persistent threat) group. They are believed to be operating in China and are connected to a series of spear-phishing campaigns.

The operations took place between February 2022 and April 2022. The goal was to infect Russian Federation government entities with malware. The custom-made RATs were most likely used in espionage operations.

The first of four campaigns started in February 2022, just a few days following Russia’s invasion of Ukraine. The RAT was distributed at that time under the name interactive map UA.exe.

The group apparently planned more elaborate and well-thought-out campaigns and schemed to lure targets and convince them of the legitimacy and authenticity of the phishing email attacks. The tar.gz archive, which was supposed to contain a fix to the Log4Shell vulnerability, was sent to the Russian Ministry of Digital Development, Telecommunications and Mass Communications. Another wave of phishing attacks saw malicious actors pretend to be Rostec, a Russian defense conglomerate.

In the final wave of attacks, Chinese hackers focused their attention on a macro-infected Word file that contained a fake job offer from Saudi Aramco, a major oil and natural gas company. The document targeted candidates interested in filling the “Strategy and Growth Analyst” position. It used a remote template injection technique to retrieve the malicious template and then drop the VBS script onto them.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Cybersecurity News & Trends – 05-20-22

Cybersecurity News & Trends

This week, SonicWall emerged with excellent “in the news” quotes and citations. Note the articles about “AI-Powered Ransomware.” Industry news produced findings about Bluetooth vulnerabilities that could shake the consumer markets from automotive to home security. The Justice Department says that it will no longer prosecute “good faith researchers” who hack software and devices to find vulnerabilities. The US government is also reportedly remanding government agencies slow to fix bugs that hackers are currently exploiting. The Costa Rican government reports that Russian hacking cartels are attacking their agencies and infrastructure. Finally, leave it to the Bank of Zambia to come up with a creative way to troll hackers. Stay safe and remember that cybersecurity is everyone’s business.

SonicWall News

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Ransomware is already out of control. AI-powered ransomware could be ‘terrifying.’

Protocol, SonicWall in the News: Currently, ransomware attacks are often very tailored to the individual target, making the attacks more difficult to scale, Driver said. Even still, the number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well. The percentage of affected organizations that agreed to pay a ransom shot up to 58% in 2021, from 34% the year before, Proofpoint has reported.

Finalists: Security Executive of the Year

SC Magazine, SonicWall in the News: Bill Conner has been named a finalist In the Best Security Executive of the Year by SC Magazine. Executives recognized in this category are the veterans and perennial influencers in the cybersecurity development community, with a history of leadership in companies that have their pulse on the needs of users and have a proven track record in delivery of products and services that meet the requirements of businesses large and small.

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

AI + ransomware = “terrifying”

Protocol, SonicWall in the News: The number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well.

Industry News

Vulnerabilities Found in Bluetooth Low Energy Devices

TechRepublic: A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cybercriminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate the user near the device. Researchers were able to fake the authentication, which could affect everyone, from the average consumer to organizations seeking to lock the doors to their premises.

This issue is believed to be something that the industry can’t easily patch since it is more than a simple error in Bluetooth specification. Moreover, the flaw could be an exploit that could affect millions of people. According to NCC Group experts cited in the article, BLE-based proximity authentication was not originally designed to be used by critical systems such as locking mechanisms in smart locks.

To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”

According to the cybersecurity company, these Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that hackers can easily break with cheap off-the-shelf hardware. As a proof of concept, it was found by Khan that a link-layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. According to the report, the following device categories are vulnerable:

  • Cars with automotive keyless entry
  • Laptops with Bluetooth proximity unlock feature
  • Mobile phones
  • Residential smart locks
  • Building access control systems
  • Asset and medical patient tracking

One of the specified vehicles affected by this exploit is the Tesla Models 3 and Y.

Justice Dept. Says ‘Good Faith Researchers’ No Longer Face Hacking Charges

Washington Post: On Thursday, the U.S. Justice Department stated that it would not use its country’s anti-hacking law to prosecute cybersecurity researchers trying to find security flaws. This is a move that both protects and validates a practice still vilified by many officials and companies.

Top Justice officials issued a five-page policy statement to federal prosecutors. They said that local U.S. Attorneys should not be charged when “good faith” researchers exceed “authorized” access. This vague phrase is from the 1986 Computer Fraud and Abuse Act, interpreted as covering routine practices such as automated downloading of Web content.

TechCrunch also reported that the DoJ stated that “good-faith research” includes anyone who conducts their activity “in a manner designed to avoid harm to individuals and the public.” It also concludes that such information “primarily promotes the security or safety the class of devices or machines to which the computer belongs, as well as those who use such machines, devices, or services.”

Computer Fraud and Abuse Act (or CFAA) was enacted into law in 1986 and predate the modern internet and current cyber threats. Federal law defines computer hacking, specifically “unauthorized” access to a computer system. However, the CFAA has been criticized over its vague and outdated language, which fails to distinguish between malicious actors who (for example) extort companies and good-faith researchers who work to uncover vulnerabilities before people are exploited by them.

US Officials Order Government Agencies to Fix Serious Software Bugs

CNN: US cybersecurity officials on Wednesday ordered all federal civilian agencies to fix flaws in widely used software that officials said foreign government-linked hackers are likely moving to exploit.

“These vulnerabilities pose an unacceptable risk to federal network security,” US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said.

The “emergency directive” from CISA gives agencies five days to either update the vulnerable software or remove it from their networks. However, the directive does not apply to the Pentagon computer networks, not under CISA’s jurisdiction. The vulnerabilities are in a type of software made by VMware, a California-based technology giant whose products are widely used by the US government.

VMware, on April 6, issued a fix for the software flaws, which could allow hackers to access computer files and burrow further into a network remotely. Within two days of the fix’s release, hackers had figured out a way to break into computers using the vulnerabilities, according to CISA. Then, on Wednesday, VMWare released software updates for newly discovered vulnerabilities that CISA has ordered agencies to address.

The agency did not identify the hackers or what systems they had targeted.

Russian Hacking Cartel Attack Costa Rican Government Agencies

New York Times: A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

The ransomware gang Conti, based in Russia, claimed credit for the attack, which began on April 12, and threatened to leak the stolen information unless it was paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to Central and South American countries, perhaps to retaliate against nations that have supported Ukraine.

Some experts also believe Conti feared a crackdown by the United States and sought fresh targets, regardless of politics. According to estimates from the Federal Bureau of Investigation, the group is responsible for more than 1,000 ransomware attacks worldwide that have led to earnings of more than $150 million.

The BBC also reports that the Costa Rican Treasury told civil servants that the hack had affected automatic payment services. It warned that they would not be paid on time and would need to apply for their salaries by email or on paper by hand.

The ministry said: “Due to the temporary downturn of the institutional systems, the service of issuing certificates regarding the amounts of salaries owed to the civil servants of the Central Administration is suspended.

“All applications received via email or in the windows of the National Accountancy will be attended to once systems are restored.”

According to the government, the attacks also affected its foreign trade by hitting its tax and customs systems.

‘Security researchers’ make $800k in prize money for Hacking Windows 11

PCGamer: Contestants in a hacking contest have netted over $800K in prize money after finding exploits in Windows 11, Microsoft Teams, and other enterprise software on the first day. During this 15th annual Pwn2Own Vancouver hacking competition, the teams discovered 16 zero-day bugs on multiple products like Firefox, Oracle Virtualbox, Windows 11, and other popular enterprise software.

Pwn2Own Vancouver 2022 is a three-day-long hacking competition sponsored by Microsoft, Zoom, and other big tech companies. Teams of hackers or ‘security researchers’ attempt to find zero-day vulnerabilities in their software for prize money.

Think of it like bug bounties except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker could discover. The software makers aren’t already aware; there’s no patch, and the attack will likely succeed. Known bugs or exploits are not valid for rewards.

National Bank of Zambia Hit by Ransomware Then Trolls Hackers

Bleeping Computer: Leave it to the executives at the Bank of Zambia to leave us grinning. After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear to the hackers that they were not going to pay – by posting a picture of male genitalia and telling the hackers to s… (and here, you’ll have to fill in the colorful language they used).

Last week, the Bank of Zambia, the country’s central bank, disclosed that recent technical outages resulted from a cyberattack. While the Bank of Zambia did not disclose the details of the cyberattack, BleepingComputer learned that the attack was conducted by the Hive ransomware operation, which claimed to have encrypted the bank’s Network Attached Storage (NAS) device.

Today, Bloomberg reported that the Bank’s Technical Director, Greg Nsofu, said they had protected the bank’s core systems, so it was unnecessary to engage with the threat actors.

In Case You Missed It

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh